Skip to content

chore(gnoweb): Merge master into playground2, resolve conflicts#5849

Closed
jefft0 wants to merge 48 commits into
gnolang:playground2from
jefft0:chore/playground2-updates
Closed

chore(gnoweb): Merge master into playground2, resolve conflicts#5849
jefft0 wants to merge 48 commits into
gnolang:playground2from
jefft0:chore/playground2-updates

Conversation

@jefft0

@jefft0 jefft0 commented Jun 23, 2026

Copy link
Copy Markdown
Contributor

This PR is against the playground2 branch of #5421 .

thehowl and others added 30 commits June 9, 2026 15:45
…gnolang#5781)

## Problem

`ci / tm2` has failed on every `master` push since June 4 (`ecc5c9fe`,
`11b05a42`, `4b3479e1`, `ba9da8eb`), always the same way:

```
--- FAIL: TestReactorDoesNotResignKnownSelfPrevote (300.04s)
panic: Timed out waiting for all validators to commit a block
```

The failing commits are uncorrelated with the failure (docs-only, CI
config, gnovm), and the identical tree passed `tm2` twice on the gnolang#5216
PR branch hours before failing on master — so this is a flake, not a
regression. It reproduces locally at roughly 1 in 3 runs.

## Root cause

In `MakeConnectedPeers` (`tm2/pkg/internal/p2p/p2p.go`), every switch
dials every other switch concurrently. For each pair there's a racy
interleaving:

1. A's outbound dial to B completes → A registers peer B, fires
`PeerConnected`.
2. B's outbound dial to A completes → B registers peer A, fires
`PeerConnected`.
3. `MakeConnectedPeers` sees both events and returns "all connected".
4. B's accept loop sees A's inbound conn → rejects it as a duplicate
(`switch.go` "already connected") → closes the TCP conn backing **A's
registered peer** → A removes peer B.
5. Symmetrically, A rejects B's inbound → B removes peer A.

Both directions are torn down *after* setup reported success, and test
peers aren't persistent, so nothing redials. Goroutine dumps from hung
runs confirm it: zero gossip/MConnection routines, both switches idle in
`waitForPeersToDial`.

`TestReactorDoesNotResignKnownSelfPrevote` (added in gnolang#5348) is the test
that pays for this because it's the only reactor test with a 2-validator
net that must commit a block — losing the single link is a total
partition. N=4 tests survive losing one link, which is why this raced
silently before.

## Fix

Dial only peers with a higher index, so each pair connects in exactly
one direction and the duplicate-rejection path can never trigger.
Inbound and outbound connections both fire `PeerConnected`, so each
switch still observes `Count-1` events before setup returns. Also
replaces the concurrent `sws = append(...)` (raced across the errgroup
goroutines and made slot order nondeterministic) with an indexed write.

## Verification

- Before: 2/6 local runs of `TestReactorDoesNotResignKnownSelfPrevote`
hang until panic.
- After: 0/20 local runs fail.
- All reactor tests in `tm2/pkg/bft/consensus`, plus
`tm2/pkg/bft/blockchain` and `tm2/pkg/bft/mempool` (the other
`MakeConnectedPeers` users) pass.

🤖 Generated with [Claude Code](https://claude.com/claude-code)
…ng#5751)

fixes gnolang#5664 
The range of the form
```go
for _ = range a.e
```

Should cause an early return on (x *RangeStmt) AssertCompatible, as both
values key and value of the range are discarded. The problem is when the
range is on the form `for _ := range` . the key is considered
blankIdentifier but the value is not present (nil).

The fix is to add this case to the early return

---------

Co-authored-by: ltzmaxwell <ltz.maxwell@gmail.com>
…ang#5713)

## Summary
- Match Go's runtime behavior: comparing two interface values whose
dynamic type is uncomparable (`map`/`slice`/`func`) panics with
`comparing uncomparable type X`, even when both are nil-wrapped.
- Thread a `viaInterface` flag through `isEql`, derived from the
operands' static type (via `ATTR_TYPEOF_VALUE`). Propagate it into array
elements and struct fields whose declared type is an interface.
- Wire the same check into `doOpSwitchClauseCase` for `switch iface {
case map[K]V(nil): }`.
- `m == nil` direct comparisons are unaffected (preprocess already
rejects two-non-nil map/slice/func compares).

## Test plan
- [x] `go test ./gnovm/pkg/gnolang/ -run Files -test.short`
- [x] `go test ./gno.land/pkg/sdk/vm/ -run Gas`
- [x] `go test ./gno.land/pkg/integration/ -run txtar`
- [x] `go test -bench BenchmarkOpEql_Int -benchtime 1x -run=^$
./gnovm/pkg/gnolang/`
- [x] New filetest `gnovm/tests/files/cmp_runtime.gno` (port of Go's
`test/cmp.go`)

---------

Co-authored-by: Morgan <morgan@morganbaz.com>
…dates (gnolang#5595)

Bumps the npm_and_yarn group with 3 updates in the
/gno.land/pkg/gnoweb/frontend directory:
[postcss](https://github.com/postcss/postcss),
[picomatch](https://github.com/micromatch/picomatch) and
[svgo](https://github.com/svg/svgo).

Updates `postcss` from 8.5.6 to 8.5.10
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/postcss/postcss/releases">postcss's
releases</a>.</em></p>
<blockquote>
<h2>8.5.10</h2>
<ul>
<li>Fixed XSS via unescaped <code>&lt;/style&gt;</code> in non-bundler
cases (by <a
href="https://github.com/TharVid"><code>@​TharVid</code></a>).</li>
</ul>
<h2>8.5.9</h2>
<ul>
<li>Speed up source map encoding paring in case of the error.</li>
</ul>
<h2>8.5.8</h2>
<ul>
<li>Fixed <code>Processor#version</code>.</li>
</ul>
<h2>8.5.7</h2>
<ul>
<li>Improved source map annotation cleaning performance (by CodeAnt
AI).</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/postcss/postcss/blob/main/CHANGELOG.md">postcss's
changelog</a>.</em></p>
<blockquote>
<h2>8.5.10</h2>
<ul>
<li>Fixed XSS via unescaped <code>&lt;/style&gt;</code> in non-bundler
cases (by <a
href="https://github.com/TharVid"><code>@​TharVid</code></a>).</li>
</ul>
<h2>8.5.9</h2>
<ul>
<li>Speed up source map encoding paring in case of the error.</li>
</ul>
<h2>8.5.8</h2>
<ul>
<li>Fixed <code>Processor#version</code>.</li>
</ul>
<h2>8.5.7</h2>
<ul>
<li>Improved source map annotation cleaning performance (by CodeAnt
AI).</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/postcss/postcss/commit/33b9790263dc1562a46ce45d9532bd63e95b7986"><code>33b9790</code></a>
Release 8.5.10 version</li>
<li><a
href="https://github.com/postcss/postcss/commit/536c79e4b01e58a3a56b09c3c0cf2323f4b9a28b"><code>536c79e</code></a>
Escape &lt;/style&gt; in CSS output (<a
href="https://redirect.github.com/postcss/postcss/issues/2074">#2074</a>)</li>
<li><a
href="https://github.com/postcss/postcss/commit/afa96b2a139ce625c4d27973313479c7c85f39d4"><code>afa96b2</code></a>
Update dependencies (<a
href="https://redirect.github.com/postcss/postcss/issues/2073">#2073</a>)</li>
<li><a
href="https://github.com/postcss/postcss/commit/effe88bb87cabdc1876e02adbdd30f392f19f40d"><code>effe88b</code></a>
Typo (<a
href="https://redirect.github.com/postcss/postcss/issues/2072">#2072</a>)</li>
<li><a
href="https://github.com/postcss/postcss/commit/3ee79a2c4a11e41d52db50b444eebe38299495ad"><code>3ee79a2</code></a>
Thread model (<a
href="https://redirect.github.com/postcss/postcss/issues/2071">#2071</a>)</li>
<li><a
href="https://github.com/postcss/postcss/commit/2e0683daca4dc2919211b03774f6b2d137136c01"><code>2e0683d</code></a>
Create incident response docs (<a
href="https://redirect.github.com/postcss/postcss/issues/2070">#2070</a>)</li>
<li><a
href="https://github.com/postcss/postcss/commit/fe88ac29c06b7b218be32994cdc6ca1525bdf2c9"><code>fe88ac2</code></a>
Release 8.5.9 version</li>
<li><a
href="https://github.com/postcss/postcss/commit/c551632496b87ab3f1965bfda5dc386b6c71963e"><code>c551632</code></a>
Avoid RegExp when we can use simple JS</li>
<li><a
href="https://github.com/postcss/postcss/commit/89a6b744060eb8dee743351c785a9fbe37d4525a"><code>89a6b74</code></a>
Move SECURITY.txt for docs folder to keep GitHub page cleaner</li>
<li><a
href="https://github.com/postcss/postcss/commit/6ceb8a46af9f9de821faee98f861bdf84617347b"><code>6ceb8a4</code></a>
Create SECURITY.md</li>
<li>Additional commits viewable in <a
href="https://github.com/postcss/postcss/compare/8.5.6...8.5.10">compare
view</a></li>
</ul>
</details>
<br />

Updates `picomatch` from 2.3.1 to 2.3.2
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/micromatch/picomatch/releases">picomatch's
releases</a>.</em></p>
<blockquote>
<h2>2.3.2</h2>
<p>This is a security release fixing several security relevant
issues.</p>
<h2>What's Changed</h2>
<ul>
<li>fix: exception when glob pattern contains constructor by <a
href="https://github.com/Jason3S"><code>@​Jason3S</code></a> in <a
href="https://redirect.github.com/micromatch/picomatch/pull/144">micromatch/picomatch#144</a></li>
<li>Fix for <a
href="https://github.com/micromatch/picomatch/security/advisories/GHSA-c2c7-rcm5-vvqj">CVE-2026-33671</a></li>
<li>Fix for <a
href="https://github.com/micromatch/picomatch/security/advisories/GHSA-3v7f-55p6-f55p">CVE-2026-33672</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/micromatch/picomatch/compare/2.3.1...2.3.2">https://github.com/micromatch/picomatch/compare/2.3.1...2.3.2</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md">picomatch's
changelog</a>.</em></p>
<blockquote>
<h1>Release history</h1>
<p><strong>All notable changes to this project will be documented in
this file.</strong></p>
<p>The format is based on <a
href="http://keepachangelog.com/en/1.0.0/">Keep a Changelog</a>
and this project adheres to <a
href="http://semver.org/spec/v2.0.0.html">Semantic Versioning</a>.</p>
<!-- raw HTML omitted -->
<ul>
<li>Changelogs are for humans, not machines.</li>
<li>There should be an entry for every single version.</li>
<li>The same types of changes should be grouped.</li>
<li>Versions and sections should be linkable.</li>
<li>The latest version comes first.</li>
<li>The release date of each versions is displayed.</li>
<li>Mention whether you follow Semantic Versioning.</li>
</ul>
<!-- raw HTML omitted -->
<!-- raw HTML omitted -->
<p>Changelog entries are classified using the following labels <em>(from
<a href="http://keepachangelog.com/">keep-a-changelog</a></em>):</p>
<ul>
<li><code>Added</code> for new features.</li>
<li><code>Changed</code> for changes in existing functionality.</li>
<li><code>Deprecated</code> for soon-to-be removed features.</li>
<li><code>Removed</code> for now removed features.</li>
<li><code>Fixed</code> for any bug fixes.</li>
<li><code>Security</code> in case of vulnerabilities.</li>
</ul>
<!-- raw HTML omitted -->
<h2>4.0.0 (2024-02-07)</h2>
<h3>Fixes</h3>
<ul>
<li>Fix bad text values in parse <a
href="https://redirect.github.com/micromatch/picomatch/issues/126">#126</a>,
thanks to <a
href="https://github.com/connor4312"><code>@​connor4312</code></a></li>
</ul>
<h3>Changed</h3>
<ul>
<li>Remove process global to work outside of node <a
href="https://redirect.github.com/micromatch/picomatch/issues/129">#129</a>,
thanks to <a
href="https://github.com/styfle"><code>@​styfle</code></a></li>
<li>Add sideEffects to package.json <a
href="https://redirect.github.com/micromatch/picomatch/issues/128">#128</a>,
thanks to <a
href="https://github.com/frandiox"><code>@​frandiox</code></a></li>
<li>Removed <code>os</code>, make compatible browser environment. See <a
href="https://redirect.github.com/micromatch/picomatch/issues/124">#124</a>,
thanks to <a
href="https://github.com/gwsbhqt"><code>@​gwsbhqt</code></a></li>
</ul>
<h2>3.0.1</h2>
<h3>Fixes</h3>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/micromatch/picomatch/commit/81cba8d4b767cab3cb29d26eb4f691eed75b73b2"><code>81cba8d</code></a>
Publish 2.3.2</li>
<li><a
href="https://github.com/micromatch/picomatch/commit/fc1f6b69006e9435caf8fb40d8aff378bc0b7bce"><code>fc1f6b6</code></a>
Merge commit from fork</li>
<li><a
href="https://github.com/micromatch/picomatch/commit/eec17aee5428a7249e9ca5adbb8a0d28fa29619b"><code>eec17ae</code></a>
Merge commit from fork</li>
<li><a
href="https://github.com/micromatch/picomatch/commit/78f8ca4362d9e66cadea97b93e292f10096452ed"><code>78f8ca4</code></a>
Merge pull request <a
href="https://redirect.github.com/micromatch/picomatch/issues/156">#156</a>
from micromatch/backport-144</li>
<li><a
href="https://github.com/micromatch/picomatch/commit/3f4f10eaa65bf3a52e8f2999674cd27e11fa3c9b"><code>3f4f10e</code></a>
Merge pull request <a
href="https://redirect.github.com/micromatch/picomatch/issues/144">#144</a>
from Jason3S/jdent-object-properties</li>
<li>See full diff in <a
href="https://github.com/micromatch/picomatch/compare/2.3.1...2.3.2">compare
view</a></li>
</ul>
</details>
<br />

Updates `picomatch` from 4.0.3 to 4.0.4
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/micromatch/picomatch/releases">picomatch's
releases</a>.</em></p>
<blockquote>
<h2>2.3.2</h2>
<p>This is a security release fixing several security relevant
issues.</p>
<h2>What's Changed</h2>
<ul>
<li>fix: exception when glob pattern contains constructor by <a
href="https://github.com/Jason3S"><code>@​Jason3S</code></a> in <a
href="https://redirect.github.com/micromatch/picomatch/pull/144">micromatch/picomatch#144</a></li>
<li>Fix for <a
href="https://github.com/micromatch/picomatch/security/advisories/GHSA-c2c7-rcm5-vvqj">CVE-2026-33671</a></li>
<li>Fix for <a
href="https://github.com/micromatch/picomatch/security/advisories/GHSA-3v7f-55p6-f55p">CVE-2026-33672</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/micromatch/picomatch/compare/2.3.1...2.3.2">https://github.com/micromatch/picomatch/compare/2.3.1...2.3.2</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md">picomatch's
changelog</a>.</em></p>
<blockquote>
<h1>Release history</h1>
<p><strong>All notable changes to this project will be documented in
this file.</strong></p>
<p>The format is based on <a
href="http://keepachangelog.com/en/1.0.0/">Keep a Changelog</a>
and this project adheres to <a
href="http://semver.org/spec/v2.0.0.html">Semantic Versioning</a>.</p>
<!-- raw HTML omitted -->
<ul>
<li>Changelogs are for humans, not machines.</li>
<li>There should be an entry for every single version.</li>
<li>The same types of changes should be grouped.</li>
<li>Versions and sections should be linkable.</li>
<li>The latest version comes first.</li>
<li>The release date of each versions is displayed.</li>
<li>Mention whether you follow Semantic Versioning.</li>
</ul>
<!-- raw HTML omitted -->
<!-- raw HTML omitted -->
<p>Changelog entries are classified using the following labels <em>(from
<a href="http://keepachangelog.com/">keep-a-changelog</a></em>):</p>
<ul>
<li><code>Added</code> for new features.</li>
<li><code>Changed</code> for changes in existing functionality.</li>
<li><code>Deprecated</code> for soon-to-be removed features.</li>
<li><code>Removed</code> for now removed features.</li>
<li><code>Fixed</code> for any bug fixes.</li>
<li><code>Security</code> in case of vulnerabilities.</li>
</ul>
<!-- raw HTML omitted -->
<h2>4.0.0 (2024-02-07)</h2>
<h3>Fixes</h3>
<ul>
<li>Fix bad text values in parse <a
href="https://redirect.github.com/micromatch/picomatch/issues/126">#126</a>,
thanks to <a
href="https://github.com/connor4312"><code>@​connor4312</code></a></li>
</ul>
<h3>Changed</h3>
<ul>
<li>Remove process global to work outside of node <a
href="https://redirect.github.com/micromatch/picomatch/issues/129">#129</a>,
thanks to <a
href="https://github.com/styfle"><code>@​styfle</code></a></li>
<li>Add sideEffects to package.json <a
href="https://redirect.github.com/micromatch/picomatch/issues/128">#128</a>,
thanks to <a
href="https://github.com/frandiox"><code>@​frandiox</code></a></li>
<li>Removed <code>os</code>, make compatible browser environment. See <a
href="https://redirect.github.com/micromatch/picomatch/issues/124">#124</a>,
thanks to <a
href="https://github.com/gwsbhqt"><code>@​gwsbhqt</code></a></li>
</ul>
<h2>3.0.1</h2>
<h3>Fixes</h3>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/micromatch/picomatch/commit/81cba8d4b767cab3cb29d26eb4f691eed75b73b2"><code>81cba8d</code></a>
Publish 2.3.2</li>
<li><a
href="https://github.com/micromatch/picomatch/commit/fc1f6b69006e9435caf8fb40d8aff378bc0b7bce"><code>fc1f6b6</code></a>
Merge commit from fork</li>
<li><a
href="https://github.com/micromatch/picomatch/commit/eec17aee5428a7249e9ca5adbb8a0d28fa29619b"><code>eec17ae</code></a>
Merge commit from fork</li>
<li><a
href="https://github.com/micromatch/picomatch/commit/78f8ca4362d9e66cadea97b93e292f10096452ed"><code>78f8ca4</code></a>
Merge pull request <a
href="https://redirect.github.com/micromatch/picomatch/issues/156">#156</a>
from micromatch/backport-144</li>
<li><a
href="https://github.com/micromatch/picomatch/commit/3f4f10eaa65bf3a52e8f2999674cd27e11fa3c9b"><code>3f4f10e</code></a>
Merge pull request <a
href="https://redirect.github.com/micromatch/picomatch/issues/144">#144</a>
from Jason3S/jdent-object-properties</li>
<li>See full diff in <a
href="https://github.com/micromatch/picomatch/compare/2.3.1...2.3.2">compare
view</a></li>
</ul>
</details>
<br />

Updates `svgo` from 4.0.0 to 4.0.1
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/svg/svgo/releases">svgo's
releases</a>.</em></p>
<blockquote>
<h2>v4.0.1</h2>
<h2>What's Changed</h2>
<h3>Dependencies</h3>
<ul>
<li>Sets minimum version of <a
href="https://www.npmjs.com/package/sax">sax</a> (XML parser) to v1.5.0,
which improves built-in guards against entity expansion.</li>
</ul>
<h3>Bug Fixes</h3>
<ul>
<li><a
href="https://svgo.dev/docs/plugins/removeEmptyContainers/">removeEmptyContainers</a>,
removed leftover <code>&lt;use&gt;</code> elements referencing an empty
container that were removed. By <a
href="https://github.com/johnkenny54"><code>@​johnkenny54</code></a> in
<a
href="https://redirect.github.com/svg/svgo/pull/2051">svg/svgo#2051</a></li>
<li><a
href="https://svgo.dev/docs/plugins/removeUnknownsAndDefaults/">removeUnknownsAndDefaults</a>,
don't remove attributes if they're referenced in attribute selectors
(CSS). By <a
href="https://github.com/SethFalco"><code>@​SethFalco</code></a> in <a
href="https://redirect.github.com/svg/svgo/pull/2144">svg/svgo#2144</a></li>
</ul>
<h3>Performance</h3>
<ul>
<li><a
href="https://svgo.dev/docs/plugins/convertPathData/">convertPathData</a>,
refactor to reduce redundant equality checks. By <a
href="https://github.com/Lorfdail"><code>@​Lorfdail</code></a> in <a
href="https://redirect.github.com/svg/svgo/pull/1764">svg/svgo#1764</a>
and <a
href="https://redirect.github.com/svg/svgo/pull/2135">svg/svgo#2135</a></li>
<li><a
href="https://svgo.dev/docs/plugins/removeHiddenElems/">removeHiddenElems</a>,
compute styles lazily. By <a
href="https://github.com/Lorfdail"><code>@​Lorfdail</code></a> in <a
href="https://redirect.github.com/svg/svgo/pull/1764">svg/svgo#1764</a>
and <a
href="https://redirect.github.com/svg/svgo/pull/2135">svg/svgo#2135</a></li>
</ul>
<h3>Other Changes</h3>
<ul>
<li>Plugins no longer include if they are enabled or disabled by
default, as this was written inconsistently. The
<code>--show-plugins</code> argument appends the presets a plugin is in
to the end of the line. By <a
href="https://github.com/viralcodex"><code>@​viralcodex</code></a> in <a
href="https://redirect.github.com/svg/svgo/pull/2174">svg/svgo#2174</a></li>
<li>Plugin/preset types to enforce the name start with
<code>preset-</code> if it is a preset (collection of plugins). By <a
href="https://github.com/SethFalco"><code>@​SethFalco</code></a> in <a
href="https://redirect.github.com/svg/svgo/pull/2178">svg/svgo#2178</a></li>
</ul>
<h2>Metrics</h2>
<p>Before and after of the browser bundle of each respective
version:</p>
<table>
<thead>
<tr>
<th></th>
<th>v4.0.0</th>
<th>v4.0.1</th>
<th>Delta</th>
</tr>
</thead>
<tbody>
<tr>
<td>svgo.browser.js</td>
<td>780.2 kB</td>
<td>781.5 kB</td>
<td>⬆️ 1.3 kB</td>
</tr>
</tbody>
</table>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/svg/svgo/commit/e691f5f85d9ff6c8f3bc75dc5150181d314b7f2d"><code>e691f5f</code></a>
Merge commit from fork</li>
<li><a
href="https://github.com/svg/svgo/commit/b1d9f1a5dd018ffcbd52b96678019ccf4312b22d"><code>b1d9f1a</code></a>
chore(deps): bump actions/upload-artifact from 6 to 7 (<a
href="https://redirect.github.com/svg/svgo/issues/2202">#2202</a>)</li>
<li><a
href="https://github.com/svg/svgo/commit/d724af1b75d9a76ffd0ff4aef95047a045deb2b6"><code>d724af1</code></a>
chore(deps): bump actions/checkout from 5 to 6 (<a
href="https://redirect.github.com/svg/svgo/issues/2195">#2195</a>)</li>
<li><a
href="https://github.com/svg/svgo/commit/4114b3236f4ee5d2e0db6506e09e2633d55bfab6"><code>4114b32</code></a>
chore(deps): bump actions/upload-artifact from 4 to 6 (<a
href="https://redirect.github.com/svg/svgo/issues/2196">#2196</a>)</li>
<li><a
href="https://github.com/svg/svgo/commit/c06d8f6899788defae9594537063c2f4307803e4"><code>c06d8f6</code></a>
chore: upgrade js-yaml and glob (<a
href="https://redirect.github.com/svg/svgo/issues/2191">#2191</a>)</li>
<li><a
href="https://github.com/svg/svgo/commit/26e86e5d722fbc1937446b23d53a1bf8e3f01e39"><code>26e86e5</code></a>
fix: remove unused &lt;use&gt; elements when deleting empty symbols (<a
href="https://redirect.github.com/svg/svgo/issues/2051">#2051</a>)</li>
<li><a
href="https://github.com/svg/svgo/commit/50c326bbff8eda6589f09504f87197b693ac6854"><code>50c326b</code></a>
perf: optimiztions to reduce regression test runtime (<a
href="https://redirect.github.com/svg/svgo/issues/2135">#2135</a>)</li>
<li><a
href="https://github.com/svg/svgo/commit/1f33cbe3aea1fd04d8272860d0356a5b107fd6cf"><code>1f33cbe</code></a>
ci: separate regression tests and write delta report (<a
href="https://redirect.github.com/svg/svgo/issues/2190">#2190</a>)</li>
<li><a
href="https://github.com/svg/svgo/commit/79a2167dc93aaff982686ec65846db714aae3e76"><code>79a2167</code></a>
ci: save test reports to artifacts (<a
href="https://redirect.github.com/svg/svgo/issues/2189">#2189</a>)</li>
<li><a
href="https://github.com/svg/svgo/commit/0ae52a02a5cc021e37d227a8d6ca68cf6ca28679"><code>0ae52a0</code></a>
chore(deps): bump actions/setup-node from 5 to 6 (<a
href="https://redirect.github.com/svg/svgo/issues/2187">#2187</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/svg/svgo/compare/v4.0.0...v4.0.1">compare
view</a></li>
</ul>
</details>
<br />


Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions
You can disable automated security fix PRs for this repo from the
[Security Alerts page](https://github.com/gnolang/gno/network/alerts).

</details>

---------

Signed-off-by: dependabot[bot] <support@github.com>
gnolang#5796)

Bumps the actions group with 29 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [actions/checkout](https://github.com/actions/checkout) | `5.0.1` |
`6.0.3` |
| [actions/setup-go](https://github.com/actions/setup-go) | `5.6.0` |
`6.4.0` |
|
[golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action)
| `8.0.0` | `9.2.1` |
| [actions/setup-node](https://github.com/actions/setup-node) | `4.4.0`
| `6.4.0` |
|
[docker/setup-buildx-action](https://github.com/docker/setup-buildx-action)
| `3.12.0` | `4.1.0` |
|
[tj-actions/changed-files](https://github.com/tj-actions/changed-files)
| `46.0.5` | `47.0.6` |
| [actions/upload-artifact](https://github.com/actions/upload-artifact)
| `4.6.2` | `7.0.1` |
|
[docker/build-push-action](https://github.com/docker/build-push-action)
| `6.19.2` | `7.2.0` |
|
[actions/download-artifact](https://github.com/actions/download-artifact)
| `4.3.0` | `8.0.1` |
| [actions/github-script](https://github.com/actions/github-script) |
`7.1.0` | `9.0.0` |
| [actions/configure-pages](https://github.com/actions/configure-pages)
| `5.0.0` | `6.0.0` |
|
[actions/upload-pages-artifact](https://github.com/actions/upload-pages-artifact)
| `4.0.0` | `5.0.0` |
| [actions/deploy-pages](https://github.com/actions/deploy-pages) |
`4.0.5` | `5.0.0` |
|
[zizmorcore/zizmor-action](https://github.com/zizmorcore/zizmor-action)
| `0.5.2` | `0.5.6` |
| [actions/cache](https://github.com/actions/cache) | `4.3.0` | `5.0.5`
|
| [github/codeql-action](https://github.com/github/codeql-action) |
`3.35.1` | `4.36.1` |
|
[stefanzweifel/git-auto-commit-action](https://github.com/stefanzweifel/git-auto-commit-action)
| `6.0.1` | `7.1.0` |
| [coursier/cache-action](https://github.com/coursier/cache-action) |
`6.4.9` | `8.1.1` |
| [coursier/setup-action](https://github.com/coursier/setup-action) |
`1.3.9` | `3.0.0` |
|
[toshimaru/auto-author-assign](https://github.com/toshimaru/auto-author-assign)
| `2.1.1` | `3.0.2` |
| [actions/labeler](https://github.com/actions/labeler) | `5.0.0` |
`6.1.0` |
| [actions/stale](https://github.com/actions/stale) | `9.1.0` | `10.3.0`
|
| [docker/login-action](https://github.com/docker/login-action) |
`3.7.0` | `4.2.0` |
| [docker/metadata-action](https://github.com/docker/metadata-action) |
`5.10.0` | `6.1.0` |
| [docker/bake-action](https://github.com/docker/bake-action) | `6.10.0`
| `7.2.0` |
|
[sigstore/cosign-installer](https://github.com/sigstore/cosign-installer)
| `3.9.2` | `4.1.2` |
| [anchore/sbom-action](https://github.com/anchore/sbom-action) |
`0.20.5` | `0.24.0` |
|
[docker/setup-qemu-action](https://github.com/docker/setup-qemu-action)
| `3.7.0` | `4.1.0` |
|
[goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action)
| `6.4.0` | `7.2.2` |


Updates `actions/checkout` from 5.0.1 to 6.0.3
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/checkout/releases">actions/checkout's
releases</a>.</em></p>
<blockquote>
<h2>v6.0.3</h2>
<h2>What's Changed</h2>
<ul>
<li>Update changelog by <a
href="https://github.com/ericsciple"><code>@​ericsciple</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2357">actions/checkout#2357</a></li>
<li>fix: expand merge commit SHA regex and add SHA-256 test cases by <a
href="https://github.com/yaananth"><code>@​yaananth</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2414">actions/checkout#2414</a></li>
<li>Fix checkout init for SHA-256 repositories by <a
href="https://github.com/yaananth"><code>@​yaananth</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2439">actions/checkout#2439</a></li>
<li>Update changelog for v6.0.3 by <a
href="https://github.com/yaananth"><code>@​yaananth</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2446">actions/checkout#2446</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/yaananth"><code>@​yaananth</code></a>
made their first contribution in <a
href="https://redirect.github.com/actions/checkout/pull/2414">actions/checkout#2414</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/checkout/compare/v6...v6.0.3">https://github.com/actions/checkout/compare/v6...v6.0.3</a></p>
<h2>v6.0.2</h2>
<h2>What's Changed</h2>
<ul>
<li>Add orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID
is set by <a
href="https://github.com/TingluoHuang"><code>@​TingluoHuang</code></a>
in <a
href="https://redirect.github.com/actions/checkout/pull/2355">actions/checkout#2355</a></li>
<li>Fix tag handling: preserve annotations and explicit fetch-tags by <a
href="https://github.com/ericsciple"><code>@​ericsciple</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2356">actions/checkout#2356</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/checkout/compare/v6.0.1...v6.0.2">https://github.com/actions/checkout/compare/v6.0.1...v6.0.2</a></p>
<h2>v6.0.1</h2>
<h2>What's Changed</h2>
<ul>
<li>Update all references from v5 and v4 to v6 by <a
href="https://github.com/ericsciple"><code>@​ericsciple</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2314">actions/checkout#2314</a></li>
<li>Add worktree support for persist-credentials includeIf by <a
href="https://github.com/ericsciple"><code>@​ericsciple</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2327">actions/checkout#2327</a></li>
<li>Clarify v6 README by <a
href="https://github.com/ericsciple"><code>@​ericsciple</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2328">actions/checkout#2328</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/checkout/compare/v6...v6.0.1">https://github.com/actions/checkout/compare/v6...v6.0.1</a></p>
<h2>v6.0.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Update README to include Node.js 24 support details and requirements
by <a href="https://github.com/salmanmkc"><code>@​salmanmkc</code></a>
in <a
href="https://redirect.github.com/actions/checkout/pull/2248">actions/checkout#2248</a></li>
<li>Persist creds to a separate file by <a
href="https://github.com/ericsciple"><code>@​ericsciple</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2286">actions/checkout#2286</a></li>
<li>v6-beta by <a
href="https://github.com/ericsciple"><code>@​ericsciple</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2298">actions/checkout#2298</a></li>
<li>update readme/changelog for v6 by <a
href="https://github.com/ericsciple"><code>@​ericsciple</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2311">actions/checkout#2311</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/checkout/compare/v5.0.0...v6.0.0">https://github.com/actions/checkout/compare/v5.0.0...v6.0.0</a></p>
<h2>v6-beta</h2>
<h2>What's Changed</h2>
<p>Updated persist-credentials to store the credentials under
<code>$RUNNER_TEMP</code> instead of directly in the local git
config.</p>
<p>This requires a minimum Actions Runner version of <a
href="https://github.com/actions/runner/releases/tag/v2.329.0">v2.329.0</a>
to access the persisted credentials for <a
href="https://docs.github.com/en/actions/tutorials/use-containerized-services/create-a-docker-container-action">Docker
container action</a> scenarios.</p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/actions/checkout/blob/main/CHANGELOG.md">actions/checkout's
changelog</a>.</em></p>
<blockquote>
<h1>Changelog</h1>
<h2>v6.0.3</h2>
<ul>
<li>Fix checkout init for SHA-256 repositories by <a
href="https://github.com/yaananth"><code>@​yaananth</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2439">actions/checkout#2439</a></li>
<li>fix: expand merge commit SHA regex and add SHA-256 test cases by <a
href="https://github.com/yaananth"><code>@​yaananth</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2414">actions/checkout#2414</a></li>
</ul>
<h2>v6.0.2</h2>
<ul>
<li>Fix tag handling: preserve annotations and explicit fetch-tags by <a
href="https://github.com/ericsciple"><code>@​ericsciple</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2356">actions/checkout#2356</a></li>
</ul>
<h2>v6.0.1</h2>
<ul>
<li>Add worktree support for persist-credentials includeIf by <a
href="https://github.com/ericsciple"><code>@​ericsciple</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2327">actions/checkout#2327</a></li>
</ul>
<h2>v6.0.0</h2>
<ul>
<li>Persist creds to a separate file by <a
href="https://github.com/ericsciple"><code>@​ericsciple</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2286">actions/checkout#2286</a></li>
<li>Update README to include Node.js 24 support details and requirements
by <a href="https://github.com/salmanmkc"><code>@​salmanmkc</code></a>
in <a
href="https://redirect.github.com/actions/checkout/pull/2248">actions/checkout#2248</a></li>
</ul>
<h2>v5.0.1</h2>
<ul>
<li>Port v6 cleanup to v5 by <a
href="https://github.com/ericsciple"><code>@​ericsciple</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2301">actions/checkout#2301</a></li>
</ul>
<h2>v5.0.0</h2>
<ul>
<li>Update actions checkout to use node 24 by <a
href="https://github.com/salmanmkc"><code>@​salmanmkc</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2226">actions/checkout#2226</a></li>
</ul>
<h2>v4.3.1</h2>
<ul>
<li>Port v6 cleanup to v4 by <a
href="https://github.com/ericsciple"><code>@​ericsciple</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2305">actions/checkout#2305</a></li>
</ul>
<h2>v4.3.0</h2>
<ul>
<li>docs: update README.md by <a
href="https://github.com/motss"><code>@​motss</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1971">actions/checkout#1971</a></li>
<li>Add internal repos for checking out multiple repositories by <a
href="https://github.com/mouismail"><code>@​mouismail</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1977">actions/checkout#1977</a></li>
<li>Documentation update - add recommended permissions to Readme by <a
href="https://github.com/benwells"><code>@​benwells</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2043">actions/checkout#2043</a></li>
<li>Adjust positioning of user email note and permissions heading by <a
href="https://github.com/joshmgross"><code>@​joshmgross</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2044">actions/checkout#2044</a></li>
<li>Update README.md by <a
href="https://github.com/nebuk89"><code>@​nebuk89</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2194">actions/checkout#2194</a></li>
<li>Update CODEOWNERS for actions by <a
href="https://github.com/TingluoHuang"><code>@​TingluoHuang</code></a>
in <a
href="https://redirect.github.com/actions/checkout/pull/2224">actions/checkout#2224</a></li>
<li>Update package dependencies by <a
href="https://github.com/salmanmkc"><code>@​salmanmkc</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2236">actions/checkout#2236</a></li>
</ul>
<h2>v4.2.2</h2>
<ul>
<li><code>url-helper.ts</code> now leverages well-known environment
variables by <a href="https://github.com/jww3"><code>@​jww3</code></a>
in <a
href="https://redirect.github.com/actions/checkout/pull/1941">actions/checkout#1941</a></li>
<li>Expand unit test coverage for <code>isGhes</code> by <a
href="https://github.com/jww3"><code>@​jww3</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1946">actions/checkout#1946</a></li>
</ul>
<h2>v4.2.1</h2>
<ul>
<li>Check out other refs/* by commit if provided, fall back to ref by <a
href="https://github.com/orhantoy"><code>@​orhantoy</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1924">actions/checkout#1924</a></li>
</ul>
<h2>v4.2.0</h2>
<ul>
<li>Add Ref and Commit outputs by <a
href="https://github.com/lucacome"><code>@​lucacome</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1180">actions/checkout#1180</a></li>
<li>Dependency updates by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>- <a
href="https://redirect.github.com/actions/checkout/pull/1777">actions/checkout#1777</a>,
<a
href="https://redirect.github.com/actions/checkout/pull/1872">actions/checkout#1872</a></li>
</ul>
<h2>v4.1.7</h2>
<ul>
<li>Bump the minor-npm-dependencies group across 1 directory with 4
updates by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1739">actions/checkout#1739</a></li>
<li>Bump actions/checkout from 3 to 4 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1697">actions/checkout#1697</a></li>
<li>Check out other refs/* by commit by <a
href="https://github.com/orhantoy"><code>@​orhantoy</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1774">actions/checkout#1774</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/actions/checkout/commit/df4cb1c069e1874edd31b4311f1884172cec0e10"><code>df4cb1c</code></a>
Update changelog for v6.0.3 (<a
href="https://redirect.github.com/actions/checkout/issues/2446">#2446</a>)</li>
<li><a
href="https://github.com/actions/checkout/commit/1cce3390c2bfda521930d01229c073c7ff920824"><code>1cce339</code></a>
Fix checkout init for SHA-256 repositories (<a
href="https://redirect.github.com/actions/checkout/issues/2439">#2439</a>)</li>
<li><a
href="https://github.com/actions/checkout/commit/900f2210b1d28bbbd0bd22d17926b9e224e8f231"><code>900f221</code></a>
fix: expand merge commit SHA regex and add SHA-256 test cases (<a
href="https://redirect.github.com/actions/checkout/issues/2414">#2414</a>)</li>
<li><a
href="https://github.com/actions/checkout/commit/0c366fd6a839edf440554fa01a7085ccba70ac98"><code>0c366fd</code></a>
Update changelog (<a
href="https://redirect.github.com/actions/checkout/issues/2357">#2357</a>)</li>
<li><a
href="https://github.com/actions/checkout/commit/de0fac2e4500dabe0009e67214ff5f5447ce83dd"><code>de0fac2</code></a>
Fix tag handling: preserve annotations and explicit fetch-tags (<a
href="https://redirect.github.com/actions/checkout/issues/2356">#2356</a>)</li>
<li><a
href="https://github.com/actions/checkout/commit/064fe7f3312418007dea2b49a19844a9ee378f49"><code>064fe7f</code></a>
Add orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID is
set (...</li>
<li><a
href="https://github.com/actions/checkout/commit/8e8c483db84b4bee98b60c0593521ed34d9990e8"><code>8e8c483</code></a>
Clarify v6 README (<a
href="https://redirect.github.com/actions/checkout/issues/2328">#2328</a>)</li>
<li><a
href="https://github.com/actions/checkout/commit/033fa0dc0b82693d8986f1016a0ec2c5e7d9cbb1"><code>033fa0d</code></a>
Add worktree support for persist-credentials includeIf (<a
href="https://redirect.github.com/actions/checkout/issues/2327">#2327</a>)</li>
<li><a
href="https://github.com/actions/checkout/commit/c2d88d3ecc89a9ef08eebf45d9637801dcee7eb5"><code>c2d88d3</code></a>
Update all references from v5 and v4 to v6 (<a
href="https://redirect.github.com/actions/checkout/issues/2314">#2314</a>)</li>
<li><a
href="https://github.com/actions/checkout/commit/1af3b93b6815bc44a9784bd300feb67ff0d1eeb3"><code>1af3b93</code></a>
update readme/changelog for v6 (<a
href="https://redirect.github.com/actions/checkout/issues/2311">#2311</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/actions/checkout/compare/93cb6efe18208431cddfb8368fd83d5badbf9bfd...df4cb1c069e1874edd31b4311f1884172cec0e10">compare
view</a></li>
</ul>
</details>
<br />

Updates `actions/setup-go` from 5.6.0 to 6.4.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/setup-go/releases">actions/setup-go's
releases</a>.</em></p>
<blockquote>
<h2>v6.4.0</h2>
<h2>What's Changed</h2>
<h3>Enhancement</h3>
<ul>
<li>Add go-download-base-url input for custom Go distributions by <a
href="https://github.com/gdams"><code>@​gdams</code></a> in <a
href="https://redirect.github.com/actions/setup-go/pull/721">actions/setup-go#721</a></li>
</ul>
<h3>Dependency update</h3>
<ul>
<li>Upgrade minimatch from 3.1.2 to 3.1.5 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/actions/setup-go/pull/727">actions/setup-go#727</a></li>
</ul>
<h3>Documentation update</h3>
<ul>
<li>Rearrange README.md, add advanced-usage.md by <a
href="https://github.com/priyagupta108"><code>@​priyagupta108</code></a>
in <a
href="https://redirect.github.com/actions/setup-go/pull/724">actions/setup-go#724</a></li>
<li>Fix Microsoft build of Go link by <a
href="https://github.com/gdams"><code>@​gdams</code></a> in <a
href="https://redirect.github.com/actions/setup-go/pull/734">actions/setup-go#734</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/gdams"><code>@​gdams</code></a> made
their first contribution in <a
href="https://redirect.github.com/actions/setup-go/pull/721">actions/setup-go#721</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/setup-go/compare/v6...v6.4.0">https://github.com/actions/setup-go/compare/v6...v6.4.0</a></p>
<h2>v6.3.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Update default Go module caching to use go.mod by <a
href="https://github.com/priyagupta108"><code>@​priyagupta108</code></a>
in <a
href="https://redirect.github.com/actions/setup-go/pull/705">actions/setup-go#705</a></li>
<li>Fix golang download url to go.dev by <a
href="https://github.com/178inaba"><code>@​178inaba</code></a> in <a
href="https://redirect.github.com/actions/setup-go/pull/469">actions/setup-go#469</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/setup-go/compare/v6...v6.3.0">https://github.com/actions/setup-go/compare/v6...v6.3.0</a></p>
<h2>v6.2.0</h2>
<h2>What's Changed</h2>
<h3>Enhancements</h3>
<ul>
<li>Example for restore-only cache in documentation by <a
href="https://github.com/aparnajyothi-y"><code>@​aparnajyothi-y</code></a>
in <a
href="https://redirect.github.com/actions/setup-go/pull/696">actions/setup-go#696</a></li>
<li>Update Node.js version in action.yml by <a
href="https://github.com/ccoVeille"><code>@​ccoVeille</code></a> in <a
href="https://redirect.github.com/actions/setup-go/pull/691">actions/setup-go#691</a></li>
<li>Documentation update of actions/checkout by <a
href="https://github.com/deining"><code>@​deining</code></a> in <a
href="https://redirect.github.com/actions/setup-go/pull/683">actions/setup-go#683</a></li>
</ul>
<h3>Dependency updates</h3>
<ul>
<li>Upgrade js-yaml from 3.14.1 to 3.14.2 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/actions/setup-go/pull/682">actions/setup-go#682</a></li>
<li>Upgrade <code>@​actions/cache</code> to v5 by <a
href="https://github.com/salmanmkc"><code>@​salmanmkc</code></a> in <a
href="https://redirect.github.com/actions/setup-go/pull/695">actions/setup-go#695</a></li>
<li>Upgrade actions/checkout from 5 to 6 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/actions/setup-go/pull/686">actions/setup-go#686</a></li>
<li>Upgrade qs from 6.14.0 to 6.14.1 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/actions/setup-go/pull/703">actions/setup-go#703</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/ccoVeille"><code>@​ccoVeille</code></a>
made their first contribution in <a
href="https://redirect.github.com/actions/setup-go/pull/691">actions/setup-go#691</a></li>
<li><a href="https://github.com/deining"><code>@​deining</code></a> made
their first contribution in <a
href="https://redirect.github.com/actions/setup-go/pull/683">actions/setup-go#683</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/setup-go/compare/v6...v6.2.0">https://github.com/actions/setup-go/compare/v6...v6.2.0</a></p>
<h2>v6.1.0</h2>
<h2>What's Changed</h2>
<h3>Enhancements</h3>
<ul>
<li>Fall back to downloading from go.dev/dl instead of
storage.googleapis.com/golang by <a
href="https://github.com/nicholasngai"><code>@​nicholasngai</code></a>
in <a
href="https://redirect.github.com/actions/setup-go/pull/665">actions/setup-go#665</a></li>
<li>Add support for .tool-versions file and update workflow by <a
href="https://github.com/priya-kinthali"><code>@​priya-kinthali</code></a>
in <a
href="https://redirect.github.com/actions/setup-go/pull/673">actions/setup-go#673</a></li>
<li>Add comprehensive breaking changes documentation for v6 by <a
href="https://github.com/mahabaleshwars"><code>@​mahabaleshwars</code></a>
in <a
href="https://redirect.github.com/actions/setup-go/pull/674">actions/setup-go#674</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/actions/setup-go/commit/4a3601121dd01d1626a1e23e37211e3254c1c06c"><code>4a36011</code></a>
docs: fix Microsoft build of Go link (<a
href="https://redirect.github.com/actions/setup-go/issues/734">#734</a>)</li>
<li><a
href="https://github.com/actions/setup-go/commit/8f19afcc704763637be6b1718da0af52ca05785d"><code>8f19afc</code></a>
feat: add go-download-base-url input for custom Go distributions (<a
href="https://redirect.github.com/actions/setup-go/issues/721">#721</a>)</li>
<li><a
href="https://github.com/actions/setup-go/commit/27fdb267c15a8835f1ead03dfa07f89be2bb741a"><code>27fdb26</code></a>
Bump minimatch from 3.1.2 to 3.1.5 (<a
href="https://redirect.github.com/actions/setup-go/issues/727">#727</a>)</li>
<li><a
href="https://github.com/actions/setup-go/commit/def8c394e3ad351a79bc93815e4a585520fe993b"><code>def8c39</code></a>
Rearrange README.md, add advanced-usage.md (<a
href="https://redirect.github.com/actions/setup-go/issues/724">#724</a>)</li>
<li><a
href="https://github.com/actions/setup-go/commit/4b73464bb391d4059bd26b0524d20df3927bd417"><code>4b73464</code></a>
Fix golang download url to go.dev (<a
href="https://redirect.github.com/actions/setup-go/issues/469">#469</a>)</li>
<li><a
href="https://github.com/actions/setup-go/commit/a5f9b05d2d216f63e13859e0d847461041025775"><code>a5f9b05</code></a>
Update default Go module caching to use go.mod (<a
href="https://redirect.github.com/actions/setup-go/issues/705">#705</a>)</li>
<li><a
href="https://github.com/actions/setup-go/commit/7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5"><code>7a3fe6c</code></a>
Bump qs from 6.14.0 to 6.14.1 (<a
href="https://redirect.github.com/actions/setup-go/issues/703">#703</a>)</li>
<li><a
href="https://github.com/actions/setup-go/commit/b9adafd441833a027479ddd0db37eaece68d35cb"><code>b9adafd</code></a>
Bump actions/checkout from 5 to 6 (<a
href="https://redirect.github.com/actions/setup-go/issues/686">#686</a>)</li>
<li><a
href="https://github.com/actions/setup-go/commit/d73f6bcfc2b419b74f47075f8a487b40cc4680f8"><code>d73f6bc</code></a>
README.md: correct to actions/checkout@v6 (<a
href="https://redirect.github.com/actions/setup-go/issues/683">#683</a>)</li>
<li><a
href="https://github.com/actions/setup-go/commit/ae252ee6fb24babc50e89fc67c4aa608e69fbf8f"><code>ae252ee</code></a>
Bump <code>@​actions/cache</code> to v5 (<a
href="https://redirect.github.com/actions/setup-go/issues/695">#695</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/actions/setup-go/compare/40f1582b2485089dde7abd97c1529aa768e1baff...4a3601121dd01d1626a1e23e37211e3254c1c06c">compare
view</a></li>
</ul>
</details>
<br />

Updates `golangci/golangci-lint-action` from 8.0.0 to 9.2.1
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/golangci/golangci-lint-action/releases">golangci/golangci-lint-action's
releases</a>.</em></p>
<blockquote>
<h2>v9.2.1</h2>
<h2>What's Changed</h2>
<p>IMPORTANT: this is the first immutable release.</p>
<h3>Changes</h3>
<ul>
<li>chore: improve workflows by <a
href="https://github.com/ldez"><code>@​ldez</code></a> in <a
href="https://redirect.github.com/golangci/golangci-lint-action/pull/1394">golangci/golangci-lint-action#1394</a></li>
</ul>
<h3>Dependencies</h3>
<ul>
<li>build(deps-dev): bump the dev-dependencies group with 3 updates by
<a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/golangci/golangci-lint-action/pull/1325">golangci/golangci-lint-action#1325</a></li>
<li>build(deps-dev): bump the dev-dependencies group with 2 updates by
<a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/golangci/golangci-lint-action/pull/1326">golangci/golangci-lint-action#1326</a></li>
<li>build(deps): bump the dependencies group with 4 updates by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/golangci/golangci-lint-action/pull/1327">golangci/golangci-lint-action#1327</a></li>
<li>build(deps-dev): bump the dev-dependencies group with 2 updates by
<a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/golangci/golangci-lint-action/pull/1328">golangci/golangci-lint-action#1328</a></li>
<li>build(deps): bump <code>@​types/node</code> from 25.0.2 to 25.0.3 in
the dependencies group by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/golangci/golangci-lint-action/pull/1329">golangci/golangci-lint-action#1329</a></li>
<li>build(deps-dev): bump the dev-dependencies group with 2 updates by
<a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/golangci/golangci-lint-action/pull/1330">golangci/golangci-lint-action#1330</a></li>
<li>build(deps-dev): bump the dev-dependencies group with 2 updates by
<a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/golangci/golangci-lint-action/pull/1332">golangci/golangci-lint-action#1332</a></li>
<li>build(deps-dev): bump the dev-dependencies group with 2 updates by
<a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/golangci/golangci-lint-action/pull/1333">golangci/golangci-lint-action#1333</a></li>
<li>build(deps): bump the dependencies group with 6 updates by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/golangci/golangci-lint-action/pull/1334">golangci/golangci-lint-action#1334</a></li>
<li>build(deps-dev): bump the dev-dependencies group with 4 updates by
<a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/golangci/golangci-lint-action/pull/1335">golangci/golangci-lint-action#1335</a></li>
<li>build(deps): bump the dependencies group with 2 updates by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/golangci/golangci-lint-action/pull/1336">golangci/golangci-lint-action#1336</a></li>
<li>build(deps-dev): bump the dev-dependencies group with 3 updates by
<a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/golangci/golangci-lint-action/pull/1337">golangci/golangci-lint-action#1337</a></li>
<li>build(deps): bump <code>@​types/node</code> from 25.0.9 to 25.0.10
in the dependencies group by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/golangci/golangci-lint-action/pull/1338">golangci/golangci-lint-action#1338</a></li>
<li>build(deps): bump fast-xml-parser from 5.3.3 to 5.3.4 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/golangci/golangci-lint-action/pull/1339">golangci/golangci-lint-action#1339</a></li>
<li>build(deps-dev): bump the dev-dependencies group with 2 updates by
<a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/golangci/golangci-lint-action/pull/1340">golangci/golangci-lint-action#1340</a></li>
<li>build(deps-dev): bump the dev-dependencies group across 1 directory
with 3 updates by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/golangci/golangci-lint-action/pull/1344">golangci/golangci-lint-action#1344</a></li>
<li>build(deps): bump fast-xml-parser from 5.3.4 to 5.3.6 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/golangci/golangci-lint-action/pull/1346">golangci/golangci-lint-action#1346</a></li>
<li>build(deps): bump minimatch by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/golangci/golangci-lint-action/pull/1348">golangci/golangci-lint-action#1348</a></li>
<li>build(deps): bump minimatch from 3.1.3 to 3.1.5 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/golangci/golangci-lint-action/pull/1350">golangci/golangci-lint-action#1350</a></li>
<li>build(deps): bump fast-xml-parser from 5.3.6 to 5.4.1 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/golangci/golangci-lint-action/pull/1351">golangci/golangci-lint-action#1351</a></li>
<li>build(deps): bump fast-xml-parser from 5.4.1 to 5.5.6 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/golangci/golangci-lint-action/pull/1357">golangci/golangci-lint-action#1357</a></li>
<li>build(deps): bump fast-xml-parser from 5.5.6 to 5.5.7 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/golangci/golangci-lint-action/pull/1358">golangci/golangci-lint-action#1358</a></li>
<li>build(deps-dev): bump flatted from 3.3.3 to 3.4.2 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/golangci/golangci-lint-action/pull/1359">golangci/golangci-lint-action#1359</a></li>
<li>build(deps): bump picomatch from 4.0.3 to 4.0.4 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/golangci/golangci-lint-action/pull/1364">golangci/golangci-lint-action#1364</a></li>
<li>build(deps): bump yaml from 2.8.2 to 2.8.3 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/golangci/golangci-lint-action/pull/1365">golangci/golangci-lint-action#1365</a></li>
<li>build(deps): bump brace-expansion by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/golangci/golangci-lint-action/pull/1370">golangci/golangci-lint-action#1370</a></li>
<li>build(deps-dev): bump the dev-dependencies group across 1 directory
with 7 updates by <a
href="https://github.com/ldez"><code>@​ldez</code></a> in <a
href="https://redirect.github.com/golangci/golangci-lint-action/pull/1374">golangci/golangci-lint-action#1374</a></li>
<li>build(deps): bump github/codeql-action from 4 to 4.35.2 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/golangci/golangci-lint-action/pull/1384">golangci/golangci-lint-action#1384</a></li>
<li>build(deps): bump fast-xml-builder from 1.1.5 to 1.2.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/golangci/golangci-lint-action/pull/1386">golangci/golangci-lint-action#1386</a></li>
<li>build(deps): bump github/codeql-action from 4.35.2 to 4.35.3 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/golangci/golangci-lint-action/pull/1389">golangci/golangci-lint-action#1389</a></li>
<li>build(deps): bump github/codeql-action from 4.35.3 to 4.35.4 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/golangci/golangci-lint-action/pull/1391">golangci/golangci-lint-action#1391</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/golangci/golangci-lint-action/compare/v9.2.0...v9.2.1">https://github.com/golangci/golangci-lint-action/compare/v9.2.0...v9.2.1</a></p>
<h2>v9.2.0</h2>
<!-- raw HTML omitted -->
<h2>What's Changed</h2>
<h3>Changes</h3>
<ul>
<li>feat: add version-file option by <a
href="https://github.com/ldez"><code>@​ldez</code></a> in <a
href="https://redirect.github.com/golangci/golangci-lint-action/pull/1320">golangci/golangci-lint-action#1320</a></li>
<li>chore: move samples into fixtures by <a
href="https://github.com/ldez"><code>@​ldez</code></a> in <a
href="https://redirect.github.com/golangci/golangci-lint-action/pull/1321">golangci/golangci-lint-action#1321</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/golangci/golangci-lint-action/commit/82606bf257cbaff209d206a39f5134f0cfbfd2ee"><code>82606bf</code></a>
chore: prepare release v9.2.1</li>
<li><a
href="https://github.com/golangci/golangci-lint-action/commit/97c8387e660fa3be78f698fb592523e1f906a02c"><code>97c8387</code></a>
chore: improve workflows (<a
href="https://redirect.github.com/golangci/golangci-lint-action/issues/1394">#1394</a>)</li>
<li><a
href="https://github.com/golangci/golangci-lint-action/commit/28d0a191bb76f633872d1f12600dd9900ac73840"><code>28d0a19</code></a>
build(deps): bump the dependencies group across 1 directory with 2
updates</li>
<li><a
href="https://github.com/golangci/golangci-lint-action/commit/633fbc7d54a1fe7d54f72fb83194a7d442beb929"><code>633fbc7</code></a>
build(deps): bump github/codeql-action from 4.35.3 to 4.35.4 (<a
href="https://redirect.github.com/golangci/golangci-lint-action/issues/1391">#1391</a>)</li>
<li><a
href="https://github.com/golangci/golangci-lint-action/commit/59f43e26c902dadac745307f8cf2537da50ad344"><code>59f43e2</code></a>
build(deps): bump github/codeql-action from 4.35.2 to 4.35.3 (<a
href="https://redirect.github.com/golangci/golangci-lint-action/issues/1389">#1389</a>)</li>
<li><a
href="https://github.com/golangci/golangci-lint-action/commit/9eb174e04acac69b4b7f6602f9a5cc384ba59b45"><code>9eb174e</code></a>
build(deps): bump fast-xml-builder from 1.1.5 to 1.2.0 (<a
href="https://redirect.github.com/golangci/golangci-lint-action/issues/1386">#1386</a>)</li>
<li><a
href="https://github.com/golangci/golangci-lint-action/commit/4f52504dfb47d09a983372e869f643e9e0d4014b"><code>4f52504</code></a>
build(deps): bump github/codeql-action from 4 to 4.35.2 (<a
href="https://redirect.github.com/golangci/golangci-lint-action/issues/1384">#1384</a>)</li>
<li><a
href="https://github.com/golangci/golangci-lint-action/commit/6f87dfdbd16618b59a5d86104adea6216152a47c"><code>6f87dfd</code></a>
docs: update examples</li>
<li><a
href="https://github.com/golangci/golangci-lint-action/commit/c9500d7aa7797b3e999034a3e6a0b9a4f18e8708"><code>c9500d7</code></a>
chore: improve workflows</li>
<li><a
href="https://github.com/golangci/golangci-lint-action/commit/03b1faa37ed78712fa70fc44b56fa553f0d7a6bc"><code>03b1faa</code></a>
chore: improve issue templates</li>
<li>Additional commits viewable in <a
href="https://github.com/golangci/golangci-lint-action/compare/4afd733a84b1f43292c63897423277bb7f4313a9...82606bf257cbaff209d206a39f5134f0cfbfd2ee">compare
view</a></li>
</ul>
</details>
<br />

Updates `actions/setup-node` from 4.4.0 to 6.4.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/setup-node/releases">actions/setup-node's
releases</a>.</em></p>
<blockquote>
<h2>v6.4.0</h2>
<h2>What's Changed</h2>
<h3>Dependency updates:</h3>
<ul>
<li>Upgrade <a
href="https://github.com/actions"><code>@​actions</code></a>
dependencies by <a
href="https://github.com/Copilot"><code>@​Copilot</code></a> in <a
href="https://redirect.github.com/actions/setup-node/pull/1525">actions/setup-node#1525</a></li>
<li>Update Node.js versions in versions.yml and bump package to v6.4.0
by <a
href="https://github.com/priya-kinthali"><code>@​priya-kinthali</code></a>
in <a
href="https://redirect.github.com/actions/setup-node/pull/1533">actions/setup-node#1533</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/Copilot"><code>@​Copilot</code></a> made
their first contribution in <a
href="https://redirect.github.com/actions/setup-node/pull/1525">actions/setup-node#1525</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/setup-node/compare/v6...v6.4.0">https://github.com/actions/setup-node/compare/v6...v6.4.0</a></p>
<h2>v6.3.0</h2>
<h2>What's Changed</h2>
<h3>Enhancements:</h3>
<ul>
<li>Support parsing <code>devEngines</code> field by <a
href="https://github.com/susnux"><code>@​susnux</code></a> in <a
href="https://redirect.github.com/actions/setup-node/pull/1283">actions/setup-node#1283</a></li>
</ul>
<blockquote>
<p>When using node-version-file: package.json, setup-node now
prefers devEngines.runtime over engines.node.</p>
</blockquote>
<h3>Dependency updates:</h3>
<ul>
<li>Fix npm audit issues by <a
href="https://github.com/gowridurgad"><code>@​gowridurgad</code></a> in
<a
href="https://redirect.github.com/actions/setup-node/pull/1491">actions/setup-node#1491</a></li>
<li>Replace uuid with crypto.randomUUID() by <a
href="https://github.com/trivikr"><code>@​trivikr</code></a> in <a
href="https://redirect.github.com/actions/setup-node/pull/1378">actions/setup-node#1378</a></li>
<li>Upgrade minimatch from 3.1.2 to 3.1.5 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/actions/setup-node/pull/1498">actions/setup-node#1498</a></li>
</ul>
<h3>Bug fixes:</h3>
<ul>
<li>Remove hardcoded bearer for mirror-url <a
href="https://github.com/marco-ippolito"><code>@​marco-ippolito</code></a>
in <a
href="https://redirect.github.com/actions/setup-node/pull/1467">actions/setup-node#1467</a></li>
<li>Scope test lockfiles by package manager and update cache tests by <a
href="https://github.com/gowridurgad"><code>@​gowridurgad</code></a> in
<a
href="https://redirect.github.com/actions/setup-node/pull/1495">actions/setup-node#1495</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/susnux"><code>@​susnux</code></a> made
their first contribution in <a
href="https://redirect.github.com/actions/setup-node/pull/1283">actions/setup-node#1283</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/setup-node/compare/v6...v6.3.0">https://github.com/actions/setup-node/compare/v6...v6.3.0</a></p>
<h2>v6.2.0</h2>
<h2>What's Changed</h2>
<h3>Documentation</h3>
<ul>
<li>Documentation update related to absence of Lockfile by <a
href="https://github.com/mahabaleshwars"><code>@​mahabaleshwars</code></a>
in <a
href="https://redirect.github.com/actions/setup-node/pull/1454">actions/setup-node#1454</a></li>
<li>Correct mirror option typos by <a
href="https://github.com/MikeMcC399"><code>@​MikeMcC399</code></a> in <a
href="https://redirect.github.com/actions/setup-node/pull/1442">actions/setup-node#1442</a></li>
<li>Readme update on checkout version v6 by <a
href="https://github.com/deining"><code>@​deining</code></a> in <a
href="https://redirect.github.com/actions/setup-node/pull/1446">actions/setup-node#1446</a></li>
<li>Readme typo fixes <a
href="https://github.com/munyari"><code>@​munyari</code></a> in <a
href="https://redirect.github.com/actions/setup-node/pull/1226">actions/setup-node#1226</a></li>
<li>Advanced document update on checkout version v6 by <a
href="https://github.com/aparnajyothi-y"><code>@​aparnajyothi-y</code></a>
in <a
href="https://redirect.github.com/actions/setup-node/pull/1468">actions/setup-node#1468</a></li>
</ul>
<h3>Dependency updates:</h3>
<ul>
<li>Upgrade <code>@​actions/cache</code> to v5.0.1 by <a
href="https://github.com/salmanmkc"><code>@​salmanmkc</code></a> in <a
href="https://redirect.github.com/actions/setup-node/pull/1449">actions/setup-node#1449</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/mahabaleshwars"><code>@​mahabaleshwars</code></a>
made their first contribution in <a
href="https://redirect.github.com/actions/setup-node/pull/1454">actions/setup-node#1454</a></li>
<li><a
href="https://github.com/MikeMcC399"><code>@​MikeMcC399</code></a> made
their first contribution in <a
href="https://redirect.github.com/actions/setup-node/pull/1442">actions/setup-node#1442</a></li>
<li><a href="https://github.com/deining"><code>@​deining</code></a> made
their first contribution in <a
href="https://redirect.github.com/actions/setup-node/pull/1446">actions/setup-node#1446</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/actions/setup-node/commit/48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e"><code>48b55a0</code></a>
Update Node.js versions in versions.yml and bump package to v6.4.0 (<a
href="https://redirect.github.com/actions/setup-node/issues/1533">#1533</a>)</li>
<li><a
href="https://github.com/actions/setup-node/commit/ab72c7e7eba0eaa11f8cab0f5679243900c2cac9"><code>ab72c7e</code></a>
Upgrade <a href="https://github.com/actions"><code>@​actions</code></a>
dependencies (<a
href="https://redirect.github.com/actions/setup-node/issues/1525">#1525</a>)</li>
<li><a
href="https://github.com/actions/setup-node/commit/53b83947a5a98c8d113130e565377fae1a50d02f"><code>53b8394</code></a>
Bump minimatch from 3.1.2 to 3.1.5 (<a
href="https://redirect.github.com/actions/setup-node/issues/1498">#1498</a>)</li>
<li><a
href="https://github.com/actions/setup-node/commit/54045abd5dcd3b0fee9ca02fa24c57545834c9cc"><code>54045ab</code></a>
Scope test lockfiles by package manager and update cache tests (<a
href="https://redirect.github.com/actions/setup-node/issues/1495">#1495</a>)</li>
<li><a
href="https://github.com/actions/setup-node/commit/c882bffdbd4df51ace6b940023952e8669c9932a"><code>c882bff</code></a>
Replace uuid with crypto.randomUUID() (<a
href="https://redirect.github.com/actions/setup-node/issues/1378">#1378</a>)</li>
<li><a
href="https://github.com/actions/setup-node/commit/774c1d62961e73038a114d59c8847023c003194d"><code>774c1d6</code></a>
feat(node-version-file): support parsing <code>devEngines</code> field
(<a
href="https://redirect.github.com/actions/setup-node/issues/1283">#1283</a>)</li>
<li><a
href="https://github.com/actions/setup-node/commit/efcb663fc60e97218a2b2d6d827f7830f164739e"><code>efcb663</code></a>
fix: remove hardcoded bearer (<a
href="https://redirect.github.com/actions/setup-node/issues/1467">#1467</a>)</li>
<li><a
href="https://github.com/actions/setup-node/commit/d02c89dce7e1ba9ef629ce0680989b3a1cc72edb"><code>d02c89d</code></a>
Fix npm audit issues (<a
href="https://redirect.github.com/actions/setup-node/issues/1491">#1491</a>)</li>
<li><a
href="https://github.com/actions/setup-node/commit/6044e13b5dc448c55e2357c09f80417699197238"><code>6044e13</code></a>
Docs: bump actions/checkout from v5 to v6 (<a
href="https://redirect.github.com/actions/setup-node/issues/1468">#1468</a>)</li>
<li><a
href="https://github.com/actions/setup-node/commit/8e494633d082d609d1e9ff931be32f8a44f1f657"><code>8e49463</code></a>
Fix README typo (<a
href="https://redirect.github.com/actions/setup-node/issues/1226">#1226</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/actions/setup-node/compare/49933ea5288caeca8642d1e84afbd3f7d6820020...48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e">compare
view</a></li>
</ul>
</details>
<br />

Updates `docker/setup-buildx-action` from 3.12.0 to 4.1.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/docker/setup-buildx-action/releases">docker/setup-buildx-action's
releases</a>.</em></p>
<blockquote>
<h2>v4.1.0</h2>
<ul>
<li>Bump <code>@​docker/actions-toolkit</code> from 0.79.0 to 0.90.0 in
<a
href="https://redirect.github.com/docker/setup-buildx-action/pull/489">docker/setup-buildx-action#489</a></li>
<li>Bump brace-expansion from 1.1.12 to 5.0.6 in <a
href="https://redirect.github.com/docker/setup-buildx-action/pull/547">docker/setup-buildx-action#547</a>
<a
href="https://redirect.github.com/docker/setup-buildx-action/pull/508">docker/setup-buildx-action#508</a></li>
<li>Bump fast-xml-builder from 1.0.0 to 1.2.0 in <a
href="https://redirect.github.com/docker/setup-buildx-action/pull/540">docker/setup-buildx-action#540</a></li>
<li>Bump fast-xml-parser from 5.4.2 to 5.8.0 in <a
href="https://redirect.github.com/docker/setup-buildx-action/pull/496">docker/setup-buildx-action#496</a></li>
<li>Bump flatted from 3.3.3 to 3.4.2 in <a
href="https://redirect.github.com/docker/setup-buildx-action/pull/499">docker/setup-buildx-action#499</a></li>
<li>Bump glob from 10.3.12 to 13.0.6 in <a
href="https://redirect.github.com/docker/setup-buildx-action/pull/495">docker/setup-buildx-action#495</a></li>
<li>Bump handlebars from 4.7.8 to 4.7.9 in <a
href="https://redirect.github.com/docker/setup-buildx-action/pull/504">docker/setup-buildx-action#504</a></li>
<li>Bump lodash from 4.17.23 to 4.18.1 in <a
href="https://redirect.github.com/docker/setup-buildx-action/pull/523">docker/setup-buildx-action#523</a></li>
<li>Bump picomatch from 4.0.3 to 4.0.4 in <a
href="https://redirect.github.com/docker/setup-buildx-action/pull/503">docker/setup-buildx-action#503</a></li>
<li>Bump postcss from 8.5.6 to 8.5.10 in <a
href="https://redirect.github.com/docker/setup-buildx-action/pull/537">docker/setup-buildx-action#537</a></li>
<li>Bump tar from 6.2.1 to 7.5.15 in <a
href="https://redirect.github.com/docker/setup-buildx-action/pull/545">docker/setup-buildx-action#545</a></li>
<li>Bump undici from 6.23.0 to 6.25.0 in <a
href="https://redirect.github.com/docker/setup-buildx-action/pull/492">docker/setup-buildx-action#492</a></li>
<li>Bump vite from 7.3.1 to 7.3.2 in <a
href="https://redirect.github.com/docker/setup-buildx-action/pull/520">docker/setup-buildx-action#520</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/docker/setup-buildx-action/compare/v4.0.0...v4.1.0">https://github.com/docker/setup-buildx-action/compare/v4.0.0...v4.1.0</a></p>
<h2>v4.0.0</h2>
<ul>
<li>Node 24 as default runtime (requires <a
href="https://github.com/actions/runner/releases/tag/v2.327.1">Actions
Runner v2.327.1</a> or later) by <a
href="https://github.com/crazy-max"><code>@​crazy-max</code></a> in <a
href="https://redirect.github.com/docker/setup-buildx-action/pull/483">docker/setup-buildx-action#483</a></li>
<li>Remove deprecated inputs/outputs by <a
href="https://github.com/crazy-max"><code>@​crazy-max</code></a> in <a
href="https://redirect.github.com/docker/setup-buildx-action/pull/464">docker/setup-buildx-action#464</a></li>
<li>Switch to ESM and update config/test wiring by <a
href="https://github.com/crazy-max"><code>@​crazy-max</code></a> in <a
href="https://redirect.github.com/docker/setup-buildx-action/pull/481">docker/setup-buildx-action#481</a></li>
<li>Bump <code>@​actions/core</code> from 1.11.1 to 3.0.0 in <a
href="https://redirect.github.com/docker/setup-buildx-action/pull/475">docker/setup-buildx-action#475</a></li>
<li>Bump <code>@​docker/actions-toolkit</code> from 0.63.0 to 0.79.0 in
<a
href="https://redirect.github.com/docker/setup-buildx-action/pull/482">docker/setup-buildx-action#482</a>
<a
href="https://redirect.github.com/docker/setup-buildx-action/pull/485">docker/setup-buildx-action#485</a></li>
<li>Bump js-yaml from 4.1.0 to 4.1.1 in <a
href="https://redirect.github.com/docker/setup-buildx-action/pull/452">docker/setup-buildx-action#452</a></li>
<li>Bump lodash from 4.17.21 to 4.17.23 in <a
href="https://redirect.github.com/docker/setup-buildx-action/pull/472">docker/setup-buildx-action#472</a></li>
<li>Bump minimatch from 3.1.2 to 3.1.5 in <a
href="https://redirect.github.com/docker/setup-buildx-action/pull/480">docker/setup-buildx-action#480</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/docker/setup-buildx-action/compare/v3.12.0...v4.0.0">https://github.com/docker/setup-buildx-action/compare/v3.12.0...v4.0.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/docker/setup-buildx-action/commit/d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5"><code>d7f5e7f</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/setup-buildx-action/issues/489">#489</a>
from docker/dependabot/npm_and_yarn/docker/actions-to...</li>
<li><a
href="https://github.com/docker/setup-buildx-action/commit/92bc5c9777806d0a73d9d668ba2114fa1177f164"><code>92bc5c9</code></a>
chore: update generated content</li>
<li><a
href="https://github.com/docker/setup-buildx-action/commit/da11e35abee0f20cb4f1c1b7c461d37c29be52f5"><code>da11e35</code></a>
build(deps): bump <code>@​docker/actions-toolkit</code> from 0.79.0 to
0.90.0</li>
<li><a
href="https://github.com/docker/setup-buildx-action/commit/f021e162ef95b6fba51af1c6674f537f25bce851"><code>f021e16</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/setup-buildx-action/issues/492">#492</a>
from docker/dependabot/npm_and_yarn/undici-6.24.1</li>
<li><a
href="https://github.com/docker/setup-buildx-action/commit/b5af94fab700aee0c64d6077e0e34ae987815b67"><code>b5af94f</code></a>
chore: update generated content</li>
<li><a
href="https://github.com/docker/setup-buildx-action/commit/16ad9776a801d0c47f0a05f007b88a3789aa8ab6"><code>16ad977</code></a>
build(deps): bump undici from 6.23.0 to 6.25.0</li>
<li><a
href="https://github.com/docker/setup-buildx-action/commit/d7a12d7df895b33bd02a9b4bf62a12f2b9a24458"><code>d7a12d7</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/setup-buildx-action/issues/495">#495</a>
from docker/dependabot/npm_and_yarn/glob-10.5.0</li>
<li><a
href="https://github.com/docker/setup-buildx-action/commit/28ff27de4eed7518d361591f2cd1dfb69c34a7cb"><code>28ff27d</code></a>
build(deps): bump glob from 10.3.12 to 13.0.6</li>
<li><a
href="https://github.com/docker/setup-buildx-action/commit/daf436b50e13d9053b9730cbc16516891878b019"><code>daf436b</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/setup-buildx-action/issues/496">#496</a>
from docker/dependabot/npm_and_yarn/fast-xml-parser-5...</li>
<li><a
href="https://github.com/docker/setup-buildx-action/commit/9725348367859764880f2f2e688a6b0c353e3f35"><code>9725348</code></a>
chore: update generated content</li>
<li>Additional commits viewable in <a
href="https://github.com/docker/setup-buildx-action/compare/8d2750c68a42422c14e847fe6c8ac0403b4cbd6f...d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5">compare
view</a></li>
</ul>
</details>
<br />

Updates `tj-actions/changed-files` from 46.0.5 to 47.0.6
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/tj-actions/changed-files/releases">tj-actions/changed-files's
releases</a>.</em></p>
<blockquote>
<h2>v47.0.6</h2>
<h2>What's Changed</h2>
<ul>
<li>Upgraded to v47.0.5 by <a
href="https://github.com/github-actions"><code>@​github-actions</code></a>[bot]
in <a
href="https://redirect.github.com/tj-actions/changed-files/pull/2816">tj-actions/changed-files#2816</a></li>
<li>Updated README.md by <a
href="https://github.com/github-actions"><code>@​github-actions</code></a>[bot]
in <a
href="https://redirect.github.com/tj-actions/changed-files/pull/2817">tj-actions/changed-files#2817</a></li>
<li>chore(deps): bump actions/setup-node from 6.2.0 to 6.3.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/tj-actions/changed-files/pull/2818">tj-actions/changed-files#2818</a></li>
<li>chore(deps-dev): bump <code>@​types/node</code> from 25.3.3 to
25.3.5 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/tj-actions/changed-files/pull/2820">tj-actions/changed-files#2820</a></li>
<li>chore(deps): bump github/codeql-action from 4.32.5 to 4.32.6 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/tj-actions/changed-files/pull/2819">tj-actions/changed-files#2819</a></li>
<li>chore(deps-dev): bump <code>@​types/node</code> from 25.3.5 to
25.5.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/tj-actions/changed-files/pull/2825">tj-actions/changed-files#2825</a></li>
<li>chore(deps): bump actions/download-artifact from 8.0.0 to 8.0.1 by
<a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/tj-actions/changed-files/pull/2824">tj-actions/changed-files#2824</a></li>
<li>chore(deps): bump github/codeql-action from 4.32.6 to 4.35.1 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/tj-actions/changed-files/pull/2834">tj-actions/changed-files#2834</a></li>
<li>chore(deps-dev): bump eslint-plugin-jest from 29.15.0 to 29.15.1 by
<a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/tj-actions/changed-files/pull/2831">tj-actions/changed-files#2831</a></li>
<li>chore(deps): bump yaml from 2.8.2 to 2.8.3 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/tj-actions/changed-files/pull/2830">tj-actions/changed-files#2830</a></li>
<li>chore(deps): bump nrwl/nx-set-shas from 4.4.0 to 5.0.1 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/tj-actions/changed-files/pull/2829">tj-actions/changed-files#2829</a></li>
<li>chore(deps-dev): bump jest from 30.2.0 to 30.3.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/tj-actions/changed-files/pull/2822">tj-actions/changed-files#2822</a></li>
<li>chore(deps): bump github/codeql-action from 4.35.1 to 4.35.2 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/tj-actions/changed-files/pull/2849">tj-actions/changed-files#2849</a></li>
<li>chore(deps-dev): bump prettier from 3.8.1 to 3.8.3 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/tj-actions/changed-files/pull/2848">tj-actions/changed-files#2848</a></li>
<li>chore(deps-dev): bump <code>@​types/node</code> from 25.5.0 to
25.6.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/tj-actions/changed-files/pull/2846">tj-actions/changed-files#2846</a></li>
<li>chore(deps): bump actions/upload-artifact from 7.0.0 to 7.0.1 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/tj-actions/changed-files/pull/2844">tj-actions/changed-files#2844</a></li>
<li>chore(deps): bump peter-evans/create-pull-request from 8.1.0 to
8.1.1 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/tj-actions/changed-files/pull/2843">tj-actions/changed-files#2843</a></li>
<li>chore(deps): bump lodash from 4.17.23 to 4.18.1 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/tj-actions/changed-files/pull/2837">tj-actions/changed-files#2837</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/tj-actions/changed-files/compare/v47.0.5...v47.0.6">https://github.com/tj-actions/changed-files/compare/v47.0.5...v47.0.6</a></p>
<h2>v47.0.5</h2>
<h2>What's Changed</h2>
<ul>
<li>Upgraded to v47.0.4 by <a
href="https://github.com/github-actions"><code>@​github-actions</code></a>[bot]
in <a
href="https://redirect.github.com/tj-actions/changed-files/pull/2802">tj-actions/changed-files#2802</a></li>
<li>Updated README.md by <a
href="https://github.com/github-actions"><code>@​github-actions</code></a>[bot]
in <a
href="https://redirect.github.com/tj-actions/changed-files/pull/2803">tj-actions/changed-files#2803</a></li>
<li>Updated README.md by <a
href="https://github.com/github-actions"><code>@​github-actions</code></a>[bot]
in <a
href="https://redirect.github.com/tj-actions/changed-files/pull/2805">tj-actions/changed-files#2805</a></li>
<li>chore(deps-dev): bump <code>@​types/node</code> from 25.2.2 to
25.3.2 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/tj-actions/changed-files/pull/2811">tj-actions/changed-files#2811</a></li>
<li>chore(deps): bump actions/download-artifact from 7.0.0 to 8.0.0 by
<a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/tj-actions/changed-files/pull/2810">tj-actions/changed-files#2810</a></li>
<li>chore(deps): bump actions/upload-artifact from 6.0.0 to 7.0.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/tj-actions/changed-files/pull/2809">tj-actions/changed-files#2809</a></li>
<li>chore(deps-dev): bump eslint-plugin-jest from 29.12.1 to 29.15.0 by
<a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/tj-actions/changed-files/pull/2799">tj-actions/changed-files#2799</a></li>
<li>chore(deps): bump github/codeql-action from 4.32.2 to 4.32.4 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/tj-actions/changed-files/pull/2806">tj-actions/changed-files#2806</a></li>
<li>chore(deps-dev): bump prettier from 3.7.4 to 3.8.1 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/tj-actions/changed-files/pull/2775">tj-actions/changed-files#2775</a></li>
<li>chore(deps): bump peter-evans/create-pull-request from 8.0.0 to
8.1.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/tj-actions/changed-files/pull/2774">tj-actions/changed-files#2774</a></li>
<li>chore(deps): bump lodash and <code>@​types/lodash</code> by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/tj-actions/changed-files/pull/2807">tj-actions/changed-files#2807</a></li>
<li>chore(deps-dev): bump eslint-plugin-prettier from 5.5.4 to 5.5.5 by
<a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/tj-actions/changed-files/pull/2764">tj-actions/changed-files#2764</a></li>
<li>chore(deps): bump github/codeql-action from 4.32.4 to 4.32.5 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/tj-actions/changed-files/pull/2815">tj-actions/changed-files#2815</a></li>
<li>chore(deps-dev): bump <code>@​types/node</code> from 25.3.2 to
25.3.3 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/tj-actions/changed-files/pull/2814">tj-actions/changed-files#2814</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/tj-actions/changed-files/compare/v47.0.4...v47.0.5">https://github.com/tj-actions/changed-files/compare/v47.0.4...v47.0.5</a></p>
<h2>v47.0.4</h2>
<h2>What's Changed</h2>
<ul>
<li>update: release-tagger action to version 6.0.6 by <a
href="https://github.com/jackton1"><code>@​jackton1</code></a> in <a
href="https://redirect.github.com/tj-actions/changed-files/pull/2801">tj-actions/changed-files#2801</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/tj-actions/changed-files/compare/v47.0.3...v47.0.4">https://github.com/tj-actions/changed-files/compare/v47.0.3...v47.0.4</a></p>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/tj-actions/changed-files/blob/main/HISTORY.md">tj-actions/changed-files's
changelog</a>.</em></p>
<blockquote>
<h1>Changelog</h1>
<h1><a
href="https://github.com/tj-actions/changed-files/compare/v47.0.5...v47.0.6">47.0.6</a>
- (2026-04-18)</h1>
<h2><!-- raw HTML omitted -->🔄 Update</h2>
<ul>
<li>Updated README.md (<a
href="https://redirect.github.com/tj-actions/changed-files/issues/2817">#2817</a>)</li>
</ul>
<p>Co-authored-by: github-actions[bot]
&lt;41898282+github-actions[bot]<a
href="https://github.com/users"><code>@​users</code></a>.noreply.github.com&gt;
Co-authored-by: Tonye Jack <a
href="mailto:jtonye@ymail.com">jtonye@ymail.com</a> (<a
href="https://github.com/tj-actions/changed-files/commit/c23d52ba6ff8c67273c61e097615eafe88cb8650">c23d52b</a>)
- (github-actions[bot])</p>
<h2><!-- raw HTML omitted -->⚙️ Miscellaneous Tasks</h2>
<ul>
<li><strong>deps:</strong> Bump lodash from 4.17.23 to 4.18.1 (<a
href="https://redirect.github.com/tj-actions/changed-files/issues/2837">#2837</a>)
(<a
href="https://github.com/tj-actions/changed-files/commit/9426d40962ed5378910ee2e21d5f8c6fcbf2dd96">9426d40</a>)
- (dependabot[bot])</li>
<li><strong>deps:</strong> Bump peter-evans/create-pull-request from
8.1.0 to 8.1.1 (<a
href="https://redirect.github.com/tj-actions/changed-files/issues/2843">#2843</a>)
(<a
href="https://github.com/tj-actions/changed-files/commit/32de080616d8c84d89622770d26b0857f4ce8b49">32de080</a>)
- (dependabot[bot])</li>
<li><strong>deps:</strong> Bump actions/upload-artifact from 7.0.0 to
7.0.1 (<a
href="https://redirect.github.com/tj-actions/changed-files/issues/2844">#2844</a>)
(<a
href="https://github.com/tj-actions/changed-files/commit/2487d125c6ecf3457228762d50599297a8c80310">2487d12</a>)
- (dependabot[bot])</li>
<li><strong>deps-dev:</strong> Bump <code>@​types/node</code> from
25.5.0 to 25.6.0 (<a
href="https://redirect.github.com/tj-actions/changed-files/issues/2846">#2846</a>)
(<a
href="https://github.com/tj-actions/changed-files/commit/cef85a3eab76d9db9f294de4915d6a31b1dcbfda">cef85a3</a>)
- (dependabot[bot])</li>
<li><strong>deps-dev:</strong> Bump prettier from 3.8.1 to 3.8.3 (<a
href="https://redirect.github.com/tj-actions/changed-files/issues/2848">#2848</a>)
(<a
href="https://github.com/tj-actions/changed-files/commit/7b082dee30a6f42592f70940c0f0a26a72af452c">7b082de</a>)
- (dependabot[bot])</li>
<li><strong>deps:</strong> Bump github/codeql-action from 4.35.1 to
4.35.2 (<a
href="https://redirect.github.com/tj-actions/changed-files/issues/2849">#2849</a>)
(<a
href="https://github.com/tj-actions/changed-files/commit/07224cab5986b4ce28c5080f4a804e5573422714">07224ca</a>)
- (dependabot[bot])</li>
<li><strong>deps-dev:</strong> Bump jest from 30.2.0 to 30.3.0 (<a
href="https://redirect.github.com/tj-actions/changed-files/issues/2822">#2822</a>)
(<a
href="https://github.com/tj-actions/changed-files/commit/2bb135777322059ee3a3c9239999b159ff49febc">2bb1357</a>)
- (dependabot[bot])</li>
<li><strong>deps:</strong> Bump nrwl/nx-set-shas from 4.4.0 to 5.0.1 (<a
href="https://redirect.github.com/tj-actions/changed-files/issues/2829">#2829</a>)
(<a
href="https://github.com/tj-actions/changed-files/commit/cc98117d3993777f3babaccc496514b4a65652a9">cc98117</a>)
- (dependabot[bot])</li>
<li><strong>deps:</strong> Bump yaml from 2.8.2 to 2.8.3 (<a
href="https://redirect.github.com/tj-actions/changed-files/issues/2830">#2830</a>)
(<a
href="https://github.com/tj-actions/changed-files/commit/786e4213eac60d6e2b4492135b46644269fac3db">786e421</a>)
- (dependabot[bot])</li>
<li><strong>deps-dev:</strong> Bump eslint-plugin-jest from 29.15.0 to
29.15.1 (<a
href="https://redirect.github.com/tj-actions/changed-files/issues/2831">#2831</a>)
(<a
href="https://github.com/tj-actions/changed-files/commit/726b41bbed783a50de97829de6d977cd665…
gnolang#5292)

Bumps the golang-x group with 1 update in the / directory:
[golang.org/x/crypto](https://github.com/golang/crypto).

Updates `golang.org/x/crypto` from 0.48.0 to 0.52.0
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/golang/crypto/commit/a1c0d9929856c8aba2b31f079340f00578eda803"><code>a1c0d99</code></a>
go.mod: update golang.org/x dependencies</li>
<li><a
href="https://github.com/golang/crypto/commit/3c7c86938f4541c333d506f719388d9c42d4763d"><code>3c7c869</code></a>
ssh: fix deadlock on unexpected channel responses</li>
<li><a
href="https://github.com/golang/crypto/commit/533fb3f7e4a5ae23f69d1837cd851d35ff5b76ce"><code>533fb3f</code></a>
ssh: fix source-address critical option bypass</li>
<li><a
href="https://github.com/golang/crypto/commit/abbc44d451a6f9236a2bbd26cbcd4d0fec473da3"><code>abbc44d</code></a>
ssh: fix incorrect operator order</li>
<li><a
href="https://github.com/golang/crypto/commit/e052873987615dc96fe67607a9a6adb76311344f"><code>e052873</code></a>
ssh: fix infinite loop on large channel writes due to integer
overflow</li>
<li><a
href="https://github.com/golang/crypto/commit/b61cf853a89d82cad68da5e12a6beca2116f8456"><code>b61cf85</code></a>
ssh: enforce user presence verification for security keys</li>
<li><a
href="https://github.com/golang/crypto/commit/9c2cd33e8d96a96133fd6ff732510ebba539c2bd"><code>9c2cd33</code></a>
ssh: enforce strict limits on DSA key parameters</li>
<li><a
href="https://github.com/golang/crypto/commit/890731877d85f71cfdc9554e7a27fec4684fc4c4"><code>8907318</code></a>
ssh: reject RSA keys with excessively large moduli</li>
<li><a
href="https://github.com/golang/crypto/commit/ffd87b4878fa98ca2908ec534e1a410bf095a35e"><code>ffd87b4</code></a>
ssh: fix panic when authority callbacks are nil</li>
<li><a
href="https://github.com/golang/crypto/commit/4e7a7384ecbc8d519f6f4c11b36fa9d761fc8946"><code>4e7a738</code></a>
ssh: fix deadlock on unexpected global responses</li>
<li>Additional commits viewable in <a
href="https://github.com/golang/crypto/compare/v0.48.0...v0.52.0">compare
view</a></li>
</ul>
</details>
<br />

Updates `golang.org/x/mod` from 0.32.0 to 0.35.0
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/golang/mod/commit/03901d351deb5bd95deb90714fb75bf8e232cb22"><code>03901d3</code></a>
go.mod: update golang.org/x dependencies</li>
<li><a
href="https://github.com/golang/mod/commit/1ac721dff8591283e59aba6412a0eafc8b950d83"><code>1ac721d</code></a>
go.mod: update golang.org/x dependencies</li>
<li><a
href="https://github.com/golang/mod/commit/fb1fac8b369ec75b114cb416119e80d3aebda7f5"><code>fb1fac8</code></a>
all: upgrade go directive to at least 1.25.0 [generated]</li>
<li><a
href="https://github.com/golang/mod/commit/27761a2ad800eabb86324226bb5e39adb07759da"><code>27761a2</code></a>
go.mod: update golang.org/x dependencies</li>
<li>See full diff in <a
href="https://github.com/golang/mod/compare/v0.32.0...v0.35.0">compare
view</a></li>
</ul>
</details>
<br />

Updates `golang.org/x/net` from 0.50.0 to 0.54.0
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/golang/net/commit/b138e06246cb323f2f380c2b7f7dd91f581dd56b"><code>b138e06</code></a>
go.mod: update golang.org/x dependencies</li>
<li><a
href="https://github.com/golang/net/commit/689f70a42abd350f3a1aaa70b0d13eb9543d927a"><code>689f70a</code></a>
quic: fix wrong final size being used for RESET_STREAM frame</li>
<li><a
href="https://github.com/golang/net/commit/208f306b2f0fd008b388bee2c2644be279778e94"><code>208f306</code></a>
http3: increase handshake timeout</li>
<li><a
href="https://github.com/golang/net/commit/49810da71b9026da9e0d028a6ad8c7730c52d9c4"><code>49810da</code></a>
http2: enable net/http wrapping when go &gt;= 1.27</li>
<li><a
href="https://github.com/golang/net/commit/5e11a5ab891c117eda83b4304d60dd13286c1c76"><code>5e11a5a</code></a>
quic: fix data race in streamForFrame</li>
<li><a
href="https://github.com/golang/net/commit/8c63081cd380ea768db5651941614b73472160ff"><code>8c63081</code></a>
http2: use empty Transport rather than DefaultTransport in
http2wrap</li>
<li><a
href="https://github.com/golang/net/commit/fc7b466ca49cb204039630533ece4fc557eb35cd"><code>fc7b466</code></a>
http2: add http2wrap test</li>
<li><a
href="https://github.com/golang/net/commit/15c2cb1875fd727313dc4de909b3ee149422fbe2"><code>15c2cb1</code></a>
http2: avoid overflowing 32-bit int when http2wrap enabled</li>
<li><a
href="https://github.com/golang/net/commit/64651885c2f2d745d77af2d7af2edbf568c179af"><code>6465188</code></a>
http2: add wrapped Server</li>
<li><a
href="https://github.com/golang/net/commit/72f419a894cb0597dd5b6bcf119086bf2af41231"><code>72f419a</code></a>
http2: add wrapped ClientConn</li>
<li>Additional commits viewable in <a
href="https://github.com/golang/net/compare/v0.50.0...v0.54.0">compare
view</a></li>
</ul>
</details>
<br />

Updates `golang.org/x/sync` from 0.19.0 to 0.20.0
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/golang/sync/commit/ec11c4a93de22cde2abe2bf74d70791033c2464c"><code>ec11c4a</code></a>
errgroup: fix a typo in the documentation</li>
<li><a
href="https://github.com/golang/sync/commit/1a583072c11b16c643c8f6051ff1fab5a424d0a9"><code>1a58307</code></a>
all: modernize interface{} -&gt; any</li>
<li><a
href="https://github.com/golang/sync/commit/3172ca581eb96530283f713311f81df986c19932"><code>3172ca5</code></a>
all: upgrade go directive to at least 1.25.0 [generated]</li>
<li>See full diff in <a
href="https://github.com/golang/sync/compare/v0.19.0...v0.20.0">compare
view</a></li>
</ul>
</details>
<br />

Updates `golang.org/x/term` from 0.40.0 to 0.43.0
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/golang/term/commit/3c3e4855f7d2eb06c3e48933554add9ec6b599b5"><code>3c3e485</code></a>
go.mod: update golang.org/x dependencies</li>
<li><a
href="https://github.com/golang/term/commit/52b71d3344c86b384ed34ebf73f1e6f37044fe79"><code>52b71d3</code></a>
go.mod: update golang.org/x dependencies</li>
<li><a
href="https://github.com/golang/term/commit/9d2dc074d2bdcb2229cbbaa0a252eace245a6489"><code>9d2dc07</code></a>
go.mod: update golang.org/x dependencies</li>
<li><a
href="https://github.com/golang/term/commit/d954e03213327a5b6380b6c2aec621192ee56007"><code>d954e03</code></a>
all: upgrade go directive to at least 1.25.0 [generated]</li>
<li>See full diff in <a
href="https://github.com/golang/term/compare/v0.40.0...v0.43.0">compare
view</a></li>
</ul>
</details>
<br />

Updates `golang.org/x/text` from 0.34.0 to 0.37.0
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/golang/text/commit/3ef517e623a4bfc08d6457f87d73afda7af7d8e1"><code>3ef517e</code></a>
go.mod: update golang.org/x dependencies</li>
<li><a
href="https://github.com/golang/text/commit/8577a70117e110160c45f32af0e0df84eef844f7"><code>8577a70</code></a>
go.mod: update golang.org/x dependencies</li>
<li><a
href="https://github.com/golang/text/commit/7ca2c6d99153f6456168837916829c735c67d355"><code>7ca2c6d</code></a>
go.mod: update golang.org/x dependencies</li>
<li><a
href="https://github.com/golang/text/commit/73d1ba91404d0de47cb6a9b3fb52a31565ca4d25"><code>73d1ba9</code></a>
all: upgrade go directive to at least 1.25.0 [generated]</li>
<li>See full diff in <a
href="https://github.com/golang/text/compare/v0.34.0...v0.37.0">compare
view</a></li>
</ul>
</details>
<br />

Updates `golang.org/x/tools` from 0.41.0 to 0.44.0
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/golang/tools/commit/3dd188df80fd3563559f02e4eeb10ba1043cce55"><code>3dd188d</code></a>
go.mod: update golang.org/x dependencies</li>
<li><a
href="https://github.com/golang/tools/commit/aebd87084e63fd3aa0a5222eeae28af6c2e33629"><code>aebd870</code></a>
gopls: improve doc link matching to support links followed by a
colon</li>
<li><a
href="https://github.com/golang/tools/commit/5357b43c088d8403d5fcd9992431db0a351ce922"><code>5357b43</code></a>
go/analysis/passes/modernize: rangeint: handle type parameter
constraints</li>
<li><a
href="https://github.com/golang/tools/commit/bf04c618d518f244d26fb5c7ad77d893f8b1fc4d"><code>bf04c61</code></a>
go/types/internal/play: show normal terms of selected type</li>
<li><a
href="https://github.com/golang/tools/commit/0ae2de027e10d7a0530ecf7ccc2db8df8aa5dcb3"><code>0ae2de0</code></a>
gopls/internal/filecache: cache decoded objects in memCache</li>
<li><a
href="https://github.com/golang/tools/commit/8e51a5fb67f9b3e2b32792f21e727664ca6561e2"><code>8e51a5f</code></a>
go/ssa: support direct references to embedded fields in struct lit</li>
<li><a
href="https://github.com/golang/tools/commit/5005b9e710b3c1eef7e5077c77289410729919ec"><code>5005b9e</code></a>
internal/gcimporter: rename ureader_yes.go to ureader.go</li>
<li><a
href="https://github.com/golang/tools/commit/5ca865bb7d52012b73ac379c5aec59b3d04efce8"><code>5ca865b</code></a>
go/types/objectpath: add debugging command</li>
<li><a
href="https://github.com/golang/tools/commit/f6476fbaabd396b58618b473e4eb71e1f532b495"><code>f6476fb</code></a>
internal/gcimporter: consume generic methods in gcimporter</li>
<li><a
href="https://github.com/golang/tools/commit/b36d1d12a1a724eb9be6609c9789aec3d99e6030"><code>b36d1d1</code></a>
internal/pkgbits: sync version.go with goroot</li>
<li>Additional commits viewable in <a
href="https://github.com/golang/tools/compare/v0.41.0...v0.44.0">compare
view</a></li>
</ul>
</details>
<br />

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Morgan Bazalgette <morgan@morganbaz.com>
…8 updates (gnolang#5772)

Bumps the everything-else group with 14 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
|
[github.com/alecthomas/chroma/v2](https://github.com/alecthomas/chroma)
| `2.23.1` | `2.26.1` |
| [github.com/btcsuite/btcd/btcec/v2](https://github.com/btcsuite/btcd)
| `2.3.6` | `2.5.0` |
| [github.com/btcsuite/btcd/btcutil](https://github.com/btcsuite/btcd) |
`1.1.6` | `1.2.0` |
| [github.com/cockroachdb/apd/v3](https://github.com/cockroachdb/apd) |
`3.2.1` | `3.2.3` |
|
[github.com/consensys/gnark-crypto](https://github.com/consensys/gnark-crypto)
| `0.14.0` | `0.20.1` |
|
[github.com/decred/dcrd/dcrec/secp256k1/v4](https://github.com/decred/dcrd)
| `4.4.0` | `4.4.1` |
| [github.com/erigontech/mdbx-go](https://github.com/erigontech/mdbx-go)
| `0.40.0` | `0.40.1` |
|
[github.com/rogpeppe/go-internal](https://github.com/rogpeppe/go-internal)
| `1.14.1` | `1.15.0` |
| [github.com/yuin/goldmark](https://github.com/yuin/goldmark) |
`1.7.16` | `1.8.2` |
|
[go.opentelemetry.io/otel](https://github.com/open-telemetry/opentelemetry-go)
| `1.41.0` | `1.44.0` |
|
[go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc](https://github.com/open-telemetry/opentelemetry-go)
| `1.37.0` | `1.44.0` |
|
[go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp](https://github.com/open-telemetry/opentelemetry-go)
| `1.41.0` | `1.44.0` |
|
[go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp](https://github.com/open-telemetry/opentelemetry-go)
| `1.41.0` | `1.44.0` |
| [go.uber.org/zap](https://github.com/uber-go/zap) | `1.27.1` |
`1.28.0` |


Updates `github.com/alecthomas/chroma/v2` from 2.23.1 to 2.26.1
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/alecthomas/chroma/releases">github.com/alecthomas/chroma/v2's
releases</a>.</em></p>
<blockquote>
<h2>v2.26.1</h2>
<h2>Changelog</h2>
<ul>
<li>56c7702 fix: downgrade go.mod version to 1.25</li>
</ul>
<h2>v2.26.0</h2>
<h2>Changelog</h2>
<ul>
<li>a4d3f60 feat(chromad): use style counterparts for theme
switching</li>
<li>ce159e6 chore: migrate to new bit format</li>
<li>180ea9f perf(colour): replace Sprintf/ParseUint round-trip in
NewColour with direct bit arithmetic (<a
href="https://redirect.github.com/alecthomas/chroma/issues/1274">#1274</a>)</li>
<li>68a08b0 docs: how to support dynamic theme switching</li>
<li>6fb9d92 feat(html): tag output with style mode</li>
<li>a71fea3 feat(styles): add light/dark mode support</li>
</ul>
<h2>v2.25.0</h2>
<h2>Changelog</h2>
<ul>
<li>c3826f0 chore: go mod tidy</li>
<li>fb5bc39 fix: emit HTTP body tokens without Coalesce</li>
<li>a3c2946 Improve Nu file detection (<a
href="https://redirect.github.com/alecthomas/chroma/issues/1260">#1260</a>)</li>
<li>e841b1a chore(deps): update all non-major dependencies (<a
href="https://redirect.github.com/alecthomas/chroma/issues/1272">#1272</a>)</li>
<li>3ed2db8 Add Gemfile.lock lexer (&amp; ruby improvements) (<a
href="https://redirect.github.com/alecthomas/chroma/issues/1269">#1269</a>)</li>
<li>41fb546 Add YAML+Jinja lexer (<a
href="https://redirect.github.com/alecthomas/chroma/issues/1268">#1268</a>)</li>
<li>e99b881 chore(deps): update all non-major dependencies (<a
href="https://redirect.github.com/alecthomas/chroma/issues/1263">#1263</a>)</li>
<li>e67dd2f (Markless) Fix parse issue for embed directives without
options (<a
href="https://redirect.github.com/alecthomas/chroma/issues/1266">#1266</a>)</li>
<li>dffa370 fix(go): tokenize trailing // as comment instead of
consuming next line (<a
href="https://redirect.github.com/alecthomas/chroma/issues/1265">#1265</a>)</li>
<li>1cf1560 chore: upgrade to github.com/dlclark/regexp2/v2</li>
<li>2cbcf7b chore: upgrade golangci-lint</li>
<li>786675b chore(deps): update all non-major dependencies (<a
href="https://redirect.github.com/alecthomas/chroma/issues/1257">#1257</a>)</li>
<li>235590c feat: add JSONL support to JSON lexer (<a
href="https://redirect.github.com/alecthomas/chroma/issues/1262">#1262</a>)</li>
<li>f9b5c97 fix(dart): match single-line comments without trailing
newline (<a
href="https://redirect.github.com/alecthomas/chroma/issues/1225">#1225</a>)
(<a
href="https://redirect.github.com/alecthomas/chroma/issues/1261">#1261</a>)</li>
<li>097f8e9 Mention Arturo in README (<a
href="https://redirect.github.com/alecthomas/chroma/issues/1256">#1256</a>)</li>
<li>d46ce60 feat(markdown): highlight frontmatter and comments (<a
href="https://redirect.github.com/alecthomas/chroma/issues/1245">#1245</a>)</li>
<li>f786b2a feat(lexers): add support for LilyPond (<a
href="https://redirect.github.com/alecthomas/chroma/issues/1255">#1255</a>)</li>
<li>0a02b98 chore(deps): update actions/checkout digest to de0fac2 (<a
href="https://redirect.github.com/alecthomas/chroma/issues/1212">#1212</a>)</li>
<li>c55009e Fix AGENTS.md referencing a non-existent scripts directory
(<a
href="https://redirect.github.com/alecthomas/chroma/issues/1231">#1231</a>)</li>
<li>c5e763e Improve protobuf lexer (<a
href="https://redirect.github.com/alecthomas/chroma/issues/1253">#1253</a>)</li>
<li>113cd0e Add Arturo lexer (<a
href="https://redirect.github.com/alecthomas/chroma/issues/1232">#1232</a>)</li>
<li>4498d71 chore(deps): update dependency binaryen to v129 (<a
href="https://redirect.github.com/alecthomas/chroma/issues/1238">#1238</a>)</li>
<li>885f912 Added f4 to &quot;Projects using Chroma&quot; list (<a
href="https://redirect.github.com/alecthomas/chroma/issues/1242">#1242</a>)</li>
<li>c42c9ef Update java lexer (<a
href="https://redirect.github.com/alecthomas/chroma/issues/1254">#1254</a>)</li>
</ul>
<h2>v2.24.1</h2>
<h2>Changelog</h2>
<ul>
<li>d2a3784 fix: fallback bug</li>
</ul>
<h2>v2.24.0</h2>
<h2>Changelog</h2>
<ul>
<li>0b841ee chore: go mod tidy</li>
<li>10fcb68 chore(deps): update ubuntu docker tag to v26 (<a
href="https://redirect.github.com/alecthomas/chroma/issues/1251">#1251</a>)</li>
<li>2218de6 chore(deps): update all non-major dependencies (<a
href="https://redirect.github.com/alecthomas/chroma/issues/1236">#1236</a>)</li>
<li>2099887 Update Solarized Light to use correct background color (<a
href="https://redirect.github.com/alecthomas/chroma/issues/1250">#1250</a>)</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/alecthomas/chroma/commit/56c7702e16f3bf78b335c57cdd5af8f8b493f1c6"><code>56c7702</code></a>
fix: downgrade go.mod version to 1.25</li>
<li><a
href="https://github.com/alecthomas/chroma/commit/a4d3f60813272352474a6ecda93270487d20a9ee"><code>a4d3f60</code></a>
feat(chromad): use style counterparts for theme switching</li>
<li><a
href="https://github.com/alecthomas/chroma/commit/ce159e61b0d7234beba95e25e25464ea90324d1f"><code>ce159e6</code></a>
chore: migrate to new bit format</li>
<li><a
href="https://github.com/alecthomas/chroma/commit/180ea9f54dce4c7b7241944110fc0e01bffae913"><code>180ea9f</code></a>
perf(colour): replace Sprintf/ParseUint round-trip in NewColour with
direct b...</li>
<li><a
href="https://github.com/alecthomas/chroma/commit/68a08b0f9a1f4edeaadd0ef9fbbc2945b5a02adf"><code>68a08b0</code></a>
docs: how to support dynamic theme switching</li>
<li><a
href="https://github.com/alecthomas/chroma/commit/6fb9d920b575be857c7322f79699fd92e3645e2f"><code>6fb9d92</code></a>
feat(html): tag output with style mode</li>
<li><a
href="https://github.com/alecthomas/chroma/commit/a71fea34358d2b9f75c0d5be2002a5293633116d"><code>a71fea3</code></a>
feat(styles): add light/dark mode support</li>
<li><a
href="https://github.com/alecthomas/chroma/commit/c3826f007cb719dfba2e331ee356c9f0d521dbad"><code>c3826f0</code></a>
chore: go mod tidy</li>
<li><a
href="https://github.com/alecthomas/chroma/commit/fb5bc39d407d3d39fb71f010683a2d4b6211da2f"><code>fb5bc39</code></a>
fix: emit HTTP body tokens without Coalesce</li>
<li><a
href="https://github.com/alecthomas/chroma/commit/a3c2946ab1b0af692b2087b9f54e70f87a7b0295"><code>a3c2946</code></a>
Improve Nu file detection (<a
href="https://redirect.github.com/alecthomas/chroma/issues/1260">#1260</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/alecthomas/chroma/compare/v2.23.1...v2.26.1">compare
view</a></li>
</ul>
</details>
<br />

Updates `github.com/btcsuite/btcd/btcec/v2` from 2.3.6 to 2.5.0
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/btcsuite/btcd/commit/258049c9eb58bc993fe0ce98c8680958bb757ca0"><code>258049c</code></a>
Merge pull request <a
href="https://redirect.github.com/btcsuite/btcd/issues/1825">#1825</a>
from guggero/btcec-v2-no-circular-dep</li>
<li><a
href="https://github.com/btcsuite/btcd/commit/b29ce9735062979a592957a5d8b442f3e8cb1ea9"><code>b29ce97</code></a>
rpcwebsocket: fi linter complaint about unused functions</li>
<li><a
href="https://github.com/btcsuite/btcd/commit/9dfa926fff501850673dc12d14be1aa1e60cd792"><code>9dfa926</code></a>
server: fix linter issue</li>
<li><a
href="https://github.com/btcsuite/btcd/commit/c0cfa06111fc29d0b08c0dcd1c478bc8e4e7db59"><code>c0cfa06</code></a>
multi: update make and CI goals with new packages</li>
<li><a
href="https://github.com/btcsuite/btcd/commit/dccea8febadcc50c2a96a3d6f2a386aa0392fe73"><code>dccea8f</code></a>
multi: use new v2 modules everywhere</li>
<li><a
href="https://github.com/btcsuite/btcd/commit/c0db6dfa115957cfeb6989547bad3df1ee400560"><code>c0db6df</code></a>
psbt: move to top-level module, use v2, remove btcutil dep</li>
<li><a
href="https://github.com/btcsuite/btcd/commit/e9ec6ec506f7336954b2c3c3612dd72f4af69a46"><code>e9ec6ec</code></a>
btcutil: remove circular dependency, use v2</li>
<li><a
href="https://github.com/btcsuite/btcd/commit/55a463a35f51d67af42c730efaf46563cf4465c4"><code>55a463a</code></a>
txscript: turn into own module, use v2</li>
<li><a
href="https://github.com/btcsuite/btcd/commit/3000c455f8a7a7717bb1588d113ceb7099a2e695"><code>3000c45</code></a>
address: move to top-level module, use v2</li>
<li><a
href="https://github.com/btcsuite/btcd/commit/bd65d6d6bb378cf021a1f8bfbfcffd8c4b0e38ca"><code>bd65d6d</code></a>
chaincfg: add own module, use v2</li>
<li>Additional commits viewable in <a
href="https://github.com/btcsuite/btcd/compare/btcec/v2.3.6...btcec/v2.5.0">compare
view</a></li>
</ul>
</details>
<br />

Updates `github.com/btcsuite/btcd/btcutil` from 1.1.6 to 1.2.0
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/btcsuite/btcd/commit/90540b821ed87fdea20576bccf97b2b06bca9f6e"><code>90540b8</code></a>
Merge pull request <a
href="https://redirect.github.com/btcsuite/btcd/issues/2524">#2524</a>
from MPins/verifylows</li>
<li><a
href="https://github.com/btcsuite/btcd/commit/c728090e63ae5f3d763675264a68af129f50fa03"><code>c728090</code></a>
Merge pull request <a
href="https://redirect.github.com/btcsuite/btcd/issues/2461">#2461</a>
from kcalvinalvin/2025-11-12-fix-android-builds</li>
<li><a
href="https://github.com/btcsuite/btcd/commit/2c05692401e15b91defb1318c6a72fd83e1cb60d"><code>2c05692</code></a>
github: cross-compile android/arm64 in CI</li>
<li><a
href="https://github.com/btcsuite/btcd/commit/73af4d6f8871d46aa089d8d64feaa45276e01f3d"><code>73af4d6</code></a>
btcutil: rename interfaceAddrs to InterfaceAddrs in appengine
variant</li>
<li><a
href="https://github.com/btcsuite/btcd/commit/8bffc8ada81ded0176f4f850a4f33d0bca58bdcd"><code>8bffc8a</code></a>
Merge pull request <a
href="https://redirect.github.com/btcsuite/btcd/issues/2526">#2526</a>
from JLSchuler99/rpcclient-httpurl-no-resolve</li>
<li><a
href="https://github.com/btcsuite/btcd/commit/589d7c0ae083d3e615628b4838f3abe4506ef949"><code>589d7c0</code></a>
main: use btcutil.InterfaceAddr</li>
<li><a
href="https://github.com/btcsuite/btcd/commit/0f603feffabe71d60f0830aca4dc4e6df6fea0d1"><code>0f603fe</code></a>
main: update go.mod and go.sum</li>
<li><a
href="https://github.com/btcsuite/btcd/commit/c90e88ee234fbdf7224169776cf8269047671aab"><code>c90e88e</code></a>
btcutil: export interfaceAddr</li>
<li><a
href="https://github.com/btcsuite/btcd/commit/153bf6d828b7477f2b4992292feeefc995d42020"><code>153bf6d</code></a>
btcutil: use anet instead of net for android builds</li>
<li><a
href="https://github.com/btcsuite/btcd/commit/807cbce3bf3b3940627bbae83d9fac5a7cebb357"><code>807cbce</code></a>
rpcclient: compute httpURL once at construction time</li>
<li>Additional commits viewable in <a
href="https://github.com/btcsuite/btcd/compare/btcutil/v1.1.6...btcutil/v1.2.0">compare
view</a></li>
</ul>
</details>
<br />

Updates `github.com/cockroachdb/apd/v3` from 3.2.1 to 3.2.3
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/cockroachdb/apd/releases">github.com/cockroachdb/apd/v3's
releases</a>.</em></p>
<blockquote>
<h2>v3.2.3</h2>
<h2>What's Changed</h2>
<ul>
<li>Fix nil panic in NumDigits for large negative numbers by <a
href="https://github.com/yuzefovich"><code>@​yuzefovich</code></a> in <a
href="https://redirect.github.com/cockroachdb/apd/pull/149">cockroachdb/apd#149</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/yuzefovich"><code>@​yuzefovich</code></a> made
their first contribution in <a
href="https://redirect.github.com/cockroachdb/apd/pull/149">cockroachdb/apd#149</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/cockroachdb/apd/compare/v3.2.2...v3.2.3">https://github.com/cockroachdb/apd/compare/v3.2.2...v3.2.3</a></p>
<h2>v3.2.2</h2>
<h2>What's Changed</h2>
<ul>
<li>apd: add go 1.21 and 1.22 testing to CI by <a
href="https://github.com/nvb"><code>@​nvb</code></a> in <a
href="https://redirect.github.com/cockroachdb/apd/pull/131">cockroachdb/apd#131</a></li>
<li>Allow decompose to make use of the buffer by <a
href="https://github.com/Gilthoniel"><code>@​Gilthoniel</code></a> in <a
href="https://redirect.github.com/cockroachdb/apd/pull/132">cockroachdb/apd#132</a></li>
<li>apd: fix TestFormatFlags on go 1.23, add go 1.23 to CI by <a
href="https://github.com/nvb"><code>@​nvb</code></a> in <a
href="https://redirect.github.com/cockroachdb/apd/pull/139">cockroachdb/apd#139</a></li>
<li>ci: update GitHub Actions and OS versions by <a
href="https://github.com/mw5h"><code>@​mw5h</code></a> in <a
href="https://redirect.github.com/cockroachdb/apd/pull/146">cockroachdb/apd#146</a></li>
<li>apd: prevent NewFromString parsing invalid decimals by <a
href="https://github.com/jms-bc"><code>@​jms-bc</code></a> in <a
href="https://redirect.github.com/cockroachdb/apd/pull/145">cockroachdb/apd#145</a></li>
<li>ci: enable gcassert on Go 1.24 by <a
href="https://github.com/mw5h"><code>@​mw5h</code></a> in <a
href="https://redirect.github.com/cockroachdb/apd/pull/148">cockroachdb/apd#148</a></li>
<li>fix negative zero from multiplication/division by zero bigint by <a
href="https://github.com/mhaddon"><code>@​mhaddon</code></a> in <a
href="https://redirect.github.com/cockroachdb/apd/pull/143">cockroachdb/apd#143</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/Gilthoniel"><code>@​Gilthoniel</code></a> made
their first contribution in <a
href="https://redirect.github.com/cockroachdb/apd/pull/132">cockroachdb/apd#132</a></li>
<li><a href="https://github.com/mw5h"><code>@​mw5h</code></a> made their
first contribution in <a
href="https://redirect.github.com/cockroachdb/apd/pull/146">cockroachdb/apd#146</a></li>
<li><a href="https://github.com/jms-bc"><code>@​jms-bc</code></a> made
their first contribution in <a
href="https://redirect.github.com/cockroachdb/apd/pull/145">cockroachdb/apd#145</a></li>
<li><a href="https://github.com/mhaddon"><code>@​mhaddon</code></a> made
their first contribution in <a
href="https://redirect.github.com/cockroachdb/apd/pull/143">cockroachdb/apd#143</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/cockroachdb/apd/compare/v3.2.1...v3.2.2">https://github.com/cockroachdb/apd/compare/v3.2.1...v3.2.2</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/cockroachdb/apd/commit/6d9c587326e78bcfbea630bf52893ff45f6f9ed5"><code>6d9c587</code></a>
Merge pull request <a
href="https://redirect.github.com/cockroachdb/apd/issues/149">#149</a>
from cockroachdb/fix-large-negative</li>
<li><a
href="https://github.com/cockroachdb/apd/commit/212a4c6da7de714f06d9aa5a6c90e575f2667716"><code>212a4c6</code></a>
Fix nil panic in NumDigits for large negative numbers</li>
<li><a
href="https://github.com/cockroachdb/apd/commit/cae01a2bba14314173d5b5f78d04685d7662b3c1"><code>cae01a2</code></a>
Merge pull request <a
href="https://redirect.github.com/cockroachdb/apd/issues/143">#143</a>
from politepixels/master</li>
<li><a
href="https://github.com/cockroachdb/apd/commit/62de7720331215d84aded66ddb660369e9b1d0c8"><code>62de772</code></a>
Merge pull request <a
href="https://redirect.github.com/cockroachdb/apd/issues/148">#148</a>
from mw5h/gcassert-go124</li>
<li><a
href="https://github.com/cockroachdb/apd/commit/36807179ec255778b1542858e4244a41cff5d752"><code>3680717</code></a>
ci: enable gcassert on Go 1.24</li>
<li><a
href="https://github.com/cockroachdb/apd/commit/d9564ab8d35e4160418e6096cc9eda7a5bf52054"><code>d9564ab</code></a>
Merge pull request <a
href="https://redirect.github.com/cockroachdb/apd/issues/145">#145</a>
from jms-bc/master</li>
<li><a
href="https://github.com/cockroachdb/apd/commit/fa35de35123a8e1e79d9620d3ff6995d7a984491"><code>fa35de3</code></a>
Merge pull request <a
href="https://redirect.github.com/cockroachdb/apd/issues/146">#146</a>
from mw5h/update-ci-workflow</li>
<li><a
href="https://github.com/cockroachdb/apd/commit/cdcb08d2e589b2c9ddc010f82b8dab4b892d892a"><code>cdcb08d</code></a>
ci: update GitHub Actions and OS versions</li>
<li><a
href="https://github.com/cockroachdb/apd/commit/ffdb35281764641839c8bd01035a4f84d5a83518"><code>ffdb352</code></a>
apd: prevent NewFromString parsing invalid decimals</li>
<li><a
href="https://github.com/cockroachdb/apd/commit/03a2bd6777f1fb2502963c46f51a485d42bb595c"><code>03a2bd6</code></a>
fix negative zero from multiplication/division by zero bigint</li>
<li>Additional commits viewable in <a
href="https://github.com/cockroachdb/apd/compare/v3.2.1...v3.2.3">compare
view</a></li>
</ul>
</details>
<br />

Updates `github.com/consensys/gnark-crypto` from 0.14.0 to 0.20.1
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/consensys/gnark-crypto/releases">github.com/consensys/gnark-crypto's
releases</a>.</em></p>
<blockquote>
<h2>v0.20.1</h2>
<p><strong>This release contains correctness fix for vector
multiplication using IFMA, see <a
href="https://redirect.github.com/consensys/gnark-crypto/issues/816">#816</a>.
Users of <code>ecc/bls12-377/fr</code>, <code>ecc/bls12-381/fr</code>,
<code>ecc/bls24-315/fr</code>, <code>ecc/bn254/fr</code>,
<code>ecc/bn254/fp</code>, <code>ecc/grumpkin/fr</code>,
<code>ecc/grumpkin/fp</code>, <code>ecc/stark-curve/fr</code> and
<code>ecc/stark-curve/fp</code> using v0.20.0 should upgrade to avoid
incorrect computation results.</strong></p>
<h2>What's Changed</h2>
<ul>
<li>fix: correct IFMA vector mul carry propagation by <a
href="https://github.com/gbotrel"><code>@​gbotrel</code></a> in <a
href="https://redirect.github.com/Consensys/gnark-crypto/pull/816">Consensys/gnark-crypto#816</a></li>
<li>deps(actions)(deps): bump actions/setup-go from 6.2.0 to 6.3.0 in
the core-actions-minor-patch group by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/Consensys/gnark-crypto/pull/814">Consensys/gnark-crypto#814</a></li>
<li>release: v0.20.1 by <a
href="https://github.com/ivokub"><code>@​ivokub</code></a> in <a
href="https://redirect.github.com/Consensys/gnark-crypto/pull/818">Consensys/gnark-crypto#818</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/Consensys/gnark-crypto/compare/v0.20.0...v0.20.1">https://github.com/Consensys/gnark-crypto/compare/v0.20.0...v0.20.1</a></p>
<h2>v0.20.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Feat: Jacobian Triple for <code>j=0</code> curves by <a
href="https://github.com/yelhousni"><code>@​yelhousni</code></a> in <a
href="https://redirect.github.com/Consensys/gnark-crypto/pull/715">Consensys/gnark-crypto#715</a></li>
<li>feat: handle len(p)=0 in kzg by <a
href="https://github.com/ThomasPiellard"><code>@​ThomasPiellard</code></a>
in <a
href="https://redirect.github.com/Consensys/gnark-crypto/pull/730">Consensys/gnark-crypto#730</a></li>
<li>perf: optimize (purego) extension for koalabear by <a
href="https://github.com/gbotrel"><code>@​gbotrel</code></a> in <a
href="https://redirect.github.com/Consensys/gnark-crypto/pull/729">Consensys/gnark-crypto#729</a></li>
<li>fix: <a
href="https://redirect.github.com/consensys/gnark-crypto/issues/727">#727</a>
with go generate and cosmetics by <a
href="https://github.com/gbotrel"><code>@​gbotrel</code></a> in <a
href="https://redirect.github.com/Consensys/gnark-crypto/pull/734">Consensys/gnark-crypto#734</a></li>
<li>perf: adds E4 vector ops (avx512) by <a
href="https://github.com/gbotrel"><code>@​gbotrel</code></a> in <a
href="https://redirect.github.com/Consensys/gnark-crypto/pull/733">Consensys/gnark-crypto#733</a></li>
<li>feat: make bitReverse generic by <a
href="https://github.com/gbotrel"><code>@​gbotrel</code></a> in <a
href="https://redirect.github.com/Consensys/gnark-crypto/pull/736">Consensys/gnark-crypto#736</a></li>
<li>fix: reintroduce BitReverse in fft package as deprecated for
backward… by <a
href="https://github.com/gbotrel"><code>@​gbotrel</code></a> in <a
href="https://redirect.github.com/Consensys/gnark-crypto/pull/740">Consensys/gnark-crypto#740</a></li>
<li>perf: add for small fields int64 for exp by <a
href="https://github.com/gbotrel"><code>@​gbotrel</code></a> in <a
href="https://redirect.github.com/Consensys/gnark-crypto/pull/738">Consensys/gnark-crypto#738</a></li>
<li>feat: adds e4 vector Exp method by <a
href="https://github.com/gbotrel"><code>@​gbotrel</code></a> in <a
href="https://redirect.github.com/Consensys/gnark-crypto/pull/739">Consensys/gnark-crypto#739</a></li>
<li>Feat: add column linear combination check by <a
href="https://github.com/YaoJGalteland"><code>@​YaoJGalteland</code></a>
in <a
href="https://redirect.github.com/Consensys/gnark-crypto/pull/731">Consensys/gnark-crypto#731</a></li>
<li>Feat/newdomain optimization by <a
href="https://github.com/YaoJGalteland"><code>@​YaoJGalteland</code></a>
in <a
href="https://redirect.github.com/Consensys/gnark-crypto/pull/737">Consensys/gnark-crypto#737</a></li>
<li>Perf(BN254, BLS12-377/BW6-761): revisit <code>mulBySeed()</code>
addition chains in G1/2 by <a
href="https://github.com/yelhousni"><code>@​yelhousni</code></a> in <a
href="https://redirect.github.com/Consensys/gnark-crypto/pull/720">Consensys/gnark-crypto#720</a></li>
<li>mpcsetup(generator): use G2Affine in UpdateMonomialsG2 template by
<a href="https://github.com/Forostovec"><code>@​Forostovec</code></a> in
<a
href="https://redirect.github.com/Consensys/gnark-crypto/pull/735">Consensys/gnark-crypto#735</a></li>
<li>chore: clarify PublicKey.SetBytes uses compressed public key by <a
href="https://github.com/VolodymyrBg"><code>@​VolodymyrBg</code></a> in
<a
href="https://redirect.github.com/Consensys/gnark-crypto/pull/732">Consensys/gnark-crypto#732</a></li>
<li>perf: use vector ops on FFT E4 by <a
href="https://github.com/gbotrel"><code>@​gbotrel</code></a> in <a
href="https://redirect.github.com/Consensys/gnark-crypto/pull/746">Consensys/gnark-crypto#746</a></li>
<li>Feat/batch lagrange by <a
href="https://github.com/YaoJGalteland"><code>@​YaoJGalteland</code></a>
in <a
href="https://redirect.github.com/Consensys/gnark-crypto/pull/745">Consensys/gnark-crypto#745</a></li>
<li>feat: vector e4 utils ops by <a
href="https://github.com/gbotrel"><code>@​gbotrel</code></a> in <a
href="https://redirect.github.com/Consensys/gnark-crypto/pull/749">Consensys/gnark-crypto#749</a></li>
<li>feat: add parallel prefix product for vector e4 by <a
href="https://github.com/gbotrel"><code>@​gbotrel</code></a> in <a
href="https://redirect.github.com/Consensys/gnark-crypto/pull/750">Consensys/gnark-crypto#750</a></li>
<li>feat: add typed field hasher interface in MiMC package by <a
href="https://github.com/gbotrel"><code>@​gbotrel</code></a> in <a
href="https://redirect.github.com/Consensys/gnark-crypto/pull/752">Consensys/gnark-crypto#752</a></li>
<li>perf: twisted Edwards affine arithmetic by <a
href="https://github.com/yelhousni"><code>@​yelhousni</code></a> in <a
href="https://redirect.github.com/Consensys/gnark-crypto/pull/743">Consensys/gnark-crypto#743</a></li>
<li>perf: limit memory allocation during Vector deserialization by <a
href="https://github.com/ivokub"><code>@​ivokub</code></a> in <a
href="https://redirect.github.com/Consensys/gnark-crypto/pull/759">Consensys/gnark-crypto#759</a></li>
<li>CI: Standardize imports by <a
href="https://github.com/Tabaie"><code>@​Tabaie</code></a> in <a
href="https://redirect.github.com/Consensys/gnark-crypto/pull/760">Consensys/gnark-crypto#760</a></li>
<li>fix: remove duplicate import by <a
href="https://github.com/ivokub"><code>@​ivokub</code></a> in <a
href="https://redirect.github.com/Consensys/gnark-crypto/pull/762">Consensys/gnark-crypto#762</a></li>
<li>Perf: Optimize <code>Sqrt</code> in <code>Fp2</code> for all fields
by <a href="https://github.com/yelhousni"><code>@​yelhousni</code></a>
in <a
href="https://redirect.github.com/Consensys/gnark-crypto/pull/757">Consensys/gnark-crypto#757</a></li>
<li>feat: batch subgroup membership testing by <a
href="https://github.com/yelhousni"><code>@​yelhousni</code></a> in <a
href="https://redirect.github.com/Consensys/gnark-crypto/pull/710">Consensys/gnark-crypto#710</a></li>
<li>chore: merge v0.19 hotfix branch by <a
href="https://github.com/ivokub"><code>@​ivokub</code></a> in <a
href="https://redirect.github.com/Consensys/gnark-crypto/pull/766">Consensys/gnark-crypto#766</a></li>
<li>release: v0.19 hotfix branch by <a
href="https://github.com/ivokub"><code>@​ivokub</code></a> in <a
href="https://redirect.github.com/Consensys/gnark-crypto/pull/765">Consensys/gnark-crypto#765</a></li>
<li>chore: use self hosted runners by <a
href="https://github.com/waskow-consensys"><code>@​waskow-consensys</code></a>
in <a
href="https://redirect.github.com/Consensys/gnark-crypto/pull/763">Consensys/gnark-crypto#763</a></li>
<li>Feat: Add P-256 (secp256r1) elliptic curve + ECDSA by <a
href="https://github.com/yelhousni"><code>@​yelhousni</code></a> in <a
href="https://redirect.github.com/Consensys/gnark-crypto/pull/767">Consensys/gnark-crypto#767</a></li>
<li>Feat/sig bounds by <a
href="https://github.com/ThomasPiellard"><code>@​ThomasPiellard</code></a>
in <a
href="https://redirect.github.com/Consensys/gnark-crypto/pull/725">Consensys/gnark-crypto#725</a></li>
<li>build(deps): bump golang.org/x/crypto from 0.41.0 to 0.45.0 in the
go_modules group across 1 directory by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/Consensys/gnark-crypto/pull/770">Consensys/gnark-crypto#770</a></li>
<li>Fix: Affine twisted Edwards scalar multiplication edge case by <a
href="https://github.com/yelhousni"><code>@​yelhousni</code></a> in <a
href="https://redirect.github.com/Consensys/gnark-crypto/pull/774">Consensys/gnark-crypto#774</a></li>
<li>ci: enable security code scanner by <a
href="https://github.com/witmicko"><code>@​witmicko</code></a> in <a
href="https://redirect.github.com/Consensys/gnark-crypto/pull/771">Consensys/gnark-crypto#771</a></li>
<li>perf(bw6): faster direct Fp6 mul by <a
href="https://github.com/yelhousni"><code>@​yelhousni</code></a> in <a
href="https://redirect.github.com/Consensys/gnark-crypto/pull/776">Consensys/gnark-crypto#776</a></li>
<li>perf: adds poseidon2 &quot;simd&quot; fashion compress function
(avx512) by <a
href="https://github.com/gbotrel"><code>@​gbotrel</code></a> in <a
href="https://redirect.github.com/Consensys/gnark-crypto/pull/777">Consensys/gnark-crypto#777</a></li>
<li>feat: Expose <code>NewDefaultPermutation</code> in Poseidon2
packages by <a
href="https://github.com/Tabaie"><code>@​Tabaie</code></a> in <a
href="https://redirect.github.com/Consensys/gnark-crypto/pull/761">Consensys/gnark-crypto#761</a></li>
<li>perf: adds some more neon implementations for poseidon2 by <a
href="https://github.com/gbotrel"><code>@​gbotrel</code></a> in <a
href="https://redirect.github.com/Consensys/gnark-crypto/pull/785">Consensys/gnark-crypto#785</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/Consensys/gnark-crypto/blob/master/CHANGELOG.md">github.com/consensys/gnark-crypto's
changelog</a>.</em></p>
<blockquote>
<h2>[v0.20.1] - 2026-03-16</h2>
<h3>Fix</h3>
<ul>
<li>correct IFMA vector mul carry propagation (<a
href="https://redirect.github.com/Consensys/gnark-crypto/issues/816">#816</a>)
<!-- raw HTML omitted --><!-- raw HTML omitted --></li>
</ul>
<h2>[v0.20.0] - 2026-03-11</h2>
<h3>Build</h3>
<ul>
<li><strong>deps:</strong> bump golang.org/x/crypto from 0.41.0 to
0.45.0 in the go_modules group across 1 directory (<a
href="https://redirect.github.com/Consensys/gnark-crypto/issues/770">#770</a>)</li>
</ul>
<h3>CI</h3>
<ul>
<li>enable security code scanner (<a
href="https://redirect.github.com/Consensys/gnark-crypto/issues/771">#771</a>)</li>
<li>Standardize imports (<a
href="https://redirect.github.com/Consensys/gnark-crypto/issues/760">#760</a>)</li>
</ul>
<h3>Chore</h3>
<ul>
<li>golangci-lint update (<a
href="https://redirect.github.com/Consensys/gnark-crypto/issues/813">#813</a>)</li>
<li>rename sage files (<a
href="https://redirect.github.com/Consensys/gnark-crypto/issues/806">#806</a>)</li>
<li>add dependabot configuration for GitHub Actions updates (<a
href="https://redirect.github.com/Consensys/gnark-crypto/issues/804">#804</a>)</li>
<li>reintroduce slack notif (<a
href="https://redirect.github.com/Consensys/gnark-crypto/issues/802">#802</a>)</li>
<li>update ci workflows to go 1.25 (<a
href="https://redirect.github.com/Consensys/gnark-crypto/issues/801">#801</a>)</li>
<li>use self hosted runners (<a
href="https://redirect.github.com/Consensys/gnark-crypto/issues/763">#763</a>)</li>
<li>merge v0.19 hotfix branch (<a
href="https://redirect.github.com/Consensys/gnark-crypto/issues/766">#766</a>)</li>
<li>clarify PublicKey.SetBytes uses compressed public key (<a
href="https://redirect.github.com/Consensys/gnark-crypto/issues/732">#732</a>)</li>
</ul>
<h3>Feat</h3>
<ul>
<li>add bn254 poseidon2 constants and support t=4/8/12/16 (<a
href="https://redirect.github.com/Consensys/gnark-crypto/issues/783">#783</a>)</li>
<li>lattice-based rational reconstructions for gnark scalar
decompositions (<a
href="https://redirect.github.com/Consensys/gnark-crypto/issues/799">#799</a>)</li>
<li>Expose <code>NewDefaultPermutation</code> in Poseidon2 packages (<a
href="https://redirect.github.com/Consensys/gnark-crypto/issues/761">#761</a>)</li>
<li>batch subgroup membership testing (<a
href="https://redirect.github.com/Consensys/gnark-crypto/issues/710">#710</a>)</li>
<li>add typed field hasher interface in MiMC package (<a
href="https://redirect.github.com/Consensys/gnark-crypto/issues/752">#752</a>)</li>
<li>add parallel prefix product for vector e4 (<a
href="https://redirect.github.com/Consensys/gnark-crypto/issues/750">#750</a>)</li>
<li>expose vortex.ComputeLagrangeBasisAtX</li>
<li>vector e4 utils ops (<a
href="https://redirect.github.com/Consensys/gnark-crypto/issues/749">#749</a>)</li>
<li>add vector.Exp method</li>
<li>adds e4 vector Exp method (<a
href="https://redirect.github.com/Consensys/gnark-crypto/issues/739">#739</a>)</li>
<li>make bitReverse generic (<a
href="https://redirect.github.com/Consensys/gnark-crypto/issues/736">#736</a>)</li>
<li>handle len(p)=0 in kzg (<a
href="https://redirect.github.com/Consensys/gnark-crypto/issues/730">#730</a>)</li>
<li>Add P-256 (secp256r1) elliptic curve + ECDSA (<a
href="https://redirect.github.com/Consensys/gnark-crypto/issues/767">#767</a>)</li>
<li>add column linear combination check (<a
href="https://redirect.github.com/Consensys/gnark-crypto/issues/731">#731</a>)</li>
<li>Jacobian Triple for <code>j=0</code> curves (<a
href="https://redirect.github.com/Consensys/gnark-crypto/issues/715">#715</a>)</li>
</ul>
<h3>FiatShamir</h3>
<ul>
<li>creation of new challenges with New() (<a
href="https://redirect.github.com/Consensys/gnark-crypto/issues/811">#811</a>)</li>
</ul>
<h3>Fix</h3>
<ul>
<li>Affine twisted Edwards scalar multiplication edge case (<a
href="https://redirect.github.com/Consensys/gnark-crypto/issues/774">#774</a>)</li>
<li>fix cursor bot comments (<a
href="https://redirect.github.com/Consensys/gnark-crypto/issues/803">#803</a>)</li>
<li>E2 MustSetRandom all elements (<a
href="https://redirect.github.com/Consensys/gnark-crypto/issues/793">#793</a>)</li>
<li>remove duplicate import (<a
href="https://redirect.github.com/Consensys/gnark-crypto/issues/762">#762</a>)</li>
<li>use G2Affine in UpdateMonomialsG2 template (<a
href="https://redirect.github.com/Consensys/gnark-crypto/issues/735">#735</a>)</li>
<li>make <a
href="https://redirect.github.com/Consensys/gnark-crypto/issues/740">#740</a>
retro compatible BitReverse generic impl</li>
<li>reintroduce BitReverse in fft package as deprecated for backward…
(<a
href="https://redirect.github.com/Consensys/gnark-crypto/issues/740">#740</a>)</li>
<li><a
href="https://redirect.github.com/Consensys/gnark-crypto/issues/727">#727</a>
with go generate and cosmetics (<a
href="https://redirect.github.com/Consensys/gnark-crypto/issues/734">#734</a>)</li>
</ul>
<h3>Perf</h3>
<ul>
<li>direct quartic extension for koala and baby bears (<a
href="https://redirect.github.com/Consensys/gnark-crypto/issues/779">#779</a>)</li>
<li>optimize (purego) extension for koalabear (<a
href="https://redirect.github.com/Consensys/gnark-crypto/issues/729">#729</a>)</li>
<li>optimize pre-computation in fixed-argument pairings by batching
double steps (<a
href="https://redirect.github.com/Consensys/gnark-crypto/issues/798">#798</a>)</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/Consensys/gnark-crypto/commit/49879afc0859220afd5165bc6cafc1ee0a6e987a"><code>49879af</code></a>
release: v0.20.1 (<a
href="https://redirect.github.com/consensys/gnark-crypto/issues/818">#818</a>)</li>
<li><a
href="https://github.com/Consensys/gnark-crypto/commit/d932506964d24d8512c86e6575dd1ceb4a803088"><code>d932506</code></a>
deps(actions)(deps): bump actions/setup-go from 6.2.0 to 6.3.0 in the
core-ac...</li>
<li><a
href="https://github.com/Consensys/gnark-crypto/commit/be4aeba09a46ac45a12be6ee76f4d9a2aaf9bd99"><code>be4aeba</code></a>
fix: correct IFMA vector mul carry propagation (<a
href="https://redirect.github.com/consensys/gnark-crypto/issues/816">#816</a>)</li>
<li><a
href="https://github.com/Consensys/gnark-crypto/commit/a66323f3230119f2582e5ce9bcbfecf21e35286a"><code>a66323f</code></a>
release: v0.20.0 (<a
href="https://redirect.github.com/consensys/gnark-crypto/issues/815">#815</a>)</li>
<li><a
href="https://github.com/Consensys/gnark-crypto/commit/61835805fe3fee260c9ec2ccf0a52926e5e2c58b"><code>6183580</code></a>
chore: golangci-lint update (<a
href="https://redirect.github.com/consensys/gnark-crypto/issues/813">#813</a>)</li>
<li><a
href="https://github.com/Consensys/gnark-crypto/commit/448730f52fa6cdd5bb59ebcc21c8897996fd269c"><code>448730f</code></a>
FiatShamir: creation of new challenges with New() (<a
href="https://redirect.github.com/consensys/gnark-crypto/issues/811">#811</a>)</li>
<li><a
href="https://github.com/Consensys/gnark-crypto/commit/a1e02e552854386b14ab0136e30e7eb77b91e17f"><code>a1e02e5</code></a>
FFT Vectorization Optimization for F31 Fields (<a
href="https://redirect.github.com/consensys/gnark-crypto/issues/812">#812</a>)</li>
<li><a
href="https://github.com/Consensys/gnark-crypto/commit/be8fef1fff85d78b3fee54f842daa7965ab45490"><code>be8fef1</code></a>
chore: rename sage files (<a
href="https://redirect.github.com/consensys/gnark-crypto/issues/806">#806</a>)</li>
<li><a
href="https://github.com/Consensys/gnark-crypto/commit/aa334fcde5bda0a41687912ce83c5b917406c2cb"><code>aa334fc</code></a>
Add Python language configuration to security scanner (<a
href="https://redirect.github.com/consensys/gnark-crypto/issues/808">#808</a>)</li>
<li><a
href="https://github.com/Consensys/gnark-crypto/commit/a3a3ae54638a1201fa818d7d722ee57b1e1631f2"><code>a3a3ae5</code></a>
feat: add bn254 poseidon2 constants and support t=4/8/12/16 (<a
href="https://redirect.github.com/consensys/gnark-crypto/issues/783">#783</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/consensys/gnark-crypto/compare/v0.14.0...v0.20.1">compare
view</a></li>
</ul>
</details>
<br />

Updates `github.com/decred/dcrd/dcrec/secp256k1/v4` from 4.4.0 to 4.4.1
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/decred/dcrd/commit/76c0dc4f362b89331ff3bd46a3527f904181b8e0"><code>76c0dc4</code></a>
secp256k1: Deprecate elliptic.Curve impl methods.</li>
<li><a
href="https://github.com/decred/dcrd/commit/9cfcb7e9172902b7e8042ee72cc1b76cb617ce77"><code>9cfcb7e</code></a>
secp256k1: Reduce compat shim inputs mod prime.</li>
<li><a
href="https://github.com/decred/dcrd/commit/01869377bc3b3a2d1ab992dcb57c7726c162a72b"><code>0186937</code></a>
secp256k1: Add compat shim unreduced input tests.</li>
<li><a
href="https://github.com/decred/dcrd/commit/3612094297fcdc28e3abccb74704062b569e82f4"><code>3612094</code></a>
secp256k1: Add more compat shim curve member tests.</li>
<li><a
href="https://github.com/decred/dcrd/commit/fa3f7048cc028bcbc50cae1d7d04b2f09eac3deb"><code>fa3f704</code></a>
docs: Update README.md to required Go 1.25/1.26.</li>
<li><a
href="https://github.com/decred/dcrd/commit/f3224a64001f568b4014ca92bc4434323a0400ea"><code>f3224a6</code></a>
build: Test against Go 1.26.</li>
<li><a
href="https://github.com/decred/dcrd/commit/cc82c1084a68ae64891ba78f9fdf7a9ef978a037"><code>cc82c10</code></a>
build: Update golangci-lint to v2.9.0.</li>
<li><a
href="https://github.com/decred/dcrd/commit/7c01e5740a81e84a4b2d509af7934e267d1c8f7c"><code>7c01e57</code></a>
build: Update to latest action versions.</li>
<li><a
href="https://github.com/decred/dcrd/commit/951614378eac96ebb7fb3fce97a9221c2f4f20a6"><code>9516143</code></a>
mixing: Increment PRNG seed nonce for each test</li>
<li><a
href="https://github.com/decred/dcrd/commit/8aa2ac07222e4ce8698f318984cd1c0a5b1025af"><code>8aa2ac0</code></a>
docker: Update image to golang:1.26.0-alpine3.23.</li>
<li>Additional commits viewable in <a
href="https://github.com/decred/dcrd/compare/dcrec/secp256k1/v4.4.0...dcrec/secp256k1/v4.4.1">compare
view</a></li>
</ul>
</details>
<br />

Updates `github.com/erigontech/mdbx-go` from 0.40.0 to 0.40.1
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/erigontech/mdbx-go/commit/b49c1df725a946d9d15c441e639585642b7005a7"><code>b49c1df</code></a>
new 0.14.2 mdbx release</li>
<li><a
href="https://github.com/erigontech/mdbx-go/commit/08b12a1fb60bcbe5332ff26e8616d5b047db41bd"><code>08b12a1</code></a>
mdbx: expose ExactKeyValue/Pair navigation flags + merge last master (<a
href="https://redirect.github.com/erigontech/mdbx-go/issues/217">#217</a>)</li>
<li><a
href="https://github.com/erigontech/mdbx-go/commit/9c70e981b27f653552ed5499bdbfe5286c7f1057"><code>9c70e98</code></a>
Readers metrics and last master of libmdbx (<a
href="https://redirect.github.com/erigontech/mdbx-go/issues/216">#216</a>)</li>
<li><a
href="https://github.com/erigontech/mdbx-go/commit/23ee811a77124b72a86261c05bb3c8d081782233"><code>23ee811</code></a>
added readers metrics &amp; helpers (<a
href="https://redirect.github.com/erigontech/mdbx-go/issues/215">#215</a>)</li>
<li><a
href="https://github.com/erigontech/mdbx-go/commit/12d0f973a379b3356ea4b160a253599cd4d5ad1d"><code>12d0f97</code></a>
added gc metrics field (<a
href="https://redirect.github.com/erigontech/mdbx-go/issues/214">#214</a>)</li>
<li><a
href="https://github.com/erigontech/mdbx-go/commit/fc66e76c31b8f192890a43e0a3f228e4fd92d968"><code>fc66e76</code></a>
added bindings for range del (<a
href="https://redirect.github.com/erigontech/mdbx-go/issues/201">#201</a>)</li>
<li><a
href="https://github.com/erigontech/mdbx-go/commit/bd0ba123cbd07a519ce25b6ccabea4c6ffb5bada"><code>bd0ba12</code></a>
mdbx latest master (unreleased 0.14.x) (<a
href="https://redirect.github.com/erigontech/mdbx-go/issues/213">#213</a>)</li>
<li><a
href="https://github.com/erigontech/mdbx-go/commit/42d451d368e9afa6b3e76c6f8613c1bbc6ef75dd"><code>42d451d</code></a>
ci: bump GitHub Actions and golangci-lint versions (<a
href="https://redirect.github.com/erigontech/mdbx-go/issues/212">#212</a>)</li>
<li><a
href="https://github.com/erigontech/mdbx-go/commit/e2ff376eb3bcf647e42a1ccc54b6b8caa4d7f5f7"><code>e2ff376</code></a>
Cherry-pick PRs <a
href="https://redirect.github.com/erigontech/mdbx-go/issues/208">#208</a>,
<a
href="https://redirect.github.com/erigontech/mdbx-go/issues/209">#209</a>,
<a
href="https://redirect.github.com/erigontech/mdbx-go/issues/210">#210</a>
from release/0.39 to master (<a
href="https://redirect.github.com/erigontech/mdbx-go/issues/211">#211</a>)</li>
<li><a
href="https://github.com/erigontech/mdbx-go/commit/d4802a0d23471a6f46b0f0301d598bf452520af9"><code>d4802a0</code></a>
mdbx: add Cursor.PutCurrent for DupSort in-place dup replacement (<a
href="https://redirect.github.com/erigontech/mdbx-go/issues/207">#207</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/erigontech/mdbx-go/compare/v0.40.0...v0.40.1">compare
view</a></li>
</ul>
</details>
<br />

Updates `github.com/rogpeppe/go-internal` from 1.14.1 to 1.15.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/rogpeppe/go-internal/releases">github.com/rogpeppe/go-internal's
releases</a>.</em></p>
<blockquote>
<h2>v1.15.0</h2>
<h2>What's Changed</h2>
<ul>
<li>hash: do not salt with Go runtime version by <a
href="https://github.com/rogpeppe"><code>@​rogpeppe</code></a> in <a
href="https://redirect.github.com/rogpeppe/go-internal/pull/292">rogpeppe/go-internal#292</a></li>
<li>testscript: reset verbose on new blocks by <a
href="https://github.com/myitcv"><code>@​myitcv</code></a> in <a
href="https://redirect.github.com/rogpeppe/go-internal/pull/293">rogpeppe/go-internal#293</a></li>
<li>testscript: rewind last block if it was not in error by <a
href="https://github.com/myitcv"><code>@​myitcv</code></a> in <a
href="https://redirect.github.com/rogpeppe/go-internal/pull/294">rogpeppe/go-internal#294</a></li>
<li>testscript: protect against no-op uses of cmp by <a
href="https://github.com/mvdan"><code>@​mvdan</code></a> in <a
href="https://redirect.github.com/rogpeppe/go-internal/pull/295">rogpeppe/go-internal#295</a></li>
<li>goproxytest: add Setup by <a
href="https://github.com/rogpeppe"><code>@​rogpeppe</code></a> in <a
href="https://redirect.github.com/rogpeppe/go-internal/pull/303">rogpeppe/go-internal#303</a></li>
<li>update Go, fix, add <code>/@latest</code> to goproxytest by <a
href="https://github.com/mvdan"><code>@​mvdan</code></a> in <a
href="https://redirect.github.com/rogpeppe/go-internal/pull/302">rogpeppe/go-internal#302</a></li>
<li>internal/vcs: remove SYSTEMROOT workaround for Windows by <a
href="https://github.com/mvdan"><code>@​mvdan</code></a> in <a
href="https://redirect.github.com/rogpeppe/go-internal/pull/299">rogpeppe/go-internal#299</a></li>
<li>goproxytest: add overlay capability by <a
href="https://github.com/rogpeppe"><code>@​rogpeppe</code></a> in <a
href="https://redirect.github.com/rogpeppe/go-internal/pull/304">rogpeppe/go-internal#304</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/rogpeppe/go-internal/compare/v1.14.1...v1.15.0">https://github.com/rogpeppe/go-internal/compare/v1.14.1...v1.15.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/rogpeppe/go-internal/commit/8b1dcd4611005f03b2e062b8af5ddf7ceb3590d1"><code>8b1dcd4</code></a>
goproxytest: make .mod and .info files optional</li>
<li><a
href="https://github.com/rogpeppe/go-internal/commit/02e5dd4b32865244bb1a4960c4d8db3288df059f"><code>02e5dd4</code></a>
goproxytest: add overlay capability (<a
href="https://redirect.github.com/rogpeppe/go-internal/issues/304">#304</a>)</li>
<li><a
href="https://github.com/rogpeppe/go-internal/commit/3030644a6651fc95902ebe27e31581838861b233"><code>3030644</code></a>
internal/vcs: remove SYSTEMROOT workaround for Windows</li>
<li><a
href="https://github.com/rogpeppe/go-internal/commit/a4c00dcc1489c43e018711a4cf19c03fe458bbea"><code>a4c00dc</code></a>
goproxytest: handle /<a
href="https://github.com/latest"><code>@​latest</code></a> endpoint</li>
<li><a
href="https://github.com/rogpeppe/go-internal/commit/19311e852d49dbf76a37a675c490d55f5286e106"><code>19311e8</code></a>
all: go fix ./...</li>
<li><a
href="https://github.com/rogpeppe/go-internal/commit/74d131225ff109d843ce5a485ba35aa0478d8c4b"><code>74d1312</code></a>
test on Go 1.25 and 1.26</li>
<li><a
href="https://github.com/rogpeppe/go-internal/commit/aa1b1e25579a8bb2dbd991bc179ea2227232096d"><code>aa1b1e2</code></a>
goproxytest: add Setup (<a
href="https://redirect.github.com/rogpeppe/go-internal/issues/303">#303</a>)</li>
<li><a
href="https://github.com/rogpeppe/go-internal/commit/5223effb313364ee36b8951aee816228675ebff1"><code>5223eff</code></a>
testscript: protect against no-op uses of cmp</li>
<li><a
href="https://github.com/rogpeppe/go-internal/commit/ee70938f5823866e5bcbee66da908d859a36b913"><code>ee70938</code></a>
testscript: rewind last block if it was not in error</li>
<li><a
href="https://github.com/rogpeppe/go-internal/commit/a4ecbfbbaac506bbcef3691f7d0174ee989dd033"><code>a4ecbfb</code></a>
testscript: add a non-failing block to the end of logging tests</li>
<li>Additional commits viewable in <a
href="https://github.com/rogpeppe/go-internal/compare/v1.14.1...v1.15.0">compare
view</a></li>
</ul>
</details>
<br />

Updates `github.com/yuin/goldmark` from 1.7.16 to 1.8.2
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/yuin/goldmark/releases">github.com/yuin/goldmark's
releases</a>.</em></p>
<blockquote>
<h2>v1.8.2</h2>
<p>fix: setext headings positions</p>
<h2>v1.8.1</h2>
<p>fix: block positions</p>
<h2>v1.8.0</h2>
<ul>
<li>feat: add position information to all nodes
<ul>
<li>add position information to all nodes, including inline nodes and
link
reference definition nodes.</li>
<li>Now link reference definition nodes are represented as a new node
type.</li>
<li>Link and image nodes have a new field Reference which is a pointer
to the reference
link if this link is a reference link. This field is nil for
non-reference
links.</li>
</ul>
</li>
</ul>
<h2>v1.7.17 release</h2>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/yuin/goldmark/compare/v1.7.16...v1.7.17">https://github.com/yuin/goldmark/compare/v1.7.16...v1.7.17</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/yuin/goldmark/commit/379bf24a47e6ef07f34d7536aead86d8792ac300"><code>379bf24</code></a>
fix: setext headings positions</li>
<li><a
href="https://github.com/yuin/goldmark/commit/e8f2337fccef96576bce4b811a9dcdaa3bf23405"><code>e8f2337</code></a>
fix: block positions</li>
<li><a
href="https://github.com/yuin/goldmark/commit/dfa1ae1da52047c906b3345ad503ebc84a880734"><code>dfa1ae1</code></a>
feat: add position information to all nodes</li>
<li><a
href="https://github.com/yuin/goldmark/commit/cb46bbc4eca29d55aa9721e04ad207c23ccc44f9"><code>cb46bbc</code></a>
fix: prevent XSS by escaping dangerous URLs in links and images</li>
<li><a
href="https://github.com/yuin/goldmark/commit/d8b123c855fc895a2c8672c530ba9d9f2382d5ef"><code>d8b123c</code></a>
refactor: simplify codes</li>
<li><a
href="https://github.com/yuin/goldmark/commit/db34c99a0722f927d5e414fc9533deb3474bddfb"><code>db34c99</code></a>
Merge pull request <a
href="https://redirect.github.com/yuin/goldmark/issues/535">#535</a>
from Sebbito/master</li>
<li><a
href="https://github.com/yuin/goldmark/commit/5a2a2bfa203daca9b0d2ba38e4c4d607ccb1090b"><code>5a2a2bf</code></a>
Merge pull request <a
href="https://redirect.github.com/yuin/goldmark/issues/545">#545</a>
from maxatome/fix-table-panic</li>
<li><a
href="https://github.com/yuin/goldmark/commit/9aca46208ebdae2e37585d93082206adbc9b012c"><code>9aca462</code></a>
fix(table): if table cell attribute is a string, a panic occurs</li>
<li><a
href="https://github.com/yuin/goldmark/commit/ea86b3627a56a39961576ac232955dcc4d7327dd"><code>ea86b36</code></a>
Fix doc error in markdown.go</li>
<li>See full diff in <a
href="https://github.com/yuin/goldmark/compare/v1.7.16...v1.8.2">compare
view</a></li>
</ul>
</details>
<br />

Updates `go.opentelemetry.io/otel` from 1.41.0 to 1.44.0
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md">go.opentelemetry.io/otel's
changelog</a>.</em></p>
<blockquote>
<h2>[1.44.0/0.66.0/0.20.0/0.0.17] 2026-05-27</h2>
<h3>Added</h3>
<ul>
<li>Add <code>ByteSlice</code> and <code>ByteSliceValue</code> functions
for new <code>BYTESLICE</code> attribute type in
<code>go.opentelemetry.io/otel/attribute</code>. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7948">#7948</a>)</li>
<li>Apply attribute value limit to the <code>KindBytes</code> attribute
type in <code>go.opentelemetry.io/otel/sdk/log</code>. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7990">#7990</a>)</li>
<li>Apply attribute value limit to the <code>BYTESLICE</code> attribute
type in <code>go.opentelemetry.io/otel/sdk/trace</code>. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7990">#7990</a>)</li>
<li>Support <code>BYTESLICE</code> attributes in
<code>go.opentelemetry.io/otel/trace</code>. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8153">#8153</a>)</li>
<li>Support <code>BYTESLICE</code> attributes in
<code>go.opentelemetry.io/otel/exporters/otlp/otlptrace</code>. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8153">#8153</a>)</li>
<li>Support <code>BYTESLICE</code> attributes in
<code>go.opentelemetry.io/otel/exporters/otlp/otlplog</code>. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8153">#8153</a>)</li>
<li>Support <code>BYTESLICE</code> attributes in
<code>go.opentelemetry.io/otel/exporters/otlp/otlpmetric</code>. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8153">#8153</a>)</li>
<li>Support <code>BYTESLICE</code> attributes in
<code>go.opentelemetry.io/otel/exporters/zipkin</code>. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8153">#8153</a>)</li>
<li>Add <code>String</code> method for <code>Value</code> type in
<code>go.opentelemetry.io/otel/attribute</code>. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8142">#8142</a>)</li>
<li>Add <code>Slice</code> and <code>SliceValue</code> functions for new
<code>SLICE</code> attribute type in
<code>go.opentelemetry.io/otel/attribute</code>. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8166">#8166</a>)</li>
<li>Support <code>SLICE</code> attributes in
<code>go.opentelemetry.io/otel/exporters/otlp/otlptrace</code>. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8216">#8216</a>)</li>
<li>Support <code>SLICE</code> attributes in
<code>go.opentelemetry.io/otel/exporters/otlp/otlplog</code>. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8216">#8216</a>)</li>
<li>Support <code>SLICE</code> attributes in
<code>go.opentelemetry.io/otel/exporters/otlp/otlpmetric</code>. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8216">#8216</a>)</li>
<li>Support <code>SLICE</code> attributes in
<code>go.opentelemetry.io/otel/exporters/zipkin</code>. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8216">#8216</a>)</li>
<li>Apply <code>AttributeValueLengthLimit</code> to
<code>attribute.SLICE</code> type attribute values in
<code>go.opentelemetry.io/otel/sdk/trace</code>, recursively truncating
contained string values. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8217">#8217</a>)</li>
<li>Add <code>Error</code> field on <code>Record</code> type in
<code>go.opentelemetry.io/otel/log/logtest</code>. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8148">#8148</a>)</li>
<li>Add <code>WithMaxRequestSize</code> option in
<code>go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc</code>.
(<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8157">#8157</a>)</li>
<li>Add <code>WithMaxRequestSize</code> option in
<code>go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp</code>.
(<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8157">#8157</a>)</li>
<li>Add <code>WithMaxRequestSize</code> option in
<code>go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc</code>.
(<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8157">#8157</a>)</li>
<li>Add <code>WithMaxRequestSize</code> option in
<code>go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp</code>.
(<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8157">#8157</a>)</li>
<li>Add <code>WithMaxRequestSize</code> option in
<code>go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc</code>.
(<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8157">#8157</a>)</li>
<li>Add <code>WithMaxRequestSize</code> option in
<code>go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp</code>.
(<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8157">#8157</a>)</li>
<li>Add <code>Settable</code> to
<code>go.opentelemetry.io/otel/metric/x</code> to allow reusing
attribute options. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8178">#8178</a>)</li>
<li>Add experimental support for splitting metric data across multiple
batches in <code>go.opentelemetry.io/otel/sdk/metric</code>.
Set <code>OTEL_GO_X_METRIC_EXPORT_BATCH_SIZE=&lt;max_size&gt;</code> to
enable for all periodic readers.
See <code>go.opentelemetry.io/otel/sdk/metric/internal/x</code> for
feature documentation. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8071">#8071</a>)</li>
<li>Add experimental self-observability metrics in
<code>go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc</code>.
Enable with <code>OTEL_GO_X_SELF_OBSERVABILITY=true</code> environment
variable.
See
<code>go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc/internal/x</code>
for feature documentation. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8192">#8192</a>)</li>
<li>Add experimental self-observability metrics in
<code>go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp</code>.
Enable with <code>OTEL_GO_X_SELF_OBSERVABILITY=true</code> environment
variable.
See
<code>go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp/internal/x</code>
for feature documentation. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8194">#8194</a>)</li>
<li>Add experimental self-observability metrics in
<code>go.opentelemetry.io/otel/exporters/stdout/stdoutlog</code>.
Enable with <code>OTEL_GO_X_SELF_OBSERVABILITY=true</code> environment
variable.
See <code>go.opentelemetry.io/otel/stdout/stdoutlog/internal/x</code>
for feature documentation. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8263">#8263</a>)</li>
<li>Add <code>WithDefaultAttributes</code> to
<code>go.opentelemetry.io/otel/metric/x</code> to support setting
default attributes on instruments. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8135">#8135</a>)</li>
<li>Add <code>go.opentelemetry.io/otel/semconv/v1.41.0</code> package.
The package contains semantic conventions from the <code>v1.41.0</code>
version of the OpenTelemetry Semantic Conventions.
See the <a
href="https://github.com/open-telemetry/opentelemetry-go/blob/main/semconv/v1.41.0/MIGRATION.md">migration
documentation</a> for information on how to upgrade from
<code>go.opentelemetry.io/otel/semconv/v1.40.0</code>. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8324">#8324</a>)</li>
<li>Add Observable variants of instruments to
<code>go.opentelemetry.io/otel/semconv/v1.41.0</code> package. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8350">#8350</a>)</li>
<li>Generate explicit histogram bucket boundaries from weaver
configuration for HTTP and RPC duration instruments in
<code>go.opentelemetry.io/otel/semconv/v1.41.0</code>. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8002">#8002</a>)</li>
</ul>
<h3>Changed</h3>
<ul>
<li>⚠️ <strong>Breaking Change:</strong>
<code>go.opentelemetry.io/otel/sdk/metric</code> now applies a default
cardinality limit of 2000 to comply with the Metrics SDK specification
recommendation.
New attribute sets are dropped when the cardinality limit is reached.
The measurement of these sets are aggregated into a special attribute
set containing <code>attribute.Bool(&quot;otel.metric.overflow&quot;,
true)</code>.</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/open-telemetry/opentelemetry-go/commit/b62d92831b2dd142f5a0cc89c828270274196877"><code>b62d928</code></a>
Release 1.44.0 (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8376">#8376</a>)</li>
<li><a
href="https://github.com/open-telemetry/opentelemetry-go/commit/94132a0a729e94c5aa6e9e1ce7640c0f802dcfea"><code>94132a0</code></a>
chore(deps): update golang.org/x/telemetry digest to 5997936 (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8379">#8379</a>)</li>
<li><a
href="https://github.com/open-telemetry/opentelemetry-go/commit/6fdcf82adfebc3becfb5d357957546d6d7258469"><code>6fdcf82</code></a>
feat: add self-observability metrics to otlpmetricgrpc metric exporters
(<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8192">#8192</a>)</li>
<li><a
href="https://github.com/open-telemetry/opentelemetry-go/commit/761bbfc2f4ae002f4a54f8c57c12b8a58135a741"><code>761bbfc</code></a>
fix(deps): update golang.org/x (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8377">#8377</a>)</li>
<li><a
href="https://github.com/open-telemetry/opentelemetry-go/commit/3a91dc62d3852313bab40ff151bb3e11fae1745e"><code>3a91dc6</code></a>
fix(deps): update googleapis to 3dc84a4 (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8375">#8375</a>)</li>
<li><a
href="https://github.com/open-telemetry/opentelemetry-go/commit/f593185679130f56e14bed3c337fa7f8f60756b1"><code>f593185</code></a>
exporters/otlp: default max request size to 64 MiB (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8365">#8365</a>)</li>
<li><a
href="https://github.com/open-telemetry/opentelemetry-go/commit/f02feacf8652b69c051851cfa2945d2ed5f0d568"><code>f02feac</code></a>
Merge commit from fork</li>
<li><a
href="https://github.com/open-telemetry/opentelemetry-go/commit/36c2f1bfd1a6a789dc575f8886399093d7600586"><code>36c2f1b</code></a>
semconvkit: add invariant test for histogram-exclusion rule (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8370">#8370</a>)</li>
<li><a
href="https://github.com/open-telemetry/opentelemetry-go/commit/d0b6cbdff5346557923fd05bd3f5f34df002aeee"><code>d0b6cbd</code></a>
sdk/metric: document unit-sensitivity of DefaultAggregationSelector (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8224">#8224</a>)</li>
<li><a
href="https://github.com/open-telemetry/opentelemetry-go/commit/9a68034bd45c6f24c481d9f9c87ebbee0a61482f"><code>9a68034</code></a>
add self observability for stdout exporter (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8263">#8263</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/open-telemetry/opentelemetry-go/compare/v1.41.0...v1.44.0">compare
view</a></li>
</ul>
</details>
<br />

Updates
`go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc` from
1.37.0 to 1.44.0
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md">go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc's
changelog</a>.</em></p>
<blockquote>
<h2>[1.44.0/0.66.0/0.20.0/0.0.17] 2026-05-27</h2>
<h3>Added</h3>
<ul>
<li>Add <code>ByteSlice</code> and <code>ByteSliceValue</code> functions
for new <code>BYTESLICE</code> attribute type in
<code>go.opentelemetry.io/otel/attribute</code>. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7948">#7948</a>)</li>
<li>Apply attribute value limit to the <code>KindBytes</code> attribute
type in <code>go.opentelemetry.io/otel/sdk/log</code>. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7990">#7990</a>)</li>
<li>Apply attribute value limit to the <code>BYTESLICE</code> attribute
type in <code>go.opentelemetry.io/otel/sdk/trace</code>. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7990">#7990</a>)</li>
<li>Support <code>BYTESLICE</code> attributes in
<code>go.opentelemetry.io/otel/trace</code>. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8153">#8153</a>)</li>
<li>Support <code>BYTESLICE</code> attributes in
<code>go.opentelemetry.io/otel/exporters/otlp/otlptrace</code>. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8153">#8153</a>)</li>
<li>Support <code>BYTESLICE</code> attributes in
<code>go.opentelemetry.io/otel/exporters/otlp/otlplog</code>. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8153">#8153</a>)</li>
<li>Support <code>BYTESLICE</code> attributes in
<code>go.opentelemetry.io/otel/exporters/otlp/otlpmetric</code>. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8153">#8153</a>)</li>
<li>Support <code>BYTESLICE</code> attributes in
<code>go.opentelemetry.io/otel/exporters/zipkin</code>. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8153">#8153</a>)</li>
<li>Add <code>String</code> method for <code>Value</code> type in
<code>go.opentelemetry.io/otel/attribute</code>. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8142">#8142</a>)</li>
<li>Add <code>Slice</code> and <code>SliceValue</code> functions for new
<code>SLICE</code> attribute type in
<code>go.opentelemetry.io/otel/attribute</code>. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8166">#8166</a>)</li>
<li>Support <code>SLICE</code> attributes in
<code>go.opentelemetry.io/otel/exporters/otlp/otlptrace</code>. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8216">#8216</a>)</li>
<li>Support <code>SLICE</code> attributes in
<code>go.opentelemetry.io/otel/exporters/otlp/otlplog</code>. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8216">#8216</a>)</li>
<li>Support <code>SLICE</code> attributes in
<code>go.opentelemetry.io/otel/exporters/otlp/otlpmetric</code>. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8216">#8216</a>)</li>
<li>Support <code>SLICE</code> attributes in
<code>go.opentelemetry.io/otel/exporters/zipkin</code>. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8216">#8216</a>)</li>
<li>Apply <code>AttributeValueLengthLimit</code> to
<code>attribute.SLICE</code> type attribute values in
<code>go.opentelemetry.io/otel/sdk/trace</code>, recursively truncating
contained string values. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8217">#8217</a>)</li>
<li>Add <code>Error</code> field on <code>Record</code> type in
<code>go.opentelemetry.io/otel/log/logtest</code>. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8148">#8148</a>)</li>
<li>Add <code>WithMaxRequestSize</code> option in
<code>go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc</code>.
(<a
href="https://redirect.github.com…
…ds (gnolang#5301)

Depends on: gnolang#5247

Only relevant commit is last.

---

Allow `_` fields tagged with `amino:"reserved"` to consume a slot in the
binary field-number sequence without being encoded or decoded. Genproto
emits `reserved N;` for those slots.

Use this to remove StaticBlock.Externs (field 10) while keeping Parent
at field 11, preserving wire compatibility.

This more generally allows us to remove fields in Amino while
maintaining backward compatibility. It is still brittle (moving struct
fields is not allowed); but at least gives us a first tool to work with.

---------

Co-authored-by: ltzMaxwell <ltz.maxwell@gmail.com>
…ctions group (gnolang#5805)

Bumps the actions group with 1 update:
[github/codeql-action](https://github.com/github/codeql-action).

Updates `github/codeql-action` from 4.36.1 to 4.36.2
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/releases">github/codeql-action's
releases</a>.</em></p>
<blockquote>
<h2>v4.36.2</h2>
<ul>
<li>Cache CodeQL CLI version information across Actions steps. <a
href="https://redirect.github.com/github/codeql-action/pull/3943">#3943</a></li>
<li>Reduce requests while waiting for analysis processing by using
exponential backoff when polling SARIF processing status. <a
href="https://redirect.github.com/github/codeql-action/pull/3937">#3937</a></li>
<li>Update default CodeQL bundle version to <a
href="https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.6">2.25.6</a>.
<a
href="https://redirect.github.com/github/codeql-action/pull/3948">#3948</a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's
changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>4.36.2 - 04 Jun 2026</h2>
<ul>
<li>Cache CodeQL CLI version information across Actions steps. <a
href="https://redirect.github.com/github/codeql-action/pull/3943">#3943</a></li>
<li>Reduce requests while waiting for analysis processing by using
exponential backoff when polling SARIF processing status. <a
href="https://redirect.github.com/github/codeql-action/pull/3937">#3937</a></li>
<li>Update default CodeQL bundle version to <a
href="https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.6">2.25.6</a>.
<a
href="https://redirect.github.com/github/codeql-action/pull/3948">#3948</a></li>
</ul>
<h2>4.36.1 - 02 Jun 2026</h2>
<p>No user facing changes.</p>
<h2>4.36.0 - 22 May 2026</h2>
<ul>
<li><em>Breaking change</em>: Bump the minimum required CodeQL bundle
version to 2.19.4. <a
href="https://redirect.github.com/github/codeql-action/pull/3894">#3894</a></li>
<li>Add support for SHA-256 Git object IDs. <a
href="https://redirect.github.com/github/codeql-action/pull/3893">#3893</a></li>
<li>Update default CodeQL bundle version to <a
href="https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.5">2.25.5</a>.
<a
href="https://redirect.github.com/github/codeql-action/pull/3926">#3926</a></li>
</ul>
<h2>4.35.5 - 15 May 2026</h2>
<ul>
<li>We have improved how the JavaScript bundles for the CodeQL Action
are generated to avoid duplication across bundles and reduce the size of
the repository by around 70%. This should have no effect on the runtime
behaviour of the CodeQL Action. <a
href="https://redirect.github.com/github/codeql-action/pull/3899">#3899</a></li>
<li>For performance and accuracy reasons, <a
href="https://redirect.github.com/github/roadmap/issues/1158">improved
incremental analysis</a> will now only be enabled on a pull request when
diff-informed analysis is also enabled for that run. If diff-informed
analysis is unavailable (for example, because the PR diff ranges could
not be computed), the action will fall back to a full analysis. <a
href="https://redirect.github.com/github/codeql-action/pull/3791">#3791</a></li>
<li>If multiple inputs are provided for the GitHub-internal
<code>analysis-kinds</code> input, only <code>code-scanning</code> will
be enabled. The <code>analysis-kinds</code> input is experimental, for
GitHub-internal use only, and may change without notice at any time. <a
href="https://redirect.github.com/github/codeql-action/pull/3892">#3892</a></li>
<li>Added an experimental change which, when running a Code Scanning
analysis for a PR with <a
href="https://redirect.github.com/github/roadmap/issues/1158">improved
incremental analysis</a> enabled, prefers CodeQL CLI versions that have
a cached overlay-base database for the configured languages. This speeds
up analysis for a repository when there is not yet a cached overlay-base
database for the latest CLI version. We expect to roll this change out
to everyone in May. <a
href="https://redirect.github.com/github/codeql-action/pull/3880">#3880</a></li>
</ul>
<h2>4.35.4 - 07 May 2026</h2>
<ul>
<li>Update default CodeQL bundle version to <a
href="https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.4">2.25.4</a>.
<a
href="https://redirect.github.com/github/codeql-action/pull/3881">#3881</a></li>
</ul>
<h2>4.35.3 - 01 May 2026</h2>
<ul>
<li><em>Upcoming breaking change</em>: Add a deprecation warning for
customers using CodeQL version 2.19.3 and earlier. These versions of
CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise
Server 3.15, and will be unsupported by the next minor release of the
CodeQL Action. <a
href="https://redirect.github.com/github/codeql-action/pull/3837">#3837</a></li>
<li>Configurations for private registries that use Cloudsmith or GCP
OIDC are now accepted. <a
href="https://redirect.github.com/github/codeql-action/pull/3850">#3850</a></li>
<li>Best-effort connection tests for private registries now use
<code>GET</code> requests instead of <code>HEAD</code> for better
compatibility with various registry implementations. For NuGet feeds,
the test is now always performed against the service index. <a
href="https://redirect.github.com/github/codeql-action/pull/3853">#3853</a></li>
<li>Fixed a bug where two diagnostics produced within the same
millisecond could overwrite each other on disk, causing one of them to
be lost. <a
href="https://redirect.github.com/github/codeql-action/pull/3852">#3852</a></li>
<li>Update default CodeQL bundle version to <a
href="https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.3">2.25.3</a>.
<a
href="https://redirect.github.com/github/codeql-action/pull/3865">#3865</a></li>
</ul>
<h2>4.35.2 - 15 Apr 2026</h2>
<ul>
<li>The undocumented TRAP cache cleanup feature that could be enabled
using the <code>CODEQL_ACTION_CLEANUP_TRAP_CACHES</code> environment
variable is deprecated and will be removed in May 2026. If you are
affected by this, we recommend disabling TRAP caching by passing the
<code>trap-caching: false</code> input to the <code>init</code> Action.
<a
href="https://redirect.github.com/github/codeql-action/pull/3795">#3795</a></li>
<li>The Git version 2.36.0 requirement for improved incremental analysis
now only applies to repositories that contain submodules. <a
href="https://redirect.github.com/github/codeql-action/pull/3789">#3789</a></li>
<li>Python analysis on GHES no longer extracts the standard library,
relying instead on models of the standard library. This should result in
significantly faster extraction and analysis times, while the effect on
alerts should be minimal. <a
href="https://redirect.github.com/github/codeql-action/pull/3794">#3794</a></li>
<li>Fixed a bug in the validation of OIDC configurations for private
registries that was added in CodeQL Action 4.33.0 / 3.33.0. <a
href="https://redirect.github.com/github/codeql-action/pull/3807">#3807</a></li>
<li>Update default CodeQL bundle version to <a
href="https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.2">2.25.2</a>.
<a
href="https://redirect.github.com/github/codeql-action/pull/3823">#3823</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/github/codeql-action/commit/8aad20d150bbac5944a9f9d289da16a4b0d87c1e"><code>8aad20d</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/3949">#3949</a>
from github/update-v4.36.2-dcb947ce1</li>
<li><a
href="https://github.com/github/codeql-action/commit/f521b08cd8f468ab193ea950a589cb2e9c869c6a"><code>f521b08</code></a>
Add additional changelog notes</li>
<li><a
href="https://github.com/github/codeql-action/commit/8aeff0ffb7b78582ee0d0e6eebb8140684400d08"><code>8aeff0f</code></a>
Update changelog for v4.36.2</li>
<li><a
href="https://github.com/github/codeql-action/commit/dcb947ce15976d40ea82935510b2db4872ec124c"><code>dcb947c</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/3948">#3948</a>
from github/update-bundle/codeql-bundle-v2.25.6</li>
<li><a
href="https://github.com/github/codeql-action/commit/c251bcefa178f7780f62f150002acffe3d07fde9"><code>c251bce</code></a>
Add changelog note</li>
<li><a
href="https://github.com/github/codeql-action/commit/62953c18b35f59e28351d2f1e806925aef8b1e3c"><code>62953c1</code></a>
Update default bundle to codeql-bundle-v2.25.6</li>
<li><a
href="https://github.com/github/codeql-action/commit/423b570baf1976cd7a3daeba5d6e9f9b76432f37"><code>423b570</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/3946">#3946</a>
from github/dependabot/npm_and_yarn/npm-minor-5d507a...</li>
<li><a
href="https://github.com/github/codeql-action/commit/c35d1b164463ee62a100735382aaaa525c5d3496"><code>c35d1b1</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/3947">#3947</a>
from github/dependabot/github_actions/dot-github/wor...</li>
<li><a
href="https://github.com/github/codeql-action/commit/cb1a588b02755b176e7b9d033ed4b69312f0e1bd"><code>cb1a588</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/3937">#3937</a>
from github/robertbrignull/waitForProcessing_backoff</li>
<li><a
href="https://github.com/github/codeql-action/commit/ba47406412c54532b5b4fcfbaf877c9e2382b206"><code>ba47406</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/3943">#3943</a>
from github/henrymercer/cache-cli-version-info</li>
<li>Additional commits viewable in <a
href="https://github.com/github/codeql-action/compare/87557b9c84dde89fdd9b10e88954ac2f4248e463...8aad20d150bbac5944a9f9d289da16a4b0d87c1e">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=4.36.1&new-version=4.36.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…dates (gnolang#5801)

Bumps the npm_and_yarn group with 2 updates in the
/gno.land/pkg/gnoweb/frontend directory:
[minimatch](https://github.com/isaacs/minimatch) and
[glob](https://github.com/isaacs/node-glob).

Updates `minimatch` from 10.0.3 to 10.2.5
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/isaacs/minimatch/blob/main/changelog.md">minimatch's
changelog</a>.</em></p>
<blockquote>
<h1>change log</h1>
<h2>10.2</h2>
<ul>
<li>Add <code>braceExpandMax</code> option</li>
</ul>
<h2>10.1</h2>
<ul>
<li>Add <code>magicalBraces</code> option for <code>escape</code></li>
<li>Fix <code>makeRe</code> when <code>partial: true</code> is set.</li>
<li>Fix <code>makeRe</code> when pattern ends in a final <code>**</code>
path part.</li>
</ul>
<h2>10.0</h2>
<ul>
<li>Require node 20 or 22 and higher</li>
</ul>
<h2>9.0</h2>
<ul>
<li>No default export, only named exports.</li>
</ul>
<h2>8.0</h2>
<ul>
<li>Recursive descent parser for extglob, allowing correct support
for arbitrarily nested extglob expressions</li>
<li>Bump required Node.js version</li>
</ul>
<h2>7.4</h2>
<ul>
<li>Add <code>escape()</code> method</li>
<li>Add <code>unescape()</code> method</li>
<li>Add <code>Minimatch.hasMagic()</code> method</li>
</ul>
<h2>7.3</h2>
<ul>
<li>Add support for posix character classes in a unicode-aware way.</li>
</ul>
<h2>7.2</h2>
<ul>
<li>Add <code>windowsNoMagicRoot</code> option</li>
</ul>
<h2>7.1</h2>
<ul>
<li>Add <code>optimizationLevel</code> configuration option, and revert
the
default back to the 6.2 style minimal optimizations, making the
advanced transforms introduced in 7.0 opt-in. Also, process
provided file paths in the same way in optimizationLevel:2
mode, so <em>most</em> things that matched with optimizationLevel 1 or
0 <em>should</em> match with level 2 as well. However, level 1 is the
default, out of an abundance of caution.</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/isaacs/minimatch/commit/693c82377d0948401be4c6d3220c9a74132ab112"><code>693c823</code></a>
10.2.5</li>
<li><a
href="https://github.com/isaacs/minimatch/commit/7953af1fac53267c05e362f036b70de898318faa"><code>7953af1</code></a>
do not allow .. to consume drive letter on Windows</li>
<li><a
href="https://github.com/isaacs/minimatch/commit/1caf91893b67586255c68e2e513b14ac66785a24"><code>1caf918</code></a>
lint and format</li>
<li><a
href="https://github.com/isaacs/minimatch/commit/7783ed6670442acb4d455b9b164a1b2a33507a45"><code>7783ed6</code></a>
ignore docs</li>
<li><a
href="https://github.com/isaacs/minimatch/commit/6d9b356cd59372de00e1d5f3b8907a3350b9b8e5"><code>6d9b356</code></a>
update deps etc</li>
<li><a
href="https://github.com/isaacs/minimatch/commit/c36addb94e33f14254b9ca9017e63ae9c9d80d1d"><code>c36addb</code></a>
10.2.4</li>
<li><a
href="https://github.com/isaacs/minimatch/commit/26b90027d5ad0c383b5253a4e45d6dc7da282db4"><code>26b9002</code></a>
docs: add warning about ReDoS</li>
<li><a
href="https://github.com/isaacs/minimatch/commit/3a0d83b6f03a17ebc15361c2faa7110777042aab"><code>3a0d83b</code></a>
fix partial matching of globstar patterns</li>
<li><a
href="https://github.com/isaacs/minimatch/commit/ea94840326c3f40522f1b544bd2303024b0eec35"><code>ea94840</code></a>
10.2.3</li>
<li><a
href="https://github.com/isaacs/minimatch/commit/0873fbabc00a86e09f4469386059a71abb136c93"><code>0873fba</code></a>
update deps</li>
<li>Additional commits viewable in <a
href="https://github.com/isaacs/minimatch/compare/v10.0.3...v10.2.5">compare
view</a></li>
</ul>
</details>
<br />

Updates `glob` from 11.0.3 to 11.1.0
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/isaacs/node-glob/blob/main/changelog.md">glob's
changelog</a>.</em></p>
<blockquote>
<h1>changeglob</h1>
<h2>13</h2>
<ul>
<li>Move the CLI program out to a separate package,
<code>glob-bin</code>.
Install that if you'd like to continue using glob from the
command line.</li>
</ul>
<h2>12</h2>
<ul>
<li>Remove the unsafe <code>--shell</code> option. The
<code>--shell</code> option is now
ONLY supported on known shells where the behavior can be
implemented safely.</li>
</ul>
<h2>11.1</h2>
<p><a
href="https://github.com/isaacs/node-glob/security/advisories/GHSA-5j98-mcp5-4vw2">GHSA-5j98-mcp5-4vw2</a></p>
<ul>
<li>Add the <code>--shell</code> option for the command line, with a
warning
that this is unsafe. (It will be removed in v12.)</li>
<li>Add the <code>--cmd-arg</code>/<code>-g</code> as a way to
<em>safely</em> add positional
arguments to the command provided to the CLI tool.</li>
<li>Detect commands with space or quote characters on known shells,
and pass positional arguments to them safely, avoiding
<code>shell:true</code> execution.</li>
</ul>
<h2>11.0</h2>
<ul>
<li>Drop support for node before v20</li>
</ul>
<h2>10.4</h2>
<ul>
<li>Add <code>includeChildMatches: false</code> option</li>
<li>Export the <code>Ignore</code> class</li>
</ul>
<h2>10.3</h2>
<ul>
<li>Add <code>--default -p</code> flag to provide a default pattern</li>
<li>exclude symbolic links to directories when <code>follow</code> and
<code>nodir</code>
are both set</li>
</ul>
<h2>10.2</h2>
<ul>
<li>Add glob cli</li>
</ul>
<h2>10.1</h2>
<ul>
<li>Return <code>'.'</code> instead of the empty string <code>''</code>
when the current
working directory is returned as a match.</li>
<li>Add <code>posix: true</code> option to return <code>/</code>
delimited paths, even on</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/isaacs/node-glob/commit/2551fb51440d402fa2120457bf460e546ee9964d"><code>2551fb5</code></a>
11.1.0</li>
<li><a
href="https://github.com/isaacs/node-glob/commit/47473c046b91c67269df7a66eab782a6c2716146"><code>47473c0</code></a>
bin: Do not expose filenames to shell expansion</li>
<li><a
href="https://github.com/isaacs/node-glob/commit/bc33fe1c6a47abd497703d79ad96036e7891ff62"><code>bc33fe1</code></a>
skip tilde test on systems that lack tilde expansion</li>
<li><a
href="https://github.com/isaacs/node-glob/commit/59bf9ca211bda5636c4fe9e32d41530c90a4f30d"><code>59bf9ca</code></a>
fix notes</li>
<li><a
href="https://github.com/isaacs/node-glob/commit/dde4fa66c87e24b37bb5be28ed10c6e12019edac"><code>dde4fa6</code></a>
docs(README): add #anchor and improve <code>note</code>s</li>
<li><a
href="https://github.com/isaacs/node-glob/commit/0559b0ed13c0f8147cd2ac9d48bb49684caaf20e"><code>0559b0e</code></a>
docs: add better links to path-scurry docs</li>
<li><a
href="https://github.com/isaacs/node-glob/commit/c9773c249b4b9ed6b2447222c226f9d20c6ce916"><code>c9773c2</code></a>
fix: correct typos in <code>README.md</code></li>
<li><a
href="https://github.com/isaacs/node-glob/commit/13e68eadbc4f0aacd9d6ffbcb4b28a34d5d8512c"><code>13e68ea</code></a>
Fix punctuation in traversal function documentation</li>
<li><a
href="https://github.com/isaacs/node-glob/commit/1527e2b8107e95122ab6e9b6f6312f121693d53d"><code>1527e2b</code></a>
fix repo url</li>
<li><a
href="https://github.com/isaacs/node-glob/commit/7e190e8776a7fa66fba40827de5f9effd1c52f9d"><code>7e190e8</code></a>
fix typo <code>maths</code> → <code>paths</code></li>
<li>Additional commits viewable in <a
href="https://github.com/isaacs/node-glob/compare/v11.0.3...v11.1.0">compare
view</a></li>
</ul>
</details>
<br />


Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions
You can disable automated security fix PRs for this repo from the
[Security Alerts page](https://github.com/gnolang/gno/network/alerts).

</details>
…dates (gnolang#5803)

Bumps the go_modules group with 1 update in the /contribs/gnofaucet
directory:
[go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp](https://github.com/open-telemetry/opentelemetry-go).
Bumps the go_modules group with 2 updates in the /contribs/gnomd
directory: [golang.org/x/net](https://github.com/golang/net) and
[golang.org/x/image](https://github.com/golang/image).

Updates
`go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp` from
1.36.0 to 1.43.0
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md">go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp's
changelog</a>.</em></p>
<blockquote>
<h2>[1.43.0/0.65.0/0.19.0] 2026-04-02</h2>
<h3>Added</h3>
<ul>
<li>Add <code>IsRandom</code> and <code>WithRandom</code> on
<code>TraceFlags</code>, and <code>IsRandom</code> on
<code>SpanContext</code> in <code>go.opentelemetry.io/otel/trace</code>
for <a
href="https://www.w3.org/TR/trace-context-2/#random-trace-id-flag">W3C
Trace Context Level 2 Random Trace ID Flag</a> support. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8012">#8012</a>)</li>
<li>Add service detection with <code>WithService</code> in
<code>go.opentelemetry.io/otel/sdk/resource</code>. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7642">#7642</a>)</li>
<li>Add <code>DefaultWithContext</code> and
<code>EnvironmentWithContext</code> in
<code>go.opentelemetry.io/otel/sdk/resource</code> to support plumbing
<code>context.Context</code> through default and environment detectors.
(<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8051">#8051</a>)</li>
<li>Support attributes with empty value (<code>attribute.EMPTY</code>)
in
<code>go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc</code>.
(<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038">#8038</a>)</li>
<li>Support attributes with empty value (<code>attribute.EMPTY</code>)
in
<code>go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc</code>.
(<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038">#8038</a>)</li>
<li>Support attributes with empty value (<code>attribute.EMPTY</code>)
in
<code>go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc</code>.
(<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038">#8038</a>)</li>
<li>Support attributes with empty value (<code>attribute.EMPTY</code>)
in
<code>go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp</code>.
(<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038">#8038</a>)</li>
<li>Support attributes with empty value (<code>attribute.EMPTY</code>)
in
<code>go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp</code>.
(<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038">#8038</a>)</li>
<li>Support attributes with empty value (<code>attribute.EMPTY</code>)
in
<code>go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp</code>.
(<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038">#8038</a>)</li>
<li>Support attributes with empty value (<code>attribute.EMPTY</code>)
in
<code>go.opentelemetry.io/otel/sdk/metric/metricdata/metricdatatest</code>.
(<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038">#8038</a>)</li>
<li>Add support for per-series start time tracking for cumulative
metrics in <code>go.opentelemetry.io/otel/sdk/metric</code>.
Set <code>OTEL_GO_X_PER_SERIES_START_TIMESTAMPS=true</code> to enable.
(<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8060">#8060</a>)</li>
<li>Add <code>WithCardinalityLimitSelector</code> for metric reader for
configuring cardinality limits specific to the instrument kind. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7855">#7855</a>)</li>
</ul>
<h3>Changed</h3>
<ul>
<li>Introduce the <code>EMPTY</code> Type in
<code>go.opentelemetry.io/otel/attribute</code> to reflect that an empty
value is now a valid value, with <code>INVALID</code> remaining as a
deprecated alias of <code>EMPTY</code>. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038">#8038</a>)</li>
<li>Improve slice handling in
<code>go.opentelemetry.io/otel/attribute</code> to optimize short slice
values with fixed-size fast paths. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8039">#8039</a>)</li>
<li>Improve performance of span metric recording in
<code>go.opentelemetry.io/otel/sdk/trace</code> by returning early if
self-observability is not enabled. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8067">#8067</a>)</li>
<li>Improve formatting of metric data diffs in
<code>go.opentelemetry.io/otel/sdk/metric/metricdata/metricdatatest</code>.
(<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8073">#8073</a>)</li>
</ul>
<h3>Deprecated</h3>
<ul>
<li>Deprecate <code>INVALID</code> in
<code>go.opentelemetry.io/otel/attribute</code>. Use <code>EMPTY</code>
instead. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038">#8038</a>)</li>
</ul>
<h3>Fixed</h3>
<ul>
<li>Return spec-compliant <code>TraceIdRatioBased</code> description.
This is a breaking behavioral change, but it is necessary to
make the implementation <a
href="https://opentelemetry.io/docs/specs/otel/trace/sdk/#traceidratiobased">spec-compliant</a>.
(<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8027">#8027</a>)</li>
<li>Fix a race condition in
<code>go.opentelemetry.io/otel/sdk/metric</code> where the lastvalue
aggregation could collect the value 0 even when no zero-value
measurements were recorded. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8056">#8056</a>)</li>
<li>Limit HTTP response body to 4 MiB in
<code>go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp</code>
to mitigate excessive memory usage caused by a misconfigured or
malicious server.
Responses exceeding the limit are treated as non-retryable errors. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8108">#8108</a>)</li>
<li>Limit HTTP response body to 4 MiB in
<code>go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp</code>
to mitigate excessive memory usage caused by a misconfigured or
malicious server.
Responses exceeding the limit are treated as non-retryable errors. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8108">#8108</a>)</li>
<li>Limit HTTP response body to 4 MiB in
<code>go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp</code>
to mitigate excessive memory usage caused by a misconfigured or
malicious server.
Responses exceeding the limit are treated as non-retryable errors. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8108">#8108</a>)</li>
<li><code>WithHostID</code> detector in
<code>go.opentelemetry.io/otel/sdk/resource</code> to use full path for
<code>kenv</code> command on BSD. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8113">#8113</a>)</li>
<li>Fix missing <code>request.GetBody</code> in
<code>go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp</code>
to correctly handle HTTP2 GOAWAY frame. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8096">#8096</a>)</li>
</ul>
<h2>[1.42.0/0.64.0/0.18.0/0.0.16] 2026-03-06</h2>
<h3>Added</h3>
<ul>
<li>Add <code>go.opentelemetry.io/otel/semconv/v1.40.0</code> package.
The package contains semantic conventions from the <code>v1.40.0</code>
version of the OpenTelemetry Semantic Conventions.
See the <a
href="https://github.com/open-telemetry/opentelemetry-go/blob/main/semconv/v1.40.0/MIGRATION.md">migration
documentation</a> for information on how to upgrade from
<code>go.opentelemetry.io/otel/semconv/v1.39.0</code>. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7985">#7985</a>)</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/open-telemetry/opentelemetry-go/commit/9276201a64b623606e3eaa0d61ae8ee6d62756c0"><code>9276201</code></a>
Release v1.43.0 / v0.65.0 / v0.19.0 (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8128">#8128</a>)</li>
<li><a
href="https://github.com/open-telemetry/opentelemetry-go/commit/61b8c9466c4e6b17e69b622279fe9b63fb15c89a"><code>61b8c94</code></a>
chore(deps): update module github.com/mattn/go-runewidth to v0.0.22 (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8131">#8131</a>)</li>
<li><a
href="https://github.com/open-telemetry/opentelemetry-go/commit/97a086e82ffe01502f4c620e9c447efa229e2a23"><code>97a086e</code></a>
chore(deps): update github.com/golangci/dupl digest to c99c5cf (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8122">#8122</a>)</li>
<li><a
href="https://github.com/open-telemetry/opentelemetry-go/commit/5e363de517dba6db62736b2f5cdef0e0929b4cd0"><code>5e363de</code></a>
limit response body size for OTLP HTTP exporters (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8108">#8108</a>)</li>
<li><a
href="https://github.com/open-telemetry/opentelemetry-go/commit/35214b60138eac8dec97a2d2b851d8c8471680c7"><code>35214b6</code></a>
Use an absolute path when calling bsd kenv (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8113">#8113</a>)</li>
<li><a
href="https://github.com/open-telemetry/opentelemetry-go/commit/290024ceaf695f9cdbf29a0c6731a317d92bc361"><code>290024c</code></a>
fix(deps): update module google.golang.org/grpc to v1.80.0 (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8121">#8121</a>)</li>
<li><a
href="https://github.com/open-telemetry/opentelemetry-go/commit/e70658e098033d6bb5ec1b399de16bbb2642f6dc"><code>e70658e</code></a>
fix: support getBody in otelploghttp (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8096">#8096</a>)</li>
<li><a
href="https://github.com/open-telemetry/opentelemetry-go/commit/4afe468e3b4859c949a1c1e8d92684d43d86ef8a"><code>4afe468</code></a>
fix(deps): update googleapis to 9d38bb4 (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8117">#8117</a>)</li>
<li><a
href="https://github.com/open-telemetry/opentelemetry-go/commit/b9ca729776309e3c08fe700c131797a3b4d10634"><code>b9ca729</code></a>
chore(deps): update module github.com/go-git/go-git/v5 to v5.17.2 (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8115">#8115</a>)</li>
<li><a
href="https://github.com/open-telemetry/opentelemetry-go/commit/69472ec56cb7674d55ca2e2bcb04dea73228ab79"><code>69472ec</code></a>
chore(deps): update fossas/fossa-action action to v1.9.0 (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8118">#8118</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/open-telemetry/opentelemetry-go/compare/v1.36.0...v1.43.0">compare
view</a></li>
</ul>
</details>
<br />

Updates `go.opentelemetry.io/otel/sdk` from 1.36.0 to 1.43.0
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md">go.opentelemetry.io/otel/sdk's
changelog</a>.</em></p>
<blockquote>
<h2>[1.43.0/0.65.0/0.19.0] 2026-04-02</h2>
<h3>Added</h3>
<ul>
<li>Add <code>IsRandom</code> and <code>WithRandom</code> on
<code>TraceFlags</code>, and <code>IsRandom</code> on
<code>SpanContext</code> in <code>go.opentelemetry.io/otel/trace</code>
for <a
href="https://www.w3.org/TR/trace-context-2/#random-trace-id-flag">W3C
Trace Context Level 2 Random Trace ID Flag</a> support. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8012">#8012</a>)</li>
<li>Add service detection with <code>WithService</code> in
<code>go.opentelemetry.io/otel/sdk/resource</code>. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7642">#7642</a>)</li>
<li>Add <code>DefaultWithContext</code> and
<code>EnvironmentWithContext</code> in
<code>go.opentelemetry.io/otel/sdk/resource</code> to support plumbing
<code>context.Context</code> through default and environment detectors.
(<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8051">#8051</a>)</li>
<li>Support attributes with empty value (<code>attribute.EMPTY</code>)
in
<code>go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc</code>.
(<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038">#8038</a>)</li>
<li>Support attributes with empty value (<code>attribute.EMPTY</code>)
in
<code>go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc</code>.
(<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038">#8038</a>)</li>
<li>Support attributes with empty value (<code>attribute.EMPTY</code>)
in
<code>go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc</code>.
(<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038">#8038</a>)</li>
<li>Support attributes with empty value (<code>attribute.EMPTY</code>)
in
<code>go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp</code>.
(<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038">#8038</a>)</li>
<li>Support attributes with empty value (<code>attribute.EMPTY</code>)
in
<code>go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp</code>.
(<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038">#8038</a>)</li>
<li>Support attributes with empty value (<code>attribute.EMPTY</code>)
in
<code>go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp</code>.
(<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038">#8038</a>)</li>
<li>Support attributes with empty value (<code>attribute.EMPTY</code>)
in
<code>go.opentelemetry.io/otel/sdk/metric/metricdata/metricdatatest</code>.
(<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038">#8038</a>)</li>
<li>Add support for per-series start time tracking for cumulative
metrics in <code>go.opentelemetry.io/otel/sdk/metric</code>.
Set <code>OTEL_GO_X_PER_SERIES_START_TIMESTAMPS=true</code> to enable.
(<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8060">#8060</a>)</li>
<li>Add <code>WithCardinalityLimitSelector</code> for metric reader for
configuring cardinality limits specific to the instrument kind. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7855">#7855</a>)</li>
</ul>
<h3>Changed</h3>
<ul>
<li>Introduce the <code>EMPTY</code> Type in
<code>go.opentelemetry.io/otel/attribute</code> to reflect that an empty
value is now a valid value, with <code>INVALID</code> remaining as a
deprecated alias of <code>EMPTY</code>. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038">#8038</a>)</li>
<li>Improve slice handling in
<code>go.opentelemetry.io/otel/attribute</code> to optimize short slice
values with fixed-size fast paths. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8039">#8039</a>)</li>
<li>Improve performance of span metric recording in
<code>go.opentelemetry.io/otel/sdk/trace</code> by returning early if
self-observability is not enabled. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8067">#8067</a>)</li>
<li>Improve formatting of metric data diffs in
<code>go.opentelemetry.io/otel/sdk/metric/metricdata/metricdatatest</code>.
(<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8073">#8073</a>)</li>
</ul>
<h3>Deprecated</h3>
<ul>
<li>Deprecate <code>INVALID</code> in
<code>go.opentelemetry.io/otel/attribute</code>. Use <code>EMPTY</code>
instead. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038">#8038</a>)</li>
</ul>
<h3>Fixed</h3>
<ul>
<li>Return spec-compliant <code>TraceIdRatioBased</code> description.
This is a breaking behavioral change, but it is necessary to
make the implementation <a
href="https://opentelemetry.io/docs/specs/otel/trace/sdk/#traceidratiobased">spec-compliant</a>.
(<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8027">#8027</a>)</li>
<li>Fix a race condition in
<code>go.opentelemetry.io/otel/sdk/metric</code> where the lastvalue
aggregation could collect the value 0 even when no zero-value
measurements were recorded. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8056">#8056</a>)</li>
<li>Limit HTTP response body to 4 MiB in
<code>go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp</code>
to mitigate excessive memory usage caused by a misconfigured or
malicious server.
Responses exceeding the limit are treated as non-retryable errors. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8108">#8108</a>)</li>
<li>Limit HTTP response body to 4 MiB in
<code>go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp</code>
to mitigate excessive memory usage caused by a misconfigured or
malicious server.
Responses exceeding the limit are treated as non-retryable errors. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8108">#8108</a>)</li>
<li>Limit HTTP response body to 4 MiB in
<code>go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp</code>
to mitigate excessive memory usage caused by a misconfigured or
malicious server.
Responses exceeding the limit are treated as non-retryable errors. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8108">#8108</a>)</li>
<li><code>WithHostID</code> detector in
<code>go.opentelemetry.io/otel/sdk/resource</code> to use full path for
<code>kenv</code> command on BSD. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8113">#8113</a>)</li>
<li>Fix missing <code>request.GetBody</code> in
<code>go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp</code>
to correctly handle HTTP2 GOAWAY frame. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8096">#8096</a>)</li>
</ul>
<h2>[1.42.0/0.64.0/0.18.0/0.0.16] 2026-03-06</h2>
<h3>Added</h3>
<ul>
<li>Add <code>go.opentelemetry.io/otel/semconv/v1.40.0</code> package.
The package contains semantic conventions from the <code>v1.40.0</code>
version of the OpenTelemetry Semantic Conventions.
See the <a
href="https://github.com/open-telemetry/opentelemetry-go/blob/main/semconv/v1.40.0/MIGRATION.md">migration
documentation</a> for information on how to upgrade from
<code>go.opentelemetry.io/otel/semconv/v1.39.0</code>. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7985">#7985</a>)</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/open-telemetry/opentelemetry-go/commit/9276201a64b623606e3eaa0d61ae8ee6d62756c0"><code>9276201</code></a>
Release v1.43.0 / v0.65.0 / v0.19.0 (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8128">#8128</a>)</li>
<li><a
href="https://github.com/open-telemetry/opentelemetry-go/commit/61b8c9466c4e6b17e69b622279fe9b63fb15c89a"><code>61b8c94</code></a>
chore(deps): update module github.com/mattn/go-runewidth to v0.0.22 (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8131">#8131</a>)</li>
<li><a
href="https://github.com/open-telemetry/opentelemetry-go/commit/97a086e82ffe01502f4c620e9c447efa229e2a23"><code>97a086e</code></a>
chore(deps): update github.com/golangci/dupl digest to c99c5cf (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8122">#8122</a>)</li>
<li><a
href="https://github.com/open-telemetry/opentelemetry-go/commit/5e363de517dba6db62736b2f5cdef0e0929b4cd0"><code>5e363de</code></a>
limit response body size for OTLP HTTP exporters (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8108">#8108</a>)</li>
<li><a
href="https://github.com/open-telemetry/opentelemetry-go/commit/35214b60138eac8dec97a2d2b851d8c8471680c7"><code>35214b6</code></a>
Use an absolute path when calling bsd kenv (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8113">#8113</a>)</li>
<li><a
href="https://github.com/open-telemetry/opentelemetry-go/commit/290024ceaf695f9cdbf29a0c6731a317d92bc361"><code>290024c</code></a>
fix(deps): update module google.golang.org/grpc to v1.80.0 (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8121">#8121</a>)</li>
<li><a
href="https://github.com/open-telemetry/opentelemetry-go/commit/e70658e098033d6bb5ec1b399de16bbb2642f6dc"><code>e70658e</code></a>
fix: support getBody in otelploghttp (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8096">#8096</a>)</li>
<li><a
href="https://github.com/open-telemetry/opentelemetry-go/commit/4afe468e3b4859c949a1c1e8d92684d43d86ef8a"><code>4afe468</code></a>
fix(deps): update googleapis to 9d38bb4 (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8117">#8117</a>)</li>
<li><a
href="https://github.com/open-telemetry/opentelemetry-go/commit/b9ca729776309e3c08fe700c131797a3b4d10634"><code>b9ca729</code></a>
chore(deps): update module github.com/go-git/go-git/v5 to v5.17.2 (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8115">#8115</a>)</li>
<li><a
href="https://github.com/open-telemetry/opentelemetry-go/commit/69472ec56cb7674d55ca2e2bcb04dea73228ab79"><code>69472ec</code></a>
chore(deps): update fossas/fossa-action action to v1.9.0 (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8118">#8118</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/open-telemetry/opentelemetry-go/compare/v1.36.0...v1.43.0">compare
view</a></li>
</ul>
</details>
<br />

Updates `golang.org/x/crypto` from 0.40.0 to 0.49.0
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/golang/crypto/commit/982eaa62dfb7273603b97fc1835561450096f3bd"><code>982eaa6</code></a>
go.mod: update golang.org/x dependencies</li>
<li><a
href="https://github.com/golang/crypto/commit/159944f128e9b3fdeb5a5b9b102a961904601a87"><code>159944f</code></a>
ssh,acme: clean up tautological/impossible nil conditions</li>
<li><a
href="https://github.com/golang/crypto/commit/a408498e55412f2ae2a058336f78889fb1ba6115"><code>a408498</code></a>
acme: only require prompt if server has terms of service</li>
<li><a
href="https://github.com/golang/crypto/commit/cab0f718548e8a858701b7b48161f44748532f58"><code>cab0f71</code></a>
all: upgrade go directive to at least 1.25.0 [generated]</li>
<li><a
href="https://github.com/golang/crypto/commit/2f26647a795e74e712b3aebc2655bca60b2686f9"><code>2f26647</code></a>
x509roots/fallback: update bundle</li>
<li><a
href="https://github.com/golang/crypto/commit/e08b06753d6a72f1fe375b6e0fefefb39917c165"><code>e08b067</code></a>
go.mod: update golang.org/x dependencies</li>
<li><a
href="https://github.com/golang/crypto/commit/7d0074ccc6f17acbf2ebb10db06d492e08f887dc"><code>7d0074c</code></a>
scrypt: fix panic on parameters &lt;= 0</li>
<li><a
href="https://github.com/golang/crypto/commit/506e022208b864bc3c9c4a416fe56be75d10ad24"><code>506e022</code></a>
go.mod: update golang.org/x dependencies</li>
<li><a
href="https://github.com/golang/crypto/commit/7dacc380ba001e8fe7c3c7a46bf3cbdaa5064df9"><code>7dacc38</code></a>
chacha20poly1305: error out in fips140=only mode</li>
<li><a
href="https://github.com/golang/crypto/commit/19acf81bd7bc7b558d18a550e8e023df2c33e742"><code>19acf81</code></a>
go.mod: update golang.org/x dependencies</li>
<li>Additional commits viewable in <a
href="https://github.com/golang/crypto/compare/v0.40.0...v0.49.0">compare
view</a></li>
</ul>
</details>
<br />

Updates `google.golang.org/grpc` from 1.72.1 to 1.80.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/grpc/grpc-go/releases">google.golang.org/grpc's
releases</a>.</em></p>
<blockquote>
<h2>Release 1.80.0</h2>
<h1>Behavior Changes</h1>
<ul>
<li>balancer: log a warning if a balancer is registered with uppercase
letters, as balancer names should be lowercase. In a future release,
balancer names will be treated as case-insensitive; see <a
href="https://redirect.github.com/grpc/grpc-go/issues/5288">#5288</a>
for details. (<a
href="https://redirect.github.com/grpc/grpc-go/issues/8837">#8837</a>)</li>
<li>xds: update resource error handling and re-resolution logic (<a
href="https://redirect.github.com/grpc/grpc-go/issues/8907">#8907</a>)
<ul>
<li>Re-resolve all <code>LOGICAL_DNS</code> clusters simultaneously when
re-resolution is requested.</li>
<li>Fail all in-flight RPCs immediately upon receipt of listener or
route resource errors, instead of allowing them to complete.</li>
</ul>
</li>
</ul>
<h1>Bug Fixes</h1>
<ul>
<li>xds: support the LB policy configured in <code>LOGICAL_DNS</code>
cluster resources instead of defaulting to <code>pick_first</code>. (<a
href="https://redirect.github.com/grpc/grpc-go/issues/8733">#8733</a>)</li>
<li>credentials/tls: perform per-RPC authority validation against the
leaf certificate instead of the entire peer certificate chain. (<a
href="https://redirect.github.com/grpc/grpc-go/issues/8831">#8831</a>)</li>
<li>xds: enabling A76 ring hash endpoint keys no longer causes EDS
resources with invalid proxy metadata to be NACKed when HTTP CONNECT
(gRFC A86) is disabled. (<a
href="https://redirect.github.com/grpc/grpc-go/issues/8875">#8875</a>)</li>
<li>xds: validate that the sum of endpoint weights in a locality does
not exceed the maximum <code>uint32</code> value. (<a
href="https://redirect.github.com/grpc/grpc-go/issues/8899">#8899</a>)
<ul>
<li>Special Thanks: <a
href="https://github.com/RAVEYUS"><code>@​RAVEYUS</code></a></li>
</ul>
</li>
<li>xds: fix incorrect proto field access in the weighted round robin
(WRR) configuration where <code>blackout_period</code> was used instead
of <code>weight_expiration_period</code>. (<a
href="https://redirect.github.com/grpc/grpc-go/issues/8915">#8915</a>)
<ul>
<li>Special Thanks: <a
href="https://github.com/gregbarasch"><code>@​gregbarasch</code></a></li>
</ul>
</li>
<li>xds/rbac: handle addresses with ports in IP matchers. (<a
href="https://redirect.github.com/grpc/grpc-go/issues/8990">#8990</a>)</li>
</ul>
<h1>New Features</h1>
<ul>
<li>ringhash: enable gRFC A76 (endpoint hash keys and request hash
headers) by default. (<a
href="https://redirect.github.com/grpc/grpc-go/issues/8922">#8922</a>)</li>
</ul>
<h1>Performance Improvements</h1>
<ul>
<li>credentials/alts: pool write buffers to reduce memory allocations
and usage. (<a
href="https://redirect.github.com/grpc/grpc-go/issues/8919">#8919</a>)</li>
<li>grpc: enable the use of pooled write buffers for buffering HTTP/2
frame writes by default. This reduces memory usage when connections are
idle. Use the <a
href="https://pkg.go.dev/google.golang.org/grpc#WithSharedWriteBuffer">WithSharedWriteBuffer</a>
dial option or the <a
href="https://pkg.go.dev/google.golang.org/grpc#SharedWriteBuffer">SharedWriteBuffer</a>
server option to disable this feature. (<a
href="https://redirect.github.com/grpc/grpc-go/issues/8957">#8957</a>)</li>
<li>xds/priority: stop caching child LB policies removed from the
configuration. This will help reduce memory and cpu usage when
localities are constantly switching between priorities. (<a
href="https://redirect.github.com/grpc/grpc-go/issues/8997">#8997</a>)</li>
<li>mem: add a faster tiered buffer pool; use the experimental <a
href="https://pkg.go.dev/google.golang.org/grpc/mem@master#NewBinaryTieredBufferPool">mem.NewBinaryTieredBufferPool</a>
function to create such pools. (<a
href="https://redirect.github.com/grpc/grpc-go/issues/8775">#8775</a>)</li>
</ul>
<h2>Release 1.79.3</h2>
<h1>Security</h1>
<ul>
<li>server: fix an authorization bypass where malformed :path headers
(missing the leading slash) could bypass path-based restricted
&quot;deny&quot; rules in interceptors like <code>grpc/authz</code>. Any
request with a non-canonical path is now immediately rejected with an
<code>Unimplemented</code> error. (<a
href="https://redirect.github.com/grpc/grpc-go/issues/8981">#8981</a>)</li>
</ul>
<h2>Release 1.79.2</h2>
<h1>Bug Fixes</h1>
<ul>
<li>stats: Prevent redundant error logging in health/ORCA producers by
skipping stats/tracing processing when no stats handler is configured.
(<a
href="https://redirect.github.com/grpc/grpc-go/pull/8874">grpc/grpc-go#8874</a>)</li>
</ul>
<h2>Release 1.79.1</h2>
<h1>Bug Fixes</h1>
<ul>
<li>grpc: Remove the <code>-dev</code> suffix from the User-Agent
header. (<a
href="https://redirect.github.com/grpc/grpc-go/pull/8902">grpc/grpc-go#8902</a>)</li>
</ul>
<h2>Release 1.79.0</h2>
<h1>API Changes</h1>
<ul>
<li>mem: Add experimental API <code>SetDefaultBufferPool</code> to
change the default buffer pool. (<a
href="https://redirect.github.com/grpc/grpc-go/issues/8806">#8806</a>)
<ul>
<li>Special Thanks: <a
href="https://github.com/vanja-p"><code>@​vanja-p</code></a></li>
</ul>
</li>
<li>experimental/stats: Update <code>MetricsRecorder</code> to require
embedding the new <code>UnimplementedMetricsRecorder</code> (a no-op
struct) in all implementations for forward compatibility. (<a
href="https://redirect.github.com/grpc/grpc-go/issues/8780">#8780</a>)</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/grpc/grpc-go/commit/397e45edaa68f8763773bbaaf539cf7894169cd2"><code>397e45e</code></a>
Change version to 1.80.0 (<a
href="https://redirect.github.com/grpc/grpc-go/issues/8948">#8948</a>)</li>
<li><a
href="https://github.com/grpc/grpc-go/commit/64ebf0a600005838970e6ba1eb0a9e46e528ed73"><code>64ebf0a</code></a>
Cherry-pick <a
href="https://redirect.github.com/grpc/grpc-go/issues/8997">#8997</a> to
v1.80.x (<a
href="https://redirect.github.com/grpc/grpc-go/issues/9027">#9027</a>)</li>
<li><a
href="https://github.com/grpc/grpc-go/commit/e45ed241865981b6973cdd0dd69571456d570282"><code>e45ed24</code></a>
xds/rbac: add additional handling for addresses with ports (<a
href="https://redirect.github.com/grpc/grpc-go/issues/8990">#8990</a>)
(<a
href="https://redirect.github.com/grpc/grpc-go/issues/9022">#9022</a>)</li>
<li><a
href="https://github.com/grpc/grpc-go/commit/c78d26e03e129f5cb357b757037fcded2333b74e"><code>c78d26e</code></a>
Cherry-pick <a
href="https://redirect.github.com/grpc/grpc-go/issues/8957">#8957</a> to
v1.80.x (<a
href="https://redirect.github.com/grpc/grpc-go/issues/9007">#9007</a>)</li>
<li><a
href="https://github.com/grpc/grpc-go/commit/bd7cd3c1abbd27fb751275a58886444d52103482"><code>bd7cd3c</code></a>
grpc: enforce strict path checking for incoming requests on the server
(<a
href="https://redirect.github.com/grpc/grpc-go/issues/8987">#8987</a>)</li>
<li><a
href="https://github.com/grpc/grpc-go/commit/b6597b3d328c1ed6b003f9a23b942af7148352ca"><code>b6597b3</code></a>
xds/clusterimpl: use xdsConfig for updates and remove redundant fields
from L...</li>
<li><a
href="https://github.com/grpc/grpc-go/commit/1d4fa8a7b772553e82137b059ad4a8f632a1c522"><code>1d4fa8a</code></a>
xds: change cdsbalancer to use update from dependency manager (<a
href="https://redirect.github.com/grpc/grpc-go/issues/8907">#8907</a>)</li>
<li><a
href="https://github.com/grpc/grpc-go/commit/8f47d364511c8eb0517b47e1a39f13a1370c6a10"><code>8f47d36</code></a>
attributes: Replace internal map with linked list (<a
href="https://redirect.github.com/grpc/grpc-go/issues/8933">#8933</a>)</li>
<li><a
href="https://github.com/grpc/grpc-go/commit/22e1ee8085952b4bdadf2928c187d665f6daff99"><code>22e1ee8</code></a>
xds: add panic recovery in xdsclient resource unmarshalling. (<a
href="https://redirect.github.com/grpc/grpc-go/issues/8895">#8895</a>)</li>
<li><a
href="https://github.com/grpc/grpc-go/commit/7136e99ee323c26984174eb3cec85c201fef9946"><code>7136e99</code></a>
credentials/alts: Pool write buffers (<a
href="https://redirect.github.com/grpc/grpc-go/issues/8919">#8919</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/grpc/grpc-go/compare/v1.72.1...v1.80.0">compare
view</a></li>
</ul>
</details>
<br />

Updates
`go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp` from
1.36.0 to 1.43.0
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md">go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp's
changelog</a>.</em></p>
<blockquote>
<h2>[1.43.0/0.65.0/0.19.0] 2026-04-02</h2>
<h3>Added</h3>
<ul>
<li>Add <code>IsRandom</code> and <code>WithRandom</code> on
<code>TraceFlags</code>, and <code>IsRandom</code> on
<code>SpanContext</code> in <code>go.opentelemetry.io/otel/trace</code>
for <a
href="https://www.w3.org/TR/trace-context-2/#random-trace-id-flag">W3C
Trace Context Level 2 Random Trace ID Flag</a> support. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8012">#8012</a>)</li>
<li>Add service detection with <code>WithService</code> in
<code>go.opentelemetry.io/otel/sdk/resource</code>. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7642">#7642</a>)</li>
<li>Add <code>DefaultWithContext</code> and
<code>EnvironmentWithContext</code> in
<code>go.opentelemetry.io/otel/sdk/resource</code> to support plumbing
<code>context.Context</code> through default and environment detectors.
(<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8051">#8051</a>)</li>
<li>Support attributes with empty value (<code>attribute.EMPTY</code>)
in
<code>go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc</code>.
(<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038">#8038</a>)</li>
<li>Support attributes with empty value (<code>attribute.EMPTY</code>)
in
<code>go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc</code>.
(<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038">#8038</a>)</li>
<li>Support attributes with empty value (<code>attribute.EMPTY</code>)
in
<code>go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc</code>.
(<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038">#8038</a>)</li>
<li>Support attributes with empty value (<code>attribute.EMPTY</code>)
in
<code>go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp</code>.
(<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038">#8038</a>)</li>
<li>Support attributes with empty value (<code>attribute.EMPTY</code>)
in
<code>go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp</code>.
(<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038">#8038</a>)</li>
<li>Support attributes with empty value (<code>attribute.EMPTY</code>)
in
<code>go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp</code>.
(<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038">#8038</a>)</li>
<li>Support attributes with empty value (<code>attribute.EMPTY</code>)
in
<code>go.opentelemetry.io/otel/sdk/metric/metricdata/metricdatatest</code>.
(<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038">#8038</a>)</li>
<li>Add support for per-series start time tracking for cumulative
metrics in <code>go.opentelemetry.io/otel/sdk/metric</code>.
Set <code>OTEL_GO_X_PER_SERIES_START_TIMESTAMPS=true</code> to enable.
(<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8060">#8060</a>)</li>
<li>Add <code>WithCardinalityLimitSelector</code> for metric reader for
configuring cardinality limits specific to the instrument kind. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7855">#7855</a>)</li>
</ul>
<h3>Changed</h3>
<ul>
<li>Introduce the <code>EMPTY</code> Type in
<code>go.opentelemetry.io/otel/attribute</code> to reflect that an empty
value is now a valid value, with <code>INVALID</code> remaining as a
deprecated alias of <code>EMPTY</code>. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038">#8038</a>)</li>
<li>Improve slice handling in
<code>go.opentelemetry.io/otel/attribute</code> to optimize short slice
values with fixed-size fast paths. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8039">#8039</a>)</li>
<li>Improve performance of span metric recording in
<code>go.opentelemetry.io/otel/sdk/trace</code> by returning early if
self-observability is not enabled. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8067">#8067</a>)</li>
<li>Improve formatting of metric data diffs in
<code>go.opentelemetry.io/otel/sdk/metric/metricdata/metricdatatest</code>.
(<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8073">#8073</a>)</li>
</ul>
<h3>Deprecated</h3>
<ul>
<li>Deprecate <code>INVALID</code> in
<code>go.opentelemetry.io/otel/attribute</code>. Use <code>EMPTY</code>
instead. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038">#8038</a>)</li>
</ul>
<h3>Fixed</h3>
<ul>
<li>Return spec-compliant <code>TraceIdRatioBased</code> description.
This is a breaking behavioral change, but it is necessary to
make the implementation <a
href="https://opentelemetry.io/docs/specs/otel/trace/sdk/#traceidratiobased">spec-compliant</a>.
(<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8027">#8027</a>)</li>
<li>Fix a race condition in
<code>go.opentelemetry.io/otel/sdk/metric</code> where the lastvalue
aggregation could collect the value 0 even when no zero-value
measurements were recorded. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8056">#8056</a>)</li>
<li>Limit HTTP response body to 4 MiB in
<code>go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp</code>
to mitigate excessive memory usage caused by a misconfigured or
malicious server.
Responses exceeding the limit are treated as non-retryable errors. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8108">#8108</a>)</li>
<li>Limit HTTP response body to 4 MiB in
<code>go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp</code>
to mitigate excessive memory usage caused by a misconfigured or
malicious server.
Responses exceeding the limit are treated as non-retryable errors. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8108">#8108</a>)</li>
<li>Limit HTTP response body to 4 MiB in
<code>go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp</code>
to mitigate excessive memory usage caused by a misconfigured or
malicious server.
Responses exceeding the limit are treated as non-retryable errors. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8108">#8108</a>)</li>
<li><code>WithHostID</code> detector in
<code>go.opentelemetry.io/otel/sdk/resource</code> to use full path for
<code>kenv</code> command on BSD. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8113">#8113</a>)</li>
<li>Fix missing <code>request.GetBody</code> in
<code>go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp</code>
to correctly handle HTTP2 GOAWAY frame. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8096">#8096</a>)</li>
</ul>
<h2>[1.42.0/0.64.0/0.18.0/0.0.16] 2026-03-06</h2>
<h3>Added</h3>
<ul>
<li>Add <code>go.opentelemetry.io/otel/semconv/v1.40.0</code> package.
The package contains semantic conventions from the <code>v1.40.0</code>
version of the OpenTelemetry Semantic Conventions.
See the <a
href="https://github.com/open-telemetry/opentelemetry-go/blob/main/semconv/v1.40.0/MIGRATION.md">migration
documentation</a> for information on how to upgrade from
<code>go.opentelemetry.io/otel/semconv/v1.39.0</code>. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7985">#7985</a>)</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/open-telemetry/opentelemetry-go/commit/9276201a64b623606e3eaa0d61ae8ee6d62756c0"><code>9276201</code></a>
Release v1.43.0 / v0.65.0 / v0.19.0 (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8128">#8128</a>)</li>
<li><a
href="https://github.com/open-telemetry/opentelemetry-go/commit/61b8c9466c4e6b17e69b622279fe9b63fb15c89a"><code>61b8c94</code></a>
chore(deps): update module github.com/mattn/go-runewidth to v0.0.22 (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8131">#8131</a>)</li>
<li><a
href="https://github.com/open-telemetry/opentelemetry-go/commit/97a086e82ffe01502f4c620e9c447efa229e2a23"><code>97a086e</code></a>
chore(deps): update github.com/golangci/dupl digest to c99c5cf (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8122">#8122</a>)</li>
<li><a
href="https://github.com/open-telemetry/opentelemetry-go/commit/5e363de517dba6db62736b2f5cdef0e0929b4cd0"><code>5e363de</code></a>
limit response body size for OTLP HTTP exporters (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8108">#8108</a>)</li>
<li><a
href="https://github.com/open-telemetry/opentelemetry-go/commit/35214b60138eac8dec97a2d2b851d8c8471680c7"><code>35214b6</code></a>
Use an absolute path when calling bsd kenv (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8113">#8113</a>)</li>
<li><a
href="https://github.com/open-telemetry/opentelemetry-go/commit/290024ceaf695f9cdbf29a0c6731a317d92bc361"><code>290024c</code></a>
fix(deps): update module google.golang.org/grpc to v1.80.0 (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8121">#8121</a>)</li>
<li><a
href="https://github.com/open-telemetry/opentelemetry-go/commit/e70658e098033d6bb5ec1b399de16bbb2642f6dc"><code>e70658e</code></a>
fix: support getBody in otelploghttp (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8096">#8096</a>)</li>
<li><a
href="https://github.com/open-telemetry/opentelemetry-go/commit/4afe468e3b4859c949a1c1e8d92684d43d86ef8a"><code>4afe468</code></a>
fix(deps): update googleapis to 9d38bb4 (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8117">#8117</a>)</li>
<li><a
href="https://github.com/open-telemetry/opentelemetry-go/commit/b9ca729776309e3c08fe700c131797a3b4d10634"><code>b9ca729</code></a>
chore(deps): update module github.com/go-git/go-git/v5 to v5.17.2 (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8115">#8115</a>)</li>
<li><a
href="https://github.com/open-telemetry/opentelemetry-go/commit/69472ec56cb7674d55ca2e2bcb04dea73228ab79"><code>69472ec</code></a>
chore(deps): update fossas/fossa-action action to v1.9.0 (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8118">#8118</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/open-telemetry/opentelemetry-go/compare/v1.36.0...v1.43.0">compare
view</a></li>
</ul>
</details>
<br />

Updates `go.opentelemetry.io/otel/sdk` from 1.36.0 to 1.43.0
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md">go.opentelemetry.io/otel/sdk's
changelog</a>.</em></p>
<blockquote>
<h2>[1.43.0/0.65.0/0.19.0] 2026-04-02</h2>
<h3>Added</h3>
<ul>
<li>Add <code>IsRandom</code> and <code>WithRandom</code> on
<code>TraceFlags</code>, and <code>IsRandom</code> on
<code>SpanContext</code> in <code>go.opentelemetry.io/otel/trace</code>
for <a
href="https://www.w3.org/TR/trace-context-2/#random-trace-id-flag">W3C
Trace Context Level 2 Random Trace ID Flag</a> support. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8012">#8012</a>)</li>
<li>Add service detection with <code>WithService</code> in
<code>go.opentelemetry.io/otel/sdk/resource</code>. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7642">#7642</a>)</li>
<li>Add <code>DefaultWithContext</code> and
<code>EnvironmentWithContext</code> in
<code>go.opentelemetry.io/otel/sdk/resource</code> to support plumbing
<code>context.Context</code> through default and environment detectors.
(<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8051">#8051</a>)</li>
<li>Support attributes with empty value (<code>attribute.EMPTY</code>)
in
<code>go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc</code>.
(<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038">#8038</a>)</li>
<li>Support attributes with empty value (<code>attribute.EMPTY</code>)
in
<code>go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc</code>.
(<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038">#8038</a>)</li>
<li>Support attributes with empty value (<code>attribute.EMPTY</code>)
in
<code>go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc</code>.
(<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038">#8038</a>)</li>
<li>Support attributes with empty value (<code>attribute.EMPTY</code>)
in
<code>go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp</code>.
(<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038">#8038</a>)</li>
<li>Support attributes with empty value (<code>attribute.EMPTY</code>)
in
<code>go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp</code>.
(<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038">#8038</a>)</li>
<li>Support attributes with empty value (<code>attribute.EMPTY</code>)
in
<code>go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp</code>.
(<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038">#8038</a>)</li>
<li>Support attributes with empty value (<code>attribute.EMPTY</code>)
in
<code>go.opentelemetry.io/otel/sdk/metric/metricdata/metricdatatest</code>.
(<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038">#8038</a>)</li>
<li>Add support for per-series start time tracking for cumulative
metrics in <code>go.opentelemetry.io/otel/sdk/metric</code>.
Set <code>OTEL_GO_X_PER_SERIES_START_TIMESTAMPS=true</code> to enable.
(<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8060">#8060</a>)</li>
<li>Add <code>WithCardinalityLimitSelector</code> for metric reader for
configuring cardinality limits specific to the instrument kind. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7855">#7855</a>)</li>
</ul>
<h3>Changed</h3>
<ul>
<li>Introduce the <code>EMPTY</code> Type in
<code>go.opentelemetry.io/otel/attribute</code> to reflect that an empty
value is now a valid value, with <code>INVALID</code> remaining as a
deprecated alias of <code>EMPTY</code>. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038">#8038</a>)</li>
<li>Improve slice handling in
<code>go.opentelemetry.io/otel/attribute</code> to optimize short slice
values with fixed-size fast paths. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8039">#8039</a>)</li>
<li>Improve performance of span metric recording in
<code>go.opentelemetry.io/otel/sdk/trace</code> by returning early if
self-observability is not enabled. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8067">#8067</a>)</li>
<li>Improve formatting of metric data diffs in
<code>go.opentelemetry.io/otel/sdk/metric/metricdata/metricdatatest</code>.
(<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8073">#8073</a>)</li>
</ul>
<h3>Deprecated</h3>
<ul>
<li>Deprecate <code>INVALID</code> in
<code>go.opentelemetry.io/otel/attribute</code>. Use <code>EMPTY</code>
instead. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038">#8038</a>)</li>
</ul>
<h3>Fixed</h3>
<ul>
<li>Return spec-compliant <code>TraceIdRatioBased</code> description.
This is a breaking behavioral change, but it is necessary to
make the implementation <a
href="https://opentelemetry.io/docs/specs/otel/trace/sdk/#traceidratiobased">spec-compliant</a>.
(<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8027">#8027</a>)</li>
<li>Fix a race condition in
<code>go.opentelemetry.io/otel/sdk/metric</code> where the lastvalue
aggregation could collect the value 0 even when no zero-value
measurements were recorded. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8056">#8056</a>)</li>
<li>Limit HTTP response body to 4 MiB in
<code>go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp</code>
to mitigate excessive memory usage caused by a misconfigured or
malicious server.
Responses exceeding the limit are treated as non-retryable errors. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8108">#8108</a>)</li>
<li>Limit HTTP response body to 4 MiB in
<code>go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp</code>
to mitigate excessive memory usage caused by a misconfigured or
malicious server.
Responses exceeding the limit are treated as non-retryable errors. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8108">#8108</a>)</li>
<li>Limit HTTP response body to 4 MiB in
<code>go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp</code>
to mitigate excessive memory usage caused by a misconfigured or
malicious server.
Responses exceeding the limit are treated as non-retryable errors. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8108">#8108</a>)</li>
<li><code>WithHostID</code> detector in
<code>go.opentelemetry.io/otel/sdk/resource</code> to use full path for
<code>kenv</code> command on BSD. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8113">#8113</a>)</li>
<li>Fix missing <code>request.GetBody</code> in
<code>go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp</code>
to correctly handle HTTP2 GOAWAY frame. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8096">#8096</a>)</li>
</ul>
<h2>[1.42.0/0.64.0/0.18.0/0.0.16] 2026-03-06</h2>
<h3>Added</h3>
<ul>
<li>Add <code>go.opentelemetry.io/otel/semconv/v1.40.0</code> package.
The package contains semantic conventions from the <code>v1.40.0</code>
version of the OpenTelemetry Semantic Conventions.
See the <a
href="https://github.com/open-telemetry/opentelemetry-go/blob/main/semconv/v1.40.0/MIGRATION.md">migration
documentation</a> for information on how to upgrade from
<code>go.opentelemetry.io/otel/semconv/v1.39.0</code>. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7985">#7985</a>)</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/open-telemetry/opentelemetry-go/commit/9276201a64b623606e3eaa0d61ae8ee6d62756c0"><code>9276201</code></a>
Release v1.43.0 / v0.65.0 / v0.19.0 (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8128">#8128</a>)</li>
<li><a
href="https://github.com/open-telemetry/opentelemetry-go/commit/61b8c9466c4e6b17e69b622279fe9b63fb15c89a"><code>61b8c94</code></a>
chore(deps): update module github.com/mattn/go-runewidth to v0.0.22 (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8131">#8131</a>)</li>
<li><a
href="https://github.com/open-telemetry/opentelemetry-go/commit/97a086e82ffe01502f4c620e9c447efa229e2a23"><code>97a086e</code></a>
chore(deps): update github.com/golangci/dupl digest to c99c5cf (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8122">#8122</a>)</li>
<li><a
href="https://github.com/open-telemetry/opentelemetry-go/commit/5e363de517dba6db62736b2f5cdef0e0929b4cd0"><code>5e363de</code></a>
limit response body size for OTLP HTTP exporters (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8108">#8108</a>)</li>
<li><a
href="https://github.com/open-telemetry/opentelemetry-go/commit/35214b60138eac8dec97a2d2b851d8c8471680c7"><code>35214b6</code></a>
Use an absolute path when calling bsd kenv (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8113">#8113</a>)</li>
<li><a
href="https://github.com/open-telemetry/opentelemetry-go/commit/290024ceaf695f9cdbf29a0c6731a317d92bc361"><code>290024c</code></a>
fix(deps): update module google.golang.org/grpc to v1.80.0 (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8121">#8121</a>)</li>
<li><a
href="https://github.com/open-telemetry/opentelemetry-go/commit/e70658e098033d6bb5ec1b399de16bbb2642f6dc"><code>e70658e</code></a>
fix: support getBody in otelploghttp (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8096">#8096</a>)</li>
<li><a
href="https://github.com/open-telemetry/opentelemetry-go/commit/4afe468e3b4859c949a1c1e8d92684d43d86ef8a"><code>4afe468</code></a>
fix(deps): update googleapis to 9d38bb4 (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8117">#8117</a>)</li>
<li><a
href="https://github.com/open-telemetry/opentelemetry-go/commit/b9ca729776309e3c08fe700c131797a3b4d10634"><code>b9ca729</code></a>
chore(deps): update module github.com/go-git/go-git/v5 to v5.17.2 (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8115">#8115</a>)</li>
<li><a
href="https://github.com/open-telemetry/opentelemetry-go/commit/69472ec56cb7674d55ca2e2bcb04dea73228ab79"><code>69472ec</code></a>
chore(deps): update fossas/fossa-action action to v1.9.0 (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8118">#8118</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/open-telemetry/opentelemetry-go/compare/v1.36.0...v1.43.0">compare
view</a></li>
</ul>
</details>
<br />

Updates `golang.org/x/crypto` from 0.40.0 to 0.49.0
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/golang/crypto/commit/982eaa62dfb7273603b97fc1835561450096f3bd"><code>982eaa6</code></a>
go.mod: update golang.org/x dependencies</li>
<li><a
href="https://github.com/golang/crypto/commit/159944f128e9b3fdeb5a5b9b102a961904601a87"><code>159944f</code></a>
ssh,acme: clean up tautological/impossible nil conditions</li>
<li><a
href="https://github.com/golang/crypto/commit/a408498e55412f2ae2a058336f78889fb1ba6115"><code>a408498</code></a>
acme: only require prompt if server has terms of service</li>
<li><a
href="https://github.com/golang/crypto/commit/cab0f718548e8a858701b7b48161f44748532f58"><code>cab0f71</code></a>
all: upgrade go directive to at least 1.25.0 [generated]</li>
<li><a
href="https://github.com/golang/crypto/commit/2f26647a795e74e712b3aebc2655bca60b2686f9"><code>2f26647</code></a>
x509roots/fallback: update bundle</li>
<li><a
href="https://github.com/golang/crypto/commit/e08b06753d6a72f1fe375b6e0fefefb39917c165"><code>e08b067</code></a>
go.mod: update golang.org/x dependencies</li>
<li><a
href="https://github.com/golang/crypto/commit/7d0074ccc6f17acbf2ebb10db06d492e08f887dc"><code>7d0074c</code></a>
scrypt: fix panic on parameters &lt;= 0</li>
<li><a
href="https://github.com/golang/crypto/commit/506e022208b864bc3c9c4a416fe56be75d10ad24"><code>506e022</code></a>
go.mod: update golang.org/x dependencies</li>
<li><a
href="https://github.com/golang/crypto/commit/7dacc380ba001e8fe7c3c7a46bf3cbdaa5064df9"><code>7dacc38</code></a>
chacha20poly1305: error out in fips140=only mode</li>
<li><a
href="https://github.com/golang/crypto/commit/19acf81bd7bc7b558d18a550e8e023df2c33e742"><code>19acf81</code></a>
go.mod: update golang.org/x dependencies</li>
<li>Additional commits viewable in <a
href="https://github.com/golang/crypto/compare/v0.40.0...v0.49.0">compare
view</a></li>
</ul>
</details>
<br />

Updates `google.golang.org/grpc` from 1.72.1 to 1.80.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/grpc/grpc-go/releases">google.golang.org/grpc's
releases</a>.</em></p>
<blockquote>
<h2>Release 1.80.0</h2>
<h1>Behavior Changes</h1>
<ul>
<li>balancer: log a warning if a balancer is registered with uppercase
letters, as balancer names should be lowercase. In a future release,
balancer names will be treated as case-insensitive; see <a
href="https://redirect.github.com/grpc/grpc-go/issues/5288">#5288</a>
for details. (<a
href="https://redirect.github.com/grpc/grpc-go/issues/8837">#8837</a>)</li>
<li>xds: update resource error handling and re-resolution logic (<a
href="https://redirect.github.com/grpc/grpc-go/issues/8907">#8907</a>)
<ul>
<li>Re-resolve all <code>LOGICAL_DNS</code> clusters simultaneously when
re-resolution is requested.</li>
<li>Fail all in-flight RPCs immediately upon receipt of listener or
route resource errors, instead of allowing them to complete.</li>
</ul>
</li>
</ul>
<h1>Bug Fixes</h1>
<ul>
<li>xds: support the LB policy configured in <code>LOGICAL_DNS</code>
cluster resources instead of defaulting to <code>pick_first</code>. (<a
href="https://redirect.github.com/grpc/grpc-go/issues/8733">#8733</a>)</li>
<li>credentials/tls: perform per-RPC authority validation against the
leaf certificate instead of the entire peer certificate chain. (<a
href="https://redirect.github.com/grpc/grpc-go/issues/8831">#8831</a>)</li>
<li>xds: enabling A76 ring hash endpoint keys no longer causes EDS
resources with invalid proxy metadata to be NACKed when HTTP CONNECT
(gRFC A86) is disabled. (<a
href="https://redirect.github.com/grpc/grpc-go/issues/8875">#8875</a>)</li>
<li>xds: validate that the sum of endpoint weights in a locality does
not exceed the maximum <code>uint32</code> value. (<a
href="https://redirect.github.com/grpc/grpc-go/issues/8899">#8899</a>)
<ul>
<li>Special Thanks: <a
href="https://github.com/RAVEYUS"><code>@​RAVEYUS</code></a></li>
</ul>
</li>
<li>xds: fix incorrect proto field access in the weighted round robin
(WRR) configuration where <code>blackout_period</code> was used instead
of <code>weight_expiration_period</code>. (<a
href="https://redirect.github.com/grpc/grpc-go/issues/8915">#8915</a>)
<ul>
<li>Special Thanks: <a
href="https://github.com/gregbarasch"><code>@​gregbarasch</code></a></li>
</ul>
</li>
<li>xds/rbac: handle addresses with ports in IP matchers. (<a
href="https://redirect.github.com/grpc/grpc-go/issues/8990">#8990</a>)</li>
</ul>
<h1>New Features</h1>
<ul>
<li>ringhash: enable gRFC A76 (endpoint hash keys and request hash
headers) by default. (<a
href="https://redirect.github.com/grpc/grpc-go/issues/8922">#8922</a>)</li>
</ul>
<h1>Performance Improvements</h1>
<ul>
<li>credentials/alts: pool write buffers to reduce memory allocations
and usage. (<a
href="https://redirect.github.com/grpc/grpc-go/issues/8919">#8919</a>)</li>
<li>grpc: enable the use of pooled write buffers for buffering HTTP/2
frame writes by default. This reduces memory usage when connections are
idle. Use the <a
href="https://pkg.go.dev/google.golang.org/grpc#WithSharedWriteBuffer">WithSharedWriteBuffer</a>
dial option or the <a
href="https://pkg.go.dev/google.golang.org/grpc#SharedWriteBuffer">SharedWriteBuffer</a>
server option to disable this feature. (<a
href="https://redirect.github.com/grpc/grpc-go/issues/8957">#8957</a>)</li>
<li>xds/priority: stop caching child LB policies removed from the
configuration. This will help reduce memory and cpu usage when
localities are constantly switching between priorities. (<a
href="https://redirect.github.com/grpc/grpc-go/issues/8997">#8997</a>)</li>
<li>mem: add a faster tiered buffer pool; use the experimental <a
href="https://pkg.go.dev/google.golang.org/grpc/mem@master#NewBinaryTieredBufferPool">mem.NewBinaryTieredBufferPool</a>
function to create such pools. (<a
href="https://redirect.github.com/grpc/grpc-go/issues/8775">#8775</a>)</li>
</ul>
<h2>Release 1.79.3</h2>
<h1>Security</h1>
<ul>
<li>server: fix an authorization bypass where malformed :path headers
(missing the leading slash) could bypass path-based restricted
&quot;deny&quot; rules in interceptors like <code>grpc/authz</code>. Any
request with a non-canonical path is now immediately rejected with an
<code>Unimplemented</code> error. (<a
href="https://redirect.github.com/grpc/grpc-go/issues/8981">#8981</a>)</li>
</ul>
<h2>Release 1.79.2</h2>
<h1>Bug Fixes</h1>
<ul>
<li>stats: Prevent redundant error logging in health/ORCA producers by
skipping stats/tracing processing when no stats handler is configured.
(<a
href="https://redirect.github.com/grpc/grpc-go/pull/8874">grpc/grpc-go#8874</a>)</li>
</ul>
<h2>Release 1.79.1</h2>
<h1>Bug Fixes</h1>
<ul>
<li>grpc: Remove the <code>-dev</code> suffix from the User-Agent
header. (<a
href="https://redirect.github.com/grpc/grpc-go/pull/8902">grpc/grpc-go#8902</a>)</li>
</ul>
<h2>Release 1.79.0</h2>
<h1>API Changes</h1>
<ul>
<li>mem: Add experimental API <code>SetDefaultBufferPool</code> to
change the default buffer pool. (<a
href="https://redirect.github.com/grpc/grpc-go/issues/8806">#8806</a>)
<ul>
<li>Special Thanks: <a
href="https://github.com/vanja-p"><code>@​vanja-p</code></a></li>
</ul>
</li>
<li>experimental/stats: Update <code>MetricsRecorder</code> to require
embedding the new <code>UnimplementedMetricsRecorder</code> (a no-op
struct) in all implementations for forward compatibility. (<a
href="https://redirect.github.com/grpc/grpc-go/issues/8780">#8780</a>)</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/grpc/grpc-go/commit/397e45edaa68f8763773bbaaf539cf7894169cd2"><code>397e45e</code></a>
Change version to 1.80.0 (<a
href="https://redirect.github.com/grpc/grpc-go/issues/8948">#8948</a>)</li>
<li><a
href="https://github.com/grpc/grpc-go/commit/64ebf0a600005838970e6ba1eb0a9e46e528ed73"><code>64ebf0a</code></a>
Cherry-pick <a
href="https://redirect.github.com/grpc/grpc-go/issues/8997">#8997</a> to
v1.80.x (<a
href="https://redirect.github.com/grpc/grpc-go/issues/9027">#9027</a>)</li>
<li><a
href="https://github.com/grpc/grpc-go/commit/e45ed241865981b6973cdd0dd69571456d570282"><code>e45ed24</code></a>
xds/rbac: add additional handling for addresses with ports (<a
href="https://redirect.github.com/grpc/grpc-go/issues/8990">#8990</a>)
(<a
href="https://redirect.github.com/grpc/grpc-go/issues/9022">#9022</a>)</li>
<li><a
href="https://github.com/grpc/grpc-go/commit/c78d26e03e129f5cb357b757037fcded2333b74e"><code>c78d26e</code></a>
Cherry-pick <a
href="https://redirect.github.com/grpc/grpc-go/issues/8957">#8957</a> to
v1.80.x (<a
href="https://redirect.github.com/grpc/grpc-go/issues/9007">#9007</a>)</li>
<li><a
href="https://github.com/grpc/grpc-go/commit/bd7cd3c1abbd27fb751275a58886444d52103482"><code>bd7cd3c</code></a>
grpc: enforce strict path checking for incoming requests on the server
(<a
href="https://redirect.github.com/grpc/grpc-go/issues/8987">#8987</a>)</li>
<li><a
href="https://github.com/grpc/grpc-go/commit/b6597b3d328c1ed6b003f9a23b942af7148352ca"><code>b6597b3</code></a>
xds/clusterimpl: use xdsConfig for updates and remove redundant fields
from L...</li>
<li><a
href="https://github.com/grpc/grpc-go/commit/1d4fa8a7b772553e82137b059ad4a8f632a1c522"><code>1d4fa8a</code></a>
xds: change cdsbalancer to use update from dependency manager (<a
href="https://redirect.github.com/grpc/grpc-go/issues/8907">#8907</a>)</li>
<li><a
href="https://github.com/grpc/grpc-go/commit/8f47d364511c8eb0517b47e1a39f13a1370c6a10"><code>8f47d36</code></a>
attributes: Replace internal map with linked list (<a
href="https://redirect.github.com/grpc/grpc-go/issues/8933">#8933</a>)</li>
<li><a
href="https://github.com/grpc/grpc-go/commit/22e1ee8085952b4bdadf2928c187d665f6daff99"><code>22e1ee8</code></a>
xds: add panic recovery in xdsclient resource unmarshalling. (<a
href="https://redirect.github.com/grpc/grpc-go/issues/8895">#8895</a>)</li>
<li><a
href="https://github.com/grpc/grpc-go/commit/7136e99ee323c26984174eb3cec85c201fef9946"><code>7136e99</code></a>
credentials/alts: Pool write buffers (<a
href="https://redirect.github.com/grpc/grpc-go/issues/8919">#8919</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/grpc/grpc-go/compare/v1.72.1...v1.80.0">compare
view</a></li>
</ul>
</details>
<br />

Updates
`go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp` from
1.36.0 to 1.43.0
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md">go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp's
chan…
…nolang#5672)

NotAborts was incorrectly delegating to uassert.NotPanics, which catches
both same-realm panics and cross-realm aborts. Match the function name
and docstring by delegating to uassert.NotAborts, which only catches
cross-realm aborts via revive().
…5350)

fix gnolang#5347

Display per-realm storage byte diffs in filetest output and in unit test
--print-runtime-metrics output. Storage is only shown when there are
non-zero diffs (i.e., realm state changed).

Example:
```
 --- PASS: ./x_filetest.gno (elapsed: 0.00s, gas: 64733, storage: gno.land/r/xx:+5b)
```

---------

Co-authored-by: Morgan <morgan@morganbaz.com>
…tdlib (gnolang#5385)

Adds `errors.Unwrap`, `errors.Is`, and `errors.Join` to the Gno stdlib
and switches `uassert` to use `errors.Is`. fix gnolang#486

Depends on gnolang#5713: a regression test in `wrap_test.gno` locks in correct
`Is` behaviour for uncomparable types, which only holds once gnolang#5713 makes
the VM panic on comparing uncomparable types.\
Adds owner and token-existence validation to grc721 `SetTokenMetadata`,
mirroring `SetTokenRoyalty`: it now returns `ErrInvalidTokenId` for
unknown tokens and `ErrCallerIsNotOwner` when the caller is not the
owner, taking the caller as an explicit first arg like the other
mutating methods.

Depends on gnolang#5385. The test asserts these via `uassert.ErrorIs`, which
only checks the error once gnolang#5385 switches `uassert` to `errors.Is`, so
this is stacked on that branch: review the final commit, and the diff
reduces to the grc721 change once gnolang#5385 merges.
…gnoweb/frontend in the npm_and_yarn group across 1 directory (gnolang#5823)
…e panic (gnolang#5738)

## Summary

Indexing an array (or pointer-to-array) past its length raised a native
Go `runtime error: index out of range`, which escaped as a host panic
and could not be caught by a deferred `recover()` — unlike slice/string
OOB (see `recover14`).

`ArrayValue.GetPointerAtIndexInt2` now bounds-checks `ii` on both the
`Data == nil` and `Data != nil` branches and panics with a Gno
`&Exception{...}`. Placed at the value layer because it's the
convergence point for every array-access path (direct index,
slice-over-array, pointer rebind, convenience helper) — matching where
the slice/string/map checks already live.

## Test plan

- [x] New filetest `gnovm/tests/files/recover25.gno`
- [x] `go test ./gnovm/pkg/gnolang/ -run Files -test.short`
Alternative to gnolang#5543
Fix action item `post-deploy success message with realm URL`:
gnolang#5460

**Note:** This only print the PKGPATH of the deployed package, not the
exact Gnoweb URL. Doing so require updating the dependence of a low
level production tool for a developer feature.
This new feature is especially useful when doing air-gap transaction.

References:
gnolang#5584 (comment),
gnolang#5543 (review)

---------

Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
## Problem

`make(map[K]V, n)` routed the size hint through `Allocator.NewMap` →
`AllocateMap`, which charged `allocMap + allocMapItem*n` up front. Two
problems:

- **Double-charged gas.** The per-item cost (`allocMapItem`) is *also*
charged on every actual insertion via `AllocateMapItem`. A hinted map
that gets filled pays `allocMap + 2*allocMapItem*n` — the up-front
charge is for `MapListItem`s that don't exist yet and get charged again
when inserted.
- **Overflow panic.** A hint large enough that `allocMap +
allocMapItem*n` overflows int64 panicked with the internal `"addition
overflow"` / `"multiplication overflow"` instead of behaving gracefully.

The hint is also never persisted: on state recovery the map is rebuilt
from its actual item count (`realm.go`: `make(map[MapKey]*MapListItem,
cv.List.Size)`), so any preallocation benefit is ephemeral anyway.

## Fix

Ignore the size hint entirely. The map is created empty and grows on
insertion, with each item charged once (via `AllocateMapItem`). This
drops the `items` / `size` / `c` parameters from `AllocateMap` /
`NewMap` / `MakeMap` and stops the `make(map, …)` builtin from reading
the hint.

Doing it end-to-end removes the double-charge, the overflow, and a third
hazard in one stroke: had we only zeroed the gas charge but kept passing
the hint to Go's `make`, a large hint (e.g. `make(map, 10e9)`) would
trigger a Go-level bucket preallocation of hundreds of GB with no gas
charged.

Alternative to gnolang#5770, which clamped only the int64-overflow corner while
leaving the double-charge and the per-hint accounting in place.

### Note on Go semantics

This deliberately **diverges** from Go. Go's `makemap` *honors* the hint
by preallocating buckets for any in-range hint (it only forces a 0 hint
when the hint is negative or large enough to overflow its size math).
GnoVM forgoes that optimization because the hint isn't persisted and
can't be charged for cheaply. The only behavior that matches Go is the
edge contract: a bad map hint never panics (unlike `make([]T, n)`).

## Gas impact

`make(map, n)` with `n > 0` now costs less gas (header up front, items
on insertion). Maps with no hint or hint `0` — including all map
literals, the overwhelmingly common case — are unaffected (old charge
was `allocMap + allocMapItem*0 = allocMap`, identical to the new
charge). The change only ever lowers map cost, so no transaction that
previously fit its gas will now exceed it.

## Changes

Core:
- `alloc.go` — `AllocateMap()` charges only the map header; `NewMap(t
Type)` drops the `size` param.
- `values.go` — `MakeMap()` no longer takes a capacity hint.
- `uverse.go` — `make(map, …)` builtin merges `case 0` / `case 1` and
ignores the hint (its expression is still evaluated upstream, so no side
effects are lost).
- `op_expressions.go` — map-literal construction updated to the new
`NewMap` signature.

Tests:
- `alloc_test.go` — new `TestNewMapChargesHeaderOnly` pins the
header-only charge plus the per-item insertion charge.
- `gnovm/tests/files/make19.gno` — new filetest: negative and MaxInt
hints don't panic and the map stays usable.
- `bench_ops_test.go`, `bench_gc_test.go` — benchmark `MakeMap` call
sites updated to the new signature.

## Verification

- `go test ./gno.land/pkg/sdk/vm/ -run Gas` — pass (no gas golden
updates needed)
- `go test ./gno.land/pkg/integration/ -run TestTestdata` — pass
- `go test ./gnovm/pkg/gnolang/ -run Files -short` — map filetests pass
…me (gnolang#5829)

follow up gnolang#5723.

- Oversized fixed-size arrays (`[N]T`, `[N]T{...}`, `[...]T{idx: v}`)
only failed at runtime as a recoverable allocation panic; now rejected
at preprocess time like Go (`larger than address space`), via a shared
`checkArrayLenFits` mirroring the allocator overflow threshold (go/types
misses it — it is a gc-backend check).
- `[...]T` ellipsis keys: a `MaxInt64` key (length `k+1` overflows
int64) is rejected as an out-of-bounds index matching Go; larger keys
(`bigint overflows target kind`) and negative keys are already caught
upstream at key conversion.
- The byte-vs-`TypedValue` per-element size now comes from a shared
`arrayItemAllocSize` in `alloc.go`, co-located with the allocator
dispatch it mirrors so the preprocess check cannot drift.
- Tests: filetests make20–25 (each array form plus the key-boundary
regimes) and a `TestCheckArrayLenFits` unit test; verified with `Files
-test.short`, Gas, and integration testdata suites.

---------

Co-authored-by: Morgan <morgan@morganbaz.com>
…g#5438)

The greatest gas cost in gno.land is disk IO, and the iavl tree in
particular. The B+32 tree is a drop-in replacement for the IAVL tree
with comparatively short Merkle proofs with drastically less disk
reads/writes.

------

Implements tm2/pkg/bptree, a versioned persistent B+ tree with branching
factor 32, as a complete alternative to tm2/pkg/iavl for blockchain
state storage. Includes a
tm2/pkg/store/bptree CommitStore wrapper that satisfies the same
interfaces as the IAVL store.

The core motivation: IAVL's binary tree has ~28 levels for 100M items,
meaning 28 disk reads per GET and 28 COW'd node writes per SET. The B+32
tree has ~6 levels for the
  same data — ~4x fewer disk operations per mutation.

  Key design choices

- B=32 branching factor — 6 levels for 100M items, all inner nodes fit
in a 43MB cache
- Out-of-line values — leaves store key + SHA256(value), values stored
separately by content hash
- Mini merkle per node — binary merkle over 32 slots with RFC 6962
domain separation (0x00/0x01/0x02), maps cleanly to ICS23 InnerOp chain
- Sentinel short-circuit — empty subtrees at all depths hash to the same
sentinel, enabling ICS23 EmptyChild for non-membership proofs
- No leaf sibling pointers — stack-based iteration avoids COW cascade on
splits
- 90/10 split for sequential keys (leaves stay ~97% full vs 50% with
naive splits)
- Lazy node loading — LoadVersion loads only the root; children loaded
on demand via sync.Mutex-guarded getChild
- Dual-tree-walk pruning — no orphan index; compares child hash sets
between adjacent versions

  Disk I/O comparison (100M items, 10K node cache)

  ┌───────────────┬──────┬──────┬───────────┐
  │   Operation   │ B+32 │ IAVL │ IAVL+fast │
  ├───────────────┼──────┼──────┼───────────┤
  │ GET reads     │ 3    │ 15   │ 1         │
  ├───────────────┼──────┼──────┼───────────┤
  │ SET reads     │ 2    │ 15   │ 15        │
  ├───────────────┼──────┼──────┼───────────┤
  │ SET writes    │ 7    │ 28   │ 29        │
  ├───────────────┼──────┼──────┼───────────┤
  │ SET total ops │ 9    │ 43   │ 44        │
  └───────────────┴──────┴──────┴───────────┘

Full analysis in PERFORMANCE.md covering cold/warm cache, batched
workloads, and bytes-per-SET tradeoffs.

  Files

  - tm2/pkg/bptree/ — 25 source files, 318 tests
- tm2/pkg/store/bptree/ — CommitStore wrapper with Query, Iterator,
proof integration
- tm2/pkg/store/rootmulti/proof.go — registers BptreeCommitmentOpDecoder
alongside IAVL

  Test plan

- go test ./tm2/pkg/bptree/ ./tm2/pkg/store/bptree/ -race — 318 tests,
zero races
  - Verify IAVL tests still pass: go test ./tm2/pkg/iavl/
  - Verify store tests still pass: go test ./tm2/pkg/store/...
  - Review PLAN.md for resolved design questions
  - Review PERFORMANCE.md for methodology and assumptions

---------

Co-authored-by: ltzMaxwell <ltz.maxwell@gmail.com>
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
Co-authored-by: clockwork <alex@clockwork.gr>
Co-authored-by: Lee ByeongJun <lbj199874@gmail.com>
…olang#5767)

## Summary

Revert the chain-side validator-set trust-level and cooldown limits
introduced by gnolang#4834.

- remove the trust-level overlap check from `r/sys/validators/v3`
proposal execution
- remove the 24-hour cooldown checks and their governance setters
- remove the dedicated limit tests and cooldown-disable setup from
integration scenarios
- preserve later validator safeguards such as operator deduplication,
KeepRunning enforcement, signing-key re-resolution, and empty-set
rejection
- add a regression test proving that a full validator-set replacement is
allowed

## Why

The previous implementation applied a Tendermint light-client
trust-level rule at the chain governance layer. That rule belongs to
light-client verification for non-adjacent headers. For adjacent
headers, CometBFT verifies the committed next-validator hash without
applying the overlap threshold. If a skipped update cannot be verified
directly, a relayer can submit intermediate headers until verification
reaches adjacent heights.

The 24-hour cooldown is also not required by the IBC or CometBFT
specifications. In particular, it would prevent future AtomOne
Interchain Security (ICS) provider-validator-set mirroring from applying
updates to gno.land when AtomOne changes its validator set without a
matching cooldown constraint. This is separate from IBC light-client
verification.

The rationale is documented in
`gno.land/adr/pr5767_revert_valset_trust_level_cooldown.md`.

## Validation

- `go run ./gnovm/cmd/gno fmt -w
examples/gno.land/r/sys/validators/v3/proposal.gno
examples/gno.land/r/sys/validators/v3/proposal_test.gno`
- `go run ./gnovm/cmd/gno test -C examples/gno.land/r/sys/validators/v3
. -v`
- `go test ./gno.land/pkg/integration -run
'TestTestdata/(params_valset_proposal_e2e|params_valset_proposal_power_update|params_valset_proposal_remove|params_valset_keeprunning_optout_bypass)$'
-count=1 -v`
- `bash -n
misc/val-scenarios/scenarios/18_govdao_v3_add_remove_validator.sh`
- `git show --check --stat --oneline HEAD`

## AI-assisted contribution

This PR was prepared with an AI coding agent. The responsible human
owner is @omarsy.

Co-authored-by: Thomas <thomas.bruyelle@tendermint.com>
Following account session support in gnokey, this PR adds support in
gnoclient.

* Add `QuerySessionAccount` (similar to `QueryAccount`)
* Add `CreateSession`, `RevokeSession` and `RevokeAllSessions`
* In the `Signer` interface, add `GetMaster()`. If provided, use it to
query the session account for account and sequence numbers, and to set
`SessionAddr` in the signature
* The `Sign` method of the `Signer` interface finds the signature to
update by scanning the list from `tx.GetSigners()` . Update it to search
for the master address if provided. This works because we only expect
one signature associated with the master address due to the limitations
described in issue gnolang#5731 and demonstrated in PR gnolang#5793
* We set the signature `SessionAddr` in `SignTx`, not lower down in the
`Sign` method. We do this because gnokey [sets the
`SessionAddr`](https://github.com/gnolang/gno/blob/16b40ab598b6f43d55d7ea0b25b7386b9f1625b1/tm2/pkg/crypto/keys/client/maketx.go#L260-L262)
in `SignAndBroadcastHandler` (not lower down in `generateSignature`).
Also, this approach keeps the `Sign` method simpler in each of the
implementations of this interface.

---------

Signed-off-by: Jeff Thompson <jeff@thefirst.org>
Co-authored-by: moul <94029+moul@users.noreply.github.com>
- marking assisted work as agent activity dilutes the owner's
responsibility onto the tool and undersells the review that happened
- the marker is for unattended activity; on reviewed work it's just
noise
…ent + listener endpoints (gnolang#5717)

Co-authored-by: jaekwon <jae@tendermint.com>
Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Co-authored-by: Antoine Eddi <5222525+aeddi@users.noreply.github.com>
Co-authored-by: Thomas Bruyelle <thomas.bruyelle@tendermint.com>
This adds a test for the problem in issue
gnolang#5731 . Please see the detailed
description of each test function. `TestTwoSessionSignaturesTwoMasters`
passes because it is the nominal case with two session account
signatures with different master accounts. But the other tests fail
because they show the edge cases which aren't handled.

This PR also updates test helper functions to help with creating
multiple master and sub accounts:
* Factor out new function `setupSessionFromEnv` from `setupSessionEnv`
* Factor out new function `NewSessionTestSignature` from
`NewSessionTestTx`

---------

Signed-off-by: Jeff Thompson <jeff@thefirst.org>
Co-authored-by: David <60177543+davd-gzl@users.noreply.github.com>
Co-authored-by: Morgan Bazalgette <morgan@morganbaz.com>
jefft0 and others added 11 commits June 19, 2026 23:05
The code base has [Example gno test
files](https://github.com/gnolang/gno/blob/b997675dc6cf87584ec12fa020ffb7819859027e/gnovm/stdlibs/encoding/base32/example_test.gno#L15-L21),
but the expected `Output` is currently ignored. This PR adds support to
check the expected output.

* Add file `util_go2gno.go` with `exampleOutput` (adapted from golang/go
code) to extract the expected Output comment
* We need to collect the expected Output comment from the test function.
In `Go2Gno`, when processing a `FuncDecl` and the function name has
prefix "Example", call `exampleOutput` and set the new attributes
`ATTR_EXAMPLE_OUTPUT` and `ATTR_OUTPUT_UNORDERED`
* Since `exampleOutput` needs the file comments, add param
`fileComments` to `Go2Gno` which can be nil. (Note that `Go2Gno`
recursively calls itself, so need to add this param throughout the
function.)
* In package `test`, add the helper function `loadExampleTestFuncs`,
similar to `loadTestFuncs`
* In `testing.gno` add `RunExampleTest` which recovers a panic and
prints the stack trace.
* In `runTestFiles`, call `loadExampleTestFuncs` in a loop similar to
the loop which runs ordinary test functions. Use `opts.outWriter.tee` to
capture the output. Run the test with the `RunExampleTest` wrapper. Add
file `util_example.go` with `processExampleResult` (adapted from the
golang/go code) which prints the error if the Output doesn't match
* Now that we check the expected Output in the many Example test files,
we need to update `‎gnovm/stdlibs/math/rand/example_test.gno` to imitate
the golang `tabwriter` to get the expected output
* Thanks to @davd-gzl, add `example_test_panic_recovery.txtar`
* As a limited demonstration, we convert the simple filetests in
`‎gno.land/r/demo/releases_example` and the complex `zsolitaire_test`
into example tests.

---------

Signed-off-by: Jeff Thompson <jeff@thefirst.org>
Co-authored-by: David <60177543+davd-gzl@users.noreply.github.com>
Co-authored-by: moul <94029+moul@users.noreply.github.com>
Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
Co-authored-by: 6h057 <15034695+omarsy@users.noreply.github.com>
Co-authored-by: Morgan Bazalgette <morgan@morganbaz.com>
… consensus pubkey (gnolang#5842)

Signed-off-by: D4ryl00 <d4ryl00@gmail.com>
…Testdata leak (gnolang#5839)

## Problem

`TestTestdata` boots an in-memory node per txtar script. `NodesManager`
— created once for the whole suite — keeps every node in a map, but the
per-script teardown only stops nodes; it never removes them (`Delete`
runs solely on an explicit `gnoland stop`, which most scripts don't
issue). Each retained node pins its ~50 MB GnoVM store/stdlib cache, so
live heap grows ~50–60 MB/script, reaching ~12 GiB and OOM-killing
high-core/low-RAM runs.

## Fix

`Delete` the node from `NodesManager` in the teardown defer, so it and
its store become collectable when the script ends.

## Verification

Sequential live-heap-after-GC stays flat (~400 MB) instead of climbing
to ~1.9 GiB; full suite at `-parallel=16` on a 16-core / ~11 GiB box
peaks at 7.26 GiB (vs ~12.3 GiB → OOM before) and passes in 68 s.
Includes a filetest for the GVM-01 append-persist regression.

Co-authored-by: Morgan Bazalgette <morgan@morganbaz.com>
…ads (gnolang#5812)

> [!NOTE]
> **Part 2 of 6** of the gnovm performance stack (split from gnolang#5800), to
be merged in order:
> 1. gnolang#5811 — perf(gnovm): parallelize test suites and add gno test -jobs
> 2. gnolang#5812 — perf(gnovm): avoid heap-boxed byte access in copy, range
and index reads
> 3. gnolang#5813 — perf(gnovm): recycle runtime blocks through a per-machine
pool
> 4. gnolang#5814 — perf(gnovm): share interface-held values when copying
arrays (gas-visible)
> 5. gnolang#5815 — ci(gnovm): skip print-only coverage instrumentation
> 6. gnolang#5816 — perf(gnovm): reduce per-call and per-op allocations
>
> Each PR is based on the previous one's branch; this one diffs against
part 1. Together: `ci / gnovm` ~14m → 6m18s; `pkg/gnolang` test time
−64%; VM heap allocations −84% on the heaviest suite.

## Summary

Profiling the gnovm test suites (dominated by interpreted Gno) showed
~50% of CPU in Go GC/malloc, with **67% of all heap allocations (694M
objects in the bytes stdlib suite alone)** coming from the per-element
pointer getter (`ArrayValue.GetElementPointer`, renamed below)
materializing a heap `*TypedValue` + boxed `DataByteValue` per byte
accessed:

- the `copy()` builtin allocated **two boxes per byte copied** (554M
objects; the code carried a `TODO: consider an optimization if dstv.Data
!= nil` that had sat untouched since the builtin's first implementation
in 2021);
- `for i, c := range byteslice` allocated three objects per iteration
(the index TypedValue escaping through `GetPointerAtIndex(&iv)`, plus
the view box) that `Deref` immediately discarded;
- `b[i]` reads in `doOpIndex1` did the same box-then-Deref dance.

This adds `TypedValue.GetByteAtIndexInt` — a read-only fast path
mirroring `GetPointerAtIndex`'s bounds checks and panics for strings and
Data-backed arrays/slices — used by `doOpIndex1` and the range loop, and
gives `copy()` direct byte copies when both sides are Data-backed (or
the source is a string).

**Recover semantics preserved**: the fast path raises the same
recoverable Gno `*Exception` on out-of-range indices that
`GetPointerAtIndex` does (strings, arrays and slices), so `recover()`
still catches byte out-of-bounds reads instead of seeing an
un-recoverable Go-native panic (see gnolang#5738). `copy()`'s direct-byte path
keeps the readonly-taint check and the top-level `DidUpdate`
(dirty-marking + cross-realm write permissions), matching what `append`
does for its in-place byte writes.

**Gas is unchanged**: the view boxes were raw Go allocations never
charged to the VM allocator, and CPU gas for `copy()` was already
charged before the per-element loops. Verified empirically: no existing
filetest golden changed (including `Gas:` and MAXALLOC-sensitive alloc
tests), plus `gno.land/pkg/sdk/vm` gas tests, the txtar suite, examples,
and cmd/gno all pass.

## Naming cleanup

The index-accessor family had accreted inconsistent names; renamed for
legibility:
- `TypedValue.GetValueAtIntIndex` → `GetByteAtIndexInt` (fixes the
`AtIntIndex`/`AtIndexInt` word-order flip vs `GetPointerAtIndexInt`, and
names its actual byte-only domain)
- `ArrayValue`/`SliceValue.GetPointerAtIndexInt2` → `GetElementPointer`
(drops the meaningless `2`; signals the container-element layer)

## Tests

- `copy5e.gno` — copying into an external-realm, Data-backed `[]byte`
exercises the new `copy()` byte fast path and asserts the readonly-taint
check still fires. The existing `copy5`/`copy5c` only use `[]int` (the
non-byte slow path), so the fast path's cross-realm guard was previously
uncovered.

## Measurements

| | before | after |
|---|---|---|
| `TestStdlibs/bytes` solo | 151.5s | **105.2s** (−31%) |
| heap objects allocated (bytes suite) | 1.03G | 0.30G (−71%) |
| `BenchmarkOpIndex1_ByteArray` | 185.7ns | 130.0ns |
| full `pkg/gnolang` long mode, 16 cores | 245.0s | 184.6s |

Untouched paths benchmark flat (`OpRangeIter_1000` 30.9µs → 30.2µs,
`OpIndex1_MapHit_100` 187.0ns → 187.7ns). Byte *writes* (`b[i] = x`)
still box — the pointer protocol spans multiple ops; left as follow-up.

---------

Co-authored-by: ltzmaxwell <ltz.maxwell@gmail.com>
fixes gnolang#3704

This PR reworks gas simulation and out-of-gas UX end-to-end, with a
clear split of responsibilities:

- **Server**: executes tx and reports consistent out-of-gas (OOG)
errors.
- **Client (`gnokey`)**: chooses simulation gas ceiling and provides
guidance to users.

## High-level changes

- Moved simulation gas-ceiling behavior to the **client**.
  - `gnokey` queries consensus max gas and uses it for simulation.
  - If unavailable, it uses a large fallback ceiling.
- Standardized OOG messaging across execution paths.
- Errors now explain whether the limit hit was tx gas wanted vs max
block gas.
- Messages include operation context and simulation guidance when
relevant.
- Improved simulation feedback.
  - Adds a `suggested gas-wanted` value (+5% margin).
  - Preserves fee estimation info in output.
- Improved failed-tx output UX in CLI.
- Failure path now prints the same useful metrics users see on success.

## User impact

- Better gas estimation workflow.
- Clearer and more actionable OOG errors.
- More predictable behavior between `simulate only` and `simulate skip`
(with explicit messaging when they differ due to simulation ceiling
behavior).

## Usage

### Before

```
gnokey maketx call -pkgpath "gno.land/r/demo/counter" -func "Increment" -broadcast -gas-wanted=105000 -gas-fee=500ugnot test1
Enter password.
TX HASH:
INFO:
--= Error =--
Data: out of gas error
Msg Traces:
    0  gno/tm2/pkg/errors/errors.go:103 - deliver transaction failed: log:out of gas, gasWanted: 105000, gasUsed: 110998 location: GetObjectPerByte
--= /Error =--
```

GAS USED is the gas used until the panic during the simulation stage.

### Now

```
gnokey maketx call -pkgpath "gno.land/r/demo/counter" -func "Increment" -broadcast -gas-wanted=105000 -gas-fee=500ugnot test1
Enter password.
GAS WANTED: 105000
GAS USED:   1732814
HEIGHT:     0
STORAGE DELTA:  5 bytes
STORAGE FEE:    500ugnot
TOTAL TX COST:  1000ugnot
EVENTS:     [{"bytes_delta":5,"fee_delta":{"denom":"ugnot","amount":500},"pkg_path":"gno.land/r/demo/counter"}]
INFO:       suggested gas-wanted (gas used + 5%): 1819455
TX HASH:
--= Error =--
Data: out of gas error
Msg Traces:
    0  github.com/gnolang/gno/tm2/pkg/errors/errors.go:103 - deliver transaction failed: log:gas used (1732814) exceeds tx's gas wanted (105000) during operation: simulation
--= /Error =--
```

GAS USED is the total gas used of the transaction, now calculate during
the simulation stage.

```
gnokey maketx call -pkgpath "gno.land/r/demo/counter" -func "Increment" -broadcast -gas-wanted=105000 -gas-fee=500ugnot -simulate skip test1
Enter password.
--= Error =--
Data: out of gas error
Msg Traces:
    0  github.com/gnolang/gno/tm2/pkg/errors/errors.go:103 - check transaction failed: log:--= Error =--
Data: std.OutOfGasError{abciError:std.abciError{}}
Msg Traces:
    0  gno/tm2/pkg/std/errors.go:117 - gas used (179810) exceeds tx's gas wanted (105000) during operation: DepthReadFlat; simulate with consensus maximum (10000000000) to get real transaction usage
Stack Trace:
    0  gno/tm2/pkg/errors/errors.go:93
...
```

Message updated: GAS USED is the gas used UNTIL the panic (no
simulation).

```
gnokey maketx call -pkgpath "gno.land/r/demo/counter" -func "Increment" -broadcast -gas-wanted=100 -gas-fee=500ugnot -simulate skip test1
Enter password.
--= Error =--
Data: out of gas error
Msg Traces:
    0  github.com/gnolang/gno/tm2/pkg/errors/errors.go:103 - check transaction failed: log:--= Error =--
Data: std.OutOfGasError{abciError:std.abciError{}}
Msg Traces:
    0  gno/tm2/pkg/std/errors.go:117 - gas used (2800) exceeds tx's gas wanted (100) during operation: txSize; simulate with consensus maximum (10000000000) to get real transaction usage
Stack Trace:
    0  gno/tm2/pkg/errors/errors.go:93
    ...
```

Message updated: GAS USED is the gas used UNTIL the panic (before
running the tx).

---------

Signed-off-by: D4ryl00 <d4ryl00@gmail.com>
Signed-off-by: Jeff Thompson <jeff@thefirst.org>
Co-authored-by: Morgan <morgan@morganbaz.com>
Co-authored-by: Jeff Thompson <jeff@thefirst.org>
accidentally pushed to my fork rather than d4ryl's. This PR simplifies
the func signatures for OnTxSuccess and OnTxFailure, as they all require
an `io`, unifies the default behaviour into `Default` functions, fixes
`execBroadcast` not printing the full tx metrics by default, simplifies
the logic for the oog errors, and correctly states in the error message
that if the RPC call fails, the user's max-gas will be used.

---------

Signed-off-by: D4ryl00 <d4ryl00@gmail.com>
Signed-off-by: Jeff Thompson <jeff@thefirst.org>
Co-authored-by: D4ryl00 <d4ryl00@gmail.com>
Co-authored-by: Jeff Thompson <jeff@thefirst.org>
…nolang#5834)

gnoclient PR gnolang#5657 adds
`QuerySessionAccount` which returns `std.BaseAccount` . This is because
it was originally written to imitate `QueryAccount` just for the purpose
of getting the [account number and sequence
number](https://github.com/gnolang/gno/blob/8a5426c29eef6919df42dec09b9635bd1f593bbc/gno.land/pkg/gnoclient/client_txs.go#L414-L420)
while signing. But there is no reason why `QuerySessionAccount` can't
return the [full `GnoSessionAccount
`object](https://github.com/gnolang/gno/blob/8a5426c29eef6919df42dec09b9635bd1f593bbc/gno.land/pkg/gnoclient/client_queries.go#L86)
which has all the other session information like expire time.

This PR updates `QuerySessionAccount` to return `GnoSessionAccount` and
updates the test to check the returned fields.

(Technically, this is a breaking change to the `QuerySessionAccount`
API, but the PR was just merged and no external applications are using
it yet.)

---------

Signed-off-by: Jeff Thompson <jeff@thefirst.org>
Signed-off-by: Jeff Thompson <jeff@thefirst.org>
@github-actions github-actions Bot added 📖 documentation Improvements or additions to documentation 🧾 package/realm Tag used for new Realms or Packages. 📦 🤖 gnovm Issues or PRs gnovm related 📦 🌐 tendermint v2 Issues or PRs tm2 related 📦 ⛰️ gno.land Issues or PRs gno.land package related 🌍 gnoweb Issues & PRs related to gnoweb and render amino Issues and PRs related to amino 🐳 devops 🐹 golang Pull requests that update Go code 🚀 ci 📄 top-level-md 🛠️ gnodev labels Jun 23, 2026
@Gno2D2

Gno2D2 commented Jun 23, 2026

Copy link
Copy Markdown
Collaborator

🛠 PR Checks Summary

All Automated Checks passed. ✅

Manual Checks (for Reviewers):
  • IGNORE the bot requirements for this PR (force green CI check)
Read More

🤖 This bot helps streamline PR reviews by verifying automated checks and providing guidance for contributors and reviewers.

✅ Automated Checks (for Contributors):

No automated checks match this pull request.

☑️ Contributor Actions:
  1. Fix any issues flagged by automated checks.
  2. Follow the Contributor Checklist to ensure your PR is ready for review.
    • Add new tests, or document why they are unnecessary.
    • Provide clear examples/screenshots, if necessary.
    • Update documentation, if required.
    • Ensure no breaking changes, or include BREAKING CHANGE notes.
    • Link related issues/PRs, where applicable.
☑️ Reviewer Actions:
  1. Complete manual checks for the PR, including the guidelines and additional checks if applicable.
📚 Resources:
Debug
Manual Checks
**IGNORE** the bot requirements for this PR (force green CI check)

If

🟢 Condition met
└── 🟢 On every pull request

Can be checked by

  • Any user with comment edit permission

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

amino Issues and PRs related to amino 📖 documentation Improvements or additions to documentation 🚀 ci 🐳 devops 🛠️ gnodev 🌍 gnoweb Issues & PRs related to gnoweb and render 🐹 golang Pull requests that update Go code 📦 🌐 tendermint v2 Issues or PRs tm2 related 📦 ⛰️ gno.land Issues or PRs gno.land package related 📦 🤖 gnovm Issues or PRs gnovm related 🧾 package/realm Tag used for new Realms or Packages. 📄 top-level-md

Projects

Development

Successfully merging this pull request may close these issues.