chore(deps): bump the go_modules group across 1 directory with 6 updates by dependabot[bot] · Pull Request #15 · BY-SOMMER/genkit

dependabot · 2026-03-01T22:11:35Z

Bumps the go_modules group with 1 update in the /go directory: github.com/weaviate/weaviate.

Updates github.com/weaviate/weaviate from 1.26.0-rc.1 to 1.30.20

Release notes

Sourced from github.com/weaviate/weaviate's releases.

v1.30.20 - Backup path Fix

Breaking Changes

none

New Features

none

Fixes

Always defer waitgroup in raft apply by @dirkkul in weaviate/weaviate#9489

Fix restoring db users from old RAFT state by @dirkkul in weaviate/weaviate#9487

Disallow waitgroups without defer by @dirkkul in weaviate/weaviate#9495

Backup path fixes by @dirkkul in weaviate/weaviate#9601

Full Changelog: weaviate/weaviate@v1.30.19...v1.30.20

v1.30.19 - Named vectors with quantization enabled Fix, Backup shard locking improvement

Breaking Changes

none

New Features

none

Fixes

Avoid collisions on compressed named vector buckets by @abdelr in weaviate/weaviate#9240

Add vector index types tests validating search after restart by @antas-marcin in weaviate/weaviate#9362

hnsw: prevent race between UpdateUserConfig and ShouldUpgrade by @asdine in weaviate/weaviate#9358

fix: panic caused by dropping store before queues by @asdine in weaviate/weaviate#9367

Requantize api should skip uncompressed vectors by @trengrj in weaviate/weaviate#9365

Add info PQ compression log if fails by @robbespo00 in weaviate/weaviate#9373

ensure localResults has enough space by @asdine in weaviate/weaviate#9370

fix TestTotalDimensionTrackingMetrics race by @asdine in weaviate/weaviate#9380

dependencies(update): bump github.com/nyaruka/phonenumbers by @antas-marcin in weaviate/weaviate#9382

Fix fetchObject with certainty for multi-named-vectors by @dirkkul in weaviate/weaviate#9376

Add more information to compression logs by @robbespo00 in weaviate/weaviate#9390

Add buffer queue to the replicated indices handler by @nathanwilk7 in weaviate/weaviate#9297

skip large ids when little-endian and big-endian ids are mixed in the same bucket by @asdine in weaviate/weaviate#9397

use correct boundary for mix endianness detection by @asdine in weaviate/weaviate#9414

chore: change parallel iterator warning logs to debug by @antas-marcin in weaviate/weaviate#9407

change limits between big endian and little endian detection by @rlmanrique in weaviate/weaviate#9417

chore(migration): mark migration as done when we have legacy and named vectors defined by @antas-marcin in weaviate/weaviate#9426

chore(migration): handle situations where we start with legacy vector index and then add named vector by @antas-marcin in weaviate/weaviate#9430

fix(migration): create symlink to vectors_compressed folder after migration by @antas-marcin in weaviate/weaviate#9441

hnsw: ensure candidate lock is released if the code panics by @asdine in weaviate/weaviate#9454

Block backup mutex per shard by @dirkkul in weaviate/weaviate#9453

fix(migration): use relative path for vectors_compressed folder when creating a symlink by @antas-marcin in weaviate/weaviate#9465

chore(migration): create vectors_compressed folder for new named vectors by @antas-marcin in weaviate/weaviate#9469

Full Changelog: weaviate/weaviate@v1.30.18...v1.30.19

... (truncated)

Commits

aa6f594 prepare release v1.30.20
c7376c8 Merge pull request #9601 from weaviate/backup_path
64e1b55 Cleanup code
0772c9d Fix test
7d4c74b Linter warning
db174ae Swagger and linter
89c2270 Fix path breakout in backup
bef8edd Add test for backup path
8c4c408 Disallow waitgroups without defer (#9495)
b4e7567 Merge pull request #9487 from weaviate/restore_db_users
Additional commits viewable in compare view

Updates go.opentelemetry.io/otel/sdk from 1.26.0 to 1.35.0

Changelog

Sourced from go.opentelemetry.io/otel/sdk's changelog.

[1.35.0/0.57.0/0.11.0] 2025-03-05

This release is the last to support [Go 1.22]. The next release will require at least [Go 1.23].

Added

Add ValueFromAttribute and KeyValueFromAttribute in go.opentelemetry.io/otel/log. (#6180)

Add EventName and SetEventName to Record in go.opentelemetry.io/otel/log. (#6187)

Add EventName to RecordFactory in go.opentelemetry.io/otel/log/logtest. (#6187)

AssertRecordEqual in go.opentelemetry.io/otel/log/logtest checks Record.EventName. (#6187)

Add EventName and SetEventName to Record in go.opentelemetry.io/otel/sdk/log. (#6193)

Add EventName to RecordFactory in go.opentelemetry.io/otel/sdk/log/logtest. (#6193)

Emit Record.EventName field in go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc. (#6211)

Emit Record.EventName field in go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp. (#6211)

Emit Record.EventName field in go.opentelemetry.io/otel/exporters/stdout/stdoutlog (#6210)

The go.opentelemetry.io/otel/semconv/v1.28.0 package. The package contains semantic conventions from the v1.28.0 version of the OpenTelemetry Semantic Conventions. See the migration documentation for information on how to upgrade from go.opentelemetry.io/otel/semconv/v1.27.0(#6236)

The go.opentelemetry.io/otel/semconv/v1.30.0 package. The package contains semantic conventions from the v1.30.0 version of the OpenTelemetry Semantic Conventions. See the migration documentation for information on how to upgrade from go.opentelemetry.io/otel/semconv/v1.28.0(#6240)

Document the pitfalls of using Resource as a comparable type. Resource.Equal and Resource.Equivalent should be used instead. (#6272)

Support [Go 1.24]. (#6304)

Add FilterProcessor and EnabledParameters in go.opentelemetry.io/otel/sdk/log. It replaces go.opentelemetry.io/otel/sdk/log/internal/x.FilterProcessor. Compared to previous version it additionally gives the possibility to filter by resource and instrumentation scope. (#6317)

Changed

Update github.com/prometheus/common to v0.62.0, which changes the NameValidationScheme to NoEscaping. This allows metrics names to keep original delimiters (e.g. .), rather than replacing with underscores. This is controlled by the Content-Type header, or can be reverted by setting NameValidationScheme to LegacyValidation in github.com/prometheus/common/model. (#6198)

Fixes

Eliminate goroutine leak for the processor returned by NewSimpleSpanProcessor in go.opentelemetry.io/otel/sdk/trace when Shutdown is called and the passed ctx is canceled and SpanExporter.Shutdown has not returned. (#6368)

Eliminate goroutine leak for the processor returned by NewBatchSpanProcessor in go.opentelemetry.io/otel/sdk/trace when ForceFlush is called and the passed ctx is canceled and SpanExporter.Export has not returned. (#6369)

[1.34.0/0.56.0/0.10.0] 2025-01-17

Changed

Remove the notices from Logger to make the whole Logs API user-facing in go.opentelemetry.io/otel/log. (#6167)

Fixed

Relax minimum Go version to 1.22.0 in various modules. (#6073)

The Type name logged for the go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc client is corrected from otlphttpgrpc to otlptracegrpc. (#6143)

... (truncated)

Commits

5ba5e7a Release v1.35.0/v0.57.0/v0.11.0 (#6407)
3908b67 chore(deps): update module github.com/securego/gosec/v2 to v2.22.2 (#6412)
50172b1 chore(deps): update module github.com/ryancurrah/gomodguard to v1.4.1 (#6411)
cea6d2b fix(deps): update module google.golang.org/grpc to v1.71.0 (#6409)
e2aee3a Move trace sdk tests from trace_test into trace package (#6400)
38f4f39 fix(deps): update build-tools to v0.20.0 (#6403)
2911449 Look at stale issues in ascending order (#6396)
7cb322a chore(deps): update github.com/golangci/dupl digest to 44c6a0b (#6398)
0c3651e fix(deps): update module github.com/golangci/golangci-lint to v1.64.6 (#6394)
f04e951 chore(deps): update mvdan.cc/unparam digest to 0df0534 (#6391)
Additional commits viewable in compare view

Updates github.com/golang-jwt/jwt/v4 from 4.5.0 to 4.5.2

Release notes

Sourced from github.com/golang-jwt/jwt/v4's releases.

v4.5.2

See GHSA-mh63-6h87-95cp

Full Changelog: golang-jwt/jwt@v4.5.1...v4.5.2

v4.5.1

Security

Unclear documentation of the error behavior in ParseWithClaims in <= 4.5.0 could lead to situation where users are potentially not checking errors in the way they should be. Especially, if a token is both expired and invalid, the errors returned by ParseWithClaims return both error codes. If users only check for the jwt.ErrTokenExpired using error.Is, they will ignore the embedded jwt.ErrTokenSignatureInvalid and thus potentially accept invalid tokens.

This issue was documented in GHSA-29wx-vh33-7x7r and fixed in this release.

Note: v5 was not affected by this issue. So upgrading to this release version is also recommended.

What's Changed

Back-ported error-handling logic in ParseWithClaims from v5 branch. This fixes GHSA-29wx-vh33-7x7r.

Full Changelog: golang-jwt/jwt@v4.5.0...v4.5.1

Commits

2f0e9ad Backporting 0951d18 to v4
7b1c1c0 Merge commit from fork
See full diff in compare view

Updates golang.org/x/crypto from 0.25.0 to 0.40.0

Commits

459a9db go.mod: update golang.org/x dependencies
74e709a ssh: add AlgorithmNegotiationError
b3790b8 acme: fix TLSALPN01ChallengeCert for IP address identifiers
1dc4269 acme: add Pebble integration testing
97bf787 blake2b: implement hash.XOF
952517d x509roots/fallback: update bundle
c6fce02 ssh: refuse to parse certificates that use a certificate as signing key
0ae49b8 ssh: reject certificate keys used as signature keys for SSH certs
3bf9d2a ssh/test: skip KEX test if unsupported by system SSH client
9bab967 go.mod: update golang.org/x dependencies
Additional commits viewable in compare view

Updates golang.org/x/net from 0.27.0 to 0.41.0

Commits

6e41cae go.mod: update golang.org/x dependencies
15f7d40 http2: correctly wrap ErrFrameTooLarge in Framer.ReadFrame
ef33bc0 internal/http3: use bubbled context in synctest tests
919c6bc http2: use an array instead of a map in typeFrameParser
bae01a7 trace: add missing td tag
7d6e62a go.mod: update golang.org/x dependencies
ea0c1d9 internal/timeseries: use built-in max/min to simplify the code
3e7a445 quic: skip packet numbers for optimistic ack defense
3f563d3 quic: use an enum for sentPacket state
a3b6e77 quic: don't re-lose packets when discarding keys
Additional commits viewable in compare view

Updates golang.org/x/oauth2 from 0.21.0 to 0.30.0

Commits

cf14319 oauth2: fix expiration time window check
32d34ef internal: include clientID in auth style cache key
2d34e30 oauth2: replace a magic number with AuthStyleUnknown
696f7b3 all: modernize with doc links and any
471209b oauth2: drop dependency on go-cmp
6968da2 oauth2: sync Token.ExpiresIn from internal Token
d2c4e0a oauth2: context instead of golang.org/x/net/context in doc
883dc3c endpoints: add various endpoints from stale CLs
1c06e87 all: make use of oauth.Token.ExpiresIn
65c15a3 oauth2: remove extra period
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
You can disable automated security fix PRs for this repo from the Security Alerts page.

Bumps the go_modules group with 1 update in the /go directory: [github.com/weaviate/weaviate](https://github.com/weaviate/weaviate). Updates `github.com/weaviate/weaviate` from 1.26.0-rc.1 to 1.30.20 - [Release notes](https://github.com/weaviate/weaviate/releases) - [Commits](weaviate/weaviate@v1.26.0-rc.1...v1.30.20) Updates `go.opentelemetry.io/otel/sdk` from 1.26.0 to 1.35.0 - [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases) - [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md) - [Commits](open-telemetry/opentelemetry-go@v1.26.0...v1.35.0) Updates `github.com/golang-jwt/jwt/v4` from 4.5.0 to 4.5.2 - [Release notes](https://github.com/golang-jwt/jwt/releases) - [Commits](golang-jwt/jwt@v4.5.0...v4.5.2) Updates `golang.org/x/crypto` from 0.25.0 to 0.40.0 - [Commits](golang/crypto@v0.25.0...v0.40.0) Updates `golang.org/x/net` from 0.27.0 to 0.41.0 - [Commits](golang/net@v0.27.0...v0.41.0) Updates `golang.org/x/oauth2` from 0.21.0 to 0.30.0 - [Commits](golang/oauth2@v0.21.0...v0.30.0) --- updated-dependencies: - dependency-name: github.com/weaviate/weaviate dependency-version: 1.30.20 dependency-type: direct:production dependency-group: go_modules - dependency-name: go.opentelemetry.io/otel/sdk dependency-version: 1.35.0 dependency-type: direct:production dependency-group: go_modules - dependency-name: github.com/golang-jwt/jwt/v4 dependency-version: 4.5.2 dependency-type: indirect dependency-group: go_modules - dependency-name: golang.org/x/crypto dependency-version: 0.40.0 dependency-type: indirect dependency-group: go_modules - dependency-name: golang.org/x/net dependency-version: 0.41.0 dependency-type: indirect dependency-group: go_modules - dependency-name: golang.org/x/oauth2 dependency-version: 0.30.0 dependency-type: indirect dependency-group: go_modules ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Mar 1, 2026

dependabot bot mentioned this pull request Mar 1, 2026

chore(deps): bump the go_modules group across 1 directory with 2 updates #2

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): bump the go_modules group across 1 directory with 6 updates#15

chore(deps): bump the go_modules group across 1 directory with 6 updates#15
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/go_modules/go/go_modules-a59158b4fc

dependabot bot commented on behalf of github Mar 1, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot bot commented on behalf of github Mar 1, 2026

v1.30.20 - Backup path Fix

Breaking Changes

New Features

Fixes

v1.30.19 - Named vectors with quantization enabled Fix, Backup shard locking improvement

Breaking Changes

New Features

Fixes

[1.35.0/0.57.0/0.11.0] 2025-03-05

Added

Changed

Fixes

[1.34.0/0.56.0/0.10.0] 2025-01-17

Changed

Fixed

v4.5.2

v4.5.1

Security

What's Changed

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants