Skip to content

deps(deps): bump the go-modules group with 4 updates#47

Merged
wallentx merged 1 commit into
mainfrom
dependabot/go_modules/go-modules-3adefc5a98
Jun 15, 2026
Merged

deps(deps): bump the go-modules group with 4 updates#47
wallentx merged 1 commit into
mainfrom
dependabot/go_modules/go-modules-3adefc5a98

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 15, 2026

Copy link
Copy Markdown
Contributor

Bumps the go-modules group with 4 updates: golang.org/x/mod, golang.org/x/net, golang.org/x/term and google.golang.org/genai.

Updates golang.org/x/mod from 0.36.0 to 0.37.0

Commits
  • deb1dfc go.mod: update golang.org/x dependencies
  • 087f651 modfile: use slices.Backward
  • 343ee60 x/mod: allow for aggressively conslidating requires
  • See full diff in compare view

Updates golang.org/x/net from 0.55.0 to 0.56.0

Commits
  • 9e7fdbf internal/http3: fix wrong argument being given when validating header value
  • b686e5f internal/http3: add gzip support to transport
  • 8a34885 go.mod: update golang.org/x dependencies
  • 72eaf98 dns/dnsmessage: correctly validate SVCB record parameter order
  • 82e7868 dns/dnsmessage: avoid panic when parsing SVCB record with truncated data
  • b64f1fa internal/http3: add server support for "Trailer:" magic prefix
  • 2707ee2 internal/http3: implement HTTP/3 clientConn methods
  • 31358cc internal/http3: snapshot response headers at WriteHeader time
  • 8ecbaa9 html: don't adjust xml:base
  • 8ae811a html: properly handle end script tag in fragment mode
  • Additional commits viewable in compare view

Updates golang.org/x/term from 0.43.0 to 0.44.0

Commits

Updates google.golang.org/genai from 1.59.0 to 1.60.0

Release notes

Sourced from google.golang.org/genai's releases.

v1.60.0

1.60.0 (2026-06-04)

Features

  • Add ServiceTier to UsageMetadata (74b1290)
Changelog

Sourced from google.golang.org/genai's changelog.

1.60.0 (2026-06-04)

Features

  • Add ServiceTier to UsageMetadata (74b1290)
Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot dependabot Bot added dependencies dependency updates go go code and module changes labels Jun 15, 2026
@dependabot
dependabot Bot requested a review from wallentx as a code owner June 15, 2026 14:09
@dependabot dependabot Bot added dependencies dependency updates go go code and module changes labels Jun 15, 2026
@github-actions github-actions Bot added the gomod go module dependency updates label Jun 15, 2026
@socket-security

socket-security Bot commented Jun 15, 2026

Copy link
Copy Markdown

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security
Vulnerability Quality Maintenance License
Updatedgoogle.golang.org/​genai@​v1.59.0 ⏵ v1.60.073 +1100100100100
Updatedgolang.org/​x/​net@​v0.55.0 ⏵ v0.56.075 +1100100100100
Updatedgolang.org/​x/​mod@​v0.36.0 ⏵ v0.37.096 +1100100100100
Updatedgolang.org/​x/​term@​v0.43.0 ⏵ v0.44.0100100100100100

View full report

@socket-security

socket-security Bot commented Jun 15, 2026

Copy link
Copy Markdown

All alerts resolved. Learn more about Socket for GitHub.

This PR previously contained dependency changes with security issues that have been resolved, removed, or ignored.

Ignoring alerts on:

  • golang.org/x/tools@v0.45.0

View full report

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Dependabot minor-version bump of 4 direct Go module dependencies and their transitive golang.org/x deps.

Changes:

  • Bumps direct deps: golang.org/x/mod 0.36→0.37, golang.org/x/net 0.55→0.56, golang.org/x/term 0.43→0.44, google.golang.org/genai 1.59→1.60
  • Updates 6 transitive indirect deps (x/crypto, x/sync, x/sys, x/telemetry, x/text, x/tools) to compatible versions
  • go.sum hash entries updated to match

Reviewed changes

Copilot reviewed 1 out of 2 changed files in this pull request and generated no comments.

File Description
go.mod Bumps 4 direct and 6 indirect dependency versions
go.sum Replaces old checksums with new ones for all updated modules

@wallentx

Copy link
Copy Markdown
Owner

@SocketSecurity ignore golang/golang.org/x/tools@v0.45.0

Bumps the go-modules group with 4 updates: [golang.org/x/mod](https://github.com/golang/mod), [golang.org/x/net](https://github.com/golang/net), [golang.org/x/term](https://github.com/golang/term) and [google.golang.org/genai](https://github.com/googleapis/go-genai).


Updates `golang.org/x/mod` from 0.36.0 to 0.37.0
- [Commits](golang/mod@v0.36.0...v0.37.0)

Updates `golang.org/x/net` from 0.55.0 to 0.56.0
- [Commits](golang/net@v0.55.0...v0.56.0)

Updates `golang.org/x/term` from 0.43.0 to 0.44.0
- [Commits](golang/term@v0.43.0...v0.44.0)

Updates `google.golang.org/genai` from 1.59.0 to 1.60.0
- [Release notes](https://github.com/googleapis/go-genai/releases)
- [Changelog](https://github.com/googleapis/go-genai/blob/main/CHANGELOG.md)
- [Commits](googleapis/go-genai@v1.59.0...v1.60.0)

---
updated-dependencies:
- dependency-name: golang.org/x/mod
  dependency-version: 0.37.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-modules
- dependency-name: golang.org/x/net
  dependency-version: 0.56.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-modules
- dependency-name: golang.org/x/term
  dependency-version: 0.44.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-modules
- dependency-name: google.golang.org/genai
  dependency-version: 1.60.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-modules
...

Signed-off-by: dependabot[bot] <support@github.com>
@wallentx
wallentx force-pushed the dependabot/go_modules/go-modules-3adefc5a98 branch from 0742218 to ddf2d2b Compare June 15, 2026 20:02
@wallentx
wallentx merged commit 694bd00 into main Jun 15, 2026
8 checks passed
@wallentx
wallentx deleted the dependabot/go_modules/go-modules-3adefc5a98 branch June 15, 2026 20:09
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies dependency updates go go code and module changes gomod go module dependency updates

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants