Skip to content

build(deps): bump the go-dependencies group across 1 directory with 6 updates#317

Closed
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/go_modules/go-dependencies-de97752a0d
Closed

build(deps): bump the go-dependencies group across 1 directory with 6 updates#317
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/go_modules/go-dependencies-de97752a0d

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Mar 11, 2026
edited
Loading

Bumps the go-dependencies group with 4 updates in the / directory: github.com/amacneil/dbmate/v2, github.com/nats-io/nats-server/v2, golang.org/x/net and golang.org/x/sync.

Updates github.com/amacneil/dbmate/v2 from 2.29.5 to 2.31.0

Release notes

Sourced from github.com/amacneil/dbmate/v2's releases.

v2.31.0

What's Changed

New Contributors

Full Changelog: amacneil/dbmate@v2.30.0...v2.31.0

v2.30.0

What's Changed

Full Changelog: amacneil/dbmate@v2.29.5...v2.30.0

Commits
  • 5dc429d bump version to v2.31.0 (#754)
  • 10ec839 feat: allow passing extra arguments to mysqldump/pgdump (#694)
  • e26a6ad Bump golang from 1.25.6 to 1.26.0 (#753)
  • 422f30b fix: comment out invalid docker ignore condition in dependabot.yml (#752)
  • 285c25a Add further common Postgres Unix socket URL examples (#459)
  • ba87f94 fix: extract file path from SQLite URL for shell commands (#574)
  • 40de0da Bump golang from 1.25.5 to 1.25.6 (#740)
  • 2d62e04 feat: issue #489 support clickhouse+http/s schemes and --driver flag + env va...
  • d8ce770 New release v2.30.0 (#745)
  • de56b2a fix: lib/pq v1.11.1 broke connecting to Supavisor (#750)
  • Additional commits viewable in compare view

Updates github.com/lib/pq from 1.11.1 to 1.11.2

Release notes

Sourced from github.com/lib/pq's releases.

v1.11.2

This fixes two regressions:

  • Don't send startup parameters if there is no value, improving compatibility with Supavisor (#1260).

  • Don't send dbname as a startup parameter if database=[..] is used in the connection string. It's recommended to use dbname=, as database= is not a libpq option, and only worked by accident previously. (#1261)

#1260: lib/pq#1260 #1261: lib/pq#1261

Changelog

Sourced from github.com/lib/pq's changelog.

v1.11.2 (2026-02-10)

This fixes two regressions:

  • Don't send startup parameters if there is no value, improving compatibility with Supavisor (#1260).

  • Don't send dbname as a startup parameter if database=[..] is used in the connection string. It's recommended to use dbname=, as database= is not a libpq option, and only worked by accident previously. (#1261)

#1260: lib/pq#1260 #1261: lib/pq#1261

Commits
  • 1412805 Don't send empty startup parameters
  • 0c529db Don't send dbname= as a startup parameter when database= is used
  • See full diff in compare view

Updates github.com/nats-io/nats-server/v2 from 2.12.4 to 2.12.5

Release notes

Sourced from github.com/nats-io/nats-server/v2's releases.

Release v2.12.5

Changelog

Refer to the 2.12 Upgrade Guide for backwards compatibility notes with 2.11.x.

Go Version

  • 1.25.8

Dependencies

  • github.com/nats-io/nkeys v0.4.15 (#7797)
  • github.com/klauspost/compress v1.18.4 (#7812)
  • golang.org/x/sys v0.42.0 (#7923)
  • github.com/antithesishq/antithesis-sdk-go v0.6.0-default-no-op (#7835)
  • golang.org/x/crypto v0.48.0 (#7874)
  • github.com/nats-io/nats.go v1.49.0 (#7835)
  • golang.org/x/time v0.15.0 (#7923)

CVEs

Added

JetStream

  • The stream snapshot/backup endpoint now accepts the window_size parameter, to allow improving flow control over slow or unreliable connections (#7839)

Improved

General

  • max_conns in the server configuration can now be configured to 0 (zero) to reject all incoming client connections (#7877)

JetStream

  • "Catchup for stream" log lines are now more consistent (#7784)
  • Raft now only accepts forwarded proposals if caught up as the new leader, limiting potentially unbounded log growth (#7809)
  • Raft now correctly refuses concurrent membership changes if forwarded a peer removal from another node (#7809)
  • The max_consumers limit of a stream can now be updated after stream creation (#7724)
  • The pending messages and bytes are now included in consumer unpin responses (#7815)
  • Stream backups/snapshots are now streamed to clients with improved flow control, which should improve throughput and robustness, particularly over unreliable links, reducing the chance of backups failing due to flow control errors (#7828)
  • Orphaned stream and consumer checks are now aligned with the metalayer snapshot logic (#7826)
  • Wildcard filtering when loading messages is now considerably faster in the memory store (#7840, #7855)
  • Metalayer snapshots now take place asynchronously when possible, such that JS API operations are not blocked while the snapshot is taking place (#7827, #7846)
    • This behaviour can be disabled by setting meta_compact_sync: true in the jetstream configuration block
  • Consumers with a single subject filter no longer incorrectly use the multi-filter message lookups (#7856)
  • The check for colliding stream subjects is now faster (#7870)

... (truncated)

Commits
  • 0f6c831 Release v2.12.5
  • d9cce39 Update dependencies
  • 44d8abd Fix TestMonitorWebsocket
  • 55db52b Update to Go 1.25.8
  • 358cdc4 Fix int32 overflow of JWT account and user limits
  • a1488de Fix panic on LS protocol when compression enabled
  • cadc948 Fix panic on X-Forwarded-For empty slice (shouldn't be possible from the wire)
  • 6cf715d Fix panic in WebSocket when reading an empty compressed buffer
  • 667d14d Fix panic in WebSocket on extremely large payload length
  • d82c4b7 Fix panic on title case on empty error message
  • Additional commits viewable in compare view

Updates github.com/nats-io/nats.go from 1.48.0 to 1.49.0

Release notes

Sourced from github.com/nats-io/nats.go's releases.

Release v1.49.0

Changelog

ADDED

  • Core NATS:
    • IgnoreDiscoveredServers option for skipping advertised servers (#2022)
    • Reconnect to selected server callback option #1958)
    • Set custom server pool (#1958)
  • KeyValue:
    • Config() method for KeyValueStatus (#2014)

FIXED

  • Core NATS:
    • Only remove requested status listener (#1991)
  • JetStream:
    • Cleanup JS Publisher Status Channel (#1993)
  • Legacy JetStream:
    • Fix nil pointer dereference in ConsumerInfo. Thanks @​olde-ducke for the contribution (#1987)
  • Object store:
    • Use default timeout on object Put when context has no deadline (#2013)

IMPROVED

Complete Changes

nats-io/nats.go@v1.48.0...v1.49.0

Commits
  • d85a35e Release v1.49.0 (#2025)
  • 0d5e984 [IMPROVED] Add JetStream migration guide (#2023)
  • fff2d63 [FIXED] Use default timeout on object Put when context has no deadline (#2013)
  • ca4790e [IMPROVED] Fix code examples, API signatures and technical typos in jetstream...
  • e987dbe [IMPROVED] Fix bug in constant name TimeStampHeader (#2019)
  • 5b2c617 [ADDED] Config method for KeyValueStatus (#2014)
  • 4667f93 [ADDED] Reconnect to selected server and custom server pool (#1958)
  • f89e0bd [ADDED] IgnoreDiscoveredServers option for skipping advertised servers (#2022)
  • b9f59ec [IMPROVED] Use correct comparative form in PullMaxBytes validation messages (...
  • aa67684 [IMPROVED] Fix doc comments for ListKeysFiltered and ListKeys methods (#2017)
  • Additional commits viewable in compare view

Updates golang.org/x/net from 0.50.0 to 0.51.0

Commits
  • 60b3f6f internal/http3: prevent Server handler from writing longer body than declared
  • b0ca456 internal/http3: fix Write in Server Handler returning the wrong value
  • 1558ba7 publicsuffix: update to 2026-02-06
  • 4e1c745 internal/http3: make Server response include headers that can be inferred
  • 19f580f http2: fix nil panic in typeFrameParser for unassigned frame types
  • 818aad7 internal/http3: add server to client trailer header support
  • c1bbe1a internal/http3: add client to server trailer header support
  • 29181b8 all: remove go1.25 and older build constraints
  • 8109305 all: upgrade go directive to at least 1.25.0 [generated]
  • 0b37bdf quic: don't run TestStreamsCreateConcurrency in synctest bubble
  • Additional commits viewable in compare view

Updates golang.org/x/sync from 0.19.0 to 0.20.0

Commits
  • ec11c4a errgroup: fix a typo in the documentation
  • 1a58307 all: modernize interface{} -> any
  • 3172ca5 all: upgrade go directive to at least 1.25.0 [generated]
  • See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
build(deps): bump the go-dependencies group across 1 directory with 6…
3229543 
… updates

Bumps the go-dependencies group with 4 updates in the / directory: [github.com/amacneil/dbmate/v2](https://github.com/amacneil/dbmate), [github.com/nats-io/nats-server/v2](https://github.com/nats-io/nats-server), [golang.org/x/net](https://github.com/golang/net) and [golang.org/x/sync](https://github.com/golang/sync).


Updates `github.com/amacneil/dbmate/v2` from 2.29.5 to 2.31.0
- [Release notes](https://github.com/amacneil/dbmate/releases)
- [Commits](amacneil/dbmate@v2.29.5...v2.31.0)

Updates `github.com/lib/pq` from 1.11.1 to 1.11.2
- [Release notes](https://github.com/lib/pq/releases)
- [Changelog](https://github.com/lib/pq/blob/master/CHANGELOG.md)
- [Commits](lib/pq@v1.11.1...v1.11.2)

Updates `github.com/nats-io/nats-server/v2` from 2.12.4 to 2.12.5
- [Release notes](https://github.com/nats-io/nats-server/releases)
- [Changelog](https://github.com/nats-io/nats-server/blob/main/RELEASES.md)
- [Commits](nats-io/nats-server@v2.12.4...v2.12.5)

Updates `github.com/nats-io/nats.go` from 1.48.0 to 1.49.0
- [Release notes](https://github.com/nats-io/nats.go/releases)
- [Commits](nats-io/nats.go@v1.48.0...v1.49.0)

Updates `golang.org/x/net` from 0.50.0 to 0.51.0
- [Commits](golang/net@v0.50.0...v0.51.0)

Updates `golang.org/x/sync` from 0.19.0 to 0.20.0
- [Commits](golang/sync@v0.19.0...v0.20.0)

---
updated-dependencies:
- dependency-name: github.com/amacneil/dbmate/v2
  dependency-version: 2.31.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-dependencies
- dependency-name: github.com/lib/pq
  dependency-version: 1.11.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go-dependencies
- dependency-name: github.com/nats-io/nats-server/v2
  dependency-version: 2.12.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go-dependencies
- dependency-name: github.com/nats-io/nats.go
  dependency-version: 1.49.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-dependencies
- dependency-name: golang.org/x/net
  dependency-version: 0.51.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-dependencies
- dependency-name: golang.org/x/sync
  dependency-version: 0.20.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Mar 11, 2026
@github-actions github-actions bot enabled auto-merge (squash) March 11, 2026 13:33
@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Mar 25, 2026

Looks like these dependencies are updatable in another way, so this is no longer needed.

@dependabot dependabot bot closed this Mar 25, 2026
auto-merge was automatically disabled March 25, 2026 13:33

Pull request was closed

@dependabot dependabot bot deleted the dependabot/go_modules/go-dependencies-de97752a0d branch March 25, 2026 13:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file go Pull requests that update Go code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants