build(deps): bump the go-mod group with 7 updates #586

dependabot · 2025-12-01T08:39:48Z

Bumps the go-mod group with 7 updates:

Package	From	To
github.com/authzed/authzed-go	`1.6.0`	`1.7.0`
github.com/authzed/spicedb	`1.47.0`	`1.47.1`
github.com/mark3labs/mcp-go	`0.43.0`	`0.43.1`
github.com/olekukonko/tablewriter	`1.1.1`	`1.1.2`
golang.org/x/mod	`0.29.0`	`0.30.0`
google.golang.org/genproto/googleapis/rpc	`0.0.0-20250908214217-97024824d090`	`0.0.0-20251022142026-3a174f9686a8`
google.golang.org/grpc	`1.76.0`	`1.77.0`

Updates github.com/authzed/authzed-go from 1.6.0 to 1.7.0

Release notes

Sourced from github.com/authzed/authzed-go's releases.

v1.7.0

What's Changed

Bump the go-mod group across 1 directory with 5 updates by @dependabot[bot] in authzed/authzed-go#353

Bump the go-mod group with 5 updates by @dependabot[bot] in authzed/authzed-go#355

Bump the go-mod-magefiles group in /magefiles with 2 updates by @dependabot[bot] in authzed/authzed-go#356

Bump github.com/bufbuild/buf from 1.57.2 to 1.58.0 in /magefiles in the go-mod-magefiles group by @dependabot[bot] in authzed/authzed-go#360

Bump github/codeql-action from 3 to 4 in the github-actions group by @dependabot[bot] in authzed/authzed-go#359

Bump the go-mod group with 2 updates by @dependabot[bot] in authzed/authzed-go#358

Regenerate for API changes that add experimental count rels to Materialize API by @josephschorr in authzed/authzed-go#363

Bump the go-mod-magefiles group in /magefiles with 2 updates by @dependabot[bot] in authzed/authzed-go#364

Bump github.com/golangci/golangci-lint/v2 from 2.5.0 to 2.6.0 in the go-mod group by @dependabot[bot] in authzed/authzed-go#365

fix: align response RequestID to standard x-request-id header by @Verolop in authzed/authzed-go#362

Bump the go-mod group with 2 updates by @dependabot[bot] in authzed/authzed-go#366

New Contributors

@Verolop made their first contribution in authzed/authzed-go#362

Full Changelog: authzed/authzed-go@v1.6.0...v1.7.0

Commits

f99e5ac Merge pull request #366 from authzed/dependabot/go_modules/go-mod-482f6a30ab
a53b0e1 Bump the go-mod group with 2 updates
3b6479b Merge pull request #362 from Verolop/fix/x-request-id
b3a4ca9 fix: remove RequestIDHeader from header
7e27ab1 fix: align request ID to standard x-request-id with backward compatibility
c2de26a feat: align response RequestID to standard x-request-id header
6449233 Merge pull request #365 from authzed/dependabot/go_modules/go-mod-73487b18e7
3376d0f Go mod tidy
c91bace Bump github.com/golangci/golangci-lint/v2 in the go-mod group
b9d86bd Merge pull request #364 from authzed/dependabot/go_modules/magefiles/go-mod-m...
Additional commits viewable in compare view

Updates github.com/authzed/spicedb from 1.47.0 to 1.47.1

Release notes

Sourced from github.com/authzed/spicedb's releases.

v1.47.1

Highlights

CVE Fix: Fixed a bug that would result in missing resources in LookupResources when certain permission structures are present. Checks were unaffected. in 8c2edbe1e7bd3851fa2138f4cc344bfde986dcf2

Continuing work on a Query Planner for SpiceDB in #2639, #2669

Performance improvements for WriteSchema in #2697

Performance improvements for ReadRelationships in #2632

What's Changed

chore: add docker compose setup with grafana dashboard by @miparnisari in authzed/spicedb#2616

feat: support nested recursive iterators by @barakmich in authzed/spicedb#2639

chore: change nil references to be their own object type in schema v2 by @josephschorr in authzed/spicedb#2651

feat: Add a builder pattern to the schema v2 library and fix how caveats are converted by @josephschorr in authzed/spicedb#2649

feat: disable tracing of health check requests by @ivanauth in authzed/spicedb#2614

fix: do not warn if requestid middleware errors due to ErrIllegalHeaderWrite by @miparnisari in authzed/spicedb#2654

feat: Add a property-based schema and relationship generator by @josephschorr in authzed/spicedb#2652

ci: run benchmarks on every PR and fail if worse than Main by @miparnisari in authzed/spicedb#2610

ci: fix when benchmarks run for Main by @miparnisari in authzed/spicedb#2661

fix: ensure resolved references in schema v2 are updated when flattening by @josephschorr in authzed/spicedb#2662

chore: remove flaking requestidmiddleware test by @tstirrat15 in authzed/spicedb#2660

test: fix "websocket url timeout reached" flakes by @tstirrat15 in authzed/spicedb#2666

chore: remove NodeID middleware and replace with static function by @miparnisari in authzed/spicedb#2664

Lint fixes part 10 by @tstirrat15 in authzed/spicedb#2655

feat: add internal flag for running CheckPermission with a query plan by @barakmich in authzed/spicedb#2663

chore: upgrade go to latest version to fix CVE by @tstirrat15 in authzed/spicedb#2671

test: fix flaky TestErrCtx and TestContextError by @miparnisari in authzed/spicedb#2670

Lint fixes part 12 by @tstirrat15 in authzed/spicedb#2668

fix: properly rewrite errors for watch api, part 2 by @miparnisari in authzed/spicedb#2656

chore: Change query package to use new schema v2 accessor methods by @josephschorr in authzed/spicedb#2659

chore: add chunk bytes library in prep for singleton schema work by @josephschorr in authzed/spicedb#2627

perf: Have read relationships use dynamic index forcing by @josephschorr in authzed/spicedb#2632

Lint fixes part 11 by @tstirrat15 in authzed/spicedb#2667

ci: update dependabot rules by @miparnisari in authzed/spicedb#2675

chore: fix new govet issues by @tstirrat15 in authzed/spicedb#2678

chore: enable govet by @tstirrat15 in authzed/spicedb#2683

chore(deps): bump the github-actions group across 1 directory with 12 updates by @dependabot[bot] in authzed/spicedb#2672

chore(deps): bump the go-mod group across 4 directories with 37 updates by @dependabot[bot] in authzed/spicedb#2681

ci: update test matrix for CRDB by @miparnisari in authzed/spicedb#2665

chore(deps): bump github.com/opencontainers/runc from 1.2.3 to 1.2.8 in the go_modules group across 1 directory by @dependabot[bot] in authzed/spicedb#2687

chore: update grafana dashboard, .gitattributes, github actions by @miparnisari in authzed/spicedb#2693

fix: data races that occur when functions do not clone pointer object… by @miparnisari in authzed/spicedb#2629

feat: add test for nodechain by @kartikaysaxena in authzed/spicedb#2686

chore: enable gocritic by @tstirrat15 in authzed/spicedb#2682

fix: concurrent write to map in Spanner's Watch by @miparnisari in authzed/spicedb#2694

Fix for selection of sort order when an index hint does not exist or does not have a preferred sort order by @josephschorr in authzed/spicedb#2695

test: disable revision heartbeat in PG revision tests by @josephschorr in authzed/spicedb#2676

test: remove timeouts in flaky tests by @miparnisari in authzed/spicedb#2696

perf: have DeleteNamespaces skip rel deletes when invoked from WriteSchema by @josephschorr in authzed/spicedb#2697

test: create mage target to run e2e tests by @miparnisari in authzed/spicedb#2698

feat: add some initial optimizer functions to run atop query plans by @barakmich in authzed/spicedb#2669

chore: unflake sleeper tests using synctest by @tstirrat15 in authzed/spicedb#2699

... (truncated)

Commits

b55a9f6 Fix lint issues (#2721)
8c2edbe Merge commit from fork
b13788c chore(deps): bump golang.org/x/crypto from 0.43.0 to 0.45.0 (#2716)
3370198 build(deps): migrate to github.com/ccoveille/go-safecast v2 (#2685)
dcdd22b fix: relationship generator has unbounded length (#2711)
35eb247 fix: duplicate metrics error with read replicas (#2518) (#2707)
b270a96 fix: schema/relationship generator does not conform to regex (#2702)
44f2acf fix: set missing fields in postgresRevision.MarshalBinary (#2708)
82ab4d3 chore: introduce mockgen (#2705)
be27d3c chore(deps): bump golang from 1.25.3-alpine to 1.25.4-alpine in the docker gr...
Additional commits viewable in compare view

Updates github.com/mark3labs/mcp-go from 0.43.0 to 0.43.1

Release notes

Sourced from github.com/mark3labs/mcp-go's releases.

Release v0.43.1

What's Changed

fix: create StatelessGeneratingSessionIdManager to fix multi-instance deployments by @ezynda3 in mark3labs/mcp-go#641

fix: implement SessionWithClientInfo for streamableHttpSession by @Anko59 in mark3labs/mcp-go#640

New Contributors

@Anko59 made their first contribution in mark3labs/mcp-go#640

Full Changelog: mark3labs/mcp-go@v0.43.0...v0.43.1

Commits

b6dd262 fmt + fix linting errors
a27a793 fix: implement SessionWithClientInfo for streamableHttpSession (#640)
2a23f4a fix: create StatelessGeneratingSessionIdManager to fix multi-instance deploym...
See full diff in compare view

Updates github.com/olekukonko/tablewriter from 1.1.1 to 1.1.2

Commits

c64d84b change version
7eeef40 Merge pull request #306 from olekukonko/malawi
b0b5ed2 use state rather than true & false
b9d4454 update ll
a181ed9 move the cache interface to a single place
e4c235d use twcache in tablewriter
a732dbb introduce tw.Cache
0681ddb use twcache in twwidth
26504f0 introduce twcache
8b8a91a minor cleanup
Additional commits viewable in compare view

Updates golang.org/x/mod from 0.29.0 to 0.30.0

Commits

7416265 go.mod: update golang.org/x dependencies
5517a71 all: fix some comments
b6cdd1a modfile: use reflect.TypeFor instead of reflect.TypeOf
See full diff in compare view

Updates google.golang.org/genproto/googleapis/rpc from 0.0.0-20250908214217-97024824d090 to 0.0.0-20251022142026-3a174f9686a8

Commits

See full diff in compare view

Updates google.golang.org/grpc from 1.76.0 to 1.77.0

Release notes

Sourced from google.golang.org/grpc's releases.

Release 1.77.0

API Changes

mem: Replace the Reader interface with a struct for better performance and maintainability. (#8669)

Behavior Changes

balancer/pickfirst: Remove support for the old pick_first LB policy via the environment variable GRPC_EXPERIMENTAL_ENABLE_NEW_PICK_FIRST=false. The new pick_first has been the default since v1.71.0. (#8672)

Bug Fixes

xdsclient: Fix a race condition in the ADS stream implementation that could result in resource-not-found errors, causing the gRPC client channel to move to TransientFailure. (#8605)

client: Ignore HTTP status header for gRPC streams. (#8548)

client: Set a read deadline when closing a transport to prevent it from blocking indefinitely on a broken connection. (#8534)

Special Thanks: @jgold2-stripe

client: Fix a bug where default port 443 was not automatically added to addresses without a specified port when sent to a proxy.

Setting environment variable GRPC_EXPERIMENTAL_ENABLE_DEFAULT_PORT_FOR_PROXY_TARGET=false disables this change; please file a bug if any problems are encountered as we will remove this option soon. (#8613)

balancer/pickfirst: Fix a bug where duplicate addresses were not being ignored as intended. (#8611)

server: Fix a bug that caused overcounting of channelz metrics for successful and failed streams. (#8573)

Special Thanks: @hugehoo

balancer/pickfirst: When configured, shuffle addresses in resolver updates that lack endpoints. Since gRPC automatically adds endpoints to resolver updates, this bug only affects custom LB policies that delegate to pick_first but don't set endpoints. (#8610)

mem: Clear large buffers before re-using. (#8670)

Performance Improvements

transport: Reduce heap allocations to reduce time spent in garbage collection. (#8624, #8630, #8639, #8668)

transport: Avoid copies when reading and writing Data frames. (#8657, #8667)

mem: Avoid clearing newly allocated buffers. (#8670)

New Features

outlierdetection: Add metrics specified in gRFC A91. (#8644)

Special Thanks: @davinci26, @PardhuKonakanchi

stats/opentelemetry: Add support for optional label grpc.lb.backend_service in per-call metrics (#8637)

xds: Add support for JWT Call Credentials as specified in gRFC A97. Set environment variable GRPC_EXPERIMENTAL_XDS_BOOTSTRAP_CALL_CREDS=true to enable this feature. (#8536)

Special Thanks: @dimpavloff

experimental/stats: Add support for up/down counters. (#8581)

Commits

805b1f8 Change version to 1.77.0 (#8677)
ea7b66e Cherrypick #8702 to v1.77.x (#8709)
cadae08 Cherry-pick #8536 to v1.77.x (#8691)
4288cfc Cherrypick #8657 and #8667 to v1.77.x (#8690)
f959da6 transport: Reduce heap allocations (#8668)
0d49384 deps: update all dependencies (#8673)
e3e142d pickfirst: Remove old pickfirst (#8672)
254ab10 documentation: fix typos in benchmark and auth docs (#8674)
2d56bda mem: Remove Reader interface and export the concrete struct (#8669)
8ab0c82 mem: Avoid clearing new buffers and clear buffers from simpleBufferPools (#8670)
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the go-mod group with 7 updates: | Package | From | To | | --- | --- | --- | | [github.com/authzed/authzed-go](https://github.com/authzed/authzed-go) | `1.6.0` | `1.7.0` | | [github.com/authzed/spicedb](https://github.com/authzed/spicedb) | `1.47.0` | `1.47.1` | | [github.com/mark3labs/mcp-go](https://github.com/mark3labs/mcp-go) | `0.43.0` | `0.43.1` | | [github.com/olekukonko/tablewriter](https://github.com/olekukonko/tablewriter) | `1.1.1` | `1.1.2` | | [golang.org/x/mod](https://github.com/golang/mod) | `0.29.0` | `0.30.0` | | [google.golang.org/genproto/googleapis/rpc](https://github.com/googleapis/go-genproto) | `0.0.0-20250908214217-97024824d090` | `0.0.0-20251022142026-3a174f9686a8` | | [google.golang.org/grpc](https://github.com/grpc/grpc-go) | `1.76.0` | `1.77.0` | Updates `github.com/authzed/authzed-go` from 1.6.0 to 1.7.0 - [Release notes](https://github.com/authzed/authzed-go/releases) - [Commits](authzed/authzed-go@v1.6.0...v1.7.0) Updates `github.com/authzed/spicedb` from 1.47.0 to 1.47.1 - [Release notes](https://github.com/authzed/spicedb/releases) - [Commits](authzed/spicedb@v1.47.0...v1.47.1) Updates `github.com/mark3labs/mcp-go` from 0.43.0 to 0.43.1 - [Release notes](https://github.com/mark3labs/mcp-go/releases) - [Commits](mark3labs/mcp-go@v0.43.0...v0.43.1) Updates `github.com/olekukonko/tablewriter` from 1.1.1 to 1.1.2 - [Commits](olekukonko/tablewriter@v1.1.1...v1.1.2) Updates `golang.org/x/mod` from 0.29.0 to 0.30.0 - [Commits](golang/mod@v0.29.0...v0.30.0) Updates `google.golang.org/genproto/googleapis/rpc` from 0.0.0-20250908214217-97024824d090 to 0.0.0-20251022142026-3a174f9686a8 - [Commits](https://github.com/googleapis/go-genproto/commits) Updates `google.golang.org/grpc` from 1.76.0 to 1.77.0 - [Release notes](https://github.com/grpc/grpc-go/releases) - [Commits](grpc/grpc-go@v1.76.0...v1.77.0) --- updated-dependencies: - dependency-name: github.com/authzed/authzed-go dependency-version: 1.7.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-mod - dependency-name: github.com/authzed/spicedb dependency-version: 1.47.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go-mod - dependency-name: github.com/mark3labs/mcp-go dependency-version: 0.43.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go-mod - dependency-name: github.com/olekukonko/tablewriter dependency-version: 1.1.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go-mod - dependency-name: golang.org/x/mod dependency-version: 0.30.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-mod - dependency-name: google.golang.org/genproto/googleapis/rpc dependency-version: 0.0.0-20251022142026-3a174f9686a8 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go-mod - dependency-name: google.golang.org/grpc dependency-version: 1.77.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-mod ... Signed-off-by: dependabot[bot] <[email protected]>

dependabot · 2025-12-17T22:39:14Z

Looks like these dependencies are updatable in another way, so this is no longer needed.

dependabot bot added the area/dependencies Affects dependencies label Dec 1, 2025

dependabot bot closed this Dec 17, 2025

dependabot bot deleted the dependabot/go_modules/go-mod-65204640d2 branch December 17, 2025 22:39

github-actions bot locked and limited conversation to collaborators Dec 17, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

build(deps): bump the go-mod group with 7 updates #586

build(deps): bump the go-mod group with 7 updates #586

Uh oh!

dependabot bot commented on behalf of github Dec 1, 2025 •

edited

Loading

Uh oh!

dependabot bot commented on behalf of github Dec 17, 2025

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

build(deps): bump the go-mod group with 7 updates #586

build(deps): bump the go-mod group with 7 updates #586

Uh oh!

Conversation

dependabot bot commented on behalf of github Dec 1, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

v1.7.0

What's Changed

New Contributors

v1.47.1

Highlights

What's Changed

Release v0.43.1

What's Changed

New Contributors

Release 1.77.0

API Changes

Behavior Changes

Bug Fixes

Performance Improvements

New Features

Uh oh!

dependabot bot commented on behalf of github Dec 17, 2025

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

dependabot bot commented on behalf of github Dec 1, 2025 •

edited

Loading