Skip to content

chore(deps): bump the go-deps group across 1 directory with 5 updates#40

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/go_modules/go-deps-0d81fae1fd
Closed

chore(deps): bump the go-deps group across 1 directory with 5 updates#40
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/go_modules/go-deps-0d81fae1fd

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 19, 2026
edited
Loading

Bumps the go-deps group with 5 updates in the / directory:

Package From To
github.com/alicebob/miniredis/v2 2.37.0 2.38.0
github.com/ethereum/go-ethereum 1.17.2 1.17.3
github.com/labstack/echo/v4 4.15.1 4.15.2
github.com/redis/go-redis/v9 9.18.0 9.19.0
github.com/tempoxyz/tempo-go 0.4.0 0.4.1

Updates github.com/alicebob/miniredis/v2 from 2.37.0 to 2.38.0

Release notes

Sourced from github.com/alicebob/miniredis/v2's releases.

DELEX and fixes

Changelog

Sourced from github.com/alicebob/miniredis/v2's changelog.

v2.38.0

Commits
  • d67bfae update changelog for v2.38.0
  • 2b1abd8 DELEX (partly) (#442)
  • 452dd37 Merge pull request #440 from infastin/server-alias
  • b5b8ec2 feat: add 'server' alias to 'redis' in lua scripts
  • ecc4af1 Merge pull request #439 from TomBailey167/xinfo-stream-last-generated-id
  • 4a2a33e Merge pull request #435 from evan-choi/fix/xadd-equals-trim-modifier
  • d6261ef feat: add last-generated-id to XINFO STREAM response
  • f4d8aa3 fix: accept = trim modifier in xadd
  • See full diff in compare view

Updates github.com/ethereum/go-ethereum from 1.17.2 to 1.17.3

Release notes

Sourced from github.com/ethereum/go-ethereum's releases.

Enzymatic Injector (v1.17.3)

This is a maintenance release with continued progress on the Amsterdam fork implementation. It also introduces ETH/70, which is now live on the network.

ethereum/execution-apis#762reexec has been removed from the tracing config:

  • memory: words are 0x-prefixed and padded to 32 bytes
  • storage: keys and values are 0x-prefixed
  • error: omitted when empty (previously serialized as "")

Geth

  • Add retry mechanism for checkpoint init in blsync (#33966)
  • Add subcommand for offline binary tree conversion (#33740)
  • Add code exporter for db export (#34696)

Core

  • Amsterdam fork updates:
  • Implement stack arena (#33960)
  • Implement EIP-7975: eth/70 partial block receipt lists (#33153)
  • Prerequisites of snap/2 protocol (#34083, #34649, #34654, #34874)
  • Implement history index pruner for path-mode archive nodes (#33999)
  • Add Prague chain segment pruning point for Hoodi (#34714)
  • Allow reorging head to parent within 32 blocks under ePBS (#34767)
  • Stop serving chain segment requests when data is unavailable (#34787)
  • Drop peers sending invalid bodies or receipts (#34745, #34870)
  • Add kzg4844 cell-related functions (#34766)
  • State database refactoring (#33102, #34700, #34763, #34724)
  • Binary trie improvements (#34055, #34110, #34670, #34676, #34680, #34690, #34754, #34758, #34777, #34794)
  • Merge EIP-4762 access events for all system calls (#34637)
  • Reject duplicate layers in the path database (#34642)
  • Omit empty slotNumber and fix block value collection in pre-Amsterdam engine API payloads (#34704)
  • Include the operand in EIP-8024 error messages (#34635)
  • Fix vmodule downgrades and propagate verbosity changes to derived loggers (#33111)
  • Fix incorrect fsync ordering for index file truncation (#34728)
  • Fix file descriptor leak in freezer error paths (#34735)
  • Fix size calculation in path database (#34828)
  • Fix gapped queue size cap in blobpool (#34831)
  • Improve txpool pending concurrency by using read-only locking (#32924)
  • Replace deprecated TypeMux with Feed (#32585)
  • Continue blob retrieval when individual cell proof extraction fails (#34891)
  • Use uint256 in core Message for faster gas calculations (#34934)

... (truncated)

Commits

Updates github.com/labstack/echo/v4 from 4.15.1 to 4.15.2

Changelog

Sourced from github.com/labstack/echo/v4's changelog.

v4.15.2 - 2026-05-01

Security

Thanks to @​shblue21 for reporting this issue.

Commits

Updates github.com/redis/go-redis/v9 from 9.18.0 to 9.19.0

Release notes

Sourced from github.com/redis/go-redis/v9's releases.

9.19.0

🚀 Highlights

FIPS-Compatible Script Helper

Script now supports a FIPS-safe execution mode that avoids client-side SHA-1 computation, which is blocked in strict FIPS environments. A new NewScriptServerSHA constructor uses SCRIPT LOAD to obtain and cache the digest from the server, then runs commands via EVALSHA/EVALSHA_RO. Falls back to EVAL/EVALRO if loading fails, and transparently retries once on NOSCRIPT. The default behavior is unchanged for existing users.

(#3700) by @​chaitanyabodlapati

FT.AGGREGATE Step-Based Pipeline Builder

Added a new step-based FT.AGGREGATE pipeline API via FTAggregateOptions.Steps, allowing LOAD, APPLY, GROUPBY, and SORTBY (with per-step MAX) to be repeated and interleaved in arbitrary order — matching Redis's native multi-stage aggregation semantics. The legacy Load/Apply/GroupBy/SortBy/SortByMax fields are now deprecated.

(#3782) by @​ndyakov

Raw RESP Protocol Access

Added DoRaw and DoRawWriteTo methods for executing arbitrary commands and reading the raw RESP response. Useful for proxying, custom protocol inspection, and working with commands not yet wrapped by go-redis.

(#3713) by @​ofekshenawa

Configurable Dial Retry Backoff

Added DialerRetryBackoff option (plumbed through Options, ClusterOptions, RingOptions, FailoverOptions) to let callers customize the delay between failed dial attempts. Helpers DialRetryBackoffConstant and DialRetryBackoffExponential (with jitter and cap) are provided out of the box. Dial timeout is now also applied per attempt rather than across all retries.

(#3706, #3705) by @​mwhooker

✨ New Features

  • FT.AGGREGATE Steps: Step-based pipeline builder for FT.AGGREGATE with support for repeated/interleaved LOAD, APPLY, GROUPBY, and SORTBY stages (#3782) by @​ndyakov
  • VectorSet commands: Added VISMEMBER and WITHATTRIBS support (#3753) by @​romanpovol
  • FIPS-safe Script: NewScriptServerSHA uses SCRIPT LOAD to obtain the digest from the server, avoiding client-side SHA-1 (#3700) by @​chaitanyabodlapati
  • Raw RESP access: DoRaw and DoRawWriteTo for raw RESP protocol access (#3713) by @​ofekshenawa
  • Dial retry backoff: DialerRetryBackoff function option with constant and exponential helpers (#3706) by @​mwhooker
  • Typed NOSCRIPT error: Redis NOSCRIPT replies are now surfaced as a typed error for easier handling (#3738) by @​LINKIWI
  • PubSub ClientSetName: Added ClientSetName method to PubSub (#3727) by @​Flack74
  • ReplicaOf: New ReplicaOf method replaces the deprecated SlaveOf (#3720) by @​Copilot
  • HSCAN BinaryUnmarshaler: HScan now supports types implementing encoding.BinaryUnmarshaler (#3768) by @​Aaditya-dubey1

🐛 Bug Fixes

  • Auto hostname type detection: Improved endpoint type detection for maintenance notifications using DNS-based classification; handles empty hosts and expanded private-IP ranges (#3789) by @​ndyakov
  • HELLO fallback: Don't send CLIENT MAINT_NOTIFICATIONS handshake when HELLO fails and connection falls back to RESP2; fail fast when explicitly enabled with RESP3 (#3788) by @​ndyakov
  • Dial TCP retry: ShouldRetry now treats net.OpError with Op == "dial" timeout errors as safe to retry since no command was sent (#3787) by @​vladisa88
  • wrappedOnClose leak: Fixed resource leak caused by repeatedly wrapping baseClient close logic; replaced with a bounded, concurrency-safe named-hook registry (#3785) by @​ndyakov
  • Pool Close() on stale connections: Suppress close errors (e.g., TLS closeNotify timeouts) for connections already dropped by the server due to idle timeout (#3778) by @​ofekshenawa
  • FIFO waiter ordering: Fixed race in ConnStateMachine.notifyWaiters that could wake multiple waiters under a single mutex hold and violate FIFO ordering (#3777) by @​0x48core
  • Lua READONLY detection: Detect READONLY errors embedded in Lua script error messages on read-only replicas so commands are correctly retried (#3769) by @​zhengjilei
  • VectorScoreSliceCmd RESP2: Fixed VSimWithScores, VSimWithArgsWithScores, and VLinksWithScores which were broken on RESP2 connections returning flat arrays instead of maps (#3767) by @​Copilot

... (truncated)

Changelog

Sourced from github.com/redis/go-redis/v9's changelog.

9.19.0 (2026-04-27)

🚀 Highlights

FIPS-Compatible Script Helper

Script now supports a FIPS-safe execution mode that avoids client-side SHA-1 computation, which is blocked in strict FIPS environments. A new NewScriptServerSHA constructor uses SCRIPT LOAD to obtain and cache the digest from the server, then runs commands via EVALSHA/EVALSHA_RO. Falls back to EVAL/EVALRO if loading fails, and transparently retries once on NOSCRIPT. The default behavior is unchanged for existing users.

(#3700) by @​chaitanyabodlapati

FT.AGGREGATE Step-Based Pipeline Builder

Added a new step-based FT.AGGREGATE pipeline API via FTAggregateOptions.Steps, allowing LOAD, APPLY, GROUPBY, and SORTBY (with per-step MAX) to be repeated and interleaved in arbitrary order — matching Redis's native multi-stage aggregation semantics. The legacy Load/Apply/GroupBy/SortBy/SortByMax fields are now deprecated.

(#3782) by @​ndyakov

Raw RESP Protocol Access

Added DoRaw and DoRawWriteTo methods for executing arbitrary commands and reading the raw RESP response. Useful for proxying, custom protocol inspection, and working with commands not yet wrapped by go-redis.

(#3713) by @​ofekshenawa

Configurable Dial Retry Backoff

Added DialerRetryBackoff option (plumbed through Options, ClusterOptions, RingOptions, FailoverOptions) to let callers customize the delay between failed dial attempts. Helpers DialRetryBackoffConstant and DialRetryBackoffExponential (with jitter and cap) are provided out of the box. Dial timeout is now also applied per attempt rather than across all retries.

(#3706, #3705) by @​mwhooker

✨ New Features

  • FT.AGGREGATE Steps: Step-based pipeline builder for FT.AGGREGATE with support for repeated/interleaved LOAD, APPLY, GROUPBY, and SORTBY stages (#3782) by @​ndyakov
  • VectorSet commands: Added VISMEMBER and WITHATTRIBS support (#3753) by @​romanpovol
  • FIPS-safe Script: NewScriptServerSHA uses SCRIPT LOAD to obtain the digest from the server, avoiding client-side SHA-1 (#3700) by @​chaitanyabodlapati
  • Raw RESP access: DoRaw and DoRawWriteTo for raw RESP protocol access (#3713) by @​ofekshenawa
  • Dial retry backoff: DialerRetryBackoff function option with constant and exponential helpers (#3706) by @​mwhooker
  • Typed NOSCRIPT error: Redis NOSCRIPT replies are now surfaced as a typed error for easier handling (#3738) by @​LINKIWI
  • PubSub ClientSetName: Added ClientSetName method to PubSub (#3727) by @​Flack74
  • ReplicaOf: New ReplicaOf method replaces the deprecated SlaveOf (#3720) by @​Copilot
  • HSCAN BinaryUnmarshaler: HScan now supports types implementing encoding.BinaryUnmarshaler (#3768) by @​Aaditya-dubey1

🐛 Bug Fixes

  • Auto hostname type detection: Improved endpoint type detection for maintenance notifications using DNS-based classification; handles empty hosts and expanded private-IP ranges (#3789) by @​ndyakov
  • HELLO fallback: Don't send CLIENT MAINT_NOTIFICATIONS handshake when HELLO fails and connection falls back to RESP2; fail fast when explicitly enabled with RESP3 (#3788) by @​ndyakov
  • Dial TCP retry: ShouldRetry now treats net.OpError with Op == "dial" timeout errors as safe to retry since no command was sent (#3787) by @​vladisa88
  • wrappedOnClose leak: Fixed resource leak caused by repeatedly wrapping baseClient close logic; replaced with a bounded, concurrency-safe named-hook registry (#3785) by @​ndyakov
  • Pool Close() on stale connections: Suppress close errors (e.g., TLS closeNotify timeouts) for connections already dropped by the server due to idle timeout (#3778) by @​ofekshenawa
  • FIFO waiter ordering: Fixed race in ConnStateMachine.notifyWaiters that could wake multiple waiters under a single mutex hold and violate FIFO ordering (#3777) by @​0x48core
  • Lua READONLY detection: Detect READONLY errors embedded in Lua script error messages on read-only replicas so commands are correctly retried (#3769) by @​zhengjilei
  • VectorScoreSliceCmd RESP2: Fixed VSimWithScores, VSimWithArgsWithScores, and VLinksWithScores which were broken on RESP2 connections returning flat arrays instead of maps (#3767) by @​Copilot

... (truncated)

Commits
  • e7e9866 chore(release): v9.19.0 (#3796)
  • 22b26f4 feat(ft.aggregate): Add Steps for query building (#3782)
  • d9d7694 fix(pool): two fixes for closed connection handling (#3764)
  • 44e8b73 fix(sch): auto hostname type detection (#3789)
  • ad21622 fix(hello): do not send maintnotifications handshake when hello fails (#3788)
  • 1a7ac74 fix(pool): suppress pool Close() errors for stale connections (#3778)
  • 903d6bd fix(retry): make dial tcp error redirectable (#3786) (#3787)
  • 00a551b fix(credentials): leak in wrappedOnClose (#3785)
  • b5a6f99 refactor(pool): remove redundant Conn.closed atomic field (#3783)
  • 928f27a feat(hscan): add support for encoding.BinaryUnmarshaler (#3768)
  • Additional commits viewable in compare view

Updates github.com/tempoxyz/tempo-go from 0.4.0 to 0.4.1

Release notes

Sourced from github.com/tempoxyz/tempo-go's releases.

v0.4.1

What's Changed

New Contributors

Full Changelog: tempoxyz/tempo-go@v0.4.0...v0.4.1

Changelog

Sourced from github.com/tempoxyz/tempo-go's changelog.

github.com/tempoxyz/tempo-go@0.4.1

Patch Changes

  • Reject non-canonical secp256k1 signatures during transaction deserialization and address recovery, preventing transaction hash malleability via legacy V values and high-S signatures. (by @​BrendanRyan, #49)

All notable changes to this project will be documented in this file.

[Unreleased]

Commits
  • 87ed6d5 Release tempo-go@0.4.1 (#50)
  • 2286f5e fix: reject malleable secp256k1 signatures (#49)
  • 8a4150a chore: repin changelogs action from @​add-go-ecosystem to @​master (#48)
  • ad6d077 fix(ci): drop TEMPO_HARDFORK=T2 pin on testnet integration job (#47)
  • 728ca21 fix(deserialize): overflow validation for uint64 fields (#18)
  • de3c9b0 chore(release): add changelogs workflow (#46)
  • 5b61f3f chore(deps): bump github.com/ethereum/go-ethereum from 1.17.0 to 1.17.2 in th...
  • b7bfd8b chore(deps): bump github.com/ethereum/go-ethereum from 1.17.0 to 1.17.2 in /e...
  • de40e7a chore(deps): bump the actions group across 1 directory with 4 updates (#43)
  • ee4905f fix(ci): use go 1.25.x/1.26.x and skip integration tests for dependabot (#45)
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
chore(deps): bump the go-deps group across 1 directory with 5 updates
30be054 
Bumps the go-deps group with 5 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [github.com/alicebob/miniredis/v2](https://github.com/alicebob/miniredis) | `2.37.0` | `2.38.0` |
| [github.com/ethereum/go-ethereum](https://github.com/ethereum/go-ethereum) | `1.17.2` | `1.17.3` |
| [github.com/labstack/echo/v4](https://github.com/labstack/echo) | `4.15.1` | `4.15.2` |
| [github.com/redis/go-redis/v9](https://github.com/redis/go-redis) | `9.18.0` | `9.19.0` |
| [github.com/tempoxyz/tempo-go](https://github.com/tempoxyz/tempo-go) | `0.4.0` | `0.4.1` |



Updates `github.com/alicebob/miniredis/v2` from 2.37.0 to 2.38.0
- [Release notes](https://github.com/alicebob/miniredis/releases)
- [Changelog](https://github.com/alicebob/miniredis/blob/master/CHANGELOG.md)
- [Commits](alicebob/miniredis@v2.37.0...v2.38.0)

Updates `github.com/ethereum/go-ethereum` from 1.17.2 to 1.17.3
- [Release notes](https://github.com/ethereum/go-ethereum/releases)
- [Commits](ethereum/go-ethereum@v1.17.2...v1.17.3)

Updates `github.com/labstack/echo/v4` from 4.15.1 to 4.15.2
- [Release notes](https://github.com/labstack/echo/releases)
- [Changelog](https://github.com/labstack/echo/blob/v4.15.2/CHANGELOG.md)
- [Commits](labstack/echo@v4.15.1...v4.15.2)

Updates `github.com/redis/go-redis/v9` from 9.18.0 to 9.19.0
- [Release notes](https://github.com/redis/go-redis/releases)
- [Changelog](https://github.com/redis/go-redis/blob/master/RELEASE-NOTES.md)
- [Commits](redis/go-redis@v9.18.0...v9.19.0)

Updates `github.com/tempoxyz/tempo-go` from 0.4.0 to 0.4.1
- [Release notes](https://github.com/tempoxyz/tempo-go/releases)
- [Changelog](https://github.com/tempoxyz/tempo-go/blob/main/CHANGELOG.md)
- [Commits](tempoxyz/tempo-go@v0.4.0...v0.4.1)

---
updated-dependencies:
- dependency-name: github.com/alicebob/miniredis/v2
  dependency-version: 2.38.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-deps
- dependency-name: github.com/ethereum/go-ethereum
  dependency-version: 1.17.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go-deps
- dependency-name: github.com/labstack/echo/v4
  dependency-version: 4.15.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go-deps
- dependency-name: github.com/redis/go-redis/v9
  dependency-version: 9.19.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-deps
- dependency-name: github.com/tempoxyz/tempo-go
  dependency-version: 0.4.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go-deps
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update go code labels May 19, 2026
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented May 19, 2026

⚠️ Changelog not found.

A changelog entry is required before merging.

Add changelog

@socket-security
Copy link
Copy Markdown

socket-security Bot commented May 19, 2026

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Updatedgithub.com/​ethereum/​go-ethereum@​v1.17.2 ⏵ v1.17.37610010010070
Updatedgithub.com/​labstack/​echo/​v4@​v4.15.1 ⏵ v4.15.272 +1100100100100
Updatedgithub.com/​redis/​go-redis/​v9@​v9.18.0 ⏵ v9.19.074 +1100100100100
Updatedgithub.com/​alicebob/​miniredis/​v2@​v2.37.0 ⏵ v2.38.098 +1100100100100
Updatedgithub.com/​tempoxyz/​tempo-go@​v0.4.0 ⏵ v0.4.199 +1100100100100

View full report

@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot Bot commented on behalf of github May 26, 2026

Looks like these dependencies are updatable in another way, so this is no longer needed.

@dependabot dependabot Bot closed this May 26, 2026
@dependabot dependabot Bot deleted the dependabot/go_modules/go-deps-0d81fae1fd branch May 26, 2026 18:18
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file go Pull requests that update go code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants