chore: Bump github.com/IBM/sarama from 1.50.2 to 1.50.3

[dependabot]

Bumps github.com/IBM/sarama from 1.50.2 to 1.50.3.

Release notes

Sourced from github.com/IBM/sarama's releases.

Version 1.50.3 (2026-06-15)

What's Changed

🎉 New Features / Improvements

• feat: support Fetch v12 by @​dnwe in IBM/sarama#3609
• feat: support CreateTopics v6 by @​dnwe in IBM/sarama#3622
• feat: support DeleteTopics v5 by @​dnwe in IBM/sarama#3624
• feat: support AddPartitionsToTxn v3 by @​hindessm in IBM/sarama#3625
• feat: support Produce v9 by @​dnwe in IBM/sarama#3629
• feat: support CreatePartitions v3 by @​dnwe in IBM/sarama#3631
• feat: expose broker features from ApiVersions v3 by @​dnwe in IBM/sarama#3633
• feat: support UpdateFeatures by @​dnwe in IBM/sarama#3632
• feat: add OnAssignmentBalanceStrategy, the onAssignment half of the assignor contract by @​lizthegrey in IBM/sarama#3627
• feat: support ApiVersions V4 and discover upgradable features in test by @​dnwe in IBM/sarama#3634

🐛 Fixes

• fix: avoid makeslice "len out of range" panics on invalid response by @​hindessm in IBM/sarama#3612
• fix: avoid makeslice panic in request decode too by @​dnwe in IBM/sarama#3613
• fix(test): wait for leaders after topic create by @​dnwe in IBM/sarama#3623
• fix(consumer): don't panic on requeue after unref by @​dnwe in IBM/sarama#3630

📦 Dependency updates

• chore(deps): update golang-x to v0.53.0 by @​renovate[bot] in IBM/sarama#3618
• fix(deps): update module golang.org/x/sys to v0.46.0 - autoclosed by @​renovate[bot] in IBM/sarama#3617
• fix(deps): update module golang.org/x/sync to v0.21.0 by @​renovate[bot] in IBM/sarama#3616
• fix(deps): update module golang.org/x/net to v0.56.0 by @​renovate[bot] in IBM/sarama#3626

🔧 Maintenance

• chore: update default Kafka version to 2.6 by @​dnwe in IBM/sarama#3608
• chore: more protocol version placeholders by @​hindessm in IBM/sarama#3610
• chore: extend fuzz testing to more types by @​dnwe in IBM/sarama#3614
• chore: clean up Int32 array encode/decode by @​hindessm in IBM/sarama#3619
• chore: apply Go's modernize fixes by @​dnwe in IBM/sarama#3621

Full Changelog: IBM/sarama@v1.50.2...v1.50.3

Changelog

Sourced from github.com/IBM/sarama's changelog.

Changelog

Commits

• ff2eaba feat: support ApiVersions V4
• 0483979 test: discover upgradable features via ApiVersions
• d39f8ea feat: add OnAssignmentBalanceStrategy, the onAssignment half of the assignor ...
• 498dceb feat(admin): add ClusterAdmin UpdateFeatures
• 5f48502 feat: support UpdateFeatures v0
• 36c1c46 feat: expose broker features from ApiVersions v3 (#3633)
• b7d6106 feat: support CreatePartitions v3 (#3631)
• fdbaec7 feat: support Produce v9 (#3629)
• 277248f fix(consumer): don't panic on requeue after unref (#3630)
• ce73e81 fix(deps): update module golang.org/x/net to v0.56.0
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[netlify]

✅ Deploy Preview for go-feature-flag-doc-preview canceled.

Name	Link
🔨 Latest commit	48cdb16
🔍 Latest deploy log	https://app.netlify.com/projects/go-feature-flag-doc-preview/deploys/6a39dd625ad87e0008b4a791

[greptile-apps]

Greptile Summary

This PR bumps github.com/IBM/sarama from v1.50.2 to v1.50.3 via Dependabot. The change touches only go.mod and go.sum.

• Picks up several upstream bug fixes including panic prevention on invalid broker responses and a consumer panic fix on requeue-after-unref.
• Adds support for newer Kafka protocol versions (Fetch v12, Produce v9, CreateTopics v6, etc.) and updates transitive golang.org/x/* dependencies.

Confidence Score: 5/5

Safe to merge — only go.mod and go.sum are modified, picking up a patch-level sarama release with bug fixes and no breaking API changes.

The change is a patch-version bump (1.50.2 → 1.50.3) of a single Kafka client library. The upstream release focuses on bug fixes (panic prevention, consumer stability) and new Kafka protocol version support, with no API surface changes that would affect the go-feature-flag codebase.

No files require special attention.

Important Files Changed

Filename	Overview
go.mod	Single-line version bump of github.com/IBM/sarama from v1.50.2 to v1.50.3; no other changes.
go.sum	Hash entries for IBM/sarama updated to reflect the new v1.50.3 module checksums; no other changes.

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    A[go-feature-flag] -->|uses| B[github.com/IBM/sarama]
    B -- v1.50.2 --> C[Old: Fetch v11, Produce v8\nNo makeslice panic fix]
    B -- v1.50.3 --> D[New: Fetch v12, Produce v9\nPanic fixes, newer Kafka protocol support]
    D -->|transitive deps updated| E[golang.org/x/net v0.56.0\ngolang.org/x/sync v0.21.0\ngolang.org/x/sys v0.46.0]

Loading

%%{init: {'theme': 'base', 'themeVariables': {"darkMode": true, "background": "#0d1117", "primaryColor": "#21262d", "primaryTextColor": "#e6edf3", "primaryBorderColor": "#8b949e", "lineColor": "#8b949e", "textColor": "#e6edf3", "edgeLabelBackground": "#161b22", "actorBkg": "#21262d", "actorBorder": "#8b949e", "actorTextColor": "#e6edf3", "actorLineColor": "#8b949e", "signalColor": "#8b949e", "signalTextColor": "#e6edf3", "noteBkgColor": "#373320", "noteBorderColor": "#d4a72c", "noteTextColor": "#f0e6c0", "labelBoxBkgColor": "#21262d", "labelBoxBorderColor": "#8b949e", "labelTextColor": "#e6edf3", "loopTextColor": "#e6edf3", "activationBkgColor": "#30363d", "activationBorderColor": "#8b949e"}}}%%
flowchart TD
    A[go-feature-flag] -->|uses| B[github.com/IBM/sarama]
    B -- v1.50.2 --> C[Old: Fetch v11, Produce v8\nNo makeslice panic fix]
    B -- v1.50.3 --> D[New: Fetch v12, Produce v9\nPanic fixes, newer Kafka protocol support]
    D -->|transitive deps updated| E[golang.org/x/net v0.56.0\ngolang.org/x/sync v0.21.0\ngolang.org/x/sys v0.46.0]

Loading

_{Reviews (2): Last reviewed commit: "Merge branch 'main' into dependabot/go_m..." | Re-trigger Greptile}

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 86.71%. Comparing base (0b7fcb6) to head (48cdb16).

Additional details and impacted files

@@           Coverage Diff           @@
##             main    #5485   +/-   ##
=======================================
  Coverage   86.71%   86.71%           
=======================================
  Files         160      160           
  Lines        7037     7037           
=======================================
  Hits         6102     6102           
  Misses        694      694           
  Partials      241      241           

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud