Skip to content

build(deps): bump the production-dependencies group across 1 directory with 4 updates#4510

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/go_modules/production-dependencies-52aa9ad49c
Open

build(deps): bump the production-dependencies group across 1 directory with 4 updates#4510
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/go_modules/production-dependencies-52aa9ad49c

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 9, 2026

Copy link
Copy Markdown
Contributor

Bumps the production-dependencies group with 4 updates in the / directory: github.com/google/cel-go, github.com/ncruces/go-sqlite3, golang.org/x/sync and google.golang.org/grpc.

Updates github.com/google/cel-go from 0.28.1 to 0.29.2

Release notes

Sourced from github.com/google/cel-go's releases.

Release v0.29.2

What's Changed

Full Changelog: cel-expr/cel-go@v0.29.1...v0.29.2

Release v0.29.1

What's Changed

Full Changelog: cel-expr/cel-go@v0.29.0...v0.29.1

Release v0.29.0

What's Changed

New Features

Bug Fixes

Cost Tracking

Testing & Tooling

Documentation

Commits
  • 97611dc Update lists.go runtime cost calculator (#1360)
  • 91b2a93 Normalize cel/prompt_test.go to LF, add missing newline in prompt.go (#1361)
  • 6d10c55 cel/prompt.go: convert CRLF to LF line ending (#1359)
  • fa16799 avoid repeated construction of cost tracker (#1357)
  • ea3d5c0 feat(ext): add json encoder (#1340)
  • a4d0d64 startsWith / endsWith runtime cost agreement with checked cost (#1351)
  • d4efa77 Ensure receiver and global matches cost estimates agree (#1350)
  • 13cff33 ext/lists: add max size check to genRange() to prevent OOM (#1310)
  • f0ffa7e Execution frame integration with updated IntepretableV2 (#1344)
  • f1ec2f6 guard int32/uint32 map key narrowing in qualifyInternal (#1337)
  • Additional commits viewable in compare view

Updates github.com/ncruces/go-sqlite3 from 0.34.4 to 0.35.2

Release notes

Sourced from github.com/ncruces/go-sqlite3's releases.

v0.35.2

What's Changed

Updates:

  • SQLite 3.53.3
  • Gorm 1.31.2
  • Vec1 0.7

Added O_TMPFILE support.

[!CAUTION] There is a know issue (#404) that may cause data corruption when using WAL mode on Windows under high concurrency. The bug has likely existed ever since WAL mode support was added to Windows in v0.20.2 2 years ago. Since this is not a regression, I decided not to block the release waiting for a fix.

Full Changelog: ncruces/go-sqlite3@v0.35.1...v0.35.2

Artifact attestations

v0.35.1

What's Changed

Fixed issue #401.

Full Changelog: ncruces/go-sqlite3@v0.35.0...v0.35.1

Artifact attestations

v0.35.0

What's Changed

In an effort to keep the code size small (and compile times relatively fast) while continuing to add more SQLite features, the FTS5 and R*Tree/Geopoly extensions are now compiled separately. This is a breaking change. Now, to use:

In addition, support for the pre-update hook was added.

Also, Go 1.27 uses encoding/json/v2 for improved performance.

Full Changelog: ncruces/go-sqlite3@v0.34.4...v0.35.0

Artifact attestations

Commits

Updates golang.org/x/sync from 0.21.0 to 0.22.0

Commits

Updates google.golang.org/grpc from 1.81.1 to 1.82.1

Release notes

Sourced from google.golang.org/grpc's releases.

Release 1.82.1

Security

  • server: Stop reading from the connection when flooded by HTTP/2 frames. The default value for this limit is 100 frames, excluding DATA and HEADERS, and may be changed by setting environment variable GRPC_GO_EXPERIMENTAL_CONTROL_BUFFER_THROTTLE_LIMIT.
  • xds/rbac: Support Metadata and RequestedServerName permissions matcher fields. If present in a DENY rule, previously these would be ignored and fail-open.
  • xds/rbac: Fix panic when parsing unsupported fields in NotRule/NotId permissions.
  • xds/rbac: Support the deprecated source_ip principal identifier by treating it as equivalent to direct_remote_ip.

Release 1.82.0

Behavior Changes

  • server: Remove support for GRPC_GO_EXPERIMENTAL_DISABLE_STRICT_PATH_CHECKING environment varibale. Strict incoming RPC path validation (which has been the default since v1.79.3) can no longer be disabled. (#9112)
  • transport: Add environment variable to change the default max header list size from 16MB to 8KB. This may be enabled by setting GRPC_GO_EXPERIMENTAL_ENABLE_8KB_DEFAULT_HEADER_LIST_SIZE=true. This will be enabled by default in a subsequent release. (#9019)
  • balancer: Load Balancing policy registry is now case-sensitive. Set GRPC_GO_EXPERIMENTAL_CASE_SENSITIVE_BALANCER_REGISTRIES=false (and file an issue) to revert to case-insensitive behavior. (#9017)

New Features

  • experimental/stats: Expose a new API, NewContextWithLabelCallback, to register a callback that is invoked when telemetry labels are added. (#8877)
  • client: Return a portion of the response body in the error message, when the client receives an unexpected non-gRPC HTTP response, to make debugging easier. (#8929)
  • server: Add environment variable GRPC_GO_SERVER_GOROUTINE_LABELS that controls setting runtime/pprof.Labels on goroutines spawned by the server. Set GRPC_GO_SERVER_GOROUTINE_LABELS=grpc.method=true to add the grpc.method label on goroutines spawned to handle incoming requests. (#9082)

Bug Fixes

  • xds/server: Fix a memory leak of HTTP filter instances occurring when route configurations are updated in-place during a Route Discovery Service (RDS) update. (#9138)
  • grpc: In the deprecated gzip Compressor (used via the deprecated WithCompressor dial option), enforce the MaxRecvMsgSize limit on the decompressed message buffer, preventing excessive memory allocation from highly compressed payloads. (#9114)
  • stats/opentelemetry: Record retry attempts, grpc.previous-rpc-attempts, at the call level and not the attempt level. (#8923)
  • encoding: Ensure Close() is always called on readers returned from Compressor.Decompress if possible. (#9135)
  • channelz: Fix the LastMessageSentTimestamp and LastMessageReceivedTimestamp fields in SocketMetrics to ensure they contain correct timestamp values. (#9109)
Commits

Most Recent Ignore Conditions Applied to This Pull Request
Dependency Name Ignore Conditions
github.com/ncruces/go-sqlite3 [>= 0.33.a, < 0.34]

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Jul 9, 2026
…y with 4 updates

Bumps the production-dependencies group with 4 updates in the / directory: [github.com/google/cel-go](https://github.com/google/cel-go), [github.com/ncruces/go-sqlite3](https://github.com/ncruces/go-sqlite3), [golang.org/x/sync](https://github.com/golang/sync) and [google.golang.org/grpc](https://github.com/grpc/grpc-go).


Updates `github.com/google/cel-go` from 0.28.1 to 0.29.2
- [Release notes](https://github.com/google/cel-go/releases)
- [Commits](cel-expr/cel-go@v0.28.1...v0.29.2)

Updates `github.com/ncruces/go-sqlite3` from 0.34.4 to 0.35.2
- [Release notes](https://github.com/ncruces/go-sqlite3/releases)
- [Commits](ncruces/go-sqlite3@v0.34.4...v0.35.2)

Updates `golang.org/x/sync` from 0.21.0 to 0.22.0
- [Commits](golang/sync@v0.21.0...v0.22.0)

Updates `google.golang.org/grpc` from 1.81.1 to 1.82.1
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](grpc/grpc-go@v1.81.1...v1.82.1)

---
updated-dependencies:
- dependency-name: github.com/google/cel-go
  dependency-version: 0.29.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-dependencies
- dependency-name: github.com/ncruces/go-sqlite3
  dependency-version: 0.35.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-dependencies
- dependency-name: golang.org/x/sync
  dependency-version: 0.22.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-dependencies
- dependency-name: google.golang.org/grpc
  dependency-version: 1.82.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-dependencies
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot Bot force-pushed the dependabot/go_modules/production-dependencies-52aa9ad49c branch from 9ccc000 to 7526482 Compare July 16, 2026 10:03
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file go Pull requests that update Go code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants