fix(deps): update module github.com/segmentio/kafka-go to v0.4.49 #51

[DP-1901] - Convert Wurstmeister Kafka image to Bitnami for Kafka-go by @ssingudasu in #1255
Fix RetentionTime error in documentation default is -1 by @ivanvs in #1260
writer: use 'halve' instead of 'half' by @kevinburkesegment in #1273
fix typo by @su5kk in #1302
Makefile: use docker compose not docker-compose by @kevinburkesegment in #1309
Add ErrorType method to MessageTooLargeError by @AndrewShearBayer in #1311
Fixes some flaky tests in the build as well as the case when tests start before kafka is ready by @nachogiljaldo in #1349
example groupID case fix by @gam6itko in #1376
chore: fix flaky TestRebalanceTooManyConsumers by @petedannemann in #1380
Add title and description for FencedInstanceID by @jessekempf in #1370
docs: fix typos and comments by @KendrickLLMar in #1382
chore: test against kafka 3.7 and remove old versions of kafka from CI by @petedannemann in #1381
feat: Kafka 4.0 support by @maxwolf8852 in #1384

New Contributors

@ssingudasu made their first contribution in #1255
@ivanvs made their first contribution in #1260
@su5kk made their first contribution in #1302
@AndrewShearBayer made their first contribution in #1311
@nachogiljaldo made their first contribution in #1349
@gam6itko made their first contribution in #1376
@jessekempf made their first contribution in #1370
@KendrickLLMar made their first contribution in #1382
@maxwolf8852 made their first contribution in #1384

Full Changelog: segmentio/kafka-go@v0.4.47...v0.4.48

`v0.4.47`

Compare Source

What's Changed

Add RawProduce API by @apacker in #1233
fix: data race in roundrobin balancer by @petedannemann in #1251

New Contributors

@apacker made their first contribution in #1233

Full Changelog: segmentio/kafka-go@v0.4.46...v0.4.47

`v0.4.46`

Compare Source

What's Changed

Docs: Fix import error in Writer code example in README by @VMois in #1234
Add Chunk Size to RR Balancer (Increased Batching Ability) by @erushing in #1232

New Contributors

@VMois made their first contribution in #1234
@erushing made their first contribution in #1232

Full Changelog: segmentio/kafka-go@v0.4.45...v0.4.46

`v0.4.45`

Compare Source

What's Changed

Changed AlterPartitionReassignments request to support multiple topics by @bgranvea in #1204
Implementation of ListPartitionReassignments API by @bgranvea in #1203
add methods for parsing and stringifying acl related resources by @petedannemann in #1218

Full Changelog: segmentio/kafka-go@v0.4.44...v0.4.45

`v0.4.44`

Compare Source

What's Changed

add context to ReadMessage errors by @mrkagelui in #1199
Fix writer code example by @rouzier in #1201
Fix config related stats for a default writer config by @sharpyfox in #1202
Bump golang.org/x/net from 0.7.0 to 0.17.0 by @dependabot in #1209

New Contributors

@mrkagelui made their first contribution in #1199
@rouzier made their first contribution in #1201
@sharpyfox made their first contribution in in #1202

Full Changelog: segmentio/kafka-go@v0.4.43...v0.4.44

`v0.4.43`

Compare Source

What's Changed

run tests against unsafe tag as well by @rhansen2 in #1159
offsetfetch request topics are now nullable by @amortezaei in #1162
Adds attempt number to log message when failing to write messages by @jcarter3 in #1165
support userscramcredentials apis by @petedannemann in #1168
Support describeacls by @petedannemann in #1166
Deleteacls support by @petedannemann in #1174

New Contributors

@amortezaei made their first contribution in #1162
@jcarter3 made their first contribution in #1165

Full Changelog: segmentio/kafka-go@v0.4.42...v0.4.43

`v0.4.42`

Compare Source

What's Changed

Add float64 operations to reflect unsafe by @mhmtszr in #1158

Full Changelog: segmentio/kafka-go@v0.4.41...v0.4.42

`v0.4.41`

Compare Source

What's Changed

Fix doc example for break from retryer on success by @lanzay in #1129
remove MinBytes from README examples by @rhansen2 in #1137
CreateTopics: only suppress topic already exists errors by @rhansen2 in #1136
KIP-546: Add Client Quota APIs by @petedannemann in #1119
add additional warning on WriteMessages() by @replay in #1139
Update xnet by @petedannemann in #1144
Writer: ensure batching logic factors in message headers by @dominicbarnes in #1132
Fix unnecessary topic metadata request by @mhmtszr in #1131

New Contributors

@lanzay made their first contribution in #1129
@petedannemann made their first contribution in #1119
@replay made their first contribution in #1139

Full Changelog: segmentio/kafka-go@v0.4.40...v0.4.41

`v0.4.40`

Compare Source

What's Changed

Remove runtime.Gosched by @sejin-P in #1086
Add DeleteGroups function to Client by @bgranvea in #1095
Fix various typos and disfluencies by @PleasingFungus in #1118
all: fix spelling errors by @kevinburkesegment in #1120
Don't invoke r.log() if not r.debug by @colega in #1110
Update SCRAM dependency by @SoMuchForSubtlety in #1108
add a new metric named batchQueueTime to track the batch time cost by @3AceShowHand in #1103
Add count/sum to SummaryStats and DurationStats. by @pstibrany in #1106
Not omit error in logger by @itechdima in #1096

New Contributors

@sejin-P made their first contribution in #1086
@bgranvea made their first contribution in #1095
@PleasingFungus made their first contribution in #1118
@kevinburkesegment made their first contribution in #1120
@colega made their first contribution in #1110
@SoMuchForSubtlety made their first contribution in #1108
@pstibrany made their first contribution in #1106
@itechdima made their first contribution in #1096

Full Changelog: segmentio/kafka-go@v0.4.39...v0.4.40

`v0.4.39`

Compare Source

What's Changed

Removed the outdated part of the documentation by @maksim77 in #1030
retract v0.4.36-v0.4.37 by @rhansen2 in #1045
add WriterData field to the message struct by @3AceShowHand in #1059
Change comment on MaxAttempts by @C-Pro in #1077
Use buffer pool for decompressed buffer by @ashishkf in #1063

New Contributors

@maksim77 made their first contribution in #1030
@3AceShowHand made their first contribution in #1059
@C-Pro made their first contribution in #1077
@ashishkf made their first contribution in #1063

Full Changelog: segmentio/kafka-go@v0.4.38...v0.4.39

`v0.4.38`

Compare Source

What's Changed

Revert client consumer group by @rhansen2 in #1027

Full Changelog: segmentio/kafka-go@v0.4.37...v0.4.38

`v0.4.37`

Compare Source

What's Changed

Fixes for consumer group by @rhansen2 in #1022

Full Changelog: segmentio/kafka-go@v0.4.36...v0.4.37

`v0.4.36`

Compare Source

What's Changed

Fix aws_msk_iam_v2 module Authentication failure bug by @kikyomits in #977
Use faster gzip package by @klauspost in #982
Refactor Consumer Group to use Client by @rhansen2 in #947
#726 make kafka reader message ReadBatchTimeout configurable by @moogacs in #989
Refine err msg in SetOffsetAt() by @haorenfsa in #1001
Support for offsetdelete by @a-dot in #1010
compress/snappy: configurable compression level by @chriso in #1014
Support metadata request v6 by @mtkopone in #1013
change writer retries stat from summary to counter by @achille-roussel in #1008
use useSyncCommits by @wsy6543 in #1017
Add WriteBackoffMin/Max config to Writer by @halkar in #1015

New Contributors

@klauspost made their first contribution in #982
@moogacs made their first contribution in #989
@haorenfsa made their first contribution in #1001
@a-dot made their first contribution in #1010
@chriso made their first contribution in #1014
@mtkopone made their first contribution in #1013
@wsy6543 made their first contribution in #1017
@halkar made their first contribution in #1015

Full Changelog: segmentio/kafka-go@v0.4.35...v0.4.36

`v0.4.35`

Compare Source

What's Changed

fix issue 971 by @achille-roussel in #973
Update WriteErrors error message by @mhmtszr in #964
feat(reader): handle io.ErrNoProgress more gracefully by @dominicbarnes in #941

New Contributors

@mhmtszr made their first contribution in #964

Full Changelog: segmentio/kafka-go@v0.4.34...v0.4.35

`v0.4.34`

Compare Source

What's Changed

Updated Writer and Reader docs to show use of multiple brokers. by @lakamsani in #959
feat: added aws-sdk-go-v2 IAM Mechanism for MSK authentication by @kikyomits in #937

New Contributors

@lakamsani made their first contribution in #959
@kikyomits made their first contribution in #937

Full Changelog: segmentio/kafka-go@v0.4.33...v0.4.34

`v0.4.33`

Compare Source

What's Changed

add consumer group apis to client by @rhansen2 in #943
Update go dependencies by @mswathi-tw in #945
fix typos in group structs by @rhansen2 in #946
protocol: Use standardized result type checking by @nlsun in #942
fix(protocol): fix type assertion error by @kscooo in #931
re-order protocol/joingroup response fields by @rhansen2 in #949

New Contributors

@mswathi-tw made their first contribution in #945
@kscooo made their first contribution in #931

Full Changelog: segmentio/kafka-go@v0.4.32...v0.4.33

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

socket-security · 2025-05-14T16:17:56Z

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	github.com/segmentio/kafka-go@v0.4.32 ⏵ v0.4.49	⁺¹
	golang.org/x/net@v0.0.0-20220513224357-95641704303c ⏵ v0.38.0	⁺¹	⁺³¹

View full report

socket-security · 2025-05-14T16:17:58Z

Caution

Review the following alerts detected in dependencies.

According to your organization's Security Policy, you must resolve all "Block" alerts before proceeding. Learn more about Socket for GitHub.

Action	Severity	Alert (click "▶" to expand/collapse)
Block		`github.com/stretchr/[email protected]` Uses eval. Location: Package overview From: `?` → `golang/github.com/ClickHouse/[email protected]` → `golang/github.com/prometheus/[email protected]` → `golang/github.com/Shopify/[email protected]` → `golang/github.com/segmentio/[email protected]` → `golang/github.com/stretchr/[email protected]` ℹ Read more on: This package \| This alert \| What is dynamic code execution? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `[email protected]`. Suggestion: Avoid packages that use dynamic code execution like eval(), since this could potentially execute any code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore golang/github.com/stretchr/[email protected]`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Block		`golang.org/x/[email protected]` has Network access. Location: Package overview From: `?` → `golang/github.com/prometheus/[email protected]` → `golang/github.com/Shopify/[email protected]` → `golang/golang.org/x/[email protected]` → `golang/github.com/segmentio/[email protected]` → `golang/golang.org/x/[email protected]` ℹ Read more on: This package \| This alert \| What is network access? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `[email protected]`. Suggestion: Packages should remove all network access that is functionally unnecessary. Consumers should audit network access to ensure legitimate use. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore golang/golang.org/x/[email protected]`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Block		`golang.org/x/[email protected]` has Shell access. Location: Package overview From: `?` → `golang/github.com/prometheus/[email protected]` → `golang/github.com/Shopify/[email protected]` → `golang/golang.org/x/[email protected]` → `golang/github.com/segmentio/[email protected]` → `golang/golang.org/x/[email protected]` ℹ Read more on: This package \| This alert \| What is shell access? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `[email protected]`. Suggestion: Packages should avoid accessing the shell which can reduce portability, and make it easier for malicious shell access to be introduced. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore golang/golang.org/x/[email protected]`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Block		`golang.org/x/[email protected]` Uses eval. Location: Package overview From: `?` → `golang/github.com/prometheus/[email protected]` → `golang/github.com/Shopify/[email protected]` → `golang/golang.org/x/[email protected]` → `golang/github.com/segmentio/[email protected]` → `golang/golang.org/x/[email protected]` ℹ Read more on: This package \| This alert \| What is dynamic code execution? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `[email protected]`. Suggestion: Avoid packages that use dynamic code execution like eval(), since this could potentially execute any code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore golang/golang.org/x/[email protected]`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Block		`golang.org/x/[email protected]` has Filesystem access. Location: Package overview From: `?` → `golang/github.com/prometheus/[email protected]` → `golang/github.com/Shopify/[email protected]` → `golang/golang.org/x/[email protected]` → `golang/github.com/segmentio/[email protected]` → `golang/golang.org/x/[email protected]` ℹ Read more on: This package \| This alert \| What is filesystem access? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `[email protected]`. Suggestion: If a package must read the file system, clarify what it will read and ensure it reads only what it claims to. If appropriate, packages can leave file system access to consumers and operate on data passed to it instead. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore golang/golang.org/x/[email protected]`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Block		`golang.org/x/[email protected]` has Environment variable access. Location: Package overview From: `?` → `golang/github.com/prometheus/[email protected]` → `golang/github.com/Shopify/[email protected]` → `golang/golang.org/x/[email protected]` → `golang/github.com/segmentio/[email protected]` → `golang/golang.org/x/[email protected]` ℹ Read more on: This package \| This alert \| What is environment variable access? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `[email protected]`. Suggestion: Packages should be clear about which environment variables they access, and care should be taken to ensure they only access environment variables they claim to. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore golang/golang.org/x/[email protected]`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

renovate · 2025-08-21T23:33:26Z

ℹ Artifact update notice

File name: go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

The go directive was updated for compatibility reasons

Details:

Package	Change
`go`	`1.15` -> `1.23.0`

renovate bot force-pushed the renovate/github.com-segmentio-kafka-go-0.x branch from a324dfd to 9640fa6 Compare November 20, 2022 08:13

renovate bot changed the title ~~fix(deps): update module github.com/segmentio/kafka-go to v0.4.35~~ fix(deps): update module github.com/segmentio/kafka-go to v0.4.38 Nov 20, 2022

renovate bot changed the title ~~fix(deps): update module github.com/segmentio/kafka-go to v0.4.38~~ fix(deps): update module github.com/segmentio/kafka-go to v0.4.39 Mar 12, 2023

renovate bot force-pushed the renovate/github.com-segmentio-kafka-go-0.x branch from 9640fa6 to de5fc3b Compare March 12, 2023 08:08

renovate bot changed the title ~~fix(deps): update module github.com/segmentio/kafka-go to v0.4.39~~ fix(deps): update module github.com/segmentio/kafka-go to v0.4.39 - autoclosed Apr 4, 2023

renovate bot closed this Apr 4, 2023

renovate bot deleted the renovate/github.com-segmentio-kafka-go-0.x branch April 4, 2023 00:38

renovate bot changed the title ~~fix(deps): update module github.com/segmentio/kafka-go to v0.4.39 - autoclosed~~ fix(deps): update module github.com/segmentio/kafka-go to v0.4.39 Apr 4, 2023

renovate bot reopened this Apr 4, 2023

renovate bot restored the renovate/github.com-segmentio-kafka-go-0.x branch April 4, 2023 11:07

renovate bot changed the title ~~fix(deps): update module github.com/segmentio/kafka-go to v0.4.39~~ fix(deps): update module github.com/segmentio/kafka-go to v0.4.40 May 28, 2023

renovate bot force-pushed the renovate/github.com-segmentio-kafka-go-0.x branch from de5fc3b to 574b5f7 Compare May 28, 2023 11:03

renovate bot changed the title ~~fix(deps): update module github.com/segmentio/kafka-go to v0.4.40~~ fix(deps): update module github.com/segmentio/kafka-go to v0.4.41 Jul 7, 2023

renovate bot force-pushed the renovate/github.com-segmentio-kafka-go-0.x branch from 574b5f7 to 04f1422 Compare July 7, 2023 18:27

renovate bot changed the title ~~fix(deps): update module github.com/segmentio/kafka-go to v0.4.41~~ fix(deps): update module github.com/segmentio/kafka-go to v0.4.42 Jul 8, 2023

renovate bot force-pushed the renovate/github.com-segmentio-kafka-go-0.x branch from 04f1422 to 9ffedc5 Compare July 8, 2023 00:33

renovate bot changed the title ~~fix(deps): update module github.com/segmentio/kafka-go to v0.4.42~~ fix(deps): update module github.com/segmentio/kafka-go to v0.4.43 Sep 22, 2023

renovate bot force-pushed the renovate/github.com-segmentio-kafka-go-0.x branch from 9ffedc5 to 4f87641 Compare September 22, 2023 19:10

renovate bot changed the title ~~fix(deps): update module github.com/segmentio/kafka-go to v0.4.43~~ fix(deps): update module github.com/segmentio/kafka-go to v0.4.44 Oct 12, 2023

renovate bot force-pushed the renovate/github.com-segmentio-kafka-go-0.x branch from 4f87641 to 88b661b Compare October 12, 2023 15:34

renovate bot changed the title ~~fix(deps): update module github.com/segmentio/kafka-go to v0.4.44~~ fix(deps): update module github.com/segmentio/kafka-go to v0.4.45 Nov 16, 2023

renovate bot force-pushed the renovate/github.com-segmentio-kafka-go-0.x branch from 88b661b to 53cd1c6 Compare November 16, 2023 23:00

renovate bot force-pushed the renovate/github.com-segmentio-kafka-go-0.x branch from 53cd1c6 to 30a301e Compare November 28, 2023 00:20

renovate bot changed the title ~~fix(deps): update module github.com/segmentio/kafka-go to v0.4.45~~ fix(deps): update module github.com/segmentio/kafka-go to v0.4.46 Nov 28, 2023

renovate bot force-pushed the renovate/github.com-segmentio-kafka-go-0.x branch from 30a301e to 604aa9f Compare December 13, 2023 16:47

renovate bot changed the title ~~fix(deps): update module github.com/segmentio/kafka-go to v0.4.46~~ fix(deps): update module github.com/segmentio/kafka-go to v0.4.47 Dec 13, 2023

renovate bot force-pushed the renovate/github.com-segmentio-kafka-go-0.x branch from 604aa9f to 148350b Compare May 14, 2025 16:15

renovate bot changed the title ~~fix(deps): update module github.com/segmentio/kafka-go to v0.4.47~~ fix(deps): update module github.com/segmentio/kafka-go to v0.4.48 May 14, 2025

fix(deps): update module github.com/segmentio/kafka-go to v0.4.49

6e82451

renovate bot force-pushed the renovate/github.com-segmentio-kafka-go-0.x branch from 148350b to 6e82451 Compare August 21, 2025 23:33

renovate bot changed the title ~~fix(deps): update module github.com/segmentio/kafka-go to v0.4.48~~ fix(deps): update module github.com/segmentio/kafka-go to v0.4.49 Aug 21, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

fix(deps): update module github.com/segmentio/kafka-go to v0.4.49 #51

fix(deps): update module github.com/segmentio/kafka-go to v0.4.49 #51

Uh oh!

renovate bot commented Sep 25, 2022 •

edited

Loading

Uh oh!

socket-security bot commented May 14, 2025 •

edited

Loading

Uh oh!

socket-security bot commented May 14, 2025 •

edited

Loading

Uh oh!

renovate bot commented Aug 21, 2025

Uh oh!

Uh oh!

fix(deps): update module github.com/segmentio/kafka-go to v0.4.49 #51

Are you sure you want to change the base?

fix(deps): update module github.com/segmentio/kafka-go to v0.4.49 #51

Uh oh!

Conversation

renovate bot commented Sep 25, 2022 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Release Notes

What's Changed

New Contributors

What's Changed

New Contributors

What's Changed

New Contributors

What's Changed

New Contributors

What's Changed

What's Changed

New Contributors

What's Changed

New Contributors

What's Changed

What's Changed

New Contributors

What's Changed

New Contributors

What's Changed

New Contributors

What's Changed

What's Changed

What's Changed

New Contributors

What's Changed

New Contributors

What's Changed

New Contributors

What's Changed

New Contributors

Configuration

Uh oh!

socket-security bot commented May 14, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

socket-security bot commented May 14, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

renovate bot commented Aug 21, 2025

ℹ Artifact update notice

File name: go.mod

Uh oh!

Uh oh!

renovate bot commented Sep 25, 2022 •

edited

Loading

socket-security bot commented May 14, 2025 •

edited

Loading

socket-security bot commented May 14, 2025 •

edited

Loading