Skip to content

build(deps): bump the go-dev-dependencies group with 5 updates#275

Closed
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/go_modules/go-dev-dependencies-8aaf22b52b
Closed

build(deps): bump the go-dev-dependencies group with 5 updates#275
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/go_modules/go-dev-dependencies-8aaf22b52b

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Dec 22, 2025
edited
Loading

Bumps the go-dev-dependencies group with 5 updates:

Package From To
github.com/go-playground/validator/v10 10.29.0 10.30.0
github.com/opensearch-project/opensearch-go/v4 4.5.0 4.6.0
github.com/goccy/go-yaml 1.19.0 1.19.1
github.com/moby/go-archive 0.1.0 0.2.0
github.com/quic-go/quic-go 0.57.1 0.58.0

Updates github.com/go-playground/validator/v10 from 10.29.0 to 10.30.0

Release notes

Sourced from github.com/go-playground/validator/v10's releases.

Release 10.30.0

What's Changed

New Contributors

Full Changelog: go-playground/validator@v10.29.0...v10.30.0

Commits
  • e9b900c fix: resolve panic when using cross-field validators with ValidateMap (#1508)
  • 7aba81c fix: resolve panic when using aliases with OR operator (#1507)
  • 4d600be fix: add missing translations for alpha validators (#1510)
  • b0e4ba2 docs: document omitzero (#1509)
  • 79fba72 Bump github.com/gabriel-vasile/mimetype from 1.4.11 to 1.4.12 (#1505)
  • c3c9084 Bump golang.org/x/crypto from 0.45.0 to 0.46.0 (#1504)
  • See full diff in compare view

Updates github.com/opensearch-project/opensearch-go/v4 from 4.5.0 to 4.6.0

Release notes

Sourced from github.com/opensearch-project/opensearch-go/v4's releases.

v4.6.0

What's Changed

New Contributors

Full Changelog: opensearch-project/opensearch-go@v4.5.0...v4.6.0

Changelog

Sourced from github.com/opensearch-project/opensearch-go/v4's changelog.

[4.6.0]

Dependencies

  • Bump github.com/aws/aws-sdk-go-v2/config from 1.29.14 to 1.32.5 (#707, #711, #719, #730, #737, #761)
  • Bump github.com/aws/aws-sdk-go-v2 from 1.36.4 to 1.41.0 (#710, #720, #759)
  • Bump github.com/stretchr/testify from 1.10.0 to 1.11.1 (#728)
  • Bump github.com/aws/aws-sdk-go from 1.55.7 to 1.55.8 (#716)

Added

  • Adds new fields for Opensearch 3.0 (#702)
  • Allow users to override signing port (#721)
  • Add phase_took features supported from OpenSearch 2.12 (#722)
  • Adds the action to refresh the search analyzers to the ISM plugin (#686)

Changed

  • Test against Opensearch 3.0 (#702)
  • Add more SuggestOptions to SearchResp (#713)
  • Updates Go version to 1.24 (#674)
  • Replace golang.org/x/exp/slices usage with built-in slices (#674)
  • Update golangci-linter to 1.64.8 (#740)
  • Change MaxScore to pointer (#740)
  • Update workflow action (#760)
  • Migrate to golangci-lint v2 (#760)

Deprecated

Removed

Fixed

  • Missing "caused by" information in StructError (#752)
  • Add missing ignore_unavailable, allow_no_indices, and expand_wildcards params to MSearch (#757)
  • Fix UpdateResp to correctly parse the get field when _source is requested in update operations. (#739)

Security

Commits
  • 3fef39d prepare 4.6.0 release (#762)
  • 48eb43b Fix UpdateResp to parse get field when _source is requested (#739)
  • fd8d553 Bump github.com/aws/aws-sdk-go-v2/config from 1.31.12 to 1.32.5 (#761)
  • f41ec7f Bump github.com/aws/aws-sdk-go from 1.55.7 to 1.55.8 (#716)
  • 1cfd29e Bump github.com/aws/aws-sdk-go-v2 from 1.39.2 to 1.41.0 (#759)
  • 99b07f3 Update workflows (#760)
  • 5a6718e fix: add missing ignore_unavailable param to multi-search API (#757)
  • c801c69 Fix missing "caused by" information in StructError (#752)
  • e31c031 plugins/ism: add refresh_search_analyzers action (#686)
  • 4153a4c Stepping down from maintainers. (#741)
  • Additional commits viewable in compare view

Updates github.com/goccy/go-yaml from 1.19.0 to 1.19.1

Release notes

Sourced from github.com/goccy/go-yaml's releases.

1.19.1

What's Changed

Full Changelog: goccy/go-yaml@v1.19.0...v1.19.1

Commits

Updates github.com/moby/go-archive from 0.1.0 to 0.2.0

Release notes

Sourced from github.com/moby/go-archive's releases.

v0.2.0

What's Changed

Full Changelog: moby/go-archive@v0.1.0...v0.2.0

Commits
  • 263611f Merge pull request #20 from thaJeztah/carry_17
  • a1d4e73 Merge pull request #18 from thaJeztah/bump_gha
  • da4e566 xattr: Fix OS matching.
  • df87f45 Merge pull request #19 from thaJeztah/bump_deps
  • 8996f22 gha: update CodeQL Action to v4
  • 985c60f gha: codeql: use go stable
  • 4752b25 gha: update actions/setup-go@v6
  • 280f775 gha: update actions/checkout@v6
  • 4c912d3 gha: update golangci/golangci-lint-action@v9
  • 2cd730e go.mod: bump github.com/klauspost/compress v1.18.2
  • Additional commits viewable in compare view

Updates github.com/quic-go/quic-go from 0.57.1 to 0.58.0

Release notes

Sourced from github.com/quic-go/quic-go's releases.

v0.58.0

This release optimizes the QUIC handshake:

  • Multiple incoming packets are now processed before sending an acknowledgment, reducing the total number of packets sent: #5451
  • ACK frames are now packed into coalesced packets, reducing the need to send a separate packet just for the ACK in many cases: #5477
  • When packets are buffered during the handshake, this now doesn't lead to inflated RTT measurements anymore: #5493, #5494

Other notable changes

  • quic-go now has a new logo: #5484
  • ACK frames can now be encoded with up to 64 ranges (previously: 32): #5476
  • Serializing ACK frames is now significantly faster: #5476
  • Improved batch packet processing logic: #5478
  • qlog: added support for the datagram_id on packet_sent, packet_received and packet_buffered events, using the CRC32 of the packet

Changelog

Full Changelog: quic-go/quic-go@v0.57.0...v0.58.0

Commits
  • 96b8144 ackhandler: only generate RTT sample for the last ack-eliciting packet (#5493)
  • db87809 ackhandler: record RTT measurements for non-ack-eliciting packets (#5494)
  • 3c577ff utils: make TestAddTimestamp work in all time zones (#5492)
  • ef7fbab ci: add Go 1.26rc1 to tested Go versions (#5486)
  • c3fa789 update the logo (#5484)
  • 0eec64b ci: bump actions/upload-artifact from 5 to 6 (#5483)
  • 449162a ci: bump actions/cache from 4 to 5 (#5482)
  • add7529 improve batch packet processing logic (#5478)
  • bbcc555 allow packing of ACKs in coalesced packets (#5477)
  • 6bf4231 wire: add a function to trunctate an ACK frame to a given size (#5476)
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
build(deps): bump the go-dev-dependencies group with 5 updates
dd6e18a 
Bumps the go-dev-dependencies group with 5 updates:

| Package | From | To |
| --- | --- | --- |
| [github.com/go-playground/validator/v10](https://github.com/go-playground/validator) | `10.29.0` | `10.30.0` |
| [github.com/opensearch-project/opensearch-go/v4](https://github.com/opensearch-project/opensearch-go) | `4.5.0` | `4.6.0` |
| [github.com/goccy/go-yaml](https://github.com/goccy/go-yaml) | `1.19.0` | `1.19.1` |
| [github.com/moby/go-archive](https://github.com/moby/go-archive) | `0.1.0` | `0.2.0` |
| [github.com/quic-go/quic-go](https://github.com/quic-go/quic-go) | `0.57.1` | `0.58.0` |


Updates `github.com/go-playground/validator/v10` from 10.29.0 to 10.30.0
- [Release notes](https://github.com/go-playground/validator/releases)
- [Commits](go-playground/validator@v10.29.0...v10.30.0)

Updates `github.com/opensearch-project/opensearch-go/v4` from 4.5.0 to 4.6.0
- [Release notes](https://github.com/opensearch-project/opensearch-go/releases)
- [Changelog](https://github.com/opensearch-project/opensearch-go/blob/main/CHANGELOG.md)
- [Commits](opensearch-project/opensearch-go@v4.5.0...v4.6.0)

Updates `github.com/goccy/go-yaml` from 1.19.0 to 1.19.1
- [Release notes](https://github.com/goccy/go-yaml/releases)
- [Changelog](https://github.com/goccy/go-yaml/blob/master/CHANGELOG.md)
- [Commits](goccy/go-yaml@v1.19.0...v1.19.1)

Updates `github.com/moby/go-archive` from 0.1.0 to 0.2.0
- [Release notes](https://github.com/moby/go-archive/releases)
- [Changelog](https://github.com/moby/go-archive/blob/main/changes_test.go)
- [Commits](moby/go-archive@v0.1.0...v0.2.0)

Updates `github.com/quic-go/quic-go` from 0.57.1 to 0.58.0
- [Release notes](https://github.com/quic-go/quic-go/releases)
- [Commits](quic-go/quic-go@v0.57.1...v0.58.0)

---
updated-dependencies:
- dependency-name: github.com/go-playground/validator/v10
  dependency-version: 10.30.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-dev-dependencies
- dependency-name: github.com/opensearch-project/opensearch-go/v4
  dependency-version: 4.6.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-dev-dependencies
- dependency-name: github.com/goccy/go-yaml
  dependency-version: 1.19.1
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: go-dev-dependencies
- dependency-name: github.com/moby/go-archive
  dependency-version: 0.2.0
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: go-dev-dependencies
- dependency-name: github.com/quic-go/quic-go
  dependency-version: 0.58.0
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: go-dev-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Dec 22, 2025
@dependabot dependabot Bot requested review from a team as code owners December 22, 2025 04:08
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Dec 22, 2025
@greenbonebot
Copy link
Copy Markdown
Member

greenbonebot commented Dec 22, 2025

Scanning the following files:

go.mod
go.sum

Scan: 'go.mod'

Nothing detected in go.mod
Scan took 0.00 seconds

Scan: 'go.sum'

Nothing detected in go.sum
Scan took 0.00 seconds

@github-actions
Copy link
Copy Markdown

github-actions Bot commented Dec 22, 2025

Conventional Commits Report

😢 No conventional commits found.

👉 Learn more about the conventional commits usage at Greenbone.

@codecov
Copy link
Copy Markdown

codecov Bot commented Dec 22, 2025
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 57.66%. Comparing base (578bab4) to head (dd6e18a).
⚠️ Report is 1 commits behind head on main.

Additional details and impacted files 
@@             Coverage Diff             @@
##             main     #275       +/-   ##
===========================================
- Coverage   94.01%   57.66%   -36.36%     
===========================================
  Files           5       69       +64     
  Lines         501     3812     +3311     
===========================================
+ Hits          471     2198     +1727     
- Misses         20     1433     +1413     
- Partials       10      181      +171
Flag Coverage Δ
opensearch-tests 95.66% <ø> (ø)
postgres-tests 91.96% <ø> (ø)
unit-tests 52.15% <ø> (?)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot Bot commented on behalf of github Dec 29, 2025

Looks like these dependencies are updatable in another way, so this is no longer needed.

@dependabot dependabot Bot closed this Dec 29, 2025
@dependabot dependabot Bot deleted the dependabot/go_modules/go-dev-dependencies-8aaf22b52b branch December 29, 2025 04:06
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file go Pull requests that update Go code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@greenbonebot