Skip to content

chore(deps): bump the minor-and-patch group with 4 updates#649

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/go_modules/minor-and-patch-c291f52ae0
Open

chore(deps): bump the minor-and-patch group with 4 updates#649
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/go_modules/minor-and-patch-c291f52ae0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 5, 2026

Copy link
Copy Markdown

Bumps the minor-and-patch group with 4 updates: github.com/nats-io/nats-server/v2, github.com/prometheus/alertmanager, go.etcd.io/etcd/client/v3 and google.golang.org/grpc.

Updates github.com/nats-io/nats-server/v2 from 2.14.2 to 2.14.3

Release notes

Sourced from github.com/nats-io/nats-server/v2's releases.

Release v2.14.3

Changelog

Refer to the 2.14 Upgrade Guide for backwards compatibility notes with 2.12.x. Please note that the 2.13.x version was skipped.

Go Version

Dependencies

  • golang.org/x/crypto v0.53.0 (#8297)
  • golang.org/x/sys v0.46.0 (#8297)
  • github.com/nats-io/jwt/v2 v2.8.2
  • github.com/nats-io/nkeys v0.4.16

Improved

General

  • Per-connection log lines that could be noisy in normal operation have been demoted to debug level (#8289)
  • Writer options are now applied consistently when using the s2_fast compression mode (#8047)

JetStream

  • Stream and consumer assignment handling has been refactored for more consistent migration and info behavior (#8262)
  • Meta, stream and consumer write errors are now registered more consistently for health and recovery handling (#8293)

Removed

Monitoring

  • JSONP callback support has been removed from monitoring endpoints

Fixed

General

  • Long-running reconnect and OCSP loops no longer retain unused timers, reducing memory pressure over time (#8204)
  • Inherited JWT default permissions are now refreshed when account claims are updated (#8276)
  • External auth configuration is now cleared correctly when account claims are updated (#8275)
  • PROXY protocol detection, TLS sniffing with allow_non_tls and PROXY v1 address-family parsing have been fixed (#8302)
  • A race in gateway CONNECT handling has been fixed (#8306)
  • Trusted proxy tracking no longer leaks closed clients during concurrent updates (#8307)
  • Service import replies can now be delivered across cluster routes (#8317)
  • Message tracing now works correctly with service imports and exports
  • Several panic, fatal and data race conditions in authentication, routing, monitoring and clustered request handling have been fixed
  • NoAuthUser now checks connection restrictions
  • Leaf connections no longer bypass Nats-Trace-Dest publish permission checks
  • CONNZ and SUBSZ pagination now guard against Offset and Limit integer overflow panics

... (truncated)

Commits
  • 9b17a58 Release v2.14.3
  • 2be2525 Release v2.14.3-RC.2
  • 563d55f Cherry-picks for v2.14.3-RC.2 (#126)
  • e242ca0 NRG: Don't campaign with an uncommitted membership change about ourselves
  • 0e4d935 NRG: Exclude uncommitted membership change from snapshot
  • 0ab7302 NRG: Remove redundant known peer tracking
  • 6eb7d76 NRG: Truncated uncommitted membership change leaves stale state
  • 8157b56 [TEST] Campaign early on NRG tests
  • 712b3d2 [FIXED] Nil pointer panic when resolver dir parent is not traversable
  • f11c26b [FIXED] Skipped messages set last time to now
  • Additional commits viewable in compare view

Updates github.com/prometheus/alertmanager from 0.33.0 to 0.33.1

Release notes

Sourced from github.com/prometheus/alertmanager's releases.

0.33.1 / 2026-07-04

  • [BUGFIX] doc: fix missing notification_reason field in webhook documentation (#5329)
  • [BUGFIX] silences: fix silences snapshot missing legacy matchers field. This caused a bug that prevented older alertmanager versions from reading newer snapshots unnecessarily. (#5330)
  • [BUGFIX] silence with no matchers should populate an empty array in API response (#5331)
Changelog

Sourced from github.com/prometheus/alertmanager's changelog.

0.33.1 / 2026-07-04

  • [BUGFIX] doc: fix missing notification_reason field in webhook documentation (#5329)
  • [BUGFIX] silences: fix silences snapshot missing legacy matchers field. This caused a bug that prevented older alertmanager versions from reading newer snapshots unnecessarily. (#5330)
  • [BUGFIX] silence with no matchers should populate an empty array in API response (#5331)

0.32.3 / 2026-07-04

  • [BUGFIX] doc: fix missing notification_reason field in webhook documentation (#5329)
  • [BUGFIX] silences: fix silences snapshot missing legacy matchers field. This caused a bug that prevented older alertmanager versions from reading newer snapshots unnecessarily. (#5330)
  • [BUGFIX] silence with no matchers should populate an empty array in API response (#5331)
Commits

Updates go.etcd.io/etcd/client/v3 from 3.6.12 to 3.6.13

Release notes

Sourced from go.etcd.io/etcd/client/v3's releases.

v3.6.13

Please check out CHANGELOG for a full list of changes. And make sure to read upgrade guide before upgrading etcd (there may be breaking changes).

For installation guides, please check out play.etcd.io and operating etcd. Latest support status for common architectures and operating systems can be found at supported platforms.

Linux
ETCD_VER=v3.6.13
choose either URL
GOOGLE_URL=https://storage.googleapis.com/etcd
GITHUB_URL=https://github.com/etcd-io/etcd/releases/download
DOWNLOAD_URL=${GOOGLE_URL}
rm -f /tmp/etcd-${ETCD_VER}-linux-amd64.tar.gz
rm -rf /tmp/etcd-download-test && mkdir -p /tmp/etcd-download-test
curl -L ${DOWNLOAD_URL}/${ETCD_VER}/etcd-${ETCD_VER}-linux-amd64.tar.gz -o /tmp/etcd-${ETCD_VER}-linux-amd64.tar.gz
tar xzvf /tmp/etcd-${ETCD_VER}-linux-amd64.tar.gz -C /tmp/etcd-download-test --strip-components=1 --no-same-owner
rm -f /tmp/etcd-${ETCD_VER}-linux-amd64.tar.gz
/tmp/etcd-download-test/etcd --version
/tmp/etcd-download-test/etcdctl version
/tmp/etcd-download-test/etcdutl version
start a local etcd server
/tmp/etcd-download-test/etcd
write,read to etcd
/tmp/etcd-download-test/etcdctl --endpoints=localhost:2379 put foo bar
/tmp/etcd-download-test/etcdctl --endpoints=localhost:2379 get foo

macOS (Darwin)
ETCD_VER=v3.6.13
choose either URL
GOOGLE_URL=https://storage.googleapis.com/etcd
GITHUB_URL=https://github.com/etcd-io/etcd/releases/download
DOWNLOAD_URL=${GOOGLE_URL}
rm -f /tmp/etcd-${ETCD_VER}-darwin-amd64.zip
rm -rf /tmp/etcd-download-test && mkdir -p /tmp/etcd-download-test
curl -L ${DOWNLOAD_URL}/${ETCD_VER}/etcd-${ETCD_VER}-darwin-amd64.zip -o /tmp/etcd-${ETCD_VER}-darwin-amd64.zip
unzip /tmp/etcd-${ETCD_VER}-darwin-amd64.zip -d /tmp && rm -f /tmp/etcd-${ETCD_VER}-darwin-amd64.zip
mv /tmp/etcd-${ETCD_VER}-darwin-amd64/* /tmp/etcd-download-test && rm -rf mv /tmp/etcd-${ETCD_VER}-darwin-amd64
</tr></table>

... (truncated)

Commits
  • b0f9ef1 version: bump up to 3.6.13
  • 421b2ec Merge pull request #22025 from ahrtr/20260701_crl_3.6
  • 8221ae8 Reject the client request if the client certificate has been revoked
  • 1663b36 Merge pull request #21955 from k8s-infra-cherrypick-robot/cherry-pick-21953-t...
  • 907c334 Update incorrect log message
  • 6d300b5 Merge pull request #21932 from k8s-infra-cherrypick-robot/cherry-pick-21910-t...
  • 380f8cf server/auth: accept bearer-prefixed auth tokens
  • 269a80d Merge pull request #21918 from AR21SM/bump-otel-release-3.6
  • b590da4 Bump OpenTelemetry dependencies to v1.43.0
  • 402d77b Merge pull request #21886 from etcd-io/dependabot/docker/release-3.6/distrole...
  • Additional commits viewable in compare view

Updates google.golang.org/grpc from 1.81.1 to 1.82.0

Release notes

Sourced from google.golang.org/grpc's releases.

Release 1.82.0

Behavior Changes

  • server: Remove support for GRPC_GO_EXPERIMENTAL_DISABLE_STRICT_PATH_CHECKING environment varibale. Strict incoming RPC path validation (which has been the default since v1.79.3) can no longer be disabled. (#9112)
  • transport: Add environment variable to change the default max header list size from 16MB to 8KB. This may be enabled by setting GRPC_GO_EXPERIMENTAL_ENABLE_8KB_DEFAULT_HEADER_LIST_SIZE=true. This will be enabled by default in a subsequent release. (#9019)
  • balancer: Load Balancing policy registry is now case-sensitive. Set GRPC_GO_EXPERIMENTAL_CASE_SENSITIVE_BALANCER_REGISTRIES=false (and file an issue) to revert to case-insensitive behavior. (#9017)

New Features

  • experimental/stats: Expose a new API, NewContextWithLabelCallback, to register a callback that is invoked when telemetry labels are added. (#8877)
  • client: Return a portion of the response body in the error message, when the client receives an unexpected non-gRPC HTTP response, to make debugging easier. (#8929)
  • server: Add environment variable GRPC_GO_SERVER_GOROUTINE_LABELS that controls setting runtime/pprof.Labels on goroutines spawned by the server. Set GRPC_GO_SERVER_GOROUTINE_LABELS=grpc.method=true to add the grpc.method label on goroutines spawned to handle incoming requests. (#9082)

Bug Fixes

  • xds/server: Fix a memory leak of HTTP filter instances occurring when route configurations are updated in-place during a Route Discovery Service (RDS) update. (#9138)
  • grpc: In the deprecated gzip Compressor (used via the deprecated WithCompressor dial option), enforce the MaxRecvMsgSize limit on the decompressed message buffer, preventing excessive memory allocation from highly compressed payloads. (#9114)
  • stats/opentelemetry: Record retry attempts, grpc.previous-rpc-attempts, at the call level and not the attempt level. (#8923)
  • encoding: Ensure Close() is always called on readers returned from Compressor.Decompress if possible. (#9135)
  • channelz: Fix the LastMessageSentTimestamp and LastMessageReceivedTimestamp fields in SocketMetrics to ensure they contain correct timestamp values. (#9109)
Commits
  • bd23985 Change version to 1.82.0 (#9170)
  • 0f3086d Fix minor issues not covered by PR #9137 (#9147)
  • fef07fb internal: Split v3procservicepb import into pb and grpc for extproc (#9163)
  • 91dd64f transport: surface subsequent data when receiving non-gRPC header (#8929)
  • adc97de test/kokoro: add config for regional-td test (#9158)
  • 57c9ff1 xds: ensure full-string matching for RBAC Filter rules (#9148)
  • b58f32d server: Set a pprof label on new stream goroutines (#9082)
  • 6c98be3 refactor(transport): extract shared stream state handling logic in `loopyWrit...
  • bcaa6f4 rls: only reset backoff on recovery from TRANSIENT_FAILURE (#9137)
  • 429e6e0 balancer: expose endpoint weight and hostname as experimental APIs (#9074)
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the minor-and-patch group with 4 updates: [github.com/nats-io/nats-server/v2](https://github.com/nats-io/nats-server), [github.com/prometheus/alertmanager](https://github.com/prometheus/alertmanager), [go.etcd.io/etcd/client/v3](https://github.com/etcd-io/etcd) and [google.golang.org/grpc](https://github.com/grpc/grpc-go).


Updates `github.com/nats-io/nats-server/v2` from 2.14.2 to 2.14.3
- [Release notes](https://github.com/nats-io/nats-server/releases)
- [Changelog](https://github.com/nats-io/nats-server/blob/main/RELEASES.md)
- [Commits](nats-io/nats-server@v2.14.2...v2.14.3)

Updates `github.com/prometheus/alertmanager` from 0.33.0 to 0.33.1
- [Release notes](https://github.com/prometheus/alertmanager/releases)
- [Changelog](https://github.com/prometheus/alertmanager/blob/main/CHANGELOG.md)
- [Commits](prometheus/alertmanager@v0.33.0...v0.33.1)

Updates `go.etcd.io/etcd/client/v3` from 3.6.12 to 3.6.13
- [Release notes](https://github.com/etcd-io/etcd/releases)
- [Commits](etcd-io/etcd@v3.6.12...v3.6.13)

Updates `google.golang.org/grpc` from 1.81.1 to 1.82.0
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](grpc/grpc-go@v1.81.1...v1.82.0)

---
updated-dependencies:
- dependency-name: github.com/nats-io/nats-server/v2
  dependency-version: 2.14.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: github.com/prometheus/alertmanager
  dependency-version: 0.33.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: go.etcd.io/etcd/client/v3
  dependency-version: 3.6.13
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: google.golang.org/grpc
  dependency-version: 1.82.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update go code labels Jul 5, 2026
@kw-security

kw-security commented Jul 5, 2026

Copy link
Copy Markdown

Snyk checks have passed. No issues have been found so far.

Status Scan Engine Critical High Medium Low Total (0)
Open Source Security 0 0 0 0 0 issues
Licenses 0 0 0 0 0 issues
Code Security 0 0 0 0 0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file go Pull requests that update go code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant