chore(deps): bump the gomod group across 1 directory with 10 updates by dependabot[bot] · Pull Request #19 · webdestroya/groundskeeper

dependabot · 2026-06-08T19:01:26Z

Bumps the gomod group with 9 updates in the / directory:

Package	From	To
github.com/aws/aws-sdk-go-v2	`1.41.5`	`1.41.12`
github.com/aws/aws-sdk-go-v2/config	`1.32.14`	`1.32.23`
github.com/aws/aws-sdk-go-v2/service/secretsmanager	`1.41.5`	`1.42.2`
github.com/aws/aws-sdk-go-v2/service/ssm	`1.68.4`	`1.69.2`
github.com/go-sql-driver/mysql	`1.9.3`	`1.10.0`
github.com/jackc/pgx/v5	`5.9.1`	`5.10.0`
github.com/pressly/goose/v3	`3.27.0`	`3.27.1`
github.com/rs/zerolog	`1.35.0`	`1.35.1`
golang.org/x/sync	`0.20.0`	`0.21.0`

Updates github.com/aws/aws-sdk-go-v2 from 1.41.5 to 1.41.12

Commits

7146c2b Release 2026-06-04
5aef2fd Regenerated Clients
f94c044 Update API model
f00b205 bump to smithy-go v1.27.1 (#3434)
c4ad7de drop service/internal/benchmark (#3433)
91eca46 Release 2026-06-03.2
e9d9e15 Regenerated Clients
def6a3a Update API model
fa369bd Release 2026-06-03
960ee4d Regenerated Clients
Additional commits viewable in compare view

Updates github.com/aws/aws-sdk-go-v2/config from 1.32.14 to 1.32.23

Commits

7146c2b Release 2026-06-04
5aef2fd Regenerated Clients
f94c044 Update API model
f00b205 bump to smithy-go v1.27.1 (#3434)
c4ad7de drop service/internal/benchmark (#3433)
91eca46 Release 2026-06-03.2
e9d9e15 Regenerated Clients
def6a3a Update API model
fa369bd Release 2026-06-03
960ee4d Regenerated Clients
Additional commits viewable in compare view

Updates github.com/aws/aws-sdk-go-v2/service/secretsmanager from 1.41.5 to 1.42.2

Commits

435199f Release 2023-11-15
fb0b312 Regenerated Clients
4a54427 Update SDK's smithy-go dependency to v1.17.0
679c88c Update endpoints model
e635726 Update API model
cf022e8 feat: sra identity&auth refactor (#2364)
1433025 Release 2023-11-14
34bafde Regenerated Clients
0d10d76 Update endpoints model
fe8a6c1 Update API model
Additional commits viewable in compare view

Updates github.com/aws/aws-sdk-go-v2/service/ssm from 1.68.4 to 1.69.2

Commits

09a5817 Release 2025-12-02
58d1759 Regenerated Clients
16ba34e Update endpoints model
7873bf4 Update API model
9b55b02 bump smithy-go to v1.24.0 (#3242)
d8b0179 Release 2025-12-01
e4405f0 Regenerated Clients
65d08b0 Update API model
f6cc036 Release 2025-11-26
deb353f Regenerated Clients
Additional commits viewable in compare view

Updates github.com/go-sql-driver/mysql from 1.9.3 to 1.10.0

Release notes

Sourced from github.com/go-sql-driver/mysql's releases.

v1.10.0

What's Changed

add Go 1.24 to the test matrix by @shogo82148 in go-sql-driver/mysql#1681

modernize for Go 1.22 by @methane in go-sql-driver/mysql#1695

test stability improvement. by @methane in go-sql-driver/mysql#1698

simplify collation tests by @methane in go-sql-driver/mysql#1700

fix bigint unsigned null column scan to err type int64 by @elonnzhang in go-sql-driver/mysql#1612

Transaction Commit/Rollback returns conn's cached error, if present by @brad-defined in go-sql-driver/mysql#1691

add BenchmarkReceive10kRowsCompress by @methane in go-sql-driver/mysql#1704

optimize readPacket by @methane in go-sql-driver/mysql#1705

MariaDB Metadata skipping and DEPRECATE_EOF by @rusher in go-sql-driver/mysql#1708

Optimization: statements reuse previous column name by @methane in go-sql-driver/mysql#1711

update outdated MySQL internals documentation links by @demouth in go-sql-driver/mysql#1714

fix PING on compressed connections by @methane in go-sql-driver/mysql#1721

add DeepWiki badge by @methane in go-sql-driver/mysql#1722

Update edwards25519 dependency to v1.1.1 by @williamhaw in go-sql-driver/mysql#1749

Configure Dependabot for Go modules by @methane in go-sql-driver/mysql#1755

Bump dominikh/staticcheck-action from 1.3.1 to 1.4.1 by @dependabot[bot] in go-sql-driver/mysql#1759

Bump github/codeql-action from 3 to 4 by @dependabot[bot] in go-sql-driver/mysql#1760

Bump actions/setup-go from 5 to 6 by @dependabot[bot] in go-sql-driver/mysql#1757

fix staticcheck error by @methane in go-sql-driver/mysql#1761

Bump actions/checkout from 4 to 6 by @dependabot[bot] in go-sql-driver/mysql#1758

Fix getSystemVar buffer reuse by @morgo in go-sql-driver/mysql#1754

Consolidate Dependabot update noise by grouping weekly dependency PRs by @Copilot in go-sql-driver/mysql#1762

Bump filippo.io/edwards25519 from 1.1.1 to 1.2.0 by @dependabot[bot] in go-sql-driver/mysql#1756

CI: Update GitHub Actions Go matrix to 1.24–1.26 by @Copilot in go-sql-driver/mysql#1763

Enhance interpolateParams to correctly handle placeholders by @rusher in go-sql-driver/mysql#1732

modernize by @methane in go-sql-driver/mysql#1764

release v1.10.0 by @methane in go-sql-driver/mysql#1765

New Contributors

@elonnzhang made their first contribution in go-sql-driver/mysql#1612

@brad-defined made their first contribution in go-sql-driver/mysql#1691

@rusher made their first contribution in go-sql-driver/mysql#1708

@demouth made their first contribution in go-sql-driver/mysql#1714

@williamhaw made their first contribution in go-sql-driver/mysql#1749

@dependabot[bot] made their first contribution in go-sql-driver/mysql#1759

@morgo made their first contribution in go-sql-driver/mysql#1754

@Copilot made their first contribution in go-sql-driver/mysql#1762

Full Changelog: go-sql-driver/mysql@v1.9.2...v1.10.0

Changelog

Sourced from github.com/go-sql-driver/mysql's changelog.

v1.10.0 (2026-04-28)

Fix getSystemVar("max_allowed_packet") potentially returned wrong value. (#1754) This affects only when maxAllowedPacket=0 is set.

Bump filippo.io/edwards25519 from 1.1.1 to 1.2.0. (#1756) While older versions have reported CVEs, they do not affect go-mysql.

Update Go versions to 1.24-1.26. (#1763)

Enhance interpolateParams to correctly handle placeholders. (#1732) The question mark (?) within strings and comments will no longer be treated as a placeholder.

Commits

a065b60 release v1.10.0 (#1765)
09e4187 modernize (#1764)
6c44a9a Enhance interpolateParams to correctly handle placeholders (#1732)
688ce56 Update supported Go version to 1.24–1.26 (#1763)
118d07f Bump filippo.io/edwards25519 from 1.1.1 to 1.2.0 (#1756)
d6b2d3e Consolidate Dependabot update noise by grouping weekly dependency PRs (#1762)
037dfd8 Fix getSystemVar buffer reuse (#1754)
900f330 Bump actions/checkout from 4 to 6 (#1758)
ab9e380 fix staticcheck error (#1761)
f298c66 Bump actions/setup-go from 5 to 6 (#1757)
Additional commits viewable in compare view

Updates github.com/jackc/pgx/v5 from 5.9.1 to 5.10.0

Changelog

Sourced from github.com/jackc/pgx/v5's changelog.

5.10.0 (June 3, 2026)

This release includes a significant amount of hardening against malicious or compromised PostgreSQL servers, contributed by Sean Chittenden at CrowdStrike, Inc. This work bounds binary decoders against attacker-controlled message sizes, caps server-supplied SCRAM iteration counts, adds require_auth to restrict which authentication methods a server may use (mitigating downgrade attacks under sslmode=prefer), and ensures cancellation requests are sent over TLS when the original connection used TLS.

Features

Add require_auth to restrict accepted server authentication methods (Sean Chittenden at CrowdStrike, Inc.)

Add ParseConfigOptions.ConnStringAllowedKeys to restrict allowed connection string keys (Sean Chittenden at CrowdStrike, Inc.)

Add StructArgs and StrictStructArgs for @-named queries (Tubelight30)

Add ErrConnClosed sentinel error and unwrap it from connLockError (Charlie Tonneslan)

pgxpool: check if connection is expired before acquire (arthurdotwork)

Security Hardening

Encrypt CancelRequest connection when the primary connection used TLS (Sean Chittenden at CrowdStrike, Inc.)

Cap server-supplied SCRAM iteration count (Sean Chittenden at CrowdStrike, Inc.)

Default Frontend max message body length to ~1 GiB (Sean Chittenden at CrowdStrike, Inc.)

Bound hstore binary decode against malicious server input (Sean Chittenden at CrowdStrike, Inc.)

Bound array binary decode element length against remaining message bytes (Sean Chittenden at CrowdStrike, Inc.)

Bound array element count against remaining message bytes (Sean Chittenden at CrowdStrike, Inc.)

Bound range, multirange, and tsvector binary decoders (Sean Chittenden at CrowdStrike, Inc.)

Document secure connection configuration (Sean Chittenden at CrowdStrike, Inc.)

Fix panic on malformed geometric text; return an error instead (MaIII)

Fixes

Fix scanning "char" (OID 18) into *string in binary format (luongs3)

Fix handling of typed-nil driver.Valuer in array and composite codecs (Donncha Fahy)

Fix CopyData.Data hex decoding in UnmarshalJSON (Charlie Tonneslan)

Fix data race when context is cancelled during connect

Fix parseKeywordValueSettings rejecting trailing whitespace (alliasgher)

pgconn: preserve full error chain in normalizeTimeoutError (Charlie Tonneslan)

pgconn: use a fresh context for the fallback connection in connectPreferred (Charlie Tonneslan)

pgxpool: fix MaxLifetimeDestroyCount and ping order for acquire-time expiry check

Add missing error check of rows.Err to load types (Jen Altavilla)

5.9.2 (April 18, 2026)

Fix SQL Injection via placeholder confusion with dollar quoted string literals (GHSA-j88v-2chj-qfwx)

SQL injection can occur when:

The non-default simple protocol is used.

A dollar quoted string literal is used in the SQL query.

That query contains text that would be would be interpreted outside as a placeholder outside of a string literal.

The value of that placeholder is controllable by the attacker.

... (truncated)

Commits

7293fb1 Update changelog for v5.10.0
1ade285 pgconn: document secure connection configuration
b4d6d4d pgtype: bound range, multirange, and tsvector binary decoders
0639b37 pgconn: add ParseConfigOptions.ConnStringAllowedKeys
b28e65b pgtype: bound array element count against remaining message bytes
cd1f389 pgtype: bound array binary decode element length against remaining bytes
ff27b5b pgtype: bound hstore binary decode against malicious server input
a6002e1 pgproto3: default Frontend max message body length to ~1 GiB
44f6173 pgconn: cap server-supplied SCRAM iteration count
1a976f7 pgconn: add require_auth to restrict accepted server auth methods
Additional commits viewable in compare view

Updates github.com/pressly/goose/v3 from 3.27.0 to 3.27.1

Release notes

Sourced from github.com/pressly/goose/v3's releases.

v3.27.1

What's Changed

Dependency updates

Full Changelog: pressly/goose@v3.27.0...v3.27.1

Changelog

Sourced from github.com/pressly/goose/v3's changelog.

[v3.27.1] - 2026-04-24

Changed

Bump minimum Go version to 1.25.7

Various dependency upgrades

Commits

e3235f7 release: v3.27.1
883e2f7 build(deps): bump Go and dependency versions (#1067)
2e2fe5c build(deps): bump the gomod group with 3 updates (#1048)
21176ca build(deps): bump modernc.org/sqlite from 1.46.1 to 1.47.0 in the gomod group...
e7bd535 build(deps): bump google.golang.org/grpc from 1.79.1 to 1.79.3 (#1042)
f9c7cb4 build(deps): bump google.golang.org/grpc from 1.79.1 to 1.79.3 in /internal/t...
b6220db build(deps): bump the gomod group across 1 directory with 3 updates (#1041)
65e320f docs: fix README escaping marker in ENVSUB example (#1037)
18f6ef7 build(deps): bump goreleaser/goreleaser-action from 6 to 7 (#1036)
de28e04 docs: update v3.27.0 release notes with Go 1.25 minimum and dep upgrades
See full diff in compare view

Updates github.com/rs/zerolog from 1.35.0 to 1.35.1

Commits

116c806 event: restore Err() logging when ErrorStackMarshaler returns nil (#763)
See full diff in compare view

Updates golang.org/x/sync from 0.20.0 to 0.21.0

Commits

5071ed6 all: fix some comments to improve readability
See full diff in compare view

Updates modernc.org/sqlite from 1.48.2 to 1.49.1

Commits

fe575e4 doc.go: update SQLite version
3ccb9ca upgrade to SQLite 3.53.0
See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the gomod group with 9 updates in the / directory: | Package | From | To | | --- | --- | --- | | [github.com/aws/aws-sdk-go-v2](https://github.com/aws/aws-sdk-go-v2) | `1.41.5` | `1.41.12` | | [github.com/aws/aws-sdk-go-v2/config](https://github.com/aws/aws-sdk-go-v2) | `1.32.14` | `1.32.23` | | [github.com/aws/aws-sdk-go-v2/service/secretsmanager](https://github.com/aws/aws-sdk-go-v2) | `1.41.5` | `1.42.2` | | [github.com/aws/aws-sdk-go-v2/service/ssm](https://github.com/aws/aws-sdk-go-v2) | `1.68.4` | `1.69.2` | | [github.com/go-sql-driver/mysql](https://github.com/go-sql-driver/mysql) | `1.9.3` | `1.10.0` | | [github.com/jackc/pgx/v5](https://github.com/jackc/pgx) | `5.9.1` | `5.10.0` | | [github.com/pressly/goose/v3](https://github.com/pressly/goose) | `3.27.0` | `3.27.1` | | [github.com/rs/zerolog](https://github.com/rs/zerolog) | `1.35.0` | `1.35.1` | | [golang.org/x/sync](https://github.com/golang/sync) | `0.20.0` | `0.21.0` | Updates `github.com/aws/aws-sdk-go-v2` from 1.41.5 to 1.41.12 - [Release notes](https://github.com/aws/aws-sdk-go-v2/releases) - [Commits](aws/aws-sdk-go-v2@v1.41.5...v1.41.12) Updates `github.com/aws/aws-sdk-go-v2/config` from 1.32.14 to 1.32.23 - [Release notes](https://github.com/aws/aws-sdk-go-v2/releases) - [Commits](aws/aws-sdk-go-v2@config/v1.32.14...config/v1.32.23) Updates `github.com/aws/aws-sdk-go-v2/service/secretsmanager` from 1.41.5 to 1.42.2 - [Release notes](https://github.com/aws/aws-sdk-go-v2/releases) - [Commits](aws/aws-sdk-go-v2@v1.41.5...service/s3/v1.42.2) Updates `github.com/aws/aws-sdk-go-v2/service/ssm` from 1.68.4 to 1.69.2 - [Release notes](https://github.com/aws/aws-sdk-go-v2/releases) - [Commits](aws/aws-sdk-go-v2@service/ssm/v1.68.4...service/ecs/v1.69.2) Updates `github.com/go-sql-driver/mysql` from 1.9.3 to 1.10.0 - [Release notes](https://github.com/go-sql-driver/mysql/releases) - [Changelog](https://github.com/go-sql-driver/mysql/blob/master/CHANGELOG.md) - [Commits](go-sql-driver/mysql@v1.9.3...v1.10.0) Updates `github.com/jackc/pgx/v5` from 5.9.1 to 5.10.0 - [Changelog](https://github.com/jackc/pgx/blob/master/CHANGELOG.md) - [Commits](jackc/pgx@v5.9.1...v5.10.0) Updates `github.com/pressly/goose/v3` from 3.27.0 to 3.27.1 - [Release notes](https://github.com/pressly/goose/releases) - [Changelog](https://github.com/pressly/goose/blob/main/CHANGELOG.md) - [Commits](pressly/goose@v3.27.0...v3.27.1) Updates `github.com/rs/zerolog` from 1.35.0 to 1.35.1 - [Commits](rs/zerolog@v1.35.0...v1.35.1) Updates `golang.org/x/sync` from 0.20.0 to 0.21.0 - [Commits](golang/sync@v0.20.0...v0.21.0) Updates `modernc.org/sqlite` from 1.48.2 to 1.49.1 - [Changelog](https://gitlab.com/cznic/sqlite/blob/master/CHANGELOG.md) - [Commits](https://gitlab.com/cznic/sqlite/compare/v1.48.2...v1.49.1) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go-v2 dependency-version: 1.41.12 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gomod - dependency-name: github.com/aws/aws-sdk-go-v2/config dependency-version: 1.32.23 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gomod - dependency-name: github.com/aws/aws-sdk-go-v2/service/secretsmanager dependency-version: 1.42.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: gomod - dependency-name: github.com/aws/aws-sdk-go-v2/service/ssm dependency-version: 1.69.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: gomod - dependency-name: github.com/go-sql-driver/mysql dependency-version: 1.10.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: gomod - dependency-name: github.com/jackc/pgx/v5 dependency-version: 5.10.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: gomod - dependency-name: github.com/pressly/goose/v3 dependency-version: 3.27.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gomod - dependency-name: github.com/rs/zerolog dependency-version: 1.35.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gomod - dependency-name: golang.org/x/sync dependency-version: 0.21.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: gomod - dependency-name: modernc.org/sqlite dependency-version: 1.49.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: gomod ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot Bot added the dependencies label Jun 8, 2026

dependabot Bot requested a review from webdestroya as a code owner June 8, 2026 19:01

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): bump the gomod group across 1 directory with 10 updates#19

chore(deps): bump the gomod group across 1 directory with 10 updates#19
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/go_modules/gomod-6e4108ed8e

dependabot Bot commented on behalf of github Jun 8, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot Bot commented on behalf of github Jun 8, 2026

v1.10.0

What's Changed

New Contributors

v1.10.0 (2026-04-28)

5.10.0 (June 3, 2026)

Features

Security Hardening

Fixes

5.9.2 (April 18, 2026)

v3.27.1

What's Changed

[v3.27.1] - 2026-04-24

Changed

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants