Skip to content

build(deps): bump the production-dependencies group across 1 directory with 4 updates#449

Merged
josephwoodward merged 1 commit into
mainfrom
dependabot/go_modules/production-dependencies-086a569bf0
Jun 25, 2026
Merged

build(deps): bump the production-dependencies group across 1 directory with 4 updates#449
josephwoodward merged 1 commit into
mainfrom
dependabot/go_modules/production-dependencies-086a569bf0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 15, 2026

Copy link
Copy Markdown
Contributor

Bumps the production-dependencies group with 2 updates in the / directory: github.com/pierrec/lz4/v4 and golang.org/x/crypto.

Updates github.com/pierrec/lz4/v4 from 4.1.26 to 4.1.27

Release notes

Sourced from github.com/pierrec/lz4/v4's releases.

v4.1.27

What's Changed

New Contributors

Full Changelog: pierrec/lz4@v4.1.26...v4.1.27

Commits
  • a296161 Merge pull request #243 from honeycombio/lizf.arm64-shortcut
  • 17a7cd8 Merge pull request #245 from serprex/fix-read-eof-regression
  • a9333c3 set err to nil after ReadFull returns io.EOF
  • 903773a Merge branch 'v4' into lizf.arm64-shortcut
  • 2f2b6bb Merge pull request #244 from honeycombio/lizf.ci-refresh
  • 91e8b6f arm64: call runtime·memmove for long, non-overlapping match copies
  • 0894170 arm64: widen copyMatchLoop8 to 16 bytes/iter for offset >= 32
  • f6dea62 arm64: LDP/STP fast path for shortcut match copy when offset >= 18
  • 4ce77f3 arm64: widen splat store from 8 to 16 bytes per iter
  • 5f0a641 ci: refresh Go matrix to 1.24-1.26 and bump actions
  • Additional commits viewable in compare view

Updates golang.org/x/crypto from 0.52.0 to 0.53.0

Commits
  • 45460e0 go.mod: update golang.org/x dependencies
  • d37c95e pkcs12: limit PBKDF iteration count to prevent CPU exhaustion
  • e2ffffe ssh: reject incomplete gssapi-with-mic configurations
  • 60e158a ssh/test: isolate CLI tests from user SSH config and agent
  • 1b77d23 ssh/knownhosts: reject lines with multiple or unknown markers
  • 3872a2b ssh/knownhosts: verify declared key type matches decoded key
  • 9f72ecc ssh/knownhosts: treat only ASCII space and tab as whitespace
  • 8f405a4 ssh: validate ECDSA curve matches expected algorithm
  • bb41b3d ssh: improve DH GEX group selection using PreferredBits
  • e04e721 ssh/agent: validate ed25519 private key length in Add
  • Additional commits viewable in compare view

Updates golang.org/x/sync from 0.20.0 to 0.21.0

Commits

Updates golang.org/x/text from 0.37.0 to 0.38.0

Commits

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Jun 15, 2026
…y with 4 updates

Bumps the production-dependencies group with 2 updates in the / directory: [github.com/pierrec/lz4/v4](https://github.com/pierrec/lz4) and [golang.org/x/crypto](https://github.com/golang/crypto).


Updates `github.com/pierrec/lz4/v4` from 4.1.26 to 4.1.27
- [Release notes](https://github.com/pierrec/lz4/releases)
- [Commits](pierrec/lz4@v4.1.26...v4.1.27)

Updates `golang.org/x/crypto` from 0.52.0 to 0.53.0
- [Commits](golang/crypto@v0.52.0...v0.53.0)

Updates `golang.org/x/sync` from 0.20.0 to 0.21.0
- [Commits](golang/sync@v0.20.0...v0.21.0)

Updates `golang.org/x/text` from 0.37.0 to 0.38.0
- [Release notes](https://github.com/golang/text/releases)
- [Commits](golang/text@v0.37.0...v0.38.0)

---
updated-dependencies:
- dependency-name: github.com/pierrec/lz4/v4
  dependency-version: 4.1.27
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-dependencies
- dependency-name: golang.org/x/crypto
  dependency-version: 0.53.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-dependencies
- dependency-name: golang.org/x/sync
  dependency-version: 0.21.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-dependencies
- dependency-name: golang.org/x/text
  dependency-version: 0.38.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/go_modules/production-dependencies-086a569bf0 branch from 3db6f9e to 32f106f Compare June 22, 2026 12:04
@josephwoodward josephwoodward merged commit ce9f409 into main Jun 25, 2026
3 of 4 checks passed
@dependabot dependabot Bot deleted the dependabot/go_modules/production-dependencies-086a569bf0 branch June 25, 2026 11:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file go Pull requests that update Go code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant