fix(deps): bump the external group across 1 directory with 5 updates by dependabot[bot] · Pull Request #3234 · opentdf/platform

dependabot · 2026-04-01T14:23:54Z

Bumps the external group with 3 updates in the /sdk directory: golang.org/x/oauth2, golang.org/x/text and google.golang.org/grpc.

Updates golang.org/x/oauth2 from 0.34.0 to 0.36.0

Commits

4d954e6 all: upgrade go directive to at least 1.25.0 [generated]
89ff2e1 google: add safer credentials JSON loading options.
See full diff in compare view

Updates golang.org/x/text from 0.34.0 to 0.35.0

Commits

7ca2c6d go.mod: update golang.org/x dependencies
73d1ba9 all: upgrade go directive to at least 1.25.0 [generated]
See full diff in compare view

Updates golang.org/x/tools from 0.41.0 to 0.42.0

Commits

009367f go.mod: update golang.org/x dependencies
2182926 go/ast/inspector: add Cursor.ParentEdge{Kind,Index} methods
27020ac internal/server: add module upgrade pathway after vulncheck scanning
c4ec0f5 internal/server: list vulnerabilities within vulncheck prompt
80d1715 gopls/internal/protocol: add document uri field type
0e23509 gopls/doc: update link to Acme LSP plugin
7b3ed75 gopls/internal/server: respect SemanticTokens option during initialization
fddd4a6 gopls/filecache: prevent premature CAS file eviction
e3a69ff gopls/internal/golang: refactor.inline.variable: add parens
955d132 gopls/internal/golang: migrate pkgdoc to cursor
Additional commits viewable in compare view

Updates google.golang.org/grpc from 1.79.3 to 1.80.0

Release notes

Sourced from google.golang.org/grpc's releases.

Release 1.80.0

Behavior Changes

balancer: log a warning if a balancer is registered with uppercase letters, as balancer names should be lowercase. In a future release, balancer names will be treated as case-insensitive; see #5288 for details. (#8837)

xds: update resource error handling and re-resolution logic (#8907)

Re-resolve all LOGICAL_DNS clusters simultaneously when re-resolution is requested.

Fail all in-flight RPCs immediately upon receipt of listener or route resource errors, instead of allowing them to complete.

Bug Fixes

xds: support the LB policy configured in LOGICAL_DNS cluster resources instead of defaulting to pick_first. (#8733)

credentials/tls: perform per-RPC authority validation against the leaf certificate instead of the entire peer certificate chain. (#8831)

xds: enabling A76 ring hash endpoint keys no longer causes EDS resources with invalid proxy metadata to be NACKed when HTTP CONNECT (gRFC A86) is disabled. (#8875)

xds: validate that the sum of endpoint weights in a locality does not exceed the maximum uint32 value. (#8899)

Special Thanks: @RAVEYUS

xds: fix incorrect proto field access in the weighted round robin (WRR) configuration where blackout_period was used instead of weight_expiration_period. (#8915)

Special Thanks: @gregbarasch

xds/rbac: handle addresses with ports in IP matchers. (#8990)

New Features

ringhash: enable gRFC A76 (endpoint hash keys and request hash headers) by default. (#8922)

Performance Improvements

credentials/alts: pool write buffers to reduce memory allocations and usage. (#8919)

grpc: enable the use of pooled write buffers for buffering HTTP/2 frame writes by default. This reduces memory usage when connections are idle. Use the WithSharedWriteBuffer dial option or the SharedWriteBuffer server option to disable this feature. (#8957)

xds/priority: stop caching child LB policies removed from the configuration. This will help reduce memory and cpu usage when localities are constantly switching between priorities. (#8997)

mem: add a faster tiered buffer pool; use the experimental mem.NewBinaryTieredBufferPool function to create such pools. (#8775)

Commits

397e45e Change version to 1.80.0 (#8948)
64ebf0a Cherry-pick #8997 to v1.80.x (#9027)
e45ed24 xds/rbac: add additional handling for addresses with ports (#8990) (#9022)
c78d26e Cherry-pick #8957 to v1.80.x (#9007)
bd7cd3c grpc: enforce strict path checking for incoming requests on the server (#8987)
b6597b3 xds/clusterimpl: use xdsConfig for updates and remove redundant fields from L...
1d4fa8a xds: change cdsbalancer to use update from dependency manager (#8907)
8f47d36 attributes: Replace internal map with linked list (#8933)
22e1ee8 xds: add panic recovery in xdsclient resource unmarshalling. (#8895)
7136e99 credentials/alts: Pool write buffers (#8919)
Additional commits viewable in compare view

Updates google.golang.org/protobuf from 1.36.10 to 1.36.11

coderabbitai · 2026-04-01T14:28:29Z

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Repository UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: da9d0c64-cf61-4902-8d3e-8f73bd970a05

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

🔍 Trigger review

✨ Finishing Touches

🧪 Generate unit tests (beta)

Create PR with unit tests
Commit unit tests in branch dependabot/go_modules/sdk/external-880ea5723a

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

github-actions · 2026-04-01T14:29:26Z

Benchmark results, click to expand

Benchmark authorization.GetDecisions Results:

Metric	Value
Approved Decision Requests	1000
Denied Decision Requests	0
Total Time	186.991497ms

Benchmark authorization.v2.GetMultiResourceDecision Results:

Metric	Value
Approved Decision Requests	1000
Denied Decision Requests	0
Total Time	91.648977ms

Benchmark Statistics

Name	№ Requests	Avg Duration	Min Duration	Max Duration

Bulk Benchmark Results

Metric	Value
Total Decrypts	100
Successful Decrypts	100
Failed Decrypts	0
Total Time	393.645189ms
Throughput	254.04 requests/second

TDF3 Benchmark Results:

Metric	Value
Total Requests	5000
Successful Requests	5000
Failed Requests	0
Concurrent Requests	50
Total Time	41.113334664s
Average Latency	409.32577ms
Throughput	121.62 requests/second

github-actions · 2026-04-01T14:37:09Z

X-Test Results

✅ go-pull-3234
✅ go-v0.9.0
✅ java-pull-3234
✅ java-v0.9.0
✅ js-pull-3234
✅ js-v0.9.0
bats-test-results
cukes-report
opentdf~~platform~~4QX186.dockerbuild

github-actions · 2026-04-01T22:46:12Z

Benchmark results, click to expand

Benchmark authorization.GetDecisions Results:

Metric	Value
Approved Decision Requests	1000
Denied Decision Requests	0
Total Time	189.967317ms

Benchmark authorization.v2.GetMultiResourceDecision Results:

Metric	Value
Approved Decision Requests	1000
Denied Decision Requests	0
Total Time	94.776032ms

Benchmark Statistics

Name	№ Requests	Avg Duration	Min Duration	Max Duration

Bulk Benchmark Results

Metric	Value
Total Decrypts	100
Successful Decrypts	100
Failed Decrypts	0
Total Time	383.473674ms
Throughput	260.77 requests/second

TDF3 Benchmark Results:

Metric	Value
Total Requests	5000
Successful Requests	5000
Failed Requests	0
Concurrent Requests	50
Total Time	40.05651587s
Average Latency	398.694565ms
Throughput	124.82 requests/second

github-actions · 2026-04-01T22:53:18Z

X-Test Results

✅ go-pull-3234
✅ java-pull-3234
✅ go-v0.9.0
✅ js-pull-3234
✅ java-v0.9.0
bats-test-results
✅ js-v0.9.0
cukes-report
opentdf~~platform~~N3GONT.dockerbuild

github-actions · 2026-04-02T18:00:19Z

Benchmark results, click to expand

Benchmark authorization.GetDecisions Results:

Metric	Value
Approved Decision Requests	1000
Denied Decision Requests	0
Total Time	144.973682ms

Benchmark authorization.v2.GetMultiResourceDecision Results:

Metric	Value
Approved Decision Requests	1000
Denied Decision Requests	0
Total Time	75.642121ms

Benchmark Statistics

Name	№ Requests	Avg Duration	Min Duration	Max Duration

Bulk Benchmark Results

Metric	Value
Total Decrypts	100
Successful Decrypts	100
Failed Decrypts	0
Total Time	391.644336ms
Throughput	255.33 requests/second

TDF3 Benchmark Results:

Metric	Value
Total Requests	5000
Successful Requests	5000
Failed Requests	0
Concurrent Requests	50
Total Time	38.893064085s
Average Latency	387.037977ms
Throughput	128.56 requests/second

github-actions · 2026-04-02T18:07:36Z

X-Test Results

✅ go-pull-3234
✅ go-v0.9.0
✅ java-pull-3234
✅ java-v0.9.0
✅ js-pull-3234
✅ js-v0.9.0
bats-test-results
cukes-report
opentdf~~platform~~K8BD93.dockerbuild

Bumps the external group with 3 updates in the /sdk directory: [golang.org/x/oauth2](https://github.com/golang/oauth2), [golang.org/x/text](https://github.com/golang/text) and [google.golang.org/grpc](https://github.com/grpc/grpc-go). Updates `golang.org/x/oauth2` from 0.34.0 to 0.36.0 - [Commits](golang/oauth2@v0.34.0...v0.36.0) Updates `golang.org/x/text` from 0.34.0 to 0.35.0 - [Release notes](https://github.com/golang/text/releases) - [Commits](golang/text@v0.34.0...v0.35.0) Updates `golang.org/x/tools` from 0.41.0 to 0.42.0 - [Release notes](https://github.com/golang/tools/releases) - [Commits](golang/tools@v0.41.0...v0.42.0) Updates `google.golang.org/grpc` from 1.79.3 to 1.80.0 - [Release notes](https://github.com/grpc/grpc-go/releases) - [Commits](grpc/grpc-go@v1.79.3...v1.80.0) Updates `google.golang.org/protobuf` from 1.36.10 to 1.36.11 --- updated-dependencies: - dependency-name: golang.org/x/oauth2 dependency-version: 0.36.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: external - dependency-name: golang.org/x/text dependency-version: 0.35.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: external - dependency-name: golang.org/x/tools dependency-version: 0.42.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: external - dependency-name: google.golang.org/grpc dependency-version: 1.80.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: external - dependency-name: google.golang.org/protobuf dependency-version: 1.36.11 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: external ... Signed-off-by: dependabot[bot] <support@github.com>

github-actions · 2026-04-03T17:59:31Z

Benchmark results, click to expand

Benchmark authorization.GetDecisions Results:

Metric	Value
Approved Decision Requests	1000
Denied Decision Requests	0
Total Time	202.934894ms

Benchmark authorization.v2.GetMultiResourceDecision Results:

Metric	Value
Approved Decision Requests	1000
Denied Decision Requests	0
Total Time	105.938113ms

Benchmark Statistics

Name	№ Requests	Avg Duration	Min Duration	Max Duration

Bulk Benchmark Results

Metric	Value
Total Decrypts	100
Successful Decrypts	100
Failed Decrypts	0
Total Time	406.819587ms
Throughput	245.81 requests/second

TDF3 Benchmark Results:

Metric	Value
Total Requests	5000
Successful Requests	5000
Failed Requests	0
Concurrent Requests	50
Total Time	40.907141933s
Average Latency	407.554972ms
Throughput	122.23 requests/second

github-actions · 2026-04-03T18:05:41Z

X-Test Results

✅ go-pull-3234
✅ go-v0.9.0
✅ java-pull-3234
✅ java-v0.9.0
✅ js-v0.9.0
✅ js-pull-3234
bats-test-results
cukes-report
opentdf~~platform~~EVQE76.dockerbuild

dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Apr 1, 2026

dependabot bot requested review from a team as code owners April 1, 2026 14:23

dependabot bot added the go Pull requests that update Go code label Apr 1, 2026

github-actions bot added comp:sdk A software development kit, including library, for client applications and inter-service communicati size/s labels Apr 1, 2026

dependabot bot force-pushed the dependabot/go_modules/sdk/external-880ea5723a branch from 89a9702 to 77698db Compare April 1, 2026 22:40

dependabot bot force-pushed the dependabot/go_modules/sdk/external-880ea5723a branch from 77698db to a6e63bc Compare April 2, 2026 17:54

dependabot bot force-pushed the dependabot/go_modules/sdk/external-880ea5723a branch from a6e63bc to 56cafe1 Compare April 3, 2026 17:53

Conversation

dependabot bot commented on behalf of github Apr 1, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Release 1.80.0

Behavior Changes

Bug Fixes

New Features

Performance Improvements

Uh oh!

coderabbitai bot commented Apr 1, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Review skipped

Uh oh!

github-actions bot commented Apr 1, 2026

Benchmark authorization.GetDecisions Results:

Benchmark authorization.v2.GetMultiResourceDecision Results:

Benchmark Statistics

Bulk Benchmark Results

TDF3 Benchmark Results:

Uh oh!

github-actions bot commented Apr 1, 2026

X-Test Results

Uh oh!

github-actions bot commented Apr 1, 2026

Benchmark authorization.GetDecisions Results:

Benchmark authorization.v2.GetMultiResourceDecision Results:

Benchmark Statistics

Bulk Benchmark Results

TDF3 Benchmark Results:

Uh oh!

github-actions bot commented Apr 1, 2026

X-Test Results

Uh oh!

github-actions bot commented Apr 2, 2026

Benchmark authorization.GetDecisions Results:

Benchmark authorization.v2.GetMultiResourceDecision Results:

Benchmark Statistics

Bulk Benchmark Results

TDF3 Benchmark Results:

Uh oh!

github-actions bot commented Apr 2, 2026

X-Test Results

Uh oh!

github-actions bot commented Apr 3, 2026

Benchmark authorization.GetDecisions Results:

Benchmark authorization.v2.GetMultiResourceDecision Results:

Benchmark Statistics

Bulk Benchmark Results

TDF3 Benchmark Results:

Uh oh!

github-actions bot commented Apr 3, 2026

X-Test Results

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

dependabot bot commented on behalf of github Apr 1, 2026 •

edited

Loading

coderabbitai bot commented Apr 1, 2026 •

edited

Loading