mirror of
https://github.com/fosrl/gerbil.git
synced 2026-07-16 01:07:43 -05:00
[PR #85] [MERGED] Update Go dependencies for security fixes #902
Reference in New Issue
Block a user
Delete Branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
📋 Pull Request Information
Original PR: https://github.com/fosrl/gerbil/pull/85
Author: @marcschaeferger
Created: 6/4/2026
Status: ✅ Merged
Merged: 6/4/2026
Merged by: @oschwartz10612
Base:
main← Head:fix/security-update-go-deps📝 Commits (1)
44622a8fix(deps): update Go dependencies for security fixes📊 Changes
2 files changed (+75 additions, -60 deletions)
View changed files
📝
go.mod(+20 -20)📝
go.sum(+55 -40)📄 Description
Description
This pull request updates several dependencies in the
go.modfile to newer versions, primarily focusing on the Prometheus and OpenTelemetry libraries, as well as other indirect dependencies. These updates help ensure the project benefits from the latest features, security patches, and bug fixes.Dependency updates:
Prometheus and monitoring libraries:
github.com/prometheus/client_golangfrom v1.20.5 to v1.23.2, along with related indirect dependencies:client_modelto v0.6.2,commonto v0.66.1, andprocfsto v0.16.1. [1] [2]OpenTelemetry libraries:
go.opentelemetry.io/oteldependencies from v1.43.0 to v1.44.0, including exporters, metric, sdk, and trace packages. [1] [2]Other dependency updates:
golang.org/x/cryptoto v0.52.0,golang.org/x/netto v0.55.0,golang.org/x/systo v0.45.0, andgolang.org/x/textto v0.37.0. [1] [2]github.com/grpc-ecosystem/grpc-gateway/v2to v2.29.0 andgoogle.golang.org/grpcto v1.81.1.google.golang.org/genprotodependencies to their latest versions.go.yaml.in/yaml/v2 v2.4.2as an indirect dependency.Security Report
Note:
NO AI usage
🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.