deps: bump the production-dependencies group with 8 updates by dependabot[bot] · Pull Request #660 · pitabwire/frame

dependabot · 2026-05-25T19:38:37Z

Bumps the production-dependencies group with 8 updates:

Package	From	To
connectrpc.com/connect	`1.19.2`	`1.20.0`
github.com/exaring/otelpgx	`0.10.0`	`0.11.1`
github.com/panjf2000/ants/v2	`2.12.0`	`2.12.1`
golang.org/x/net	`0.54.0`	`0.55.0`
golang.org/x/crypto	`0.51.0`	`0.52.0`
golang.org/x/sys	`0.44.0`	`0.45.0`
google.golang.org/api	`0.279.0`	`0.280.0`
google.golang.org/genproto/googleapis/rpc	`0.0.0-20260427160629-7cedc36a6bc4`	`0.0.0-20260511170946-3700d4141b60`

Updates connectrpc.com/connect from 1.19.2 to 1.20.0

Release notes

Sourced from connectrpc.com/connect's releases.

v1.20.0

What's Changed

Other changes

Bump minimum supported Go version to 1.25 by @jonbodner-buf in #922

Update Unary-Get query parameter order to match spec recommendation by @oliversun9 in #926

New Contributors

@jonbodner-buf made their first contribution in #922

Full Changelog: connectrpc/connect-go@v1.19.2...v1.20.0

Commits

1291a7d Prepare for v1.20.0 (#927)
6df682f Update Unary-Get query parameter order to match spec recommendation (#926)
c4aac92 Chore update buf v1.69.0 and license year (#925)
a5a6c30 Bump Go from v1.24 to v1.25 (#922)
138e270 Back to development (#921)
See full diff in compare view

Updates github.com/exaring/otelpgx from 0.10.0 to 0.11.1

Release notes

Sourced from github.com/exaring/otelpgx's releases.

v0.11.1

What's Changed

fix: Tracer.logConnectionDetails defaults to true by @trygve-baerland in exaring/otelpgx#80

New Contributors

@trygve-baerland made their first contribution in exaring/otelpgx#80

Full Changelog: exaring/otelpgx@v0.11.0...v0.11.1

v0.11.0

What's Changed

chore(deps): upgrade Go version to 1.25 + use latest stable otel semconv by @ValentinLvr in exaring/otelpgx#74

feat: add option to disable the AcquireTracer by @joshua-tianci in exaring/otelpgx#73

fix(stats): allow WithStatsAttributes to override library defaults by @obitech in exaring/otelpgx#78

chore: spring cleaning — Go matrix, pgx, testify, golangci-lint by @obitech in exaring/otelpgx#79

New Contributors

@ValentinLvr made their first contribution in exaring/otelpgx#74

@joshua-tianci made their first contribution in exaring/otelpgx#73

Full Changelog: exaring/otelpgx@v0.10.0...v0.11.0

Commits

626246c Fix lints
168b105 Refactor tests to use testify
795d56d fix logConnectionDetails
76cf7a5 Add tests for asserting trace attributes
25501de fix(ci): test from go1.25+
ca37215 fix: Update .github/workflows/test.yaml
b0d28b5 refactor(test): use typed context key in span name test
45dc290 chore(lint): switch from golint to golangci-lint
ad455b0 refactor: switch to testify
e630def chore: update pgx
Additional commits viewable in compare view

Updates github.com/panjf2000/ants/v2 from 2.12.0 to 2.12.1

Commits

943d026 patch: v2.12.1 (#398)
deeaf50 fix: move once.Do(close(allDone)) from Reboot() to Release() (#397)
0191bb5 chore: replace 1<<31-1 with math.MaxInt32 (#392)
4782ebe fix: release created pools on NewMultiPool failure (#394)
2ba2dd1 chore: improve variable naming in binarySearch (#393)
ed0bfc9 fix: make Reboot() wait for pool to fully release before resetting state (#395)
8a80b33 docs: correct WithNonblocking comment about its returned error (#390)
80b031d chore: use my referral link of DO
See full diff in compare view

Updates golang.org/x/net from 0.54.0 to 0.55.0

Commits

7770ec4 go.mod: update golang.org/x dependencies
4ece7b6 html: escape greater-than symbol in doctype identifiers
08be507 html: improve Noah's Ark clause performance
a8fb2fe html: properly render fostered elements in foreign content
0dc5b7a html: properly check namespace in "in body" any other end tag
a452f3c html: ignore duplicate attributes during tokenization
f865199 quic: fix appendMaxDataFrame erroneously accumulating sentLimit
210ed3c quic: establish a "happened-before" relationship between stream write and read
ad8140e quic: fix buffer slicing when handling overlapping stream data
23ee2ef http2: avoid API changes when built with go1.27
See full diff in compare view

Updates golang.org/x/crypto from 0.51.0 to 0.52.0

Commits

a1c0d99 go.mod: update golang.org/x dependencies
3c7c869 ssh: fix deadlock on unexpected channel responses
533fb3f ssh: fix source-address critical option bypass
abbc44d ssh: fix incorrect operator order
e052873 ssh: fix infinite loop on large channel writes due to integer overflow
b61cf85 ssh: enforce user presence verification for security keys
9c2cd33 ssh: enforce strict limits on DSA key parameters
8907318 ssh: reject RSA keys with excessively large moduli
ffd87b4 ssh: fix panic when authority callbacks are nil
4e7a738 ssh: fix deadlock on unexpected global responses
Additional commits viewable in compare view

Updates golang.org/x/sys from 0.44.0 to 0.45.0

Commits

397d5f8 unix: update to Linux kernel 7.0
0a387f7 cpu: detect zbc extension on riscv64
758f71c cpu: add LLACQ_SCREL, SCQ, DBAR_HINTS detection for loong64
99666ae unix: merge Linux readv/writev implementation with Darwin/OpenBSD
e4444cb windows: add NtSetEaFile, NtQueryEaFile and NtQueryInformationFile
04396e8 unix: add Readv, Writev, Preadv, Pwritev for OpenBSD
See full diff in compare view

Updates google.golang.org/api from 0.279.0 to 0.280.0

Release notes

Sourced from google.golang.org/api's releases.

v0.280.0

0.280.0 (2026-05-19)

Features

all: Auto-regenerate discovery clients (#3591) (55ba2fa)

all: Auto-regenerate discovery clients (#3593) (054d4b6)

all: Auto-regenerate discovery clients (#3594) (0382916)

all: Auto-regenerate discovery clients (#3595) (13e1ad2)

all: Auto-regenerate discovery clients (#3596) (4c77865)

all: Auto-regenerate discovery clients (#3598) (ae2f330)

all: Auto-regenerate discovery clients (#3599) (f82d204)

Changelog

Sourced from google.golang.org/api's changelog.

0.280.0 (2026-05-19)

Features

all: Auto-regenerate discovery clients (#3591) (55ba2fa)

all: Auto-regenerate discovery clients (#3593) (054d4b6)

all: Auto-regenerate discovery clients (#3594) (0382916)

all: Auto-regenerate discovery clients (#3595) (13e1ad2)

all: Auto-regenerate discovery clients (#3596) (4c77865)

all: Auto-regenerate discovery clients (#3598) (ae2f330)

all: Auto-regenerate discovery clients (#3599) (f82d204)

Commits

3887b09 chore(main): release 0.280.0 (#3592)
f82d204 feat(all): auto-regenerate discovery clients (#3599)
13e7314 chore(all): update all (#3597)
ae2f330 feat(all): auto-regenerate discovery clients (#3598)
4c77865 feat(all): auto-regenerate discovery clients (#3596)
13e1ad2 feat(all): auto-regenerate discovery clients (#3595)
0382916 feat(all): auto-regenerate discovery clients (#3594)
054d4b6 feat(all): auto-regenerate discovery clients (#3593)
55ba2fa feat(all): auto-regenerate discovery clients (#3591)
See full diff in compare view

Updates google.golang.org/genproto/googleapis/rpc from 0.0.0-20260427160629-7cedc36a6bc4 to 0.0.0-20260511170946-3700d4141b60

Commits

See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the production-dependencies group with 8 updates: | Package | From | To | | --- | --- | --- | | [connectrpc.com/connect](https://github.com/connectrpc/connect-go) | `1.19.2` | `1.20.0` | | [github.com/exaring/otelpgx](https://github.com/exaring/otelpgx) | `0.10.0` | `0.11.1` | | [github.com/panjf2000/ants/v2](https://github.com/panjf2000/ants) | `2.12.0` | `2.12.1` | | [golang.org/x/net](https://github.com/golang/net) | `0.54.0` | `0.55.0` | | [golang.org/x/crypto](https://github.com/golang/crypto) | `0.51.0` | `0.52.0` | | [golang.org/x/sys](https://github.com/golang/sys) | `0.44.0` | `0.45.0` | | [google.golang.org/api](https://github.com/googleapis/google-api-go-client) | `0.279.0` | `0.280.0` | | [google.golang.org/genproto/googleapis/rpc](https://github.com/googleapis/go-genproto) | `0.0.0-20260427160629-7cedc36a6bc4` | `0.0.0-20260511170946-3700d4141b60` | Updates `connectrpc.com/connect` from 1.19.2 to 1.20.0 - [Release notes](https://github.com/connectrpc/connect-go/releases) - [Changelog](https://github.com/connectrpc/connect-go/blob/main/RELEASE.md) - [Commits](connectrpc/connect-go@v1.19.2...v1.20.0) Updates `github.com/exaring/otelpgx` from 0.10.0 to 0.11.1 - [Release notes](https://github.com/exaring/otelpgx/releases) - [Commits](exaring/otelpgx@v0.10.0...v0.11.1) Updates `github.com/panjf2000/ants/v2` from 2.12.0 to 2.12.1 - [Release notes](https://github.com/panjf2000/ants/releases) - [Commits](panjf2000/ants@v2.12.0...v2.12.1) Updates `golang.org/x/net` from 0.54.0 to 0.55.0 - [Commits](golang/net@v0.54.0...v0.55.0) Updates `golang.org/x/crypto` from 0.51.0 to 0.52.0 - [Commits](golang/crypto@v0.51.0...v0.52.0) Updates `golang.org/x/sys` from 0.44.0 to 0.45.0 - [Commits](golang/sys@v0.44.0...v0.45.0) Updates `google.golang.org/api` from 0.279.0 to 0.280.0 - [Release notes](https://github.com/googleapis/google-api-go-client/releases) - [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md) - [Commits](googleapis/google-api-go-client@v0.279.0...v0.280.0) Updates `google.golang.org/genproto/googleapis/rpc` from 0.0.0-20260427160629-7cedc36a6bc4 to 0.0.0-20260511170946-3700d4141b60 - [Commits](https://github.com/googleapis/go-genproto/commits) --- updated-dependencies: - dependency-name: connectrpc.com/connect dependency-version: 1.20.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: github.com/exaring/otelpgx dependency-version: 0.11.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: github.com/panjf2000/ants/v2 dependency-version: 2.12.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: production-dependencies - dependency-name: golang.org/x/net dependency-version: 0.55.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: golang.org/x/crypto dependency-version: 0.52.0 dependency-type: indirect update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: golang.org/x/sys dependency-version: 0.45.0 dependency-type: indirect update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: google.golang.org/api dependency-version: 0.280.0 dependency-type: indirect update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: google.golang.org/genproto/googleapis/rpc dependency-version: 0.0.0-20260511170946-3700d4141b60 dependency-type: indirect update-type: version-update:semver-patch dependency-group: production-dependencies ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot Bot added auto-merge dependencies labels May 25, 2026

github-actions Bot enabled auto-merge (squash) May 25, 2026 19:38

github-actions Bot merged commit 5f2269d into main May 25, 2026
5 checks passed

github-actions Bot deleted the dependabot/go_modules/production-dependencies-af91368750 branch May 25, 2026 19:43

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

deps: bump the production-dependencies group with 8 updates#660

deps: bump the production-dependencies group with 8 updates#660
github-actions[bot] merged 1 commit into
mainfrom
dependabot/go_modules/production-dependencies-af91368750

dependabot Bot commented on behalf of github May 25, 2026

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot Bot commented on behalf of github May 25, 2026

v1.20.0

What's Changed

Other changes

New Contributors

v0.11.1

What's Changed

New Contributors

v0.11.0

What's Changed

New Contributors

v0.280.0

0.280.0 (2026-05-19)

Features

0.280.0 (2026-05-19)

Features

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants