Skip to content

chore(deps): bump the go_modules group across 4 directories with 8 updates#1817

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/go_modules/dashboard/backend/go_modules-0d18357c36
Open

chore(deps): bump the go_modules group across 4 directories with 8 updates#1817
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/go_modules/dashboard/backend/go_modules-0d18357c36

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Apr 24, 2026

Bumps the go_modules group with 2 updates in the /dashboard/backend directory: golang.org/x/crypto and github.com/buger/jsonparser.
Bumps the go_modules group with 3 updates in the /e2e directory: github.com/moby/spdystream, golang.org/x/net and golang.org/x/oauth2.
Bumps the go_modules group with 2 updates in the /perf directory: github.com/buger/jsonparser and google.golang.org/grpc.
Bumps the go_modules group with 2 updates in the /src/semantic-router directory: github.com/buger/jsonparser and google.golang.org/grpc.

Updates golang.org/x/crypto from 0.30.0 to 0.45.0

Commits
  • 4e0068c go.mod: update golang.org/x dependencies
  • e79546e ssh: curb GSSAPI DoS risk by limiting number of specified OIDs
  • f91f7a7 ssh/agent: prevent panic on malformed constraint
  • 2df4153 acme/autocert: let automatic renewal work with short lifetime certs
  • bcf6a84 acme: pass context to request
  • b4f2b62 ssh: fix error message on unsupported cipher
  • 79ec3a5 ssh: allow to bind to a hostname in remote forwarding
  • 122a78f go.mod: update golang.org/x dependencies
  • c0531f9 all: eliminate vet diagnostics
  • 0997000 all: fix some comments
  • Additional commits viewable in compare view

Updates github.com/buger/jsonparser from 1.1.1 to 1.1.2

Release notes

Sourced from github.com/buger/jsonparser's releases.

v1.1.2

What's Changed

New Contributors

Full Changelog: buger/jsonparser@v1.1.1...v1.1.2

Commits
  • a69e7e0 Merge pull request #276 from dbarrosop/master
  • d3eacc0 fix: prevent panic on negative slice index in Delete with malformed JSON (GO-...
  • 61b32cf Merge pull request #241 from unxcepted/master
  • 2181e83 Merge pull request #244 from ScaleChamp/patch-2
  • 1510b51 Added latest versions of go to tests
  • 6fc2e48 fix: eachkey allocation
  • a6f867e Merge pull request #239 from AdamKorcz/cifuzz1
  • cbc01fd Fuzzing: Add CIFuzz
  • dc92d69 Merge pull request #228 from jonomacd/null-handling
  • 2d9d634 Merge pull request #231 from carsonip/fix-parseint-overflow-check
  • Additional commits viewable in compare view

Updates github.com/moby/spdystream from 0.4.0 to 0.5.1

Release notes

Sourced from github.com/moby/spdystream's releases.

v0.5.1

What's Changed

Security

Fix memory amplification in SPDY frame parsing leads to denial of service (CVE-2026-35469 / GHSA-pc3f-x583-g7j2)

Changes

Full Changelog: moby/spdystream@v0.5.0...v0.5.1

[v0.5.0] Avoid leaking timeout timer channels and update github actions

What's Changed

Full Changelog: moby/spdystream@v0.4.0...v0.5.0

Commits
  • c59e5d7 Merge pull request #109 from thaJeztah/use_ioutil
  • 2fd0155 use ioutil.Discard for go1.13 compatibility
  • ef6121f Merge commit from fork
  • 241cec9 compare with signed Int for 32-bit Arm
  • 21c3864 Add options to customize limits
  • acf9b45 spdy: update godoc for MaxDataLength
  • eb63605 spdy: limit header-size and header-count
  • 2f21da4 spdy: fix header block byte accounting
  • 5976b66 spdy: enforce 24-bit frame length limits
  • cf0ec5d Guard against oversized SPDY frames
  • Additional commits viewable in compare view

Updates golang.org/x/net from 0.26.0 to 0.38.0

Commits
  • e1fcd82 html: properly handle trailing solidus in unquoted attribute value in foreign...
  • ebed060 internal/http3: fix build of tests with GOEXPERIMENT=nosynctest
  • 1f1fa29 publicsuffix: regenerate table
  • 1215081 http2: improve error when server sends HTTP/1
  • 312450e html: ensure <search> tag closes <p> and update tests
  • 09731f9 http2: improve handling of lost PING in Server
  • 55989e2 http2/h2c: use ResponseController for hijacking connections
  • 2914f46 websocket: re-recommend gorilla/websocket
  • 99b3ae0 go.mod: update golang.org/x dependencies
  • 85d1d54 go.mod: update golang.org/x dependencies
  • Additional commits viewable in compare view

Updates golang.org/x/oauth2 from 0.21.0 to 0.27.0

Commits
  • 681b4d8 jws: split token into fixed number of parts
  • 3f78298 all: upgrade go directive to at least 1.23.0 [generated]
  • 109dabf endpoints: add links/provider for Discord
  • ac571fa oauth2: fix docs for Config.DeviceAuth
  • 314ee5b endpoints: add patreon endpoint
  • b9c813b google: add warning about externally-provided credentials
  • 49a531d all: make method and struct comments match the names
  • 22134a4 README: don't recommend go get
  • 3e64809 x/oauth2: add Token.ExpiresIn
  • 16a9973 jwt: rename example to avoid vet error
  • Additional commits viewable in compare view

Updates github.com/buger/jsonparser from 1.1.1 to 1.1.2

Release notes

Sourced from github.com/buger/jsonparser's releases.

v1.1.2

What's Changed

New Contributors

Full Changelog: buger/jsonparser@v1.1.1...v1.1.2

Commits
  • a69e7e0 Merge pull request #276 from dbarrosop/master
  • d3eacc0 fix: prevent panic on negative slice index in Delete with malformed JSON (GO-...
  • 61b32cf Merge pull request #241 from unxcepted/master
  • 2181e83 Merge pull request #244 from ScaleChamp/patch-2
  • 1510b51 Added latest versions of go to tests
  • 6fc2e48 fix: eachkey allocation
  • a6f867e Merge pull request #239 from AdamKorcz/cifuzz1
  • cbc01fd Fuzzing: Add CIFuzz
  • dc92d69 Merge pull request #228 from jonomacd/null-handling
  • 2d9d634 Merge pull request #231 from carsonip/fix-parseint-overflow-check
  • Additional commits viewable in compare view

Updates google.golang.org/grpc from 1.75.0 to 1.79.3

Release notes

Sourced from google.golang.org/grpc's releases.

Release 1.79.3

Security

  • server: fix an authorization bypass where malformed :path headers (missing the leading slash) could bypass path-based restricted "deny" rules in interceptors like grpc/authz. Any request with a non-canonical path is now immediately rejected with an Unimplemented error. (#8981)

Release 1.79.2

Bug Fixes

  • stats: Prevent redundant error logging in health/ORCA producers by skipping stats/tracing processing when no stats handler is configured. (grpc/grpc-go#8874)

Release 1.79.1

Bug Fixes

Release 1.79.0

API Changes

  • mem: Add experimental API SetDefaultBufferPool to change the default buffer pool. (#8806)
  • experimental/stats: Update MetricsRecorder to require embedding the new UnimplementedMetricsRecorder (a no-op struct) in all implementations for forward compatibility. (#8780)

Behavior Changes

  • balancer/weightedtarget: Remove handling of Addresses and only handle Endpoints in resolver updates. (#8841)

New Features

  • experimental/stats: Add support for asynchronous gauge metrics through the new AsyncMetricReporter and RegisterAsyncReporter APIs. (#8780)
  • pickfirst: Add support for weighted random shuffling of endpoints, as described in gRFC A113.
    • This is enabled by default, and can be turned off using the environment variable GRPC_EXPERIMENTAL_PF_WEIGHTED_SHUFFLING. (#8864)
  • xds: Implement :authority rewriting, as specified in gRFC A81. (#8779)
  • balancer/randomsubsetting: Implement the random_subsetting LB policy, as specified in gRFC A68. (#8650)

Bug Fixes

  • credentials/tls: Fix a bug where the port was not stripped from the authority override before validation. (#8726)
  • xds/priority: Fix a bug causing delayed failover to lower-priority clusters when a higher-priority cluster is stuck in CONNECTING state. (#8813)
  • health: Fix a bug where health checks failed for clients using legacy compression options (WithDecompressor or RPCDecompressor). (#8765)
  • transport: Fix an issue where the HTTP/2 server could skip header size checks when terminating a stream early. (#8769)
  • server: Propagate status detail headers, if available, when terminating a stream during request header processing. (#8754)

Performance Improvements

  • credentials/alts: Optimize read buffer alignment to reduce copies. (#8791)
  • mem: Optimize pooling and creation of buffer objects. (#8784)
  • transport: Reduce slice re-allocations by reserving slice capacity. (#8797)

... (truncated)

Commits

Updates github.com/buger/jsonparser from 1.1.1 to 1.1.2

Release notes

Sourced from github.com/buger/jsonparser's releases.

v1.1.2

What's Changed

New Contributors

Full Changelog: buger/jsonparser@v1.1.1...v1.1.2

Commits
  • a69e7e0 Merge pull request #276 from dbarrosop/master
  • d3eacc0 fix: prevent panic on negative slice index in Delete with malformed JSON (GO-...
  • 61b32cf Merge pull request #241 from unxcepted/master
  • 2181e83 Merge pull request #244 from ScaleChamp/patch-2
  • 1510b51 Added latest versions of go to tests
  • 6fc2e48 fix: eachkey allocation
  • a6f867e Merge pull request #239 from AdamKorcz/cifuzz1
  • cbc01fd Fuzzing: Add CIFuzz
  • dc92d69 Merge pull request #228 from jonomacd/null-handling
  • 2d9d634 Merge pull request #231 from carsonip/fix-parseint-overflow-check
  • Additional commits viewable in compare view

Updates google.golang.org/grpc from 1.75.0 to 1.79.3

Release notes

Sourced from google.golang.org/grpc's releases.

Release 1.79.3

Security

  • server: fix an authorization bypass where malformed :path headers (missing the leading slash) could bypass path-based restricted "deny" rules in interceptors like grpc/authz. Any request with a non-canonical path is now immediately rejected with an Unimplemented error. (#8981)

Release 1.79.2

Bug Fixes

  • stats: Prevent redundant error logging in health/ORCA producers by skipping stats/tracing processing when no stats handler is configured. (grpc/grpc-go#8874)

Release 1.79.1

Bug Fixes

Release 1.79.0

API Changes

  • mem: Add experimental API SetDefaultBufferPool to change the default buffer pool. (#8806)
  • experimental/stats: Update MetricsRecorder to require embedding the new UnimplementedMetricsRecorder (a no-op struct) in all implementations for forward compatibility. (#8780)

Behavior Changes

  • balancer/weightedtarget: Remove handling of Addresses and only handle Endpoints in resolver updates. (#8841)

New Features

  • experimental/stats: Add support for asynchronous gauge metrics through the new AsyncMetricReporter and RegisterAsyncReporter APIs. (#8780)
  • pickfirst: Add support for weighted random shuffling of endpoints, as described in gRFC A113.
    • This is enabled by default, and can be turned off using the environment variable GRPC_EXPERIMENTAL_PF_WEIGHTED_SHUFFLING. (#8864)
  • xds: Implement :authority rewriting, as specified in gRFC A81. (#8779)
  • balancer/randomsubsetting: Implement the random_subsetting LB policy, as specified in gRFC A68. (#8650)

Bug Fixes

  • credentials/tls: Fix a bug where the port was not stripped from the authority override before validation. (#8726)
  • xds/priority: Fix a bug causing delayed failover to lower-priority clusters when a higher-priority cluster is stuck in CONNECTING state. (#8813)
  • health: Fix a bug where health checks failed for clients using legacy compression options (WithDecompressor or RPCDecompressor). (#8765)
  • transport: Fix an issue where the HTTP/2 server could skip header size checks when terminating a stream early. (#8769)
  • server: Propagate status detail headers, if available, when terminating a stream during request header processing. (#8754)

Performance Improvements

  • credentials/alts: Optimize read buffer alignment to reduce copies. (#8791)
  • mem: Optimize pooling and creation of buffer objects. (#8784)
  • transport: Reduce slice re-allocations by reserving slice capacity. (#8797)

... (truncated)

Commits

Updates go.opentelemetry.io/otel from 1.38.0 to 1.39.0

Changelog

Sourced from go.opentelemetry.io/otel's changelog.

[1.39.0/0.61.0/0.15.0/0.0.14] 2025-12-05

Added

  • Greatly reduce the cost of recording metrics in go.opentelemetry.io/otel/sdk/metric using hashing for map keys. (#7175)
  • Add WithInstrumentationAttributeSet option to go.opentelemetry.io/otel/log, go.opentelemetry.io/otel/metric, and go.opentelemetry.io/otel/trace packages. This provides a concurrent-safe and performant alternative to WithInstrumentationAttributes by accepting a pre-constructed attribute.Set. (#7287)
  • Add experimental observability for the Prometheus exporter in go.opentelemetry.io/otel/exporters/prometheus. Check the go.opentelemetry.io/otel/exporters/prometheus/internal/x package documentation for more information. (#7345)
  • Add experimental observability metrics in go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc. (#7353)
  • Add temporality selector functions DeltaTemporalitySelector, CumulativeTemporalitySelector, LowMemoryTemporalitySelector to go.opentelemetry.io/otel/sdk/metric. (#7434)
  • Add experimental observability metrics for simple log processor in go.opentelemetry.io/otel/sdk/log. (#7548)
  • Add experimental observability metrics in go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc. (#7459)
  • Add experimental observability metrics in go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp. (#7486)
  • Add experimental observability metrics for simple span processor in go.opentelemetry.io/otel/sdk/trace. (#7374)
  • Add experimental observability metrics in go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp. (#7512)
  • Add experimental observability metrics for manual reader in go.opentelemetry.io/otel/sdk/metric. (#7524)
  • Add experimental observability metrics for periodic reader in go.opentelemetry.io/otel/sdk/metric. (#7571)
  • Support OTEL_EXPORTER_OTLP_LOGS_INSECURE and OTEL_EXPORTER_OTLP_INSECURE environmental variables in go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp. (#7608)
  • Add Enabled method to the Processor interface in go.opentelemetry.io/otel/sdk/log. All Processor implementations now include an Enabled method. (#7639)
  • The go.opentelemetry.io/otel/semconv/v1.38.0 package. The package contains semantic conventions from the v1.38.0 version of the OpenTelemetry Semantic Conventions. See the migration documentation for information on how to upgrade from go.opentelemetry.io/otel/semconv/v1.37.0.(#7648)

Changed

  • Distinct in go.opentelemetry.io/otel/attribute is no longer guaranteed to uniquely identify an attribute set. Collisions between Distinct values for different Sets are possible with extremely high cardinality (billions of series per instrument), but are highly unlikely. (#7175)
  • WithInstrumentationAttributes in go.opentelemetry.io/otel/trace synchronously de-duplicates the passed attributes instead of delegating it to the returned TracerOption. (#7266)
  • WithInstrumentationAttributes in go.opentelemetry.io/otel/meter synchronously de-duplicates the passed attributes instead of delegating it to the returned MeterOption. (#7266)
  • WithInstrumentationAttributes in go.opentelemetry.io/otel/log synchronously de-duplicates the passed attributes instead of delegating it to the returned LoggerOption. (#7266)
  • Rename the OTEL_GO_X_SELF_OBSERVABILITY environment variable to OTEL_GO_X_OBSERVABILITY in go.opentelemetry.io/otel/sdk/trace, go.opentelemetry.io/otel/sdk/log, and go.opentelemetry.io/otel/exporters/stdout/stdouttrace. (#7302)
  • Improve performance of histogram Record in go.opentelemetry.io/otel/sdk/metric when min and max are disabled using NoMinMax. (#7306)
  • Improve error handling for dropped data during translation by using prometheus.NewInvalidMetric in go.opentelemetry.io/otel/exporters/prometheus. ⚠️ Breaking Change: Previously, these cases were only logged and scrapes succeeded. Now, when translation would drop data (e.g., invalid label/value), the exporter emits a NewInvalidMetric, and Prometheus scrapes fail with HTTP 500 by default. To preserve the prior behavior (scrapes succeed while errors are logged), configure your Prometheus HTTP handler with: promhttp.HandlerOpts{ ErrorHandling: promhttp.ContinueOnError }. (#7363)
  • Replace fnv hash with xxhash in go.opentelemetry.io/otel/attribute for better performance. (#7371)
  • The default TranslationStrategy in go.opentelemetry.io/exporters/prometheus is changed from otlptranslator.NoUTF8EscapingWithSuffixes to otlptranslator.UnderscoreEscapingWithSuffixes. (#7421)
  • Improve performance of concurrent measurements in go.opentelemetry.io/otel/sdk/metric. (#7427)
  • Include W3C TraceFlags (bits 0–7) in the OTLP Span.Flags field in go.opentelemetry.io/exporters/otlp/otlptrace/otlptracehttp and go.opentelemetry.io/exporters/otlp/otlptrace/otlptracegrpc. (#7438)
  • The ErrorType function in go.opentelemetry.io/otel/semconv/v1.37.0 now handles custom error types. If an error implements an ErrorType() string method, the return value of that method will be used as the error type. (#7442)

Fixed

  • Fix WithInstrumentationAttributes options in go.opentelemetry.io/otel/trace, go.opentelemetry.io/otel/metric, and go.opentelemetry.io/otel/log to properly merge attributes when passed multiple times instead of replacing them. Attributes with duplicate keys will use the last value passed. (#7300)
  • The equality of attribute.Set when using the Equal method is not affected by the user overriding the empty set pointed to by attribute.EmptySet in go.opentelemetry.io/otel/attribute. (#7357)

... (truncated)

Commits
  • 6ce1429 Release v1.39.0 (#7676)
  • 12e421a sdk/log: move Enabled method from FilterProcessor to Processor (#7639)
  • 5982f16 fix(deps): update module golang.org/x/sys to v0.39.0 (#7684)
  • 9288378 chore(deps): update module golang.org/x/sync to v0.19.0 (#7683)
  • ee3dfef chore(deps): update github.com/securego/gosec/v2 digest to 41f28e2 (#7682)
  • 9345d1f fix(deps): update module github.com/golangci/golangci-lint/v2 to v2.7.2 (#7680)
  • d03b033 Check context prior to delaying retry in OTLP exporters (#7678)
  • 61765e7 Fix flaky TestClientInstrumentation (#7677)
  • a54721c chore(deps): update module github.com/go-git/go-billy/v5 to v5.7.0 (#7679)
  • 746d086 chore(deps): update github/codeql-action action to v4.31.7 (#7675)
  • Additional commits viewable in compare view

Updates go.opentelemetry.io/otel/sdk from 1.38.0 to 1.39.0

Changelog

Sourced from go.opentelemetry.io/otel/sdk's changelog.

[1.39.0/0.61.0/0.15.0/0.0.14] 2025-12-05

Added

  • Greatly reduce the cost of recording metrics in go.opentelemetry.io/otel/sdk/metric using hashing for map keys. (#7175)
  • Add WithInstrumentationAttributeSet option to go.opentelemetry.io/otel/log, go.opentelemetry.io/otel/metric, and go.opentelemetry.io/otel/trace packages. This provides a concurrent-safe and performant alternative to WithInstrumentationAttributes by accepting a pre-constructed attribute.Set. (#7287)
  • Add experimental observability for the Prometheus exporter in go.opentelemetry.io/otel/exporters/prometheus. Check the go.opentelemetry.io/otel/exporters/prometheus/internal/x package documentation for more information. (#7345)
  • Add experimental observability metrics in go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc. (#7353)
  • Add temporality selector functions DeltaTemporalitySelector, CumulativeTemporalitySelector, LowMemoryTemporalitySelector to go.opentelemetry.io/otel/sdk/metric. (#7434)
  • Add experimental observability metrics for simple log processor in go.opentelemetry.io/otel/sdk/log. (#7548)
  • Add experimental observability metrics in go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc. (#7459)
  • Add experimental observability metrics in go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp. (#7486)
  • Add experimental observability metrics for simple span processor in go.opentelemetry.io/otel/sdk/trace. (#7374)
  • Add experimental observability metrics in go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp. (#7512)
  • Add experimental observability metrics for manual reader in go.opentelemetry.io/otel/sdk/metric. (#7524)
  • Add experimental observability metrics for periodic reader in go.opentelemetry.io/otel/sdk/metric. (#7571)
  • Support OTEL_EXPORTER_OTLP_LOGS_INSECURE and OTEL_EXPORTER_OTLP_INSECURE environmental variables in go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp. (#7608)
  • Add Enabled method to the Processor interface in go.opentelemetry.io/otel/sdk/log. All Processor implementations now include an Enabled method. (#7639)
  • The go.opentelemetry.io/otel/semconv/v1.38.0 package. The package contains semantic conventions from the v1.38.0 version of the OpenTelemetry Semantic Conventions. See the migration documentation for information on how to upgrade from go.opentelemetry.io/otel/semconv/v1.37.0.(#7648)

Changed

  • Distinct in go.opentelemetry.io/otel/attribute is no longer guaranteed to uniquely identify an attribute set. Collisions between Distinct values for different Sets are possible with extremely high cardinality (billions of series per instrument), but are highly unlikely. (#7175)
  • WithInstrumentationAttributes in go.opentelemetry.io/otel/trace synchronously de-duplicates the passed attributes instead of delegating it to the returned TracerOption. (#7266)
  • WithInstrumentationAttributes in go.opentelemetry.io/otel/meter synchronously de-duplicates the passed attributes instead of delegating it to the returned MeterOption. (#7266)
  • WithInstrumentationAttribute...

    Description has been truncated

@dependabot
chore(deps): bump the go_modules group across 4 directories with 8 up…
673bf1c 
…dates

Bumps the go_modules group with 2 updates in the /dashboard/backend directory: [golang.org/x/crypto](https://github.com/golang/crypto) and [github.com/buger/jsonparser](https://github.com/buger/jsonparser).
Bumps the go_modules group with 3 updates in the /e2e directory: [github.com/moby/spdystream](https://github.com/moby/spdystream), [golang.org/x/net](https://github.com/golang/net) and [golang.org/x/oauth2](https://github.com/golang/oauth2).
Bumps the go_modules group with 2 updates in the /perf directory: [github.com/buger/jsonparser](https://github.com/buger/jsonparser) and [google.golang.org/grpc](https://github.com/grpc/grpc-go).
Bumps the go_modules group with 2 updates in the /src/semantic-router directory: [github.com/buger/jsonparser](https://github.com/buger/jsonparser) and [google.golang.org/grpc](https://github.com/grpc/grpc-go).


Updates `golang.org/x/crypto` from 0.30.0 to 0.45.0
- [Commits](golang/crypto@v0.30.0...v0.45.0)

Updates `github.com/buger/jsonparser` from 1.1.1 to 1.1.2
- [Release notes](https://github.com/buger/jsonparser/releases)
- [Commits](buger/jsonparser@v1.1.1...v1.1.2)

Updates `github.com/moby/spdystream` from 0.4.0 to 0.5.1
- [Release notes](https://github.com/moby/spdystream/releases)
- [Commits](moby/spdystream@v0.4.0...v0.5.1)

Updates `golang.org/x/net` from 0.26.0 to 0.38.0
- [Commits](golang/net@v0.26.0...v0.38.0)

Updates `golang.org/x/oauth2` from 0.21.0 to 0.27.0
- [Commits](golang/oauth2@v0.21.0...v0.27.0)

Updates `github.com/buger/jsonparser` from 1.1.1 to 1.1.2
- [Release notes](https://github.com/buger/jsonparser/releases)
- [Commits](buger/jsonparser@v1.1.1...v1.1.2)

Updates `google.golang.org/grpc` from 1.75.0 to 1.79.3
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](grpc/grpc-go@v1.75.0...v1.79.3)

Updates `github.com/buger/jsonparser` from 1.1.1 to 1.1.2
- [Release notes](https://github.com/buger/jsonparser/releases)
- [Commits](buger/jsonparser@v1.1.1...v1.1.2)

Updates `google.golang.org/grpc` from 1.75.0 to 1.79.3
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](grpc/grpc-go@v1.75.0...v1.79.3)

Updates `go.opentelemetry.io/otel` from 1.38.0 to 1.39.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](open-telemetry/opentelemetry-go@v1.38.0...v1.39.0)

Updates `go.opentelemetry.io/otel/sdk` from 1.38.0 to 1.39.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](open-telemetry/opentelemetry-go@v1.38.0...v1.39.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-version: 0.45.0
  dependency-type: direct:production
  dependency-group: go_modules
- dependency-name: github.com/buger/jsonparser
  dependency-version: 1.1.2
  dependency-type: indirect
  dependency-group: go_modules
- dependency-name: github.com/moby/spdystream
  dependency-version: 0.5.1
  dependency-type: indirect
  dependency-group: go_modules
- dependency-name: golang.org/x/net
  dependency-version: 0.38.0
  dependency-type: indirect
  dependency-group: go_modules
- dependency-name: golang.org/x/oauth2
  dependency-version: 0.27.0
  dependency-type: indirect
  dependency-group: go_modules
- dependency-name: github.com/buger/jsonparser
  dependency-version: 1.1.2
  dependency-type: indirect
  dependency-group: go_modules
- dependency-name: google.golang.org/grpc
  dependency-version: 1.79.3
  dependency-type: indirect
  dependency-group: go_modules
- dependency-name: github.com/buger/jsonparser
  dependency-version: 1.1.2
  dependency-type: indirect
  dependency-group: go_modules
- dependency-name: google.golang.org/grpc
  dependency-version: 1.79.3
  dependency-type: direct:production
  dependency-group: go_modules
- dependency-name: go.opentelemetry.io/otel
  dependency-version: 1.39.0
  dependency-type: direct:production
  dependency-group: go_modules
- dependency-name: go.opentelemetry.io/otel/sdk
  dependency-version: 1.39.0
  dependency-type: direct:production
  dependency-group: go_modules
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update go code labels Apr 24, 2026
@dependabot dependabot Bot requested review from Xunzhuo and rootfs as code owners April 24, 2026 20:34
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update go code labels Apr 24, 2026
@netlify
Copy link
Copy Markdown

netlify Bot commented Apr 24, 2026
edited
Loading

Deploy Preview for vllm-semantic-router ready!

Name Link
🔨 Latest commit 673bf1c
🔍 Latest deploy log https://app.netlify.com/projects/vllm-semantic-router/deploys/69ebd3e77c47b40008d225e2
😎 Deploy Preview https://deploy-preview-1817--vllm-semantic-router.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify project configuration.

@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented Apr 24, 2026

👥 vLLM Semantic Team Notification

The following members have been identified for the changed files in this PR and have been automatically assigned:

📁 dashboard

Owners: @Xunzhuo, @JaredforReal, @haowu1234, @szedan-rh, @yehuditkerido, @henschwartz
Files changed:

  • dashboard/backend/go.mod
  • dashboard/backend/go.sum

📁 e2e

Owners: @Xunzhuo, @yossiovadia, @szedan-rh, @henschwartz, @mkoushni
Files changed:

  • e2e/go.mod
  • e2e/go.sum

📁 perf

Owners: @rootfs, @Xunzhuo, @szedan-rh, @liavweiss, @mkoushni
Files changed:

  • perf/go.mod
  • perf/go.sum

📁 src/semantic-router

Owners: @rootfs, @Xunzhuo, @szedan-rh, @yehuditkerido, @abdallahsamabd, @asaadbalum, @liavweiss, @noalimoy
Files changed:

  • src/semantic-router/go.mod
  • src/semantic-router/go.sum
vLLM

🎉 Thanks for your contributions!

This comment was automatically generated based on the OWNER files in the repository.

@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented Apr 24, 2026

✅ Supply Chain Security Report — All Clear

Scanner Status Findings
AST Codebase Scan (Py, Go, JS/TS, Rust) 27 finding(s) — MEDIUM: 21 · LOW: 6
AST PR Diff Scan No issues detected
Regex Fallback Scan No issues detected

Scanned at 2026-04-24T20:35:18.336Z · View full workflow logs

@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented Apr 24, 2026

Performance Benchmark Results

Component benchmarks completed successfully.

Summary

  • Classification benchmarks: ✅
  • Decision engine benchmarks: ✅
  • Cache benchmarks: ✅

Details

See attached benchmark artifacts for detailed results and profiles.

Performance testing powered by vLLM Semantic Router

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@rootfs rootfs Awaiting requested review from rootfs rootfs is a code owner

@Xunzhuo Xunzhuo Awaiting requested review from Xunzhuo Xunzhuo is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

@rootfs rootfs

@yehuditkerido yehuditkerido

@abdallahsamabd abdallahsamabd

@Xunzhuo Xunzhuo

@liavweiss liavweiss

@noalimoy noalimoy

@haowu1234 haowu1234

@JaredforReal JaredforReal

@asaadbalum asaadbalum

@szedan-rh szedan-rh

Labels

dependencies Pull requests that update a dependency file go Pull requests that update go code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

10 participants

@rootfs @yehuditkerido @abdallahsamabd @Xunzhuo @liavweiss @noalimoy @haowu1234 @JaredforReal @asaadbalum @szedan-rh