Skip to content

Bump the gomod group with 3 updates#202

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/go_modules/gomod-b48af5579c
Open

Bump the gomod group with 3 updates#202
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/go_modules/gomod-b48af5579c

Conversation

@dependabot
Copy link
Copy Markdown

@dependabot dependabot bot commented on behalf of github Mar 20, 2026
edited
Loading

Bumps the gomod group with 3 updates: github.com/coder/websocket, github.com/quic-go/quic-go and golang.org/x/crypto.

Updates github.com/coder/websocket from 1.8.12 to 1.8.14

Release notes

Sourced from github.com/coder/websocket's releases.

v1.8.14

Changes

New Contributors

Full Changelog: coder/websocket@v1.8.13...v1.8.14

v1.8.13

Changes

Full Changelog: coder/websocket@v1.8.12...v1.8.13

Commits
  • 7d7c644 refactor: add ErrMessageTooBig sentinel error for limited reads (#535)
  • c7846ea refactor: use context.AfterFunc to track timeouts instead of goroutine (#532)
  • e11dd4e fix: match Origin scheme if defined in OriginPatterns (#536)
  • 91013c1 chore: apply various modernisations (#531)
  • efb626b chore: update LICENSE file (#526)
  • 246891f build: add Makefile (#525)
  • 778d161 build: update to Go 1.23 (#524)
  • 64d7449 ci: lock down versions in lint.sh and fix ci (#523)
  • d1468a7 ci: update wasmbrowsertest to a specific commit (#514)
  • 703784f feat: add ping and pong received callbacks (#509)
  • Additional commits viewable in compare view

Updates github.com/quic-go/quic-go from 0.57.1 to 0.59.0

Release notes

Sourced from github.com/quic-go/quic-go's releases.

v0.59.0

This release adds a couple of new features:

  • Adds an API to peek stream data on ReceiveStream and Stream: #5501
  • Adds an API to peek the next varint on a stream: #5502
  • Reworks the API exposed by the HTTP/3 package for WebTransport: #5509, #5512. Regular HTTP/3 use cases should not be affected by these changes.
  • Adds support for HTTP request trailers (trailers sent by the client): #5507

Breaking Changes

  • Removes the deprecated ClientHelloInfo: #5497
  • Removes the deprecated ConnectionTracingID and ConnectionTracingKey: #5521
  • http3: the qlogger is now closed after all streams have been handled: #5524
  • The ConnectionState now reports both the local and the remote status of the QUIC Datagram and Reliable Stream Reset extensions: #5533

Other Notable Fixes

  • Fixes an infinite loop of PING-only packets caused by a bug in the PTO queueing logic: #5538 and #5539
  • http3: Fixes a race condition between new request streams and GOAWAY: #5522
  • qlog: Fixes a race condition between RecordEvent and Close: #5523

Changelog

Full Changelog: quic-go/quic-go@v0.58.0...v0.59.0

v0.58.1

This patch release backports fixes for a bug in the PTO queueing logic that could lead to an infinite loop of PING packets.

... (truncated)

Commits
  • 7659dd8 ackhandler: fix counting of packets queued for PTO probing (#5539)
  • bd4aea9 ackhandler: fix qlogging of outstanding packet count (#5538)
  • 76b3e07 ackhandler: remove unused declaredLost field in the packet (#5537)
  • 2020668 expose local and remote settings in ConnectionState (#5533)
  • d082d9f fix flaky TestHTTP3Qlog (#5532)
  • c5f15f2 http3: close qlogger after all streams have been handled (#5524)
  • f6dbf89 polish the security policy (#5526)
  • 29cb6ff qlogwriter: fix race between RecordEvent and Close (#5523)
  • e8a6e37 http3: fix race between new streams and GOAWAY (#5522)
  • 29b1a15 remove deprecated ConnectionTracingID and ConnectionTracingKey (#5521)
  • Additional commits viewable in compare view

Updates golang.org/x/crypto from 0.46.0 to 0.49.0

Commits
  • 982eaa6 go.mod: update golang.org/x dependencies
  • 159944f ssh,acme: clean up tautological/impossible nil conditions
  • a408498 acme: only require prompt if server has terms of service
  • cab0f71 all: upgrade go directive to at least 1.25.0 [generated]
  • 2f26647 x509roots/fallback: update bundle
  • e08b067 go.mod: update golang.org/x dependencies
  • 7d0074c scrypt: fix panic on parameters <= 0
  • 506e022 go.mod: update golang.org/x dependencies
  • 7dacc38 chacha20poly1305: error out in fips140=only mode
  • See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Bump the gomod group with 3 updates
12b9adc 
Bumps the gomod group with 3 updates: [github.com/coder/websocket](https://github.com/coder/websocket), [github.com/quic-go/quic-go](https://github.com/quic-go/quic-go) and [golang.org/x/crypto](https://github.com/golang/crypto).


Updates `github.com/coder/websocket` from 1.8.12 to 1.8.14
- [Release notes](https://github.com/coder/websocket/releases)
- [Commits](coder/websocket@v1.8.12...v1.8.14)

Updates `github.com/quic-go/quic-go` from 0.57.1 to 0.59.0
- [Release notes](https://github.com/quic-go/quic-go/releases)
- [Commits](quic-go/quic-go@v0.57.1...v0.59.0)

Updates `golang.org/x/crypto` from 0.46.0 to 0.49.0
- [Commits](golang/crypto@v0.46.0...v0.49.0)

---
updated-dependencies:
- dependency-name: github.com/coder/websocket
  dependency-version: 1.8.14
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: gomod
- dependency-name: github.com/quic-go/quic-go
  dependency-version: 0.59.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gomod
- dependency-name: golang.org/x/crypto
  dependency-version: 0.49.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gomod
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update go code labels Mar 20, 2026
@dependabot dependabot bot requested review from Copilot and removed request for Copilot March 20, 2026 21:08
@dependabot dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update go code labels Mar 20, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file go Pull requests that update go code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants