Skip to content

chore(deps): Bump the go group across 1 directory with 5 updates#8

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/go_modules/go-402057797a
Open

chore(deps): Bump the go group across 1 directory with 5 updates#8
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/go_modules/go-402057797a

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 3, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Bumps the go group with 4 updates in the / directory: firebase.google.com/go/v4, github.com/getkin/kin-openapi, github.com/oapi-codegen/runtime and modernc.org/sqlite.

Updates firebase.google.com/go/v4 from 4.19.0 to 4.20.0

Release notes

Sourced from firebase.google.com/go/v4's releases.

Firebase Admin Go SDK v4.20.0

New Features

  • feat(pnv): Add Firebase Phone Number Verification support (#757)
  • feat(fcm): Add support for bandwidth constrained and restricted satellite APIs (#750)

Miscellaneous

  • [chore] Release v4.20.0 (#763)
  • chore: Upgrade Go versions to 1.25, 1.26 (#759)
  • chore: Revert release workflow changes to use merge commit (#751)
  • chore: Update to Go 1.25 (#743)
Commits
  • e853b36 Merge remote-tracking branch 'origin/dev'
  • aa29809 Merge dev into master to resolve release divergence
  • 460da85 [chore] Release v4.20.0 (#763)
  • 646489a feat(pnv): Add Firebase Phone Number Verification support (#757)
  • f595f98 chore: Upgrade Go versions to 1.25, 1.26 (#759)
  • c96d946 feat(fcm): Add support for bandwidth constrained and restricted satellite API...
  • e1d2b46 chore: Revert release workflow changes to use merge commit (#751)
  • 128f8f4 chore: Update to Go 1.25 (#743)
  • c06a674 [chore] Release 4.19.0 Take 2 (#746)
  • 6e297d4 chore: Update Release Workflows for Push triggers (#745)
  • Additional commits viewable in compare view

Updates github.com/getkin/kin-openapi from 0.136.0 to 0.139.0

Release notes

Sourced from github.com/getkin/kin-openapi's releases.

v0.139.0

What's Changed

Full Changelog: getkin/kin-openapi@v0.138.0...v0.139.0

v0.138.0

What's Changed

Full Changelog: getkin/kin-openapi@v0.137.0...v0.138.0

v0.137.0

What's Changed

Full Changelog: getkin/kin-openapi@v0.136.0...v0.137.0

Commits
  • 8381bfc openapi3: type the remaining bare-error validation sites (#1187)
  • d29b5c0 openapi3: fix validation of duplicated path templates (#1189)
  • e56c2c7 openapi3: aggregate independent validation errors via EnableMultiError (#1185)
  • 7ea1ac8 openapi3: tests flakiness corrected (#1159)
  • dc70f84 openapi3: track Origin on the document root (T) (#1184)
  • 69492df openapi3: typed context errors for Validate() wrapper chain (#1183)
  • 0a89925 un-patch YAML serialization of dates (see issue #697)
  • 55a4c72 openapi3: re-enable tests disabled due to YAML dates in map keys
  • c61836c ci: fixup lint after modifications to marsh.go
  • 7633481 feat: migrate to oasdiff/yaml v0.1.0 single Unmarshal API + enable DisableTim...
  • Additional commits viewable in compare view

Updates github.com/oapi-codegen/runtime from 1.4.0 to 1.4.1

Release notes

Sourced from github.com/oapi-codegen/runtime's releases.

Bug fixes

This is a bug fix release.

Changes in v1.4.0, coupled with changes in v2.7.0 of oapi-codegen exposed some new problems. deepObject style marshaling behavior now supports encoding unicode. UTF-8 can't be directly included in parameters, so we need to % escape it.

Form binding now detects maps, which makes binding to a Nullable possible. We can't use generics around Nullable[T], so we handle maps generically, assuming they're a Nullable with its behavior assumptions.

🐛 Bug fixes

📦 Dependency updates

Sponsors

We would like to thank our sponsors for their support during this release.

Commits
  • 2755f15 Fix form binding of Nullables (#133)
  • 17de1dd Percent-encode deepObject parameter wire output (#132)
  • d2b7c4c chore(deps): update oapi-codegen/actions action to v0.7.0
  • 6fd6c25 chore(deps): update github/codeql-action action to v4
  • 19040cc fix(deps): update module github.com/kataras/iris/v12 to v12.2.11
  • e05282e chore(deps): update release-drafter/release-drafter action to v7.2.0 (#122)
  • See full diff in compare view

Updates google.golang.org/api from 0.276.0 to 0.279.0

Release notes

Sourced from google.golang.org/api's releases.

v0.279.0

0.279.0 (2026-05-12)

Features

v0.278.0

0.278.0 (2026-05-05)

Features

v0.277.0

0.277.0 (2026-04-29)

Features

Bug Fixes

  • idtoken: Avoid double impersonation in tokenSourceFromBytes (#3576) (75172cf), refs #2301
Changelog

Sourced from google.golang.org/api's changelog.

0.279.0 (2026-05-12)

Features

0.278.0 (2026-05-05)

Features

0.277.0 (2026-04-29)

Features

Bug Fixes

  • idtoken: Avoid double impersonation in tokenSourceFromBytes (#3576) (75172cf), refs #2301
Commits

Updates modernc.org/sqlite from 1.50.0 to 1.50.1

Changelog

Sourced from modernc.org/sqlite's changelog.

Changelog

  • 2026-05-28 v1.52.0:

    • Add Backup.Remaining and Backup.PageCount, thin wrappers around the existing sqlite3_backup_remaining and sqlite3_backup_pagecount C symbols. Together they expose the per-Step progress counters that the underlying backup object already maintains, enabling progress reporting during online backups without dropping to modernc.org/sqlite/lib directly.
    • See [GitLab merge request #122](https://gitlab.com/cznic/sqlite/-/merge_requests/122), thanks Ian Chechin!
    • Drop the redundant second copy in (*conn).columnText, the path that backs every Rows.Scan into a Go string for a TEXT column. The value's bytes are still copied once out of SQLite-owned memory into a fresh Go buffer; that buffer is then reinterpreted as the result string with unsafe.String rather than copied a second time by the implicit string([]byte) conversion. This removes one allocation per TEXT value per row and roughly halves the bytes allocated on that path; on the new BenchmarkColumnTextScan cases it is ~13–20% faster for payloads of 256 B and larger, with no measurable change for very short strings. Purely internal: no API or behavioral change, and the returned string never aliases SQLite's buffer.
    • See [GitLab merge request #123](https://gitlab.com/cznic/sqlite/-/merge_requests/123), thanks Ian Chechin!
    • Cache each result column's declared type once per result set in newRows instead of recomputing it on every row. The TEXT branch of Rows.Next calls ColumnTypeDatabaseTypeName for every TEXT column on every row (independent of any DSN flag), which previously did a libc.GoString + strings.ToUpper each time; that lookup is now a single index into a cached, pre-uppercased []string, and ColumnTypeScanType reads the same cache and drops its per-call strings.ToLower. The declared type is fixed for the lifetime of a prepared statement, so the C round-trip is paid once per column rather than once per column per row, removing exactly 1 alloc + 8 B per TEXT column per row from the Next hot path. The new BenchmarkTextToTimeScan cases show ~7% faster on a 1000-row DATETIME SELECT under _texttotime=1. Purely internal: ColumnTypeDatabaseTypeName and ColumnTypeScanType return identical values, no API or behavioral change.
    • See [GitLab merge request #124](https://gitlab.com/cznic/sqlite/-/merge_requests/124), thanks Ian Chechin!
    • Cache, per result column, the parseTimeFormats index that first parsed a TEXT-stored DATE/DATETIME/TIMESTAMP value, and try that format first on later rows instead of re-walking the list from the top. (*conn).parseTime previously ran time.Parse down the format list on every such row; for the canonical SQLite TEXT datetime format every row paid two failed time.Parse attempts — each allocating a *time.ParseError — before the match. On a 1000-row DATETIME TEXT SELECT this cuts ~50% of allocs/op and ~57% of B/op and is ~37% faster. The fall-through chain is preserved exactly: the seven formats are mutually exclusive, so the cached hint can never select a different match than the in-order scan, and the parsed driver.Value is identical to before. Purely internal: no API or behavioral change.
    • See [GitLab merge request #125](https://gitlab.com/cznic/sqlite/-/merge_requests/125), thanks Ian Chechin!

  • 2026-05-28 v1.51.0:

    • Pool the []driver.Value slice passed to scalar/aggregate UDF callbacks and to vtab Filter/Insert/Update callbacks, eliminating the dominant per-row allocation on UDF-heavy queries. Benchmarks on a 1000-row, 3-arg noop scalar UDF show ~40% fewer bytes/op and ~15% fewer allocs/op.
    • Document the matching "arguments are not valid past return" contract on vtab.Cursor.Filter and vtab.Updater.Insert/Update, consistent with the existing rule for FunctionImpl.Scalar / AggregateFunction.Step / WindowInverse.
    • Resolves [GitLab issue #226](https://gitlab.com/cznic/sqlite/-/issues/226). See [GitLab merge request #114](https://gitlab.com/cznic/sqlite/-/merge_requests/114), thanks Ian Chechin!
    • Add FileControl.FileControlDataVersion, a wrapper around SQLITE_FCNTL_DATA_VERSION for observing pager-cache data-version changes, including those made on the same connection. Useful as a primitive for application-level cache invalidation.
    • Exposed via the idiomatic database/sql escape hatch (*sql.Conn).Raw(), consistent with the existing FileControlPersistWAL.
    • See [GitLab merge request #115](https://gitlab.com/cznic/sqlite/-/merge_requests/115), thanks Ian Chechin!
    • Fix a regression where in-memory connections (:memory:, file::memory:, shared-cache memory URIs) were discarded by database/sql after a context-cancelled query, taking the entire in-memory store with them. The fix for #198 had added an sqlite3_is_interrupted check to the connection validator that mistakenly applied to in-memory connections too, re-introducing the bug originally fixed by !74. File-backed connections keep the existing behaviour and are still discarded after an interrupt.
    • Resolves [GitLab issue #196](https://gitlab.com/cznic/sqlite/-/issues/196). See [GitLab merge request #116](https://gitlab.com/cznic/sqlite/-/merge_requests/116), thanks Ian Chechin!
    • Add an opt-in FunctionImpl.VolatileArgs flag that hands TEXT and BLOB arguments to scalar and aggregate UDF callbacks as zero-copy views (unsafe.String/unsafe.Slice) over SQLite's own value buffers, eliminating the per-argument libc.GoString/make([]byte) copy that the #226 slice-pooling left as the remaining per-row allocation. On the same 1000-row, 3-arg (INTEGER/TEXT/BLOB) noop scalar UDF this removes a further ~35% of allocs/op and ~11% of bytes/op on top of #226.
    • The views are valid only for the duration of the callback and must not be retained past return or across rows; a callback that needs to keep a value must copy it. With VolatileArgs unset (the default) arguments keep the existing copied, caller-owned semantics, so the flag is fully backward compatible; it has no effect on integer, float, time, or NULL arguments.
    • See [GitLab merge request #120](https://gitlab.com/cznic/sqlite/-/merge_requests/120), thanks Ian Chechin!
    • Extend the opt-in VolatileArgs zero-copy TEXT/BLOB argument access from #120 to the virtual-table Cursor.Filter (xFilter) and Updater.Insert/Update (xUpdate) callbacks. A vtab.Module opts in by implementing the new optional vtab.VolatileArgsOpter interface (VolatileArgs() bool); the flag is read once at module registration and shared by every table created from it. On a vtab call carrying one TEXT and one BLOB argument this removes 2 allocs/op (one libc.GoString, one make([]byte)) on each of the Filter and Update paths.
    • The same safety contract as #120 applies: the views are valid only for the duration of the callback and must not be retained past return or across rows; a callback that needs to keep a value must copy it. Modules that do not implement VolatileArgsOpter (the default for all existing modules) are byte-for-byte unchanged, and the flag has no effect on integer, float, time, or NULL arguments.
    • See [GitLab merge request #121](https://gitlab.com/cznic/sqlite/-/merge_requests/121), thanks Ian Chechin!

  • 2026-05-10 v1.50.1:

  • 2026-04-24 v1.50.0:

    • Upgrade to sqlite-vec v0.1.9.
    • Introduce ColumnInfo, enabling dynamic query builders and ORMs to retrieve underlying SQLite C-API metadata (OriginName, TableName, DatabaseName, and DeclType).
    • This feature is exposed via the idiomatic database/sql escape hatch (*sql.Conn).Raw(), avoiding custom statement handles and keeping the standard library workflow intact.
    • See [GitLab merge request #113](https://gitlab.com/cznic/sqlite/-/merge_requests/113), thanks Josh Bleecher Snyder!

  • 2026-04-17 v1.49.0: Upgrade to SQLite 3.53.0.

  • 2026-04-06 v1.48.2:

    • Fix ABI mapping mismatch in the pre-update hook trampoline that caused silent truncation of large 64-bit RowIDs.
    • Ensure the Go trampoline signature correctly aligns with the public sqlite3_preupdate_hook C API, preventing data corruption for high-entropy keys (e.g., Snowflake IDs).
    • See [GitLab merge request #98](https://gitlab.com/cznic/sqlite/-/merge_requests/98), thanks Josh Bleecher Snyder!
    • Fix the memory allocator used in (*conn).Deserialize.
    • Replace tls.Alloc with sqlite3_malloc64 to prevent internal allocator corruption. This ensures the buffer is safely owned by SQLite, which may resize or free it due to the SQLITE_DESERIALIZE_RESIZEABLE and SQLITE_DESERIALIZE_FREEONCLOSE flags.
    • Prevent a memory leak by properly freeing the allocated buffer if fetching the main database name fails before handing ownership to SQLite.
    • See [GitLab merge request #100](https://gitlab.com/cznic/sqlite/-/merge_requests/100), thanks Josh Bleecher Snyder!
    • Fix (*conn).Deserialize to explicitly reject nil or empty byte slices.
    • Prevent silent database disconnection and connection pool corruption caused by SQLite's default behavior when sqlite3_deserialize receives a 0-length buffer.

... (truncated)

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
chore(deps): Bump the go group across 1 directory with 5 updates
53e1061 
Bumps the go group with 4 updates in the / directory: [firebase.google.com/go/v4](https://github.com/firebase/firebase-admin-go), [github.com/getkin/kin-openapi](https://github.com/getkin/kin-openapi), [github.com/oapi-codegen/runtime](https://github.com/oapi-codegen/runtime) and [modernc.org/sqlite](https://gitlab.com/cznic/sqlite).


Updates `firebase.google.com/go/v4` from 4.19.0 to 4.20.0
- [Release notes](https://github.com/firebase/firebase-admin-go/releases)
- [Commits](firebase/firebase-admin-go@v4.19.0...v4.20.0)

Updates `github.com/getkin/kin-openapi` from 0.136.0 to 0.139.0
- [Release notes](https://github.com/getkin/kin-openapi/releases)
- [Commits](getkin/kin-openapi@v0.136.0...v0.139.0)

Updates `github.com/oapi-codegen/runtime` from 1.4.0 to 1.4.1
- [Release notes](https://github.com/oapi-codegen/runtime/releases)
- [Commits](oapi-codegen/runtime@v1.4.0...v1.4.1)

Updates `google.golang.org/api` from 0.276.0 to 0.279.0
- [Release notes](https://github.com/googleapis/google-api-go-client/releases)
- [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md)
- [Commits](googleapis/google-api-go-client@v0.276.0...v0.279.0)

Updates `modernc.org/sqlite` from 1.50.0 to 1.50.1
- [Changelog](https://gitlab.com/cznic/sqlite/blob/master/CHANGELOG.md)
- [Commits](https://gitlab.com/cznic/sqlite/compare/v1.50.0...v1.50.1)

---
updated-dependencies:
- dependency-name: firebase.google.com/go/v4
  dependency-version: 4.20.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: github.com/getkin/kin-openapi
  dependency-version: 0.139.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: github.com/oapi-codegen/runtime
  dependency-version: 1.4.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go
- dependency-name: google.golang.org/api
  dependency-version: 0.279.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: modernc.org/sqlite
  dependency-version: 1.50.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update go code labels Jun 3, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@nikpivkin nikpivkin

Labels

dependencies Pull requests that update a dependency file go Pull requests that update go code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@nikpivkin