chore(deps): update security updates by NumaryBot · Pull Request #94 · formancehq/wallets

NumaryBot · 2026-03-20T03:11:16Z

This PR contains the following updates:

Package	Type	Update	Change
filippo.io/edwards25519	indirect	minor	`v1.1.1` -> `v1.2.0`
github.com/Azure/go-ansiterm	indirect	digest	`306776e` -> `faa5f7b`
github.com/IBM/sarama	indirect	minor	`v1.45.2` -> `v1.47.0`
github.com/ThreeDotsLabs/watermill	indirect	minor	`v1.4.7` -> `v1.5.1`
github.com/ThreeDotsLabs/watermill-aws	indirect	patch	`v1.0.0` -> `v1.0.1`
github.com/ThreeDotsLabs/watermill-kafka/v3	indirect	minor	`v3.0.6` -> `v3.1.2`
github.com/ajg/form	indirect	minor	`v1.5.1` -> `v1.7.1`
github.com/aws/aws-sdk-go-v2	indirect	minor	`v1.36.6` -> `v1.41.4`
github.com/aws/aws-sdk-go-v2/config	indirect	minor	`v1.29.18` -> `v1.32.12`
github.com/aws/aws-sdk-go-v2/credentials	indirect	minor	`v1.17.71` -> `v1.19.12`
github.com/aws/aws-sdk-go-v2/feature/ec2/imds	indirect	minor	`v1.16.33` -> `v1.18.20`
github.com/aws/aws-sdk-go-v2/feature/rds/auth	indirect	minor	`v1.5.14` -> `v1.6.20`
github.com/aws/aws-sdk-go-v2/internal/configsources	indirect	minor	`v1.3.37` -> `v1.4.20`
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2	indirect	minor	`v2.6.37` -> `v2.7.20`
github.com/aws/aws-sdk-go-v2/internal/ini	indirect	patch	`v1.8.3` -> `v1.8.6`
github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding	indirect	minor	`v1.12.4` -> `v1.13.7`
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url	indirect	minor	`v1.12.18` -> `v1.13.20`
github.com/aws/aws-sdk-go-v2/service/sns	indirect	minor	`v1.34.8` -> `v1.39.14`
github.com/aws/aws-sdk-go-v2/service/sqs	indirect	minor	`v1.38.10` -> `v1.42.24`
github.com/aws/aws-sdk-go-v2/service/sso	indirect	minor	`v1.25.6` -> `v1.30.13`
github.com/aws/aws-sdk-go-v2/service/ssooidc	indirect	minor	`v1.30.4` -> `v1.35.17`
github.com/aws/aws-sdk-go-v2/service/sts	indirect	minor	`v1.34.1` -> `v1.41.9`
github.com/aws/smithy-go	indirect	minor	`v1.22.5` -> `v1.24.2`
github.com/cenkalti/backoff/v5	indirect	patch	`v5.0.2` -> `v5.0.3`
github.com/containerd/continuity	indirect	patch	`v0.4.3` -> `v0.4.5`
github.com/decred/dcrd/dcrec/secp256k1/v4	indirect	patch	`v4.4.0` -> `v4.4.1`
github.com/docker/cli	indirect	minor	`v27.3.1+incompatible` -> `v27.5.1+incompatible`
github.com/docker/docker	indirect	minor	`v28.3.3+incompatible` -> `v28.5.2+incompatible`
github.com/docker/go-connections	indirect	minor	`v0.5.0` -> `v0.6.0`
github.com/ebitengine/purego	indirect	minor	`v0.8.4` -> `v0.10.0`
github.com/formancehq/formance-sdk-go/v3	require	minor	`v3.5.0` -> `v3.8.1`
github.com/formancehq/go-libs/v3	require	minor	`v3.0.1` -> `v3.6.1`
github.com/formancehq/ledger/pkg/client	indirect	digest	`0b65ce1` -> `5def006`
github.com/formancehq/numscript	indirect	patch	`v0.0.15` -> `v0.0.24`
github.com/fsnotify/fsnotify	indirect	minor	`v1.8.0` -> `v1.9.0`
github.com/go-chi/chi	indirect	patch	`v4.1.2+incompatible` -> `v4.1.3`
github.com/go-chi/chi/v5	require	patch	`v5.2.4` -> `v5.2.5`
github.com/go-chi/cors	indirect	patch	`v1.2.1` -> `v1.2.2`
github.com/go-viper/mapstructure/v2	indirect	minor	`v2.4.0` -> `v2.5.0`
github.com/goccy/go-json	indirect	patch	`v0.10.3` -> `v0.10.6`
github.com/golang-jwt/jwt/v5	indirect	minor	`v5.2.3` -> `v5.3.1`
github.com/google/pprof	indirect	digest	`27863c8` -> `a15ffb7`
github.com/grpc-ecosystem/grpc-gateway/v2	indirect	minor	`v2.27.1` -> `v2.28.0`
github.com/jackc/pgx/v5	indirect	minor	`v5.7.5` -> `v5.8.0`
github.com/jackc/pgxlisten	indirect	digest	`1d6f665` -> `12b9242`
github.com/klauspost/compress	indirect	patch	`v1.18.0` -> `v1.18.4`
github.com/lestrrat-go/blackmagic	indirect	patch	`v1.0.2` -> `v1.0.4`
github.com/lufia/plan9stats	indirect	digest	`8bc96cf` -> `b3301c5`
github.com/mailru/easyjson	indirect	patch	`v0.9.0` -> `v0.9.2`
github.com/moby/sys/user	indirect	minor	`v0.3.0` -> `v0.4.0`
github.com/moby/term	indirect	patch	`v0.5.0` -> `v0.5.2`
github.com/nats-io/nats.go	indirect	minor	`v1.43.0` -> `v1.49.0`
github.com/nats-io/nkeys	indirect	patch	`v0.4.11` -> `v0.4.15`
github.com/onsi/ginkgo/v2	require	minor	`v2.23.4` -> `v2.28.1`
github.com/onsi/gomega	require	minor	`v1.36.3` -> `v1.39.1`
github.com/opencontainers/runc	indirect	minor	`v1.2.8` -> `v1.4.1`
github.com/ory/dockertest/v3	indirect	minor	`v3.11.0` -> `v3.12.0`
github.com/pelletier/go-toml/v2	indirect	patch	`v2.2.3` -> `v2.2.4`
github.com/pierrec/lz4/v4	indirect	patch	`v4.1.22` -> `v4.1.26`
github.com/riandyrn/otelchi	indirect	patch	`v0.12.1` -> `v0.12.2`
github.com/sagikazarmark/locafero	indirect	minor	`v0.9.0` -> `v0.12.0`
github.com/shirou/gopsutil/v4	indirect	minor	`v4.25.5` -> `v4.26.2`
github.com/sirupsen/logrus	indirect	patch	`v1.9.3` -> `v1.9.4`
github.com/spf13/afero	indirect	minor	`v1.14.0` -> `v1.15.0`
github.com/spf13/cast	indirect	minor	`v1.7.1` -> `v1.10.0`
github.com/spf13/cobra	require	minor	`v1.9.1` -> `v1.10.2`
github.com/spf13/pflag	indirect	patch	`v1.0.7` -> `v1.0.10`
github.com/spf13/viper	indirect	minor	`v1.20.1` -> `v1.21.0`
github.com/stoewer/go-strcase	indirect	patch	`v1.3.0` -> `v1.3.1`
github.com/tklauser/go-sysconf	indirect	patch	`v0.3.15` -> `v0.3.16`
github.com/tklauser/numcpus	indirect	minor	`v0.10.0` -> `v0.11.0`
github.com/uptrace/bun	indirect	patch	`v1.2.15` -> `v1.2.18`
github.com/uptrace/bun/dialect/pgdialect	indirect	patch	`v1.2.15` -> `v1.2.18`
github.com/uptrace/bun/extra/bunotel	indirect	patch	`v1.2.15` -> `v1.2.18`
github.com/wk8/go-ordered-map/v2	indirect	digest	`0a40785` -> `46d6868`
github.com/xdg-go/scram	indirect	minor	`v1.1.2` -> `v1.2.0`
github.com/xo/dburl	indirect	minor	`v0.23.8` -> `v0.24.2`
go.opentelemetry.io/contrib/instrumentation/host	indirect	minor	`v0.62.0` -> `v0.67.0`
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp	indirect	minor	`v0.62.0` -> `v0.67.0`
go.opentelemetry.io/contrib/instrumentation/runtime	indirect	minor	`v0.62.0` -> `v0.67.0`
go.opentelemetry.io/contrib/propagators/b3	indirect	minor	`v1.37.0` -> `v1.42.0`
go.opentelemetry.io/otel	indirect	minor	`v1.40.0` -> `v1.42.0`
go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc	indirect	minor	`v1.37.0` -> `v1.42.0`
go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp	indirect	minor	`v1.37.0` -> `v1.42.0`
go.opentelemetry.io/otel/exporters/otlp/otlptrace	indirect	minor	`v1.37.0` -> `v1.42.0`
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc	indirect	minor	`v1.37.0` -> `v1.42.0`
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp	indirect	minor	`v1.37.0` -> `v1.42.0`
go.opentelemetry.io/otel/exporters/stdout/stdoutmetric	indirect	minor	`v1.37.0` -> `v1.42.0`
go.opentelemetry.io/otel/exporters/stdout/stdouttrace	indirect	minor	`v1.37.0` -> `v1.42.0`
go.opentelemetry.io/otel/log	indirect	minor	`v0.11.0` -> `v0.18.0`
go.opentelemetry.io/otel/metric	indirect	minor	`v1.40.0` -> `v1.42.0`
go.opentelemetry.io/otel/sdk	indirect	minor	`v1.40.0` -> `v1.42.0`
go.opentelemetry.io/otel/sdk/metric	indirect	minor	`v1.40.0` -> `v1.42.0`
go.opentelemetry.io/otel/trace	indirect	minor	`v1.40.0` -> `v1.42.0`
go.opentelemetry.io/proto/otlp	indirect	minor	`v1.7.0` -> `v1.10.0`
go.uber.org/zap	indirect	patch	`v1.27.0` -> `v1.27.1`
golang.org/x/crypto	indirect	minor	`v0.46.0` -> `v0.49.0`
golang.org/x/exp	indirect	digest	`054e65f` -> `7ab1446`
golang.org/x/net	indirect	minor	`v0.48.0` -> `v0.52.0`
golang.org/x/oauth2	require	minor	`v0.34.0` -> `v0.36.0`
golang.org/x/sync	indirect	minor	`v0.19.0` -> `v0.20.0`
golang.org/x/sys	indirect	minor	`v0.40.0` -> `v0.42.0`
golang.org/x/text	indirect	minor	`v0.32.0` -> `v0.35.0`
golang.org/x/tools	indirect	minor	`v0.39.0` -> `v0.43.0`
google.golang.org/genproto/googleapis/api	indirect	digest	`ff82c1b` -> `d00831a`
google.golang.org/genproto/googleapis/rpc	indirect	digest	`ff82c1b` -> `d00831a`
google.golang.org/protobuf	indirect	patch	`v1.36.10` -> `v1.36.11`

Release Notes

FiloSottile/edwards25519 (filippo.io/edwards25519)

`v1.2.0`

Compare Source

IBM/sarama (github.com/IBM/sarama)

`v1.47.0`: Version 1.47.0 (2026-02-27)

Compare Source

What's Changed

🎉 New Features / Improvements

perf(admin): modernize DescribeCluster RPC handling by @DCjanus in https://github.com/IBM/sarama/pull/3390
test: expand Java interop tests to cover all compression codecs by @dnwe in https://github.com/IBM/sarama/pull/3423

🐛 Fixes

fix(client): add nilguards to updateBroker by @dnwe in https://github.com/IBM/sarama/pull/3393
fix(broker): auto-close broken connections by @DCjanus in https://github.com/IBM/sarama/pull/3412
fix: set version from IBM/sarama, not main app by @adamdecaf in https://github.com/IBM/sarama/pull/3415

🔧 Maintenance

chore: finish up the move to atomic types by @puellanivis in https://github.com/IBM/sarama/pull/3399
chore: tear down zk in functional tests by @edoardocomar in https://github.com/IBM/sarama/pull/3420
chore: migrate from eapache/go-xerial-snappy to klauspost/compress/sn… by @edoardocomar in https://github.com/IBM/sarama/pull/3421
fix(test): resolve FVT issues in Kafka v2.x interop tests by @edoardocomar in https://github.com/IBM/sarama/pull/3424
feat: add kafka 4.1.1 constants and use in FVT by @dnwe in https://github.com/IBM/sarama/pull/3437
chore: add Kafka 4.0.1 and replace 4.0.0 in FVT by @edoardocomar in https://github.com/IBM/sarama/pull/3439
ci(lint): unblock Go 1.26 lint and handle gosec noise by @DCjanus in https://github.com/IBM/sarama/pull/3454

📦 Dependency updates

chore(deps): update module golang.org/x/crypto to v0.45.0 [security] → v0.48.0 by @renovate[bot] in #3383, #3425
chore(deps): bump golang.org/x/crypto from 0.42.0 to 0.45.0 across /examples (consumergroup, exactly_once, sasl_scram_client, http_server, txn_producer, interceptors) by @dependabot[bot] in #3382, #3381, #3380, #3379, #3378, #3377
fix(deps): update module golang.org/x/sync to v0.18.0 by @renovate[bot] in #3385
fix(deps): update module golang.org/x/net to v0.49.0 → v0.51.0 by @renovate[bot] and @dependabot[bot] in #3426, #3427, #3453
chore(deps): update golangci/golangci-lint-action action to v9 → v9.2.0 by @renovate[bot] in #3370, #3400
chore(deps): update dependency golangci/golangci-lint to v2.6.2 → v2.8.0 by @renovate[bot] in #3366, #3401
chore(deps): update docker/bake-action action to v6.10.0 by @renovate[bot] in #3392
chore(deps): update docker/setup-buildx-action action to v3.12.0 by @renovate[bot] in #3416
chore(deps): bump github.com/klauspost/compress from 1.18.1 to 1.18.4 by @dependabot[bot] in #3397, #3430, #3442
chore(deps): bump github.com/pierrec/lz4/v4 from 4.1.22 to 4.1.25 by @dependabot[bot] in #3411, #3432
chore(deps): bump the golang-x group across 1 directory with 2 updates by @dependabot[bot] in #3405
chore(deps): bump github.com/xdg-go/scram from 1.1.2 to 1.2.0 in /examples/sasl_scram_client by @dependabot[bot] in #3394
chore(deps): update dependency dominikh/go-tools to v2026 by @renovate[bot] in #3446

New Contributors

@DCjanus made their first contribution in https://github.com/IBM/sarama/pull/3390
@edoardocomar made their first contribution in https://github.com/IBM/sarama/pull/3420
@adamdecaf made their first contribution in https://github.com/IBM/sarama/pull/3415

Full Changelog: IBM/sarama@v1.46.3...v1.47.0

`v1.46.3`: Version 1.46.3 (2025-10-26)

Compare Source

What's Changed

🐛 Fixes

fix: wrap KError into error returned by IncrementalAlterConfig by @prestona in https://github.com/IBM/sarama/pull/3352
fix: assign sequence when flushing retry buffers by @dnwe in https://github.com/IBM/sarama/pull/3362

📦 Dependency updates

chore(deps): update dependency dominikh/go-tools to v2025 by @renovate[bot] inhttps://github.com/IBM/sarama/pull/33511
chore(deps): update dependency vearutop/teststat to v0.1.27 by @renovate[bot] inhttps://github.com/IBM/sarama/pull/33500
fix(deps): update module github.com/klauspost/compress to v1.18.1 by @renovate[bot] inhttps://github.com/IBM/sarama/pull/33555

🔧 Maintenance

chore(ci): extract tool versions and add renovate customManagers by @dnwe in https://github.com/IBM/sarama/pull/3346

Full Changelog: IBM/sarama@v1.46.2...v1.46.3

`v1.46.2`: Version 1.46.2 (2025-10-10)

Compare Source

What's Changed

A big focus on improving our support for newer protocol versions in this release, particularly supporting a wider range of flexible versions

🎉 New Features / Improvements

chore: support V5 ListOffsets by @dnwe in https://github.com/IBM/sarama/pull/3308
feat: support DeleteGroups V2 protocol by @hindessm in https://github.com/IBM/sarama/pull/3320
feat: support DeleteTopics V4 protocol by @hindessm in https://github.com/IBM/sarama/pull/3321
feat: support CreateTopics V5 protocol by @hindessm in https://github.com/IBM/sarama/pull/3322
feat: support IncrementalAlterConfigs V1 protocol by @hindessm in https://github.com/IBM/sarama/pull/3319
feat: support DescribeGroups V5 protocol by @hindessm in https://github.com/IBM/sarama/pull/3331
feat: support SyncGroup V4 protocol by @hindessm in https://github.com/IBM/sarama/pull/3332
feat: support LeaveGroup V4 protocol by @hindessm in https://github.com/IBM/sarama/pull/3334
feat: support Heartbeat V4 protocol by @hindessm in https://github.com/IBM/sarama/pull/3335
feat: support JoinGroup V6 protocol by @hindessm in https://github.com/IBM/sarama/pull/3339
feat: support DescribeClientQuotas V1 protocol by @dnwe in https://github.com/IBM/sarama/pull/3342

🐛 Fixes

fix: update map rather than create a new map by @hindessm in https://github.com/IBM/sarama/pull/3302
fix: metadata_response valid version range by @hindessm in https://github.com/IBM/sarama/pull/3304
fix: add V4 as valid CreateTopicsResponse by @dnwe in https://github.com/IBM/sarama/pull/3305
fix: correct requiredVersion for DescribeLogDirsResponse by @dnwe in https://github.com/IBM/sarama/pull/3306
fix: extend TestAllocateBodyProtocolVersions for more testing by @dnwe in https://github.com/IBM/sarama/pull/3307
fix: non-flexible ElectLeadersRequest V0/V1 encode/decode by @hindessm in https://github.com/IBM/sarama/pull/3312
fix: make alterPartitionReassignmentsBlock consistent by @hindessm in https://github.com/IBM/sarama/pull/3313
fix: correct decodeRequest bytesRead return value by @hindessm in https://github.com/IBM/sarama/pull/3314
fix: decoder issues by @hindessm in https://github.com/IBM/sarama/pull/3327
fix: improve KIP-511 behaviour on older Kafka clusters by @dnwe in https://github.com/IBM/sarama/pull/3328
fix: return correct error when encoding by @hindessm in https://github.com/IBM/sarama/pull/3333
fix: correct ApiVersionsResponse handling of ErrUnsupportedVersion by @dnwe in https://github.com/IBM/sarama/pull/3337

📦 Dependency updates

chore(deps): update ossf/scorecard-action action to v2.4.3 by @renovate[bot] inhttps://github.com/IBM/sarama/pull/33188
fix(deps): update module golang.org/x/net to v0.46.0 by @renovate[bot] inhttps://github.com/IBM/sarama/pull/33433

🔧 Maintenance

chore: remove redundant insufficient data checks by @hindessm in https://github.com/IBM/sarama/pull/3300
refactor: use struct rather than map with one entry by @hindessm in https://github.com/IBM/sarama/pull/3301
chore(ci): adopt gotestsum and re-run flakes by @dnwe in https://github.com/IBM/sarama/pull/3311
refactor: Flexible encoding/decoding refactoring by @hindessm in https://github.com/IBM/sarama/pull/3317
chore(fvt): refactor docker-compose and support KRaft by @dnwe in https://github.com/IBM/sarama/pull/3323
fix(fvt): simplify retry using testify's EventuallyWithT by @dnwe in https://github.com/IBM/sarama/pull/3324
chore: add 3.9.1 and 4.1.0 version constants and FVT by @dnwe in https://github.com/IBM/sarama/pull/3325
refactor: get/put for KError by @hindessm in https://github.com/IBM/sarama/pull/3326
refactor: get/put for throttle time ms time.Duration by @hindessm in https://github.com/IBM/sarama/pull/3330
chore(fvt): improve testFuncConsumerGroupMember by @dnwe in https://github.com/IBM/sarama/pull/3329

➕ Other Changes

fix(fvt): check err before usage by @dnwe in https://github.com/IBM/sarama/pull/3338

Full Changelog: IBM/sarama@v1.46.1...v1.46.2

`v1.46.1`: Version 1.46.1 (2025-09-18)

Compare Source

[!NOTE]
The go.mod directive has been bumped to 1.24.0 as the minimum version of Go required for the module. This was necessary to continue to receive updates from some of the third party dependencies that Sarama makes use of.

What's Changed

🎉 New Features / Improvements

feat: support more describe log dirs versions (V2-V4) by @hindessm in https://github.com/IBM/sarama/pull/3293
feat: support V5 ListConsumerGroups protocol by @hindessm in https://github.com/IBM/sarama/pull/3292
feat: add SASLv1 support for Kerberos by @dnwe in https://github.com/IBM/sarama/pull/3279

🐛 Fixes

fix: add read deadline to tls write by @bvalente in https://github.com/IBM/sarama/pull/3283

📦 Dependency updates

chore(deps): bump go directive to 1.24.0 and golang.org/x/{crypto,net,sync} by @dependabot[bot] inhttps://github.com/IBM/sarama/pull/32888
chore(deps): bump the golang-x group across 6 directories with 1 update by @dependabot[bot] inhttps://github.com/IBM/sarama/pull/32911
chore(deps): bump github.com/stretchr/testify from 1.11.0 to 1.11.1 by @dependabot[bot] inhttps://github.com/IBM/sarama/pull/32744

🔧 Maintenance

chore: refactor to use modern atomic types by @Sahil-4555 in https://github.com/IBM/sarama/pull/3277
chore: pre-commit autoupdate to latest by @dnwe in https://github.com/IBM/sarama/pull/3278
chore: apply modernize fixes from gopls by @dnwe in https://github.com/IBM/sarama/pull/3297
chore(config): update comments of sarama.Config.Metadata.SingleFlight by @gunli in https://github.com/IBM/sarama/pull/3296
chore(client): update comments of client methods by @gunli in https://github.com/IBM/sarama/pull/3295

New Contributors

@Sahil-4555 made their first contribution in https://github.com/IBM/sarama/pull/3277
@bvalente made their first contribution in https://github.com/IBM/sarama/pull/3283
@gunli made their first contribution in https://github.com/IBM/sarama/pull/3296

Full Changelog: IBM/sarama@v1.46.0...v1.46.1

`v1.46.0`: Version 1.46.0 (2025-08-25)

Compare Source

[!NOTE]
This release contains significant changes. Notably Sarama will now use the ApiVersionRequest response from each broker to aid in selecting the protocol version to use. The existing Version field in sarama.Config will continue to provide a "pinning" mechanism, but can safely be set to a maximum or higher value than the remote cluster and sarama will sensibly pick compatible versions. There is also a performance improvement relating to MetadataRequests whereby Sarama will avoid having more than a single request to each broker in-flight at any given time. These new (optimal) behaviour is on by default can be opt-ed out via the Metadata.SingleFlight field in Config.

What's Changed

🎉 New Features / Improvements

feat(protocol): negotiate API versions by @trapped in https://github.com/IBM/sarama/pull/3209
feat: option to group metadata refreshes so only one is in-flight at a time by @cupcicm in https://github.com/IBM/sarama/pull/3225
feat: use singleflight metadata by default by @dnwe in https://github.com/IBM/sarama/pull/3231
feat(protocol): support CreateTopicRequest V4 by @dnwe in https://github.com/IBM/sarama/pull/3238
feat: always send ApiVersionsRequest and fallback to v0 by @dnwe in https://github.com/IBM/sarama/pull/3234

🐛 Fixes

fix(consumer): stuck on the batch with zero records length by @sterligov in https://github.com/IBM/sarama/pull/3221
fix: sync response header version to clamped request header by @trapped in https://github.com/IBM/sarama/pull/3223
fix(decoder): handle null arrays correctly by @dnwe in https://github.com/IBM/sarama/pull/3144
fix: hardcode lz4 writer blocksize to 64kb by @dnwe in https://github.com/IBM/sarama/pull/3258

📦 Dependency updates

chore(deps): bump the golang-x group across 1 directory with 2 updates by @dependabot[bot] inhttps://github.com/IBM/sarama/pull/31855
chore(deps): bump the golang-x group across 7 directories with 2 updates by @dependabot[bot] inhttps://github.com/IBM/sarama/pull/32199
fix(deps): update module golang.org/x/net to v0.43.0 by @renovate[bot] inhttps://github.com/IBM/sarama/pull/32444
chore(deps): bump the golang-x group across 6 directories with 1 update by @dependabot[bot] inhttps://github.com/IBM/sarama/pull/32622
chore(deps): update github/codeql-action action to v3.29.9 by @renovate[bot] inhttps://github.com/IBM/sarama/pull/32422
fix(deps): update github.com/rcrowley/go-metrics digest to 65e299d by @renovate[bot] inhttps://github.com/IBM/sarama/pull/31644
fix(deps): update module github.com/stretchr/testify to v1.11.0 by @renovate[bot] inhttps://github.com/IBM/sarama/pull/32688
chore(deps): update docker/bake-action action to v6.9.0 by @renovate[bot] inhttps://github.com/IBM/sarama/pull/32644

🔧 Maintenance

chore(lint): enable copyloopvar by @alexandear in https://github.com/IBM/sarama/pull/3214
chore: fix inconsistent function name in comment by @stellrust in https://github.com/IBM/sarama/pull/3227
chore(style): refactor compress.go for readability by @dnwe in https://github.com/IBM/sarama/pull/3260
chore: replace unnecessary go-multierror dependency by @bestbug456 in https://github.com/IBM/sarama/pull/3243

New Contributors

@ibm-mend-app[bot] made their first contribution inhttps://github.com/IBM/sarama/pull/32011
@alexandear made their first contribution in https://github.com/IBM/sarama/pull/3214
@trapped made their first contribution in https://github.com/IBM/sarama/pull/3209
@cupcicm made their first contribution in https://github.com/IBM/sarama/pull/3225
@sterligov made their first contribution in https://github.com/IBM/sarama/pull/3221
@stellrust made their first contribution in https://github.com/IBM/sarama/pull/3227
@bestbug456 made their first contribution in https://github.com/IBM/sarama/pull/3243

Full Changelog: IBM/sarama@v1.45.2...v1.46.0

ThreeDotsLabs/watermill (github.com/ThreeDotsLabs/watermill)

ThreeDotsLabs/watermill-aws (github.com/ThreeDotsLabs/watermill-aws)

`v1.0.1`

Compare Source

What's Changed

Do not create SQS queue if DoNotCreateQueueIfNotExists config is true by @Orbsynated in https://github.com/ThreeDotsLabs/watermill-aws/pull/19
Add SQS MessageId as Watermill message UUID by @seamusv in https://github.com/ThreeDotsLabs/watermill-aws/pull/20
speedup tests by @roblaszczak in https://github.com/ThreeDotsLabs/watermill-aws/pull/21

New Contributors

@Orbsynated made their first contribution in https://github.com/ThreeDotsLabs/watermill-aws/pull/19
@seamusv made their first contribution in https://github.com/ThreeDotsLabs/watermill-aws/pull/20

Full Changelog: ThreeDotsLabs/watermill-aws@v1.0.0...v1.0.1

ThreeDotsLabs/watermill-kafka (github.com/ThreeDotsLabs/watermill-kafka/v3)

`v3.1.2`

Compare Source

What's Changed

Wait for topic by @m110 in https://github.com/ThreeDotsLabs/watermill-kafka/pull/40
Introduce SubscribeInitializeWithContext - same as SubscribeInitialize but you can pass context.Context to manage deadlines/timeouts.
SubscribeInitialize now waits for all partitions of the topic to be created across brokers. This means once the function returns, the topic is ready for consumers to connect. This can be disabled with DoNotWaitForTopicCreation.

Full Changelog: ThreeDotsLabs/watermill-kafka@v3.1.1...v3.1.2

`v3.1.1`

Compare Source

What's Changed

Default to DefaultMarshaler when not passed by @m110 in https://github.com/ThreeDotsLabs/watermill-kafka/pull/39

Full Changelog: ThreeDotsLabs/watermill-kafka@v3.1.0...v3.1.1

`v3.1.0`

Compare Source

What's Changed

use saram defaults (version = sarama.DefaultVersion) by @jgersdorf in https://github.com/ThreeDotsLabs/watermill-kafka/pull/38

New Contributors

@jgersdorf made their first contribution in https://github.com/ThreeDotsLabs/watermill-kafka/pull/38

Full Changelog: ThreeDotsLabs/watermill-kafka@v3.0.6...v3.1.0

ajg/form (github.com/ajg/form)

`v1.7.1`

Compare Source

What's Changed

Add cycle detection to the encoder by @ajg in https://github.com/ajg/form/pull/33

Full Changelog: ajg/form@v1.7.0...v1.7.1

`v1.7.0`

Compare Source

What's Changed

[Issue #14] Add JSON-style conflict resolution for promoted anonymous struct fields by @ajg in https://github.com/ajg/form/pull/32
Add EncodeToStringWith and EncodeToValuesWith convenience functions by @ajg in https://github.com/ajg/form/pull/16

Full Changelog: ajg/form@v1.6...v1.7.0

`v1.6.1`

Compare Source

What's Changed

two features by @godblesshugh in https://github.com/ajg/form/pull/19
Modernize for Go 1.17 to 1.21+ and add GitHub Actions CI by @silviogutierrez in https://github.com/ajg/form/pull/30
Add OmitEmpty option to Encoder by @silviogutierrez in https://github.com/ajg/form/pull/29
Add multi-version Go testing to CI by @silviogutierrez in https://github.com/ajg/form/pull/31

New Contributors

@godblesshugh made their first contribution in https://github.com/ajg/form/pull/19
@silviogutierrez made their first contribution in https://github.com/ajg/form/pull/30

Full Changelog: ajg/form@v1.5.1...v1.6.1

aws/aws-sdk-go-v2 (github.com/aws/aws-sdk-go-v2)

`v1.41.4`

Compare Source

`v1.41.3`

Compare Source

`v1.41.2`

Compare Source

`v1.41.1`

Compare Source

[`v1.41.0`](https://redirect.github.com/aws/a

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

NumaryBot · 2026-03-20T03:11:20Z

⚠️ Artifact update problem

Renovate failed to update artifacts related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

any of the package files in this branch needs updating, or
the branch becomes conflicted, or
you click the rebase/retry checkbox if found above, or
you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: go.sum

Command failed: go get -d -t ./...
go: downloading go1.24.10 (linux/amd64)
go: -d flag is deprecated. -d=true is a no-op
go: errors parsing go.mod:
go.mod:83:2: require github.com/go-chi/chi: version "v4.1.3" invalid: should be v0 or v1, not v4

File name: undefined

Command failed: just pre-commit
go: downloading go1.24.10 (linux/amd64)
go: errors parsing go.mod:
go.mod:83:2: require github.com/go-chi/chi: version "v4.1.3" invalid: should be v0 or v1, not v4
error: Recipe `generate` failed on line 16 with exit code 1

coderabbitai · 2026-03-20T03:11:51Z

Important

Review skipped

Review was skipped due to path filters

⛔ Files ignored due to path filters (1)

go.mod is excluded by !**/*.mod

CodeRabbit blocks several paths by default. You can override this behavior by explicitly including those paths in the path filters. For example, including **/dist/** will override the default block on the dist directory, by removing the pattern from both the lists.

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: d9c4f379-6bc5-4f9e-aa44-8366924d0d82

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

🔍 Trigger review

✨ Finishing Touches

🧪 Generate unit tests (beta)

Create PR with unit tests
Commit unit tests in branch renovate/security

📝 Coding Plan

Generate coding plan for human review comments

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

flemzord · 2026-03-20T07:06:29Z

Closed automatically: bulk NumaryBot security cleanup

chore(deps): update security updates

89cfc62

NumaryBot requested a review from a team as a code owner March 20, 2026 03:11

NumaryBot added the security label Mar 20, 2026

NumaryBot requested a review from a team March 20, 2026 03:11

flemzord approved these changes Mar 20, 2026

View reviewed changes

flemzord closed this Mar 20, 2026

NumaryBot deleted the renovate/security branch March 20, 2026 07:17

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): update security updates#94

chore(deps): update security updates#94
NumaryBot wants to merge 1 commit intomainfrom
renovate/security

NumaryBot commented Mar 20, 2026

Uh oh!

NumaryBot commented Mar 20, 2026

Uh oh!

coderabbitai bot commented Mar 20, 2026

Review skipped

Uh oh!

flemzord commented Mar 20, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Conversation

NumaryBot commented Mar 20, 2026

Release Notes

v1.47.0: Version 1.47.0 (2026-02-27)

What's Changed

🎉 New Features / Improvements

🐛 Fixes

🔧 Maintenance

📦 Dependency updates

New Contributors

v1.46.3: Version 1.46.3 (2025-10-26)

What's Changed

🐛 Fixes

📦 Dependency updates

🔧 Maintenance

v1.46.2: Version 1.46.2 (2025-10-10)

What's Changed

🎉 New Features / Improvements

🐛 Fixes

📦 Dependency updates

🔧 Maintenance

➕ Other Changes

v1.46.1: Version 1.46.1 (2025-09-18)

What's Changed

🎉 New Features / Improvements

🐛 Fixes

📦 Dependency updates

🔧 Maintenance

New Contributors

v1.46.0: Version 1.46.0 (2025-08-25)

What's Changed

🎉 New Features / Improvements

🐛 Fixes

📦 Dependency updates

🔧 Maintenance

New Contributors

What's Changed

What's Changed

New Contributors

What's Changed

New Contributors

What's Changed

What's Changed

What's Changed

New Contributors

What's Changed

What's Changed

What's Changed

New Contributors

[v1.41.0](https://redirect.github.com/aws/a

Configuration

Uh oh!

NumaryBot commented Mar 20, 2026

⚠️ Artifact update problem

File name: go.sum

File name: undefined

Uh oh!

coderabbitai bot commented Mar 20, 2026

Review skipped

Uh oh!

flemzord commented Mar 20, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

`v1.47.0`: Version 1.47.0 (2026-02-27)

`v1.46.3`: Version 1.46.3 (2025-10-26)

`v1.46.2`: Version 1.46.2 (2025-10-10)

`v1.46.1`: Version 1.46.1 (2025-09-18)

`v1.46.0`: Version 1.46.0 (2025-08-25)

[`v1.41.0`](https://redirect.github.com/aws/a