Skip to content

chore(deps): bump the golang group with 5 updates#230

Open
dependabot[bot] wants to merge 1 commit into
developfrom
dependabot/go_modules/golang-567a663b8e
Open

chore(deps): bump the golang group with 5 updates#230
dependabot[bot] wants to merge 1 commit into
developfrom
dependabot/go_modules/golang-567a663b8e

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Jun 2, 2026

Bumps the golang group with 5 updates:

Package From To
github.com/shirou/gopsutil/v4 4.26.4 4.26.5
golang.org/x/term 0.42.0 0.43.0
modernc.org/sqlite 1.50.0 1.51.0
tailscale.com 1.96.5 1.98.5
golang.org/x/crypto 0.50.0 0.52.0

Updates github.com/shirou/gopsutil/v4 from 4.26.4 to 4.26.5

Release notes

Sourced from github.com/shirou/gopsutil/v4's releases.

v4.26.5

What's Changed

disk

net

process

New Contributors

Full Changelog: shirou/gopsutil@v4.26.4...v4.26.5

Commits
  • d781152 Merge pull request #2062 from HarshalPatel1972/fix/windows-process-snap-perf
  • bf6e949 fix: address maintainer review — adjust PID 0 order, remove 0-thread guard, a...
  • 71672e2 Merge pull request #2092 from kerlenton/fix/darwin-cmdline-envp-leak
  • f806418 [process]: skip exact 4 bytes of nargs in darwin cmdlineSlice
  • e9f021e [process]: fix envp leak into Cmdline on darwin
  • 6a240d8 Merge pull request #2074 from shirou/dependabot/github_actions/actions/upload...
  • ba20283 Merge pull request #2065 from shirou/dependabot/github_actions/actions/setup-...
  • e7b2fd0 Merge pull request #2088 from shirou/dependabot/github_actions/actions/labele...
  • e26eaf3 Merge pull request #2089 from shirou/feat/add_ProtoCounters_godoc
  • 22bc830 [net]: add more information on ProtoCounters godoc
  • Additional commits viewable in compare view

Updates golang.org/x/term from 0.42.0 to 0.43.0

Commits

Updates modernc.org/sqlite from 1.50.0 to 1.51.0

Changelog

Sourced from modernc.org/sqlite's changelog.

Changelog

  • 2026-05-28 v1.52.0:

    • Add Backup.Remaining and Backup.PageCount, thin wrappers around the existing sqlite3_backup_remaining and sqlite3_backup_pagecount C symbols. Together they expose the per-Step progress counters that the underlying backup object already maintains, enabling progress reporting during online backups without dropping to modernc.org/sqlite/lib directly.
    • See [GitLab merge request #122](https://gitlab.com/cznic/sqlite/-/merge_requests/122), thanks Ian Chechin!
    • Drop the redundant second copy in (*conn).columnText, the path that backs every Rows.Scan into a Go string for a TEXT column. The value's bytes are still copied once out of SQLite-owned memory into a fresh Go buffer; that buffer is then reinterpreted as the result string with unsafe.String rather than copied a second time by the implicit string([]byte) conversion. This removes one allocation per TEXT value per row and roughly halves the bytes allocated on that path; on the new BenchmarkColumnTextScan cases it is ~13–20% faster for payloads of 256 B and larger, with no measurable change for very short strings. Purely internal: no API or behavioral change, and the returned string never aliases SQLite's buffer.
    • See [GitLab merge request #123](https://gitlab.com/cznic/sqlite/-/merge_requests/123), thanks Ian Chechin!
    • Cache each result column's declared type once per result set in newRows instead of recomputing it on every row. The TEXT branch of Rows.Next calls ColumnTypeDatabaseTypeName for every TEXT column on every row (independent of any DSN flag), which previously did a libc.GoString + strings.ToUpper each time; that lookup is now a single index into a cached, pre-uppercased []string, and ColumnTypeScanType reads the same cache and drops its per-call strings.ToLower. The declared type is fixed for the lifetime of a prepared statement, so the C round-trip is paid once per column rather than once per column per row, removing exactly 1 alloc + 8 B per TEXT column per row from the Next hot path. The new BenchmarkTextToTimeScan cases show ~7% faster on a 1000-row DATETIME SELECT under _texttotime=1. Purely internal: ColumnTypeDatabaseTypeName and ColumnTypeScanType return identical values, no API or behavioral change.
    • See [GitLab merge request #124](https://gitlab.com/cznic/sqlite/-/merge_requests/124), thanks Ian Chechin!
    • Cache, per result column, the parseTimeFormats index that first parsed a TEXT-stored DATE/DATETIME/TIMESTAMP value, and try that format first on later rows instead of re-walking the list from the top. (*conn).parseTime previously ran time.Parse down the format list on every such row; for the canonical SQLite TEXT datetime format every row paid two failed time.Parse attempts — each allocating a *time.ParseError — before the match. On a 1000-row DATETIME TEXT SELECT this cuts ~50% of allocs/op and ~57% of B/op and is ~37% faster. The fall-through chain is preserved exactly: the seven formats are mutually exclusive, so the cached hint can never select a different match than the in-order scan, and the parsed driver.Value is identical to before. Purely internal: no API or behavioral change.
    • See [GitLab merge request #125](https://gitlab.com/cznic/sqlite/-/merge_requests/125), thanks Ian Chechin!

  • 2026-05-28 v1.51.0:

    • Pool the []driver.Value slice passed to scalar/aggregate UDF callbacks and to vtab Filter/Insert/Update callbacks, eliminating the dominant per-row allocation on UDF-heavy queries. Benchmarks on a 1000-row, 3-arg noop scalar UDF show ~40% fewer bytes/op and ~15% fewer allocs/op.
    • Document the matching "arguments are not valid past return" contract on vtab.Cursor.Filter and vtab.Updater.Insert/Update, consistent with the existing rule for FunctionImpl.Scalar / AggregateFunction.Step / WindowInverse.
    • Resolves [GitLab issue #226](https://gitlab.com/cznic/sqlite/-/issues/226). See [GitLab merge request #114](https://gitlab.com/cznic/sqlite/-/merge_requests/114), thanks Ian Chechin!
    • Add FileControl.FileControlDataVersion, a wrapper around SQLITE_FCNTL_DATA_VERSION for observing pager-cache data-version changes, including those made on the same connection. Useful as a primitive for application-level cache invalidation.
    • Exposed via the idiomatic database/sql escape hatch (*sql.Conn).Raw(), consistent with the existing FileControlPersistWAL.
    • See [GitLab merge request #115](https://gitlab.com/cznic/sqlite/-/merge_requests/115), thanks Ian Chechin!
    • Fix a regression where in-memory connections (:memory:, file::memory:, shared-cache memory URIs) were discarded by database/sql after a context-cancelled query, taking the entire in-memory store with them. The fix for #198 had added an sqlite3_is_interrupted check to the connection validator that mistakenly applied to in-memory connections too, re-introducing the bug originally fixed by !74. File-backed connections keep the existing behaviour and are still discarded after an interrupt.
    • Resolves [GitLab issue #196](https://gitlab.com/cznic/sqlite/-/issues/196). See [GitLab merge request #116](https://gitlab.com/cznic/sqlite/-/merge_requests/116), thanks Ian Chechin!
    • Add an opt-in FunctionImpl.VolatileArgs flag that hands TEXT and BLOB arguments to scalar and aggregate UDF callbacks as zero-copy views (unsafe.String/unsafe.Slice) over SQLite's own value buffers, eliminating the per-argument libc.GoString/make([]byte) copy that the #226 slice-pooling left as the remaining per-row allocation. On the same 1000-row, 3-arg (INTEGER/TEXT/BLOB) noop scalar UDF this removes a further ~35% of allocs/op and ~11% of bytes/op on top of #226.
    • The views are valid only for the duration of the callback and must not be retained past return or across rows; a callback that needs to keep a value must copy it. With VolatileArgs unset (the default) arguments keep the existing copied, caller-owned semantics, so the flag is fully backward compatible; it has no effect on integer, float, time, or NULL arguments.
    • See [GitLab merge request #120](https://gitlab.com/cznic/sqlite/-/merge_requests/120), thanks Ian Chechin!
    • Extend the opt-in VolatileArgs zero-copy TEXT/BLOB argument access from #120 to the virtual-table Cursor.Filter (xFilter) and Updater.Insert/Update (xUpdate) callbacks. A vtab.Module opts in by implementing the new optional vtab.VolatileArgsOpter interface (VolatileArgs() bool); the flag is read once at module registration and shared by every table created from it. On a vtab call carrying one TEXT and one BLOB argument this removes 2 allocs/op (one libc.GoString, one make([]byte)) on each of the Filter and Update paths.
    • The same safety contract as #120 applies: the views are valid only for the duration of the callback and must not be retained past return or across rows; a callback that needs to keep a value must copy it. Modules that do not implement VolatileArgsOpter (the default for all existing modules) are byte-for-byte unchanged, and the flag has no effect on integer, float, time, or NULL arguments.
    • See [GitLab merge request #121](https://gitlab.com/cznic/sqlite/-/merge_requests/121), thanks Ian Chechin!

  • 2026-05-10 v1.50.1:

  • 2026-04-24 v1.50.0:

    • Upgrade to sqlite-vec v0.1.9.
    • Introduce ColumnInfo, enabling dynamic query builders and ORMs to retrieve underlying SQLite C-API metadata (OriginName, TableName, DatabaseName, and DeclType).
    • This feature is exposed via the idiomatic database/sql escape hatch (*sql.Conn).Raw(), avoiding custom statement handles and keeping the standard library workflow intact.
    • See [GitLab merge request #113](https://gitlab.com/cznic/sqlite/-/merge_requests/113), thanks Josh Bleecher Snyder!

  • 2026-04-17 v1.49.0: Upgrade to SQLite 3.53.0.

  • 2026-04-06 v1.48.2:

    • Fix ABI mapping mismatch in the pre-update hook trampoline that caused silent truncation of large 64-bit RowIDs.
    • Ensure the Go trampoline signature correctly aligns with the public sqlite3_preupdate_hook C API, preventing data corruption for high-entropy keys (e.g., Snowflake IDs).
    • See [GitLab merge request #98](https://gitlab.com/cznic/sqlite/-/merge_requests/98), thanks Josh Bleecher Snyder!
    • Fix the memory allocator used in (*conn).Deserialize.
    • Replace tls.Alloc with sqlite3_malloc64 to prevent internal allocator corruption. This ensures the buffer is safely owned by SQLite, which may resize or free it due to the SQLITE_DESERIALIZE_RESIZEABLE and SQLITE_DESERIALIZE_FREEONCLOSE flags.
    • Prevent a memory leak by properly freeing the allocated buffer if fetching the main database name fails before handing ownership to SQLite.
    • See [GitLab merge request #100](https://gitlab.com/cznic/sqlite/-/merge_requests/100), thanks Josh Bleecher Snyder!
    • Fix (*conn).Deserialize to explicitly reject nil or empty byte slices.
    • Prevent silent database disconnection and connection pool corruption caused by SQLite's default behavior when sqlite3_deserialize receives a 0-length buffer.

... (truncated)

Commits
  • a5f439b CHANGELOG.md: fix release tag
  • 41e77be CHANGELOG.md: document #121
  • 827df98 gofmt -l -s -w vtab/*.go
  • 0d384cb Merge branch 'feat/vtab-volatile-args-opt-in' into 'master'
  • 06e06d5 extend VolatileArgs opt-in to vtab Filter and Updater Insert/Update
  • 2486abd HACKING.md, CLAUDE.md: this repo is not auto-tagged, tagging is manual
  • d808a8f CHANGELOG.md: document #120
  • fac1cab Merge branch 'feat/volatile-args-opt-in' into 'master'
  • 569614c address review: empty-BLOB shape parity + re-entrancy note
  • 905960c add FunctionImpl.VolatileArgs opt-in for zero-copy TEXT/BLOB args
  • Additional commits viewable in compare view

Updates tailscale.com from 1.96.5 to 1.98.5

Release notes

Sourced from tailscale.com's releases.

v1.98.5

Please refer to the changelog available at https://tailscale.com/changelog

v1.98.3

Please refer to the changelog available at https://tailscale.com/changelog

v1.98.2

Please refer to the changelog available at https://tailscale.com/changelog

Commits
  • 295179b VERSION.txt: this is 1.98.5
  • 01c6b96 VERSION.txt: this is v1.98.4
  • a85a4ac control/controlclient: fix deadlock in map session change queue processing (#...
  • 5f390d4 cmd/containerboot: clamp MSS to PMTU for proxy group pods (#19686) (#19900)
  • 49d7ad3 cmd/k8s-operator: fix token exchange for identity federation (#19845) (#19897)
  • 8f2c8d6 VERSION.txt: this is 1.98.3
  • 666f0d2 wgengine/router/osrouter: skip netfilter add-ons when chain setup fails (#19761)
  • 34c5306 VERSION.txt: this is 1.98.2 (#19751)
  • b192880 cmd/cloner: preserve nil-valued entries when cloning map (#19749)
  • f13500e go.toolchain.rev: bump to Go 1.26.3
  • Additional commits viewable in compare view

Updates golang.org/x/crypto from 0.50.0 to 0.52.0

Commits
  • a1c0d99 go.mod: update golang.org/x dependencies
  • 3c7c869 ssh: fix deadlock on unexpected channel responses
  • 533fb3f ssh: fix source-address critical option bypass
  • abbc44d ssh: fix incorrect operator order
  • e052873 ssh: fix infinite loop on large channel writes due to integer overflow
  • b61cf85 ssh: enforce user presence verification for security keys
  • 9c2cd33 ssh: enforce strict limits on DSA key parameters
  • 8907318 ssh: reject RSA keys with excessively large moduli
  • ffd87b4 ssh: fix panic when authority callbacks are nil
  • 4e7a738 ssh: fix deadlock on unexpected global responses
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
chore(deps): bump the golang group with 5 updates
9a276bd 
Bumps the golang group with 5 updates:

| Package | From | To |
| --- | --- | --- |
| [github.com/shirou/gopsutil/v4](https://github.com/shirou/gopsutil) | `4.26.4` | `4.26.5` |
| [golang.org/x/term](https://github.com/golang/term) | `0.42.0` | `0.43.0` |
| [modernc.org/sqlite](https://gitlab.com/cznic/sqlite) | `1.50.0` | `1.51.0` |
| [tailscale.com](https://github.com/tailscale/tailscale) | `1.96.5` | `1.98.5` |
| [golang.org/x/crypto](https://github.com/golang/crypto) | `0.50.0` | `0.52.0` |


Updates `github.com/shirou/gopsutil/v4` from 4.26.4 to 4.26.5
- [Release notes](https://github.com/shirou/gopsutil/releases)
- [Commits](shirou/gopsutil@v4.26.4...v4.26.5)

Updates `golang.org/x/term` from 0.42.0 to 0.43.0
- [Commits](golang/term@v0.42.0...v0.43.0)

Updates `modernc.org/sqlite` from 1.50.0 to 1.51.0
- [Changelog](https://gitlab.com/cznic/sqlite/blob/master/CHANGELOG.md)
- [Commits](https://gitlab.com/cznic/sqlite/compare/v1.50.0...v1.51.0)

Updates `tailscale.com` from 1.96.5 to 1.98.5
- [Release notes](https://github.com/tailscale/tailscale/releases)
- [Commits](tailscale/tailscale@v1.96.5...v1.98.5)

Updates `golang.org/x/crypto` from 0.50.0 to 0.52.0
- [Commits](golang/crypto@v0.50.0...v0.52.0)

---
updated-dependencies:
- dependency-name: github.com/shirou/gopsutil/v4
  dependency-version: 4.26.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: golang
- dependency-name: golang.org/x/term
  dependency-version: 0.43.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: golang
- dependency-name: modernc.org/sqlite
  dependency-version: 1.51.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: golang
- dependency-name: tailscale.com
  dependency-version: 1.98.5
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: golang
- dependency-name: golang.org/x/crypto
  dependency-version: 0.52.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: golang
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Jun 2, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file go Pull requests that update Go code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants