Skip to content

chore(deps)(deps): bump the all-dependencies group with 8 updates#139

Merged
YoshihitoAso merged 1 commit intodev-2.7from
dependabot/go_modules/all-dependencies-5d0f6485c9
Mar 17, 2026
Merged

chore(deps)(deps): bump the all-dependencies group with 8 updates#139
YoshihitoAso merged 1 commit intodev-2.7from
dependabot/go_modules/all-dependencies-5d0f6485c9

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Mar 17, 2026

Bumps the all-dependencies group with 8 updates:

Package From To
github.com/consensys/gnark-crypto 0.20.0 0.20.1
github.com/urfave/cli/v2 2.27.5 2.27.7
golang.org/x/crypto 0.48.0 0.49.0
golang.org/x/sync 0.19.0 0.20.0
golang.org/x/sys 0.41.0 0.42.0
golang.org/x/text 0.34.0 0.35.0
golang.org/x/time 0.9.0 0.15.0
google.golang.org/protobuf 1.36.10 1.36.11

Updates github.com/consensys/gnark-crypto from 0.20.0 to 0.20.1

Release notes

Sourced from github.com/consensys/gnark-crypto's releases.

v0.20.1

This release contains correctness fix for vector multiplication using IFMA, see #816. Users of ecc/bls12-377/fr, ecc/bls12-381/fr, ecc/bls24-315/fr, ecc/bn254/fr, ecc/bn254/fp, ecc/grumpkin/fr, ecc/grumpkin/fp, ecc/stark-curve/fr and ecc/stark-curve/fp using v0.20.0 should upgrade to avoid incorrect computation results.

What's Changed

Full Changelog: Consensys/gnark-crypto@v0.20.0...v0.20.1

Changelog

Sourced from github.com/consensys/gnark-crypto's changelog.

[v0.20.1] - 2026-03-16

Fix

  • correct IFMA vector mul carry propagation (#816)
Commits
  • 49879af release: v0.20.1 (#818)
  • d932506 deps(actions)(deps): bump actions/setup-go from 6.2.0 to 6.3.0 in the core-ac...
  • be4aeba fix: correct IFMA vector mul carry propagation (#816)
  • See full diff in compare view

Updates github.com/urfave/cli/v2 from 2.27.5 to 2.27.7

Release notes

Sourced from github.com/urfave/cli/v2's releases.

v2.27.7

What's Changed

Full Changelog: urfave/cli@v2.27.6...v2.27.7

v2.27.6

What's Changed

Full Changelog: urfave/cli@v2.27.5...v2.27.6

Commits
  • 19b951a Merge pull request #2159 from urfave/v2-deps-up
  • dd134b5 Update dependencies in v2 series
  • 347cd02 Merge pull request #2157 from urfave/v2-not-dependabot
  • 0acf2e4 Dependabot does not work like this (v2)
  • c7bc0a9 Merge pull request #2154 from urfave/v2-dependabot-maybe
  • 6ec0368 Is this file needed on each release branch? (v2)
  • 9d76d15 Merge pull request #2070 from dearchap/issue_2069
  • 4abc9c3 Fix:(issue_2069) Add sep for string slice
  • 3b17080 Merge pull request #2015 from urfave/update_docs_v2
  • 1e15e30 Update cli.yml
  • Additional commits viewable in compare view

Updates golang.org/x/crypto from 0.48.0 to 0.49.0

Commits
  • 982eaa6 go.mod: update golang.org/x dependencies
  • 159944f ssh,acme: clean up tautological/impossible nil conditions
  • a408498 acme: only require prompt if server has terms of service
  • cab0f71 all: upgrade go directive to at least 1.25.0 [generated]
  • 2f26647 x509roots/fallback: update bundle
  • See full diff in compare view

Updates golang.org/x/sync from 0.19.0 to 0.20.0

Commits
  • ec11c4a errgroup: fix a typo in the documentation
  • 1a58307 all: modernize interface{} -> any
  • 3172ca5 all: upgrade go directive to at least 1.25.0 [generated]
  • See full diff in compare view

Updates golang.org/x/sys from 0.41.0 to 0.42.0

Commits
  • eaaaaee windows/registry: correct KeyInfo.ModTime calculation
  • 942780b cpu: darwin/arm64 feature detection
  • acef388 unix/linux: Prefixmsg and PrefixCacheinfo structs
  • 3687fbd cpu: better defaults on darwin ARM64
  • 48062e9 plan9: change Note to alias syscall.Note
  • 4f23f80 windows: change Signal to alias syscall.Signal
  • 7548802 all: upgrade go directive to at least 1.25.0 [generated]
  • See full diff in compare view

Updates golang.org/x/text from 0.34.0 to 0.35.0

Commits
  • 7ca2c6d go.mod: update golang.org/x dependencies
  • 73d1ba9 all: upgrade go directive to at least 1.25.0 [generated]
  • See full diff in compare view

Updates golang.org/x/time from 0.9.0 to 0.15.0

Commits
  • 812b343 all: upgrade go directive to at least 1.25.0 [generated]
  • 2b4e439 rate: use time.Time.Equal instead of ==
  • c0b0320 all: upgrade go directive to at least 1.24.0 [generated]
  • 1616a7f rate: skip time.Now call in Sometimes.Do unless necessary
  • 0c50ed8 all: upgrade go directive to at least 1.23.0 [generated]
  • 66520f6 rate: simplify function advance only returns new Tokens to caller
  • 2c6c5a2 rate: prevent overflows when calculating durationFromTokens
  • See full diff in compare view

Updates google.golang.org/protobuf from 1.36.10 to 1.36.11

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
chore(deps)(deps): bump the all-dependencies group with 8 updates
27dab9f 
Bumps the all-dependencies group with 8 updates:

| Package | From | To |
| --- | --- | --- |
| [github.com/consensys/gnark-crypto](https://github.com/consensys/gnark-crypto) | `0.20.0` | `0.20.1` |
| [github.com/urfave/cli/v2](https://github.com/urfave/cli) | `2.27.5` | `2.27.7` |
| [golang.org/x/crypto](https://github.com/golang/crypto) | `0.48.0` | `0.49.0` |
| [golang.org/x/sync](https://github.com/golang/sync) | `0.19.0` | `0.20.0` |
| [golang.org/x/sys](https://github.com/golang/sys) | `0.41.0` | `0.42.0` |
| [golang.org/x/text](https://github.com/golang/text) | `0.34.0` | `0.35.0` |
| [golang.org/x/time](https://github.com/golang/time) | `0.9.0` | `0.15.0` |
| google.golang.org/protobuf | `1.36.10` | `1.36.11` |


Updates `github.com/consensys/gnark-crypto` from 0.20.0 to 0.20.1
- [Release notes](https://github.com/consensys/gnark-crypto/releases)
- [Changelog](https://github.com/Consensys/gnark-crypto/blob/master/CHANGELOG.md)
- [Commits](Consensys/gnark-crypto@v0.20.0...v0.20.1)

Updates `github.com/urfave/cli/v2` from 2.27.5 to 2.27.7
- [Release notes](https://github.com/urfave/cli/releases)
- [Changelog](https://github.com/urfave/cli/blob/main/docs/CHANGELOG.md)
- [Commits](urfave/cli@v2.27.5...v2.27.7)

Updates `golang.org/x/crypto` from 0.48.0 to 0.49.0
- [Commits](golang/crypto@v0.48.0...v0.49.0)

Updates `golang.org/x/sync` from 0.19.0 to 0.20.0
- [Commits](golang/sync@v0.19.0...v0.20.0)

Updates `golang.org/x/sys` from 0.41.0 to 0.42.0
- [Commits](golang/sys@v0.41.0...v0.42.0)

Updates `golang.org/x/text` from 0.34.0 to 0.35.0
- [Release notes](https://github.com/golang/text/releases)
- [Commits](golang/text@v0.34.0...v0.35.0)

Updates `golang.org/x/time` from 0.9.0 to 0.15.0
- [Commits](golang/time@v0.9.0...v0.15.0)

Updates `google.golang.org/protobuf` from 1.36.10 to 1.36.11

---
updated-dependencies:
- dependency-name: github.com/consensys/gnark-crypto
  dependency-version: 0.20.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all-dependencies
- dependency-name: github.com/urfave/cli/v2
  dependency-version: 2.27.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all-dependencies
- dependency-name: golang.org/x/crypto
  dependency-version: 0.49.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-dependencies
- dependency-name: golang.org/x/sync
  dependency-version: 0.20.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-dependencies
- dependency-name: golang.org/x/sys
  dependency-version: 0.42.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-dependencies
- dependency-name: golang.org/x/text
  dependency-version: 0.35.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-dependencies
- dependency-name: golang.org/x/time
  dependency-version: 0.15.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-dependencies
- dependency-name: google.golang.org/protobuf
  dependency-version: 1.36.11
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Mar 17, 2026
@YoshihitoAso YoshihitoAso requested a review from Copilot March 17, 2026 23:38
Copilot AI reviewed Mar 17, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR updates the repository’s Go module dependencies (direct and indirect) to newer patch/minor versions, aligning go.mod/go.sum with the latest resolved module set.

Changes:

  • Bump direct dependencies including github.com/consensys/gnark-crypto, github.com/urfave/cli/v2, and multiple golang.org/x/* modules.
  • Update indirect dependencies resolved by the module graph (e.g., golang.org/x/net, github.com/cpuguy83/go-md2man/v2).
  • Refresh go.sum checksums to match the updated versions.

Reviewed changes

Copilot reviewed 1 out of 2 changed files in this pull request and generated no comments.

File Description
go.mod Updates required module versions (direct + indirect) to newer releases.
go.sum Updates checksums for the bumped module versions.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@YoshihitoAso YoshihitoAso merged commit e9c5afa into dev-2.7 Mar 17, 2026
9 checks passed
@dependabot dependabot bot deleted the dependabot/go_modules/all-dependencies-5d0f6485c9 branch March 17, 2026 23:45
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@YoshihitoAso YoshihitoAso YoshihitoAso approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file go Pull requests that update Go code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@YoshihitoAso