Skip to content

build(deps): bump the go group with 7 updates #580

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Nov 4, 2025
Merged

build(deps): bump the go group with 7 updates #580

merged 1 commit into from
Nov 4, 2025

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Nov 1, 2025

Bumps the go group with 7 updates:

Package From To
github.com/getsentry/sentry-go 0.35.3 0.36.2
github.com/quic-go/quic-go 0.54.1 0.55.0
golang.org/x/crypto 0.42.0 0.43.0
golang.org/x/net 0.44.0 0.45.0
golang.org/x/sys 0.36.0 0.37.0
google.golang.org/grpc 1.75.1 1.76.0
google.golang.org/protobuf 1.36.9 1.36.10

Updates github.com/getsentry/sentry-go from 0.35.3 to 0.36.2

Release notes

Sourced from github.com/getsentry/sentry-go's releases.

0.36.2

The Sentry SDK team is happy to announce the immediate availability of Sentry Go SDK v0.36.2.

Bug Fixes

  • Fix context propagation for logs to ensure logger instances correctly inherit span and hub information from their creation context (#1118)
    • Logs now properly propagate trace context from the logger's original context, even when emitted in a different context
    • The logger will first check the emission context, then fall back to its creation context, and finally to the current hub

0.36.1

The Sentry SDK team is happy to announce the immediate availability of Sentry Go SDK v0.36.1.

Bug Fixes

  • Prevent panic when converting error chains containing non-comparable error types by using a safe fallback for visited detection in exception conversion (#1113)

0.36.0

The Sentry SDK team is happy to announce the immediate availability of Sentry Go SDK v0.36.0.

Breaking Changes

  • Behavioral change for the MaxBreadcrumbs client option. Removed the hard limit of 100 breadcrumbs, allowing users to set a larger limit and also changed the default limit from 30 to 100 (#1106))

  • The changes to error handling (#1075) will affect issue grouping. It is expected that any wrapped and complex errors will be grouped under a new issue group.

Features

  • Add support for improved issue grouping with enhanced error chain handling (#1075)

    The SDK now provides better handling of complex error scenarios, particularly when dealing with multiple related errors or error chains. This feature automatically detects and properly structures errors created with Go's errors.Join() function and other multi-error patterns.

    // Multiple errors are now properly grouped and displayed in Sentry
err1 := errors.New("err1")
err2 := errors.New("err2") 
combinedErr := errors.Join(err1, err2)
// When captured, these will be shown as related exceptions in Sentry
sentry.CaptureException(combinedErr)

  • Add TraceIgnoreStatusCodes option to allow filtering of HTTP transactions based on status codes (#1089)

    • Configure which HTTP status codes should not be traced by providing single codes or ranges
    • Example: TraceIgnoreStatusCodes: [][]int{{404}, {500, 599}} ignores 404 and server errors 500-599

Bug Fixes

  • Fix logs being incorrectly filtered by BeforeSend callback (#1109)
    • Logs now bypass the processEvent method and are sent directly to the transport
    • This ensures logs are only filtered by BeforeSendLog, not by the error/message BeforeSend callback

... (truncated)

Changelog

Sourced from github.com/getsentry/sentry-go's changelog.

0.36.2

The Sentry SDK team is happy to announce the immediate availability of Sentry Go SDK v0.36.2.

Bug Fixes

  • Fix context propagation for logs to ensure logger instances correctly inherit span and hub information from their creation context (#1118)
    • Logs now properly propagate trace context from the logger's original context, even when emitted in a different context
    • The logger will first check the emission context, then fall back to its creation context, and finally to the current hub

0.36.1

The Sentry SDK team is happy to announce the immediate availability of Sentry Go SDK v0.36.1.

Bug Fixes

  • Prevent panic when converting error chains containing non-comparable error types by using a safe fallback for visited detection in exception conversion (#1113)

0.36.0

The Sentry SDK team is happy to announce the immediate availability of Sentry Go SDK v0.36.0.

Breaking Changes

  • Behavioral change for the MaxBreadcrumbs client option. Removed the hard limit of 100 breadcrumbs, allowing users to set a larger limit and also changed the default limit from 30 to 100 (#1106))

  • The changes to error handling (#1075) will affect issue grouping. It is expected that any wrapped and complex errors will be grouped under a new issue group.

Features

  • Add support for improved issue grouping with enhanced error chain handling (#1075)

    The SDK now provides better handling of complex error scenarios, particularly when dealing with multiple related errors or error chains. This feature automatically detects and properly structures errors created with Go's errors.Join() function and other multi-error patterns.

    // Multiple errors are now properly grouped and displayed in Sentry
err1 := errors.New("err1")
err2 := errors.New("err2") 
combinedErr := errors.Join(err1, err2)
// When captured, these will be shown as related exceptions in Sentry
sentry.CaptureException(combinedErr)

  • Add TraceIgnoreStatusCodes option to allow filtering of HTTP transactions based on status codes (#1089)

    • Configure which HTTP status codes should not be traced by providing single codes or ranges
    • Example: TraceIgnoreStatusCodes: [][]int{{404}, {500, 599}} ignores 404 and server errors 500-599

Bug Fixes

... (truncated)

Commits

Updates github.com/quic-go/quic-go from 0.54.1 to 0.55.0

Release notes

Sourced from github.com/quic-go/quic-go's releases.

v0.55.0

This release contains a number of improvements and fixes, and it updates the supported Go versions to 1.24 and 1.25.

Optimizations

When sending packets on a QUIC connection, RFC 9002 requires us to save the timestamp for every packet sent. In #5344, we implemented a memory-optimized drop-in replacement for time.Time, which reduces the memory required from 24 to 8 bytes, and vastly speeds up timer calculations (which happen very frequently).

New Features

  • Basic connection statistics are now exposed via Conn.ConnectionStats, thanks to @​MarcoPolo
  • On some links, packet reordering can lead to spurious detections of packet loss when using the loss detection logic specified in RFC 9002. #5355 adds logic detect when packet loss is detected spuriously.

Notable Fixes

  • http3: don't allow usage of closed Transport: #5324, thanks to @​Glonee
  • http3: fix race in concurrent Transport.Roundtrip calls: #5323, thanks to @​Glonee
  • improve and fix connection timer logic: #5339, thanks to @​sukunrt for a very comprehensive code review

Behind the Scenes

We have started transitioning tests to make use of the new synctest package that was added in Go 1.25 (and was available as a GOEXPERIMENT in Go 1.24): #5291, #5296, #5298, #5299, #5302, #5304, #5305, #5306, #5317. This is a lot of work, but it makes the test execution both faster and more reliable.

Changelog

... (truncated)

Commits
  • 7c1ce0e ackhandler: track lost packets and detect spurious losses (#5355)
  • 0f5d99d fix missing tracing of restored transport parameters (#5349)
  • f607ef4 protocol: optimize ConnectionID.String (#5351)
  • ce7c9ea drop initial keys when the handshake is confirmed (#5354)
  • 97f3aae use synctest to make the connection tests fully deterministic (#5317)
  • 2ac3b16 improve connection timer logic (#5339)
  • 44869e6 add a benchmark test for data transfers (#5335)
  • adc13be implement a memory-optimized time.Time replacement (#5334)
  • f61188b ackhandler: add a benchmark for sending and acknowledging packets (#5333)
  • efe74cd return stream frames to pool on stream cancellations (#5327)
  • Additional commits viewable in compare view

Updates golang.org/x/crypto from 0.42.0 to 0.43.0

Commits
  • 627cb89 go.mod: update golang.org/x dependencies
  • dca4914 acme: fix autocert TestHTTPHandlerDefaultFallback
  • 1336e21 x509roots/fallback: update bundle
  • 2beaa59 ssh: add VerifiedPublicKeyCallback
  • 66c3d8c ssh: add support for FIPS mode
  • ddb4e80 ssh: remove custom contains, use slices.Contains
  • f4d47b0 ssh: return clearer error when signature algorithm is used as key format
  • 96dc232 x509roots/fallback/bundle: add bundle package to export root certs
  • 8c9ba31 all: freeze and deprecate more packages
  • 559e062 ssh/agent: return an error for unexpected message types
  • See full diff in compare view

Updates golang.org/x/net from 0.44.0 to 0.45.0

Commits
  • 59706cd html: impose open element stack size limit
  • 6ec8895 html: align in row insertion mode with spec
  • 5393563 http2: fix RFC 9218 write scheduler not being idempotent
  • b2ab371 internal/httpsfv: implement parsing support for date and display string
  • edb764c internal/httpsfv: add parsing functionality for types defined in RFC 8941
  • fbba2c2 internal/httpsfv: add support for consuming Display String and Date type
  • 47a241f http2: make the error channel pool per-Server
  • 51f657b webdav/internal/xml: use the built-in min function
  • f2e909b internal/httpsfv: implement parsing support for Dictionary and List type.
  • 7d8cfce internal/httpsfv: add support for Bare Inner List and Item type.
  • Additional commits viewable in compare view

Updates golang.org/x/sys from 0.36.0 to 0.37.0

Commits
  • 1edeebe unix: mkall.sh: fail if docker build failed
  • ecada54 unix: use slices.{Equal,Sort} in tests
  • 5e63aa5 windows: export O_FILE_FLAG_* to be used in os.OpenFile on windows
  • 033906b unix: add (*CPUSet).Fill helper to enable all CPUs
  • 6be6c58 windows: add FlushConsoleInputBuffer and GetNumberOfConsoleInputEvents
  • 32e2038 unix: use Go 1.21+ clear built-in
  • 137f2ed sys: add support for NetBSD getvfsstat
  • See full diff in compare view

Updates google.golang.org/grpc from 1.75.1 to 1.76.0

Release notes

Sourced from google.golang.org/grpc's releases.

Release 1.76.0

Dependencies

Bug Fixes

  • client: Return status INTERNAL when a server sends zero response messages for a unary or client-streaming RPC. (#8523)
  • client: Fail RPCs with status INTERNAL instead of UNKNOWN upon receiving http headers with status 1xx and END_STREAM flag set. (#8518)
  • pick_first: Fix race condition that could cause pick_first to get stuck in IDLE state on backend address change. (#8615)

New Features

  • credentials: Add credentials/jwt package providing file-based JWT PerRPCCredentials (A97). (#8431)

Performance Improvements

  • client: Improve HTTP/2 header size estimate to reduce re-allocations. (#8547)
  • encoding/proto: Avoid redundant message size calculation when marshaling. (#8569)
Commits
  • d96c2ef Change version to 1.76.0 (#8584)
  • 79c553c Cherry pick #8610, #8615 to v1.76.x (#8621)
  • 0513350 client: minor improvements to log messages (#8564)
  • ebaf486 credentials: implement file-based JWT Call Credentials (part 1 for A97) (#8431)
  • ca78c90 xds/resolver_test: fix flaky test ResolverBadServiceUpdate_NACKedWithoutCache...
  • 83bead4 internal/buffer: set closed flag when closing channel in the Load method (#8575)
  • 0f45079 encoding/proto: enable use cached size option (#8569)
  • 8420f3f transport: avoid slice reallocation during header creation (#8547)
  • b36320e Revert "stats/opentelemetry: record retry attempts from clientStream (#8342)"...
  • c122250 stats/opentelemetry: record retry attempts from clientStream (#8342)
  • Additional commits viewable in compare view

Updates google.golang.org/protobuf from 1.36.9 to 1.36.10

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
build(deps): bump the go group with 7 updates
70512b7 
Bumps the go group with 7 updates:

| Package | From | To |
| --- | --- | --- |
| [github.com/getsentry/sentry-go](https://github.com/getsentry/sentry-go) | `0.35.3` | `0.36.2` |
| [github.com/quic-go/quic-go](https://github.com/quic-go/quic-go) | `0.54.1` | `0.55.0` |
| [golang.org/x/crypto](https://github.com/golang/crypto) | `0.42.0` | `0.43.0` |
| [golang.org/x/net](https://github.com/golang/net) | `0.44.0` | `0.45.0` |
| [golang.org/x/sys](https://github.com/golang/sys) | `0.36.0` | `0.37.0` |
| [google.golang.org/grpc](https://github.com/grpc/grpc-go) | `1.75.1` | `1.76.0` |
| google.golang.org/protobuf | `1.36.9` | `1.36.10` |


Updates `github.com/getsentry/sentry-go` from 0.35.3 to 0.36.2
- [Release notes](https://github.com/getsentry/sentry-go/releases)
- [Changelog](https://github.com/getsentry/sentry-go/blob/master/CHANGELOG.md)
- [Commits](getsentry/sentry-go@v0.35.3...v0.36.2)

Updates `github.com/quic-go/quic-go` from 0.54.1 to 0.55.0
- [Release notes](https://github.com/quic-go/quic-go/releases)
- [Commits](quic-go/quic-go@v0.54.1...v0.55.0)

Updates `golang.org/x/crypto` from 0.42.0 to 0.43.0
- [Commits](golang/crypto@v0.42.0...v0.43.0)

Updates `golang.org/x/net` from 0.44.0 to 0.45.0
- [Commits](golang/net@v0.44.0...v0.45.0)

Updates `golang.org/x/sys` from 0.36.0 to 0.37.0
- [Commits](golang/sys@v0.36.0...v0.37.0)

Updates `google.golang.org/grpc` from 1.75.1 to 1.76.0
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](grpc/grpc-go@v1.75.1...v1.76.0)

Updates `google.golang.org/protobuf` from 1.36.9 to 1.36.10

---
updated-dependencies:
- dependency-name: github.com/getsentry/sentry-go
  dependency-version: 0.36.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: github.com/quic-go/quic-go
  dependency-version: 0.55.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: golang.org/x/crypto
  dependency-version: 0.43.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: golang.org/x/net
  dependency-version: 0.45.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: golang.org/x/sys
  dependency-version: 0.37.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: google.golang.org/grpc
  dependency-version: 1.76.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: google.golang.org/protobuf
  dependency-version: 1.36.10
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Nov 1, 2025
@dependabot dependabot bot requested a review from a team as a code owner November 1, 2025 23:01
@dependabot dependabot bot requested a review from calebdoxsey November 1, 2025 23:01
@dependabot dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Nov 1, 2025
@calebdoxsey calebdoxsey merged commit 4de2e61 into main Nov 4, 2025
9 checks passed
@calebdoxsey calebdoxsey deleted the dependabot/go_modules/go-c4cbda0841 branch November 4, 2025 03:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@calebdoxsey calebdoxsey calebdoxsey approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file go Pull requests that update Go code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@calebdoxsey