Bump the go-dependencies group across 1 directory with 4 updates by dependabot[bot] · Pull Request #118 · basecamp/thruster

dependabot · 2026-03-20T23:34:27Z

Bumps the go-dependencies group with 3 updates in the / directory: github.com/klauspost/compress, github.com/stretchr/testify and golang.org/x/crypto.

Updates github.com/klauspost/compress from 1.18.2 to 1.18.6

Release notes

Sourced from github.com/klauspost/compress's releases.

v1.18.6

What's Changed

s2: Fix amd64 stack frame corruption by @klauspost in klauspost/compress#1145

gzhttp: Canonicalize ETag header by @justinmayhew in klauspost/compress#1139

perf: pool hash tables in Go encode paths to reduce allocations by @huynhanx03 in klauspost/compress#1143

New Contributors

@justinmayhew made their first contribution in klauspost/compress#1139

@huynhanx03 made their first contribution in klauspost/compress#1143

@thaJeztah made their first contribution in klauspost/compress#1144

Full Changelog: klauspost/compress@v1.18.5...v1.18.6

v1.18.5

What's Changed

zstd: Fix crash when changing encoder dictionary with same ID by @klauspost in klauspost/compress#1135

zstd: Default to full zero frames by @klauspost in klauspost/compress#1134

flate: Clean up histogram order by @klauspost in klauspost/compress#1133

Full Changelog: klauspost/compress@v1.18.4...v1.18.5

v1.18.4

What's Changed

gzhttp: Add zstandard to server handler wrapper by @klauspost in klauspost/compress#1121

zstd: Add ResetWithOptions to encoder/decoder by @klauspost in klauspost/compress#1122

gzhttp: preserve qvalue when extra parameters follow in Accept-Encoding by @analytically in klauspost/compress#1116

New Contributors

@analytically made their first contribution in klauspost/compress#1116

@ethaizone made their first contribution in klauspost/compress#1124

@zwass made their first contribution in klauspost/compress#1125

Full Changelog: klauspost/compress@v1.18.2...v1.18.4

v1.18.3

Downstream CVE-2025-61728

See golang/go#77102

Full Changelog: klauspost/compress@v1.18.2...v1.18.3

Commits

ac2f5e8 docs: use unix line-endings for markdown files (#1144)
620d7b5 s2: Fix amd64 stack frame corruption (#1145)
1b63f2f build(deps): bump the github-actions group with 2 updates (#1141)
3d86b89 s2: pool hash tables in Go encode paths to reduce allocations (#1143)
15967de gzhttp: Canonicalize ETag header (#1139)
c5e0077 zstd: Fix encoder changing dictionary with same ID (#1135)
fd3f23e zstd: Default to full zero frames (#1134)
8233c58 flate: Clean up histogram order (#1133)
bcf0d12 build(deps): bump the github-actions group with 3 updates (#1132)
cf758fe ci: Upgrade Go versions, clean up (#1130)
Additional commits viewable in compare view

Updates github.com/stretchr/testify from 1.8.4 to 1.11.1

Release notes

Sourced from github.com/stretchr/testify's releases.

v1.11.1

This release fixes #1785 introduced in v1.11.0 where expected argument values implementing the stringer interface (String() string) with a method which mutates their value, when passed to mock.Mock.On (m.On("Method", <expected>).Return()) or actual argument values passed to mock.Mock.Called may no longer match one another where they previously did match. The behaviour prior to v1.11.0 where the stringer is always called is restored. Future testify releases may not call the stringer method at all in this case.

What's Changed

Backport #1786 to release/1.11: mock: revert to pre-v1.11.0 argument matching behavior for mutating stringers by @brackendawson in stretchr/testify#1788

Full Changelog: stretchr/testify@v1.11.0...v1.11.1

v1.11.0

What's Changed

Functional Changes

v1.11.0 Includes a number of performance improvements.

Call stack perf change for CallerInfo by @mikeauclair in stretchr/testify#1614

Lazily render mock diff output on successful match by @mikeauclair in stretchr/testify#1615

assert: check early in Eventually, EventuallyWithT, and Never by @cszczepaniak in stretchr/testify#1427

assert: add IsNotType by @bartventer in stretchr/testify#1730

assert.JSONEq: shortcut if same strings by @dolmen in stretchr/testify#1754

assert.YAMLEq: shortcut if same strings by @dolmen in stretchr/testify#1755

assert: faster and simpler isEmpty using reflect.Value.IsZero by @dolmen in stretchr/testify#1761

suite: faster methods filtering (internal refactor) by @dolmen in stretchr/testify#1758

Fixes

assert.ErrorAs: log target type by @craig65535 in stretchr/testify#1345

Fix failure message formatting for Positive and Negative asserts in stretchr/testify#1062

Improve ErrorIs message when error is nil but an error was expected by @tsioftas in stretchr/testify#1681

fix Subset/NotSubset when calling with mixed input types by @siliconbrain in stretchr/testify#1729

Improve ErrorAs failure message when error is nil by @ccoVeille in stretchr/testify#1734

mock.AssertNumberOfCalls: improve error msg by @3scalation in stretchr/testify#1743

Documentation, Build & CI

docs: Fix typo in README by @alexandear in stretchr/testify#1688

Replace deprecated io/ioutil with io and os by @alexandear in stretchr/testify#1684

Document consequences of calling t.FailNow() by @greg0ire in stretchr/testify#1710

chore: update docs for Unset #1621 by @techfg in stretchr/testify#1709

README: apply gofmt to examples by @alexandear in stretchr/testify#1687

refactor: use %q and %T to simplify fmt.Sprintf by @alexandear in stretchr/testify#1674

Propose Christophe Colombier (ccoVeille) as approver by @brackendawson in stretchr/testify#1716

Update documentation for the Error function in assert or require package by @architagr in stretchr/testify#1675

assert: remove deprecated build constraints by @alexandear in stretchr/testify#1671

assert: apply gofumpt to internal test suite by @ccoVeille in stretchr/testify#1739

CI: fix shebang in .ci.*.sh scripts by @dolmen in stretchr/testify#1746

assert,require: enable parallel testing on (almost) all top tests by @dolmen in stretchr/testify#1747

suite.Passed: add one more status test report by @Ararsa-Derese in stretchr/testify#1706

Add Helper() method in internal mocks and assert.CollectT by @dolmen in stretchr/testify#1423

assert.Same/NotSame: improve usage of Sprintf by @ccoVeille in stretchr/testify#1742

mock: enable parallel testing on internal testsuite by @dolmen in stretchr/testify#1756

suite: cleanup use of 'testing' internals at runtime by @dolmen in stretchr/testify#1751

assert: check test failure message for Empty and NotEmpty by @ccoVeille in stretchr/testify#1745

... (truncated)

Commits

2a57335 Merge pull request #1788 from brackendawson/1785-backport-1.11
af8c912 Backport #1786 to release/1.11
b7801fb Merge pull request #1778 from stretchr/dependabot/github_actions/actions/chec...
69831f3 build(deps): bump actions/checkout from 4 to 5
a53be35 Improve captureTestingT helper
aafb604 mock: improve formatting of error message
7218e03 improve error msg
929a212 Merge pull request #1758 from stretchr/dolmen/suite-faster-method-filtering
bc7459e suite: faster filtering of methods (-testify.m)
7d37b5c suite: refactor methodFilter
Additional commits viewable in compare view

Updates golang.org/x/crypto from 0.46.0 to 0.51.0

Commits

b8a14a8 go.mod: update golang.org/x dependencies
9d9d507 x509roots/fallback/bundle: fix bundle test with Go 1.27+
fd0b90d acme: include Problem in OrderError.Error
b9e5359 pbkdf2: turn into a wrapper for crypto/pbkdf2
cc0e4fc hkdf: forward Extract to the standard library
a8e9237 x509roots/fallback: update bundle
03ca0dc go.mod: update golang.org/x dependencies
8400f4a ssh: respect signer's algorithm preference in pickSignatureAlgorithm
81c6cb3 ssh: swap cbcMinPaddingSize to cbcMinPacketSize to get encLength
982eaa6 go.mod: update golang.org/x dependencies
Additional commits viewable in compare view

Updates golang.org/x/net from 0.48.0 to 0.53.0

Commits

a8d1fc1 go.mod: update golang.org/x dependencies
056ac74 quic: avoid depending on golang.org/x/sys/unix
c85f611 http3: add http3 package for testing in std
805fc81 http2: add transport API tests
e63b894 http2: support testing via net/http.Transport.RoundTrip
9ee1e48 http2/hpack: prevent HeaderField from escaping during encoding
1e71bd8 http2: prevent hanging Transport due to bad SETTINGS frame
7bca150 internal/http3: respect net/http Server Shutdown context when shutting down
44c41be internal/http3: prevent server from holding mutex when sleeping during shutdown
228a67a internal/http3: add CloseIdleConnections support in transport
Additional commits viewable in compare view

Bumps the go-dependencies group with 3 updates in the / directory: [github.com/klauspost/compress](https://github.com/klauspost/compress), [github.com/stretchr/testify](https://github.com/stretchr/testify) and [golang.org/x/crypto](https://github.com/golang/crypto). Updates `github.com/klauspost/compress` from 1.18.2 to 1.18.6 - [Release notes](https://github.com/klauspost/compress/releases) - [Commits](klauspost/compress@v1.18.2...v1.18.6) Updates `github.com/stretchr/testify` from 1.8.4 to 1.11.1 - [Release notes](https://github.com/stretchr/testify/releases) - [Commits](stretchr/testify@v1.8.4...v1.11.1) Updates `golang.org/x/crypto` from 0.46.0 to 0.51.0 - [Commits](golang/crypto@v0.46.0...v0.51.0) Updates `golang.org/x/net` from 0.48.0 to 0.53.0 - [Commits](golang/net@v0.48.0...v0.53.0) --- updated-dependencies: - dependency-name: github.com/klauspost/compress dependency-version: 1.18.4 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go-dependencies - dependency-name: github.com/stretchr/testify dependency-version: 1.11.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-dependencies - dependency-name: golang.org/x/crypto dependency-version: 0.49.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-dependencies - dependency-name: golang.org/x/net dependency-version: 0.51.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-dependencies ... Signed-off-by: dependabot[bot] <support@github.com>

Copilot

Copilot encountered an error and was unable to review this pull request. You can try again by re-requesting a review.

dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update go code labels Mar 20, 2026

dependabot Bot requested review from Copilot and removed request for Copilot March 20, 2026 23:34

dependabot Bot force-pushed the dependabot/go_modules/go-dependencies-0018fded97 branch from e8ee4fe to 0993d18 Compare March 27, 2026 09:53

dependabot Bot requested review from Copilot and removed request for Copilot March 27, 2026 09:53

dependabot Bot changed the title ~~Bump the go-dependencies group with 4 updates~~ Bump the go-dependencies group across 1 directory with 4 updates May 22, 2026

Copilot AI review requested due to automatic review settings May 22, 2026 10:00

dependabot Bot force-pushed the dependabot/go_modules/go-dependencies-0018fded97 branch from 0993d18 to 4a94a09 Compare May 22, 2026 10:00

Copilot AI reviewed May 22, 2026

View reviewed changes

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump the go-dependencies group across 1 directory with 4 updates#118

Bump the go-dependencies group across 1 directory with 4 updates#118
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/go_modules/go-dependencies-0018fded97

dependabot Bot commented on behalf of github Mar 20, 2026 •

edited

Loading

Uh oh!

Copilot AI left a comment

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Conversation

dependabot Bot commented on behalf of github Mar 20, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

v1.18.6

What's Changed

New Contributors

v1.18.5

What's Changed

v1.18.4

What's Changed

New Contributors

v1.18.3

v1.11.1

What's Changed

v1.11.0

What's Changed

Functional Changes

Fixes

Documentation, Build & CI

Uh oh!

Copilot AI left a comment

Choose a reason for hiding this comment

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

dependabot Bot commented on behalf of github Mar 20, 2026 •

edited

Loading