Skip to content

chore(deps): bump the go_modules group across 5 directories with 5 updates#138

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/go_modules/auth/go_modules-77df8118d4
Open

chore(deps): bump the go_modules group across 5 directories with 5 updates#138
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/go_modules/auth/go_modules-77df8118d4

Conversation

@dependabot
Copy link
Copy Markdown

@dependabot dependabot Bot commented on behalf of github May 6, 2026
edited
Loading

Bumps the go_modules group with 2 updates in the /auth directory: github.com/golang-jwt/jwt/v4 and github.com/jackc/pgx/v5.
Bumps the go_modules group with 2 updates in the /gr24 directory: golang.org/x/crypto and github.com/eclipse/paho.mqtt.golang.
Bumps the go_modules group with 2 updates in the /gr25 directory: golang.org/x/crypto and github.com/eclipse/paho.mqtt.golang.
Bumps the go_modules group with 2 updates in the /gr26 directory: github.com/jackc/pgx/v5 and github.com/eclipse/paho.mqtt.golang.
Bumps the go_modules group with 1 update in the /vehicle directory: github.com/jackc/pgx/v5.

Updates github.com/golang-jwt/jwt/v4 from 4.5.1 to 4.5.2

Release notes

Sourced from github.com/golang-jwt/jwt/v4's releases.

v4.5.2

See GHSA-mh63-6h87-95cp

Full Changelog: golang-jwt/jwt@v4.5.1...v4.5.2

Commits

Updates github.com/jackc/pgx/v5 from 5.6.0 to 5.9.2

Changelog

Sourced from github.com/jackc/pgx/v5's changelog.

5.9.2 (April 18, 2026)

Fix SQL Injection via placeholder confusion with dollar quoted string literals (GHSA-j88v-2chj-qfwx)

SQL injection can occur when:

  1. The non-default simple protocol is used.
  2. A dollar quoted string literal is used in the SQL query.
  3. That query contains text that would be would be interpreted outside as a placeholder outside of a string literal.
  4. The value of that placeholder is controllable by the attacker.

e.g.

attackValue := `$tag$; drop table canary; --`
_, err = tx.Exec(ctx, `select $tag$ $1 $tag$, $1`, pgx.QueryExecModeSimpleProtocol, attackValue)

This is unlikely to occur outside of a contrived scenario.

5.9.1 (March 22, 2026)

  • Fix: batch result format corruption when using cached prepared statements (reported by Dirkjan Bussink)

5.9.0 (March 21, 2026)

This release includes a number of new features such as SCRAM-SHA-256-PLUS support, OAuth authentication support, and PostgreSQL protocol 3.2 support.

It significantly reduces the amount of network traffic when using prepared statements (which are used automatically by default) by avoiding unnecessary Describe Portal messages. This also reduces local memory usage.

It also includes multiple fixes for potential DoS due to panic or OOM if connected to a malicious server that sends deliberately malformed messages.

  • Require Go 1.25+
  • Add SCRAM-SHA-256-PLUS support (Adam Brightwell)
  • Add OAuth authentication support for PostgreSQL 18 (David Schneider)
  • Add PostgreSQL protocol 3.2 support (Dirkjan Bussink)
  • Add tsvector type support (Adam Brightwell)
  • Skip Describe Portal for cached prepared statements reducing network round trips
  • Make LoadTypes query easier to support on "postgres-like" servers (Jelte Fennema-Nio)
  • Default empty user to current OS user matching libpq behavior (ShivangSrivastava)
  • Optimize LRU statement cache with custom linked list and node pooling (Mathias Bogaert)
  • Optimize date scanning by replacing regex with manual parsing (Mathias Bogaert)
  • Optimize pgio append/set functions with direct byte shifts (Mathias Bogaert)
  • Make RowsAffected faster (Abhishek Chanda)
  • Fix: Pipeline.Close panic when server sends multiple FATAL errors (Varun Chawla)
  • Fix: ContextWatcher goroutine leak (Hank Donnay)
  • Fix: stdlib discard connections with open transactions in ResetSession (Jeremy Schneider)

... (truncated)

Commits
  • 0aeabbc Release v5.9.2
  • 60644f8 Fix SQL sanitizer bugs with dollar-quoted strings and placeholder overflow
  • a5680bc Merge pull request #2531 from dolmen-go/godoc-add-links
  • e34e452 doc: Add godoc links
  • 08c9bb1 Fix Stringer types encoded as text instead of numeric value in composite fields
  • 96b4dbd Remove unstable test
  • acf88e0 Merge pull request #2526 from abrightwell/abrightwell-min-proto
  • 2f81f1f Update max_protocol_version and min_protocol_version defaults
  • 4e4eaed Release v5.9.1
  • 6273188 Fix batch result format corruption when using cached prepared statements
  • Additional commits viewable in compare view

Updates github.com/jackc/pgx/v5 from 5.6.0 to 5.9.2

Changelog

Sourced from github.com/jackc/pgx/v5's changelog.

5.9.2 (April 18, 2026)

Fix SQL Injection via placeholder confusion with dollar quoted string literals (GHSA-j88v-2chj-qfwx)

SQL injection can occur when:

  1. The non-default simple protocol is used.
  2. A dollar quoted string literal is used in the SQL query.
  3. That query contains text that would be would be interpreted outside as a placeholder outside of a string literal.
  4. The value of that placeholder is controllable by the attacker.

e.g.

attackValue := `$tag$; drop table canary; --`
_, err = tx.Exec(ctx, `select $tag$ $1 $tag$, $1`, pgx.QueryExecModeSimpleProtocol, attackValue)

This is unlikely to occur outside of a contrived scenario.

5.9.1 (March 22, 2026)

  • Fix: batch result format corruption when using cached prepared statements (reported by Dirkjan Bussink)

5.9.0 (March 21, 2026)

This release includes a number of new features such as SCRAM-SHA-256-PLUS support, OAuth authentication support, and PostgreSQL protocol 3.2 support.

It significantly reduces the amount of network traffic when using prepared statements (which are used automatically by default) by avoiding unnecessary Describe Portal messages. This also reduces local memory usage.

It also includes multiple fixes for potential DoS due to panic or OOM if connected to a malicious server that sends deliberately malformed messages.

  • Require Go 1.25+
  • Add SCRAM-SHA-256-PLUS support (Adam Brightwell)
  • Add OAuth authentication support for PostgreSQL 18 (David Schneider)
  • Add PostgreSQL protocol 3.2 support (Dirkjan Bussink)
  • Add tsvector type support (Adam Brightwell)
  • Skip Describe Portal for cached prepared statements reducing network round trips
  • Make LoadTypes query easier to support on "postgres-like" servers (Jelte Fennema-Nio)
  • Default empty user to current OS user matching libpq behavior (ShivangSrivastava)
  • Optimize LRU statement cache with custom linked list and node pooling (Mathias Bogaert)
  • Optimize date scanning by replacing regex with manual parsing (Mathias Bogaert)
  • Optimize pgio append/set functions with direct byte shifts (Mathias Bogaert)
  • Make RowsAffected faster (Abhishek Chanda)
  • Fix: Pipeline.Close panic when server sends multiple FATAL errors (Varun Chawla)
  • Fix: ContextWatcher goroutine leak (Hank Donnay)
  • Fix: stdlib discard connections with open transactions in ResetSession (Jeremy Schneider)

... (truncated)

Commits
  • 0aeabbc Release v5.9.2
  • 60644f8 Fix SQL sanitizer bugs with dollar-quoted strings and placeholder overflow
  • a5680bc Merge pull request #2531 from dolmen-go/godoc-add-links
  • e34e452 doc: Add godoc links
  • 08c9bb1 Fix Stringer types encoded as text instead of numeric value in composite fields
  • 96b4dbd Remove unstable test
  • acf88e0 Merge pull request #2526 from abrightwell/abrightwell-min-proto
  • 2f81f1f Update max_protocol_version and min_protocol_version defaults
  • 4e4eaed Release v5.9.1
  • 6273188 Fix batch result format corruption when using cached prepared statements
  • Additional commits viewable in compare view

Updates github.com/jackc/pgx/v5 from 5.6.0 to 5.9.2

Changelog

Sourced from github.com/jackc/pgx/v5's changelog.

5.9.2 (April 18, 2026)

Fix SQL Injection via placeholder confusion with dollar quoted string literals (GHSA-j88v-2chj-qfwx)

SQL injection can occur when:

  1. The non-default simple protocol is used.
  2. A dollar quoted string literal is used in the SQL query.
  3. That query contains text that would be would be interpreted outside as a placeholder outside of a string literal.
  4. The value of that placeholder is controllable by the attacker.

e.g.

attackValue := `$tag$; drop table canary; --`
_, err = tx.Exec(ctx, `select $tag$ $1 $tag$, $1`, pgx.QueryExecModeSimpleProtocol, attackValue)

This is unlikely to occur outside of a contrived scenario.

5.9.1 (March 22, 2026)

  • Fix: batch result format corruption when using cached prepared statements (reported by Dirkjan Bussink)

5.9.0 (March 21, 2026)

This release includes a number of new features such as SCRAM-SHA-256-PLUS support, OAuth authentication support, and PostgreSQL protocol 3.2 support.

It significantly reduces the amount of network traffic when using prepared statements (which are used automatically by default) by avoiding unnecessary Describe Portal messages. This also reduces local memory usage.

It also includes multiple fixes for potential DoS due to panic or OOM if connected to a malicious server that sends deliberately malformed messages.

  • Require Go 1.25+
  • Add SCRAM-SHA-256-PLUS support (Adam Brightwell)
  • Add OAuth authentication support for PostgreSQL 18 (David Schneider)
  • Add PostgreSQL protocol 3.2 support (Dirkjan Bussink)
  • Add tsvector type support (Adam Brightwell)
  • Skip Describe Portal for cached prepared statements reducing network round trips
  • Make LoadTypes query easier to support on "postgres-like" servers (Jelte Fennema-Nio)
  • Default empty user to current OS user matching libpq behavior (ShivangSrivastava)
  • Optimize LRU statement cache with custom linked list and node pooling (Mathias Bogaert)
  • Optimize date scanning by replacing regex with manual parsing (Mathias Bogaert)
  • Optimize pgio append/set functions with direct byte shifts (Mathias Bogaert)
  • Make RowsAffected faster (Abhishek Chanda)
  • Fix: Pipeline.Close panic when server sends multiple FATAL errors (Varun Chawla)
  • Fix: ContextWatcher goroutine leak (Hank Donnay)
  • Fix: stdlib discard connections with open transactions in ResetSession (Jeremy Schneider)

... (truncated)

Commits
  • 0aeabbc Release v5.9.2
  • 60644f8 Fix SQL sanitizer bugs with dollar-quoted strings and placeholder overflow
  • a5680bc Merge pull request #2531 from dolmen-go/godoc-add-links
  • e34e452 doc: Add godoc links
  • 08c9bb1 Fix Stringer types encoded as text instead of numeric value in composite fields
  • 96b4dbd Remove unstable test
  • acf88e0 Merge pull request #2526 from abrightwell/abrightwell-min-proto
  • 2f81f1f Update max_protocol_version and min_protocol_version defaults
  • 4e4eaed Release v5.9.1
  • 6273188 Fix batch result format corruption when using cached prepared statements
  • Additional commits viewable in compare view

Updates golang.org/x/crypto from 0.23.0 to 0.45.0

Commits
  • 4e0068c go.mod: update golang.org/x dependencies
  • e79546e ssh: curb GSSAPI DoS risk by limiting number of specified OIDs
  • f91f7a7 ssh/agent: prevent panic on malformed constraint
  • 2df4153 acme/autocert: let automatic renewal work with short lifetime certs
  • bcf6a84 acme: pass context to request
  • b4f2b62 ssh: fix error message on unsupported cipher
  • 79ec3a5 ssh: allow to bind to a hostname in remote forwarding
  • 122a78f go.mod: update golang.org/x dependencies
  • c0531f9 all: eliminate vet diagnostics
  • 0997000 all: fix some comments
  • Additional commits viewable in compare view

Updates golang.org/x/net from 0.25.0 to 0.47.0

Commits
  • 9a29643 go.mod: update golang.org/x dependencies
  • 07cefd8 context: deprecate
  • 5ac9dac publicsuffix: don't treat ip addresses as domain names
  • d1f64cc quic: use testing/synctest
  • fff0469 http2: document that RFC 7540 prioritization does not work with small payloads
  • f35e3a4 http2: fix weight overflow in RFC 7540 write scheduler
  • 89adc90 http2: fix typo referring to RFC 9218 as RFC 9128 instead
  • 8d76a2c quic: don't defer MAX_STREAMS frames indefinitely
  • 027f8b7 quic: fix expected ACK Delay in client's ACK after HANDSHAKE_DONE
  • dec9fe7 dns/dnsmessage: update SVCB packing to prohibit name compression
  • Additional commits viewable in compare view

Updates github.com/eclipse/paho.mqtt.golang from 1.4.3 to 1.5.1

Release notes

Sourced from github.com/eclipse/paho.mqtt.golang's releases.

v1.5.1

This is a minor release incorporating changes made in the 14 months since v1.5.0 (including updating dependencies, and raising the Go version to 1.24). The changes are relatively minor but address a potential security issue (CVE-2025-10543), possible panic, enable users to better monitor the connection status, and incorporate a few optimisations.

Thanks to those who have provided fixes/enhancements included in this release!

Special thanks to Paul Gerste at Sonar for reporting issue #730 via the Eclipse security team (fix was implemented in PR #714 in May, github issue created just prior to this release). This issue arose where a topic > 65535 bytes was passed to the Publish function, due to the way the data was encoded the topic could leak into the message body. Please see issue #730 or CVE-2025-10543 for further details.

What's Changed

Full Changelog: eclipse-paho/paho.mqtt.golang@v1.5.0...v1.5.1

v1.5.0

In the year since the release of v1.4.3 the majority of changes have been small incremental improvements/fixes. One notable change is that Go v1.20+ is now required (due to PR #646).

What's Changed

New Contributors

Full Changelog: eclipse-paho/paho.mqtt.golang@v1.4.3...v1.5.0

Commits
  • b305237 Update dependencies in docker examples
  • 35ee03d Potential panic when using manual ACK
  • 433bd22 address data race in test
  • 4debe3a Potential panic when using manual ACK
  • 601453b Resolve issues in fvt_client_test
  • 439e2ab Dependency update (also rise Go version to 1.24)
  • d276593 ConnectionNotificationHandler - generic callback for all types of connection ...
  • 8a350a9 notifications
  • 5620c5e notifications
  • 45048cc notifications
  • Additional commits viewable in compare view

Updates golang.org/x/crypto from 0.23.0 to 0.45.0

Commits
  • 4e0068c go.mod: update golang.org/x dependencies
  • e79546e ssh: curb GSSAPI DoS risk by limiting number of specified OIDs
  • f91f7a7 ssh/agent: prevent panic on malformed constraint
  • 2df4153 acme/autocert: let automatic renewal work with short lifetime certs
  • bcf6a84 acme: pass context to request
  • b4f2b62 ssh: fix error message on unsupported cipher
  • 79ec3a5 ssh: allow to bind to a hostname in remote forwarding
  • 122a78f go.mod: update golang.org/x dependencies
  • c0531f9 all: eliminate vet diagnostics
  • 0997000 all: fix some comments
  • Additional commits viewable in compare view

Updates golang.org/x/net from 0.25.0 to 0.47.0

Commits
  • 9a29643 go.mod: update golang.org/x dependencies
  • 07cefd8 context: deprecate
  • 5ac9dac publicsuffix: don't treat ip addresses as domain names
  • d1f64cc quic: use testing/synctest
  • fff0469 http2: document that RFC 7540 prioritization does not work with small payloads
  • f35e3a4 http2: fix weight overflow in RFC 7540 write scheduler
  • 89adc90 http2: fix typo referring to RFC 9218 as RFC 9128 instead
  • 8d76a2c quic: don't defer MAX_STREAMS frames indefinitely
  • 027f8b7 quic: fix expected ACK Delay in client's ACK after HANDSHAKE_DONE
  • dec9fe7 dns/dnsmessage: update SVCB packing to prohibit name compression
  • Additional commits viewable in compare view

Updates github.com/eclipse/paho.mqtt.golang from 1.4.3 to 1.5.1

Release notes

Sourced from github.com/eclipse/paho.mqtt.golang's releases.

v1.5.1

This is a minor release incorporating changes made in the 14 months since v1.5.0 (including updating dependencies, and raising the Go version to 1.24). The changes are relatively minor but address a potential security issue (CVE-2025-10543), possible panic, enable users to better monitor the connection status, and incorporate a few optimisations.

Thanks to those who have provided fixes/enhancements included in this release!

Special thanks to Paul Gerste at Sonar for reporting issue #730 via the Eclipse security team (fix was implemented in PR #714 in May, github issue created just prior to this release). This issue arose where a topic > 65535 bytes was passed to the Publish function, due to the way the data was encoded the topic could leak into the message body. Please see issue #730 or CVE-2025-10543 for further details.

What's Changed

Full Changelog: eclipse-paho/paho.mqtt.golang@v1.5.0...v1.5.1

v1.5.0

In the year since the release of v1.4.3 the majority of changes have been small incremental improvements/fixes. One notable change is that Go v1.20+ is now required (due to PR #646).

What's Changed

New Contributors

Full Changelog: eclipse-paho/paho.mqtt.golang@v1.4.3...v1.5.0

Commits
  • b305237 Update dependencies in docker examples
  • 35ee03d Potential panic when using manual ACK
  • 433bd22 address data race in test
  • 4debe3a Potential panic when using manual ACK
  • 601453b Resolve issues in fvt_client_test
  • 439e2ab Dependency update (also rise Go version to 1.24)
  • d276593 ConnectionNotificationHandler - generic callback for all types of connection ...
  • 8a350a9 notifications
  • 5620c5e notifications
  • 45048cc notifications
  • Additional commits viewable in compare view

Updates golang.org/x/crypto from 0.23.0 to 0.45.0

Commits
  • 4e0068c go.mod: update golang.org/x dependencies
  • e79546e ssh: curb GSSAPI DoS risk by limiting number of specified OIDs
  • f91f7a7 ssh/agent: prevent panic on malformed constraint
  • 2df4153 acme/autocert: let automatic renewal work with short lifetime certs
  • bcf6a84 acme: pass context to request
  • b4f2b62 ssh: fix error message on unsupported cipher
  • 79ec3a5 ssh: allow to bind to a hostname in remote forwarding
  • 122a78f go.mod: update golang.org/x dependencies
  • c0531f9 all: eliminate vet diagnostics
  • 0997000 all: fix some comments
  • Additional commits viewable in compare view

Updates golang.org/x/net from 0.25.0 to 0.47.0

Commits
  • 9a29643 go.mod: update golang.org/x dependencies
  • 07cefd8 context: deprecate
  • 5ac9dac publicsuffix: don't treat ip addresses as domain names
  • d1f64cc quic: use testing/synctest
  • fff0469 http2: document that RFC 7540 prioritization does not work with small payloads
  • f35e3a4 http2: fix weight overflow in RFC 7540 write scheduler
  • 89adc90 http2: fix typo referring to RFC 9218 as RFC 9128 instead
  • 8d76a2c quic: don't defer MAX_STREAMS frames indefinitely
  • 027f8b7 quic: fix expected ACK Delay in client's ACK after HANDSHAKE_DONE
  • dec9fe7 dns/dnsmessage: update SVCB packing to prohibit name compression
  • Additional commits viewable in compare view

Updates github.com/eclipse/paho.mqtt.golang from 1.4.3 to 1.5.1

Release notes

Sourced from github.com/eclipse/paho.mqtt.golang's releases.

v1.5.1

This is a minor release incorporating changes made in the 14 months since v1.5.0 (including updating dependencies, and raising the Go version to 1.24). The changes are relatively minor but address a potential security issue (CVE-2025-10543), possible panic, enable users to better monitor the connection status, and incorporate a few optimisations.

Thanks to those who have provided fixes/enhancements included in this release!

Special thanks to Paul Gerste at Sonar for reporting issue #730 via the Eclipse security team (fix was implemented in PR #714 in May, github issue created just prior to this release). This issue arose where a topic > 65535 bytes was passed to the Publish function, due to the way the data was encoded the topic could leak into the message body. Please see issue #730 or CVE-2025-10543 for further details.

What's Changed

Full Changelog: eclipse-paho/paho.mqtt.golang@v1.5.0...v1.5.1

v1.5.0

In the year since the release of v1.4.3 the majority of changes have been small incremental improvements/fixes. One notable change is that Go v1.20+ is now required (due to PR #646).

What's Changed

New Contributors

Full Changelog: eclipse-paho/paho.mqtt.golang@v1.4.3...v1.5.0

Commits
  • b305237 Update dependencies in docker examples
  • 35ee03d Potential panic when using manual ACK
  • 433bd22 address data race in test
  • 4debe3a Potential panic when using manual ACK
  • 601453b Resolve issues in fvt_client_test
  • 439e2ab Dependency update (also rise Go version to 1.24)
  • d276593 ConnectionNotificationHandler - generic callback for all types of connection ...
  • 8a350a9 notifications
  • 5620c5e notifications
  • 45048cc notifications
  • Additional commits viewable in compare view

Updates golang.org/x/crypto from 0.23.0 to 0.45.0

Commits
  • 4e0068c go.mod: update golang.org/x dependencies
  • e79546e ssh: curb GSSAPI DoS risk by limiting number of specified OIDs
  • f91f7a7 ssh/agent: prevent panic on malformed constraint
  • 2df4153 acme/autocert: let automatic renewal work with short lifetime certs
  • bcf6a84 acme: pass context to request
  • b4f2b62 ssh: fix error message on unsupported cipher
  • 79ec3a5 ssh: allow to bind to a hostname in remote forwarding
  • 122a78f go.mod: update golang.org/x dependencies
  • c0531f9 all: eliminate vet diagnostics
  • 0997000 all: fix some comments
  • Additional commits viewable in compare view

Updates golang.org/x/net from 0.25.0 to 0.47.0

Commits
  • 9a29643 go.mod: update golang.org/x dependencies
  • 07cefd8 context: deprecate
  • 5ac9dac publicsuffix: don't treat ip addresses as domain names
  • d1f64cc quic: use testing/synctest
  • fff0469 http2: document that RFC 7540 prioritization does not work with small payloads
  • f35e3a4 http2: fix weight overflow in RFC 7540 write scheduler
  • 89adc90 http2: fix typo referring to RFC 9218 as RFC 9128 instead
  • 8d76a2c quic: don't defer MAX_STREAMS frames indefinitely
  • 027f8b7 quic: fix expected ACK Delay in client's ACK after HANDSHAKE_DONE
  • dec9fe7 dns/dnsmessage: update SVCB packing to prohibit name compression
  • Additional commits viewable in compare view

Updates golang.org/x/crypto from 0.23.0 to 0.45.0

Commits
  • 4e0068c go.mod: update golang.org/x dependencies
  • e79546e ssh: curb GSSAPI DoS risk by limiting number of specified OIDs
  • f91f7a7 ssh/agent: prevent panic on malformed constraint
  • 2df4153 acme/autocert: let automatic renewal work with short lifetime certs
  • bcf6a84 acme: pass context to request
  • b4f2b62 ssh: fix error message on unsupported cipher
  • 79ec3a5 ssh: allow to bind to a hostname in remote forwarding
  • 122a78f go.mod: update golang.org/x dependencies
  • c0531f9 all: eliminate vet diagnostics
  • 0997000 all: fix some comments
  • Additional commits viewable in compare view

Updates golang.org/x/net from 0.25.0 to 0.47.0

Commits
  • 9a29643 go.mod: update golang.org/x dependencies
  • 07cefd8 context: deprecate
  • 5ac9dac publicsuffix: don't treat ip addresses as domain names
  • d1f64cc quic: use testing/synctest
  • fff0469 http2: document that RFC 7540 prioritization does not work with small payloads
  • f35e3a4 http2: fix weight overflow in RFC 7540 write scheduler
  • 89adc90 http2: fix typo referring to RFC 9218 as RFC 9128 instead
  • 8d76a2c quic: don't defer MAX_STREAMS frames indefinitely
  • 027f8b7 quic: fix expected ACK Delay in client's ACK after HANDSHAKE_DONE
  • dec9fe7 dns/dnsmessage: update SVCB packing to prohibit name compression
  • Additional commits viewable in compare view

Updates golang.org/x/crypto from 0.31.0 to 0.45.0

Commits
  • 4e0068c go.mod: update golang.org/x dependencies
  • e79546e ssh: curb GSSAPI DoS risk by limiting number of specified OIDs
  • f91f7a7 ssh/agent: prevent panic on malformed constraint
  • 2df4153 acme/autocert: let automatic renewal work with short lifetime certs
  • bcf6a84 acme: pass context to request
  • b4f2b62 ssh: fix error message on unsupported cipher
  • 79ec3a5 ssh: allow to bind to a hostname in remote forwarding
  • 122a78f go.mod: update golang.org/x dependencies
  • c0531f9 all: eliminate vet diagnostics
  • 0997000 all: fix some comments
  • Additional commits viewable in compare view

Updates golang.org/x/net from 0.33.0 to 0.47.0

Commits

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update go code labels May 6, 2026
@dependabot dependabot Bot mentioned this pull request May 6, 2026
Closed
@netlify
Copy link
Copy Markdown

netlify Bot commented May 6, 2026
edited
Loading

Deploy Preview for gr-mapache canceled.

Name Link
🔨 Latest commit 11139a0
🔍 Latest deploy log https://app.netlify.com/projects/gr-mapache/deploys/69faf6255b1b1200087f821c

@dependabot
chore(deps): bump the go_modules group across 5 directories with 5 up…
11139a0 
…dates

Bumps the go_modules group with 2 updates in the /auth directory: [github.com/golang-jwt/jwt/v4](https://github.com/golang-jwt/jwt) and [github.com/jackc/pgx/v5](https://github.com/jackc/pgx).
Bumps the go_modules group with 2 updates in the /gr24 directory: [golang.org/x/crypto](https://github.com/golang/crypto) and [github.com/eclipse/paho.mqtt.golang](https://github.com/eclipse/paho.mqtt.golang).
Bumps the go_modules group with 2 updates in the /gr25 directory: [golang.org/x/crypto](https://github.com/golang/crypto) and [github.com/eclipse/paho.mqtt.golang](https://github.com/eclipse/paho.mqtt.golang).
Bumps the go_modules group with 2 updates in the /gr26 directory: [github.com/jackc/pgx/v5](https://github.com/jackc/pgx) and [github.com/eclipse/paho.mqtt.golang](https://github.com/eclipse/paho.mqtt.golang).
Bumps the go_modules group with 1 update in the /vehicle directory: [github.com/jackc/pgx/v5](https://github.com/jackc/pgx).


Updates `github.com/golang-jwt/jwt/v4` from 4.5.1 to 4.5.2
- [Release notes](https://github.com/golang-jwt/jwt/releases)
- [Commits](golang-jwt/jwt@v4.5.1...v4.5.2)

Updates `github.com/jackc/pgx/v5` from 5.6.0 to 5.9.2
- [Changelog](https://github.com/jackc/pgx/blob/master/CHANGELOG.md)
- [Commits](jackc/pgx@v5.6.0...v5.9.2)

Updates `github.com/jackc/pgx/v5` from 5.6.0 to 5.9.2
- [Changelog](https://github.com/jackc/pgx/blob/master/CHANGELOG.md)
- [Commits](jackc/pgx@v5.6.0...v5.9.2)

Updates `github.com/jackc/pgx/v5` from 5.6.0 to 5.9.2
- [Changelog](https://github.com/jackc/pgx/blob/master/CHANGELOG.md)
- [Commits](jackc/pgx@v5.6.0...v5.9.2)

Updates `golang.org/x/crypto` from 0.23.0 to 0.45.0
- [Commits](golang/crypto@v0.23.0...v0.45.0)

Updates `golang.org/x/net` from 0.25.0 to 0.47.0
- [Commits](golang/net@v0.25.0...v0.47.0)

Updates `github.com/eclipse/paho.mqtt.golang` from 1.4.3 to 1.5.1
- [Release notes](https://github.com/eclipse/paho.mqtt.golang/releases)
- [Commits](eclipse-paho/paho.mqtt.golang@v1.4.3...v1.5.1)

Updates `golang.org/x/crypto` from 0.23.0 to 0.45.0
- [Commits](golang/crypto@v0.23.0...v0.45.0)

Updates `golang.org/x/net` from 0.25.0 to 0.47.0
- [Commits](golang/net@v0.25.0...v0.47.0)

Updates `github.com/eclipse/paho.mqtt.golang` from 1.4.3 to 1.5.1
- [Release notes](https://github.com/eclipse/paho.mqtt.golang/releases)
- [Commits](eclipse-paho/paho.mqtt.golang@v1.4.3...v1.5.1)

Updates `golang.org/x/crypto` from 0.23.0 to 0.45.0
- [Commits](golang/crypto@v0.23.0...v0.45.0)

Updates `golang.org/x/net` from 0.25.0 to 0.47.0
- [Commits](golang/net@v0.25.0...v0.47.0)

Updates `github.com/eclipse/paho.mqtt.golang` from 1.4.3 to 1.5.1
- [Release notes](https://github.com/eclipse/paho.mqtt.golang/releases)
- [Commits](eclipse-paho/paho.mqtt.golang@v1.4.3...v1.5.1)

Updates `golang.org/x/crypto` from 0.23.0 to 0.45.0
- [Commits](golang/crypto@v0.23.0...v0.45.0)

Updates `golang.org/x/net` from 0.25.0 to 0.47.0
- [Commits](golang/net@v0.25.0...v0.47.0)

Updates `golang.org/x/crypto` from 0.23.0 to 0.45.0
- [Commits](golang/crypto@v0.23.0...v0.45.0)

Updates `golang.org/x/net` from 0.25.0 to 0.47.0
- [Commits](golang/net@v0.25.0...v0.47.0)

Updates `golang.org/x/crypto` from 0.31.0 to 0.45.0
- [Commits](golang/crypto@v0.23.0...v0.45.0)

Updates `golang.org/x/net` from 0.33.0 to 0.47.0
- [Commits](golang/net@v0.25.0...v0.47.0)

Updates `github.com/eclipse/paho.mqtt.golang` from 1.5.0 to 1.5.1
- [Release notes](https://github.com/eclipse/paho.mqtt.golang/releases)
- [Commits](eclipse-paho/paho.mqtt.golang@v1.4.3...v1.5.1)

Updates `golang.org/x/crypto` from 0.31.0 to 0.45.0
- [Commits](golang/crypto@v0.23.0...v0.45.0)

Updates `golang.org/x/net` from 0.33.0 to 0.47.0
- [Commits](golang/net@v0.25.0...v0.47.0)

Updates `github.com/eclipse/paho.mqtt.golang` from 1.5.0 to 1.5.1
- [Release notes](https://github.com/eclipse/paho.mqtt.golang/releases)
- [Commits](eclipse-paho/paho.mqtt.golang@v1.4.3...v1.5.1)

Updates `golang.org/x/crypto` from 0.31.0 to 0.45.0
- [Commits](golang/crypto@v0.23.0...v0.45.0)

Updates `golang.org/x/net` from 0.33.0 to 0.47.0
- [Commits](golang/net@v0.25.0...v0.47.0)

Updates `github.com/eclipse/paho.mqtt.golang` from 1.5.0 to 1.5.1
- [Release notes](https://github.com/eclipse/paho.mqtt.golang/releases)
- [Commits](eclipse-paho/paho.mqtt.golang@v1.4.3...v1.5.1)

Updates `golang.org/x/crypto` from 0.31.0 to 0.45.0
- [Commits](golang/crypto@v0.23.0...v0.45.0)

Updates `golang.org/x/net` from 0.33.0 to 0.47.0
- [Commits](golang/net@v0.25.0...v0.47.0)

Updates `golang.org/x/crypto` from 0.31.0 to 0.45.0
- [Commits](golang/crypto@v0.23.0...v0.45.0)

Updates `golang.org/x/net` from 0.33.0 to 0.47.0
- [Commits](golang/net@v0.25.0...v0.47.0)

Updates `github.com/jackc/pgx/v5` from 5.6.0 to 5.9.2
- [Changelog](https://github.com/jackc/pgx/blob/master/CHANGELOG.md)
- [Commits](jackc/pgx@v5.6.0...v5.9.2)

Updates `github.com/eclipse/paho.mqtt.golang` from 1.5.0 to 1.5.1
- [Release notes](https://github.com/eclipse/paho.mqtt.golang/releases)
- [Commits](eclipse-paho/paho.mqtt.golang@v1.4.3...v1.5.1)

Updates `github.com/eclipse/paho.mqtt.golang` from 1.5.0 to 1.5.1
- [Release notes](https://github.com/eclipse/paho.mqtt.golang/releases)
- [Commits](eclipse-paho/paho.mqtt.golang@v1.4.3...v1.5.1)

Updates `github.com/eclipse/paho.mqtt.golang` from 1.5.0 to 1.5.1
- [Release notes](https://github.com/eclipse/paho.mqtt.golang/releases)
- [Commits](eclipse-paho/paho.mqtt.golang@v1.4.3...v1.5.1)

Updates `github.com/jackc/pgx/v5` from 5.6.0 to 5.9.2
- [Changelog](https://github.com/jackc/pgx/blob/master/CHANGELOG.md)
- [Commits](jackc/pgx@v5.6.0...v5.9.2)

Updates `github.com/jackc/pgx/v5` from 5.6.0 to 5.9.2
- [Changelog](https://github.com/jackc/pgx/blob/master/CHANGELOG.md)
- [Commits](jackc/pgx@v5.6.0...v5.9.2)

Updates `github.com/jackc/pgx/v5` from 5.8.0 to 5.9.2
- [Changelog](https://github.com/jackc/pgx/blob/master/CHANGELOG.md)
- [Commits](jackc/pgx@v5.6.0...v5.9.2)

Updates `github.com/jackc/pgx/v5` from 5.8.0 to 5.9.2
- [Changelog](https://github.com/jackc/pgx/blob/master/CHANGELOG.md)
- [Commits](jackc/pgx@v5.6.0...v5.9.2)

Updates `github.com/jackc/pgx/v5` from 5.8.0 to 5.9.2
- [Changelog](https://github.com/jackc/pgx/blob/master/CHANGELOG.md)
- [Commits](jackc/pgx@v5.6.0...v5.9.2)

---
updated-dependencies:
- dependency-name: github.com/eclipse/paho.mqtt.golang
  dependency-version: 1.5.1
  dependency-type: direct:production
- dependency-name: github.com/eclipse/paho.mqtt.golang
  dependency-version: 1.5.1
  dependency-type: direct:production
- dependency-name: github.com/eclipse/paho.mqtt.golang
  dependency-version: 1.5.1
  dependency-type: direct:production
- dependency-name: github.com/eclipse/paho.mqtt.golang
  dependency-version: 1.5.1
  dependency-type: direct:production
- dependency-name: github.com/eclipse/paho.mqtt.golang
  dependency-version: 1.5.1
  dependency-type: direct:production
- dependency-name: github.com/eclipse/paho.mqtt.golang
  dependency-version: 1.5.1
  dependency-type: direct:production
- dependency-name: github.com/eclipse/paho.mqtt.golang
  dependency-version: 1.5.1
  dependency-type: direct:production
- dependency-name: github.com/eclipse/paho.mqtt.golang
  dependency-version: 1.5.1
  dependency-type: direct:production
- dependency-name: github.com/eclipse/paho.mqtt.golang
  dependency-version: 1.5.1
  dependency-type: direct:production
- dependency-name: github.com/golang-jwt/jwt/v4
  dependency-version: 4.5.2
  dependency-type: direct:production
- dependency-name: github.com/jackc/pgx/v5
  dependency-version: 5.9.2
  dependency-type: indirect
- dependency-name: github.com/jackc/pgx/v5
  dependency-version: 5.9.2
  dependency-type: indirect
- dependency-name: github.com/jackc/pgx/v5
  dependency-version: 5.9.2
  dependency-type: indirect
- dependency-name: github.com/jackc/pgx/v5
  dependency-version: 5.9.2
  dependency-type: indirect
- dependency-name: github.com/jackc/pgx/v5
  dependency-version: 5.9.2
  dependency-type: indirect
- dependency-name: github.com/jackc/pgx/v5
  dependency-version: 5.9.2
  dependency-type: indirect
- dependency-name: github.com/jackc/pgx/v5
  dependency-version: 5.9.2
  dependency-type: indirect
- dependency-name: github.com/jackc/pgx/v5
  dependency-version: 5.9.2
  dependency-type: indirect
- dependency-name: github.com/jackc/pgx/v5
  dependency-version: 5.9.2
  dependency-type: indirect
- dependency-name: golang.org/x/crypto
  dependency-version: 0.45.0
  dependency-type: indirect
- dependency-name: golang.org/x/crypto
  dependency-version: 0.45.0
  dependency-type: indirect
- dependency-name: golang.org/x/crypto
  dependency-version: 0.45.0
  dependency-type: indirect
- dependency-name: golang.org/x/crypto
  dependency-version: 0.45.0
  dependency-type: indirect
- dependency-name: golang.org/x/crypto
  dependency-version: 0.45.0
  dependency-type: indirect
- dependency-name: golang.org/x/crypto
  dependency-version: 0.45.0
  dependency-type: indirect
- dependency-name: golang.org/x/crypto
  dependency-version: 0.45.0
  dependency-type: indirect
- dependency-name: golang.org/x/crypto
  dependency-version: 0.45.0
  dependency-type: indirect
- dependency-name: golang.org/x/crypto
  dependency-version: 0.45.0
  dependency-type: indirect
- dependency-name: golang.org/x/crypto
  dependency-version: 0.45.0
  dependency-type: indirect
- dependency-name: golang.org/x/net
  dependency-version: 0.47.0
  dependency-type: indirect
- dependency-name: golang.org/x/net
  dependency-version: 0.47.0
  dependency-type: indirect
- dependency-name: golang.org/x/net
  dependency-version: 0.47.0
  dependency-type: indirect
- dependency-name: golang.org/x/net
  dependency-version: 0.47.0
  dependency-type: indirect
- dependency-name: golang.org/x/net
  dependency-version: 0.47.0
  dependency-type: indirect
- dependency-name: golang.org/x/net
  dependency-version: 0.47.0
  dependency-type: indirect
- dependency-name: golang.org/x/net
  dependency-version: 0.47.0
  dependency-type: indirect
- dependency-name: golang.org/x/net
  dependency-version: 0.47.0
  dependency-type: indirect
- dependency-name: golang.org/x/net
  dependency-version: 0.47.0
  dependency-type: indirect
- dependency-name: golang.org/x/net
  dependency-version: 0.47.0
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/go_modules/auth/go_modules-77df8118d4 branch from df58cab to 11139a0 Compare May 6, 2026 08:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file go Pull requests that update go code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants