Skip to content

Bump the go-deps group across 1 directory with 2 updates#74

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/go_modules/go-deps-30c068164f
Open

Bump the go-deps group across 1 directory with 2 updates#74
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/go_modules/go-deps-30c068164f

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Mar 16, 2026
edited
Loading

Bumps the go-deps group with 2 updates in the / directory: gofr.dev and golang.org/x/text.

Updates gofr.dev from 1.54.4 to 1.55.0

Release notes

Sourced from gofr.dev's releases.

v1.55.0

Release v1.55.0

🚀 Features

Native GraphQL Support

GoFr now provides first-class GraphQL support using a schema-first approach. Define your API contract in ./configs/schema.graphqls, register resolvers with app.GraphQLQuery() and app.GraphQLMutation(), and GoFr handles execution, validation, tracing, and metrics automatically.

  • Single Endpoint: All operations served at POST /graphql
  • Interactive Playground: Auto-hosted at /.well-known/graphql/ui
  • Full Observability: Per-resolver OpenTelemetry tracing, operation-level metrics (app_graphql_operations_total, app_graphql_error_total, app_graphql_request_duration), and structured logs aligned with GoFr's existing format
  • Operation Name Extraction: Automatically parses resolver names from the query AST for meaningful metric labels, even for anonymous operations
  • Grafana Dashboard: GraphQL panels added to the standard GoFr dashboard with Response Time SLA, Request/Error Count, and Latency breakdowns by operation and type

gRPC Rate Limiter

Built-in rate limiter interceptors for gRPC using a token bucket algorithm, supporting both unary and streaming RPCs.

  • Per-IP Rate Limiting: Each client IP gets its own rate limit bucket
  • Shared or Separate Budgets: Use a single store for combined limits or independent configs per call type
  • Prometheus Metrics: Track violations via app_grpc_rate_limit_exceeded_total counter
  • Returns RESOURCE_EXHAUSTED with retry-after metadata on limit exceeded

GCS Metadata Upload and Signed URL Generation

Google Cloud Storage now supports cloud-specific operations beyond the standard filesystem interface.

  • CreateWithOptions: Upload files with custom Content-Type, Content-Disposition, and arbitrary metadata
  • GenerateSignedURL: Create time-limited, pre-authenticated download URLs
  • file.AsCloud(): Safe type assertion helper to check cloud support

🔧 Enhancements

NATS OpenTelemetry Span Links

Added span link support for NATS JetStream PubSub operations, providing distributed tracing visibility into publish, subscribe, and commit operations.

gRPC Observability Improvements

Client-side errors (e.g., InvalidArgument, NotFound, ResourceExhausted) are no longer logged at ERROR level — only server-side errors are. This reduces log noise in production.

🛠️ Fixes

  • Migration Race Condition — Fixed a race condition where multiple pods starting simultaneously could execute the same migration concurrently. The migration state is now re-verified under the distributed lock before execution, preventing duplicate runs in multi-instance deployments.

  • Zipkin Deprecation WarningTRACE_EXPORTER=zipkin now logs an actionable deprecation warning with migration instructions to OTLP (Zipkin supports OTLP natively since v2.24+).

  • CI Workflow Updates — Bumped Docker GitHub Actions (setup-buildx-action, login-action) from v3 to v4 in website deployment workflows.

v1.54.6

Release v1.54.6

🛠️ Fixes

  • PubSub Migration Conflict Resolution

Resolved an issue where the PubSub Migrator, particularly with Redis Streams, incorrectly reported migration versions based on historical data on the message bus.

  • Decoupled Versioning: Made PubSub non-authoritative for migration state by removing it from the version chain. Migration tracking is now strictly confined to primary data stores that support atomicity and locking.

... (truncated)

Commits
  • 28fac0d Merge pull request #3148 from gofr-dev/release/v2.0.0
  • b2698c4 Update version.go
  • c8f2486 merge: resolve version conflict with main
  • f226c72 chore: bump version to v2.0.0
  • ad32940 Add GraphQL Support (#2901)
  • 54a0c91 feat(pubsub): add span links in NATS (#3103)
  • 4571720 feat(rpc): Implement GRPC rate limiter (#3042)
  • 3d9561b feat(file/gcs): add metadata upload and signed URL generation support (#3036)
  • 19e97e7 fix: re-fetch lastMigration under lock to prevent migration race condition (#...
  • ca66e67 fix: add actionable deprecation warning for zipkin trace exporter (#3140)
  • Additional commits viewable in compare view

Updates golang.org/x/text from 0.34.0 to 0.35.0

Commits
  • 7ca2c6d go.mod: update golang.org/x dependencies
  • 73d1ba9 all: upgrade go directive to at least 1.25.0 [generated]
  • See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Bump the go-deps group across 1 directory with 2 updates
3b54da4 
Bumps the go-deps group with 2 updates in the / directory: [gofr.dev](https://github.com/gofr-dev/gofr) and [golang.org/x/text](https://github.com/golang/text).


Updates `gofr.dev` from 1.54.4 to 1.55.0
- [Release notes](https://github.com/gofr-dev/gofr/releases)
- [Commits](gofr-dev/gofr@v1.54.4...v1.55.0)

Updates `golang.org/x/text` from 0.34.0 to 0.35.0
- [Release notes](https://github.com/golang/text/releases)
- [Commits](golang/text@v0.34.0...v0.35.0)

---
updated-dependencies:
- dependency-name: gofr.dev
  dependency-version: 1.55.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-deps
- dependency-name: golang.org/x/text
  dependency-version: 0.35.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-deps
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update go code labels Mar 16, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file go Pull requests that update go code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants