Skip to content

build(deps): bump the go-minor-patch group across 3 directories with 5 updates#1477

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/go_modules/agent/go-minor-patch-bc37dceaaa
Open

build(deps): bump the go-minor-patch group across 3 directories with 5 updates#1477
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/go_modules/agent/go-minor-patch-bc37dceaaa

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 15, 2026

Copy link
Copy Markdown
Contributor

Bumps the go-minor-patch group with 2 updates in the /agent directory: golang.org/x/crypto and google.golang.org/grpc.
Bumps the go-minor-patch group with 4 updates in the /apps/ingest directory: golang.org/x/crypto, google.golang.org/grpc, github.com/coder/websocket and github.com/jackc/pgx/v5.
Bumps the go-minor-patch group with 1 update in the /proto/gen/go directory: google.golang.org/grpc.

Updates golang.org/x/crypto from 0.51.0 to 0.53.0

Commits
  • 45460e0 go.mod: update golang.org/x dependencies
  • d37c95e pkcs12: limit PBKDF iteration count to prevent CPU exhaustion
  • e2ffffe ssh: reject incomplete gssapi-with-mic configurations
  • 60e158a ssh/test: isolate CLI tests from user SSH config and agent
  • 1b77d23 ssh/knownhosts: reject lines with multiple or unknown markers
  • 3872a2b ssh/knownhosts: verify declared key type matches decoded key
  • 9f72ecc ssh/knownhosts: treat only ASCII space and tab as whitespace
  • 8f405a4 ssh: validate ECDSA curve matches expected algorithm
  • bb41b3d ssh: improve DH GEX group selection using PreferredBits
  • e04e721 ssh/agent: validate ed25519 private key length in Add
  • Additional commits viewable in compare view

Updates golang.org/x/sys from 0.44.0 to 0.46.0

Commits
  • d58dcfa unix: add GPIO constants and structs
  • 397d5f8 unix: update to Linux kernel 7.0
  • 0a387f7 cpu: detect zbc extension on riscv64
  • 758f71c cpu: add LLACQ_SCREL, SCQ, DBAR_HINTS detection for loong64
  • 99666ae unix: merge Linux readv/writev implementation with Darwin/OpenBSD
  • e4444cb windows: add NtSetEaFile, NtQueryEaFile and NtQueryInformationFile
  • 04396e8 unix: add Readv, Writev, Preadv, Pwritev for OpenBSD
  • See full diff in compare view

Updates google.golang.org/grpc from 1.81.0 to 1.81.1

Release notes

Sourced from google.golang.org/grpc's releases.

Release 1.81.1

Security

  • xds/rbac: Fix a potential authorization bypass caused by incorrectly falling through URI/DNS SANs to Subject Distinguished Name (DN) when matching the authenticated principal name. With this fix, only the first non-empty identity source will be used, as per gRFC A41. (#9111)

Bug Fixes

  • otel: Segregate client and server RPC information used for metrics and traces, to avoid one overwriting the other. (#9081)
Commits

Updates golang.org/x/crypto from 0.51.0 to 0.53.0

Commits
  • 45460e0 go.mod: update golang.org/x dependencies
  • d37c95e pkcs12: limit PBKDF iteration count to prevent CPU exhaustion
  • e2ffffe ssh: reject incomplete gssapi-with-mic configurations
  • 60e158a ssh/test: isolate CLI tests from user SSH config and agent
  • 1b77d23 ssh/knownhosts: reject lines with multiple or unknown markers
  • 3872a2b ssh/knownhosts: verify declared key type matches decoded key
  • 9f72ecc ssh/knownhosts: treat only ASCII space and tab as whitespace
  • 8f405a4 ssh: validate ECDSA curve matches expected algorithm
  • bb41b3d ssh: improve DH GEX group selection using PreferredBits
  • e04e721 ssh/agent: validate ed25519 private key length in Add
  • Additional commits viewable in compare view

Updates google.golang.org/grpc from 1.81.0 to 1.81.1

Release notes

Sourced from google.golang.org/grpc's releases.

Release 1.81.1

Security

  • xds/rbac: Fix a potential authorization bypass caused by incorrectly falling through URI/DNS SANs to Subject Distinguished Name (DN) when matching the authenticated principal name. With this fix, only the first non-empty identity source will be used, as per gRFC A41. (#9111)

Bug Fixes

  • otel: Segregate client and server RPC information used for metrics and traces, to avoid one overwriting the other. (#9081)
Commits

Updates google.golang.org/grpc from 1.81.0 to 1.81.1

Release notes

Sourced from google.golang.org/grpc's releases.

Release 1.81.1

Security

  • xds/rbac: Fix a potential authorization bypass caused by incorrectly falling through URI/DNS SANs to Subject Distinguished Name (DN) when matching the authenticated principal name. With this fix, only the first non-empty identity source will be used, as per gRFC A41. (#9111)

Bug Fixes

  • otel: Segregate client and server RPC information used for metrics and traces, to avoid one overwriting the other. (#9081)
Commits

Updates golang.org/x/crypto from 0.51.0 to 0.53.0

Commits
  • 45460e0 go.mod: update golang.org/x dependencies
  • d37c95e pkcs12: limit PBKDF iteration count to prevent CPU exhaustion
  • e2ffffe ssh: reject incomplete gssapi-with-mic configurations
  • 60e158a ssh/test: isolate CLI tests from user SSH config and agent
  • 1b77d23 ssh/knownhosts: reject lines with multiple or unknown markers
  • 3872a2b ssh/knownhosts: verify declared key type matches decoded key
  • 9f72ecc ssh/knownhosts: treat only ASCII space and tab as whitespace
  • 8f405a4 ssh: validate ECDSA curve matches expected algorithm
  • bb41b3d ssh: improve DH GEX group selection using PreferredBits
  • e04e721 ssh/agent: validate ed25519 private key length in Add
  • Additional commits viewable in compare view

Updates google.golang.org/grpc from 1.81.0 to 1.81.1

Release notes

Sourced from google.golang.org/grpc's releases.

Release 1.81.1

Security

  • xds/rbac: Fix a potential authorization bypass caused by incorrectly falling through URI/DNS SANs to Subject Distinguished Name (DN) when matching the authenticated principal name. With this fix, only the first non-empty identity source will be used, as per gRFC A41. (#9111)

Bug Fixes

  • otel: Segregate client and server RPC information used for metrics and traces, to avoid one overwriting the other. (#9081)
Commits

Updates github.com/coder/websocket from 1.8.14 to 1.8.15

Release notes

Sourced from github.com/coder/websocket's releases.

v1.8.15

Changes

New Contributors

Full Changelog: coder/websocket@v1.8.14...v1.8.15

Commits
  • 9c8faad conn: skip timeout callbacks for background contexts (#566)
  • 7039364 avoid per-frame cleanup closures on read to remove 2 allocs per frame read (#...
  • d099e16 docs: fix roadmap links (#558)
  • c98e9dc docs: fix lint issue (#557)
  • 39b7b07 docs: remove mention of resolved issue in README (#556)
  • 9f473ad docs: add document for AI agents (AGENTS.md) (#547)
  • 8d3545a fix: transmit in single frame when compression enabled (#552)
  • 8bf6dd2 chore: fix typo in Accept function (#544)
  • See full diff in compare view

Updates github.com/jackc/pgx/v5 from 5.9.2 to 5.10.0

Changelog

Sourced from github.com/jackc/pgx/v5's changelog.

5.10.0 (June 3, 2026)

This release includes a significant amount of hardening against malicious or compromised PostgreSQL servers, contributed by Sean Chittenden at CrowdStrike, Inc. This work bounds binary decoders against attacker-controlled message sizes, caps server-supplied SCRAM iteration counts, adds require_auth to restrict which authentication methods a server may use (mitigating downgrade attacks under sslmode=prefer), and ensures cancellation requests are sent over TLS when the original connection used TLS.

Features

  • Add require_auth to restrict accepted server authentication methods (Sean Chittenden at CrowdStrike, Inc.)
  • Add ParseConfigOptions.ConnStringAllowedKeys to restrict allowed connection string keys (Sean Chittenden at CrowdStrike, Inc.)
  • Add StructArgs and StrictStructArgs for @-named queries (Tubelight30)
  • Add ErrConnClosed sentinel error and unwrap it from connLockError (Charlie Tonneslan)
  • pgxpool: check if connection is expired before acquire (arthurdotwork)

Security Hardening

  • Encrypt CancelRequest connection when the primary connection used TLS (Sean Chittenden at CrowdStrike, Inc.)
  • Cap server-supplied SCRAM iteration count (Sean Chittenden at CrowdStrike, Inc.)
  • Default Frontend max message body length to ~1 GiB (Sean Chittenden at CrowdStrike, Inc.)
  • Bound hstore binary decode against malicious server input (Sean Chittenden at CrowdStrike, Inc.)
  • Bound array binary decode element length against remaining message bytes (Sean Chittenden at CrowdStrike, Inc.)
  • Bound array element count against remaining message bytes (Sean Chittenden at CrowdStrike, Inc.)
  • Bound range, multirange, and tsvector binary decoders (Sean Chittenden at CrowdStrike, Inc.)
  • Document secure connection configuration (Sean Chittenden at CrowdStrike, Inc.)
  • Fix panic on malformed geometric text; return an error instead (MaIII)

Fixes

  • Fix scanning "char" (OID 18) into *string in binary format (luongs3)
  • Fix handling of typed-nil driver.Valuer in array and composite codecs (Donncha Fahy)
  • Fix CopyData.Data hex decoding in UnmarshalJSON (Charlie Tonneslan)
  • Fix data race when context is cancelled during connect
  • Fix parseKeywordValueSettings rejecting trailing whitespace (alliasgher)
  • pgconn: preserve full error chain in normalizeTimeoutError (Charlie Tonneslan)
  • pgconn: use a fresh context for the fallback connection in connectPreferred (Charlie Tonneslan)
  • pgxpool: fix MaxLifetimeDestroyCount and ping order for acquire-time expiry check
  • Add missing error check of rows.Err to load types (Jen Altavilla)
Commits
  • 7293fb1 Update changelog for v5.10.0
  • 1ade285 pgconn: document secure connection configuration
  • b4d6d4d pgtype: bound range, multirange, and tsvector binary decoders
  • 0639b37 pgconn: add ParseConfigOptions.ConnStringAllowedKeys
  • b28e65b pgtype: bound array element count against remaining message bytes
  • cd1f389 pgtype: bound array binary decode element length against remaining bytes
  • ff27b5b pgtype: bound hstore binary decode against malicious server input
  • a6002e1 pgproto3: default Frontend max message body length to ~1 GiB
  • 44f6173 pgconn: cap server-supplied SCRAM iteration count
  • 1a976f7 pgconn: add require_auth to restrict accepted server auth methods
  • Additional commits viewable in compare view

Updates golang.org/x/crypto from 0.51.0 to 0.53.0

Commits
  • 45460e0 go.mod: update golang.org/x dependencies
  • d37c95e pkcs12: limit PBKDF iteration count to prevent CPU exhaustion
  • e2ffffe ssh: reject incomplete gssapi-with-mic configurations
  • 60e158a ssh/test: isolate CLI tests from user SSH config and agent
  • 1b77d23 ssh/knownhosts: reject lines with multiple or unknown markers
  • 3872a2b ssh/knownhosts: verify declared key type matches decoded key
  • 9f72ecc ssh/knownhosts: treat only ASCII space and tab as whitespace
  • 8f405a4 ssh: validate ECDSA curve matches expected algorithm
  • bb41b3d ssh: improve DH GEX group selection using PreferredBits
  • e04e721 ssh/agent: validate ed25519 private key length in Add
  • Additional commits viewable in compare view

Updates google.golang.org/grpc from 1.81.0 to 1.81.1

Release notes

Sourced from google.golang.org/grpc's releases.

Release 1.81.1

Security

  • xds/rbac: Fix a potential authorization bypass caused by incorrectly falling through URI/DNS SANs to Subject Distinguished Name (DN) when matching the authenticated principal name. With this fix, only the first non-empty identity source will be used, as per gRFC A41. (#9111)

Bug Fixes

  • otel: Segregate client and server RPC information used for metrics and traces, to avoid one overwriting the other. (#9081)
Commits

Updates google.golang.org/grpc from 1.81.0 to 1.81.1

Release notes

Sourced from google.golang.org/grpc's releases.

Release 1.81.1

Security

  • xds/rbac: Fix a potential authorization bypass caused by incorrectly falling through URI/DNS SANs to Subject Distinguished Name (DN) when matching the authenticated principal name. With this fix, only the first non-empty identity source will be used, as per gRFC A41. (#9111)

Bug Fixes

  • otel: Segregate client and server RPC information used for metrics and traces, to avoid one overwriting the other. (#9081)
Commits

Updates google.golang.org/grpc from 1.81.0 to 1.81.1

Release notes

Sourced from google.golang.org/grpc's releases.

Release 1.81.1

Security

  • xds/rbac: Fix a potential authorization bypass caused by incorrectly falling through URI/DNS SANs to Subject Distinguished Name (DN) when matching the authenticated principal name. With this fix, only the first non-empty identity source will be used, as per gRFC A41. (#9111)

Bug Fixes

  • otel: Segregate client and server RPC information used for metrics and traces, to avoid one overwriting the other. (#9081)
Commits

Updates google.golang.org/grpc from 1.81.0 to 1.81.1

Release notes

Sourced from google.golang.org/grpc's releases.

Release 1.81.1

Security

  • xds/rbac: Fix a potential authorization bypass caused by incorrectly falling through URI/DNS SANs to Subject Distinguished Name (DN) when matching the authenticated principal name. With this fix, only the first non-empty identity source will be used, as per gRFC A41. (#9111)

Bug Fixes

  • otel: Segregate client and server RPC information used for metrics and traces, to avoid one overwriting the other. (#9081)
Commits

Updates google.golang.org/grpc from 1.81.0 to 1.81.1

Release notes

Sourced from google.golang.org/grpc's releases.

Release 1.81.1

Security

  • xds/rbac: Fix a potential authorization bypass caused by incorrectly falling through URI/DNS SANs to Subject Distinguished Name (DN) when matching the authenticated principal name. With this fix, only the first non-empty identity source will be used, as per gRFC A41. (#9111)

Bug Fixes

  • otel: Segregate client and server RPC information used for metrics and traces, to avoid one overwriting the other. (#9081)
Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

…5 updates

Bumps the go-minor-patch group with 2 updates in the /agent directory: [golang.org/x/crypto](https://github.com/golang/crypto) and [google.golang.org/grpc](https://github.com/grpc/grpc-go).
Bumps the go-minor-patch group with 4 updates in the /apps/ingest directory: [golang.org/x/crypto](https://github.com/golang/crypto), [google.golang.org/grpc](https://github.com/grpc/grpc-go), [github.com/coder/websocket](https://github.com/coder/websocket) and [github.com/jackc/pgx/v5](https://github.com/jackc/pgx).
Bumps the go-minor-patch group with 1 update in the /proto/gen/go directory: [google.golang.org/grpc](https://github.com/grpc/grpc-go).


Updates `golang.org/x/crypto` from 0.51.0 to 0.53.0
- [Commits](golang/crypto@v0.51.0...v0.53.0)

Updates `golang.org/x/sys` from 0.44.0 to 0.46.0
- [Commits](golang/sys@v0.44.0...v0.46.0)

Updates `google.golang.org/grpc` from 1.81.0 to 1.81.1
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](grpc/grpc-go@v1.81.0...v1.81.1)

Updates `golang.org/x/crypto` from 0.51.0 to 0.53.0
- [Commits](golang/crypto@v0.51.0...v0.53.0)

Updates `google.golang.org/grpc` from 1.81.0 to 1.81.1
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](grpc/grpc-go@v1.81.0...v1.81.1)

Updates `google.golang.org/grpc` from 1.81.0 to 1.81.1
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](grpc/grpc-go@v1.81.0...v1.81.1)

Updates `golang.org/x/crypto` from 0.51.0 to 0.53.0
- [Commits](golang/crypto@v0.51.0...v0.53.0)

Updates `google.golang.org/grpc` from 1.81.0 to 1.81.1
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](grpc/grpc-go@v1.81.0...v1.81.1)

Updates `github.com/coder/websocket` from 1.8.14 to 1.8.15
- [Release notes](https://github.com/coder/websocket/releases)
- [Commits](coder/websocket@v1.8.14...v1.8.15)

Updates `github.com/jackc/pgx/v5` from 5.9.2 to 5.10.0
- [Changelog](https://github.com/jackc/pgx/blob/master/CHANGELOG.md)
- [Commits](jackc/pgx@v5.9.2...v5.10.0)

Updates `golang.org/x/crypto` from 0.51.0 to 0.53.0
- [Commits](golang/crypto@v0.51.0...v0.53.0)

Updates `google.golang.org/grpc` from 1.81.0 to 1.81.1
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](grpc/grpc-go@v1.81.0...v1.81.1)

Updates `google.golang.org/grpc` from 1.81.0 to 1.81.1
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](grpc/grpc-go@v1.81.0...v1.81.1)

Updates `google.golang.org/grpc` from 1.81.0 to 1.81.1
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](grpc/grpc-go@v1.81.0...v1.81.1)

Updates `google.golang.org/grpc` from 1.81.0 to 1.81.1
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](grpc/grpc-go@v1.81.0...v1.81.1)

Updates `google.golang.org/grpc` from 1.81.0 to 1.81.1
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](grpc/grpc-go@v1.81.0...v1.81.1)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-version: 0.53.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-minor-patch
- dependency-name: golang.org/x/sys
  dependency-version: 0.46.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-minor-patch
- dependency-name: google.golang.org/grpc
  dependency-version: 1.81.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go-minor-patch
- dependency-name: golang.org/x/crypto
  dependency-version: 0.53.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-minor-patch
- dependency-name: google.golang.org/grpc
  dependency-version: 1.81.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go-minor-patch
- dependency-name: google.golang.org/grpc
  dependency-version: 1.81.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go-minor-patch
- dependency-name: golang.org/x/crypto
  dependency-version: 0.53.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-minor-patch
- dependency-name: google.golang.org/grpc
  dependency-version: 1.81.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go-minor-patch
- dependency-name: github.com/coder/websocket
  dependency-version: 1.8.15
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go-minor-patch
- dependency-name: github.com/jackc/pgx/v5
  dependency-version: 5.10.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-minor-patch
- dependency-name: golang.org/x/crypto
  dependency-version: 0.53.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-minor-patch
- dependency-name: google.golang.org/grpc
  dependency-version: 1.81.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go-minor-patch
- dependency-name: google.golang.org/grpc
  dependency-version: 1.81.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go-minor-patch
- dependency-name: google.golang.org/grpc
  dependency-version: 1.81.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go-minor-patch
- dependency-name: google.golang.org/grpc
  dependency-version: 1.81.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go-minor-patch
- dependency-name: google.golang.org/grpc
  dependency-version: 1.81.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go-minor-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot @github

dependabot Bot commented on behalf of github Jun 15, 2026

Copy link
Copy Markdown
Contributor Author

Labels

The following labels could not be found: area:go, dependencies. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants