Bump the all-deps group with 7 updates by dependabot[bot] · Pull Request #1701 · google/certificate-transparency-go

dependabot · 2025-05-19T12:47:54Z

Bumps the all-deps group with 7 updates:

Package	From	To
github.com/jackc/pgx/v5	`5.7.4`	`5.7.5`
go.etcd.io/etcd/client/v3	`3.5.21`	`3.6.0`
go.etcd.io/etcd/etcdctl/v3	`3.5.21`	`3.6.0`
go.etcd.io/etcd/v3	`3.5.21`	`3.6.0`
golang.org/x/crypto	`0.37.0`	`0.38.0`
golang.org/x/net	`0.39.0`	`0.40.0`
google.golang.org/grpc	`1.72.0`	`1.72.1`

Updates github.com/jackc/pgx/v5 from 5.7.4 to 5.7.5

Changelog

Sourced from github.com/jackc/pgx/v5's changelog.

5.7.5 (May 17, 2025)

Support sslnegotiation connection option (divyam234)

Update golang.org/x/crypto to v0.37.0. This placates security scanners that were unable to see that pgx did not use the behavior affected by https://pkg.go.dev/vuln/GO-2025-3487.

TraceLog now logs Acquire and Release at the debug level (dave sinclair)

Add support for PGTZ environment variable

Add support for PGOPTIONS environment variable

Unpin memory used by Rows quicker

Remove PlanScan memoization. This resolves a rare issue where scanning could be broken for one type by first scanning another. The problem was in the memoization system and benchmarking revealed that memoization was not providing any meaningful benefit.

Commits

15bca4a Release v5.7.5
1d557f9 Remove PlanScan memoization
de7fe81 Use reflect.TypeFor instead of reflect.TypeOf
d9eb089 Remove unused function
6be24eb Fix comment typo
07871c0 Zero internal baseRows references to allow GC earlier
777e7e5 Merge pull request #2313 from stampy88/tracelog_pool_additions
151bd02 Switched to LogLevelDebug
540fcaa Add support for PGOPTIONS environment variable
3a248e3 Add support for PGTZ environment variable
Additional commits viewable in compare view

Updates go.etcd.io/etcd/client/v3 from 3.5.21 to 3.6.0

Release notes

Sourced from go.etcd.io/etcd/client/v3's releases.

v3.6.0

Please check out CHANGELOG for a full list of changes. And make sure to read upgrade guide before upgrading etcd (there may be breaking changes).

For installation guides, please check out play.etcd.io and operating etcd. Latest support status for common architectures and operating systems can be found at supported platforms.

Linux

ETCD_VER=v3.6.0
choose either URL
GOOGLE_URL=https://storage.googleapis.com/etcd
GITHUB_URL=https://github.com/etcd-io/etcd/releases/download
DOWNLOAD_URL=${GOOGLE_URL}
rm -f /tmp/etcd-${ETCD_VER}-linux-amd64.tar.gz
rm -rf /tmp/etcd-download-test && mkdir -p /tmp/etcd-download-test
curl -L ${DOWNLOAD_URL}/${ETCD_VER}/etcd-${ETCD_VER}-linux-amd64.tar.gz -o /tmp/etcd-${ETCD_VER}-linux-amd64.tar.gz
tar xzvf /tmp/etcd-${ETCD_VER}-linux-amd64.tar.gz -C /tmp/etcd-download-test --strip-components=1 --no-same-owner
rm -f /tmp/etcd-${ETCD_VER}-linux-amd64.tar.gz
/tmp/etcd-download-test/etcd --version
/tmp/etcd-download-test/etcdctl version
/tmp/etcd-download-test/etcdutl version
start a local etcd server
/tmp/etcd-download-test/etcd
write,read to etcd
/tmp/etcd-download-test/etcdctl --endpoints=localhost:2379 put foo bar
/tmp/etcd-download-test/etcdctl --endpoints=localhost:2379 get foo

macOS (Darwin)

ETCD_VER=v3.6.0
choose either URL
GOOGLE_URL=https://storage.googleapis.com/etcd
GITHUB_URL=https://github.com/etcd-io/etcd/releases/download
DOWNLOAD_URL=${GOOGLE_URL}
rm -f /tmp/etcd-${ETCD_VER}-darwin-amd64.zip
rm -rf /tmp/etcd-download-test && mkdir -p /tmp/etcd-download-test
curl -L ${DOWNLOAD_URL}/${ETCD_VER}/etcd-${ETCD_VER}-darwin-amd64.zip -o /tmp/etcd-${ETCD_VER}-darwin-amd64.zip
unzip /tmp/etcd-${ETCD_VER}-darwin-amd64.zip -d /tmp && rm -f /tmp/etcd-${ETCD_VER}-darwin-amd64.zip
mv /tmp/etcd-${ETCD_VER}-darwin-amd64/* /tmp/etcd-download-test && rm -rf mv /tmp/etcd-${ETCD_VER}-darwin-amd64
</tr></table>

... (truncated)

Commits

f5d605a Merge pull request #19951 from ahrtr/release_script_20250515
a1bcdc7 Update release script to exactly match the target tag
7a7a77c version: bump up to 3.6.0
115f15e version: bump up to 3.6.0-rc.5
53b485a Merge pull request #19890 from k8s-infra-cherrypick-robot/cherry-pick-19862-t...
c774d44 Fix the tar unzip command, adding the --no-same-owner option to avoid permiss...
8d1d1a9 Merge pull request #19867 from ivanvc/release-3.6-go-1.23.9-bump
cddc9bc Bump Go to 1.23.9
1a1cc66 Merge pull request #19853 from k8s-infra-cherrypick-robot/cherry-pick-19848-t...
9f66823 fix: test-release
Additional commits viewable in compare view

Updates go.etcd.io/etcd/etcdctl/v3 from 3.5.21 to 3.6.0

Release notes

Sourced from go.etcd.io/etcd/etcdctl/v3's releases.

v3.6.0

Please check out CHANGELOG for a full list of changes. And make sure to read upgrade guide before upgrading etcd (there may be breaking changes).

For installation guides, please check out play.etcd.io and operating etcd. Latest support status for common architectures and operating systems can be found at supported platforms.

Linux

ETCD_VER=v3.6.0
choose either URL
GOOGLE_URL=https://storage.googleapis.com/etcd
GITHUB_URL=https://github.com/etcd-io/etcd/releases/download
DOWNLOAD_URL=${GOOGLE_URL}
rm -f /tmp/etcd-${ETCD_VER}-linux-amd64.tar.gz
rm -rf /tmp/etcd-download-test && mkdir -p /tmp/etcd-download-test
curl -L ${DOWNLOAD_URL}/${ETCD_VER}/etcd-${ETCD_VER}-linux-amd64.tar.gz -o /tmp/etcd-${ETCD_VER}-linux-amd64.tar.gz
tar xzvf /tmp/etcd-${ETCD_VER}-linux-amd64.tar.gz -C /tmp/etcd-download-test --strip-components=1 --no-same-owner
rm -f /tmp/etcd-${ETCD_VER}-linux-amd64.tar.gz
/tmp/etcd-download-test/etcd --version
/tmp/etcd-download-test/etcdctl version
/tmp/etcd-download-test/etcdutl version
start a local etcd server
/tmp/etcd-download-test/etcd
write,read to etcd
/tmp/etcd-download-test/etcdctl --endpoints=localhost:2379 put foo bar
/tmp/etcd-download-test/etcdctl --endpoints=localhost:2379 get foo

macOS (Darwin)

ETCD_VER=v3.6.0
choose either URL
GOOGLE_URL=https://storage.googleapis.com/etcd
GITHUB_URL=https://github.com/etcd-io/etcd/releases/download
DOWNLOAD_URL=${GOOGLE_URL}
rm -f /tmp/etcd-${ETCD_VER}-darwin-amd64.zip
rm -rf /tmp/etcd-download-test && mkdir -p /tmp/etcd-download-test
curl -L ${DOWNLOAD_URL}/${ETCD_VER}/etcd-${ETCD_VER}-darwin-amd64.zip -o /tmp/etcd-${ETCD_VER}-darwin-amd64.zip
unzip /tmp/etcd-${ETCD_VER}-darwin-amd64.zip -d /tmp && rm -f /tmp/etcd-${ETCD_VER}-darwin-amd64.zip
mv /tmp/etcd-${ETCD_VER}-darwin-amd64/* /tmp/etcd-download-test && rm -rf mv /tmp/etcd-${ETCD_VER}-darwin-amd64
</tr></table>

... (truncated)

Commits

f5d605a Merge pull request #19951 from ahrtr/release_script_20250515
a1bcdc7 Update release script to exactly match the target tag
7a7a77c version: bump up to 3.6.0
115f15e version: bump up to 3.6.0-rc.5
53b485a Merge pull request #19890 from k8s-infra-cherrypick-robot/cherry-pick-19862-t...
c774d44 Fix the tar unzip command, adding the --no-same-owner option to avoid permiss...
8d1d1a9 Merge pull request #19867 from ivanvc/release-3.6-go-1.23.9-bump
cddc9bc Bump Go to 1.23.9
1a1cc66 Merge pull request #19853 from k8s-infra-cherrypick-robot/cherry-pick-19848-t...
9f66823 fix: test-release
Additional commits viewable in compare view

Updates go.etcd.io/etcd/v3 from 3.5.21 to 3.6.0

Release notes

Sourced from go.etcd.io/etcd/v3's releases.

v3.6.0

Please check out CHANGELOG for a full list of changes. And make sure to read upgrade guide before upgrading etcd (there may be breaking changes).

For installation guides, please check out play.etcd.io and operating etcd. Latest support status for common architectures and operating systems can be found at supported platforms.

Linux

ETCD_VER=v3.6.0
choose either URL
GOOGLE_URL=https://storage.googleapis.com/etcd
GITHUB_URL=https://github.com/etcd-io/etcd/releases/download
DOWNLOAD_URL=${GOOGLE_URL}
rm -f /tmp/etcd-${ETCD_VER}-linux-amd64.tar.gz
rm -rf /tmp/etcd-download-test && mkdir -p /tmp/etcd-download-test
curl -L ${DOWNLOAD_URL}/${ETCD_VER}/etcd-${ETCD_VER}-linux-amd64.tar.gz -o /tmp/etcd-${ETCD_VER}-linux-amd64.tar.gz
tar xzvf /tmp/etcd-${ETCD_VER}-linux-amd64.tar.gz -C /tmp/etcd-download-test --strip-components=1 --no-same-owner
rm -f /tmp/etcd-${ETCD_VER}-linux-amd64.tar.gz
/tmp/etcd-download-test/etcd --version
/tmp/etcd-download-test/etcdctl version
/tmp/etcd-download-test/etcdutl version
start a local etcd server
/tmp/etcd-download-test/etcd
write,read to etcd
/tmp/etcd-download-test/etcdctl --endpoints=localhost:2379 put foo bar
/tmp/etcd-download-test/etcdctl --endpoints=localhost:2379 get foo

macOS (Darwin)

ETCD_VER=v3.6.0
choose either URL
GOOGLE_URL=https://storage.googleapis.com/etcd
GITHUB_URL=https://github.com/etcd-io/etcd/releases/download
DOWNLOAD_URL=${GOOGLE_URL}
rm -f /tmp/etcd-${ETCD_VER}-darwin-amd64.zip
rm -rf /tmp/etcd-download-test && mkdir -p /tmp/etcd-download-test
curl -L ${DOWNLOAD_URL}/${ETCD_VER}/etcd-${ETCD_VER}-darwin-amd64.zip -o /tmp/etcd-${ETCD_VER}-darwin-amd64.zip
unzip /tmp/etcd-${ETCD_VER}-darwin-amd64.zip -d /tmp && rm -f /tmp/etcd-${ETCD_VER}-darwin-amd64.zip
mv /tmp/etcd-${ETCD_VER}-darwin-amd64/* /tmp/etcd-download-test && rm -rf mv /tmp/etcd-${ETCD_VER}-darwin-amd64
</tr></table>

... (truncated)

Commits

f5d605a Merge pull request #19951 from ahrtr/release_script_20250515
a1bcdc7 Update release script to exactly match the target tag
7a7a77c version: bump up to 3.6.0
115f15e version: bump up to 3.6.0-rc.5
53b485a Merge pull request #19890 from k8s-infra-cherrypick-robot/cherry-pick-19862-t...
c774d44 Fix the tar unzip command, adding the --no-same-owner option to avoid permiss...
8d1d1a9 Merge pull request #19867 from ivanvc/release-3.6-go-1.23.9-bump
cddc9bc Bump Go to 1.23.9
1a1cc66 Merge pull request #19853 from k8s-infra-cherrypick-robot/cherry-pick-19848-t...
9f66823 fix: test-release
Additional commits viewable in compare view

Updates golang.org/x/crypto from 0.37.0 to 0.38.0

Commits

aae6e61 go.mod: update golang.org/x dependencies
9c1aa6a ssh/test: reset the random source before capturing a recording
8819902 ssh/test: enable Diffie-Hellman key exchange algorithms
3f311e4 acme: return error from pre-authorization when unsupported
1f7c62c ssh/test: skip unsupported tests on js/wasm
a5f8048 acme/autocert: use standard functions to pick the cache directory
958cde8 Revert "chacha20: add loong64 SIMD implementation"
51f005c Revert "salsa20: add loong64 SIMD implementation"
7c35866 Revert "argon2: add loong64 SIMD implementation"
0091fc8 Revert "blake2s: add loong64 SIMD implementation"
Additional commits viewable in compare view

Updates golang.org/x/net from 0.39.0 to 0.40.0

Commits

7d6e62a go.mod: update golang.org/x dependencies
ea0c1d9 internal/timeseries: use built-in max/min to simplify the code
3e7a445 quic: skip packet numbers for optimistic ack defense
3f563d3 quic: use an enum for sentPacket state
a3b6e77 quic: don't re-lose packets when discarding keys
22500a6 quic: decode packet numbers >255 in tests
dd0b200 quic: remove go1.21 build constraint
See full diff in compare view

Updates google.golang.org/grpc from 1.72.0 to 1.72.1

Release notes

Sourced from google.golang.org/grpc's releases.

Release 1.72.1

Bug Fixes

client: HTTP Proxy connections are no longer attempted for addresses with non-TCP network types. (#8215)

client: Fix bug that causes RPCs to fail with status INTERNAL instead of CANCELLED or DEADLINE_EXCEEDED when receiving a RST_STREAM frame in the middle of the gRPC message. (#8289)

Commits

4cf3cf7 Change version to 1.72.1 (#8319)
537fe8d transport: Propagate status code on receiving RST_STREAM during message read ...
f32eab3 cherry-pick #8302 and #8304 to v1.72.x branch (#8303)
7fcfc87 internal/delegatingresolver: avoid proxy if networktype of target address is ...
ad1e120 Change version to 1.72.1-dev (#8219)
See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the all-deps group with 7 updates: | Package | From | To | | --- | --- | --- | | [github.com/jackc/pgx/v5](https://github.com/jackc/pgx) | `5.7.4` | `5.7.5` | | [go.etcd.io/etcd/client/v3](https://github.com/etcd-io/etcd) | `3.5.21` | `3.6.0` | | [go.etcd.io/etcd/etcdctl/v3](https://github.com/etcd-io/etcd) | `3.5.21` | `3.6.0` | | [go.etcd.io/etcd/v3](https://github.com/etcd-io/etcd) | `3.5.21` | `3.6.0` | | [golang.org/x/crypto](https://github.com/golang/crypto) | `0.37.0` | `0.38.0` | | [golang.org/x/net](https://github.com/golang/net) | `0.39.0` | `0.40.0` | | [google.golang.org/grpc](https://github.com/grpc/grpc-go) | `1.72.0` | `1.72.1` | Updates `github.com/jackc/pgx/v5` from 5.7.4 to 5.7.5 - [Changelog](https://github.com/jackc/pgx/blob/master/CHANGELOG.md) - [Commits](jackc/pgx@v5.7.4...v5.7.5) Updates `go.etcd.io/etcd/client/v3` from 3.5.21 to 3.6.0 - [Release notes](https://github.com/etcd-io/etcd/releases) - [Commits](etcd-io/etcd@v3.5.21...v3.6.0) Updates `go.etcd.io/etcd/etcdctl/v3` from 3.5.21 to 3.6.0 - [Release notes](https://github.com/etcd-io/etcd/releases) - [Commits](etcd-io/etcd@v3.5.21...v3.6.0) Updates `go.etcd.io/etcd/v3` from 3.5.21 to 3.6.0 - [Release notes](https://github.com/etcd-io/etcd/releases) - [Commits](etcd-io/etcd@v3.5.21...v3.6.0) Updates `golang.org/x/crypto` from 0.37.0 to 0.38.0 - [Commits](golang/crypto@v0.37.0...v0.38.0) Updates `golang.org/x/net` from 0.39.0 to 0.40.0 - [Commits](golang/net@v0.39.0...v0.40.0) Updates `google.golang.org/grpc` from 1.72.0 to 1.72.1 - [Release notes](https://github.com/grpc/grpc-go/releases) - [Commits](grpc/grpc-go@v1.72.0...v1.72.1) --- updated-dependencies: - dependency-name: github.com/jackc/pgx/v5 dependency-version: 5.7.5 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all-deps - dependency-name: go.etcd.io/etcd/client/v3 dependency-version: 3.6.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all-deps - dependency-name: go.etcd.io/etcd/etcdctl/v3 dependency-version: 3.6.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all-deps - dependency-name: go.etcd.io/etcd/v3 dependency-version: 3.6.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all-deps - dependency-name: golang.org/x/crypto dependency-version: 0.38.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all-deps - dependency-name: golang.org/x/net dependency-version: 0.40.0 dependency-type: indirect update-type: version-update:semver-minor dependency-group: all-deps - dependency-name: google.golang.org/grpc dependency-version: 1.72.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all-deps ... Signed-off-by: dependabot[bot] <support@github.com>

dpebot · 2025-05-19T12:48:01Z

/gcbrun

dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels May 19, 2025

dependabot bot requested a review from a team as a code owner May 19, 2025 12:47

dependabot bot requested review from phbnf and removed request for a team May 19, 2025 12:47

dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels May 19, 2025

phbnf approved these changes May 19, 2025

View reviewed changes

phbnf merged commit dbf4a2b into master May 19, 2025
8 checks passed

phbnf deleted the dependabot/go_modules/all-deps-84120157f1 branch May 19, 2025 16:37

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump the all-deps group with 7 updates#1701

Bump the all-deps group with 7 updates#1701
phbnf merged 1 commit intomasterfrom
dependabot/go_modules/all-deps-84120157f1

dependabot bot commented on behalf of github May 19, 2025

Uh oh!

dpebot commented May 19, 2025

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Conversation

dependabot bot commented on behalf of github May 19, 2025

5.7.5 (May 17, 2025)

v3.6.0

Linux

macOS (Darwin)

v3.6.0

Linux

macOS (Darwin)

v3.6.0

Linux

macOS (Darwin)

Release 1.72.1

Bug Fixes

Uh oh!

dpebot commented May 19, 2025

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants