Skip to content

chore(deps): bump the go-dependencies group with 10 updates#990

Merged
mbevc1 merged 1 commit into
mainfrom
dependabot/go_modules/go-dependencies-49f7f16897
Jul 3, 2026
Merged

chore(deps): bump the go-dependencies group with 10 updates#990
mbevc1 merged 1 commit into
mainfrom
dependabot/go_modules/go-dependencies-49f7f16897

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 3, 2026

Copy link
Copy Markdown
Contributor

Bumps the go-dependencies group with 10 updates:

Package From To
github.com/aws/aws-sdk-go-v2 1.42.0 1.42.1
github.com/aws/aws-sdk-go-v2/config 1.32.26 1.32.27
github.com/aws/aws-sdk-go-v2/credentials 1.19.25 1.19.26
github.com/aws/aws-sdk-go-v2/feature/s3/transfermanager 0.2.12 0.2.13
github.com/aws/aws-sdk-go-v2/service/ecs 1.86.0 1.86.2
github.com/aws/aws-sdk-go-v2/service/lambda 1.94.0 1.94.1
github.com/aws/aws-sdk-go-v2/service/s3 1.104.1 1.104.2
github.com/open-policy-agent/opa 1.18.1 1.18.2
google.golang.org/api 0.286.0 0.287.0
google.golang.org/grpc 1.81.1 1.82.0

Updates github.com/aws/aws-sdk-go-v2 from 1.42.0 to 1.42.1

Commits

Updates github.com/aws/aws-sdk-go-v2/config from 1.32.26 to 1.32.27

Commits

Updates github.com/aws/aws-sdk-go-v2/credentials from 1.19.25 to 1.19.26

Commits

Updates github.com/aws/aws-sdk-go-v2/feature/s3/transfermanager from 0.2.12 to 0.2.13

Commits

Updates github.com/aws/aws-sdk-go-v2/service/ecs from 1.86.0 to 1.86.2

Commits

Updates github.com/aws/aws-sdk-go-v2/service/lambda from 1.94.0 to 1.94.1

Commits

Updates github.com/aws/aws-sdk-go-v2/service/s3 from 1.104.1 to 1.104.2

Commits

Updates github.com/open-policy-agent/opa from 1.18.1 to 1.18.2

Release notes

Sourced from github.com/open-policy-agent/opa's releases.

v1.18.2

This release includes a bug fix for a opa fmt regression introduced in v1.18.0.

The original fix for #8557 had the formatter enforce newlines in single-item collections (arrays, objects, sets) rather than merely honoring existing ones. As a result, running opa fmt on already-formatted policies could introduce a large number of unwanted changes. This patch release restores the intended behavior: only newlines already present in the source determine whether a single-item collection is formatted on one line or across multiple lines.

Fixes

Changelog

Sourced from github.com/open-policy-agent/opa's changelog.

1.18.2

This release includes a bug fix for a opa fmt regression introduced in v1.18.0.

The original fix for #8557 had the formatter enforce newlines in single-item collections (arrays, objects, sets) rather than merely honoring existing ones. As a result, running opa fmt on already-formatted policies could introduce a large number of unwanted changes. This patch release restores the intended behavior: only newlines already present in the source determine whether a single-item collection is formatted on one line or across multiple lines.

Fixes

Commits

Updates google.golang.org/api from 0.286.0 to 0.287.0

Release notes

Sourced from google.golang.org/api's releases.

v0.287.0

0.287.0 (2026-06-30)

Features

Changelog

Sourced from google.golang.org/api's changelog.

0.287.0 (2026-06-30)

Features

Commits

Updates google.golang.org/grpc from 1.81.1 to 1.82.0

Release notes

Sourced from google.golang.org/grpc's releases.

Release 1.82.0

Behavior Changes

  • server: Remove support for GRPC_GO_EXPERIMENTAL_DISABLE_STRICT_PATH_CHECKING environment varibale. Strict incoming RPC path validation (which has been the default since v1.79.3) can no longer be disabled. (#9112)
  • transport: Add environment variable to change the default max header list size from 16MB to 8KB. This may be enabled by setting GRPC_GO_EXPERIMENTAL_ENABLE_8KB_DEFAULT_HEADER_LIST_SIZE=true. This will be enabled by default in a subsequent release. (#9019)
  • balancer: Load Balancing policy registry is now case-sensitive. Set GRPC_GO_EXPERIMENTAL_CASE_SENSITIVE_BALANCER_REGISTRIES=false (and file an issue) to revert to case-insensitive behavior. (#9017)

New Features

  • experimental/stats: Expose a new API, NewContextWithLabelCallback, to register a callback that is invoked when telemetry labels are added. (#8877)
  • client: Return a portion of the response body in the error message, when the client receives an unexpected non-gRPC HTTP response, to make debugging easier. (#8929)
  • server: Add environment variable GRPC_GO_SERVER_GOROUTINE_LABELS that controls setting runtime/pprof.Labels on goroutines spawned by the server. Set GRPC_GO_SERVER_GOROUTINE_LABELS=grpc.method=true to add the grpc.method label on goroutines spawned to handle incoming requests. (#9082)

Bug Fixes

  • xds/server: Fix a memory leak of HTTP filter instances occurring when route configurations are updated in-place during a Route Discovery Service (RDS) update. (#9138)
  • grpc: In the deprecated gzip Compressor (used via the deprecated WithCompressor dial option), enforce the MaxRecvMsgSize limit on the decompressed message buffer, preventing excessive memory allocation from highly compressed payloads. (#9114)
  • stats/opentelemetry: Record retry attempts, grpc.previous-rpc-attempts, at the call level and not the attempt level. (#8923)
  • encoding: Ensure Close() is always called on readers returned from Compressor.Decompress if possible. (#9135)
  • channelz: Fix the LastMessageSentTimestamp and LastMessageReceivedTimestamp fields in SocketMetrics to ensure they contain correct timestamp values. (#9109)
Commits
  • bd23985 Change version to 1.82.0 (#9170)
  • 0f3086d Fix minor issues not covered by PR #9137 (#9147)
  • fef07fb internal: Split v3procservicepb import into pb and grpc for extproc (#9163)
  • 91dd64f transport: surface subsequent data when receiving non-gRPC header (#8929)
  • adc97de test/kokoro: add config for regional-td test (#9158)
  • 57c9ff1 xds: ensure full-string matching for RBAC Filter rules (#9148)
  • b58f32d server: Set a pprof label on new stream goroutines (#9082)
  • 6c98be3 refactor(transport): extract shared stream state handling logic in `loopyWrit...
  • bcaa6f4 rls: only reset backoff on recovery from TRANSIENT_FAILURE (#9137)
  • 429e6e0 balancer: expose endpoint weight and hostname as experimental APIs (#9074)
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the go-dependencies group with 10 updates:

| Package | From | To |
| --- | --- | --- |
| [github.com/aws/aws-sdk-go-v2](https://github.com/aws/aws-sdk-go-v2) | `1.42.0` | `1.42.1` |
| [github.com/aws/aws-sdk-go-v2/config](https://github.com/aws/aws-sdk-go-v2) | `1.32.26` | `1.32.27` |
| [github.com/aws/aws-sdk-go-v2/credentials](https://github.com/aws/aws-sdk-go-v2) | `1.19.25` | `1.19.26` |
| [github.com/aws/aws-sdk-go-v2/feature/s3/transfermanager](https://github.com/aws/aws-sdk-go-v2) | `0.2.12` | `0.2.13` |
| [github.com/aws/aws-sdk-go-v2/service/ecs](https://github.com/aws/aws-sdk-go-v2) | `1.86.0` | `1.86.2` |
| [github.com/aws/aws-sdk-go-v2/service/lambda](https://github.com/aws/aws-sdk-go-v2) | `1.94.0` | `1.94.1` |
| [github.com/aws/aws-sdk-go-v2/service/s3](https://github.com/aws/aws-sdk-go-v2) | `1.104.1` | `1.104.2` |
| [github.com/open-policy-agent/opa](https://github.com/open-policy-agent/opa) | `1.18.1` | `1.18.2` |
| [google.golang.org/api](https://github.com/googleapis/google-api-go-client) | `0.286.0` | `0.287.0` |
| [google.golang.org/grpc](https://github.com/grpc/grpc-go) | `1.81.1` | `1.82.0` |


Updates `github.com/aws/aws-sdk-go-v2` from 1.42.0 to 1.42.1
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](aws/aws-sdk-go-v2@v1.42.0...v1.42.1)

Updates `github.com/aws/aws-sdk-go-v2/config` from 1.32.26 to 1.32.27
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](aws/aws-sdk-go-v2@config/v1.32.26...config/v1.32.27)

Updates `github.com/aws/aws-sdk-go-v2/credentials` from 1.19.25 to 1.19.26
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](aws/aws-sdk-go-v2@credentials/v1.19.25...credentials/v1.19.26)

Updates `github.com/aws/aws-sdk-go-v2/feature/s3/transfermanager` from 0.2.12 to 0.2.13
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](aws/aws-sdk-go-v2@feature/s3/transfermanager/v0.2.12...feature/s3/transfermanager/v0.2.13)

Updates `github.com/aws/aws-sdk-go-v2/service/ecs` from 1.86.0 to 1.86.2
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](aws/aws-sdk-go-v2@service/s3/v1.86.0...service/ecs/v1.86.2)

Updates `github.com/aws/aws-sdk-go-v2/service/lambda` from 1.94.0 to 1.94.1
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](aws/aws-sdk-go-v2@service/s3/v1.94.0...service/rds/v1.94.1)

Updates `github.com/aws/aws-sdk-go-v2/service/s3` from 1.104.1 to 1.104.2
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](aws/aws-sdk-go-v2@service/s3/v1.104.1...service/s3/v1.104.2)

Updates `github.com/open-policy-agent/opa` from 1.18.1 to 1.18.2
- [Release notes](https://github.com/open-policy-agent/opa/releases)
- [Changelog](https://github.com/open-policy-agent/opa/blob/main/CHANGELOG.md)
- [Commits](open-policy-agent/opa@v1.18.1...v1.18.2)

Updates `google.golang.org/api` from 0.286.0 to 0.287.0
- [Release notes](https://github.com/googleapis/google-api-go-client/releases)
- [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md)
- [Commits](googleapis/google-api-go-client@v0.286.0...v0.287.0)

Updates `google.golang.org/grpc` from 1.81.1 to 1.82.0
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](grpc/grpc-go@v1.81.1...v1.82.0)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2
  dependency-version: 1.42.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go-dependencies
- dependency-name: github.com/aws/aws-sdk-go-v2/config
  dependency-version: 1.32.27
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go-dependencies
- dependency-name: github.com/aws/aws-sdk-go-v2/credentials
  dependency-version: 1.19.26
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go-dependencies
- dependency-name: github.com/aws/aws-sdk-go-v2/feature/s3/transfermanager
  dependency-version: 0.2.13
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go-dependencies
- dependency-name: github.com/aws/aws-sdk-go-v2/service/ecs
  dependency-version: 1.86.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go-dependencies
- dependency-name: github.com/aws/aws-sdk-go-v2/service/lambda
  dependency-version: 1.94.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go-dependencies
- dependency-name: github.com/aws/aws-sdk-go-v2/service/s3
  dependency-version: 1.104.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go-dependencies
- dependency-name: github.com/open-policy-agent/opa
  dependency-version: 1.18.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go-dependencies
- dependency-name: google.golang.org/api
  dependency-version: 0.287.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-dependencies
- dependency-name: google.golang.org/grpc
  dependency-version: 1.82.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update go code labels Jul 3, 2026
@claude

claude Bot commented Jul 3, 2026

Copy link
Copy Markdown
Contributor

Claude finished @dependabot[bot]'s task in 1m 11s —— View job


Dependency Update Review

  • Identify changed dependencies
  • Assess semver/breaking changes from changelogs
  • Search repo for usage of upgraded deps
  • Flag risks & suggest follow-ups

Verdict: 🟢 Low risk — safe to merge. All 10 bumps are patch/minor releases, and the two with notable changelogs (grpc, opa) don't touch the APIs this repo actually uses.

Changed dependencies & usage impact

Dependency Bump Type Used in repo? Risk
aws-sdk-go-v2 (+ config, credentials, s3, ecs, lambda, s3/transfermanager, internal/indirect) patch patch internal/aws, internal/server 🟢 patch-only; race-condition fix in transfer manager is a bonus
open-policy-agent/opa 1.18.1 → 1.18.2 patch internal/evaluate/rego.go 🟢 no impact (see below)
google.golang.org/api 0.286.0 → 0.287.0 minor via Cloud Run 🟢 auto-regenerated discovery clients only
google.golang.org/grpc 1.81.1 → 1.82.0 minor internal/cloudrun/errors.go 🟢 no impact (see below)
googleapis/enterprise-certificate-proxy, genproto/* patch indirect transitive 🟢

Details on the two "interesting" bumps

grpc 1.82.0 — the changelog lists behavior changes (removal of GRPC_GO_EXPERIMENTAL_DISABLE_STRICT_PATH_CHECKING, case-sensitive balancer registries, an opt-in 8KB max-header-list-size, new server goroutine pprof labels). These are all server / client-transport / balancer concerns. This repo only imports:

// internal/cloudrun/errors.go
"google.golang.org/grpc/codes"
"google.golang.org/grpc/status"

i.e. it decodes gRPC status codes from Cloud Run API errors — it does not run a gRPC server, balancer, or transport. None of the 1.82.0 behavior changes affect codes/status. ✅

opa 1.18.2 — the only change is a bug fix for an opa fmt newline regression. This repo uses OPA as a library for policy evaluation (rego, ast, storage/inmem in internal/evaluate/rego.go), not the fmt command, so there's no behavioral impact. ✅

Follow-up checks

  • CI (build + make test_integration) is the authoritative gate — I was unable to run go build ./... locally (Bash build commands require approval in this environment), so please rely on the PR's CI status before merging.
  • Worth a quick eyeball of the internal/evaluate and internal/cloudrun test suites in CI, since those cover the OPA and gRPC-status usage respectively.

@mbevc1 mbevc1 enabled auto-merge (squash) July 3, 2026 16:49
@mbevc1 mbevc1 merged commit 62d8a56 into main Jul 3, 2026
11 checks passed
@mbevc1 mbevc1 deleted the dependabot/go_modules/go-dependencies-49f7f16897 branch July 3, 2026 16:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file go Pull requests that update go code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant