Skip to content

chore(deps): Bump the dependencies group across 1 directory with 3 updates #276

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
ainsleyclark merged 1 commit into from
Jan 20, 2026
Merged

chore(deps): Bump the dependencies group across 1 directory with 3 updates #276

ainsleyclark merged 1 commit into from
Jan 20, 2026

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Jan 19, 2026

Bumps the dependencies group with 3 updates in the / directory: github.com/getsentry/sentry-go, github.com/labstack/echo/v4 and github.com/sirupsen/logrus.

Updates github.com/getsentry/sentry-go from 0.36.2 to 0.41.0

Release notes

Sourced from github.com/getsentry/sentry-go's releases.

0.41.0

The Sentry SDK team is happy to announce the immediate availability of Sentry Go SDK v0.41.0.

Features

  • Add HTTP client integration for distributed tracing via sentryhttpclient package (#876)
    • Provides an http.RoundTripper implementation that automatically creates spans for outgoing HTTP requests
    • Supports trace propagation targets configuration via WithTracePropagationTargets option
    • Example usage: 
      import sentryhttpclient "github.com/getsentry/sentry-go/httpclient"
roundTripper := sentryhttpclient.NewSentryRoundTripper(nil)
client := &http.Client{
Transport: roundTripper,
}

  • Add ClientOptions.PropagateTraceparent option to control W3C traceparent header propagation in outgoing HTTP requests (#1161)
  • Add SpanID field to structured logs (#1169)

0.40.0

The Sentry SDK team is happy to announce the immediate availability of Sentry Go SDK v0.40.0.

Bug Fixes

  • Disable DisableTelemetryBuffer flag and noop Telemetry Buffer, to prevent a panic at runtime (#1149).

0.39.0

The Sentry SDK team is happy to announce the immediate availability of Sentry Go SDK v0.39.0.

Features

  • Drop events from the telemetry buffer when rate-limited or transport is full, allowing the buffer queue to empty itself under load (#1138).

Bug Fixes

  • Fix scheduler's hasWork() method to check if buffers are ready to flush. The previous implementation was causing CPU spikes (#1143).

0.38.0

Breaking Changes

Features

  • Introduce a new async envelope transport and telemetry buffer to prioritize and batch events (#1094, #1093, #1107).
    • Advantages:
      • Prioritized, per-category buffers (errors, transactions, logs, check-ins) reduce starvation and improve resilience under load
      • Batching for high-volume logs (up to 100 items or 5s) cuts network overhead
      • Bounded memory with eviction policies
      • Improved flush behavior with context-aware flushing
  • Add ClientOptions.DisableTelemetryBuffer to opt out and fall back to the legacy transport layer (HTTPTransport / HTTPSyncTransport).

... (truncated)

Changelog

Sourced from github.com/getsentry/sentry-go's changelog.

0.41.0

The Sentry SDK team is happy to announce the immediate availability of Sentry Go SDK v0.41.0.

Features

  • Add HTTP client integration for distributed tracing via sentryhttpclient package (#876)
    • Provides an http.RoundTripper implementation that automatically creates spans for outgoing HTTP requests
    • Supports trace propagation targets configuration via WithTracePropagationTargets option
    • Example usage: 
      import sentryhttpclient "github.com/getsentry/sentry-go/httpclient"
roundTripper := sentryhttpclient.NewSentryRoundTripper(nil)
client := &http.Client{
Transport: roundTripper,
}

  • Add ClientOptions.PropagateTraceparent option to control W3C traceparent header propagation in outgoing HTTP requests (#1161)
  • Add SpanID field to structured logs (#1169)

0.40.0

The Sentry SDK team is happy to announce the immediate availability of Sentry Go SDK v0.40.0.

Bug Fixes

  • Disable DisableTelemetryBuffer flag and noop Telemetry Buffer, to prevent a panic at runtime (#1149).

0.39.0

The Sentry SDK team is happy to announce the immediate availability of Sentry Go SDK v0.39.0.

Features

  • Drop events from the telemetry buffer when rate-limited or transport is full, allowing the buffer queue to empty itself under load (#1138).

Bug Fixes

  • Fix scheduler's hasWork() method to check if buffers are ready to flush. The previous implementation was causing CPU spikes (#1143).

0.38.0

Breaking Changes

Features

  • Introduce a new async envelope transport and telemetry buffer to prioritize and batch events (#1094, #1093, #1107).
    • Advantages:
      • Prioritized, per-category buffers (errors, transactions, logs, check-ins) reduce starvation and improve resilience under load

... (truncated)

Commits
  • 87e197c release: 0.41.0
  • a130ff1 chore: prepare 0.41.0 (#1172)
  • f3a5a3f feat: refactor log serialization to match docs (#1169)
  • 736c662 build(deps): bump actions/create-github-app-token from 2.1.4 to 2.2.1 (#1164)
  • 30c8b2e build(deps): bump golangci/golangci-lint-action from 8.0.0 to 9.2.0 (#1165)
  • 335c5f1 build(deps): bump codecov/codecov-action from 5.5.1 to 5.5.2 (#1163)
  • 77f5f7d build(deps): bump actions/checkout from 5 to 6 (#1162)
  • f5cdcd9 build(deps): bump actions/cache from 4 to 5 (#1166)
  • 8cb62cf feat: add propagateTraceparent option (#1161)
  • d7582e8 feat: add http client integration (#876)
  • Additional commits viewable in compare view

Updates github.com/labstack/echo/v4 from 4.13.4 to 4.15.0

Release notes

Sourced from github.com/labstack/echo/v4's releases.

v4.15.0

Security

WARNING: If your application relies on cross-origin or same-site (same subdomain) requests do not blindly push this version to production

The CSRF middleware now supports the Sec-Fetch-Site header as a modern, defense-in-depth approach to CSRF protection, implementing the OWASP-recommended Fetch Metadata API alongside the traditional token-based mechanism.

How it works:

Modern browsers automatically send the Sec-Fetch-Site header with all requests, indicating the relationship between the request origin and the target. The middleware uses this to make security decisions:

  • same-origin or none: Requests are allowed (exact origin match or direct user navigation)
  • same-site: Falls back to token validation (e.g., subdomain to main domain)
  • cross-site: Blocked by default with 403 error for unsafe methods (POST, PUT, DELETE, PATCH)

For browsers that don't send this header (older browsers), the middleware seamlessly falls back to traditional token-based CSRF protection.

New Configuration Options:

  • TrustedOrigins []string: Allowlist specific origins for cross-site requests (useful for OAuth callbacks, webhooks)
  • AllowSecFetchSiteFunc func(echo.Context) (bool, error): Custom logic for same-site/cross-site request validation

Example:

e.Use(middleware.CSRFWithConfig(middleware.CSRFConfig{
    // Allow OAuth callbacks from trusted provider
    TrustedOrigins: []string{"https://oauth-provider.com"},
// Custom validation for same-site requests
AllowSecFetchSiteFunc: func(c echo.Context) (bool, error) {
    // Your custom authorization logic here
    return validateCustomAuth(c), nil
    // return true, err  // blocks request with error
    // return true, nil  // allows CSRF request through
    // return false, nil // falls back to legacy token logic
},

}))

PR: labstack/echo#2858

Type-Safe Generic Parameter Binding

  • Added generic functions for type-safe parameter extraction and context access by @​aldas in labstack/echo#2856

    Echo now provides generic functions for extracting path, query, and form parameters with automatic type conversion, eliminating manual string parsing and type assertions.

... (truncated)

Changelog

Sourced from github.com/labstack/echo/v4's changelog.

v4.15.0 - 2026-01-01

Security

NB: If your application relies on cross-origin or same-site (same subdomain) requests do not blindly push this version to production

The CSRF middleware now supports the Sec-Fetch-Site header as a modern, defense-in-depth approach to CSRF protection, implementing the OWASP-recommended Fetch Metadata API alongside the traditional token-based mechanism.

How it works:

Modern browsers automatically send the Sec-Fetch-Site header with all requests, indicating the relationship between the request origin and the target. The middleware uses this to make security decisions:

  • same-origin or none: Requests are allowed (exact origin match or direct user navigation)
  • same-site: Falls back to token validation (e.g., subdomain to main domain)
  • cross-site: Blocked by default with 403 error for unsafe methods (POST, PUT, DELETE, PATCH)

For browsers that don't send this header (older browsers), the middleware seamlessly falls back to traditional token-based CSRF protection.

New Configuration Options:

  • TrustedOrigins []string: Allowlist specific origins for cross-site requests (useful for OAuth callbacks, webhooks)
  • AllowSecFetchSiteFunc func(echo.Context) (bool, error): Custom logic for same-site/cross-site request validation

Example:

e.Use(middleware.CSRFWithConfig(middleware.CSRFConfig{
    // Allow OAuth callbacks from trusted provider
    TrustedOrigins: []string{"https://oauth-provider.com"},
// Custom validation for same-site requests
AllowSecFetchSiteFunc: func(c echo.Context) (bool, error) {
    // Your custom authorization logic here
    return validateCustomAuth(c), nil
    // return true, err  // blocks request with error
    // return true, nil  // allows CSRF request through
    // return false, nil // falls back to legacy token logic
},

}))

PR: labstack/echo#2858

Type-Safe Generic Parameter Binding

  • Added generic functions for type-safe parameter extraction and context access by @​aldas in labstack/echo#2856

    Echo now provides generic functions for extracting path, query, and form parameters with automatic type conversion,

... (truncated)

Commits
  • 482bb46 v4.15.0 changelog
  • d0f9d1e CRSF with Sec-Fetch-Site=same-site falls back to legacy token
  • f3fc618 CRSF with Sec-Fetch-Site checks
  • 4dcb9b4 licence headers
  • cbc0ac1 Add PathParam(Or)/QueryParam(Or)/FormParam(Or) generic functions
  • 6b14f4e Add Context.Get generic functions
  • 321530d disable test - returns different error under Windows
  • c8abd9f disable flaky test
  • 9fe43f7 fix Rate limiter disallows fractional rates
  • 1b5122a document things to reduce false positives
  • Additional commits viewable in compare view

Updates github.com/sirupsen/logrus from 1.9.3 to 1.9.4

Release notes

Sourced from github.com/sirupsen/logrus's releases.

v1.9.4

Notable changes

Full Changelog: sirupsen/logrus@v1.9.3...v1.9.4

Commits
  • b61f268 Merge pull request #1472 from goldlinker/master
  • 15c29db refactor: replace the deprecated function in the ioutil package
  • cb253f3 Merge pull request #1464 from thaJeztah/touchup_godoc
  • 29b2337 Merge pull request #1468 from thaJeztah/touchup_readme
  • d916819 Merge pull request #1427 from dolmen/fix-testify-usage
  • 135e482 README: small touch-ups
  • 2c5fa36 Merge pull request #1467 from thaJeztah/rm_old_badge
  • 877ecec README: remove travis badge
  • 55cf256 Merge pull request #1393 from jsoref/grammar
  • 21bae50 Merge pull request #1426 from dolmen/testing-fix-use-of-math-rand
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
chore(deps): Bump the dependencies group across 1 directory with 3 up…
27a2106 
…dates

Bumps the dependencies group with 3 updates in the / directory: [github.com/getsentry/sentry-go](https://github.com/getsentry/sentry-go), [github.com/labstack/echo/v4](https://github.com/labstack/echo) and [github.com/sirupsen/logrus](https://github.com/sirupsen/logrus).


Updates `github.com/getsentry/sentry-go` from 0.36.2 to 0.41.0
- [Release notes](https://github.com/getsentry/sentry-go/releases)
- [Changelog](https://github.com/getsentry/sentry-go/blob/master/CHANGELOG.md)
- [Commits](getsentry/sentry-go@v0.36.2...v0.41.0)

Updates `github.com/labstack/echo/v4` from 4.13.4 to 4.15.0
- [Release notes](https://github.com/labstack/echo/releases)
- [Changelog](https://github.com/labstack/echo/blob/master/CHANGELOG.md)
- [Commits](labstack/echo@v4.13.4...v4.15.0)

Updates `github.com/sirupsen/logrus` from 1.9.3 to 1.9.4
- [Release notes](https://github.com/sirupsen/logrus/releases)
- [Changelog](https://github.com/sirupsen/logrus/blob/master/CHANGELOG.md)
- [Commits](sirupsen/logrus@v1.9.3...v1.9.4)

---
updated-dependencies:
- dependency-name: github.com/getsentry/sentry-go
  dependency-version: 0.41.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: github.com/labstack/echo/v4
  dependency-version: 4.15.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: github.com/sirupsen/logrus
  dependency-version: 1.9.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Jan 19, 2026
@vercel
Copy link

vercel bot commented Jan 19, 2026
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

1 Skipped Deployment
Project Deployment Review Updated (UTC)
ainsleydev Ignored Ignored Preview Jan 19, 2026 7:00pm

Request Review

@ainsleyclark ainsleyclark merged commit 2d8bbdb into main Jan 20, 2026
7 checks passed
@ainsleyclark ainsleyclark deleted the dependabot/go_modules/dependencies-531a0a4192 branch January 20, 2026 06:50
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file go Pull requests that update Go code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@ainsleyclark