Skip to content

build(deps): Bump the go-deps group with 7 updates#22

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/go_modules/go-deps-cc312db730
Open

build(deps): Bump the go-deps group with 7 updates#22
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/go_modules/go-deps-cc312db730

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 4, 2026

Bumps the go-deps group with 7 updates:

Package From To
github.com/cockroachdb/errors 1.12.0 1.13.0
github.com/go-sql-driver/mysql 1.9.3 1.10.0
github.com/mark3labs/mcp-go 0.49.0 0.50.0
github.com/mattn/go-sqlite3 1.14.42 1.14.44
github.com/redis/go-redis/v9 9.18.0 9.19.0
go.uber.org/zap 1.27.1 1.28.0
google.golang.org/grpc 1.80.0 1.81.0

Updates github.com/cockroachdb/errors from 1.12.0 to 1.13.0

Release notes

Sourced from github.com/cockroachdb/errors's releases.

v1.13.0

What's Changed

New Contributors

Full Changelog: cockroachdb/errors@v1.12.0...v1.13.0

Commits
  • fc93249 Merge pull request #159 from denniszag/fix/sentry-go-v0.46-compat
  • ad7454c report: migrate Event.Extra to Event.Contexts (sentry-go v0.46+ compat)
  • 3c36bbd Merge pull request #160 from cockroachdb/davidh/bump-go-1.25
  • d948846 Merge branch 'master' into davidh/bump-go-1.25
  • 8d8efb9 build: bump min Go version to 1.25, add 1.26 to CI matrix
  • 6480126 Merge pull request #153 from cockroachdb/jeffswenson-optimize-errors-is
  • 3a21e3d errbase: optimize errors.Is
  • 35263d8 benchmark: add a benchmark for the errors package
  • See full diff in compare view

Updates github.com/go-sql-driver/mysql from 1.9.3 to 1.10.0

Release notes

Sourced from github.com/go-sql-driver/mysql's releases.

v1.10.0

What's Changed

New Contributors

Full Changelog: go-sql-driver/mysql@v1.9.2...v1.10.0

Changelog

Sourced from github.com/go-sql-driver/mysql's changelog.

v1.10.0 (2026-04-28)

  • Fix getSystemVar("max_allowed_packet") potentially returned wrong value. (#1754) This affects only when maxAllowedPacket=0 is set.

  • Bump filippo.io/edwards25519 from 1.1.1 to 1.2.0. (#1756) While older versions have reported CVEs, they do not affect go-mysql.

  • Update Go versions to 1.24-1.26. (#1763)

  • Enhance interpolateParams to correctly handle placeholders. (#1732) The question mark (?) within strings and comments will no longer be treated as a placeholder.

Commits

Updates github.com/mark3labs/mcp-go from 0.49.0 to 0.50.0

Commits
  • 62f00b7 Merge branch 'main' of github.com:mark3labs/mcp-go
  • b1c82f0 feat(server): opt-in input schema validation per SEP-1303 (#834)
  • e206095 feat: add ListPrompts and ListResources methods (#831)
  • dc2ea91 fix(examples): redirect hook output to stderr in everything server (#828)
  • 994ab43 Handle non-compliant JSON-RPC error responses where error is a string (#825)
  • c48486c feat: add WithInteger and WithIntegerItems options (#805)
  • See full diff in compare view

Updates github.com/mattn/go-sqlite3 from 1.14.42 to 1.14.44

Commits
  • 20826e8 Merge pull request #1394 from mattn/sqlite-amalgamation-3053000
  • 2d4d220 fix changelog URL when minor or patch version is zero
  • 3761cf7 Upgrade SQLite to version 3053000
  • 1aa7317 Merge pull request #1388 from mattn/stmt-cache-lru
  • c719e20 Merge pull request #1392 from mattn/fix-issue-1390-query-comment-panic
  • 869e516 fix panic when querying input with no SQL (only comments/whitespace)
  • 6690238 extract finalizeCachedStmt helper and drop redundant tail reset
  • 59e8e75 only set stmt cacheKey when cache is enabled
  • 2badb4c use slice len/cap for stmt cache instead of separate counters
  • 7716c20 evict LRU stmt when stmt cache is full
  • Additional commits viewable in compare view

Updates github.com/redis/go-redis/v9 from 9.18.0 to 9.19.0

Release notes

Sourced from github.com/redis/go-redis/v9's releases.

9.19.0

🚀 Highlights

FIPS-Compatible Script Helper

Script now supports a FIPS-safe execution mode that avoids client-side SHA-1 computation, which is blocked in strict FIPS environments. A new NewScriptServerSHA constructor uses SCRIPT LOAD to obtain and cache the digest from the server, then runs commands via EVALSHA/EVALSHA_RO. Falls back to EVAL/EVALRO if loading fails, and transparently retries once on NOSCRIPT. The default behavior is unchanged for existing users.

(#3700) by @​chaitanyabodlapati

FT.AGGREGATE Step-Based Pipeline Builder

Added a new step-based FT.AGGREGATE pipeline API via FTAggregateOptions.Steps, allowing LOAD, APPLY, GROUPBY, and SORTBY (with per-step MAX) to be repeated and interleaved in arbitrary order — matching Redis's native multi-stage aggregation semantics. The legacy Load/Apply/GroupBy/SortBy/SortByMax fields are now deprecated.

(#3782) by @​ndyakov

Raw RESP Protocol Access

Added DoRaw and DoRawWriteTo methods for executing arbitrary commands and reading the raw RESP response. Useful for proxying, custom protocol inspection, and working with commands not yet wrapped by go-redis.

(#3713) by @​ofekshenawa

Configurable Dial Retry Backoff

Added DialerRetryBackoff option (plumbed through Options, ClusterOptions, RingOptions, FailoverOptions) to let callers customize the delay between failed dial attempts. Helpers DialRetryBackoffConstant and DialRetryBackoffExponential (with jitter and cap) are provided out of the box. Dial timeout is now also applied per attempt rather than across all retries.

(#3706, #3705) by @​mwhooker

✨ New Features

  • FT.AGGREGATE Steps: Step-based pipeline builder for FT.AGGREGATE with support for repeated/interleaved LOAD, APPLY, GROUPBY, and SORTBY stages (#3782) by @​ndyakov
  • VectorSet commands: Added VISMEMBER and WITHATTRIBS support (#3753) by @​romanpovol
  • FIPS-safe Script: NewScriptServerSHA uses SCRIPT LOAD to obtain the digest from the server, avoiding client-side SHA-1 (#3700) by @​chaitanyabodlapati
  • Raw RESP access: DoRaw and DoRawWriteTo for raw RESP protocol access (#3713) by @​ofekshenawa
  • Dial retry backoff: DialerRetryBackoff function option with constant and exponential helpers (#3706) by @​mwhooker
  • Typed NOSCRIPT error: Redis NOSCRIPT replies are now surfaced as a typed error for easier handling (#3738) by @​LINKIWI
  • PubSub ClientSetName: Added ClientSetName method to PubSub (#3727) by @​Flack74
  • ReplicaOf: New ReplicaOf method replaces the deprecated SlaveOf (#3720) by @​Copilot
  • HSCAN BinaryUnmarshaler: HScan now supports types implementing encoding.BinaryUnmarshaler (#3768) by @​Aaditya-dubey1

🐛 Bug Fixes

  • Auto hostname type detection: Improved endpoint type detection for maintenance notifications using DNS-based classification; handles empty hosts and expanded private-IP ranges (#3789) by @​ndyakov
  • HELLO fallback: Don't send CLIENT MAINT_NOTIFICATIONS handshake when HELLO fails and connection falls back to RESP2; fail fast when explicitly enabled with RESP3 (#3788) by @​ndyakov
  • Dial TCP retry: ShouldRetry now treats net.OpError with Op == "dial" timeout errors as safe to retry since no command was sent (#3787) by @​vladisa88
  • wrappedOnClose leak: Fixed resource leak caused by repeatedly wrapping baseClient close logic; replaced with a bounded, concurrency-safe named-hook registry (#3785) by @​ndyakov
  • Pool Close() on stale connections: Suppress close errors (e.g., TLS closeNotify timeouts) for connections already dropped by the server due to idle timeout (#3778) by @​ofekshenawa
  • FIFO waiter ordering: Fixed race in ConnStateMachine.notifyWaiters that could wake multiple waiters under a single mutex hold and violate FIFO ordering (#3777) by @​0x48core
  • Lua READONLY detection: Detect READONLY errors embedded in Lua script error messages on read-only replicas so commands are correctly retried (#3769) by @​zhengjilei
  • VectorScoreSliceCmd RESP2: Fixed VSimWithScores, VSimWithArgsWithScores, and VLinksWithScores which were broken on RESP2 connections returning flat arrays instead of maps (#3767) by @​Copilot

... (truncated)

Changelog

Sourced from github.com/redis/go-redis/v9's changelog.

9.19.0 (2026-04-27)

🚀 Highlights

FIPS-Compatible Script Helper

Script now supports a FIPS-safe execution mode that avoids client-side SHA-1 computation, which is blocked in strict FIPS environments. A new NewScriptServerSHA constructor uses SCRIPT LOAD to obtain and cache the digest from the server, then runs commands via EVALSHA/EVALSHA_RO. Falls back to EVAL/EVALRO if loading fails, and transparently retries once on NOSCRIPT. The default behavior is unchanged for existing users.

(#3700) by @​chaitanyabodlapati

FT.AGGREGATE Step-Based Pipeline Builder

Added a new step-based FT.AGGREGATE pipeline API via FTAggregateOptions.Steps, allowing LOAD, APPLY, GROUPBY, and SORTBY (with per-step MAX) to be repeated and interleaved in arbitrary order — matching Redis's native multi-stage aggregation semantics. The legacy Load/Apply/GroupBy/SortBy/SortByMax fields are now deprecated.

(#3782) by @​ndyakov

Raw RESP Protocol Access

Added DoRaw and DoRawWriteTo methods for executing arbitrary commands and reading the raw RESP response. Useful for proxying, custom protocol inspection, and working with commands not yet wrapped by go-redis.

(#3713) by @​ofekshenawa

Configurable Dial Retry Backoff

Added DialerRetryBackoff option (plumbed through Options, ClusterOptions, RingOptions, FailoverOptions) to let callers customize the delay between failed dial attempts. Helpers DialRetryBackoffConstant and DialRetryBackoffExponential (with jitter and cap) are provided out of the box. Dial timeout is now also applied per attempt rather than across all retries.

(#3706, #3705) by @​mwhooker

✨ New Features

  • FT.AGGREGATE Steps: Step-based pipeline builder for FT.AGGREGATE with support for repeated/interleaved LOAD, APPLY, GROUPBY, and SORTBY stages (#3782) by @​ndyakov
  • VectorSet commands: Added VISMEMBER and WITHATTRIBS support (#3753) by @​romanpovol
  • FIPS-safe Script: NewScriptServerSHA uses SCRIPT LOAD to obtain the digest from the server, avoiding client-side SHA-1 (#3700) by @​chaitanyabodlapati
  • Raw RESP access: DoRaw and DoRawWriteTo for raw RESP protocol access (#3713) by @​ofekshenawa
  • Dial retry backoff: DialerRetryBackoff function option with constant and exponential helpers (#3706) by @​mwhooker
  • Typed NOSCRIPT error: Redis NOSCRIPT replies are now surfaced as a typed error for easier handling (#3738) by @​LINKIWI
  • PubSub ClientSetName: Added ClientSetName method to PubSub (#3727) by @​Flack74
  • ReplicaOf: New ReplicaOf method replaces the deprecated SlaveOf (#3720) by @​Copilot
  • HSCAN BinaryUnmarshaler: HScan now supports types implementing encoding.BinaryUnmarshaler (#3768) by @​Aaditya-dubey1

🐛 Bug Fixes

  • Auto hostname type detection: Improved endpoint type detection for maintenance notifications using DNS-based classification; handles empty hosts and expanded private-IP ranges (#3789) by @​ndyakov
  • HELLO fallback: Don't send CLIENT MAINT_NOTIFICATIONS handshake when HELLO fails and connection falls back to RESP2; fail fast when explicitly enabled with RESP3 (#3788) by @​ndyakov
  • Dial TCP retry: ShouldRetry now treats net.OpError with Op == "dial" timeout errors as safe to retry since no command was sent (#3787) by @​vladisa88
  • wrappedOnClose leak: Fixed resource leak caused by repeatedly wrapping baseClient close logic; replaced with a bounded, concurrency-safe named-hook registry (#3785) by @​ndyakov
  • Pool Close() on stale connections: Suppress close errors (e.g., TLS closeNotify timeouts) for connections already dropped by the server due to idle timeout (#3778) by @​ofekshenawa
  • FIFO waiter ordering: Fixed race in ConnStateMachine.notifyWaiters that could wake multiple waiters under a single mutex hold and violate FIFO ordering (#3777) by @​0x48core
  • Lua READONLY detection: Detect READONLY errors embedded in Lua script error messages on read-only replicas so commands are correctly retried (#3769) by @​zhengjilei
  • VectorScoreSliceCmd RESP2: Fixed VSimWithScores, VSimWithArgsWithScores, and VLinksWithScores which were broken on RESP2 connections returning flat arrays instead of maps (#3767) by @​Copilot

... (truncated)

Commits
  • e7e9866 chore(release): v9.19.0 (#3796)
  • 22b26f4 feat(ft.aggregate): Add Steps for query building (#3782)
  • d9d7694 fix(pool): two fixes for closed connection handling (#3764)
  • 44e8b73 fix(sch): auto hostname type detection (#3789)
  • ad21622 fix(hello): do not send maintnotifications handshake when hello fails (#3788)
  • 1a7ac74 fix(pool): suppress pool Close() errors for stale connections (#3778)
  • 903d6bd fix(retry): make dial tcp error redirectable (#3786) (#3787)
  • 00a551b fix(credentials): leak in wrappedOnClose (#3785)
  • b5a6f99 refactor(pool): remove redundant Conn.closed atomic field (#3783)
  • 928f27a feat(hscan): add support for encoding.BinaryUnmarshaler (#3768)
  • Additional commits viewable in compare view

Updates go.uber.org/zap from 1.27.1 to 1.28.0

Release notes

Sourced from go.uber.org/zap's releases.

v1.28.0

Enhancements:

  • #1534[]: Add zapcore.CheckPreWriteHook and CheckedEntry.Before method for transforming entries before they are written to any Cores.

#1534: uber-go/zap#1534

Changelog

Sourced from go.uber.org/zap's changelog.

1.28.0 (27 Apr 2026)

Enhancements:

  • #1534[]: Add zapcore.CheckPreWriteHook and CheckedEntry.Before method for transforming entries before they are written to any Cores.
Commits
  • 5b81b37 release v1.28.0 (#1547)
  • 0ab0d5a zapcore: Add PreWriteHook for transforming entries before write (#1534)
  • d278c59 [chore] CI: test on Go 1.26 (#1535)
  • 16fb16b chore(dep): replace archived gopkg.in/yaml.v3 with officially maintained go.y...
  • See full diff in compare view

Updates google.golang.org/grpc from 1.80.0 to 1.81.0

Release notes

Sourced from google.golang.org/grpc's releases.

Release 1.81.0

Behavior Changes

  • balancer/rls: Switch gauge metrics to asynchronous emission (once per collection cycle) to reduce telemetry noise and align with other gRPC language implementations. (#8808)

Dependencies

  • Minimum supported Go version is now 1.25. (#8969)

Bug Fixes

  • xds: Use the leaf cluster's security config for the TLS handshake instead of the aggregate cluster's config. (#8956)
  • transport: Send a RST_STREAM when receiving an END_STREAM when the stream is not already half-closed. (#8832)
  • xds: Fix ADS resource name validation to prevent a panic. (#8970)

New Features

  • grpc/stats: Add support for custom labels in per-call metrics (gRFC A108). (#9008)
  • xds: Add support for Server Name Indication (SNI) and SAN validation (gRFC A101). Disabled by default. To enable, set GRPC_EXPERIMENTAL_XDS_SNI=true environment variable. (#9016)
  • xds: Add support to control which fields get propagated from ORCA backend metric reports to LRS load reports (gRFC A85). Disabled by default. To enable, set GRPC_EXPERIMENTAL_XDS_ORCA_LRS_PROPAGATION=true. (#9005)
  • xds: Add metrics to track xDS client connectivity and cached resource state (gRFC A78). (#8807)
  • stats/otel: Enhance grpc.subchannel.disconnections metric by adding disconnection reason to the grpc.disconnect_error label (gRFC A94). This provides granular insights into why subchannels are closing. (#8973)
  • mem: Add mem.Buffer.Slice() API to slice the buffer like a slice. (#8977)

Performance Improvements

  • alts: Pool read buffers to lower memory utilization when sockets are unreadable. (#8964)
  • transport: Pool HTTP/2 framer read buffers to reduce idle memory consumption. Currently limited to Linux for ALTS and non-encrypted transports (TCP, Unix). To disable, set GRPC_GO_EXPERIMENTAL_HTTP_FRAMER_READ_BUFFER_POOLING=false and report any issues. (#9032)
Commits
  • cb18228 Change version to 1.81.0 (#9062)
  • 96748f9 Cherry-pick #9105 to 1.81.x (#9106)
  • 9183222 Cherry pick #9055, #9032 to v1.81.x (#9095)
  • 5cba6da Revert "deps: update dependencies for all modules (#9065)" (#9067)
  • af8a936 deps: update dependencies for all modules (#9065)
  • cdc60df transport: optimize heap allocations in ready reader and update syscall conne...
  • 208d053 xds/resolver: pass complete XDSConfig in RPC context for HTTP filters (gRFC A...
  • 50fe1cc test: Fix flaky test TestServerStreaming_ClientCallRecvMsgTwice in `end2end...
  • d574bad build(deps): bump go.opentelemetry.io/otel/sdk from 1.42.0 to 1.43.0 (#9050)
  • b8bf4d0 build(deps): bump go.opentelemetry.io/otel/sdk from 1.42.0 to 1.43.0 in /inte...
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
build(deps): Bump the go-deps group with 7 updates
5caff6a 
Bumps the go-deps group with 7 updates:

| Package | From | To |
| --- | --- | --- |
| [github.com/cockroachdb/errors](https://github.com/cockroachdb/errors) | `1.12.0` | `1.13.0` |
| [github.com/go-sql-driver/mysql](https://github.com/go-sql-driver/mysql) | `1.9.3` | `1.10.0` |
| [github.com/mark3labs/mcp-go](https://github.com/mark3labs/mcp-go) | `0.49.0` | `0.50.0` |
| [github.com/mattn/go-sqlite3](https://github.com/mattn/go-sqlite3) | `1.14.42` | `1.14.44` |
| [github.com/redis/go-redis/v9](https://github.com/redis/go-redis) | `9.18.0` | `9.19.0` |
| [go.uber.org/zap](https://github.com/uber-go/zap) | `1.27.1` | `1.28.0` |
| [google.golang.org/grpc](https://github.com/grpc/grpc-go) | `1.80.0` | `1.81.0` |


Updates `github.com/cockroachdb/errors` from 1.12.0 to 1.13.0
- [Release notes](https://github.com/cockroachdb/errors/releases)
- [Commits](cockroachdb/errors@v1.12.0...v1.13.0)

Updates `github.com/go-sql-driver/mysql` from 1.9.3 to 1.10.0
- [Release notes](https://github.com/go-sql-driver/mysql/releases)
- [Changelog](https://github.com/go-sql-driver/mysql/blob/master/CHANGELOG.md)
- [Commits](go-sql-driver/mysql@v1.9.3...v1.10.0)

Updates `github.com/mark3labs/mcp-go` from 0.49.0 to 0.50.0
- [Release notes](https://github.com/mark3labs/mcp-go/releases)
- [Commits](mark3labs/mcp-go@v0.49.0...v0.50.0)

Updates `github.com/mattn/go-sqlite3` from 1.14.42 to 1.14.44
- [Release notes](https://github.com/mattn/go-sqlite3/releases)
- [Commits](mattn/go-sqlite3@v1.14.42...v1.14.44)

Updates `github.com/redis/go-redis/v9` from 9.18.0 to 9.19.0
- [Release notes](https://github.com/redis/go-redis/releases)
- [Changelog](https://github.com/redis/go-redis/blob/master/RELEASE-NOTES.md)
- [Commits](redis/go-redis@v9.18.0...v9.19.0)

Updates `go.uber.org/zap` from 1.27.1 to 1.28.0
- [Release notes](https://github.com/uber-go/zap/releases)
- [Changelog](https://github.com/uber-go/zap/blob/master/CHANGELOG.md)
- [Commits](uber-go/zap@v1.27.1...v1.28.0)

Updates `google.golang.org/grpc` from 1.80.0 to 1.81.0
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](grpc/grpc-go@v1.80.0...v1.81.0)

---
updated-dependencies:
- dependency-name: github.com/cockroachdb/errors
  dependency-version: 1.13.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-deps
- dependency-name: github.com/go-sql-driver/mysql
  dependency-version: 1.10.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-deps
- dependency-name: github.com/mark3labs/mcp-go
  dependency-version: 0.50.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-deps
- dependency-name: github.com/mattn/go-sqlite3
  dependency-version: 1.14.44
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go-deps
- dependency-name: github.com/redis/go-redis/v9
  dependency-version: 9.19.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-deps
- dependency-name: go.uber.org/zap
  dependency-version: 1.28.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-deps
- dependency-name: google.golang.org/grpc
  dependency-version: 1.81.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-deps
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot Bot commented on behalf of github May 4, 2026

Labels

The following labels could not be found: dependencies. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants