Skip to content

Bump the all-gomod group across 2 directories with 12 updates#97

Closed
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/go_modules/pgx/all-gomod-bc608b4dad
Closed

Bump the all-gomod group across 2 directories with 12 updates#97
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/go_modules/pgx/all-gomod-bc608b4dad

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Apr 20, 2026

Bumps the all-gomod group with 2 updates in the /pgx directory: github.com/jackc/pgx/v5 and golang.org/x/text.
Bumps the all-gomod group with 10 updates in the /tests directory:

Package From To
github.com/jackc/pgx/v5 5.9.1 5.9.2
golang.org/x/text 0.35.0 0.36.0
github.com/testcontainers/testcontainers-go 0.41.0 0.42.0
github.com/testcontainers/testcontainers-go/modules/mysql 0.41.0 0.42.0
github.com/testcontainers/testcontainers-go/modules/postgres 0.41.0 0.42.0
modernc.org/sqlite 1.48.1 1.49.1
github.com/docker/go-connections 0.6.0 0.7.0
github.com/mattn/go-isatty 0.0.20 0.0.21
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp 0.67.0 0.68.0
golang.org/x/crypto 0.49.0 0.50.0

Updates github.com/jackc/pgx/v5 from 5.9.1 to 5.9.2

Changelog

Sourced from github.com/jackc/pgx/v5's changelog.

5.9.2 (April 18, 2026)

Fix SQL Injection via placeholder confusion with dollar quoted string literals (GHSA-j88v-2chj-qfwx)

SQL injection can occur when:

  1. The non-default simple protocol is used.
  2. A dollar quoted string literal is used in the SQL query.
  3. That query contains text that would be would be interpreted outside as a placeholder outside of a string literal.
  4. The value of that placeholder is controllable by the attacker.

e.g.

attackValue := `$tag$; drop table canary; --`
_, err = tx.Exec(ctx, `select $tag$ $1 $tag$, $1`, pgx.QueryExecModeSimpleProtocol, attackValue)

This is unlikely to occur outside of a contrived scenario.

Commits
  • 0aeabbc Release v5.9.2
  • 60644f8 Fix SQL sanitizer bugs with dollar-quoted strings and placeholder overflow
  • a5680bc Merge pull request #2531 from dolmen-go/godoc-add-links
  • e34e452 doc: Add godoc links
  • 08c9bb1 Fix Stringer types encoded as text instead of numeric value in composite fields
  • 96b4dbd Remove unstable test
  • acf88e0 Merge pull request #2526 from abrightwell/abrightwell-min-proto
  • 2f81f1f Update max_protocol_version and min_protocol_version defaults
  • See full diff in compare view

Updates golang.org/x/text from 0.35.0 to 0.36.0

Commits

Updates github.com/jackc/pgx/v5 from 5.9.1 to 5.9.2

Changelog

Sourced from github.com/jackc/pgx/v5's changelog.

5.9.2 (April 18, 2026)

Fix SQL Injection via placeholder confusion with dollar quoted string literals (GHSA-j88v-2chj-qfwx)

SQL injection can occur when:

  1. The non-default simple protocol is used.
  2. A dollar quoted string literal is used in the SQL query.
  3. That query contains text that would be would be interpreted outside as a placeholder outside of a string literal.
  4. The value of that placeholder is controllable by the attacker.

e.g.

attackValue := `$tag$; drop table canary; --`
_, err = tx.Exec(ctx, `select $tag$ $1 $tag$, $1`, pgx.QueryExecModeSimpleProtocol, attackValue)

This is unlikely to occur outside of a contrived scenario.

Commits
  • 0aeabbc Release v5.9.2
  • 60644f8 Fix SQL sanitizer bugs with dollar-quoted strings and placeholder overflow
  • a5680bc Merge pull request #2531 from dolmen-go/godoc-add-links
  • e34e452 doc: Add godoc links
  • 08c9bb1 Fix Stringer types encoded as text instead of numeric value in composite fields
  • 96b4dbd Remove unstable test
  • acf88e0 Merge pull request #2526 from abrightwell/abrightwell-min-proto
  • 2f81f1f Update max_protocol_version and min_protocol_version defaults
  • See full diff in compare view

Updates golang.org/x/text from 0.35.0 to 0.36.0

Commits

Updates github.com/testcontainers/testcontainers-go from 0.41.0 to 0.42.0

Release notes

Sourced from github.com/testcontainers/testcontainers-go's releases.

v0.42.0

What's Changed

⚠️ Breaking Changes

🔒 Security

🐛 Bug Fixes

  • fix: return an error when docker host cannot be retrieved (#3613) @​ash2k

🧹 Housekeeping

📦 Dependency updates

  • chore(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp from 1.28.0 to 1.43.0 in /modules/grafana-lgtm (#3639) @dependabot[bot]
  • chore(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp from 1.42.0 to 1.43.0 in /modules/compose (#3641) @dependabot[bot]
  • chore(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp from 1.42.0 to 1.43.0 in /modules/compose (#3645) @dependabot[bot]
  • chore(deps): bump mkdocs-include-markdown-plugin from 7.2.1 to 7.2.2 (#3626) @dependabot[bot]
  • chore(deps): bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.51.2 to 1.97.3 in /modules/localstack (#3638) @dependabot[bot]
  • chore(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp from 1.41.0 to 1.43.0 in /modules/grafana-lgtm (#3643) @dependabot[bot]
  • chore(deps): bump go.opentelemetry.io/otel/sdk from 1.41.0 to 1.43.0 in /modules/milvus (#3644) @dependabot[bot]
  • chore: update to Go 1.25.9, 1.26.9 (#3647) @​thaJeztah
  • chore(deps): bump bump github.com/klauspost/compress v1.18.5, github.com/docker/compose v5.1.2 (#3646) @​thaJeztah
  • chore(deps): bump moby/client v0.4.0, moby/api v1.54.1 (#3634) @​thaJeztah
  • chore(deps): bump golang.org/x/sys from 0.41.0 to 0.42.0 (#3629) @dependabot[bot]
  • chore(deps): bump github.com/moby/patternmatcher from 0.6.0 to 0.6.1 (#3628) @dependabot[bot]
  • chore(deps): bump github.com/shirou/gopsutil/v4 from 4.26.2 to 4.26.3 (#3627) @dependabot[bot]
  • fix(localstack): accept community-archive as a valid tag (#3601) @​johnduhart
  • chore(deps): bump github.com/go-jose/go-jose/v4 from 4.1.3 to 4.1.4 in /modules/gcloud (#3632) @dependabot[bot]
  • chore(deps): bump actions/upload-artifact from 6.0.0 to 7.0.0 (#3625) @dependabot[bot]
  • chore(deps): bump pygments from 2.19.2 to 2.20.0 (#3615) @dependabot[bot]
  • chore(deps): bump google.golang.org/grpc from 1.67.0 to 1.79.3 in /modules/milvus (#3612) @dependabot[bot]
  • chore(deps): bump google.golang.org/grpc from 1.67.0 to 1.79.3 in /modules/etcd (#3611) @dependabot[bot]
  • chore(deps): bump google.golang.org/grpc from 1.79.1 to 1.79.3 in /modules/ollama (#3610) @dependabot[bot]
  • chore(deps): bump google.golang.org/grpc from 1.67.0 to 1.79.3 in /modules/pinecone (#3609) @dependabot[bot]
  • chore(deps): bump google.golang.org/grpc from 1.67.0 to 1.79.3 in /modules/couchbase (#3608) @dependabot[bot]
  • chore(deps): bump requests from 2.32.4 to 2.33.0 (#3604) @dependabot[bot]
  • chore(deps): bump google.golang.org/grpc from 1.79.1 to 1.79.3 in /modules/meilisearch (#3607) @dependabot[bot]
  • chore(deps): bump github.com/moby/buildkit from 0.27.1 to 0.28.1 in /modules/compose (#3605) @dependabot[bot]

... (truncated)

Commits
  • 6e58418 chore: use new version (v0.42.0) in modules and examples
  • f713dc0 chore(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetr...
  • 300827a chore(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetr...
  • 7a15ac1 chore(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptrace...
  • 5bae3d2 fix: return an error when docker host cannot be retrieved (#3613)
  • fc19484 chore(deps): bump mkdocs-include-markdown-plugin from 7.2.1 to 7.2.2 (#3626)
  • 95bdc0c chore(deps): bump github.com/aws/aws-sdk-go-v2/service/s3 (#3638)
  • 75aa226 chore(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptrace...
  • 2f59938 chore(deps): bump go.opentelemetry.io/otel/sdk in /modules/milvus (#3644)
  • 580abf6 chore: update to Go 1.25.9, 1.26.9 (#3647)
  • Additional commits viewable in compare view

Updates github.com/testcontainers/testcontainers-go/modules/mysql from 0.41.0 to 0.42.0

Release notes

Sourced from github.com/testcontainers/testcontainers-go/modules/mysql's releases.

v0.42.0

What's Changed

⚠️ Breaking Changes

🔒 Security

🐛 Bug Fixes

  • fix: return an error when docker host cannot be retrieved (#3613) @​ash2k

🧹 Housekeeping

📦 Dependency updates

  • chore(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp from 1.28.0 to 1.43.0 in /modules/grafana-lgtm (#3639) @dependabot[bot]
  • chore(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp from 1.42.0 to 1.43.0 in /modules/compose (#3641) @dependabot[bot]
  • chore(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp from 1.42.0 to 1.43.0 in /modules/compose (#3645) @dependabot[bot]
  • chore(deps): bump mkdocs-include-markdown-plugin from 7.2.1 to 7.2.2 (#3626) @dependabot[bot]
  • chore(deps): bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.51.2 to 1.97.3 in /modules/localstack (#3638) @dependabot[bot]
  • chore(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp from 1.41.0 to 1.43.0 in /modules/grafana-lgtm (#3643) @dependabot[bot]
  • chore(deps): bump go.opentelemetry.io/otel/sdk from 1.41.0 to 1.43.0 in /modules/milvus (#3644) @dependabot[bot]
  • chore: update to Go 1.25.9, 1.26.9 (#3647) @​thaJeztah
  • chore(deps): bump bump github.com/klauspost/compress v1.18.5, github.com/docker/compose v5.1.2 (#3646) @​thaJeztah
  • chore(deps): bump moby/client v0.4.0, moby/api v1.54.1 (#3634) @​thaJeztah
  • chore(deps): bump golang.org/x/sys from 0.41.0 to 0.42.0 (#3629) @dependabot[bot]
  • chore(deps): bump github.com/moby/patternmatcher from 0.6.0 to 0.6.1 (#3628) @dependabot[bot]
  • chore(deps): bump github.com/shirou/gopsutil/v4 from 4.26.2 to 4.26.3 (#3627) @dependabot[bot]
  • fix(localstack): accept community-archive as a valid tag (#3601) @​johnduhart
  • chore(deps): bump github.com/go-jose/go-jose/v4 from 4.1.3 to 4.1.4 in /modules/gcloud (#3632) @dependabot[bot]
  • chore(deps): bump actions/upload-artifact from 6.0.0 to 7.0.0 (#3625) @dependabot[bot]
  • chore(deps): bump pygments from 2.19.2 to 2.20.0 (#3615) @dependabot[bot]
  • chore(deps): bump google.golang.org/grpc from 1.67.0 to 1.79.3 in /modules/milvus (#3612) @dependabot[bot]
  • chore(deps): bump google.golang.org/grpc from 1.67.0 to 1.79.3 in /modules/etcd (#3611) @dependabot[bot]
  • chore(deps): bump google.golang.org/grpc from 1.79.1 to 1.79.3 in /modules/ollama (#3610) @dependabot[bot]
  • chore(deps): bump google.golang.org/grpc from 1.67.0 to 1.79.3 in /modules/pinecone (#3609) @dependabot[bot]
  • chore(deps): bump google.golang.org/grpc from 1.67.0 to 1.79.3 in /modules/couchbase (#3608) @dependabot[bot]
  • chore(deps): bump requests from 2.32.4 to 2.33.0 (#3604) @dependabot[bot]
  • chore(deps): bump google.golang.org/grpc from 1.79.1 to 1.79.3 in /modules/meilisearch (#3607) @dependabot[bot]
  • chore(deps): bump github.com/moby/buildkit from 0.27.1 to 0.28.1 in /modules/compose (#3605) @dependabot[bot]

... (truncated)

Commits
  • 6e58418 chore: use new version (v0.42.0) in modules and examples
  • f713dc0 chore(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetr...
  • 300827a chore(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetr...
  • 7a15ac1 chore(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptrace...
  • 5bae3d2 fix: return an error when docker host cannot be retrieved (#3613)
  • fc19484 chore(deps): bump mkdocs-include-markdown-plugin from 7.2.1 to 7.2.2 (#3626)
  • 95bdc0c chore(deps): bump github.com/aws/aws-sdk-go-v2/service/s3 (#3638)
  • 75aa226 chore(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptrace...
  • 2f59938 chore(deps): bump go.opentelemetry.io/otel/sdk in /modules/milvus (#3644)
  • 580abf6 chore: update to Go 1.25.9, 1.26.9 (#3647)
  • Additional commits viewable in compare view

Updates github.com/testcontainers/testcontainers-go/modules/postgres from 0.41.0 to 0.42.0

Release notes

Sourced from github.com/testcontainers/testcontainers-go/modules/postgres's releases.

v0.42.0

What's Changed

⚠️ Breaking Changes

🔒 Security

🐛 Bug Fixes

  • fix: return an error when docker host cannot be retrieved (#3613) @​ash2k

🧹 Housekeeping

📦 Dependency updates

  • chore(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp from 1.28.0 to 1.43.0 in /modules/grafana-lgtm (#3639) @dependabot[bot]
  • chore(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp from 1.42.0 to 1.43.0 in /modules/compose (#3641) @dependabot[bot]
  • chore(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp from 1.42.0 to 1.43.0 in /modules/compose (#3645) @dependabot[bot]
  • chore(deps): bump mkdocs-include-markdown-plugin from 7.2.1 to 7.2.2 (#3626) @dependabot[bot]
  • chore(deps): bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.51.2 to 1.97.3 in /modules/localstack (#3638) @dependabot[bot]
  • chore(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp from 1.41.0 to 1.43.0 in /modules/grafana-lgtm (#3643) @dependabot[bot]
  • chore(deps): bump go.opentelemetry.io/otel/sdk from 1.41.0 to 1.43.0 in /modules/milvus (#3644) @dependabot[bot]
  • chore: update to Go 1.25.9, 1.26.9 (#3647) @​thaJeztah
  • chore(deps): bump bump github.com/klauspost/compress v1.18.5, github.com/docker/compose v5.1.2 (#3646) @​thaJeztah
  • chore(deps): bump moby/client v0.4.0, moby/api v1.54.1 (#3634) @​thaJeztah
  • chore(deps): bump golang.org/x/sys from 0.41.0 to 0.42.0 (#3629) @dependabot[bot]
  • chore(deps): bump github.com/moby/patternmatcher from 0.6.0 to 0.6.1 (#3628) @dependabot[bot]
  • chore(deps): bump github.com/shirou/gopsutil/v4 from 4.26.2 to 4.26.3 (#3627) @dependabot[bot]
  • fix(localstack): accept community-archive as a valid tag (#3601) @​johnduhart
  • chore(deps): bump github.com/go-jose/go-jose/v4 from 4.1.3 to 4.1.4 in /modules/gcloud (#3632) @dependabot[bot]
  • chore(deps): bump actions/upload-artifact from 6.0.0 to 7.0.0 (#3625) @dependabot[bot]
  • chore(deps): bump pygments from 2.19.2 to 2.20.0 (#3615) @dependabot[bot]
  • chore(deps): bump google.golang.org/grpc from 1.67.0 to 1.79.3 in /modules/milvus (#3612) @dependabot[bot]
  • chore(deps): bump google.golang.org/grpc from 1.67.0 to 1.79.3 in /modules/etcd (#3611) @dependabot[bot]
  • chore(deps): bump google.golang.org/grpc from 1.79.1 to 1.79.3 in /modules/ollama (#3610) @dependabot[bot]
  • chore(deps): bump google.golang.org/grpc from 1.67.0 to 1.79.3 in /modules/pinecone (#3609) @dependabot[bot]
  • chore(deps): bump google.golang.org/grpc from 1.67.0 to 1.79.3 in /modules/couchbase (#3608) @dependabot[bot]
  • chore(deps): bump requests from 2.32.4 to 2.33.0 (#3604) @dependabot[bot]
  • chore(deps): bump google.golang.org/grpc from 1.79.1 to 1.79.3 in /modules/meilisearch (#3607) @dependabot[bot]
  • chore(deps): bump github.com/moby/buildkit from 0.27.1 to 0.28.1 in /modules/compose (#3605) @dependabot[bot]

... (truncated)

Commits
  • 6e58418 chore: use new version (v0.42.0) in modules and examples
  • f713dc0 chore(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetr...
  • 300827a chore(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetr...
  • 7a15ac1 chore(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptrace...
  • 5bae3d2 fix: return an error when docker host cannot be retrieved (#3613)
  • fc19484 chore(deps): bump mkdocs-include-markdown-plugin from 7.2.1 to 7.2.2 (#3626)
  • 95bdc0c chore(deps): bump github.com/aws/aws-sdk-go-v2/service/s3 (#3638)
  • 75aa226 chore(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptrace...
  • 2f59938 chore(deps): bump go.opentelemetry.io/otel/sdk in /modules/milvus (#3644)
  • 580abf6 chore: update to Go 1.25.9, 1.26.9 (#3647)
  • Additional commits viewable in compare view

Updates modernc.org/sqlite from 1.48.1 to 1.49.1

Commits
  • fe575e4 doc.go: update SQLite version
  • 3ccb9ca upgrade to SQLite 3.53.0
  • df16977 CHANGELOG.md: add !112
  • 172c395 Merge branch 'fix-openv2-handle-leak' into 'master'
  • 2719730 fix openV2 handle leak, TLS leak, and misleading error on failed open
  • 53c87f6 CHANGELOG.md: add !111
  • c324f37 Merge branch 'fix-backup-restore-error-handle' into 'master'
  • fc791df read error from correct db handle on backup init failure
  • 1620515 CHANGELOG.md: add !109
  • 72aaab4 Merge branch 'errstr-for-db' into 'master'
  • Additional commits viewable in compare view

Updates github.com/docker/go-connections from 0.6.0 to 0.7.0

Commits
  • 7997b0f Merge pull request #156 from thaJeztah/bump_go_winio
  • 329724a chore(deps): bump github.com/Microsoft/go-winio v0.6.2
  • 161dc9b Merge pull request #155 from thaJeztah/pin_actions
  • b115e42 Merge pull request #154 from thaJeztah/fix_non_linux_tests
  • 4c35b2a ci: pin actions to sha
  • b4454a6 tlsconfig: make root pool tests deterministic across platforms
  • 0819711 tlsconfig: certPool: pass options as argument
  • 0329635 tlsconfig: rename some vars that shadowed
  • 894d811 Merge pull request #150 from thaJeztah/deprecate_SystemCertPool
  • 0a1293a Merge pull request #153 from thaJeztah/chachacha
  • Additional commits viewable in compare view

Updates github.com/mattn/go-isatty from 0.0.20 to 0.0.21

Commits
  • 4237fb1 Update Go test matrix to current versions (1.24-1.26)
  • 433c12b Update GitHub Actions to latest versions
  • 1cf5589 Add wasip1 and wasip2 to build constraints in isatty_others.go
  • 1237245 Update dependencies: go 1.15 -> 1.21, golang.org/x/sys v0.6.0 -> v0.28.0
  • ac9c88d Fix typo in comment: undocomented -> undocumented
  • 8b7124e Add availability check for NtQueryObject in init
  • 08d0313 Fix isCygwinPipeName to reject names with extra trailing tokens
  • See full diff in compare view

Updates go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp from 0.67.0 to 0.68.0

Release notes

Sourced from go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp's releases.

Release v1.43.0/v2.5.0/v0.68.0/v0.37.0/v0.23.0/v0.18.0/v0.16.0/v0.15.0

Added

  • Add Resource method to SDK in go.opentelemetry.io/contrib/otelconf/v0.3.0 to expose the resolved SDK resource from declarative configuration. (#8660)
  • Add support to set the configuration file via OTEL_CONFIG_FILE in go.opentelemetry.io/contrib/otelconf. (#8639)
  • Add support for service resource detector in go.opentelemetry.io/contrib/otelconf. (#8674)
  • Add support for attribute_count_limit and attribute_value_length_limit in tracer provider configuration in go.opentelemetry.io/contrib/otelconf. (#8687)
  • Add support for attribute_count_limit and attribute_value_length_limit in logger provider configuration in go.opentelemetry.io/contrib/otelconf. (#8686)
  • Add support for server.address and server.port attributes in go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc. (#8723)
  • Add support for OTEL_SEMCONV_STABILITY_OPT_IN in go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc. Supported values are rpc (default), rpc/dup and rpc/old. (#8726)
  • Add the http.route metric attribute to go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp. (#8632)

Changed

  • Prepend _ to the normalized environment variable name when the key starts with a digit in go.opentelemetry.io/contrib/propagators/envcar, ensuring POSIX compliance. (#8678)
  • Move experimental types from go.opentelemetry.io/contrib/otelconf to go.opentelemetry.io/contrib/otelconf/x. (#8529)
  • Normalize cached environment variable names in go.opentelemetry.io/contrib/propagators/envcar, aligning Carrier.Keys output with the carrier's normalized key format. (#8761)

Fixed

  • Fix go.opentelemetry.io/contrib/otelconf Prometheus reader converting OTel dot-style label names (e.g. service.name) to underscore-style (service_name) in target_info when both without_type_suffix and without_units are set. Use NoTranslation instead of UnderscoreEscapingWithoutSuffixes to preserve dot-style label names while still suppressing metric name suffixes. (#8763)
  • Limit the request body size at 1MB in go.opentelemetry.io/contrib/zpages. (#8656)
  • Fix server spans using the client's address and port for server.address and server.port attributes in go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc. (#8723)

Removed

  • Host ID resource detector has been removed when configuring the host resource detector in go.opentelemetry.io/contrib/otelconf. (#8581)

Deprecated

  • Deprecate OTEL_EXPERIMENTAL_CONFIG_FILE in favour of OTEL_CONFIG_FILE in go.opentelemetry.io/contrib/otelconf. (#8639)

What's Changed

... (truncated)

Changelog

Sourced from go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp's changelog.

[1.43.0/2.5.0/0.68.0/0.37.0/0.23.0/0.18.0/0.16.0/0.15.0] - 2026-04-03

Added

  • Add Resource method to SDK in go.opentelemetry.io/contrib/otelconf/v0.3.0 to expose the resolved SDK resource from declarative configuration. (#8660)
  • Add support to set the configuration file via OTEL_CONFIG_FILE in go.opentelemetry.io/contrib/otelconf. (#8639)
  • Add support for service resource detector in go.opentelemetry.io/contrib/otelconf. (#8674)
  • Add support for attribute_count_limit and attribute_value_length_limit in tracer provider configuration in go.opentelemetry.io/contrib/otelconf. (#8687)
  • Add support for attribute_count_limit and attribute_value_length_limit in logger provider configuration in go.opentelemetry.io/contrib/otelconf. (#8686)
  • Add support for server.address and server.port attributes in go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc. (#8723)
  • Add support for OTEL_SEMCONV_STABILITY_OPT_IN in go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc. Supported values are rpc (default), rpc/dup and rpc/old. (#8726)
  • Add the http.route metric attribute to go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp. (#8632)

Changed

  • Prepend _ to the normalized environment variable name when the key starts with a digit in go.opentelemetry.io/contrib/propagators/envcar, ensuring POSIX compliance. (#8678)
  • Move experimental types from go.opentelemetry.io/contrib/otelconf to go.opentelemetry.io/contrib/otelconf/x. (#8529)
  • Normalize cached environment variable names in go.opentelemetry.io/contrib/propagators/envcar, aligning Carrier.Keys output with the carrier's normalized key format. (#8761)

Fixed

  • Fix go.opentelemetry.io/contrib/otelconf Prometheus reader converting OTel dot-style label names (e.g. service.name) to underscore-style (service_name) in target_info when both without_type_suffix and without_units are set. Use NoTranslation instead of UnderscoreEscapingWithoutSuffixes to preserve dot-style label names while still suppressing metric name suffixes. (#8763)
  • Limit the request body size at 1MB in go.opentelemetry.io/contrib/zpages. (#8656)
  • Fix server spans using the client's address and port for server.address and server.port attributes in go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc. (#8723)

Removed

  • Host ID resource detector has been removed when configuring the host resource detector in go.opentelemetry.io/contrib/otelconf. (#8581)

Deprecated

  • Deprecate OTEL_EXPERIMENTAL_CONFIG_FILE in favour of OTEL_CONFIG_FILE in go.opentelemetry.io/contrib/otelconf. (#8639)
Commits
  • 45977a4 Release v1.43.0/v2.5.0/v0.68.0/v0.37.0/v0.23.0/v0.18.0/v0.16.0/v0.15.0 (#8769)
  • 0fcc152 fix(deps): update module github.com/googlecloudplatform/opentelemetry-operati...
  • eaba3cd chore(deps): update googleapis to 6f92a3b (#8776)
  • 6df430c chore(deps): update module github.com/jgautheron/goconst to v1.10.0 (#8771)
  • ae90e32 Fix otelconf prometheus label escaping (

@dependabot
Bump the all-gomod group across 2 directories with 12 updates
b9f9644 
Bumps the all-gomod group with 2 updates in the /pgx directory: [github.com/jackc/pgx/v5](https://github.com/jackc/pgx) and [golang.org/x/text](https://github.com/golang/text).
Bumps the all-gomod group with 10 updates in the /tests directory:

| Package | From | To |
| --- | --- | --- |
| [github.com/jackc/pgx/v5](https://github.com/jackc/pgx) | `5.9.1` | `5.9.2` |
| [golang.org/x/text](https://github.com/golang/text) | `0.35.0` | `0.36.0` |
| [github.com/testcontainers/testcontainers-go](https://github.com/testcontainers/testcontainers-go) | `0.41.0` | `0.42.0` |
| [github.com/testcontainers/testcontainers-go/modules/mysql](https://github.com/testcontainers/testcontainers-go) | `0.41.0` | `0.42.0` |
| [github.com/testcontainers/testcontainers-go/modules/postgres](https://github.com/testcontainers/testcontainers-go) | `0.41.0` | `0.42.0` |
| [modernc.org/sqlite](https://gitlab.com/cznic/sqlite) | `1.48.1` | `1.49.1` |
| [github.com/docker/go-connections](https://github.com/docker/go-connections) | `0.6.0` | `0.7.0` |
| [github.com/mattn/go-isatty](https://github.com/mattn/go-isatty) | `0.0.20` | `0.0.21` |
| [go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp](https://github.com/open-telemetry/opentelemetry-go-contrib) | `0.67.0` | `0.68.0` |
| [golang.org/x/crypto](https://github.com/golang/crypto) | `0.49.0` | `0.50.0` |



Updates `github.com/jackc/pgx/v5` from 5.9.1 to 5.9.2
- [Changelog](https://github.com/jackc/pgx/blob/master/CHANGELOG.md)
- [Commits](jackc/pgx@v5.9.1...v5.9.2)

Updates `golang.org/x/text` from 0.35.0 to 0.36.0
- [Release notes](https://github.com/golang/text/releases)
- [Commits](golang/text@v0.35.0...v0.36.0)

Updates `github.com/jackc/pgx/v5` from 5.9.1 to 5.9.2
- [Changelog](https://github.com/jackc/pgx/blob/master/CHANGELOG.md)
- [Commits](jackc/pgx@v5.9.1...v5.9.2)

Updates `golang.org/x/text` from 0.35.0 to 0.36.0
- [Release notes](https://github.com/golang/text/releases)
- [Commits](golang/text@v0.35.0...v0.36.0)

Updates `github.com/testcontainers/testcontainers-go` from 0.41.0 to 0.42.0
- [Release notes](https://github.com/testcontainers/testcontainers-go/releases)
- [Commits](testcontainers/testcontainers-go@v0.41.0...v0.42.0)

Updates `github.com/testcontainers/testcontainers-go/modules/mysql` from 0.41.0 to 0.42.0
- [Release notes](https://github.com/testcontainers/testcontainers-go/releases)
- [Commits](testcontainers/testcontainers-go@v0.41.0...v0.42.0)

Updates `github.com/testcontainers/testcontainers-go/modules/postgres` from 0.41.0 to 0.42.0
- [Release notes](https://github.com/testcontainers/testcontainers-go/releases)
- [Commits](testcontainers/testcontainers-go@v0.41.0...v0.42.0)

Updates `modernc.org/sqlite` from 1.48.1 to 1.49.1
- [Changelog](https://gitlab.com/cznic/sqlite/blob/master/CHANGELOG.md)
- [Commits](https://gitlab.com/cznic/sqlite/compare/v1.48.1...v1.49.1)

Updates `github.com/docker/go-connections` from 0.6.0 to 0.7.0
- [Commits](docker/go-connections@v0.6.0...v0.7.0)

Updates `github.com/mattn/go-isatty` from 0.0.20 to 0.0.21
- [Commits](mattn/go-isatty@v0.0.20...v0.0.21)

Updates `go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp` from 0.67.0 to 0.68.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go-contrib/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go-contrib/blob/main/CHANGELOG.md)
- [Commits](open-telemetry/opentelemetry-go-contrib@zpages/v0.67.0...zpages/v0.68.0)

Updates `golang.org/x/crypto` from 0.49.0 to 0.50.0
- [Commits](golang/crypto@v0.49.0...v0.50.0)

Updates `golang.org/x/sys` from 0.42.0 to 0.43.0
- [Commits](golang/sys@v0.42.0...v0.43.0)

Updates `modernc.org/libc` from 1.70.0 to 1.72.0
- [Commits](https://gitlab.com/cznic/libc/compare/v1.70.0...v1.72.0)

---
updated-dependencies:
- dependency-name: github.com/jackc/pgx/v5
  dependency-version: 5.9.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all-gomod
- dependency-name: golang.org/x/text
  dependency-version: 0.36.0
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: all-gomod
- dependency-name: github.com/jackc/pgx/v5
  dependency-version: 5.9.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all-gomod
- dependency-name: golang.org/x/text
  dependency-version: 0.36.0
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: all-gomod
- dependency-name: github.com/testcontainers/testcontainers-go
  dependency-version: 0.42.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-gomod
- dependency-name: github.com/testcontainers/testcontainers-go/modules/mysql
  dependency-version: 0.42.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-gomod
- dependency-name: github.com/testcontainers/testcontainers-go/modules/postgres
  dependency-version: 0.42.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-gomod
- dependency-name: modernc.org/sqlite
  dependency-version: 1.49.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-gomod
- dependency-name: github.com/docker/go-connections
  dependency-version: 0.7.0
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: all-gomod
- dependency-name: github.com/mattn/go-isatty
  dependency-version: 0.0.21
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: all-gomod
- dependency-name: go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp
  dependency-version: 0.68.0
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: all-gomod
- dependency-name: golang.org/x/crypto
  dependency-version: 0.50.0
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: all-gomod
- dependency-name: golang.org/x/sys
  dependency-version: 0.43.0
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: all-gomod
- dependency-name: modernc.org/libc
  dependency-version: 1.72.0
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: all-gomod
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Apr 20, 2026
@Thiht Thiht closed this Apr 21, 2026
@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot Bot commented on behalf of github Apr 21, 2026

This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests.

To ignore these dependencies, configure ignore rules in dependabot.yml

@dependabot dependabot Bot deleted the dependabot/go_modules/pgx/all-gomod-bc608b4dad branch April 21, 2026 07:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file go Pull requests that update Go code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@Thiht