Skip to content

chore(deps): bump the go_modules group across 4 directories with 8 updates#1783

Closed
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/go_modules/go_modules-d1ec3229fc
Closed

chore(deps): bump the go_modules group across 4 directories with 8 updates#1783
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/go_modules/go_modules-d1ec3229fc

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Mar 1, 2026
edited
Loading

Bumps the go_modules group with 6 updates in the / directory:

Package From To
github.com/docker/docker 25.0.5+incompatible 25.0.13+incompatible
github.com/nats-io/nats-server/v2 2.10.14 2.11.12
github.com/ollama/ollama 0.11.4 0.14.0
github.com/lestrrat-go/jwx 1.1.7 1.2.29
go.opentelemetry.io/otel/sdk 1.39.0 1.40.0
filippo.io/edwards25519 1.1.0 1.1.1

Bumps the go_modules group with 3 updates in the /operator directory: github.com/nats-io/nats-server/v2, go.opentelemetry.io/otel/sdk and filippo.io/edwards25519.
Bumps the go_modules group with 1 update in the /for-mac directory: golang.org/x/crypto.
Bumps the go_modules group with 1 update in the /sandbox/dns-proxy directory: golang.org/x/net.

Updates github.com/docker/docker from 25.0.5+incompatible to 25.0.13+incompatible

Release notes

Sourced from github.com/docker/docker's releases.

v25.0.13

25.0.13

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestone:

Bug fixes and enhancements

  • Prevent restoration of iptables rules for deleted networks and containers on firewalld reload. moby/moby#50445
  • Fix Swarm services becoming unreachable from published ports after a firewalld reload. moby/moby#50445
  • Improve the reliability of the Swarm overlay network control plane by fixing longstanding issues with NetworkDB. moby/moby#50511
  • Improve the reliability of Swarm overlay container networks by fixing longstanding issues with the overlay network driver. moby/moby#50551

v25.0.12

25.0.12

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestone:

Bug fixes and enhancements

  • Fix an issue where all new tasks in the Swarm could get stuck in the PENDING state forever after scaling up a service with placement preferences. moby/moby#50203
  • Fix an issue which made DNS service discovery for Swarm services unreliable. moby/moby#50230

Packaging updates

v25.0.11

25.0.11

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestone:

Networking

Known Issues

Full Changelog: moby/moby@v25.0.10...v25.0.11

v25.0.10

25.0.10

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestone:

... (truncated)

Commits
  • 165516e Merge pull request #50551 from corhere/backport-25.0/libn/all-the-overlay-fixes
  • f099e91 libnetwork: handle coalesced endpoint events
  • bace1b8 libnetwork/d/overlay: handle coalesced peer updates
  • f9e5429 libn/d/win/overlay: dedupe NetworkDB definitions
  • fc3df55 libn/d/overlay: extract hashable address types
  • b22872a libnetwork/driverapi: make EventNotify optional
  • c7e17ae libn/networkdb: report prev value in update events
  • d60c71a libnetwork/d/overlay: fix logical race conditions
  • ad54b8f libn/d/overlay: fix encryption race conditions
  • 8075689 libn/d/overlay: inline secMapWalk into only caller
  • Additional commits viewable in compare view

Updates github.com/nats-io/nats-server/v2 from 2.10.14 to 2.11.12

Release notes

Sourced from github.com/nats-io/nats-server/v2's releases.

Release v2.11.12

Changelog

Refer to the 2.11 Upgrade Guide for backwards compatibility notes with 2.10.x.

Go Version

Dependencies

  • github.com/nats-io/nkeys v0.4.12 (#7578)
  • github.com/antithesishq/antithesis-sdk-go v0.5.0-default-no-op (#7604)
  • github.com/klauspost/compress v1.18.3 (#7736)
  • golang.org/x/crypto v0.47.0 (#7736)
  • golang.org/x/sys v0.40.0 (#7736)
  • github.com/google/go-tpm v0.9.8 (#7696)
  • github.com/nats-io/nats.go v1.48.0 (#7696)

Added

General

  • Added WebSocket-specific ping interval configuration with ping_internal in the websocket block (#7614)

Monitoring

  • Added tls_cert_not_after to the varz monitoring endpoint for showing when TLS certificates are due to expire (#7709)

Improved

JetStream

  • The scan for the last sourced message sequence when setting up a subject-filtered source is now considerably faster (#7553)
  • Consumer interest checks on interest-based streams are now significantly faster when there are large gaps in interest (#7656)
  • Creating consumer file stores no longer contends on the stream lock, improving consumer create performance on heavily loaded streams (#7700)
  • Recalculating num pending with updated filter subjects no longer gathers and sorts the subject filter list twice (#7772)
  • Switching to interest-based retention will now remove no-interest messages from the head of the stream (#7766)

MQTT

  • Retained messages will now work correctly even when sourced from a different account and has a subject transform (#7636)

Fixed

General

  • WebSocket connections will now correctly limit the buffer size during decompression (#7625, thanks to Pavel Kokout at Aisle Research)
  • The config parser now correctly detects and errors on self-referencing environment variables (#7737)
  • Internal functions for handling headers should no longer corrupt message bodies if appended (#7752)

... (truncated)

Commits
  • 2d97cb7 Release v2.11.12
  • ea9680a Cherry-picks for 2.11.12 (#7776)
  • eb53e0d [IMPROVED] Remove no interest messages from head of stream
  • dc0d365 [FIXED] Many concurrent checkInterestState goroutines
  • 360db02 [FIXED] Interest stream desync after consumer filter update
  • 74802ff [IMPROVED] Simplify recalculate pending with updated filter subject(s)
  • 6f77800 Release v2.11.12-RC.7
  • 134ebc2 Revert "Perform _writeFullState under read lock only"
  • ddd1442 Release v2.11.12-RC.6
  • 59b2eb8 Cherry-picks for 2.11.12-RC.6 (#7768)
  • Additional commits viewable in compare view

Updates github.com/ollama/ollama from 0.11.4 to 0.14.0

Release notes

Sourced from github.com/ollama/ollama's releases.

v0.14.0

What's Changed

  • ollama run --experimental CLI will now open a new Ollama CLI that includes an agent loop and the bash tool
  • Anthropic API compatibility: support for the /v1/messages API
  • A new REQUIRES command for the Modelfile allows declaring which version of Ollama is required for the model
  • For older models, Ollama will avoid an integer underflow on low VRAM systems during memory estimation
  • More accurate VRAM measurements for AMD iGPUs
  • Ollama's app will now highlight swift source code
  • An error will now return when embeddings return NaN or -Inf
  • Ollama's Linux install bundles files now use zst compression
  • New experimental support for image generation models, powered by MLX

New Contributors

Full Changelog: ollama/ollama@v0.13.5...v0.14.0-rc2

v0.13.5

New Models

  • Google's FunctionGemma a specialized version of Google's Gemma 3 270M model fine-tuned explicitly for function calling.

What's Changed

  • bert architecture models now run on Ollama's engine
  • Added built-in renderer & tool parsing capabilities for DeepSeek-V3.1
  • Fixed issue where nested properties in tools may not have been rendered properly

New Contributors

Full Changelog: ollama/ollama@v0.13.4...v0.13.5

v0.13.4

New Models

  • Nemotron 3 Nano: A new Standard for Efficient, Open, and Intelligent Agentic Models
  • Olmo 3 and Olmo 3.1: A series of Open language models designed to enable the science of language models. These models are pre-trained on the Dolma 3 dataset and post-trained on the Dolci datasets.

What's Changed

  • Enable Flash Attention automatically for models by default
  • Fixed handling of long contexts with Gemma 3 models
  • Fixed issue that would occur with Gemma 3 QAT models or other models imported with the Gemma 3 architecture

New Contributors

Full Changelog: ollama/ollama@v0.13.3...v0.13.4-rc0

v0.13.3

... (truncated)

Commits
  • 02a2401 mlx: bundle openblas dependency (#13706)
  • e4b488a CI: dedup cuda libraries to reduce payload size (#13704)
  • 98079dd ci: add missing mlx components to release build (#13702)
  • d70942f x/imagegen/cli: skip local model check (#13699)
  • 58e4701 scripts: increase notarization timeout to 20m (#13697)
  • dbf47ee cmake: use CMAKE_SYSTEM_PROCESSOR instead of CMAKE_OSX_ARCHITECTURES for mlx....
  • af7ea6e x/imagegen: install mlx.metallib and fix macOS rpath handling, add mlx librar...
  • 8f1e014 x/imagegen: fix mlx build in Dockerfile and macOS build script (#13693)
  • 35c3c9e anthropic: allow non-thinking models when using Anthropic API (#13692)
  • d06acbc x/cmd: enable web search and web fetch with flag (#13690)
  • Additional commits viewable in compare view

Updates github.com/lestrrat-go/jwx from 1.1.7 to 1.2.29

Release notes

Sourced from github.com/lestrrat-go/jwx's releases.

v1.2.29 07 Mar 2024

[Security]

  • [jwe] Added jwe.Settings(jwe.WithMaxDecompressBufferSize(int64)) to specify the maximum size of a decompressed JWE payload. The default value is 10MB. If you are compressing payloads greater than this, you need to explicitly set it.

    Unlike in v2, there is no way to set this globally. Please use v2 if this is required.

v1.2.28

v1.2.28 09 Jan 2024
[Security Fixes]
  * [jws] JWS messages formated in full JSON format (i.e. not the compact format, which
    consists of three base64 strings concatenated with a '.') with missing "protected"
    headers could cause a panic, thereby introducing a possiblity of a DoS.

This has been fixed so that the `jws.Parse` function succeeds in parsing a JWS message
lacking a protected header. Calling `jws.Verify` on this same JWS message will result
in a failed verification attempt. Note that this behavior will differ slightly when
parsing JWS messages in compact form, which result in an error.

v1.2.27

v1.2.27 - 03 Dec 2023
[Security]
  * [jwe] A large number in p2c parameter for PBKDF2 based encryptions could cause a DoS attack,
    similar to https://nvd.nist.gov/vuln/detail/CVE-2022-36083.  All users should upgrade, as
    unlike v2, v1 attempts to decrypt JWEs on JWTs by default.
    [GHSA-7f9x-gw85-8grf]

[Bug Fixes]


    

  • [jwk] jwk.Set(jwk.KeyOpsKey, <jwk.KeyOperation>) now works (previously, either
Set(.., <string>) or Set(..., []jwk.KeyOperation{...}) worked, but not a single
jwk.KeyOperation

[SECURITY] v1.2.26

v1.2.26 - 14 Jun 2023
[Security]
  * Potential Padding Oracle Attack Vulnerability and Timing Attack Vulnerability
    for JWE AES-CBC encrypted payloads affecting all v2 releases up to v2.0.10,
    all v1 releases up to v1.2.25, and all v0 releases up to v0.9.2 have been reported by
    @shogo82148.

Please note that v0 versions will NOT receive fixes.
This release fixes these vulnerabilities for the v1 series.

... (truncated)

Changelog

Sourced from github.com/lestrrat-go/jwx's changelog.

v1.2.29 07 Mar 2024

  • [jwe] Added jwe.Settings(jwe.WithMaxDecompressBufferSize(int64)) to specify the maximum size of a decompressed JWE payload. The default value is 10MB. If you are compressing payloads greater than this, you need to explicitly set it.

    Unlike in v2, there is no way to set this globally. Please use v2 if this is required.

v1.2.28 09 Jan 2024 [Security Fixes]

  • [jws] JWS messages formated in full JSON format (i.e. not the compact format, which consists of three base64 strings concatenated with a '.') with missing "protected" headers could cause a panic, thereby introducing a possiblity of a DoS.

    This has been fixed so that the jws.Parse function succeeds in parsing a JWS message lacking a protected header. Calling jws.Verify on this same JWS message will result in a failed verification attempt. Note that this behavior will differ slightly when parsing JWS messages in compact form, which result in an error.

v1.2.27 - 03 Dec 2023 [Security]

[Bug Fixes]

  • [jwk] jwk.Set(jwk.KeyOpsKey, <jwk.KeyOperation>) now works (previously, either Set(.., ) or Set(..., []jwk.KeyOperation{...}) worked, but not a single jwk.KeyOperation

v1.2.26 - 14 Jun 2023 [Security]

  • Potential Padding Oracle Attack Vulnerability and Timing Attack Vulnerability for JWE AES-CBC encrypted payloads affecting all v2 releases up to v2.0.10, all v1 releases up to v1.2.25, and all v0 releases up to v0.9.2 have been reported by @​shogo82148.

    Please note that v0 versions will NOT receive fixes. This release fixes these vulnerabilities for the v1 series.

[Miscellaneous]

  • JWE tests now only run algorithms that are supported by the underlying jose tool

v1.2.25 23 May 2022 [Bug Fixes][Security]

  • [jwe] An old bug from at least 7 years ago existed in handling AES-CBC unpadding, where the unpad operation might remove more bytes than necessary (#744) This affects all jwx code that is available before v2.0.2 and v1.2.25.

... (truncated)

Commits

Updates go.opentelemetry.io/otel/sdk from 1.39.0 to 1.40.0

Changelog

Sourced from go.opentelemetry.io/otel/sdk's changelog.

[1.40.0/0.62.0/0.16.0] 2026-02-02

Added

  • Add AlwaysRecord sampler in go.opentelemetry.io/otel/sdk/trace. (#7724)
  • Add Enabled method to all synchronous instrument interfaces (Float64Counter, Float64UpDownCounter, Float64Histogram, Float64Gauge, Int64Counter, Int64UpDownCounter, Int64Histogram, Int64Gauge,) in go.opentelemetry.io/otel/metric. This stabilizes the synchronous instrument enabled feature, allowing users to check if an instrument will process measurements before performing computationally expensive operations. (#7763)
  • Add go.opentelemetry.io/otel/semconv/v1.39.0 package. The package contains semantic conventions from the v1.39.0 version of the OpenTelemetry Semantic Conventions. See the migration documentation for information on how to upgrade from go.opentelemetry.io/otel/semconv/v1.38.0. (#7783, #7789)

Changed

  • Improve the concurrent performance of HistogramReservoir in go.opentelemetry.io/otel/sdk/metric/exemplar by 4x. (#7443)
  • Improve the concurrent performance of FixedSizeReservoir in go.opentelemetry.io/otel/sdk/metric/exemplar. (#7447)
  • Improve performance of concurrent histogram measurements in go.opentelemetry.io/otel/sdk/metric. (#7474)
  • Improve performance of concurrent synchronous gauge measurements in go.opentelemetry.io/otel/sdk/metric. (#7478)
  • Add experimental observability metrics in go.opentelemetry.io/otel/exporters/stdout/stdoutmetric. (#7492)
  • Exporter in go.opentelemetry.io/otel/exporters/prometheus ignores metrics with the scope go.opentelemetry.io/contrib/bridges/prometheus. This prevents scrape failures when the Prometheus exporter is misconfigured to get data from the Prometheus bridge. (#7688)
  • Improve performance of concurrent exponential histogram measurements in go.opentelemetry.io/otel/sdk/metric. (#7702)
  • The rpc.grpc.status_code attribute in the experimental metrics emitted from go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc is replaced with the rpc.response.status_code attribute to align with the semantic conventions. (#7854)
  • The rpc.grpc.status_code attribute in the experimental metrics emitted from go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc is replaced with the rpc.response.status_code attribute to align with the semantic conventions. (#7854)

Fixed

  • Fix bad log message when key-value pairs are dropped because of key duplication in go.opentelemetry.io/otel/sdk/log. (#7662)
  • Fix DroppedAttributes on Record in go.opentelemetry.io/otel/sdk/log to not count the non-attribute key-value pairs dropped because of key duplication. (#7662)
  • Fix SetAttributes on Record in go.opentelemetry.io/otel/sdk/log to not log that attributes are dropped when they are actually not dropped. (#7662)
  • Fix missing request.GetBody in go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp to correctly handle HTTP/2 GOAWAY frame. (#7794)
  • WithHostID detector in go.opentelemetry.io/otel/sdk/resource to use full path for ioreg command on Darwin (macOS). (#7818)

Deprecated

Commits
  • a3a5317 Release v1.40.0 (#7859)
  • 77785da chore(deps): update github/codeql-action action to v4.32.1 (#7858)
  • 56fa1c2 chore(deps): update module github.com/clipperhouse/uax29/v2 to v2.5.0 (#7857)
  • 298cbed Upgrade semconv use to v1.39.0 (#7854)
  • 3264bf1 refactor: modernize code (#7850)
  • fd5d030 chore(deps): update module github.com/grpc-ecosystem/grpc-gateway/v2 to v2.27...
  • 8d3b4cb chore(deps): update actions/cache action to v5.0.3 (#7847)
  • 91f7cad chore(deps): update github.com/timakin/bodyclose digest to 73d1f95 (#7845)
  • fdad1eb chore(deps): update module github.com/grpc-ecosystem/grpc-gateway/v2 to v2.27...
  • c46d3ba chore(deps): update golang.org/x/telemetry digest to fcf36f6 (#7843)
  • Additional commits viewable in compare view

Updates filippo.io/edwards25519 from 1.1.0 to 1.1.1

Commits

Updates github.com/nats-io/nats-server/v2 from 2.10.14 to 2.11.12

Release notes

Sourced from github.com/nats-io/nats-server/v2's releases.

Release v2.11.12

Changelog

Refer to the 2.11 Upgrade Guide for backwards compatibility notes with 2.10.x.

Go Version

Dependencies

  • github.com/nats-io/nkeys v0.4.12 (#7578)
  • github.com/antithesishq/antithesis-sdk-go v0.5.0-default-no-op (#7604)
  • github.com/klauspost/compress v1.18.3 (#7736)
  • golang.org/x/crypto v0.47.0 (#7736)
  • golang.org/x/sys v0.40.0 (#7736)
  • github.com/google/go-tpm v0.9.8 (#7696)
  • github.com/nats-io/nats.go v1.48.0 (#7696)

Added

General

  • Added WebSocket-specific ping interval configuration with ping_internal in the websocket block (#7614)

Monitoring

  • Added tls_cert_not_after to the varz monitoring endpoint for showing when TLS certificates are due to expire (#7709)

Improved

JetStream

  • The scan for the last sourced message sequence when setting up a subject-filtered source is now considerably faster (#7553)
  • Consumer interest checks on interest-based streams are now significantly faster when there are large gaps in interest (#7656)
  • Creating consumer file stores no longer contends on the stream lock, improving consumer create performance on heavily loaded streams (#7700)
  • Recalculating num pending with updated filter subjects no longer gathers and sorts the subject filter list twice (#7772)
  • Switching to interest-based retention will now remove no-interest messages from the head of the stream (#7766)

MQTT

  • Retained messages will now work correctly even when sourced from a different account and has a subject transform (#7636)

Fixed

General

  • WebSocket connections will now correctly limit the buffer size during decompression (#7625, thanks to Pavel Kokout at Aisle Research)
  • The config parser now correctly detects and errors on self-referencing environment variables (#7737)
  • Internal functions for handling headers should no longer corrupt message bodies if appended (#7752)

... (truncated)

Commits
  • 2d97cb7 Release v2.11.12
  • ea9680a Cherry-picks for 2.11.12 (#7776)
  • eb53e0d [IMPROVED] Remove no interest messages from head of stream
  • dc0d365 [FIXED] Many concurrent checkInterestState goroutines
  • 360db02 [FIXED] Interest stream desync after consumer filter update
  • 74802ff [IMPROVED] Simplify recalculate pending with updated filter subject(s)
  • 6f77800 Release v2.11.12-RC.7
  • 134ebc2 Revert "Perform _writeFullState under read lock only"
  • ddd1442 Release v2.11.12-RC.6
  • 59b2eb8 Cherry-picks for 2.11.12-RC.6 (#7768)
  • Additional commits viewable in compare view

Updates go.opentelemetry.io/otel/sdk from 1.39.0 to 1.40.0

Changelog

Sourced from go.opentelemetry.io/otel/sdk's changelog.

[1.40.0/0.62.0/0.16.0] 2026-02-02

Added

  • Add AlwaysRecord sampler in go.opentelemetry.io/otel/sdk/trace. (#7724)
  • Add Enabled method to all synchronous instrument interfaces (Float64Counter, Float64UpDownCounter, Float64Histogram, Float64Gauge, Int64Counter, Int64UpDownCounter, Int64Histogram, Int64Gauge,) in go.opentelemetry.io/otel/metric. This stabilizes the synchronous instrument enabled feature, allowing users to check if an instrument will process measurements before performing computationally expensive operations. (#7763)
  • Add go.opentelemetry.io/otel/semconv/v1.39.0 package. The package contains semantic conventions from the v1.39.0 version of the OpenTelemetry Semantic Conventions. See the migration documentation for information on how to upgrade from go.opentelemetry.io/otel/semconv/v1.38.0. (#7783, #7789)

Changed

  • Improve the concurrent performance of HistogramReservoir in go.opentelemetry.io/otel/sdk/metric/exemplar by 4x. (#7443)
  • Improve the concurrent performance of FixedSizeReservoir in go.opentelemetry.io/otel/sdk/metric/exemplar. (#7447)
  • Improve performance of concurrent histogram measurements in go.opentelemetry.io/otel/sdk/metric. (#7474)
  • Improve performance of concurrent synchronous gauge measurements in go.opentelemetry.io/otel/sdk/metric. (#7478)
  • Add experimental observability metrics in go.opentelemetry.io/otel/exporters/stdout/stdoutmetric. (#7492)
  • Exporter in go.opentelemetry.io/otel/exporters/prometheus ignores metrics with the scope go.opentelemetry.io/contrib/bridges/prometheus. This prevents scrape failures when the Prometheus exporter is misconfigured to get data from the Prometheus bridge. (#7688)
  • Improve performance of concurrent exponential histogram measurements in go.opentelemetry.io/otel/sdk/metric. (#7702)
  • The rpc.grpc.status_code attribute in the experimental metrics emitted from go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc is replaced with the rpc.response.status_code attribute to align with the semantic conventions. (#7854)
  • The rpc.grpc.status_code attribute in the experimental metrics emitted from go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc is replaced with the rpc.response.status_code attribute to align with the semantic conventions. (#7854)

Fixed

  • Fix bad log message when key-value pairs are dropped because of key duplication in go.opentelemetry.io/otel/sdk/log. (#7662)
  • Fix DroppedAttributes on Record in go.opentelemetry.io/otel/sdk/log to not count the non-attribute key-value pairs dropped because of key duplication. (#7662)
  • Fix SetAttributes on Record in go.opentelemetry.io/otel/sdk/log to not log that attributes are dropped when they are actually not dropped. (#7662)
  • Fix missing request.GetBody in go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp to correctly handle HTTP/2 GOAWAY frame. (#7794)
  • WithHostID detector in go.opentelemetry.io/otel/sdk/resource to use full path for ioreg command on Darwin (macOS). (#7818)

Deprecated

Commits
  • a3a5317 Release v1.40.0 (#7859)
  • 77785da chore(deps): update github/codeql-action action to v4.32.1 (#7858)
  • 56fa1c2 chore(deps): update module github.com/clipperhouse/uax29/v2 to v2.5.0 (#7857)
  • 298cbed Upgrade semconv use to v1.39.0 (#7854)
  • 3264bf1 refactor: modernize code (#7850)
  • fd5d030 chore(deps): update module github.com/grpc-ecosystem/grpc-gateway/v2 to v2.27...
  • 8d3b4cb chore(deps): update actions/cache action to v5.0.3 (#7847)
  • 91f7cad chore(deps): update github.com/timakin/bodyclose digest to 73d1f95 (#7845)
  • fdad1eb chore(deps): update module github.com/grpc-ecosystem/grpc-gateway/v2 to v2.27...
  • c46d3ba chore(deps): update golang.org/x/telemetry digest to fcf36f6 (#7843)
  • Additional commits viewable in compare view

Updates filippo.io/edwards25519 from 1.1.0 to 1.1.1

Commits

Updates golang.org/x/crypto from 0.33.0 to 0.45.0

Commits
  • 4e0068c go.mod: update golang.org/x dependencies
  • e79546e ssh: curb GSSAPI DoS risk by limiting number of specified OIDs
  • f91f7a7 ssh/agent: prevent panic on malformed constraint
  • 2df4153 acme/autocert: let automatic renewal work with short lifetime certs
  • bcf6a84 acme: pass context to request
  • b4f2b62 ssh: fix error message on unsupported cipher
  • 79ec3a5 ssh: allow to bind to a hostname in remote forwarding
  • 122a78f go.mod: update golang.org/x dependencies
  • c0531f9 all: eliminate vet diagnostics
  • 0997000 all: fix some comments
  • Additional commits viewable in compare view

Updates golang.org/x/net from 0.35.0 to 0.47.0

Commits
  • e1fcd82 html: properly handle trailing solidus in unquoted attribute value in foreign...
  • ebed060 internal/http3: fix build of tests with GOEXPERIMENT=nosynctest
  • 1f1fa29 publicsuffix: regenerate table
  • 1215081 http2: improve error when server sends HTTP/1
  • 312450e html: ensure <search> tag closes <p> and update tests
  • 09731f9 http2: improve handling of lost PING in Server
  • 55989e2 http2/h2c: use ResponseController for hijacking connections
  • 2914f46 websocket: re-recommend gorilla/websocket
  • 99b3ae0 go.mod: update golang.org/x dependencies
  • 85d1d54 go.mod: update golang.org/x dependencies
  • Additional commits viewable in compare view

Updates golang.org/x/net from 0.27.0 to 0.38.0

Commits
  • e1fcd82 html: properly handle trailing solidus in unquoted attribute value in foreign...
  • ebed060 internal/http3: fix build of tests with GOEXPERIMENT=nosynctest
  • 1f1fa29 publicsuffix: regenerate table
  • 1215081 http2: improve error when server sends HTTP/1
  • 312450e html: ensure <search> tag closes <p> and update tests
  • 09731f9 http2: improve handling of lost PING in Server
  • 55989e2 http2/h2c: use ResponseController for hijacking connections
  • 2914f46 websocket: re-recommend gorilla/websocket
  • 99b3ae0 go.mod: update golang.org/x dependencies
  • 85d1d54 go.mod: update golang.org/x dependencies
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Mar 1, 2026
This was referenced Mar 1, 2026
Closed
Closed
@dependabot dependabot bot force-pushed the dependabot/go_modules/go_modules-d1ec3229fc branch 4 times, most recently from 274a6f5 to 439f10f Compare March 4, 2026 15:27
@dependabot
chore(deps): bump the go_modules group across 4 directories with 8 up…
efbe10c 
…dates

Bumps the go_modules group with 6 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [github.com/docker/docker](https://github.com/docker/docker) | `25.0.5+incompatible` | `25.0.13+incompatible` |
| [github.com/nats-io/nats-server/v2](https://github.com/nats-io/nats-server) | `2.10.14` | `2.11.12` |
| [github.com/ollama/ollama](https://github.com/ollama/ollama) | `0.11.4` | `0.14.0` |
| [github.com/lestrrat-go/jwx](https://github.com/lestrrat-go/jwx) | `1.1.7` | `1.2.29` |
| [go.opentelemetry.io/otel/sdk](https://github.com/open-telemetry/opentelemetry-go) | `1.39.0` | `1.40.0` |
| [filippo.io/edwards25519](https://github.com/FiloSottile/edwards25519) | `1.1.0` | `1.1.1` |

Bumps the go_modules group with 3 updates in the /operator directory: [github.com/nats-io/nats-server/v2](https://github.com/nats-io/nats-server), [go.opentelemetry.io/otel/sdk](https://github.com/open-telemetry/opentelemetry-go) and [filippo.io/edwards25519](https://github.com/FiloSottile/edwards25519).
Bumps the go_modules group with 1 update in the /for-mac directory: [golang.org/x/crypto](https://github.com/golang/crypto).
Bumps the go_modules group with 1 update in the /sandbox/dns-proxy directory: [golang.org/x/net](https://github.com/golang/net).


Updates `github.com/docker/docker` from 25.0.5+incompatible to 25.0.13+incompatible
- [Release notes](https://github.com/docker/docker/releases)
- [Commits](moby/moby@v25.0.5...v25.0.13)

Updates `github.com/nats-io/nats-server/v2` from 2.10.14 to 2.11.12
- [Release notes](https://github.com/nats-io/nats-server/releases)
- [Changelog](https://github.com/nats-io/nats-server/blob/main/RELEASES.md)
- [Commits](nats-io/nats-server@v2.10.14...v2.11.12)

Updates `github.com/ollama/ollama` from 0.11.4 to 0.14.0
- [Release notes](https://github.com/ollama/ollama/releases)
- [Commits](ollama/ollama@v0.11.4...v0.14.0)

Updates `github.com/lestrrat-go/jwx` from 1.1.7 to 1.2.29
- [Release notes](https://github.com/lestrrat-go/jwx/releases)
- [Changelog](https://github.com/lestrrat-go/jwx/blob/v1.2.29/Changes)
- [Commits](lestrrat-go/jwx@v1.1.7...v1.2.29)

Updates `go.opentelemetry.io/otel/sdk` from 1.39.0 to 1.40.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](open-telemetry/opentelemetry-go@v1.39.0...v1.40.0)

Updates `filippo.io/edwards25519` from 1.1.0 to 1.1.1
- [Commits](FiloSottile/edwards25519@v1.1.0...v1.1.1)

Updates `github.com/nats-io/nats-server/v2` from 2.10.14 to 2.11.12
- [Release notes](https://github.com/nats-io/nats-server/releases)
- [Changelog](https://github.com/nats-io/nats-server/blob/main/RELEASES.md)
- [Commits](nats-io/nats-server@v2.10.14...v2.11.12)

Updates `go.opentelemetry.io/otel/sdk` from 1.39.0 to 1.40.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](open-telemetry/opentelemetry-go@v1.39.0...v1.40.0)

Updates `filippo.io/edwards25519` from 1.1.0 to 1.1.1
- [Commits](FiloSottile/edwards25519@v1.1.0...v1.1.1)

Updates `golang.org/x/crypto` from 0.33.0 to 0.45.0
- [Commits](golang/crypto@v0.33.0...v0.45.0)

Updates `golang.org/x/net` from 0.35.0 to 0.47.0
- [Commits](golang/net@v0.27.0...v0.38.0)

Updates `golang.org/x/net` from 0.27.0 to 0.38.0
- [Commits](golang/net@v0.27.0...v0.38.0)

---
updated-dependencies:
- dependency-name: github.com/docker/docker
  dependency-version: 25.0.13+incompatible
  dependency-type: direct:production
  dependency-group: go_modules
- dependency-name: github.com/nats-io/nats-server/v2
  dependency-version: 2.11.12
  dependency-type: direct:production
  dependency-group: go_modules
- dependency-name: github.com/ollama/ollama
  dependency-version: 0.14.0
  dependency-type: direct:production
  dependency-group: go_modules
- dependency-name: github.com/lestrrat-go/jwx
  dependency-version: 1.2.29
  dependency-type: indirect
  dependency-group: go_modules
- dependency-name: go.opentelemetry.io/otel/sdk
  dependency-version: 1.40.0
  dependency-type: indirect
  dependency-group: go_modules
- dependency-name: filippo.io/edwards25519
  dependency-version: 1.1.1
  dependency-type: indirect
  dependency-group: go_modules
- dependency-name: github.com/nats-io/nats-server/v2
  dependency-version: 2.11.12
  dependency-type: indirect
  dependency-group: go_modules
- dependency-name: go.opentelemetry.io/otel/sdk
  dependency-version: 1.40.0
  dependency-type: indirect
  dependency-group: go_modules
- dependency-name: filippo.io/edwards25519
  dependency-version: 1.1.1
  dependency-type: indirect
  dependency-group: go_modules
- dependency-name: golang.org/x/crypto
  dependency-version: 0.45.0
  dependency-type: indirect
  dependency-group: go_modules
- dependency-name: golang.org/x/net
  dependency-version: 0.47.0
  dependency-type: indirect
  dependency-group: go_modules
- dependency-name: golang.org/x/net
  dependency-version: 0.38.0
  dependency-type: indirect
  dependency-group: go_modules
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot force-pushed the dependabot/go_modules/go_modules-d1ec3229fc branch from 439f10f to efbe10c Compare March 4, 2026 18:56
@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Mar 6, 2026

Looks like these dependencies are updatable in another way, so this is no longer needed.

@dependabot dependabot bot closed this Mar 6, 2026
@dependabot dependabot bot deleted the dependabot/go_modules/go_modules-d1ec3229fc branch March 6, 2026 18:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file go Pull requests that update Go code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants