Data

Tools

Indexes

Applications

Experiments

Dependabot

An open index of dependabot pull requests across open source projects.

build(deps): Bump the all-go group across 2 directories with 7 updates

Open
Number: #3333
Type: Pull Request
State: Open
Author: dependabot[bot] dependabot[bot]
Association: Unknown
Comments: 3
Created: May 26, 2026 at 02:43 AM UTC
(6 days ago)
Updated: May 26, 2026 at 07:48 AM UTC
(6 days ago)
Labels:
T:dependencies
Description:

Bumps the all-go group with 7 updates in the / directory:

Package From To
connectrpc.com/connect 1.19.2 1.20.0
github.com/aws/aws-sdk-go-v2/config 1.32.17 1.32.18
github.com/aws/aws-sdk-go-v2/service/kms 1.51.1 1.52.0
github.com/libp2p/go-libp2p-kad-dht 0.39.2 0.40.0
golang.org/x/crypto 0.51.0 0.52.0
golang.org/x/net 0.54.0 0.55.0
google.golang.org/api 0.279.0 0.280.0

Bumps the all-go group with 2 updates in the /execution/grpc directory: connectrpc.com/connect and golang.org/x/net.

Updates connectrpc.com/connect from 1.19.2 to 1.20.0

Release notes

Sourced from connectrpc.com/connect's releases.

v1.20.0

What's Changed

Other changes

New Contributors

Full Changelog: https://github.com/connectrpc/connect-go/compare/v1.19.2...v1.20.0

Commits

Updates github.com/aws/aws-sdk-go-v2/config from 1.32.17 to 1.32.18

Commits

Updates github.com/aws/aws-sdk-go-v2/service/kms from 1.51.1 to 1.52.0

Commits

Updates github.com/libp2p/go-libp2p-kad-dht from 0.39.2 to 0.40.0

Release notes

Sourced from github.com/libp2p/go-libp2p-kad-dht's releases.

v0.40.0

[!NOTE] This release was brought to you by the Shipyard team.

Highlights

⚠️ Breaking change

  • SweepingProvider.Stats() now takes a context.Context and returns (stats.Stats, error). Callers must pass a ctx with a deadline — the key count is fetched through the keystore worker and can stall behind a slow datastore op. (#1251 by @​guillaumemichel)

Fixes

Other

Full Changelog: https://github.com/libp2p/go-libp2p-kad-dht/compare/v0.39.2...v0.40.0

Commits
  • d40b14b chore: release v0.40.0 (#1257)
  • 7b0dd02 fix(ResettableKeystore): speed up reset process and keep worker responsive (#...
  • d5ed076 fix(provider): hold cycleStatsLk in batchReprovide defer (#1255)
  • b73e1e8 fix(provider): per-peer timeout on ADD_PROVIDER sends (#1252)
  • 63a3e3c fix(provider)!: bound keystore.Size in Stats with a timeout (#1251)
  • 3562661 update dependencies (#1250)
  • See full diff in compare view

Updates golang.org/x/crypto from 0.51.0 to 0.52.0

Commits
  • a1c0d99 go.mod: update golang.org/x dependencies
  • 3c7c869 ssh: fix deadlock on unexpected channel responses
  • 533fb3f ssh: fix source-address critical option bypass
  • abbc44d ssh: fix incorrect operator order
  • e052873 ssh: fix infinite loop on large channel writes due to integer overflow
  • b61cf85 ssh: enforce user presence verification for security keys
  • 9c2cd33 ssh: enforce strict limits on DSA key parameters
  • 8907318 ssh: reject RSA keys with excessively large moduli
  • ffd87b4 ssh: fix panic when authority callbacks are nil
  • 4e7a738 ssh: fix deadlock on unexpected global responses
  • Additional commits viewable in compare view

Updates golang.org/x/net from 0.54.0 to 0.55.0

Commits
  • 7770ec4 go.mod: update golang.org/x dependencies
  • 4ece7b6 html: escape greater-than symbol in doctype identifiers
  • 08be507 html: improve Noah's Ark clause performance
  • a8fb2fe html: properly render fostered elements in foreign content
  • 0dc5b7a html: properly check namespace in "in body" any other end tag
  • a452f3c html: ignore duplicate attributes during tokenization
  • f865199 quic: fix appendMaxDataFrame erroneously accumulating sentLimit
  • 210ed3c quic: establish a "happened-before" relationship between stream write and read
  • ad8140e quic: fix buffer slicing when handling overlapping stream data
  • 23ee2ef http2: avoid API changes when built with go1.27
  • See full diff in compare view

Updates google.golang.org/api from 0.279.0 to 0.280.0

Release notes

Sourced from google.golang.org/api's releases.

v0.280.0

0.280.0 (2026-05-19)

Features

Changelog

Sourced from google.golang.org/api's changelog.

0.280.0 (2026-05-19)

Features

Commits

Updates connectrpc.com/connect from 1.19.2 to 1.20.0

Release notes

Sourced from connectrpc.com/connect's releases.

v1.20.0

What's Changed

Other changes

New Contributors

Full Changelog: https://github.com/connectrpc/connect-go/compare/v1.19.2...v1.20.0

Commits

Updates golang.org/x/net from 0.54.0 to 0.55.0

Commits
  • 7770ec4 go.mod: update golang.org/x dependencies
  • 4ece7b6 html: escape greater-than symbol in doctype identifiers
  • 08be507 html: improve Noah's Ark clause performance
  • a8fb2fe html: properly render fostered elements in foreign content
  • 0dc5b7a html: properly check namespace in "in body" any other end tag
  • a452f3c html: ignore duplicate attributes during tokenization
  • f865199 quic: fix appendMaxDataFrame erroneously accumulating sentLimit
  • 210ed3c quic: establish a "happened-before" relationship between stream write and read
  • ad8140e quic: fix buffer slicing when handling overlapping stream data
  • 23ee2ef http2: avoid API changes when built with go1.27
  • See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
Package Dependencies
Package:
golang.org/x/crypto
Ecosystem:
go
Version Change:
0.51.0 → 0.52.0
Update Type:
Minor
Package:
golang.org/x/net
Ecosystem:
go
Version Change:
0.54.0 → 0.55.0
Update Type:
Minor
Package:
google.golang.org/api
Ecosystem:
go
Version Change:
0.279.0 → 0.280.0
Update Type:
Minor
Package:
connectrpc.com/connect
Ecosystem:
go
Version Change:
1.19.2 → 1.20.0
Update Type:
Minor
Package:
github.com/aws/aws-sdk-go-v2/service/kms
Ecosystem:
go
Version Change:
1.51.1 → 1.52.0
Update Type:
Minor
Package:
github.com/aws/aws-sdk-go-v2/config
Ecosystem:
go
Version Change:
1.32.17 → 1.32.18
Update Type:
Patch
Package:
github.com/libp2p/go-libp2p-kad-dht
Ecosystem:
go
Version Change:
0.39.2 → 0.40.0
Update Type:
Minor
Actions
View on GitHub View Repository All Dependabot PRs
Technical Details
ID: 15930232
UUID: 4520904981
Node ID: PR_kwDOFABrEc7fPYx9
Host: GitHub
Repository: evstack/ev-node