Bump the go-deps group across 1 directory with 5 updates #188

dependabot · 2025-06-09T23:53:08Z

Bumps the go-deps group with 5 updates in the / directory:

Package	From	To
github.com/go-logr/logr	`1.4.2`	`1.4.3`
github.com/hashicorp/vault/api	`1.16.0`	`1.20.0`
github.com/spf13/cast	`1.8.0`	`1.9.2`
go.mongodb.org/mongo-driver	`1.17.3`	`1.17.4`
golang.org/x/crypto	`0.38.0`	`0.39.0`

Updates github.com/go-logr/logr from 1.4.2 to 1.4.3

Release notes

Sourced from github.com/go-logr/logr's releases.

v1.4.3

Minor release.

What's Changed

Fix slog tests for 1.25 by @hoeppi-google in go-logr/logr#361

Remove one exception from Slog testing by @thockin in go-logr/logr#362

New Contributors

@hoeppi-google made their first contribution in go-logr/logr#361

Full Changelog: go-logr/logr@v1.4.2...v1.4.3

Commits

38a1c47 build(deps): bump github/codeql-action from 3.28.17 to 3.28.18
f08bedd build(deps): bump actions/setup-go from 5.4.0 to 5.5.0
6295e99 build(deps): bump golangci/golangci-lint-action from 7.0.0 to 8.0.0
028840d build(deps): bump github/codeql-action from 3.28.15 to 3.28.17
511e5fa Merge pull request #367 from go-logr/dependabot/github_actions/github/codeql-...
d806463 build(deps): bump github/codeql-action from 3.28.13 to 3.28.15
158c311 Merge pull request #366 from thockin/master
c79ddb3 Update to support golangci-lint v2
20a64ba build(deps): bump github/codeql-action from 3.28.12 to 3.28.13
0385e14 Add comments around slog exceptions
Additional commits viewable in compare view

Updates github.com/hashicorp/vault/api from 1.16.0 to 1.20.0

Release notes

Sourced from github.com/hashicorp/vault/api's releases.

v1.19.5

1.19.5

May 30, 2025

Enterprise LTS: Vault Enterprise 1.19 is a Long-Term Support (LTS) release.

CHANGES:

database/snowflake: Update plugin to v0.13.1 [GH-30775]

IMPROVEMENTS:

plugins: Support registration of CE plugins with extracted artifact directory. [GH-30673]

BUG FIXES:

ui: Fix broken link to Hashicorp Vault developer site in the Web REPL help. [GH-30670]

v1.19.4

1.19.4

May 16, 2025

CHANGES:

Update vault-plugin-auth-cf to v0.20.1 [GH-30586]

auth/azure: Update plugin to v0.20.4 [GH-30543]

core: Bump Go version to 1.24.3.

IMPROVEMENTS:

Namespaces (enterprise): allow a root token to relock a namespace

core (enterprise): update to FIPS 140-3 cryptographic module in the FIPS builds.

core: Updated code and documentation to support FIPS 140-3 compliant algorithms. [GH-30576]

core: support for X25519MLKEM768 (post quantum key agreement) in the Go TLS stack. [GH-30603]

ui: Replaces all instances of the deprecated event.keyCode with event.key [GH-30493]

BUG FIXES:

core (enterprise): fix a bug where plugin automated root rotations would stop after seal/unseal operations

plugins (enterprise): Fix an issue where Enterprise plugins can't run on a standby node when it becomes active because standby nodes don't extract the artifact when the plugin is registered. Remove extracting from Vault and require the operator to place the extracted artifact in the plugin directory before registration.

v1.19.3

1.19.3

April 30, 2025

CHANGES:

... (truncated)

Changelog

Sourced from github.com/hashicorp/vault/api's changelog.

Previous versions

v1.10.0 - v1.15.16

v1.0.0 - v1.9.10

v0.11.6 and earlier

1.19.5

May 30, 2025

Enterprise LTS: Vault Enterprise 1.19 is a Long-Term Support (LTS) release.

CHANGES:

database/snowflake: Update plugin to v0.13.1 [GH-30775]

IMPROVEMENTS:

plugins: Support registration of CE plugins with extracted artifact directory. [GH-30673]

BUG FIXES:

ui: Fix broken link to Hashicorp Vault developer site in the Web REPL help. [GH-30670]

1.19.4

May 16, 2025

Enterprise LTS: Vault Enterprise 1.19 is a Long-Term Support (LTS) release.

CHANGES:

Update vault-plugin-auth-cf to v0.20.1 [GH-30586]

auth/azure: Update plugin to v0.20.4 [GH-30543]

core: Bump Go version to 1.24.3.

IMPROVEMENTS:

Namespaces (enterprise): allow a root token to relock a namespace

core (enterprise): update to FIPS 140-3 cryptographic module in the FIPS builds.

core: Updated code and documentation to support FIPS 140-3 compliant algorithms. [GH-30576]

core: support for X25519MLKEM768 (post quantum key agreement) in the Go TLS stack. [GH-30603]

ui: Replaces all instances of the deprecated event.keyCode with event.key [GH-30493]

BUG FIXES:

core (enterprise): fix a bug where plugin automated root rotations would stop after seal/unseal operations

plugins (enterprise): Fix an issue where Enterprise plugins can't run on a standby node when it becomes active because standby nodes don't extract the artifact when the plugin is registered. Remove extracting from Vault and require the operator to place the extracted artifact in the plugin directory before registration.

... (truncated)

Commits

71ca099 Update vault-plugin-secrets-gcp to v0.22.0 (#30846)
51ec0db Update vault-plugin-auth-kerberos to v0.15.0 (#30845)
38cc2c9 Update vault-plugin-auth-cf to v0.21.0 (#30842)
36aa49b enos(fips1403): simplify semver constraint to only consider currently mixed r...
407c297 Update vault-plugin-secrets-openldap to v0.16.0 (#30844)
a725087 VAULT-36495 CE changes (#30807)
d19e946 Update vault-plugin-auth-oci to v0.19.0 (#30841)
d9ecd5b PostgreSQL backend passwordless authentication in cloud (#30681)
636524e Update vault-plugin-database-couchbase to v0.14.0 (#30836)
befafd5 [VAULT-35682] build(cgo): Build CGO binaries in a container (#30834)
Additional commits viewable in compare view

Updates github.com/spf13/cast from 1.8.0 to 1.9.2

Release notes

Sourced from github.com/spf13/cast's releases.

v1.9.2

What's Changed

fix: float string to number parsing by @sagikazarmark in spf13/cast#276

Full Changelog: spf13/cast@v1.9.1...v1.9.2

v1.9.1

What's Changed

fix: indirection of typed nils by @sagikazarmark in spf13/cast#273

Full Changelog: spf13/cast@v1.9.0...v1.9.1

v1.9.0

Notable new features 🎉

Casting from type aliases is now supported for basic types

Added generic functions: To/ToE, Must, ToNumber/ToNumberE

Increased test coverage

Converting float numbers from string is now supported

What's Changed

build(deps): bump github/codeql-action from 3.28.17 to 3.28.18 by @dependabot in spf13/cast#248

build(deps): bump actions/dependency-review-action from 4.6.0 to 4.7.1 by @dependabot in spf13/cast#247

build(deps): bump actions/setup-go from 5.4.0 to 5.5.0 by @dependabot in spf13/cast#245

refactor: move number parsing to generic functions by @sagikazarmark in spf13/cast#250

Improve ToString/ToStringE performance by @ganigeorgiev in spf13/cast#244

Split caste.go into smaller files by @sagikazarmark in spf13/cast#251

refactor: remove unused initial int conversion by @sagikazarmark in spf13/cast#253

Generate code to make maintenance easier by @sagikazarmark in spf13/cast#252

feat: add To and ToNumber functions by @sagikazarmark in spf13/cast#255

build(deps): bump golangci/golangci-lint-action from 7.0.0 to 8.0.0 by @dependabot in spf13/cast#243

Move tests next to their implementation by @sagikazarmark in spf13/cast#256

Refactor number tests by @sagikazarmark in spf13/cast#257

feat: return 0 when casting an empty string to a number by @sagikazarmark in spf13/cast#259

Support converting string float numbers to integer types by @sagikazarmark in spf13/cast#261

Test improvements by @sagikazarmark in spf13/cast#262

Improvements by @sagikazarmark in spf13/cast#263

refactor: return indirection result from indirect function by @sagikazarmark in spf13/cast#264

Slice improvements by @sagikazarmark in spf13/cast#265

refactor: move error message to a constant by @sagikazarmark in spf13/cast#267

chore: improve map cast functions by @sagikazarmark in spf13/cast#269

Resolve aliases by @sagikazarmark in spf13/cast#271

New Contributors

@ganigeorgiev made their first contribution in spf13/cast#244

Full Changelog: spf13/cast@v1.8.0...v1.9.0

Commits

40e8e07 Merge pull request #276 from spf13/improve-string-float
fa4ea64 fix: float string to number parsing
cb5df5f Merge pull request #273 from spf13/fix-indiretion
1b425f3 fix: indirection of typed nils
a79ffed Merge pull request #271 from spf13/alias
3166f3b test: add more alias tests
f8fe065 chore: bump minimum Go version to 1.21
9ffddd4 feat: add alias resolution
a6d26bd feat: add alias resolution function
633e5d0 Merge pull request #269 from spf13/maps
Additional commits viewable in compare view

Updates go.mongodb.org/mongo-driver from 1.17.3 to 1.17.4

Release notes

Sourced from go.mongodb.org/mongo-driver's releases.

MongoDB Go Driver 1.17.4

The MongoDB Go Driver Team is pleased to release version 1.17.4 of the official MongoDB Go Driver.

Release Notes

This release resolves two bugs in the Go Driver: it removes a buggy and unnecessary connection liveness check that could run unexpectedly or fail intermittently when maxIdleTimeMS was set, and it fixes an issue where regular expressions were marshaled to invalid JSON due to improper character escaping, ensuring all generated JSON is now valid.

For a full list of tickets included in this release, please see the list of fixed issues.

Full Changelog: v1.17.3...v1.17.4

Documentation for the Go Driver can be found on pkg.go.dev and the MongoDB documentation site. BSON library documentation is also available on pkg.go.dev. Questions and inquiries can be asked on the MongoDB Developer Community. Bugs can be reported in the Go Driver project in the MongoDB JIRA where a list of current issues can be found. Your feedback on the Go Driver is greatly appreciated!

What's Changed

Add GitHub Actions workflow for merge ups by @alcaeus in mongodb/mongo-go-driver#1962

Use different credentials for merge-up PRs by @alcaeus in mongodb/mongo-go-driver#1968

GODRIVER-3476 Escape for Regex Options. by @qingyang-hu in mongodb/mongo-go-driver#1929

Ignore unmaintained branches when merging up by @alcaeus in mongodb/mongo-go-driver#2062

GODRIVER-3549 Fix timeouts in CSE custom endpoint test (#2028) (#2031) by @prestonvasquez in mongodb/mongo-go-driver#2061

GODRIVER-3516 Remove isAlive by @linfeip in mongodb/mongo-go-driver#2060

GODRIVER-3560 Assume ec2 role explicitly in CI by @prestonvasquez in mongodb/mongo-go-driver#2080

GODRIVER-3524 Sync updates to reflect showExpandedEvents omissions by @prestonvasquez in mongodb/mongo-go-driver#2084

New Contributors

@linfeip made their first contribution in mongodb/mongo-go-driver#2060

Full Changelog: mongodb/mongo-go-driver@v1.17.3...v1.17.4

Commits

4c4cafc BUMP v1.17.4
431cf52 GODRIVER-3524 Sync updates to reflect showExpandedEvents omissions (#2084)
835c5e1 GODRIVER-3560 Assume ec2 role explicitly in CI (#2080)
6966434 GODRIVER-3516 Remove isAlive (#2060)
029da41 GODRIVER-3549 Fix timeouts in CSE custom endpoint test (#2028) (#2031) (#2061)
49f0c81 Ignore unmaintained branches when merging up (#2062)
7d03307 GODRIVER-3476 Escape for Regex Options. (#1929)
785d943 Use different credentials for merge-up PRs (#1968)
c2ca35c Add GitHub Actions workflow for merge ups (#1962)
See full diff in compare view

Updates golang.org/x/crypto from 0.38.0 to 0.39.0

Commits

3bf9d2a ssh/test: skip KEX test if unsupported by system SSH client
9bab967 go.mod: update golang.org/x dependencies
4f9f0ca x509roots/fallback: add init time benchmark
eac7cf0 x509roots/fallback: move parsing code to a non-generated file
18228cd acme: return err from deprecated TLS-SNI-[01|02] functions
73f6362 acme: remove dead code
ebc8e46 ssh: add server side support for Diffie Hellman Group Exchange
e944286 ssh: expose negotiated algorithms
78a1fd7 ssh: automatically add [email protected] KEX alias
ac58737 ssh: export supported algorithms
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the go-deps group with 5 updates in the / directory: | Package | From | To | | --- | --- | --- | | [github.com/go-logr/logr](https://github.com/go-logr/logr) | `1.4.2` | `1.4.3` | | [github.com/hashicorp/vault/api](https://github.com/hashicorp/vault) | `1.16.0` | `1.20.0` | | [github.com/spf13/cast](https://github.com/spf13/cast) | `1.8.0` | `1.9.2` | | [go.mongodb.org/mongo-driver](https://github.com/mongodb/mongo-go-driver) | `1.17.3` | `1.17.4` | | [golang.org/x/crypto](https://github.com/golang/crypto) | `0.38.0` | `0.39.0` | Updates `github.com/go-logr/logr` from 1.4.2 to 1.4.3 - [Release notes](https://github.com/go-logr/logr/releases) - [Changelog](https://github.com/go-logr/logr/blob/master/CHANGELOG.md) - [Commits](go-logr/logr@v1.4.2...v1.4.3) Updates `github.com/hashicorp/vault/api` from 1.16.0 to 1.20.0 - [Release notes](https://github.com/hashicorp/vault/releases) - [Changelog](https://github.com/hashicorp/vault/blob/main/CHANGELOG.md) - [Commits](hashicorp/vault@v1.16.0...api/v1.20.0) Updates `github.com/spf13/cast` from 1.8.0 to 1.9.2 - [Release notes](https://github.com/spf13/cast/releases) - [Commits](spf13/cast@v1.8.0...v1.9.2) Updates `go.mongodb.org/mongo-driver` from 1.17.3 to 1.17.4 - [Release notes](https://github.com/mongodb/mongo-go-driver/releases) - [Commits](mongodb/mongo-go-driver@v1.17.3...v1.17.4) Updates `golang.org/x/crypto` from 0.38.0 to 0.39.0 - [Commits](golang/crypto@v0.38.0...v0.39.0) --- updated-dependencies: - dependency-name: github.com/go-logr/logr dependency-version: 1.4.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go-deps - dependency-name: github.com/hashicorp/vault/api dependency-version: 1.20.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-deps - dependency-name: github.com/spf13/cast dependency-version: 1.9.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-deps - dependency-name: go.mongodb.org/mongo-driver dependency-version: 1.17.4 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go-deps - dependency-name: golang.org/x/crypto dependency-version: 0.39.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-deps ... Signed-off-by: dependabot[bot] <[email protected]>

dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update go code labels Jun 9, 2025

dependabot bot requested a review from a team as a code owner June 9, 2025 23:53

dependabot bot added the dependencies Pull requests that update a dependency file label Jun 9, 2025

dependabot bot requested review from fealebenpae and anandsyncs June 9, 2025 23:53

dependabot bot added the go Pull requests that update go code label Jun 9, 2025

Run pre-commit hook

d902f5a

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Bump the go-deps group across 1 directory with 5 updates #188

Bump the go-deps group across 1 directory with 5 updates #188

Uh oh!

dependabot bot commented on behalf of github Jun 9, 2025

Uh oh!

Uh oh!

Bump the go-deps group across 1 directory with 5 updates #188

Are you sure you want to change the base?

Bump the go-deps group across 1 directory with 5 updates #188

Uh oh!

Conversation

dependabot bot commented on behalf of github Jun 9, 2025

v1.4.3

What's Changed

New Contributors

v1.19.5

1.19.5

May 30, 2025

v1.19.4

1.19.4

May 16, 2025

v1.19.3

1.19.3

April 30, 2025

Previous versions

1.19.5

May 30, 2025

1.19.4

May 16, 2025

v1.9.2

What's Changed

v1.9.1

What's Changed

v1.9.0

Notable new features 🎉

What's Changed

New Contributors

MongoDB Go Driver 1.17.4

Release Notes

What's Changed

New Contributors

Uh oh!

Uh oh!