chore(deps): bump the go_modules group across 1 directory with 6 updates

[dependabot]

Bumps the go_modules group with 6 updates in the / directory:

Package	From	To
go.opentelemetry.io/otel/sdk	1.31.0	1.43.0
golang.org/x/crypto	0.44.0	0.45.0
google.golang.org/grpc	1.69.4	1.79.3
github.com/ipld/go-ipld-prime	0.21.0	0.23.0
github.com/quic-go/quic-go	0.57.1	0.59.1
github.com/quic-go/webtransport-go	0.9.0	0.10.0

Updates go.opentelemetry.io/otel/sdk from 1.31.0 to 1.43.0

Changelog

Sourced from go.opentelemetry.io/otel/sdk's changelog.

[1.43.0/0.65.0/0.19.0] 2026-04-02

Added

• Add IsRandom and WithRandom on TraceFlags, and IsRandom on SpanContext in go.opentelemetry.io/otel/trace for W3C Trace Context Level 2 Random Trace ID Flag support. (#8012)
• Add service detection with WithService in go.opentelemetry.io/otel/sdk/resource. (#7642)
• Add DefaultWithContext and EnvironmentWithContext in go.opentelemetry.io/otel/sdk/resource to support plumbing context.Context through default and environment detectors. (#8051)
• Support attributes with empty value (attribute.EMPTY) in go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc. (#8038)
• Support attributes with empty value (attribute.EMPTY) in go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc. (#8038)
• Support attributes with empty value (attribute.EMPTY) in go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc. (#8038)
• Support attributes with empty value (attribute.EMPTY) in go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp. (#8038)
• Support attributes with empty value (attribute.EMPTY) in go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp. (#8038)
• Support attributes with empty value (attribute.EMPTY) in go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp. (#8038)
• Support attributes with empty value (attribute.EMPTY) in go.opentelemetry.io/otel/sdk/metric/metricdata/metricdatatest. (#8038)
• Add support for per-series start time tracking for cumulative metrics in go.opentelemetry.io/otel/sdk/metric. Set OTEL_GO_X_PER_SERIES_START_TIMESTAMPS=true to enable. (#8060)
• Add WithCardinalityLimitSelector for metric reader for configuring cardinality limits specific to the instrument kind. (#7855)

Changed

• Introduce the EMPTY Type in go.opentelemetry.io/otel/attribute to reflect that an empty value is now a valid value, with INVALID remaining as a deprecated alias of EMPTY. (#8038)
• Improve slice handling in go.opentelemetry.io/otel/attribute to optimize short slice values with fixed-size fast paths. (#8039)
• Improve performance of span metric recording in go.opentelemetry.io/otel/sdk/trace by returning early if self-observability is not enabled. (#8067)
• Improve formatting of metric data diffs in go.opentelemetry.io/otel/sdk/metric/metricdata/metricdatatest. (#8073)

Deprecated

• Deprecate INVALID in go.opentelemetry.io/otel/attribute. Use EMPTY instead. (#8038)

Fixed

• Return spec-compliant TraceIdRatioBased description. This is a breaking behavioral change, but it is necessary to make the implementation spec-compliant. (#8027)
• Fix a race condition in go.opentelemetry.io/otel/sdk/metric where the lastvalue aggregation could collect the value 0 even when no zero-value measurements were recorded. (#8056)
• Limit HTTP response body to 4 MiB in go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp to mitigate excessive memory usage caused by a misconfigured or malicious server. Responses exceeding the limit are treated as non-retryable errors. (#8108)
• Limit HTTP response body to 4 MiB in go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp to mitigate excessive memory usage caused by a misconfigured or malicious server. Responses exceeding the limit are treated as non-retryable errors. (#8108)
• Limit HTTP response body to 4 MiB in go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp to mitigate excessive memory usage caused by a misconfigured or malicious server. Responses exceeding the limit are treated as non-retryable errors. (#8108)
• WithHostID detector in go.opentelemetry.io/otel/sdk/resource to use full path for kenv command on BSD. (#8113)
• Fix missing request.GetBody in go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp to correctly handle HTTP2 GOAWAY frame. (#8096)

[1.42.0/0.64.0/0.18.0/0.0.16] 2026-03-06

Added

• Add go.opentelemetry.io/otel/semconv/v1.40.0 package. The package contains semantic conventions from the v1.40.0 version of the OpenTelemetry Semantic Conventions. See the migration documentation for information on how to upgrade from go.opentelemetry.io/otel/semconv/v1.39.0. (#7985)

... (truncated)

Commits

• 9276201 Release v1.43.0 / v0.65.0 / v0.19.0 (#8128)
• 61b8c94 chore(deps): update module github.com/mattn/go-runewidth to v0.0.22 (#8131)
• 97a086e chore(deps): update github.com/golangci/dupl digest to c99c5cf (#8122)
• 5e363de limit response body size for OTLP HTTP exporters (#8108)
• 35214b6 Use an absolute path when calling bsd kenv (#8113)
• 290024c fix(deps): update module google.golang.org/grpc to v1.80.0 (#8121)
• e70658e fix: support getBody in otelploghttp (#8096)
• 4afe468 fix(deps): update googleapis to 9d38bb4 (#8117)
• b9ca729 chore(deps): update module github.com/go-git/go-git/v5 to v5.17.2 (#8115)
• 69472ec chore(deps): update fossas/fossa-action action to v1.9.0 (#8118)
• Additional commits viewable in compare view

Updates golang.org/x/crypto from 0.44.0 to 0.45.0

Commits

• 4e0068c go.mod: update golang.org/x dependencies
• e79546e ssh: curb GSSAPI DoS risk by limiting number of specified OIDs
• f91f7a7 ssh/agent: prevent panic on malformed constraint
• 2df4153 acme/autocert: let automatic renewal work with short lifetime certs
• bcf6a84 acme: pass context to request
• b4f2b62 ssh: fix error message on unsupported cipher
• 79ec3a5 ssh: allow to bind to a hostname in remote forwarding
• See full diff in compare view

Updates google.golang.org/grpc from 1.69.4 to 1.79.3

Release notes

Sourced from google.golang.org/grpc's releases.

Release 1.79.3

Security

• server: fix an authorization bypass where malformed :path headers (missing the leading slash) could bypass path-based restricted "deny" rules in interceptors like grpc/authz. Any request with a non-canonical path is now immediately rejected with an Unimplemented error. (#8981)

Release 1.79.2

Bug Fixes

• stats: Prevent redundant error logging in health/ORCA producers by skipping stats/tracing processing when no stats handler is configured. (grpc/grpc-go#8874)

Release 1.79.1

Bug Fixes

• grpc: Remove the -dev suffix from the User-Agent header. (grpc/grpc-go#8902)

Release 1.79.0

API Changes

• mem: Add experimental API SetDefaultBufferPool to change the default buffer pool. (#8806)
  • Special Thanks: @​vanja-p
• experimental/stats: Update MetricsRecorder to require embedding the new UnimplementedMetricsRecorder (a no-op struct) in all implementations for forward compatibility. (#8780)

Behavior Changes

• balancer/weightedtarget: Remove handling of Addresses and only handle Endpoints in resolver updates. (#8841)

New Features

• experimental/stats: Add support for asynchronous gauge metrics through the new AsyncMetricReporter and RegisterAsyncReporter APIs. (#8780)
• pickfirst: Add support for weighted random shuffling of endpoints, as described in gRFC A113.
  • This is enabled by default, and can be turned off using the environment variable GRPC_EXPERIMENTAL_PF_WEIGHTED_SHUFFLING. (#8864)
• xds: Implement :authority rewriting, as specified in gRFC A81. (#8779)
• balancer/randomsubsetting: Implement the random_subsetting LB policy, as specified in gRFC A68. (#8650)
  • Special Thanks: @​marek-szews

Bug Fixes

• credentials/tls: Fix a bug where the port was not stripped from the authority override before validation. (#8726)
  • Special Thanks: @​Atul1710
• xds/priority: Fix a bug causing delayed failover to lower-priority clusters when a higher-priority cluster is stuck in CONNECTING state. (#8813)
• health: Fix a bug where health checks failed for clients using legacy compression options (WithDecompressor or RPCDecompressor). (#8765)
  • Special Thanks: @​sanki92
• transport: Fix an issue where the HTTP/2 server could skip header size checks when terminating a stream early. (#8769)
  • Special Thanks: @​joybestourous
• server: Propagate status detail headers, if available, when terminating a stream during request header processing. (#8754)
  • Special Thanks: @​joybestourous

Performance Improvements

• credentials/alts: Optimize read buffer alignment to reduce copies. (#8791)
• mem: Optimize pooling and creation of buffer objects. (#8784)
• transport: Reduce slice re-allocations by reserving slice capacity. (#8797)

... (truncated)

Commits

• dda86db Change version to 1.79.3 (#8983)
• 72186f1 grpc: enforce strict path checking for incoming requests on the server (#8981)
• 97ca352 Changing version to 1.79.3-dev (#8954)
• 8902ab6 Change the version to release 1.79.2 (#8947)
• a928670 Cherry-pick #8874 to v1.79.x (#8904)
• 06df363 Change version to 1.79.2-dev (#8903)
• 782f2de Change version to 1.79.1 (#8902)
• 850eccb Change version to 1.79.1-dev (#8851)
• 765ff05 Change version to 1.79.0 (#8850)
• 68804be Cherry pick #8864 to v1.79.x (#8896)
• Additional commits viewable in compare view

Updates github.com/ipld/go-ipld-prime from 0.21.0 to 0.23.0

Release notes

Sourced from github.com/ipld/go-ipld-prime's releases.

v0.23.0

What's Changed

• build(deps): bump github.com/ipfs/go-datastore from 0.9.0 to 0.9.1 in /storage/dsadapter by @​dependabot[bot] in ipld/go-ipld-prime#614
• ci: uci/update-go by @​web3-bot in ipld/go-ipld-prime#616
• chore(docs): s/AllowBudget/AllocationBudget by @​rvagg in ipld/go-ipld-prime#617
• build(deps): bump github.com/ipfs/boxo from 0.35.0 to 0.38.0 in /storage/bsrvadapter by @​dependabot[bot] in ipld/go-ipld-prime#623
• build(deps): bump github.com/ipfs/go-cid from 0.6.0 to 0.6.1 in /storage/bsadapter by @​dependabot[bot] in ipld/go-ipld-prime#624
• build(deps): bump github.com/ipld/go-ipld-prime from 0.21.0 to 0.22.0 in /storage/bsadapter by @​dependabot[bot] in ipld/go-ipld-prime#618
• build(deps): bump github.com/ipfs/go-cid from 0.6.0 to 0.6.1 in /storage/bsrvadapter by @​dependabot[bot] in ipld/go-ipld-prime#621
• build(deps): bump github.com/ipfs/boxo from 0.35.0 to 0.38.0 in /storage/bsadapter by @​dependabot[bot] in ipld/go-ipld-prime#622
• build(deps): bump github.com/ipfs/go-cid from 0.6.0 to 0.6.1 by @​dependabot[bot] in ipld/go-ipld-prime#620
• feat(codec): MaxDepth on DecodeOptions & more bounds testing by @​rvagg in ipld/go-ipld-prime#625

Full Changelog: ipld/go-ipld-prime@v0.22.0...v0.23.0

v0.22.0

What's Changed

• fix(bindnode): provide correct err msg on union member non-match by @​rvagg in ipld/go-ipld-prime#535
• ci: uci/delete-templates by @​web3-bot in ipld/go-ipld-prime#536
• ci: uci/copy-templates by @​web3-bot in ipld/go-ipld-prime#537
• fix: upgrade specs with downgraded go.mod by @​rvagg in ipld/go-ipld-prime#538
• ci: uci/copy-templates by @​web3-bot in ipld/go-ipld-prime#539
• build(deps): bump github.com/ipfs/go-block-format from 0.0.3 to 0.2.0 in /storage/bsadapter by @​dependabot[bot] in ipld/go-ipld-prime#540
• build(deps): bump github.com/ipfs/go-block-format from 0.0.3 to 0.2.0 in /storage/bsrvadapter by @​dependabot[bot] in ipld/go-ipld-prime#541
• docs: add SelectLinks example by @​rvagg in ipld/go-ipld-prime#542
• chore(deps): update storage package dependencies by @​rvagg in ipld/go-ipld-prime#543
• Corrected texts by @​criadoperez in ipld/go-ipld-prime#544
• build(deps): bump github.com/gogo/protobuf from 1.2.1 to 1.3.2 in /storage/benchmarks by @​dependabot[bot] in ipld/go-ipld-prime#545
• build(deps): bump github.com/ipfs/boxo from 0.12.0 to 0.13.1 in /storage/bsadapter by @​dependabot[bot] in ipld/go-ipld-prime#548
• build(deps): bump github.com/ipfs/boxo from 0.12.0 to 0.13.1 in /storage/bsrvadapter by @​dependabot[bot] in ipld/go-ipld-prime#547
• Multiple text corrections by @​criadoperez in ipld/go-ipld-prime#551
• Text corrections by @​criadoperez in ipld/go-ipld-prime#552
• feat: add EmptyPathSegment, distinct from PathSegment{} by @​rvagg in ipld/go-ipld-prime#546
• Corrections on go files by @​criadoperez in ipld/go-ipld-prime#553
• build(deps): bump github.com/google/go-cmp from 0.5.9 to 0.6.0 by @​dependabot[bot] in ipld/go-ipld-prime#554
• chore: add garbage roundtrip tests for dag-json to check refmt changes/fixes by @​rvagg in ipld/go-ipld-prime#550
• build(deps): bump github.com/ipfs/boxo from 0.13.1 to 0.15.0 in /storage/bsrvadapter by @​dependabot[bot] in ipld/go-ipld-prime#555
• build(deps): bump github.com/ipfs/boxo from 0.13.1 to 0.15.0 in /storage/bsadapter by @​dependabot[bot] in ipld/go-ipld-prime#556
• build(deps): bump github.com/ipfs/boxo from 0.15.0 to 0.16.0 in /storage/bsrvadapter by @​dependabot[bot] in ipld/go-ipld-prime#558
• build(deps): bump github.com/ipfs/boxo from 0.15.0 to 0.16.0 in /storage/bsadapter by @​dependabot[bot] in ipld/go-ipld-prime#557
• build(deps): bump golang.org/x/crypto from 0.1.0 to 0.17.0 by @​dependabot[bot] in ipld/go-ipld-prime#559
• build(deps): bump golang.org/x/crypto from 0.14.0 to 0.17.0 in /storage/bsrvadapter by @​dependabot[bot] in ipld/go-ipld-prime#560
• build(deps): bump golang.org/x/crypto from 0.14.0 to 0.17.0 in /storage/bsadapter by @​dependabot[bot] in ipld/go-ipld-prime#561
• ci: uci/update-go by @​web3-bot in ipld/go-ipld-prime#566
• ci: uci/copy-templates by @​web3-bot in ipld/go-ipld-prime#567
• feat(schema): expose useful functions for building schemas by @​hannahhoward in ipld/go-ipld-prime#569
• ci: uci/update-go by @​web3-bot in ipld/go-ipld-prime#570
• basicnode: don't panic on negative index by @​MichaelMure in ipld/go-ipld-prime#571
• Thread bindnode options through convenience calls by @​hannahhoward in ipld/go-ipld-prime#572

... (truncated)

Changelog

Sourced from github.com/ipld/go-ipld-prime's changelog.

CHANGELOG

Here is collected some brief notes on major changes over time, sorted by tag in which they are first available.

Of course for the "detailed changelog", you can always check the commit log! But hopefully this summary helps.

Note about version numbering: All release tags are in the "v0.${x}" range. We do not expect to make a v1 release. Nonetheless, this should not be taken as a statement that the library isn't usable already. Much of this code is used in other libraries and products, and we do take some care about making changes. (If you're ever wondering about stability of a feature, ask -- or contribute more tests ;))

• Planned/Upcoming Changes
• Released Changes Log

Planned/Upcoming Changes

Here are some outlines of changes we intend to make that affect the public API:

• IPLD Amend: is likely to land soon; it implements a more efficient underlying architecture to support IPLD Patch and related features. IPLD Amend adds an interface to allow incremental changes to Nodes in an efficient way. Whereas IPLD Patch is a protocol for expressing changes. We're still working on figuring out exactly where it fits in the stack and making sure it won't be disruptive but early benchmarks are very promising for both Patch and traversal-based transforms. See ipld/go-ipld-prime#445 for more.
• Layered Node implementation optimizations: When layering different implementations of Node builders or consumers, having to defer through basicnode types can lead to large inefficiencies of memory and speed. We are looking at ways to improve this situation, including ways to assemble layered assemblers. See ipld/go-ipld-prime#443 for discussion and some initial plans.
• Selectors: There have been some recurring wishes to do something about the Selector package layout. There's no intended or prioritized date for this. See ipld/go-ipld-prime#236 for more.
• Absent / "Not found" values: There may be some upcoming changes to exactly how "not found" values are handled in order to clarify and standardize the subject. There's no finalized date for this. See ipld/go-ipld-prime#360 for more.

Released Changes

Commits

• bfde418 v0.23.0 bump (#626)
• d5efcf7 feat(codec): MaxDepth on DecodeOptions & more bounds testing (#625)
• f0e3f36 build(deps): bump github.com/ipfs/go-cid from 0.6.0 to 0.6.1 (#620)
• 1424bc4 build(deps): bump github.com/ipfs/boxo in /storage/bsadapter (#622)
• 5c494ab build(deps): bump github.com/ipfs/go-cid in /storage/bsrvadapter (#621)
• 1f7ac04 build(deps): bump github.com/ipld/go-ipld-prime in /storage/bsadapter (#618)
• 7205a44 build(deps): bump github.com/ipfs/go-cid in /storage/bsadapter (#624)
• c6916a0 build(deps): bump github.com/ipfs/boxo in /storage/bsrvadapter (#623)
• 5c66635 chore(docs): s/AllowBudget/AllocationBudget (#617)
• acfa3ce ci: uci/update-go (#616)
• Additional commits viewable in compare view

Updates github.com/quic-go/quic-go from 0.57.1 to 0.59.1

Release notes

Sourced from github.com/quic-go/quic-go's releases.

v0.59.1

This patch release backports quic-go/quic-go#5642, which adds validation for HTTP/3 trailers.

v0.59.0

This release adds a couple of new features:

• Adds an API to peek stream data on ReceiveStream and Stream: #5501
• Adds an API to peek the next varint on a stream: #5502
• Reworks the API exposed by the HTTP/3 package for WebTransport: #5509, #5512. Regular HTTP/3 use cases should not be affected by these changes.
• Adds support for HTTP request trailers (trailers sent by the client): #5507

Breaking Changes

• Removes the deprecated ClientHelloInfo: #5497
• Removes the deprecated ConnectionTracingID and ConnectionTracingKey: #5521
• http3: the qlogger is now closed after all streams have been handled: #5524
• The ConnectionState now reports both the local and the remote status of the QUIC Datagram and Reliable Stream Reset extensions: #5533

Other Notable Fixes

• Fixes an infinite loop of PING-only packets caused by a bug in the PTO queueing logic: #5538 and #5539
• http3: Fixes a race condition between new request streams and GOAWAY: #5522
• qlog: Fixes a race condition between RecordEvent and Close: #5523

Changelog

• remove deprecated ClientHelloInfo by @​marten-seemann in quic-go/quic-go#5497
• expose SetReliableBoundary method on the Stream by @​marten-seemann in quic-go/quic-go#5498
• simplify ReceiveStream.Read implementation by @​marten-seemann in quic-go/quic-go#5500
• ci: use codecov-action instead of codecov/test-results-action by @​Copilot in quic-go/quic-go#5504
• http3: add support for request trailers by @​marten-seemann in quic-go/quic-go#5507
• http3: remove stream hijacking API by @​marten-seemann in quic-go/quic-go#5508
• http3: remove Hijacker, add Settingser interface by @​marten-seemann in quic-go/quic-go#5509
• implement a stream peeking API by @​marten-seemann in quic-go/quic-go#5501
• ci: fix Codecov upload by untracking integrationtests before removal by @​marten-seemann in quic-go/quic-go#5511
• quicvarint: implement function to peek the next varint by @​marten-seemann in quic-go/quic-go#5502
• http3: implement new API to allow fine-grained control of connections by @​marten-seemann in quic-go/quic-go#5512
• remove deprecated ConnectionTracingID and ConnectionTracingKey by @​marten-seemann in quic-go/quic-go#5521
• http3: fix race between new streams and GOAWAY by @​marten-seemann in quic-go/quic-go#5522
• qlogwriter: fix race between RecordEvent and Close by @​marten-seemann in quic-go/quic-go#5523
• polish the security policy by @​marten-seemann in quic-go/quic-go#5526
• http3: close qlogger after all streams have been handled by @​marten-seemann in quic-go/quic-go#5524
• fix flaky TestHTTP3Qlog by @​marten-seemann in quic-go/quic-go#5532
• expose local and remote settings in ConnectionState by @​marten-seemann in quic-go/quic-go#5533
• ackhandler: fix qlogging of outstanding packet count by @​marten-seemann in quic-go/quic-go#5538
• ackhandler: fix counting of packets queued for PTO probing by @​marten-seemann in quic-go/quic-go#5539

Full Changelog: quic-go/quic-go@v0.58.0...v0.59.0

... (truncated)

Commits

• 438abf0 http3: implement trailer validation logic (#5642)
• 7659dd8 ackhandler: fix counting of packets queued for PTO probing (#5539)
• bd4aea9 ackhandler: fix qlogging of outstanding packet count (#5538)
• 76b3e07 ackhandler: remove unused declaredLost field in the packet (#5537)
• 2020668 expose local and remote settings in ConnectionState (#5533)
• d082d9f fix flaky TestHTTP3Qlog (#5532)
• c5f15f2 http3: close qlogger after all streams have been handled (#5524)
• f6dbf89 polish the security policy (#5526)
• 29cb6ff qlogwriter: fix race between RecordEvent and Close (#5523)
• e8a6e37 http3: fix race between new streams and GOAWAY (#5522)
• Additional commits viewable in compare view

Updates github.com/quic-go/webtransport-go from 0.9.0 to 0.10.0

Release notes

Sourced from github.com/quic-go/webtransport-go's releases.

v0.10.0

This release updates webtransport-go to use the new API introduced in quic-go v0.59.0 (#221): Instead of "hijacking" streams from the HTTP/3 layer, the underlying QUIC connection is now owned by WebTransport, and webtransport-go dispatches incoming streams to either the HTTP/3 layer or an existing or new WebTransport session.

New Features

• Implemented Application Protocol Negotiation: #190
• The QUIC Stream Resets with Partial Delivery is now used to enforce reliable delivery of the WebTransport stream header: #239

Breaking Changes

• Session.ConnectionState was renamed to SessionState: #189
• The StreamID method was removed from Stream, SendStream and ReceiveStream: #226
• The Server now embeds the http3.Server as a pointer (instead of by value): #215

Other Changes

• The Stream and the SendStream now expose a Context method: #176 (thanks to @​Sicilica)
• Delayed streams for already closed sessions are immediately reset: #235
• The Session context now uses the request or dial context, allowing the application to attach values to the context: #199
• When a WebTransport session is closed, streams are reset using the WT_SESSION_GONE error. Stream Read and Write now wait for the WT_CLOSE_SESSION capsule on the CONNECT stream to return a meaningful error: #213

Notable Fixes

• Closed sessions are now properly cleaned up: #198 (thanks to @​rolaechea), #230
• Session errors are now properly propagated to the stream Read and Write calls: #207
• The length limit for WT_CLOSE_SESSION capsules is now enforced: #202
• The dial timeout is now respected while waiting for the server's HTTP/3 settings: #216
• A 10ms deadline is applied before attempting the WT_CLOSE_SESSION capsule, preventing Session.Close from blocking any longer than 10ms: #224
• errors.Is error comparisons were fixed for StreamError and SessionError: #204, #205
• The underlying QUIC connection is now closed when establishing a WebTransport session fails: #236

Changelog

• ci: remove 386 (32 bit x86) by @​marten-seemann in quic-go/webtransport-go#180
• Bump actions/setup-python from 5 to 6 by @​dependabot[bot] in quic-go/webtransport-go#178
• Bump actions/checkout from 4 to 5 by @​dependabot[bot] in quic-go/webtransport-go#177
• Bump actions/setup-go from 5 to 6 by @​dependabot[bot] in quic-go/webtransport-go#179
• ci: use go mod tidy -diff to check for tidied go.mod by @​marten-seemann in quic-go/webtransport-go#181
• ci: fix setting of OS and Go envs for Codecov by @​marten-seemann in quic-go/webtransport-go#183
• ci: enable Codecov test analysis by @​marten-seemann in quic-go/webtransport-go#182
• update minimum Go version to 1.24, use 1.24 and 1.25 on CI by @​marten-seemann in quic-go/webtransport-go#184
• update quic-go to v0.56.0 by @​marten-seemann in quic-go/webtransport-go#185
• ci: remove unused code generation step from lint job by @​marten-seemann in quic-go/webtransport-go#186
• Bump golangci/golangci-lint-action from 8 to 9 by @​dependabot[bot] in quic-go/webtransport-go#187
• README: remove unfunded status section by @​marten-seemann in quic-go/webtransport-go#188
• expose SendStream.Context and Stream.Context by @​Sicilica in quic-go/webtransport-go#176
• replace Session.ConnectionState with Session.SessionState by @​marten-seemann in quic-go/webtransport-go#189
• implement application protocol negotiation by @​marten-seemann in quic-go/webtransport-go#190
• ci: update Chrome to 142.0.7444.162 in interop test by @​marten-seemann in quic-go/webtransport-go#192
• remove header-based draft version negotiation by @​marten-seemann in quic-go/webtransport-go#191

... (truncated)

Commits

• 9d448b1 enable and use the QUIC Stream Resets with Partial Delivery extension (#239)
• 128538a update quic-go to v0.59.0 (#240)
• 5d8d3c4 immediately reject streams for closed sessions (#235)
• af56b7f close client’s QUIC connection on WebTransport session close or failure (#236)
• 093f58b move connection management to client and server (#231)
• 9154cfc ci: update golangci-lint to v2.7.2 (#234)
• acca676 add a security policy (#233)
• f2622e1 remove stray TODO from Session (#232)
• 58df38a simplify stream buffering logic in the session manager (#230)
• 3b5a3df README: add list of notable projects and a release policy (#225)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[CLAassistant]

Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
_{You have signed the CLA already but the status is still pending? Let us recheck it.}

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud