Skip to content

chore(deps): bump the go-minor-patch group with 6 updates#439

Merged
ericfitz merged 1 commit into
mainfrom
dependabot/go_modules/go-minor-patch-1588849120
Jun 8, 2026
Merged

chore(deps): bump the go-minor-patch group with 6 updates#439
ericfitz merged 1 commit into
mainfrom
dependabot/go_modules/go-minor-patch-1588849120

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 8, 2026

Copy link
Copy Markdown
Contributor

Bumps the go-minor-patch group with 6 updates:

Package From To
github.com/aws/aws-sdk-go-v2 1.41.9 1.41.12
github.com/aws/aws-sdk-go-v2/config 1.32.20 1.32.23
github.com/aws/aws-sdk-go-v2/service/secretsmanager 1.41.9 1.42.2
github.com/getkin/kin-openapi 0.139.0 0.140.0
github.com/jackc/pgx/v5 5.9.2 5.10.0
github.com/oracle/oci-go-sdk/v65 65.116.0 65.117.0

Updates github.com/aws/aws-sdk-go-v2 from 1.41.9 to 1.41.12

Commits

Updates github.com/aws/aws-sdk-go-v2/config from 1.32.20 to 1.32.23

Commits

Updates github.com/aws/aws-sdk-go-v2/service/secretsmanager from 1.41.9 to 1.42.2

Commits

Updates github.com/getkin/kin-openapi from 0.139.0 to 0.140.0

Release notes

Sourced from github.com/getkin/kin-openapi's releases.

v0.140.0

What's Changed

Full Changelog: getkin/kin-openapi@v0.139.0...v0.140.0

Commits

Updates github.com/jackc/pgx/v5 from 5.9.2 to 5.10.0

Changelog

Sourced from github.com/jackc/pgx/v5's changelog.

5.10.0 (June 3, 2026)

This release includes a significant amount of hardening against malicious or compromised PostgreSQL servers, contributed by Sean Chittenden at CrowdStrike, Inc. This work bounds binary decoders against attacker-controlled message sizes, caps server-supplied SCRAM iteration counts, adds require_auth to restrict which authentication methods a server may use (mitigating downgrade attacks under sslmode=prefer), and ensures cancellation requests are sent over TLS when the original connection used TLS.

Features

  • Add require_auth to restrict accepted server authentication methods (Sean Chittenden at CrowdStrike, Inc.)
  • Add ParseConfigOptions.ConnStringAllowedKeys to restrict allowed connection string keys (Sean Chittenden at CrowdStrike, Inc.)
  • Add StructArgs and StrictStructArgs for @-named queries (Tubelight30)
  • Add ErrConnClosed sentinel error and unwrap it from connLockError (Charlie Tonneslan)
  • pgxpool: check if connection is expired before acquire (arthurdotwork)

Security Hardening

  • Encrypt CancelRequest connection when the primary connection used TLS (Sean Chittenden at CrowdStrike, Inc.)
  • Cap server-supplied SCRAM iteration count (Sean Chittenden at CrowdStrike, Inc.)
  • Default Frontend max message body length to ~1 GiB (Sean Chittenden at CrowdStrike, Inc.)
  • Bound hstore binary decode against malicious server input (Sean Chittenden at CrowdStrike, Inc.)
  • Bound array binary decode element length against remaining message bytes (Sean Chittenden at CrowdStrike, Inc.)
  • Bound array element count against remaining message bytes (Sean Chittenden at CrowdStrike, Inc.)
  • Bound range, multirange, and tsvector binary decoders (Sean Chittenden at CrowdStrike, Inc.)
  • Document secure connection configuration (Sean Chittenden at CrowdStrike, Inc.)
  • Fix panic on malformed geometric text; return an error instead (MaIII)

Fixes

  • Fix scanning "char" (OID 18) into *string in binary format (luongs3)
  • Fix handling of typed-nil driver.Valuer in array and composite codecs (Donncha Fahy)
  • Fix CopyData.Data hex decoding in UnmarshalJSON (Charlie Tonneslan)
  • Fix data race when context is cancelled during connect
  • Fix parseKeywordValueSettings rejecting trailing whitespace (alliasgher)
  • pgconn: preserve full error chain in normalizeTimeoutError (Charlie Tonneslan)
  • pgconn: use a fresh context for the fallback connection in connectPreferred (Charlie Tonneslan)
  • pgxpool: fix MaxLifetimeDestroyCount and ping order for acquire-time expiry check
  • Add missing error check of rows.Err to load types (Jen Altavilla)
Commits
  • 7293fb1 Update changelog for v5.10.0
  • 1ade285 pgconn: document secure connection configuration
  • b4d6d4d pgtype: bound range, multirange, and tsvector binary decoders
  • 0639b37 pgconn: add ParseConfigOptions.ConnStringAllowedKeys
  • b28e65b pgtype: bound array element count against remaining message bytes
  • cd1f389 pgtype: bound array binary decode element length against remaining bytes
  • ff27b5b pgtype: bound hstore binary decode against malicious server input
  • a6002e1 pgproto3: default Frontend max message body length to ~1 GiB
  • 44f6173 pgconn: cap server-supplied SCRAM iteration count
  • 1a976f7 pgconn: add require_auth to restrict accepted server auth methods
  • Additional commits viewable in compare view

Updates github.com/oracle/oci-go-sdk/v65 from 65.116.0 to 65.117.0

Release notes

Sourced from github.com/oracle/oci-go-sdk/v65's releases.

65.117.0

Added

  • Support for Zero Trust Packet Routing (ZPR) security attributes for private endpoints in the Operations Insights service

  • Support for Zero Trust Packet Routing (ZPR) security attributes for private endpoints in the Database Management service

  • Support for multimodal image input and flagged modalities when applying guardrails in the Generative AI service

  • Support for filtering incidents by last update time in the Cloud Incident Management service

  • Support for Cloud Incident Management APIs without Customer Support Identifier (CSI) parameters in the Cloud Incident Management service

  • Support for site IDs when creating and updating VMware BYOL registrations in the Oracle Cloud VMware Provisioning service

  • Support for VMware Cloud Foundation (VCF) BYOL allocation IDs during ESXi host replacement and in-place upgrades in the Oracle Cloud VMware Provisioning service  

Breaking Changes

  • The field Csi has been removed from the models CreateUserDetails, User, ListIncidentResourceTypesRequest, PutAttachmentRequest, ValidateUserRequest, CreateIncident, GetIncidentRequest, UpdateIncidentRequest, and ListIncidentRequest in the Customer Incident Management service

  • The field CustomerSupportKey has been removed from the model TenancyInformation in the Customer Incident Management service

File Checksums (SHA256)

oci-go-sdk-65.117.0.zip 2333e8c49d2c2ce405c218aed2a03210b78027e786f91963397c7437b10881e9

Changelog

Sourced from github.com/oracle/oci-go-sdk/v65's changelog.

65.117.0 - 2026-06-02

Added

  • Support for Zero Trust Packet Routing (ZPR) security attributes for private endpoints in the Operations Insights service
  • Support for Zero Trust Packet Routing (ZPR) security attributes for private endpoints in the Database Management service
  • Support for multimodal image input and flagged modalities when applying guardrails in the Generative AI service
  • Support for filtering incidents by last update time in the Cloud Incident Management service
  • Support for Cloud Incident Management APIs without Customer Support Identifier (CSI) parameters in the Cloud Incident Management service
  • Support for site IDs when creating and updating VMware BYOL registrations in the Oracle Cloud VMware Provisioning service
  • Support for VMware Cloud Foundation (VCF) BYOL allocation IDs during ESXi host replacement and in-place upgrades in the Oracle Cloud VMware Provisioning service  

Breaking Changes

  • The field Csi has been removed from the models CreateUserDetails, User, ListIncidentResourceTypesRequest, PutAttachmentRequest, ValidateUserRequest, CreateIncident, GetIncidentRequest, UpdateIncidentRequest, and ListIncidentRequest in the Customer Incident Management service
  • The field CustomerSupportKey has been removed from the model TenancyInformation in the Customer Incident Management service
Commits
  • 0f39871 Releasing version 65.117.0
  • ee69691 Merge remote-tracking branch 'scm/github' into release_2026-06-02
  • 6c9c3b2 Releasing version 65.117.0
  • See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
chore(deps): bump the go-minor-patch group with 6 updates
5dbfdf5 
Bumps the go-minor-patch group with 6 updates:

| Package | From | To |
| --- | --- | --- |
| [github.com/aws/aws-sdk-go-v2](https://github.com/aws/aws-sdk-go-v2) | `1.41.9` | `1.41.12` |
| [github.com/aws/aws-sdk-go-v2/config](https://github.com/aws/aws-sdk-go-v2) | `1.32.20` | `1.32.23` |
| [github.com/aws/aws-sdk-go-v2/service/secretsmanager](https://github.com/aws/aws-sdk-go-v2) | `1.41.9` | `1.42.2` |
| [github.com/getkin/kin-openapi](https://github.com/getkin/kin-openapi) | `0.139.0` | `0.140.0` |
| [github.com/jackc/pgx/v5](https://github.com/jackc/pgx) | `5.9.2` | `5.10.0` |
| [github.com/oracle/oci-go-sdk/v65](https://github.com/oracle/oci-go-sdk) | `65.116.0` | `65.117.0` |


Updates `github.com/aws/aws-sdk-go-v2` from 1.41.9 to 1.41.12
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](aws/aws-sdk-go-v2@v1.41.9...v1.41.12)

Updates `github.com/aws/aws-sdk-go-v2/config` from 1.32.20 to 1.32.23
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](aws/aws-sdk-go-v2@config/v1.32.20...config/v1.32.23)

Updates `github.com/aws/aws-sdk-go-v2/service/secretsmanager` from 1.41.9 to 1.42.2
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](aws/aws-sdk-go-v2@v1.41.9...service/s3/v1.42.2)

Updates `github.com/getkin/kin-openapi` from 0.139.0 to 0.140.0
- [Release notes](https://github.com/getkin/kin-openapi/releases)
- [Commits](getkin/kin-openapi@v0.139.0...v0.140.0)

Updates `github.com/jackc/pgx/v5` from 5.9.2 to 5.10.0
- [Changelog](https://github.com/jackc/pgx/blob/master/CHANGELOG.md)
- [Commits](jackc/pgx@v5.9.2...v5.10.0)

Updates `github.com/oracle/oci-go-sdk/v65` from 65.116.0 to 65.117.0
- [Release notes](https://github.com/oracle/oci-go-sdk/releases)
- [Changelog](https://github.com/oracle/oci-go-sdk/blob/master/CHANGELOG.md)
- [Commits](oracle/oci-go-sdk@v65.116.0...v65.117.0)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2
  dependency-version: 1.41.12
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go-minor-patch
- dependency-name: github.com/aws/aws-sdk-go-v2/config
  dependency-version: 1.32.23
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go-minor-patch
- dependency-name: github.com/aws/aws-sdk-go-v2/service/secretsmanager
  dependency-version: 1.42.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-minor-patch
- dependency-name: github.com/getkin/kin-openapi
  dependency-version: 0.140.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-minor-patch
- dependency-name: github.com/jackc/pgx/v5
  dependency-version: 5.10.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-minor-patch
- dependency-name: github.com/oracle/oci-go-sdk/v65
  dependency-version: 65.117.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-minor-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update go code labels Jun 8, 2026
@ericfitz ericfitz merged commit 6e6ec54 into main Jun 8, 2026
7 checks passed
@ericfitz ericfitz deleted the dependabot/go_modules/go-minor-patch-1588849120 branch June 8, 2026 09:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file go Pull requests that update go code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@ericfitz