Skip to content

chore(deps): bump the all group across 1 directory with 9 updates#5

Open
dependabot[bot] wants to merge 1 commit into
developfrom
dependabot/go_modules/all-13bd84cbbc
Open

chore(deps): bump the all group across 1 directory with 9 updates#5
dependabot[bot] wants to merge 1 commit into
developfrom
dependabot/go_modules/all-13bd84cbbc

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github May 7, 2026

Copy link
Copy Markdown

Bumps the all group with 7 updates in the / directory:

Package From To
github.com/lib/pq 1.10.9 1.12.3
github.com/mr-tron/base58 1.2.0 1.3.0
github.com/spf13/cobra 1.7.0 1.10.2
github.com/spf13/viper 1.15.0 1.21.0
github.com/streamingfast/logging 0.0.0-20230608130331-f22c91403091 1.2.2
github.com/streamingfast/substreams 1.16.7-0.20251015182509-1c9938899a91 1.20.1
google.golang.org/grpc 1.81.1 1.82.1

Updates github.com/lib/pq from 1.10.9 to 1.12.3

Release notes

Sourced from github.com/lib/pq's releases.

v1.12.3

  • Send datestyle startup parameter, improving compatbility with database engines that use a different default datestyle such as EnterpriseDB (#1312).

#1312: lib/pq#1312

v1.12.2

  • Treat io.ErrUnexpectedEOF as driver.ErrBadConn so database/sql discards the connection. Since v1.12.0 this could result in permanently broken connections, especially with CockroachDB which frequently sends partial messages (#1299).

#1299: lib/pq#1299

v1.12.1

  • Look for pgpass file in ~/.pgpass instead of ~/.postgresql/pgpass (#1300).

  • Don't clear password if directly set on pq.Config (#1302).

#1300: lib/pq#1300 #1302: lib/pq#1302

v1.12.0

  • The next release may change the default sslmode from require to prefer. See #1271 for details.

  • CopyIn() and CopyInToSchema() have been marked as deprecated. These are simple query builders and not needed for COPY [..] FROM STDIN support (which is not deprecated). (#1279)

    // Old
    tx.Prepare(CopyIn("temp", "num", "text", "blob", "nothing"))
    

    // Replacement tx.Prepare(copy temp (num, text, blob, nothing) from stdin)

Features

  • Support protocol 3.2, and the min_protocol_version and max_protocol_version DSN parameters (#1258).

  • Support sslmode=prefer and sslmode=allow (#1270).

  • Support ssl_min_protocol_version and ssl_max_protocol_version (#1277).

  • Support connection service file to load connection details (#1285).

  • Support sslrootcert=system and use ~/.postgresql/root.crt as the default value of sslrootcert (#1280, #1281).

  • Add a new pqerror package with PostgreSQL error codes (#1275).

    For example, to test if an error is a UNIQUE constraint violation:

    if pqErr, ok := errors.AsType[*pq.Error](https://github.com/lib/pq/blob/HEAD/err); ok && pqErr.Code == pqerror.UniqueViolation {
        log.Fatalf("email %q already exsts", email)
    }
    

    To make this a bit more convenient, it also adds a pq.As() function:

... (truncated)

Changelog

Sourced from github.com/lib/pq's changelog.

v1.12.3 (2026-04-03)

  • Send datestyle startup parameter, improving compatbility with database engines that use a different default datestyle such as EnterpriseDB (#1312).

#1312: lib/pq#1312

v1.12.2 (2026-04-02)

  • Treat io.ErrUnexpectedEOF as driver.ErrBadConn so database/sql discards the connection. Since v1.12.0 this could result in permanently broken connections, especially with CockroachDB which frequently sends partial messages (#1299).

#1299: lib/pq#1299

v1.12.1 (2026-03-30)

  • Look for pgpass file in ~/.pgpass instead of ~/.postgresql/pgpass (#1300).

  • Don't clear password if directly set on pq.Config (#1302).

#1300: lib/pq#1300 #1302: lib/pq#1302

v1.12.0 (2026-03-18)

  • The next release may change the default sslmode from require to prefer. See #1271 for details.

  • CopyIn() and CopyInToSchema() have been marked as deprecated. These are simple query builders and not needed for COPY [..] FROM STDIN support (which is not deprecated). (#1279)

    // Old
    tx.Prepare(CopyIn("temp", "num", "text", "blob", "nothing"))
    

    // Replacement tx.Prepare(copy temp (num, text, blob, nothing) from stdin)

Features

  • Support protocol 3.2, and the min_protocol_version and max_protocol_version DSN parameters (#1258).

  • Support sslmode=prefer and sslmode=allow (#1270).

  • Support ssl_min_protocol_version and ssl_max_protocol_version (#1277).

... (truncated)

Commits
  • 1f3e3d9 Send datestyle as a startup parameter (#1312)
  • 32ba56b Expand tests for multiple result sets
  • c2cfac1 Release v1.12.2
  • 859f104 Test CockroachDB
  • 12e464c Allow multiple matches and regexps in pqtest.ErrorContains()
  • 6d77ced Treat io.ErrUnexpectedEOF as driver.ErrBadConn in handleError
  • 71daecb Ensure transactions are closed in pqtest
  • 8f44823 Set PGAPPNAME for tests
  • 4af2196 Fix healthcheck
  • 38a54e4 Split out testdata/init a bit
  • Additional commits viewable in compare view

Updates github.com/mr-tron/base58 from 1.2.0 to 1.3.0

Release notes

Sourced from github.com/mr-tron/base58's releases.

x10 speedup

What's Changed

Previous version:

cpu: Apple M4
BenchmarkTrivialBase58Encoding
BenchmarkTrivialBase58Encoding-10       	  704328	      1554 ns/op
BenchmarkFastBase58Encoding
BenchmarkFastBase58Encoding-10          	 1000000	      1065 ns/op
BenchmarkTrivialBase58Decoding
BenchmarkTrivialBase58Decoding-10       	 1541754	       767.0 ns/op
BenchmarkFastBase58Decoding
BenchmarkFastBase58Decoding-10          	 4358894	       278.3 ns/op
BenchmarkTrivialBase58Encoding32
BenchmarkTrivialBase58Encoding32-10     	  729949	      1627 ns/op
BenchmarkFastBase58Encoding32
BenchmarkFastBase58Encoding32-10        	 1000000	      1118 ns/op
BenchmarkTrivialBase58Encoding36
BenchmarkTrivialBase58Encoding36-10     	  608595	      1813 ns/op
BenchmarkFastBase58Encoding36
BenchmarkFastBase58Encoding36-10        	  893626	      1275 ns/op
BenchmarkTrivialBase58Encoding64
BenchmarkTrivialBase58Encoding64-10     	  284566	      4028 ns/op
BenchmarkFastBase58Encoding64
BenchmarkFastBase58Encoding64-10        	  279295	      3955 ns/op
BenchmarkTrivialBase58Encoding256
BenchmarkTrivialBase58Encoding256-10    	   33140	     35533 ns/op
BenchmarkFastBase58Encoding256
BenchmarkFastBase58Encoding256-10       	   17833	     67081 ns/op
BenchmarkTrivialBase58Decoding32
BenchmarkTrivialBase58Decoding32-10     	 1512828	       875.7 ns/op
BenchmarkFastBase58Decoding32
BenchmarkFastBase58Decoding32-10        	 4247128	       341.9 ns/op
BenchmarkTrivialBase58Decoding36
BenchmarkTrivialBase58Decoding36-10     	 1319317	       880.9 ns/op
BenchmarkFastBase58Decoding36
BenchmarkFastBase58Decoding36-10        	 3449229	       366.6 ns/op
BenchmarkTrivialBase58Decoding64
BenchmarkTrivialBase58Decoding64-10     	  663181	      1636 ns/op
BenchmarkFastBase58Decoding64
BenchmarkFastBase58Decoding64-10        	 1327443	       903.0 ns/op
BenchmarkTrivialBase58Decoding256
BenchmarkTrivialBase58Decoding256-10    	  153183	      7469 ns/op
BenchmarkFastBase58Decoding256
BenchmarkFastBase58Decoding256-10       	   93289	     12428 ns/op

... (truncated)

Commits
  • 14609f6 big refactorig. speedup x10. better tests. add more benchmarks.
  • 957145f mark deprecated functions
  • 7feefc8 Merge pull request #17 from ribasushi/more_tests_and_nits
  • 925b607 Slightly better README rendering
  • d3aa3a3 Better handling of custom alphabets + tests
  • 82a293c Seed the math/rand PRNG on every test run
  • dfe7821 Works without changes on go1.11: lower dep
  • d2877cb Add myself to authors
  • See full diff in compare view

Updates github.com/spf13/cobra from 1.7.0 to 1.10.2

Release notes

Sourced from github.com/spf13/cobra's releases.

v1.10.2

🔧 Dependencies

  • chore: Migrate from gopkg.in/yaml.v3 to go.yaml.in/yaml/v3 by @​dims in spf13/cobra#2336 - the gopkg.in/yaml.v3 package has been deprecated for some time: this should significantly cleanup dependency/supply-chains for consumers of spf13/cobra

📈 CI/CD

🔥✍🏼 Docs

🍂 Refactors

🤗 New Contributors

Full Changelog: spf13/cobra@v1.10.1...v1.10.2

Thank you to our amazing contributors!!!!! 🐍 🚀

v1.10.1

🐛 Fix

v1.0.9 of pflags brought back ParseErrorsWhitelist and marked it as deprecated

Full Changelog: spf13/cobra@v1.10.0...v1.10.1

v1.10.0

What's Changed

🚨 Attention!

This version of pflag carried a breaking change: it renamed ParseErrorsWhitelist to ParseErrorsAllowlist which can break builds if both pflag and cobra are dependencies in your project.

  • If you use both pflag and cobra, upgrade pflagto 1.0.8 andcobrato1.10.0`
  • or use the newer, fixed version of pflag v1.0.9 which keeps the deprecated ParseErrorsWhitelist

... (truncated)

Commits

Updates github.com/spf13/viper from 1.15.0 to 1.21.0

Release notes

Sourced from github.com/spf13/viper's releases.

v1.21.0

What's Changed

Enhancements 🚀

Bug Fixes 🐛

Dependency Updates ⬆️

Other Changes

New Contributors

Full Changelog: spf13/viper@v1.20.0...v1.21.0

v1.20.1

What's Changed

Bug Fixes 🐛

Full Changelog: spf13/viper@v1.20.0...v1.20.1

v1.20.0

... (truncated)

Commits
  • 394040c ci: build on go 1.25
  • 812f548 chore: update dependencies
  • d5271ef ci: update stale workflow
  • dff303b feat: add a stale issue scheduled action
  • 1287976 build(deps): bump github.com/spf13/pflag from 1.0.7 to 1.0.10
  • 38932cd build(deps): bump github.com/go-viper/mapstructure/v2 in /remote
  • 6d014be build(deps): bump github.com/stretchr/testify from 1.10.0 to 1.11.1
  • b74c7ee build(deps): bump github.com/fsnotify/fsnotify from 1.8.0 to 1.9.0
  • acd05e1 fix: linting issues
  • ae5a8e2 ci: upgrade golangci-lint
  • Additional commits viewable in compare view

Updates github.com/streamingfast/logging from 0.0.0-20230608130331-f22c91403091 to 1.2.2

Release notes

Sourced from github.com/streamingfast/logging's releases.

v1.2.2

Added

  • Registry.GetTracerByPackageID(packageID string) (*bool, bool) exposes the raw trace-enabled pointer for a registered logger, allowing external bridges (e.g. a v2 compatibility layer) to mirror trace state into v1 tracers.
  • logging.LoggerFromContext(ctx, fallback) as the canonical replacement for logging.Logger(ctx, fallback).

Deprecated

  • logging.Logger(ctx, fallback) — use logging.LoggerFromContext instead, or the one-liner level helpers logging.Info, logging.Debug, etc.

v1.2.1

Added

  • zapx.TruncatedStringer, an lazy version of zapx.TruncatedString.

v1.2.0

Added

  • GlobalRegistry() Registry exposes the global registry, allowing a future v2 module to discover and re-instantiate all loggers registered via v1 PackageLogger.
  • Registry.All(fn func(packageID, shortName string)) iterates over all registered loggers in a registry, enabling cross-module migration scenarios.
  • Loggers registered via PackageLogger after InstantiateLoggers has already been called are now immediately instantiated and have the same level rules (default level, pre-spec, env spec) applied to them.

Fixed

  • SetLevelFor now re-applies the current environment variable overrides (DLOG, DEBUG, TRACE, …) after setting the level, so the provided level acts as a baseline that env vars can override. This fixes the common pattern of calling SetLevelFor(".*", zap.WarnLevel, false) in a Cobra PreRun hook while still allowing DLOG/DEBUG/TRACE to take effect.

Changed

  • The default text encoder use to encode log entries now emits the level when coloring is disabled.
  • Deprecated logging.IsTraceEnabled, define your logger and Tracer directly with var zlog, tracer = logging.PackageLogger(<shortName>, "...") instead of separately, tracer.Enabled() can then be used to determine if tracing should be enabled (can be enable dynamically).
  • Deprecated logging.TestingOverride, use logging.InstantiateLoggers directly.
  • Deprecated logging.Overidde, use logging.InstantiateLoggers directly and use the logging.WithDefaultSpec to configure the various loggers.` instead.
  • Deprecated logging.Register, use var zlog, _ = logging.PackageLogger(<shortName>, "...") instead.
  • Deprecated logging.RegisterOnUpdate, use logging.LoggerOnUpdate instead (will probably be removed actually entirely since it's not needed anymore).
  • Deprecated logging.WithServiceName, no replacement yet (will be logging.LoggerServiceName in a future release, if unspecified shortName will be used).
  • Deprecated logging.RootLogger, use logging.PackageLogger and control levels via logging.WithDefaultSpec(...) in InstantiateLoggers instead (e.g. WithDefaultSpec("logger1=info,logger2=debug,.*=warn")). The root logger concept tried to be smart about defaulting to info which caused API confusion.

Removed

  • BREAKING CHANGE Removed logging.Handler, it has been moved to dtracing package to limit transitive depdendencies on this project, you should use dtracing.NewAddTraceIDAwareLoggerMiddleware instead.
Changelog

Sourced from github.com/streamingfast/logging's changelog.

v1.2.2

Added

  • Registry.GetTracerByPackageID(packageID string) (*bool, bool) exposes the raw trace-enabled pointer for a registered logger, allowing external bridges (e.g. a v2 compatibility layer) to mirror trace state into v1 tracers.
  • logging.LoggerFromContext(ctx, fallback) as the canonical replacement for logging.Logger(ctx, fallback).

Deprecated

  • logging.Logger(ctx, fallback) — use logging.LoggerFromContext instead, or the one-liner level helpers logging.Info, logging.Debug, etc.

v1.2.1

Added

  • zapx.TruncatedStringer, an lazy version of zapx.TruncatedString.

v1.2.0

Added

  • GlobalRegistry() Registry exposes the global registry, allowing a future v2 module to discover and re-instantiate all loggers registered via v1 PackageLogger.
  • Registry.All(fn func(packageID, shortName string)) iterates over all registered loggers in a registry, enabling cross-module migration scenarios.
  • Loggers registered via PackageLogger after InstantiateLoggers has already been called are now immediately instantiated and have the same level rules (default level, pre-spec, env spec) applied to them.

Fixed

  • SetLevelFor now re-applies the current environment variable overrides (DLOG, DEBUG, TRACE, …) after setting the level, so the provided level acts as a baseline that env vars can override. This fixes the common pattern of calling SetLevelFor(".*", zap.WarnLevel, false) in a Cobra PreRun hook while still allowing DLOG/DEBUG/TRACE to take effect.

Changed

  • The default text encoder use to encode log entries now emits the level when coloring is disabled.
  • Deprecated logging.IsTraceEnabled, define your logger and Tracer directly with var zlog, tracer = logging.PackageLogger(<shortName>, "...") instead of separately, tracer.Enabled() can then be used to determine if tracing should be enabled (can be enable dynamically).
  • Deprecated logging.TestingOverride, use logging.InstantiateLoggers directly.
  • Deprecated logging.Overidde, use logging.InstantiateLoggers directly and use the logging.WithDefaultSpec to configure the various loggers.` instead.
  • Deprecated logging.Register, use var zlog, _ = logging.PackageLogger(<shortName>, "...") instead.
  • Deprecated logging.RegisterOnUpdate, use logging.LoggerOnUpdate instead (will probably be removed actually entirely since it's not needed anymore).
  • Deprecated logging.WithServiceName, no replacement yet (will be logging.LoggerServiceName in a future release, if unspecified shortName will be used).
  • Deprecated logging.RootLogger, use logging.PackageLogger and control levels via logging.WithDefaultSpec(...) in InstantiateLoggers instead (e.g. WithDefaultSpec("logger1=info,logger2=debug,.*=warn")). The root logger concept tried to be smart about defaulting to info which caused API confusion.

Removed

  • BREAKING CHANGE Removed logging.Handler, it has been moved to dtracing package to limit transitive depdendencies on this project, you should use dtracing.NewAddTraceIDAwareLoggerMiddleware instead.

2020-03-21

Changed

  • License changed to Apache 2.0
Commits

Updates github.com/streamingfast/substreams from 1.16.7-0.20251015182509-1c9938899a91 to 1.20.1

Release notes

Sourced from github.com/streamingfast/substreams's releases.

v1.20.1

Fixed

  • Server: linear quickload resume now emits SessionInit (trace id) and starts keepalives before the store decode streams, instead of after. A large or remote quicksave could previously stream for a long time with zero client output; the quickload-success path also never emitted a SessionInit at all.

v1.20.0

Changed

  • Server: the store size limit override is now configured by a tier1 flag (Tier1Config.StoreSizeLimit, exposed as --substreams-tier1-store-size-limit) instead of the SUBSTREAMS_STORE_SIZE_LIMIT environment variable, which has been removed. The value is forwarded from tier1 to tier2 on every subrequest via the existing ProcessRangeRequest.store_size_limit field, so it no longer needs to be set on tier2. 0 keeps the default of 1GiB.
  • Server: store quicksave/quickload now run up to 8 stores concurrently instead of one at a time, cutting shutdown/resume latency for pipelines with many stores.
  • Server: quicksave now streams the store lazily and unsorted (one KV entry at a time as the upload consumes it, without sorting keys), instead of buffering the whole serialized store and paying an O(n log n) key sort plus key-slice allocation up front. This lowers both peak memory and save time for large stores (millions of keys). Quickload is order-independent, and the on-disk format is unchanged (byte-compatible protobuf), so no migration is required.
  • Server: tier1 store loading at request start now loads up to 8 stores concurrently (both the size probe and the download/decode), instead of one at a time.

Added

  • Server: new opt-in mmap (bbolt-backed) store backend, selectable via --substreams-stores-backend=mmap (default memory). It keeps FullKV store data in a memory-mapped file so cold pages are reclaimable by the kernel under memory pressure, instead of pinning everything on the non-reclaimable Go heap — this addresses production OOMs with large or highly concurrent stores. The in-memory backend remains the default and is byte-for-byte unchanged; mmap is validated to produce identical output. The scratch-space directory holding the bbolt files (StoresScratchSpace, default "{sf-data-dir}/substreams/stores-scratch") should live on a local NVMe SSD: the store is continuously read from and written to through the mmap, and the kernel pages it straight to that file, so a slow or network-backed disk turns store operations into an I/O bottleneck and negates the benefit. Do not point it at network/EBS-class storage.

  • Server: cached deterministic errors now expire. Each error file carries a write timestamp in its name (errors.<block>.<hash>.<unix>), and on read tier1 discards any error older than SUBSTREAMS_DETERMINISTIC_ERROR_MAX_AGE (Go duration, default 1h), retrying execution. Legacy error files without a timestamp are deleted on read.

  • Server: new ProcessRangeRequest.merged_blocks_bundle_size field (internal tier1→tier2 protocol) carrying the number of blocks per merged-blocks file. 0 (older tier1s) means the historical default of 100. Tier2 applies the value per-request, so a single tier2 can serve chains with different merged-blocks sizes. Upgrade all tier2s before setting a non-100 value on any tier1: older tier2s ignore the field and would read the store with a bundle size of 100 (jobs stall on missing file names).

  • Server: new Tier1Config.MergedBlocksBundleSize (default 100), used by tier1's own merged-blocks reads, cursor resolution, final-block rounding and forwarded to tier2 on every subrequest. The hub's kept final blocks and the live backfiller delay now scale with the bundle size.

  • substreams tools tier2call: new --merged-blocks-bundle-size flag (default 0 = server default).

  • Server: store quicksave now also triggers on client disconnect (context canceled), not only on graceful server shutdown, so a reconnecting client can resume without reprocessing. Only applies to production-mode requests.

  • Server: the substreams request stats log now includes the last block sent to the client (last_sent_block_num, last_sent_block_id, last_sent_block_time).

  • Server: quicksave/quickload logs now report their duration (save_duration / load_duration).

Fixed

  • Server: canceled store loads now abort promptly instead of reading the entire (multi-GB) store file into the heap before returning. A tier2 store Load now checks the request context while streaming entries, so a canceled/disconnected request stops hydrating immediately. Also memoryKVImpl.Close() now drops its backing map (was a no-op), and the post-load SetMetadata goroutine no longer captures the whole loaded store (only the object store, filename and metadata) and runs under a bounded 30s timeout — together these stop a finished/canceled request from transiently pinning gigabytes of store data.
  • Server: a Blocks request whose start block resolves (from a cursor) to exactly the exclusive stop block now completes cleanly instead of returning InvalidArgument: start block and stop block are the same. The range is empty (stop is exclusive), so the stream is already done; this previously surfaced as a fatal, non-retryable error to clients that reconnected with a cursor sitting on the last block of the range after a transient disconnect. Raw (cursor-less) requests with start == stop still return the InvalidArgument as before.
  • Sink: when resuming from a cursor already at or past the stop block, the sinker now shuts down immediately instead of opening a stream to the server. The pre-flight check previously compared the cursor against adjustedEndBlock() (stop block inflated by the partial-blocks buffer capacity), so a cursor sitting in the [stopBlock-1, stopBlock+bufferCap-1) window was let through and issued a useless request; it now compares against the raw exclusive StopBlock.
  • Server: client disconnects (context canceled) on a tier1 Blocks stream are no longer logged as WARNING/ERROR. toGrpcTier1Error returned a connect error for the canceled case (unlike every other branch, which returns a gRPC status error), so the caller's status.Code() resolved to Unknown — logging the request completion as a WARN and the gRPC middleware call as an ERROR with code Unknown. It now returns codes.Canceled, so the disconnect is logged at Debug/Info as intended.
  • Server: bumped dstore, which now sends S3 request checksums only when the target requires them, fixing uploads/downloads against S3-compatible stores that reject the newer default checksum headers.
  • Server: the quicksave block count now counts settled blocks (normal or last-partial) instead of skipping partials entirely, so quicksave arms correctly on flash-block chains. The minimum sent-block threshold before a quicksave triggers was raised from 25 to 50.
  • Server: tier1 calls to hosted foundational stores now forward the x-organization-id identity header (alongside the existing trusted headers), so a store's internal trust-based listener can authorize the request without an end-user JWT. This fixes Unauthenticated: required authorization token not found errors when reading from hosted foundational stores resolved via the control-plane registry.
  • Server: foundational store calls that fail with authentication errors, organization id mismatch, or prolonged unreachability now bubble up to the user as a non-deterministic (uncached) error instead of retrying until the global deadline. Transient unavailability is still retried (~30s) to absorb blips and rolling restarts.
  • Server: a client cancellation (context canceled) while loading an execout file is now logged at INFO instead of ERROR in the execout walker.
  • CLI: substreams info <shortname> now fetches the package from the download endpoint (spkg.io) instead of the registry API host, fixing package does not exist on the Substreams registry for short-name lookups such as substreams info common.

v1.19.0

Sink

  • Fix Sinker.requestActiveStartBlock not being set when the handler implements SinkerSessionInitHandler, which previously caused ProgressMessageLastContiguousBlock to be incorrect for production-mode mapper stages.

Fixed

  • Manifest: a foundational-store: input now accepts a hosted-store deployment id (a UUID), in addition to package name@version notation. Previously the deployment id was validated with the package-name regexp (^[a-zA-Z]...), which rejected any UUID starting with a digit, making real hosted stores impossible to reference.
  • Server: tier1 forkable hub now logs under the tier1 logger instead of the generic bstream package logger, so processing block (and related hub) log lines are correctly attributed to the component (requires bstream hub.WithLogger).
  • Server: per-block execution timeouts (--substreams-block-execution-timeout) are no longer silently swallowed when a WASM host-function panic (e.g. wasmtime) coincides with the deadline. Previously, recoverExecutionPanic would return nil instead of CodeDeadlineExceeded, causing the offending block to be skipped and the stream to complete successfully.

... (truncated)

Commits

Updates go.uber.org/zap from 1.27.0 to 1.27.1

Release notes

Sourced from go.uber.org/zap's releases.

v1.27.1

Enhancements:

  • #1501[]: prevent Object from panicking on nils
  • #1511[]: Fix a race condition in WithLazy.

Thanks to @​rabbbit, @​alshopov, @​jquirke, @​arukiidou for their contributions to this release.

#1501: uber-go/zap#1501 #1511: uber-go/zap#1511

Changelog

Sourced from go.uber.org/zap's changelog.

1.27.1 (19 Nov 2025)

Enhancements:

  • #1501[]: prevent Object from panicking on nils
  • #1511[]: Fix a race condition in WithLazy.

Thanks to @​rabbbit, @​alshopov, @​jquirke, @​arukiidou for their contributions to this release.

#1501: uber-go/zap#1501 #1511: uber-go/zap#1511

Commits

Updates google.golang.org/grpc from 1.81.1 to 1.82.1

Release notes

Sourced from google.golang.org/grpc's releases.

Release 1.82.1

Security

  • server: Stop reading from the connection when flooded by HTTP/2 frames. The default value for this limit is 100 frames, excluding DATA and HEADERS, and may be changed by setting environment variable GRPC_GO_EXPERIMENTAL_CONTROL_BUFFER_THROTTLE_LIMIT.
  • xds/rbac: Support Metadata and RequestedServerName permissions matcher fields. If present in a DENY rule, previously these would be ignored and fail-open.
  • xds/rbac: Fix panic when parsing unsupported fields in NotRule/NotId permissions.
  • xds/rbac: Support the deprecated source_ip principal identifier by treating it as equivalent to direct_remote_ip.

Release 1.82.0

Behavior Changes

  • server: Remove support for GRPC_GO_EXPERIMENTAL_DISABLE_STRICT_PATH_CHECKING environment varibale. Strict incoming RPC path validation (which has been the default since v1.79.3) can no longer be disabled. (#9112)
  • transport: Add environment variable to change the default max header list size from 16MB to 8KB. This may be enabled by setting GRPC_GO_EXPERIMENTAL_ENABLE_8KB_DEFAULT_HEADER_LIST_SIZE=true. This will be enabled by default in a subsequent release. (#9019)
  • balancer: Load Balancing policy registry is now case-sensitive. Set GRPC_GO_EXPERIMENTAL_CASE_SENSITIVE_BALANCER_REGISTRIES=false (and file an issue) to revert to case-insensitive behavior. (#9017)

New Features

  • experimental/stats: Expose a new API, NewContextWithLabelCallback, to register a callback that is invoked when telemetry labels are added. (#8877)
  • client: Return a portion of the response body in the error message, when the client receives an unexpected non-gRPC HTTP response, to make debugging easier. (#8929)
  • server: Add environment variable GRPC_GO_SERVER_GOROUTINE_LABELS that controls setting runtime/pprof.Labels on goroutines spawned by the server. Set GRPC_GO_SERVER_GOROUTINE_LABELS=grpc.method=true to add the grpc.method label on goroutines spawned to handle incoming requests. (#9082)

Bug Fixes

  • xds/server: Fix a memory leak of HTTP filter instances occurring when route configurations are updated in-place during a Route Discovery Service (RDS) update. (#9138)
  • grpc: In the deprecated gzip Compressor (used via the deprecated WithCompressor dial option), enforce the MaxRecvMsgSize limit on the decompressed message buffer, preventing excessive memory allocation from highly compressed payloads. (#9114)
  • stats/opentelemetry: Record retry attempts, grpc.previous-rpc-attempts, at the call level and not the attempt level. (#8923)
  • encoding: Ensure Close() is always called on readers returned from Compressor.Decompress if possible. (#9135)
  • channelz: Fix the LastMessageSentTimestamp and LastMessageReceivedTimestamp fields in SocketMetrics to ensure they contain correct timestamp values. (#9109)
Commits

Updates google.golang.org/protobuf from 1.36.11 to 1.36.12-0.20260120151049-f2248ac996af

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update go code labels May 7, 2026
@dependabot dependabot Bot changed the title chore(deps): bump the all group with 9 updates chore(deps): bump the all group across 1 directory with 9 updates Jul 2, 2026
@dependabot
dependabot Bot force-pushed the dependabot/go_modules/all-13bd84cbbc branch from 9762acb to 62b11f5 Compare July 2, 2026 16:24
Bumps the all group with 7 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [github.com/lib/pq](https://github.com/lib/pq) | `1.10.9` | `1.12.3` |
| [github.com/mr-tron/base58](https://github.com/mr-tron/base58) | `1.2.0` | `1.3.0` |
| [github.com/spf13/cobra](https://github.com/spf13/cobra) | `1.7.0` | `1.10.2` |
| [github.com/spf13/viper](https://github.com/spf13/viper) | `1.15.0` | `1.21.0` |
| [github.com/streamingfast/logging](https://github.com/streamingfast/logging) | `0.0.0-20230608130331-f22c91403091` | `1.2.2` |
| [github.com/streamingfast/substreams](https://github.com/streamingfast/substreams) | `1.16.7-0.20251015182509-1c9938899a91` | `1.20.1` |
| [google.golang.org/grpc](https://github.com/grpc/grpc-go) | `1.81.1` | `1.82.1` |



Updates `github.com/lib/pq` from 1.10.9 to 1.12.3
- [Release notes](https://github.com/lib/pq/releases)
- [Changelog](https://github.com/lib/pq/blob/master/CHANGELOG.md)
- [Commits](lib/pq@v1.10.9...v1.12.3)

Updates `github.com/mr-tron/base58` from 1.2.0 to 1.3.0
- [Release notes](https://github.com/mr-tron/base58/releases)
- [Commits](mr-tron/base58@v1.2.0...v1.3.0)

Updates `github.com/spf13/cobra` from 1.7.0 to 1.10.2
- [Release notes](https://github.com/spf13/cobra/releases)
- [Commits](spf13/cobra@v1.7.0...v1.10.2)

Updates `github.com/spf13/viper` from 1.15.0 to 1.21.0
- [Release notes](https://github.com/spf13/viper/releases)
- [Commits](spf13/viper@v1.15.0...v1.21.0)

Updates `github.com/streamingfast/logging` from 0.0.0-20230608130331-f22c91403091 to 1.2.2
- [Release notes](https://github.com/streamingfast/logging/releases)
- [Changelog](https://github.com/streamingfast/logging/blob/develop/CHANGELOG.md)
- [Commits](https://github.com/streamingfast/logging/commits/v1.2.2)

Updates `github.com/streamingfast/substreams` from 1.16.7-0.20251015182509-1c9938899a91 to 1.20.1
- [Release notes](https://github.com/streamingfast/substreams/releases)
- [Changelog](https://github.com/streamingfast/substreams/blob/develop/RELEASE.md)
- [Commits](https://github.com/streamingfast/substreams/commits/v1.20.1)

Updates `go.uber.org/zap` from 1.27.0 to 1.27.1
- [Release notes](https://github.com/uber-go/zap/releases)
- [Changelog](https://github.com/uber-go/zap/blob/master/CHANGELOG.md)
- [Commits](uber-go/zap@v1.27.0...v1.27.1)

Updates `google.golang.org/grpc` from 1.81.1 to 1.82.1
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](grpc/grpc-go@v1.81.1...v1.82.1)

Updates `google.golang.org/protobuf` from 1.36.11 to 1.36.12-0.20260120151049-f2248ac996af

---
updated-dependencies:
- dependency-name: github.com/lib/pq
  dependency-version: 1.12.3
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: github.com/mr-tron/base58
  dependency-version: 1.3.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: github.com/spf13/cobra
  dependency-version: 1.10.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: github.com/spf13/viper
  dependency-version: 1.21.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: github.com/streamingfast/logging
  dependency-version: 1.2.2
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: all
- dependency-name: github.com/streamingfast/substreams
  dependency-version: 1.18.4
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: go.uber.org/zap
  dependency-version: 1.27.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: google.golang.org/grpc
  dependency-version: 1.77.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: google.golang.org/protobuf
  dependency-version: 1.36.11
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
dependabot Bot force-pushed the dependabot/go_modules/all-13bd84cbbc branch from 62b11f5 to b023312 Compare July 16, 2026 16:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file go Pull requests that update go code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants