Skip to content

chore(deps): bump the go group across 1 directory with 23 updates#6011

Merged
agocs merged 5 commits into
mainfrom
dependabot/go_modules/go-f49efe7993
Jan 5, 2026
Merged

chore(deps): bump the go group across 1 directory with 23 updates#6011
agocs merged 5 commits into
mainfrom
dependabot/go_modules/go-f49efe7993

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Dec 29, 2025
edited
Loading

Copy link
Copy Markdown
Contributor

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Dec 29, 2025
@dependabot dependabot Bot requested a review from a team as a code owner December 29, 2025 20:51
@dependabot dependabot Bot requested a review from agocs December 29, 2025 20:51
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Dec 29, 2025
@dependabot
chore(deps): bump the go group across 1 directory with 23 updates
3b3a0b4 
---
updated-dependencies:
- dependency-name: buf.build/gen/go/bufbuild/protovalidate/protocolbuffers/go
  dependency-version: 1.36.11-20251209175733-2a1774d88802.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go
- dependency-name: buf.build/go/protovalidate
  dependency-version: 1.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: cloud.google.com/go/storage
  dependency-version: 1.58.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: github.com/VictoriaMetrics/fastcache
  dependency-version: 1.13.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go
- dependency-name: github.com/aws/aws-sdk-go-v2/service/s3
  dependency-version: 1.95.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: github.com/bits-and-blooms/bitset
  dependency-version: 1.24.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go
- dependency-name: github.com/cloudflare/circl
  dependency-version: 1.6.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go
- dependency-name: github.com/cockroachdb/pebble/v2
  dependency-version: 2.1.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go
- dependency-name: github.com/docker/docker
  dependency-version: 28.5.2+incompatible
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go
- dependency-name: github.com/envoyproxy/go-control-plane
  dependency-version: 0.14.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: github.com/envoyproxy/go-control-plane/envoy
  dependency-version: 1.36.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: github.com/envoyproxy/protoc-gen-validate
  dependency-version: 1.3.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: github.com/grpc-ecosystem/go-grpc-middleware/v2
  dependency-version: 2.3.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go
- dependency-name: github.com/jackc/pgx/v5
  dependency-version: 5.8.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: github.com/minio/minio-go/v7
  dependency-version: 7.0.97
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go
- dependency-name: github.com/open-policy-agent/opa
  dependency-version: 1.12.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: github.com/prometheus/common
  dependency-version: 0.67.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go
- dependency-name: github.com/quic-go/quic-go
  dependency-version: 0.58.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: github.com/testcontainers/testcontainers-go
  dependency-version: 0.40.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: go.uber.org/zap
  dependency-version: 1.27.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go
- dependency-name: golang.org/x/exp
  dependency-version: 0.0.0-20250813145105-42675adae3e6
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go
- dependency-name: golang.org/x/mod
  dependency-version: 0.31.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: google.golang.org/grpc
  dependency-version: 1.78.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/go_modules/go-f49efe7993 branch from 0dfdb5f to 3b3a0b4 Compare December 29, 2025 20:59
@agocs agocs mentioned this pull request Dec 30, 2025
Merged
4 tasks
agocs added a commit that referenced this pull request Dec 30, 2025
@agocs
Add timeouts to the contexts in TestLoadSessionHandle (#6022)
37af9a0 
## Summary

#6011 wants to bump
`google.golang.org/grpc` from v1.77.0 to v1.78.0. [1] That is causing
TestLoadSessionHandle in github.com/pomerium/pomerium/proxy to time out
after 10 minutes. The tests create new proxies and call ServeHTTP on
test requests. That execution gets all the way to [GetDataBrokerRecord
in
querier.go](https://github.com/pomerium/pomerium/blob/ba0fcffe81f27f33dd5aa858dba3a1276208ddcd/pkg/storage/querier.go#L70-L95),
where it stalls out on `res, err := q.Query(ctx, req,
grpc.WaitForReady(true))`.

What I think is happening is 
`grpc.WaitForReady(true)` makes `q.Query` wait for the GRPC client to
connect to the server. [grpc-go
v1.78.0](https://github.com/grpc/grpc-go/releases/tag/v1.78.0) fixes a
[bug](grpc/grpc-go#8710) where the client would
stay in the IDLE state while trying to connect to the GRPC server. What
happens now is the client moves to the TRANSIENT_FAILURE state. The
WaitForReady option sees TRANSIENT_FAILURE and waits until that failure
fixes itself.

By setting a timeout in the context, we pass that context to `q.Query`
eventually, the timeout fires, and GetDataBrokerRecord returns, which is
what the test expected all along.

[1]: I bisected the go.mod file in that branch to figure out which
dependency was causing the test to time out.

## Related issues

#6011
grpc/grpc-go#8710

## User Explanation

This fixes a bug that was causing a test to fail. The test was relying
on a bug in the grpc-go client, which was fixed.

## Checklist

- [x] reference any related issues
- [x] updated unit tests
- [x] add appropriate label (`enhancement`, `bug`, `breaking`,
`dependencies`, `ci`)
- [x] ready for review
@coveralls

coveralls commented Jan 5, 2026
edited
Loading

Copy link
Copy Markdown

Pull Request Test Coverage Report for Build 20726200702

Details

  • 0 of 0 changed or added relevant lines in 0 files are covered.
  • 37 unchanged lines in 8 files lost coverage.
  • Overall coverage decreased (-0.009%) to 52.893%
Files with Coverage Reduction New Missed Lines %
pkg/storage/postgres/registry.go 1 75.41%
pkg/fanout/receive.go 2 94.55%
pkg/identity/manager/schedulers.go 2 95.83%
internal/databroker/server_clustered_follower.go 4 65.22%
config/config_source.go 6 90.69%
pkg/storage/postgres/backend.go 6 78.24%
pkg/grpcutil/client_manager.go 7 72.3%
pkg/ssh/manager.go 9 87.23%
Totals Coverage Status
Change from base Build 20668040185: -0.009%
Covered Lines: 29459
Relevant Lines: 55695
💛 - Coveralls

agocs
agocs approved these changes Jan 5, 2026
View reviewed changes

@agocs agocs left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

😮‍💨

@agocs agocs merged commit e63ee7f into main Jan 5, 2026
14 checks passed
@agocs agocs deleted the dependabot/go_modules/go-f49efe7993 branch January 5, 2026 19:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@agocs agocs agocs approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file go Pull requests that update Go code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@coveralls @agocs @wasaga