Skip to content

Bump the wire group across 1 directory with 4 updates #160

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
dependabot wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Bump the wire group across 1 directory with 4 updates #160

dependabot wants to merge 1 commit into from

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Nov 26, 2025
edited
Loading

Bumps the wire group with 4 updates in the / directory: github.com/stretchr/testify, github.com/xdg-go/scram, go.mongodb.org/mongo-driver and go.mongodb.org/mongo-driver/v2.

Updates github.com/stretchr/testify from 1.10.0 to 1.11.1

Release notes

Sourced from github.com/stretchr/testify's releases.

v1.11.1

This release fixes #1785 introduced in v1.11.0 where expected argument values implementing the stringer interface (String() string) with a method which mutates their value, when passed to mock.Mock.On (m.On("Method", <expected>).Return()) or actual argument values passed to mock.Mock.Called may no longer match one another where they previously did match. The behaviour prior to v1.11.0 where the stringer is always called is restored. Future testify releases may not call the stringer method at all in this case.

What's Changed

Full Changelog: stretchr/testify@v1.11.0...v1.11.1

v1.11.0

What's Changed

Functional Changes

v1.11.0 Includes a number of performance improvements.

Fixes

Documentation, Build & CI

... (truncated)

Commits
  • 2a57335 Merge pull request #1788 from brackendawson/1785-backport-1.11
  • af8c912 Backport #1786 to release/1.11
  • b7801fb Merge pull request #1778 from stretchr/dependabot/github_actions/actions/chec...
  • 69831f3 build(deps): bump actions/checkout from 4 to 5
  • a53be35 Improve captureTestingT helper
  • aafb604 mock: improve formatting of error message
  • 7218e03 improve error msg
  • 929a212 Merge pull request #1758 from stretchr/dolmen/suite-faster-method-filtering
  • bc7459e suite: faster filtering of methods (-testify.m)
  • 7d37b5c suite: refactor methodFilter
  • Additional commits viewable in compare view

Updates github.com/xdg-go/scram from 1.1.2 to 1.2.0

Release notes

Sourced from github.com/xdg-go/scram's releases.

v1.2.0

Added

  • Channel binding support for SCRAM-PLUS variants (RFC 5929, RFC 9266)
  • GetStoredCredentialsWithError() method that returns errors from PBKDF2 key derivation instead of panicking.
  • Support for Go 1.24+ stdlib crypto/pbkdf2 package, which provides FIPS 140-3 compliance when using SHA-256 or SHA-512 hash functions.

Changed

  • Minimum Go version bumped from 1.11 to 1.18.
  • Migrated from github.com/xdg-go/pbkdf2 to stdlib crypto/pbkdf2 on Go 1.24+. Legacy Go versions (<1.24) continue using the external library via build tags for backward compatibility.
  • Internal error handling improved for PBKDF2 key derivation failures.

Deprecated

  • GetStoredCredentials() is deprecated in favor of GetStoredCredentialsWithError(). The old method panics on PBKDF2 errors to maintain backward compatibility but will be removed in a future major version.

Notes

  • FIPS 140-3 compliance is available on Go 1.24+ when using SCRAM-SHA-256 or SCRAM-SHA-512 with appropriate salt lengths (≥16 bytes). SCRAM-SHA-1 is not FIPS-approved.
Changelog

Sourced from github.com/xdg-go/scram's changelog.

v1.2.0 - 2025-11-24

Added

  • Channel binding support for SCRAM-PLUS variants (RFC 5929, RFC 9266)
  • GetStoredCredentialsWithError() method that returns errors from PBKDF2 key derivation instead of panicking.
  • Support for Go 1.24+ stdlib crypto/pbkdf2 package, which provides FIPS 140-3 compliance when using SHA-256 or SHA-512 hash functions.

Changed

  • Minimum Go version bumped from 1.11 to 1.18.
  • Migrated from github.com/xdg-go/pbkdf2 to stdlib crypto/pbkdf2 on Go 1.24+. Legacy Go versions (<1.24) continue using the external library via build tags for backward compatibility.
  • Internal error handling improved for PBKDF2 key derivation failures.

Deprecated

  • GetStoredCredentials() is deprecated in favor of GetStoredCredentialsWithError(). The old method panics on PBKDF2 errors to maintain backward compatibility but will be removed in a future major version.

Notes

  • FIPS 140-3 compliance is available on Go 1.24+ when using SCRAM-SHA-256 or SCRAM-SHA-512 with appropriate salt lengths (≥16 bytes). SCRAM-SHA-1 is not FIPS-approved.
Commits
  • b6d6a0b Bump version in CHANGELOG
  • eb4bcac Add error handling to xorBytes for unequal length arguments
  • 711c747 Implement channel binding support for SCRAM-PLUS
  • d58dc75 Replace server error strings with typed RFC-compliant constants
  • 753038a Further modernize GH actions CI
  • 17fcfe4 go mod tidy
  • 4dc71f3 Bump minimum Go version to 1.18
  • b85dd84 Update Github action versions
  • 8dff94c Restore backward-compatible error handling
  • 6891e94 Use stdlib pbkdf2 in go 1.24
  • Additional commits viewable in compare view

Updates go.mongodb.org/mongo-driver from 1.17.4 to 1.17.6

Release notes

Sourced from go.mongodb.org/mongo-driver's releases.

MongoDB Go Driver 1.17.6

The MongoDB Go Driver Team is pleased to release version 1.17.6 of the official MongoDB Go Driver.

[!NOTE] Due to a bug in the Go Driver release automation, there is no 1.17.5 release.

Release Highlights

This release makes various maintainability improvements to the Go Driver development and release automation.

What's Changed

📝 Other Changes

Full Changelog: mongodb/mongo-go-driver@v1.17.4...v1.17.6

For a full list of tickets included in this release, please see the list of fixed issues.

Documentation for the Go Driver can be found on pkg.go.dev and the MongoDB documentation site. BSON library documentation is also available on pkg.go.dev. For issues with, questions about, or feedback for the Go Driver, please look into our support channels, including StackOverflow. Bugs can be reported in the Go Driver project in the MongoDB JIRA where a list of current issues can be found. Your feedback on the Go Driver is greatly appreciated!

Commits
  • d2fa0ab BUMP v1.17.6
  • f1d540b BUMP v1.17.5
  • b879028 GODRIVER-3654 Don't test v1 branches against latest server. (#2188)
  • 21f47d4 Allow ignore-for-release label to satisfy label checker (#2203)
  • 8708ca8 Disable merge-up from release/1.17 (#2202)
  • 0b2794f GODRIVER-3612 Add an internal-only NewSessionWithLSID API (v1) (#2183)
  • 747a8d0 Consider HTTP 429 a succcessful response in the Markdown link check. (#2191)
  • 8c336ff Pin drivers-evergreen-tools to rev 98f6b0e in v1. (#2184)
  • 106cff3 Retry Markdown link checks on HTTP 429 (v1) (#2186)
  • d406474 GODRIVER-3564: Add config and workflows for release note labels (#2148)
  • Additional commits viewable in compare view

Updates go.mongodb.org/mongo-driver/v2 from 2.2.2 to 2.4.0

Release notes

Sourced from go.mongodb.org/mongo-driver/v2's releases.

MongoDB Go Driver 2.4.0

The MongoDB Go Driver Team is pleased to release version 2.4.0 of the official MongoDB Go Driver.

Release Highlights

[!IMPORTANT] Go Driver v2.4 requires MongoDB 4.2 or newer.

This release adds a new method Client.AppendDriverInfo that adds information to the driver metadata sent on subsequent connection handshakes.

What's Changed

✨ New Features

📝 Other Changes

New Contributors

Full Changelog: mongodb/mongo-go-driver@v2.3.1...v2.4.0

For a full list of tickets included in this release, please see the list of fixed issues.

Documentation for the Go Driver can be found on pkg.go.dev and the MongoDB documentation site. BSON library documentation is also available on pkg.go.dev. For issues with, questions about, or feedback for the Go Driver, please look into our support channels, including StackOverflow. Bugs can be reported in the Go Driver project in the MongoDB JIRA where a list of current issues can be found. Your feedback on the Go Driver is greatly appreciated!

MongoDB Go Driver 2.3.1

The MongoDB Go Driver Team is pleased to release version 2.3.1 of the official MongoDB Go Driver.

Release Highlights

This release applies client-level timeouts for tailable/awaitData cursors, and fixes a bug that causes a tight loop when there are no selectable servers.

What's Changed

🐛 Fixed

📝 Other Changes

... (truncated)

Commits
  • 9bd07db BUMP v2.4.0
  • 53057d2 Remove the unused and dangerous ShareClient mtest option. (#2225)
  • 4bc4835 GODRIVER-3544, GODRIVER-3653 Allow Client to Send Client Metadata On-Demand (...
  • 8fb0643 GODRIVER-3668 Add bypassEmptyTsReplacement option. (#2219)
  • 0261c36 GODRIVER-3523 Drop support for MongoDB 4.0. (#2221)
  • f01f780 GODRIVER-3675 Rename internal/decimal/decinal128.go to decimal128.go (#2220)
  • 2f9e708 Bump the actions group across 1 directory with 6 updates (#2223)
  • 1e7cea0 Merge branch 'release/2.3'
  • d38fa23 BUMP v2.3.1
  • 86ddd18 GODRIVER-3667 Update support links. (#2215)
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Bump the wire group across 1 directory with 4 updates
6519319 
Bumps the wire group with 4 updates in the / directory: [github.com/stretchr/testify](https://github.com/stretchr/testify), [github.com/xdg-go/scram](https://github.com/xdg-go/scram), [go.mongodb.org/mongo-driver](https://github.com/mongodb/mongo-go-driver) and [go.mongodb.org/mongo-driver/v2](https://github.com/mongodb/mongo-go-driver).


Updates `github.com/stretchr/testify` from 1.10.0 to 1.11.1
- [Release notes](https://github.com/stretchr/testify/releases)
- [Commits](stretchr/testify@v1.10.0...v1.11.1)

Updates `github.com/xdg-go/scram` from 1.1.2 to 1.2.0
- [Release notes](https://github.com/xdg-go/scram/releases)
- [Changelog](https://github.com/xdg-go/scram/blob/master/CHANGELOG.md)
- [Commits](xdg-go/scram@v1.1.2...v1.2.0)

Updates `go.mongodb.org/mongo-driver` from 1.17.4 to 1.17.6
- [Release notes](https://github.com/mongodb/mongo-go-driver/releases)
- [Commits](mongodb/mongo-go-driver@v1.17.4...v1.17.6)

Updates `go.mongodb.org/mongo-driver/v2` from 2.2.2 to 2.4.0
- [Release notes](https://github.com/mongodb/mongo-go-driver/releases)
- [Commits](mongodb/mongo-go-driver@v2.2.2...v2.4.0)

---
updated-dependencies:
- dependency-name: github.com/stretchr/testify
  dependency-version: 1.11.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: wire
- dependency-name: github.com/xdg-go/scram
  dependency-version: 1.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: wire
- dependency-name: go.mongodb.org/mongo-driver
  dependency-version: 1.17.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: wire
- dependency-name: go.mongodb.org/mongo-driver/v2
  dependency-version: 2.4.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: wire
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added deps PRs that update dependencies not ready Issues that are not ready to be worked on; PRs that should skip CI labels Nov 26, 2025
@dependabot dependabot bot added deps PRs that update dependencies not ready Issues that are not ready to be worked on; PRs that should skip CI labels Nov 26, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@AlekSi AlekSi Awaiting requested review from AlekSi AlekSi is a code owner

@chilagrow chilagrow Awaiting requested review from chilagrow

At least 1 approving review is required to merge this pull request.

Assignees

@AlekSi AlekSi

Labels

deps PRs that update dependencies not ready Issues that are not ready to be worked on; PRs that should skip CI

Projects

Current Engineering
Status: In progress

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@AlekSi