fix(deps): update all dependencies #264

renovate · 2025-09-16T13:38:52Z

This PR contains the following updates:

Package	Type	Update	Change
actions/dependency-review-action	action	minor	`v4.7.3` -> `v4.8.0`
github.com/aperturerobotics/starpc	require	digest	`df418ca` -> `faadf02`
github.com/libp2p/go-libp2p	require	minor	`v0.43.0` -> `v0.44.0`
github.com/pion/webrtc/v4	require	patch	`v4.1.4` -> `v4.1.5`
github.com/quic-go/quic-go	require	minor	`v0.54.0` -> `v0.55.0`
github/codeql-action	action	major	`v3.30.3` -> `v4.30.7`
golang.org/x/crypto	require	minor	`v0.42.0` -> `v0.43.0`
typescript (source)	devDependencies	patch	`5.9.2` -> `5.9.3`

Release Notes

actions/dependency-review-action (actions/dependency-review-action)

`v4.8.0`

Compare Source

What's Changed

Make Ruby Code Scannable by @ljones140 in #978
Batch some contributions for release by @brrygrdn in #986
- Make license lists collapsable by @jasperkamerling
- feat: add large summary handling with artifact upload by @MattMencel

New Contributors

@ljones140 made their first contribution in #978
@jasperkamerling made their first contribution in #986
@MattMencel made their first contribution in #986

Full Changelog: actions/dependency-review-action@v4...v4.8.0

`v4.7.4`

Compare Source

libp2p/go-libp2p (github.com/libp2p/go-libp2p)

`v0.44.0`

Compare Source

Highlights

Address Pipeline:

Observed Address Manager has been moved out of identify to its own package, github.com/libp2p/go-libp2p/p2p/host/obsaddrs
⚠️ Identify Service doesn't support the DisableObservedAddrManager Option. The top level libp2p option DisableIdentifyAddressDiscovery works as it used to.

What's Changed

fix: clean up associations for closed listeners. by @Prabhat1308 in #3306
swarm: move AddCertHashes to swarm by @sukunrt in #3330
refactor(quicreuse): use errors.Join in Close method by @crStiv in #3363
network: rename NAT Types by @sukunrt in #3331
feat(metrics): add Reset and TrimIdle methods to reporter interface by @cpeliciari in #3343
feat(simlibp2p): Simulated libp2p Networks by @MarcoPolo in #3262
Support Go 1.24 & 1.25 by @MarcoPolo in #3366
basichost: move observed address manager to basichost by @sukunrt in #3332
ci: uci/update-go by @web3-bot in #3371
feat: Migrate to log/slog by @MarcoPolo in #3364
AI tooling must be disclosed for contributions by @MarcoPolo in #3372
docs: remove broken link by @MarcoPolo in #3375
enhancement: include non public relay addresses to be advertised too #3361 #3365 by @shoriwe in #3379
fix: self-healing NAT mappings with request deduplication by @lidel in #3367
feat(network): Add ConnAs by @MarcoPolo in #3338
refactor: replace context.WithCancel with t.Context by @cargoedit in #3383
chore: add help comment by @MarcoPolo in #3385
README: remove Drand from notable users section by @marten-seemann in #3388
docs: Update contribute section by @MarcoPolo in #3387
fix: assignment to entry in nil map by @dennis-tra in #3395
Refactor pre core module by @MarcoPolo in #3396
basichost: move EvtLocalAddrsChanged to addrs_manager by @sukunrt in #3355
ci: move to github actions runner by @MarcoPolo in #3398
basichost: fix lint error by @sukunrt in #3400

New Contributors

@crStiv made their first contribution in #3363
@shoriwe made their first contribution in #3379
@cargoedit made their first contribution in #3383

Full Changelog: libp2p/go-libp2p@v0.43.0...v0.44.0

pion/webrtc (github.com/pion/webrtc/v4)

`v4.1.5`

Compare Source

Changelog

0575dfb Add interface for getting media-playout stats
bf15721 Update module github.com/pion/transport/v3 to v3.0.8
041211f Update module github.com/pion/interceptor to v0.1.41
706c75b Update module github.com/pion/srtp/v3 to v3.0.8
43976dc Update CI configs to v0.11.29
e0181e9 Update TestPeerConnection_SessionID to run on WASM
5a0e56e Prefer makezero with a cap
9acbc66 Cleanup statsGetter after peer is closed
4c1261f Add inbound-rtp stats
370412f Improve code cov
7f1ab45 Remove unused file
39d1b3c Apply go modernize suggestions
781ff73 Create examples/data-channels-detach-create
f5fd0fa Update dependency @roamhq/wrtc to v0.9.1
6ef2888 Fix RTPSender.SetReadDeadline crash
634a904 Fire OnBufferedAmountLow in a goroutine
1527bfa Allow IVFWriter Framerate to be modified
cf7625d Allow IVFWriter Width/Height to be modified
882f699 Update actions/setup-node action to v5
e9efed4 Fix trailing space in rtcp-fb with no Parameter
457679c Update module github.com/pion/rtp to v1.8.22
3bb8fce Update module github.com/pion/sdp/v3 to v3.0.16
4eebb3e Update actions/checkout action to v5
5b098de Update CI configs to v0.11.26
cda9130 Update CI configs to v0.11.25
e7183f9 Update CI configs to v0.11.24
c376d0e Match codec order of remote peer
42b3cfd Update module github.com/stretchr/testify to v1.11.1
2af60a4 Filter unattached RTX when getting codecs
123f138 Update module github.com/stretchr/testify to v1.11.0
4b37165 Tests to ensure proper direction in SDP
6424d85 Consider remote direction in add track
469ca2c Disallow incompatible transceiver directions
2299a71 Add opt control transceiver re-use in recvonly
3e84081 Add partialMatch codecs to transceiver from remote
c82d96c Remove RTX codec if no primary

quic-go/quic-go (github.com/quic-go/quic-go)

`v0.55.0`

Compare Source

This release contains a number of improvements and fixes, and it updates the supported Go versions to 1.24 and 1.25.

Optimizations

When sending packets on a QUIC connection, RFC 9002 requires us to save the timestamp for every packet sent. In #5344, we implemented a memory-optimized drop-in replacement for time.Time, which reduces the memory required from 24 to 8 bytes, and vastly speeds up timer calculations (which happen very frequently).

New Features

Basic connection statistics are now exposed via Conn.ConnectionStats, thanks to @MarcoPolo
On some links, packet reordering can lead to spurious detections of packet loss when using the loss detection logic specified in RFC 9002. #5355 adds logic detect when packet loss is detected spuriously.

Notable Fixes

http3: don't allow usage of closed Transport: #5324, thanks to @Glonee
http3: fix race in concurrent Transport.Roundtrip calls: #5323, thanks to @Glonee
improve and fix connection timer logic: #5339, thanks to @sukunrt for a very comprehensive code review

Behind the Scenes

We have started transitioning tests to make use of the new synctest package that was added in Go 1.25 (and was available as a GOEXPERIMENT in Go 1.24): #5291, #5296, #5298, #5299, #5302, #5304, #5305, #5306, #5317. This is a lot of work, but it makes the test execution both faster and more reliable.

Changelog

wire: implement parsing and writing of the ACK_FREQUENCY frame by @marten-seemann in #5264
wire: implement parsing and writing of the IMMEDIATE_ACK frame by @marten-seemann in #5265
fuzzing: fix timeout in frame parser by @jannis-seemann in #5268
wire: add support for the min_ack_delay transport parameter by @marten-seemann in #5266
fix missing log statement for STREAM, DATAGRAM and ACK by @jannis-seemann in #5273
qlog: add support for ACK_FREQUENCY and IMMEDIATE_ACK frames by @marten-seemann in #5276
ackhandler: remove unused time from receivedPacketHandler.ReceivedPacket by @marten-seemann in #5277
quicvarint: extend benchmark to use quicvarint.Reader by @marten-seemann in #5278
quicvarint: tolerate empty reads of the underlying io.Reader by @bemasc in #5275
http3: fix documentation for Server.ServeListener by @WeidiDeng in #5282
expose connection stats via Conn.ConnectionStats by @marten-seemann in #5281
ackhandler: generalize check for missing packets below threshold by @marten-seemann in #5260
update to Go 1.25, drop Go 1.23, use go tool for gomock by @marten-seemann in #5283
replace interface{} with any by @marten-seemann in #5290
use testing.B.Loop in all benchmark tests by @marten-seemann in #5285
build(deps): bump actions/checkout from 4 to 5 by @dependabot[bot] in #5293
use synctest to make receive stream tests fully deterministc by @marten-seemann in #5291
use synctest to make streams map tests fully deterministic by @marten-seemann in #5296
ci: cache the Go build cache for cross-compilation workflow by @marten-seemann in #5297
ci: fix cache save and restore logic for cross compile workflow by @marten-seemann in #5300
restore previously deleted TestStreamsMapConcurrent test by @marten-seemann in #5301
use synctest to make the send queue tests fully deterministic by @marten-seemann in #5302
use synctest to make the send stream tests fully deterministic by @marten-seemann in #5298
ci: use go mod tidy -diff to check for tidied go.mod by @marten-seemann in #5303
use synctest to make the datagram queue tests fully deterministic by @marten-seemann in #5305
utils: use synctest to make the timer tests fully deterministic by @marten-seemann in #5306
ackhandler: fix resetting of packet.isPathProbePacket by @marten-seemann in #5310
ackhandler: use an iterator to process received packet ranges by @marten-seemann in #5309
ackhandler: use a typed mock for the ECNHandler by @marten-seemann in #5311
ackhandler: immediately clear ackedPacket slice after processing ACK by @marten-seemann in #5313
ci: improve cache key generation for the cross compilation job by @marten-seemann in #5315
ci: fix cache paths in cross compile workflow by @marten-seemann in #5318
ackhandler: avoid storing packet number in packet struct by @marten-seemann in #5312
ackhandler: store skipped packet numbers separately by @marten-seemann in #5314
ackhandler: account for skipped packets in packet threshold calculation by @marten-seemann in #5316
ackhandler: store the last four skipped packets by @marten-seemann in #5322
http3: fix data race in Transport by @Glonee in #5323
qlog: add a benchmark for the ConnectionTracer by @marten-seemann in #5328
qlog: merge event category and name by @marten-seemann in #5329
http3: don't allow usage of closed Transport by @Glonee in #5324
build(deps): bump actions/setup-go from 5 to 6 by @dependabot[bot] in #5330
fix: return stream frames to pool on error paths by @lidel in #5327
ackhandler: add a benchmark for sending and acknowledging packets by @marten-seemann in #5333
implement a memory-optimized time.Time replacement by @marten-seemann in #5334
add a benchmark test for data transfers by @marten-seemann in #5335
improve connection timer logic by @marten-seemann in #5339
use synctest to make the connection tests fully deterministic by @marten-seemann in #5317
drop initial packets when the handshake is confirmed by @marten-seemann in #5354
protocol: optimize ConnectionID.String by @marten-seemann in #5351
fix missing tracing of restored transport parameters by @marten-seemann in #5349
ackhandler: track lost packets and detect spurious losses by @marten-seemann in #5355

New Contributors

@bemasc made their first contribution in #5275
@lidel made their first contribution in #5327

Full Changelog: quic-go/quic-go@v0.54.0...v0.55.0

`v0.54.1`

Compare Source

github/codeql-action (github/codeql-action)

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.30.6 - 02 Oct 2025

Update default CodeQL bundle version to 2.23.2. #3168

See the full CHANGELOG.md for more information.

`v3.30.5`

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.30.5 - 26 Sep 2025

We fixed a bug that was introduced in 3.30.4 with upload-sarif which resulted in files without a .sarif extension not getting uploaded. #3160

See the full CHANGELOG.md for more information.

`v3.30.4`

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.30.4 - 25 Sep 2025

We have improved the CodeQL Action's ability to validate that the workflow it is used in does not use different versions of the CodeQL Action for different workflow steps. Mixing different versions of the CodeQL Action in the same workflow is unsupported and can lead to unpredictable results. A warning will now be emitted from the codeql-action/init step if different versions of the CodeQL Action are detected in the workflow file. Additionally, an error will now be thrown by the other CodeQL Action steps if they load a configuration file that was generated by a different version of the codeql-action/init step. #3099 and #3100
We added support for reducing the size of dependency caches for Java analyses, which will reduce cache usage and speed up workflows. This will be enabled automatically at a later time. #3107
You can now run the latest CodeQL nightly bundle by passing tools: nightly to the init action. In general, the nightly bundle is unstable and we only recommend running it when directed by GitHub staff. #3130
Update default CodeQL bundle version to 2.23.1. #3118

See the full CHANGELOG.md for more information.

microsoft/TypeScript (typescript)

`v5.9.3`

Compare Source

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

socket-security · 2025-09-16T13:39:47Z

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Package	Supply Chain Security	Quality
golang/github.com/pion/webrtc/v4@v4.1.4 ⏵ v4.1.5	⁺¹
golang/golang.org/x/crypto@v0.42.0 ⏵ v0.43.0	⁺¹
npm/typescript@5.9.2 ⏵ 5.9.3		⁺¹
golang/github.com/aperturerobotics/starpc@v0.39.10-0.20250919171848-df418ca2447d ⏵ v0.39.10-0.20250922184252-faadf02340ec	⁺¹

View full report

renovate · 2025-10-04T00:47:23Z

ℹ Artifact update notice

File name: go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

6 additional dependencies were updated

Details:

Package	Change
`github.com/pion/interceptor`	`v0.1.40` -> `v0.1.41`
`github.com/pion/rtp`	`v1.8.21` -> `v1.8.22`
`github.com/pion/srtp/v3`	`v3.0.7` -> `v3.0.8`
`github.com/pion/transport/v3`	`v3.0.7` -> `v3.0.8`
`golang.org/x/net`	`v0.44.0` -> `v0.45.0`
`golang.org/x/sys`	`v0.36.0` -> `v0.37.0`

renovate bot changed the title ~~fix(deps): update all dependencies to v0.39.9~~ fix(deps): update all dependencies to v0.39.9 - autoclosed Sep 18, 2025

renovate bot closed this Sep 18, 2025

renovate bot deleted the renovate/all branch September 18, 2025 22:53

renovate bot changed the title ~~fix(deps): update all dependencies to v0.39.9 - autoclosed~~ fix(deps): update all dependencies to v0.39.9 Sep 21, 2025

renovate bot reopened this Sep 21, 2025

renovate bot force-pushed the renovate/all branch from 550274a to ec87b09 Compare September 21, 2025 21:59

renovate bot changed the title ~~fix(deps): update all dependencies to v0.39.9~~ fix(deps): update github.com/aperturerobotics/starpc digest to 2993b8b Sep 21, 2025

renovate bot force-pushed the renovate/all branch from ec87b09 to c7b7c25 Compare September 22, 2025 01:38

renovate bot changed the title ~~fix(deps): update github.com/aperturerobotics/starpc digest to 2993b8b~~ fix(deps): update github.com/aperturerobotics/starpc digest to faadf02 Sep 22, 2025

renovate bot force-pushed the renovate/all branch from c7b7c25 to 91d4908 Compare September 22, 2025 21:21

renovate bot changed the title ~~fix(deps): update github.com/aperturerobotics/starpc digest to faadf02~~ fix(deps): update all dependencies Sep 25, 2025

renovate bot force-pushed the renovate/all branch 4 times, most recently from 4ac37a2 to db0e224 Compare September 30, 2025 23:12

renovate bot force-pushed the renovate/all branch 3 times, most recently from ed495fa to ab2ef6d Compare October 4, 2025 00:47

renovate bot force-pushed the renovate/all branch 2 times, most recently from f5565ac to 7990640 Compare October 8, 2025 04:08

fix(deps): update all dependencies

365fcac

renovate bot force-pushed the renovate/all branch from 7990640 to 365fcac Compare October 8, 2025 21:43

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

fix(deps): update all dependencies #264

fix(deps): update all dependencies #264

Uh oh!

renovate bot commented Sep 16, 2025 •

edited

Loading

Uh oh!

socket-security bot commented Sep 16, 2025 •

edited

Loading

Uh oh!

renovate bot commented Oct 4, 2025 •

edited

Loading

Uh oh!

Uh oh!

fix(deps): update all dependencies #264

Are you sure you want to change the base?

fix(deps): update all dependencies #264

Uh oh!

Conversation

renovate bot commented Sep 16, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Release Notes

What's Changed

New Contributors

Highlights

Address Pipeline:

What's Changed

New Contributors

Changelog

Optimizations

New Features

Notable Fixes

Behind the Scenes

Changelog

New Contributors

CodeQL Action Changelog

3.30.6 - 02 Oct 2025

CodeQL Action Changelog

3.30.5 - 26 Sep 2025

CodeQL Action Changelog

3.30.4 - 25 Sep 2025

Configuration

Uh oh!

socket-security bot commented Sep 16, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

renovate bot commented Oct 4, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

ℹ Artifact update notice

File name: go.mod

Uh oh!

Uh oh!

renovate bot commented Sep 16, 2025 •

edited

Loading

socket-security bot commented Sep 16, 2025 •

edited

Loading

renovate bot commented Oct 4, 2025 •

edited

Loading