chore(deps): bump the go_modules group across 4 directories with 8 updates #57

dependabot · 2025-08-28T14:06:12Z

Bumps the go_modules group with 2 updates in the /ci/pod/openfunction/function-example/test-body directory: github.com/cloudevents/sdk-go/v2 and github.com/dapr/dapr.
Bumps the go_modules group with 2 updates in the /ci/pod/openfunction/function-example/test-uri directory: github.com/cloudevents/sdk-go/v2 and github.com/dapr/dapr.
Bumps the go_modules group with 4 updates in the /t/grpc_server_example directory: golang.org/x/net, golang.org/x/sys, golang.org/x/text and google.golang.org/grpc.
Bumps the go_modules group with 1 update in the /t/plugin/grpc-web directory: google.golang.org/grpc.

Updates github.com/cloudevents/sdk-go/v2 from 2.4.1 to 2.15.2

Release notes

Sourced from github.com/cloudevents/sdk-go/v2's releases.

Release v2.15.2

What's Changed

Patch for a potential security issue. See CVE-2024-28110.

Note: this could be a breaking change for people if they purposely change golang's HTTP DefaultClient, or change the CloudEvents Client returned from NewClient, and expect those changes to be visible on other HTTP flows using those Clients. E.g. auth

Full Changelog: cloudevents/sdk-go@v2.15.1...v2.15.2

Release v2.15.1

What's Changed

Bump andstor/file-existence-action from 2 to 3 by @dependabot in cloudevents/sdk-go#1009

Bump golang.org/x/crypto from 0.14.0 to 0.17.0 in /test/conformance by @dependabot in cloudevents/sdk-go#993

Bump golang.org/x/crypto from 0.14.0 to 0.17.0 in /test/benchmark by @dependabot in cloudevents/sdk-go#994

Bump golang.org/x/crypto from 0.14.0 to 0.17.0 in /samples/kafka by @dependabot in cloudevents/sdk-go#995

Bump golang.org/x/crypto from 0.14.0 to 0.17.0 in /test/integration by @dependabot in cloudevents/sdk-go#996

Bump golang.org/x/crypto from 0.14.0 to 0.17.0 in /protocol/kafka_sarama/v2 by @dependabot in cloudevents/sdk-go#997

Bump golang.org/x/crypto from 0.14.0 to 0.17.0 in /samples/http by @dependabot in cloudevents/sdk-go#998

Bump golang.org/x/crypto from 0.14.0 to 0.17.0 in /samples/nats by @dependabot in cloudevents/sdk-go#999

Bump golang.org/x/crypto from 0.14.0 to 0.17.0 in /samples/stan by @dependabot in cloudevents/sdk-go#1004

Bump golang.org/x/crypto from 0.14.0 to 0.17.0 in /samples/nats_jetstream by @dependabot in cloudevents/sdk-go#1003

Bump golang.org/x/crypto from 0.14.0 to 0.17.0 in /protocol/nats/v2 by @dependabot in cloudevents/sdk-go#1002

Bump golang.org/x/crypto from 0.14.0 to 0.17.0 in /protocol/nats_jetstream/v2 by @dependabot in cloudevents/sdk-go#1001

Bump golang.org/x/crypto from 0.14.0 to 0.17.0 in /protocol/stan/v2 by @dependabot in cloudevents/sdk-go#1000

Propose the confluent-kafka-go binding for Kafka by @yanmxa in cloudevents/sdk-go#1008

Sync CESQL tck tests by @Cali0707 in cloudevents/sdk-go#1010

Fix docstring typos in nats and jetstream protocol by @jafossum in cloudevents/sdk-go#1013

Bump golangci/golangci-lint-action from 3 to 4 by @dependabot in cloudevents/sdk-go#1016

Bump the bundler group across 1 directories with 1 update by @dependabot in cloudevents/sdk-go#1011

Remove vi swp file by @duglin in cloudevents/sdk-go#1020

New Contributors

@Cali0707 made their first contribution in cloudevents/sdk-go#1010

@jafossum made their first contribution in cloudevents/sdk-go#1013

Full Changelog: cloudevents/sdk-go@v2.15.0...v2.15.1

Release v2.15.0

Highlights 💫

This release includes various updates and improvements such as README enhancements, dependency bumps, bug fixes, race condition resolutions, and protocol-related adjustments. Notable changes involve upgrading dependencies like grpc and go.opentelemetry, addressing race conditions, fixing Kafka test issues, and introducing new features like binary content mode for NATS and JetStream protocols. Additionally, there are governance documentation updates, link corrections, and improvements in error handling and documentation across different modules.

Breaking 🚨

The Kafka Sarama protocol now uses the "github.com/IBM/sarama" Go module import path.

Commits 📄

896e1d0 Update README.md 75ec0f2 Bump actions/setup-go from 4 to 5 41e80f7 fixed couple issues

... (truncated)

Commits

de2f283 Merge pull request from GHSA-5pf6-2qwx-pxm2
c5f8d9d Update v2/protocol/http/protocol.go
c17d949 Avoid modifying the DefaultClient's Transport
67e3899 Merge pull request #1020 from duglin/oops
f0061e0 oops
4cc6c2d Merge pull request #1011 from cloudevents/dependabot/bundler/docs/bundler-sec...
b6949b0 Bump the bundler group across 1 directories with 1 update
df51395 Merge pull request #1016 from cloudevents/dependabot/github_actions/golangci/...
1af6e06 Bump golangci/golangci-lint-action from 3 to 4
2574a05 Merge pull request #1013 from jafossum/fix-nats-typos
Additional commits viewable in compare view

Updates github.com/dapr/dapr from 1.6.0 to 1.10.9

Commits

99d6799 Fixed API token authentication bypassed when path contains /healthz
4ab981b [release-1.10] Upgrade Avro dependency (#6686)
e59b71d Adds Azure Service Bus fix to v1.10.8 release notest p (#6575)
aacddf7 Adds missing v1.10.8 release notes (#6556)
aa793e2 [1.10] Fix bulk subscribe response (#6513)
7976088 Pin contrib v1.10.9 (#6561)
99f3db7 Fixed goroutine leak in reminders and timers (#6523) (#6554)
e00f51d add ownerref rbac (#6545)
23fc466 [release-1.10] cherry pick of MongoDB Actor Reminder fix (#6529)
12fc7c8 [release-1.10] Fix panic in service invocation when connection fails (#6492)
Additional commits viewable in compare view

Updates golang.org/x/net from 0.0.0-20211015210444-4f30a5c0130f to 0.6.0

Commits

e1fcd82 html: properly handle trailing solidus in unquoted attribute value in foreign...
ebed060 internal/http3: fix build of tests with GOEXPERIMENT=nosynctest
1f1fa29 publicsuffix: regenerate table
1215081 http2: improve error when server sends HTTP/1
312450e html: ensure <search> tag closes <p> and update tests
09731f9 http2: improve handling of lost PING in Server
55989e2 http2/h2c: use ResponseController for hijacking connections
2914f46 websocket: re-recommend gorilla/websocket
99b3ae0 go.mod: update golang.org/x dependencies
85d1d54 go.mod: update golang.org/x dependencies
Additional commits viewable in compare view

Updates golang.org/x/sys from 0.0.0-20211019181941-9d821ace8654 to 0.5.0

Commits

5b936e1 unix/linux: update to Linux kernel 6.16, Go to 1.24.5
3a82703 unix: remove redundant xnu version check for {p}readv/{p}writev
9920300 unix: add missing nft conntrack constants
ad4e0fc unix: remove redundant word in comment
084ad87 unix: fix //sys decl after CL 548795
751c3c6 unix: add missing NFT_PAYLOAD_* consts on linux
0c740cc unix: update Go to 1.24.3
d62d31c unix: update Linux constants and types to v6.14
3d9a6b8 windows: add WSADuplicateSocket
c0a9559 cpu: add crypto extensions detection for riscv64
Additional commits viewable in compare view

Updates golang.org/x/text from 0.3.7 to 0.7.0

Commits

425d715 go.mod: update golang.org/x dependencies
b6d2645 go.mod: update golang.org/x dependencies
8072180 go.mod: update golang.org/x dependencies
6cacac1 go.mod: update tagx:ignore'd golang.org/x dependencies
700cc20 go.mod: update golang.org/x dependencies
4890c57 go.mod: update golang.org/x dependencies
See full diff in compare view

Updates google.golang.org/grpc from 1.40.0 to 1.52.3

Release notes

Sourced from google.golang.org/grpc's releases.

Release 1.56.3

Security

server: prohibit more than MaxConcurrentStreams handlers from running at once (CVE-2023-44487)

In addition to this change, applications should ensure they do not leave running tasks behind related to the RPC before returning from method handlers, or should enforce appropriate limits on any such work.

Release 1.56.2

status: To fix a panic, status.FromError now returns an error with codes.Unknown when the error implements the GRPCStatus() method, and calling GRPCStatus() returns nil. (#6374)

Release 1.56.1

client: handle empty address lists correctly in addrConn.updateAddrs

Release 1.56.0

New Features

client: support channel idleness using WithIdleTimeout dial option (#6263)

This feature is currently disabled by default, but will be enabled with a 30 minute default in the future.

client: when using pickfirst, keep channel state in TRANSIENT_FAILURE until it becomes READY (gRFC A62) (#6306)

xds: Add support for Custom LB Policies (gRFC A52) (#6224)

xds: support pick_first Custom LB policy (gRFC A62) (#6314) (#6317)

client: add support for pickfirst address shuffling (gRFC A62) (#6311)

xds: Add support for String Matcher Header Matcher in RDS (#6313)

xds/outlierdetection: Add Channelz Logger to Outlier Detection LB (#6145)

Special Thanks: @s-matyukevich

xds: enable RLS in xDS by default (#6343)

orca: add support for application_utilization field and missing range checks on several metrics setters

balancer/weightedroundrobin: add new LB policy for balancing between backends based on their load reports (gRFC A58) (#6241)

authz: add conversion of json to RBAC Audit Logging config (#6192)

authz: add support for stdout logger (#6230 and #6298)

authz: support customizable audit functionality for authorization policy (#6192 #6230 #6298 #6158 #6304 and #6225)

Bug Fixes

orca: fix a race at startup of out-of-band metric subscriptions that would cause the report interval to request 0 (#6245)

xds/xdsresource: Fix Outlier Detection Config Handling and correctly set xDS Defaults (#6361)

xds/outlierdetection: Fix Outlier Detection Config Handling by setting defaults in ParseConfig() (#6361)

API Changes

orca: allow a ServerMetricsProvider to be passed to the ORCA service and ServerOption (#6223)

Release 1.55.1

status: To fix a panic, status.FromError now returns an error with codes.Unknown when the error implements the GRPCStatus() method, and calling GRPCStatus() returns nil. (#6374)

Release 1.55.0

Behavior Changes

xds: enable federation support by default (#6151)

status: status.Code and status.FromError handle wrapped errors (#6031 and #6150)

... (truncated)

Commits

1055b48 Update version.go to 1.56.3 (#6713)
5efd7bd server: prohibit more than MaxConcurrentStreams handlers from running at once...
bd1f038 Upgrade version.go to 1.56.3-dev (#6434)
faab873 Update version.go to v1.56.2 (#6432)
6b0b291 status: fix panic when servers return a wrapped error with status OK (#6374) ...
ed56401 [PSM interop] Don't fail target if sub-target already failed (#6390) (#6405)
cd6a794 Update version.go to v1.56.2-dev (#6387)
5b67e5e Update version.go to v1.56.1 (#6386)
d0f5150 client: handle empty address lists correctly in addrConn.updateAddrs (#6354) ...
997c1ea Change version to 1.56.1-dev (#6345)
Additional commits viewable in compare view

Updates google.golang.org/protobuf from 1.28.0 to 1.28.1

Updates gopkg.in/yaml.v3 from 3.0.0 to 3.0.1

Updates github.com/cloudevents/sdk-go/v2 from 2.4.1 to 2.15.2

Release notes

Sourced from github.com/cloudevents/sdk-go/v2's releases.

Release v2.15.2

What's Changed

Patch for a potential security issue. See CVE-2024-28110.

Note: this could be a breaking change for people if they purposely change golang's HTTP DefaultClient, or change the CloudEvents Client returned from NewClient, and expect those changes to be visible on other HTTP flows using those Clients. E.g. auth

Full Changelog: cloudevents/sdk-go@v2.15.1...v2.15.2

Release v2.15.1

What's Changed

Bump andstor/file-existence-action from 2 to 3 by @dependabot in cloudevents/sdk-go#1009

Bump golang.org/x/crypto from 0.14.0 to 0.17.0 in /test/conformance by @dependabot in cloudevents/sdk-go#993

Bump golang.org/x/crypto from 0.14.0 to 0.17.0 in /test/benchmark by @dependabot in cloudevents/sdk-go#994

Bump golang.org/x/crypto from 0.14.0 to 0.17.0 in /samples/kafka by @dependabot in cloudevents/sdk-go#995

Bump golang.org/x/crypto from 0.14.0 to 0.17.0 in /test/integration by @dependabot in cloudevents/sdk-go#996

Bump golang.org/x/crypto from 0.14.0 to 0.17.0 in /protocol/kafka_sarama/v2 by @dependabot in cloudevents/sdk-go#997

Bump golang.org/x/crypto from 0.14.0 to 0.17.0 in /samples/http by @dependabot in cloudevents/sdk-go#998

Bump golang.org/x/crypto from 0.14.0 to 0.17.0 in /samples/nats by @dependabot in cloudevents/sdk-go#999

Bump golang.org/x/crypto from 0.14.0 to 0.17.0 in /samples/stan by @dependabot in cloudevents/sdk-go#1004

Bump golang.org/x/crypto from 0.14.0 to 0.17.0 in /samples/nats_jetstream by @dependabot in cloudevents/sdk-go#1003

Bump golang.org/x/crypto from 0.14.0 to 0.17.0 in /protocol/nats/v2 by @dependabot in cloudevents/sdk-go#1002

Bump golang.org/x/crypto from 0.14.0 to 0.17.0 in /protocol/nats_jetstream/v2 by @dependabot in cloudevents/sdk-go#1001

Bump golang.org/x/crypto from 0.14.0 to 0.17.0 in /protocol/stan/v2 by @dependabot in cloudevents/sdk-go#1000

Propose the confluent-kafka-go binding for Kafka by @yanmxa in cloudevents/sdk-go#1008

Sync CESQL tck tests by @Cali0707 in cloudevents/sdk-go#1010

Fix docstring typos in nats and jetstream protocol by @jafossum in cloudevents/sdk-go#1013

Bump golangci/golangci-lint-action from 3 to 4 by @dependabot in cloudevents/sdk-go#1016

Bump the bundler group across 1 directories with 1 update by @dependabot in cloudevents/sdk-go#1011

Remove vi swp file by @duglin in cloudevents/sdk-go#1020

New Contributors

@Cali0707 made their first contribution in cloudevents/sdk-go#1010

@jafossum made their first contribution in cloudevents/sdk-go#1013

Full Changelog: cloudevents/sdk-go@v2.15.0...v2.15.1

Release v2.15.0

Highlights 💫

This release includes various updates and improvements such as README enhancements, dependency bumps, bug fixes, race condition resolutions, and protocol-related adjustments. Notable changes involve upgrading dependencies like grpc and go.opentelemetry, addressing race conditions, fixing Kafka test issues, and introducing new features like binary content mode for NATS and JetStream protocols. Additionally, there are governance documentation updates, link corrections, and improvements in error handling and documentation across different modules.

Breaking 🚨

The Kafka Sarama protocol now uses the "github.com/IBM/sarama" Go module import path.

Commits 📄

896e1d0 Update README.md 75ec0f2 Bump actions/setup-go from 4 to 5 41e80f7 fixed couple issues

... (truncated)

Commits

de2f283 Merge pull request from GHSA-5pf6-2qwx-pxm2
c5f8d9d Update v2/protocol/http/protocol.go
c17d949 Avoid modifying the DefaultClient's Transport
67e3899 Merge pull request #1020 from duglin/oops
f0061e0 oops
4cc6c2d Merge pull request #1011 from cloudevents/dependabot/bundler/docs/bundler-sec...
b6949b0 Bump the bundler group across 1 directories with 1 update
df51395 Merge pull request #1016 from cloudevents/dependabot/github_actions/golangci/...
1af6e06 Bump golangci/golangci-lint-action from 3 to 4
2574a05 Merge pull request #1013 from jafossum/fix-nats-typos
Additional commits viewable in compare view

Updates github.com/dapr/dapr from 1.8.3 to 1.10.9

Commits

99d6799 Fixed API token authentication bypassed when path contains /healthz
4ab981b [release-1.10] Upgrade Avro dependency (#6686)
e59b71d Adds Azure Service Bus fix to v1.10.8 release notest p (#6575)
aacddf7 Adds missing v1.10.8 release notes (#6556)
aa793e2 [1.10] Fix bulk subscribe response (#6513)
7976088 Pin contrib v1.10.9 (#6561)
99f3db7 Fixed goroutine leak in reminders and timers (#6523) (#6554)
e00f51d add ownerref rbac (#6545)
23fc466 [release-1.10] cherry pick of MongoDB Actor Reminder fix (#6529)
12fc7c8 [release-1.10] Fix panic in service invocation when connection fails (#6492)
Additional commits viewable in compare view

Updates golang.org/x/net from 0.0.0-20220621193019-9d032be2e588 to 0.6.0

Commits

e1fcd82 html: properly handle trailing solidus in unquoted attribute value in foreign...
ebed060 internal/http3: fix build of tests with GOEXPERIMENT=nosynctest
1f1fa29 publicsuffix: regenerate table
1215081 http2: improve error when server sends HTTP/1
312450e html: ensure <search> tag closes <p> and update tests
09731f9 http2: improve handling of lost PING in Server
55989e2 http2/h2c: use ResponseController for hijacking connections
2914f46 websocket: re-recommend gorilla/websocket
99b3ae0 go.mod: update golang.org/x dependencies
85d1d54 go.mod: update golang.org/x dependencies
Additional commits viewable in compare view

Updates golang.org/x/sys from 0.0.0-20220520151302-bc2c85ada10a to 0.5.0

Commits

5b936e1 unix/linux: update to Linux kernel 6.16, Go to 1.24.5
3a82703 unix: remove redundant xnu version check for {p}readv/{p}writev
9920300 unix: add missing nft conntrack constants
ad4e0fc unix: remove redundant word in comment
084ad87 unix: fix //sys decl after CL 548795
751c3c6 unix: add missing NFT_PAYLOAD_* consts on linux
0c740cc unix: update Go to 1.24.3
d62d31c unix: update Linux constants and types to v6.14
3d9a6b8 windows: add WSADuplicateSocket
c0a9559 cpu: add crypto extensions detection for riscv64
Additional commits viewable in compare view

Updates golang.org/x/text from 0.3.7 to 0.7.0

Commits

425d715 go.mod: update golang.org/x dependencies
b6d2645 go.mod: update golang.org/x dependencies
8072180 go.mod: update golang.org/x dependencies
6cacac1 go.mod: update tagx:ignore'd golang.org/x dependencies
700cc20 go.mod: update golang.org/x dependencies
4890c57 go.mod: update golang.org/x dependencies
See full diff in compare view

Updates google.golang.org/grpc from 1.47.0 to 1.52.3

Release notes

Sourced from google.golang.org/grpc's releases.

Release 1.56.3

Security

server: prohibit more than MaxConcurrentStreams handlers from running at once (CVE-2023-44487)

In addition to this change, applications should ensure they do not leave running tasks behind related to the RPC before returning from method handlers, or should enforce appropriate limits on any such work.

Release 1.56.2

status: To fix a panic, status.FromError now returns an error with codes.Unknown when the error implements the GRPCStatus() method, and calling GRPCStatus() returns nil. (#6374)

Release 1.56.1

client: handle empty address lists correctly in addrConn.updateAddrs

Release 1.56.0

New Features

client: support channel idleness using WithIdleTimeout dial option (#6263)

This feature is currently disabled by default, but will be enabled with a 30 minute default in the future.

client: when using pickfirst, keep channel state in TRANSIENT_FAILURE until it becomes READY (gRFC A62) (#6306)

xds: Add support for Custom LB Policies (gRFC A52) (#6224)

xds: support pick_first Custom LB policy (gRFC A62) (#6314) (#6317)

client: add support for pickfirst address shuffling (gRFC A62) (#6311)

xds: Add support for String Matcher Header Matcher in RDS (#6313)

xds/outlierdetection: Add Channelz Logger to Outlier Detection LB (#6145)

Special Thanks: @s-matyukevich

xds: enable RLS in xDS by default (#6343)

orca: add support for application_utilization field and missing range checks on several metrics setters

balancer/weightedroundrobin: add new LB policy for balancing between backends based on their load reports (gRFC A58) (#6241)

authz: add conversion of json to RBAC Audit Logging config (#6192)

authz: add support for stdout logger (#6230 and #6298)

authz: support customizable audit functionality for authorization policy (#6192 #6230 #6298 #6158 #6304 and #6225)

Bug Fixes

orca: fix a race at startup of out-of-band metric subscriptions that would cause the report interval to request 0 (#6245)

xds/xdsresource: Fix Outlier Detection Config Handling and correctly set xDS Defaults (#6361)

xds/outlierdetection: Fix Outlier Detection Config Handling by setting defaults in ParseConfig() (#6361)

API Changes

orca: allow a ServerMetricsProvider to be passed to the ORCA service and ServerOption (#6223)

Release 1.55.1

status: To fix a panic, status.FromError now returns an error with codes.Unknown when the error implements the GRPCStatus() method, and calling GRPCStatus() returns nil. (#6374)

Release 1.55.0

Behavior Changes

xds: enable federation support by default (#6151)

status: status.Code and status.FromError handle wrapped errors (#6031 and #6150)

... (truncated)

Commits

1055b48 Update version.go to 1.56.3 (#6713)
5efd7bd server: prohibit more than MaxConcurrentStreams handlers from running at once...
bd1f038 Upgrade version.go to 1.56.3-dev (#6434)
faab873 Update version.go to v1.56.2 (#6432)
6b0b291 status: fix panic when servers return a wrapped error with status OK (#6374) ...
ed56401 [PSM interop] Don't fail target if sub-target already failed (#6390) (#6405)
cd6a794 Update version.go to v1.56.2-dev (#6387)
5b67e5e Update version.go to v1.56.1 (#6386)
d0f5150 client: handle empty address lists correctly in addrConn.updateAddrs (#6354) ...
997c1ea Change version to 1.56.1-dev (#6345)
Additional commits viewable in compare view

Updates google.golang.org/protobuf from 1.28.0 to 1.28.1

Updates golang.org/x/net from 0.7.0 to 0.38.0

Commits

e1fcd82 html: properly handle trailing solidus in unquoted attribute value in foreign...
ebed060 internal/http3: fix build of tests with GOEXPERIMENT=nosynctest
1f1fa29 publicsuffix: regenerate table
1215081 http2: improve error when server sends HTTP/1
312450e html: ensure <search> tag closes <p> and update tests
09731f9 http2: improve handling of lost PING in Server
55989e2 http2/h2c: use ResponseController for hijacking connections
2914f46 websocket: re-recommend gorilla/websocket
99b3ae0 go.mod: update golang.org/x dependencies
85d1d54 go.mod: update golang.org/x dependencies
Additional commits viewable in compare view

Updates golang.org/x/sys from 0.31.0 to 0.35.0

Commits

5b936e1 unix/linux: update to Linux kernel 6.16, Go to 1.24.5
3a82703 unix: remove redundant xnu version check for {p}readv/{p}writev
9920300 unix: add missing nft conntrack constants
ad4e0fc unix: remove redundant word in comment
084ad87 unix: fix //sys decl after CL 548795
751c3c6 unix: add missing NFT_PAYLOAD_* consts on linux
0c740cc unix: update Go to 1.24.3
d62d31c unix: update Linux constants and types to v6.14
3d9a6b8 windows: add WSADuplicateSocket
c0a9559 cpu: add crypto extensions detection for riscv64
Additional commits viewable in compare view

Updates golang.org/x/text from 0.23.0 to 0.28.0

Commits

425d715 go.mod: update golang.org/x dependencies
b6d2645 go.mod: update golang.org/x dependencies
8072180 go.mod: update golang.org/x dependencies
6cacac1 go.mod: update tagx:ignore'd golang.org/x dependencies
700cc20 go.mod: update golang.org/x dependencies
4890c57 go.mod: update golang.org/x dependencies
See full diff in compare view

Updates google.golang.org/grpc from 1.53.0 to 1.56.3

Release notes

Sourced from google.golang.org/grpc's releases.

Release 1.56.3

Security

server: prohibit more than MaxConcurrentStreams handlers from running at once (CVE-2023-44487)

In addition to this change, applications should ensure they do not leave running tasks behind related to the RPC before returning from method handlers, or should enforce appropriate limits on any such work.

Release 1.56.2

status: To fix a panic, status.FromError now returns an error with codes.Unknown when the error implements the GRPCStatus() method, and calling GRPCStatus() returns nil. (#6374)

Release 1.56.1

client: handle empty address lists correctly in addrConn.updateAddrs

Release 1.56.0

New Features

client: support channel idleness using WithIdleTimeout dial option (#6263)

This feature is currently disabled by default, but will be enabled with a 30 minute default in the future.

client: when using pickfirst, keep channel state in TRANSIENT_FAILURE until it becomes READY (gRFC A62) (#6306)

xds: Add support for Custom LB Policies (gRFC A52) (#6224)

xds: support pick_first Custom LB policy (gRFC A62) (#6314) (#6317)

client: add support for pickfirst address shuffling (gRFC A62) (#6311)

xds: Add support for String Matcher Header Matcher in RDS (#6313)

xds/outlierdetection: Add Channelz Logger to Outlier Detection LB (#6145)

Special Thanks: @s-matyukevich

xds: enable RLS in xDS by default (#6343)

orca: add support for application_utilization field and missing range checks on several metrics setters

balancer/weightedroundrobin: add new LB policy for balancing between backends based on their load reports (gRFC A58) (#6241)

authz: add conversion of json to RBAC Audit Logging config (#6192)

authz: add support for stdout logger (#6230 and #6298)

authz: support customizable audit functionality for authorization policy (#6192 #6230 #6298 #6158 #6304 and #6225)

Bug Fixes

orca: fix a race at startup of out-of-band metric subscriptions that would cause the report interval to request 0 (#6245)

xds/xdsresource: Fix Outlier Detection Config Handling and correctly set xDS Defaults (#6361)

xds/outlierdetection: Fix Outlier Detection Config Handling by setting defaults in ParseConfig() (#6361)

API Changes

orca: allow a ServerMetricsProvider to be passed to the ORCA service and ServerOption (#6223)

Release 1.55.1

status: To fix a panic, status.FromError now returns an error with codes.Unknown when the error implements the GRPCStatus() method, and calling GRPCStatus() returns nil. (#6374)

Release 1.55.0

Behavior Changes

xds: enable federation support by default (#6151)

status: status.Code and status.FromError handle wrapped errors (#6031 and #6150)

... (truncated)

Commits

1055b48 Update version.go to 1.56.3 (#6713)
5efd7bd server: prohibit more than MaxConcurrentStreams handlers from running at once...
bd1f038 Upgrade version.go to 1.56.3-dev (#6434)
faab873 Update version.go to v1.56.2 (#6432)
6b0b291 status: fix panic when servers return a wrapped error with status OK (#6374) ...
ed56401 [PSM interop] Don't fail target if sub-target already failed (#6390) (#6405)
cd6a794 Update version.go to v1.56.2-dev (#6387)
5b67e5e Update version.go to v1.56.1 (#6386)
d0f5150 ...
Description has been truncated

…dates Bumps the go_modules group with 2 updates in the /ci/pod/openfunction/function-example/test-body directory: [github.com/cloudevents/sdk-go/v2](https://github.com/cloudevents/sdk-go) and [github.com/dapr/dapr](https://github.com/dapr/dapr). Bumps the go_modules group with 2 updates in the /ci/pod/openfunction/function-example/test-uri directory: [github.com/cloudevents/sdk-go/v2](https://github.com/cloudevents/sdk-go) and [github.com/dapr/dapr](https://github.com/dapr/dapr). Bumps the go_modules group with 4 updates in the /t/grpc_server_example directory: [golang.org/x/net](https://github.com/golang/net), [golang.org/x/sys](https://github.com/golang/sys), [golang.org/x/text](https://github.com/golang/text) and [google.golang.org/grpc](https://github.com/grpc/grpc-go). Bumps the go_modules group with 1 update in the /t/plugin/grpc-web directory: [google.golang.org/grpc](https://github.com/grpc/grpc-go). Updates `github.com/cloudevents/sdk-go/v2` from 2.4.1 to 2.15.2 - [Release notes](https://github.com/cloudevents/sdk-go/releases) - [Commits](cloudevents/sdk-go@v2.4.1...v2.15.2) Updates `github.com/dapr/dapr` from 1.6.0 to 1.10.9 - [Release notes](https://github.com/dapr/dapr/releases) - [Changelog](https://github.com/dapr/dapr/blob/master/RELEASE.md) - [Commits](dapr/dapr@v1.6.0...v1.10.9) Updates `golang.org/x/net` from 0.0.0-20211015210444-4f30a5c0130f to 0.6.0 - [Commits](golang/net@v0.7.0...v0.38.0) Updates `golang.org/x/sys` from 0.0.0-20211019181941-9d821ace8654 to 0.5.0 - [Commits](golang/sys@v0.31.0...v0.35.0) Updates `golang.org/x/text` from 0.3.7 to 0.7.0 - [Release notes](https://github.com/golang/text/releases) - [Commits](golang/text@v0.23.0...v0.28.0) Updates `google.golang.org/grpc` from 1.40.0 to 1.52.3 - [Release notes](https://github.com/grpc/grpc-go/releases) - [Commits](grpc/grpc-go@v1.53.0...v1.56.3) Updates `google.golang.org/protobuf` from 1.28.0 to 1.28.1 Updates `gopkg.in/yaml.v3` from 3.0.0 to 3.0.1 Updates `github.com/cloudevents/sdk-go/v2` from 2.4.1 to 2.15.2 - [Release notes](https://github.com/cloudevents/sdk-go/releases) - [Commits](cloudevents/sdk-go@v2.4.1...v2.15.2) Updates `github.com/dapr/dapr` from 1.8.3 to 1.10.9 - [Release notes](https://github.com/dapr/dapr/releases) - [Changelog](https://github.com/dapr/dapr/blob/master/RELEASE.md) - [Commits](dapr/dapr@v1.6.0...v1.10.9) Updates `golang.org/x/net` from 0.0.0-20220621193019-9d032be2e588 to 0.6.0 - [Commits](golang/net@v0.7.0...v0.38.0) Updates `golang.org/x/sys` from 0.0.0-20220520151302-bc2c85ada10a to 0.5.0 - [Commits](golang/sys@v0.31.0...v0.35.0) Updates `golang.org/x/text` from 0.3.7 to 0.7.0 - [Release notes](https://github.com/golang/text/releases) - [Commits](golang/text@v0.23.0...v0.28.0) Updates `google.golang.org/grpc` from 1.47.0 to 1.52.3 - [Release notes](https://github.com/grpc/grpc-go/releases) - [Commits](grpc/grpc-go@v1.53.0...v1.56.3) Updates `google.golang.org/protobuf` from 1.28.0 to 1.28.1 Updates `golang.org/x/net` from 0.7.0 to 0.38.0 - [Commits](golang/net@v0.7.0...v0.38.0) Updates `golang.org/x/sys` from 0.31.0 to 0.35.0 - [Commits](golang/sys@v0.31.0...v0.35.0) Updates `golang.org/x/text` from 0.23.0 to 0.28.0 - [Release notes](https://github.com/golang/text/releases) - [Commits](golang/text@v0.23.0...v0.28.0) Updates `google.golang.org/grpc` from 1.53.0 to 1.56.3 - [Release notes](https://github.com/grpc/grpc-go/releases) - [Commits](grpc/grpc-go@v1.53.0...v1.56.3) Updates `google.golang.org/protobuf` from 1.28.1 to 1.30.0 Updates `google.golang.org/grpc` from 1.53.0 to 1.56.3 - [Release notes](https://github.com/grpc/grpc-go/releases) - [Commits](grpc/grpc-go@v1.53.0...v1.56.3) --- updated-dependencies: - dependency-name: github.com/cloudevents/sdk-go/v2 dependency-version: 2.15.2 dependency-type: indirect dependency-group: go_modules - dependency-name: github.com/dapr/dapr dependency-version: 1.10.9 dependency-type: indirect dependency-group: go_modules - dependency-name: golang.org/x/net dependency-version: 0.6.0 dependency-type: indirect dependency-group: go_modules - dependency-name: golang.org/x/sys dependency-version: 0.5.0 dependency-type: indirect dependency-group: go_modules - dependency-name: golang.org/x/text dependency-version: 0.7.0 dependency-type: indirect dependency-group: go_modules - dependency-name: google.golang.org/grpc dependency-version: 1.52.3 dependency-type: indirect dependency-group: go_modules - dependency-name: google.golang.org/protobuf dependency-version: 1.28.1 dependency-type: indirect dependency-group: go_modules - dependency-name: gopkg.in/yaml.v3 dependency-version: 3.0.1 dependency-type: indirect dependency-group: go_modules - dependency-name: github.com/cloudevents/sdk-go/v2 dependency-version: 2.15.2 dependency-type: indirect dependency-group: go_modules - dependency-name: github.com/dapr/dapr dependency-version: 1.10.9 dependency-type: indirect dependency-group: go_modules - dependency-name: golang.org/x/net dependency-version: 0.6.0 dependency-type: indirect dependency-group: go_modules - dependency-name: golang.org/x/sys dependency-version: 0.5.0 dependency-type: indirect dependency-group: go_modules - dependency-name: golang.org/x/text dependency-version: 0.7.0 dependency-type: indirect dependency-group: go_modules - dependency-name: google.golang.org/grpc dependency-version: 1.52.3 dependency-type: indirect dependency-group: go_modules - dependency-name: google.golang.org/protobuf dependency-version: 1.28.1 dependency-type: indirect dependency-group: go_modules - dependency-name: golang.org/x/net dependency-version: 0.38.0 dependency-type: direct:production dependency-group: go_modules - dependency-name: golang.org/x/sys dependency-version: 0.35.0 dependency-type: indirect dependency-group: go_modules - dependency-name: golang.org/x/text dependency-version: 0.28.0 dependency-type: indirect dependency-group: go_modules - dependency-name: google.golang.org/grpc dependency-version: 1.56.3 dependency-type: direct:production dependency-group: go_modules - dependency-name: google.golang.org/protobuf dependency-version: 1.30.0 dependency-type: direct:production dependency-group: go_modules - dependency-name: google.golang.org/grpc dependency-version: 1.56.3 dependency-type: direct:production dependency-group: go_modules ... Signed-off-by: dependabot[bot] <support@github.com>

socket-security · 2025-08-28T14:26:20Z

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Package	Supply Chain Security	Vulnerability
golang.org/x/net@v0.0.0-20211015210444-4f30a5c0130f ⏵ v0.38.0	⁺¹	⁺³¹
google.golang.org/grpc@v1.40.0 ⏵ v1.56.3	⁺¹	⁺¹⁶
google.golang.org/protobuf@v1.28.0 ⏵ v1.30.0	⁺¹
github.com/golang/protobuf@v1.5.3

View full report

dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Aug 28, 2025

dependabot bot mentioned this pull request Aug 28, 2025

chore(deps): bump the go_modules group across 4 directories with 7 updates #56

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

chore(deps): bump the go_modules group across 4 directories with 8 updates #57

chore(deps): bump the go_modules group across 4 directories with 8 updates #57

Uh oh!

dependabot bot commented on behalf of github Aug 28, 2025

Uh oh!

socket-security bot commented Aug 28, 2025

Uh oh!

Uh oh!

chore(deps): bump the go_modules group across 4 directories with 8 updates #57

Are you sure you want to change the base?

chore(deps): bump the go_modules group across 4 directories with 8 updates #57

Uh oh!

Conversation

dependabot bot commented on behalf of github Aug 28, 2025

Release v2.15.2

What's Changed

Release v2.15.1

What's Changed

New Contributors

Release v2.15.0

Highlights 💫

Breaking 🚨

Commits 📄

Release 1.56.3

Security

Release 1.56.2

Release 1.56.1

Release 1.56.0

New Features

Bug Fixes

API Changes

Release 1.55.1

Release 1.55.0

Behavior Changes

Release v2.15.2

What's Changed

Release v2.15.1

What's Changed

New Contributors

Release v2.15.0

Highlights 💫

Breaking 🚨

Commits 📄

Release 1.56.3

Security

Release 1.56.2

Release 1.56.1

Release 1.56.0

New Features

Bug Fixes

API Changes

Release 1.55.1

Release 1.55.0

Behavior Changes

Release 1.56.3

Security

Release 1.56.2

Release 1.56.1

Release 1.56.0

New Features

Bug Fixes

API Changes

Release 1.55.1

Release 1.55.0

Behavior Changes

Uh oh!

socket-security bot commented Aug 28, 2025

Uh oh!

Uh oh!