chore(deps): bump the all group with 9 updates

[dependabot]

Bumps the all group with 9 updates:

Package	From	To
github.com/lib/pq	1.10.9	1.12.3
github.com/mr-tron/base58	1.2.0	1.3.0
github.com/spf13/cobra	1.7.0	1.10.2
github.com/spf13/viper	1.15.0	1.21.0
github.com/streamingfast/logging	0.0.0-20230608130331-f22c91403091	1.2.2
github.com/streamingfast/substreams	1.16.7-0.20251015182509-1c9938899a91	1.18.4
go.uber.org/zap	1.27.0	1.27.1
google.golang.org/grpc	1.72.0	1.77.0
google.golang.org/protobuf	1.36.6	1.36.11

Updates github.com/lib/pq from 1.10.9 to 1.12.3

Release notes

Sourced from github.com/lib/pq's releases.

v1.12.3

• Send datestyle startup parameter, improving compatbility with database engines that use a different default datestyle such as EnterpriseDB (#1312).

#1312: lib/pq#1312

v1.12.2

• Treat io.ErrUnexpectedEOF as driver.ErrBadConn so database/sql discards the connection. Since v1.12.0 this could result in permanently broken connections, especially with CockroachDB which frequently sends partial messages (#1299).

#1299: lib/pq#1299

v1.12.1

• Look for pgpass file in ~/.pgpass instead of ~/.postgresql/pgpass (#1300).

• Don't clear password if directly set on pq.Config (#1302).

#1300: lib/pq#1300 #1302: lib/pq#1302

v1.12.0

• The next release may change the default sslmode from require to prefer. See #1271 for details.

• CopyIn() and CopyInToSchema() have been marked as deprecated. These are simple query builders and not needed for COPY [..] FROM STDIN support (which is not deprecated). (#1279)

  // Old
  tx.Prepare(CopyIn("temp", "num", "text", "blob", "nothing"))
  // Replacement
  tx.Prepare(copy temp (num, text, blob, nothing) from stdin)
  

Features

• Support protocol 3.2, and the min_protocol_version and max_protocol_version DSN parameters (#1258).

• Support sslmode=prefer and sslmode=allow (#1270).

• Support ssl_min_protocol_version and ssl_max_protocol_version (#1277).

• Support connection service file to load connection details (#1285).

• Support sslrootcert=system and use ~/.postgresql/root.crt as the default value of sslrootcert (#1280, #1281).

• Add a new pqerror package with PostgreSQL error codes (#1275).

  For example, to test if an error is a UNIQUE constraint violation:

  if pqErr, ok := errors.AsType[*pq.Error](https://github.com/lib/pq/blob/HEAD/err); ok && pqErr.Code == pqerror.UniqueViolation {
      log.Fatalf("email %q already exsts", email)
  }
  

  To make this a bit more convenient, it also adds a pq.As() function:

... (truncated)

Changelog

Sourced from github.com/lib/pq's changelog.

v1.12.3 (2026-04-03)

• Send datestyle startup parameter, improving compatbility with database engines that use a different default datestyle such as EnterpriseDB (#1312).

#1312: lib/pq#1312

v1.12.2 (2026-04-02)

• Treat io.ErrUnexpectedEOF as driver.ErrBadConn so database/sql discards the connection. Since v1.12.0 this could result in permanently broken connections, especially with CockroachDB which frequently sends partial messages (#1299).

#1299: lib/pq#1299

v1.12.1 (2026-03-30)

• Look for pgpass file in ~/.pgpass instead of ~/.postgresql/pgpass (#1300).

• Don't clear password if directly set on pq.Config (#1302).

#1300: lib/pq#1300 #1302: lib/pq#1302

v1.12.0 (2026-03-18)

• The next release may change the default sslmode from require to prefer. See #1271 for details.

• CopyIn() and CopyInToSchema() have been marked as deprecated. These are simple query builders and not needed for COPY [..] FROM STDIN support (which is not deprecated). (#1279)

  // Old
  tx.Prepare(CopyIn("temp", "num", "text", "blob", "nothing"))
  // Replacement
  tx.Prepare(copy temp (num, text, blob, nothing) from stdin)
  

Features

• Support protocol 3.2, and the min_protocol_version and max_protocol_version DSN parameters (#1258).

• Support sslmode=prefer and sslmode=allow (#1270).

• Support ssl_min_protocol_version and ssl_max_protocol_version (#1277).

... (truncated)

Commits

• 1f3e3d9 Send datestyle as a startup parameter (#1312)
• 32ba56b Expand tests for multiple result sets
• c2cfac1 Release v1.12.2
• 859f104 Test CockroachDB
• 12e464c Allow multiple matches and regexps in pqtest.ErrorContains()
• 6d77ced Treat io.ErrUnexpectedEOF as driver.ErrBadConn in handleError
• 71daecb Ensure transactions are closed in pqtest
• 8f44823 Set PGAPPNAME for tests
• 4af2196 Fix healthcheck
• 38a54e4 Split out testdata/init a bit
• Additional commits viewable in compare view

Updates github.com/mr-tron/base58 from 1.2.0 to 1.3.0

Release notes

Sourced from github.com/mr-tron/base58's releases.

x10 speedup

What's Changed

• More tests and nits by @​ribasushi in mr-tron/base58#17
• Big refactoring with speed up to x10.

Previous version:

cpu: Apple M4
BenchmarkTrivialBase58Encoding
BenchmarkTrivialBase58Encoding-10       	  704328	      1554 ns/op
BenchmarkFastBase58Encoding
BenchmarkFastBase58Encoding-10          	 1000000	      1065 ns/op
BenchmarkTrivialBase58Decoding
BenchmarkTrivialBase58Decoding-10       	 1541754	       767.0 ns/op
BenchmarkFastBase58Decoding
BenchmarkFastBase58Decoding-10          	 4358894	       278.3 ns/op
BenchmarkTrivialBase58Encoding32
BenchmarkTrivialBase58Encoding32-10     	  729949	      1627 ns/op
BenchmarkFastBase58Encoding32
BenchmarkFastBase58Encoding32-10        	 1000000	      1118 ns/op
BenchmarkTrivialBase58Encoding36
BenchmarkTrivialBase58Encoding36-10     	  608595	      1813 ns/op
BenchmarkFastBase58Encoding36
BenchmarkFastBase58Encoding36-10        	  893626	      1275 ns/op
BenchmarkTrivialBase58Encoding64
BenchmarkTrivialBase58Encoding64-10     	  284566	      4028 ns/op
BenchmarkFastBase58Encoding64
BenchmarkFastBase58Encoding64-10        	  279295	      3955 ns/op
BenchmarkTrivialBase58Encoding256
BenchmarkTrivialBase58Encoding256-10    	   33140	     35533 ns/op
BenchmarkFastBase58Encoding256
BenchmarkFastBase58Encoding256-10       	   17833	     67081 ns/op
BenchmarkTrivialBase58Decoding32
BenchmarkTrivialBase58Decoding32-10     	 1512828	       875.7 ns/op
BenchmarkFastBase58Decoding32
BenchmarkFastBase58Decoding32-10        	 4247128	       341.9 ns/op
BenchmarkTrivialBase58Decoding36
BenchmarkTrivialBase58Decoding36-10     	 1319317	       880.9 ns/op
BenchmarkFastBase58Decoding36
BenchmarkFastBase58Decoding36-10        	 3449229	       366.6 ns/op
BenchmarkTrivialBase58Decoding64
BenchmarkTrivialBase58Decoding64-10     	  663181	      1636 ns/op
BenchmarkFastBase58Decoding64
BenchmarkFastBase58Decoding64-10        	 1327443	       903.0 ns/op
BenchmarkTrivialBase58Decoding256
BenchmarkTrivialBase58Decoding256-10    	  153183	      7469 ns/op
BenchmarkFastBase58Decoding256
BenchmarkFastBase58Decoding256-10       	   93289	     12428 ns/op

... (truncated)

Commits

• 14609f6 big refactorig. speedup x10. better tests. add more benchmarks.
• 957145f mark deprecated functions
• 7feefc8 Merge pull request #17 from ribasushi/more_tests_and_nits
• 925b607 Slightly better README rendering
• d3aa3a3 Better handling of custom alphabets + tests
• 82a293c Seed the math/rand PRNG on every test run
• dfe7821 Works without changes on go1.11: lower dep
• d2877cb Add myself to authors
• See full diff in compare view

Updates github.com/spf13/cobra from 1.7.0 to 1.10.2

Release notes

Sourced from github.com/spf13/cobra's releases.

v1.10.2

🔧 Dependencies

• chore: Migrate from gopkg.in/yaml.v3 to go.yaml.in/yaml/v3 by @​dims in spf13/cobra#2336 - the gopkg.in/yaml.v3 package has been deprecated for some time: this should significantly cleanup dependency/supply-chains for consumers of spf13/cobra

📈 CI/CD

• Fix linter and allow CI to pass by @​marckhouzam in spf13/cobra#2327
• fix: actions/setup-go v6 by @​jpmcb in spf13/cobra#2337

🔥✍🏼 Docs

• Add documentation for repeated flags functionality by @​rvergis in spf13/cobra#2316

🍂 Refactors

• refactor: replace several vars with consts by @​htoyoda18 in spf13/cobra#2328
• refactor: change minUsagePadding from var to const by @​ssam18 in spf13/cobra#2325

🤗 New Contributors

• @​rvergis made their first contribution in spf13/cobra#2316
• @​htoyoda18 made their first contribution in spf13/cobra#2328
• @​ssam18 made their first contribution in spf13/cobra#2325
• @​dims made their first contribution in spf13/cobra#2336

Full Changelog: spf13/cobra@v1.10.1...v1.10.2

Thank you to our amazing contributors!!!!! 🐍 🚀

v1.10.1

🐛 Fix

• chore: upgrade pflags v1.0.9 by @​jpmcb in spf13/cobra#2305

v1.0.9 of pflags brought back ParseErrorsWhitelist and marked it as deprecated

Full Changelog: spf13/cobra@v1.10.0...v1.10.1

v1.10.0

What's Changed

🚨 Attention!

• Bump pflag to 1.0.8 by @​tomasaschan in spf13/cobra#2303

This version of pflag carried a breaking change: it renamed ParseErrorsWhitelist to ParseErrorsAllowlist which can break builds if both pflag and cobra are dependencies in your project.

• If you use both pflag and cobra, upgrade pflagto 1.0.8 andcobrato1.10.0`
• or use the newer, fixed version of pflag v1.0.9 which keeps the deprecated ParseErrorsWhitelist

... (truncated)

Commits

• 88b30ab chore: Migrate from gopkg.in/yaml.v3 to go.yaml.in/yaml/v3 (#2336)
• 346d408 fix: actions/setup-go v6 (#2337)
• fc81d20 refactor: change minUsagePadding from var to const (#2325)
• 117698a refactor: replace several vars with consts (#2328)
• e2dd29d Add documentation for repeated flags functionality (#2316)
• 0629892 Fix linter (#2327)
• 7da941c chore: Bump pflag to v1.0.9 (#2305)
• 51d6751 Bump pflag to 1.0.8 (#2303)
• 3f3b818 Update README.md with new logo
• dcaf42e Add Periscope to the list of projects using Cobra (#2299)
• Additional commits viewable in compare view

Updates github.com/spf13/viper from 1.15.0 to 1.21.0

Release notes

Sourced from github.com/spf13/viper's releases.

v1.21.0

What's Changed

Enhancements 🚀

• Add support for flags pflag.BoolSlice, pflag.UintSlice and pflag.Float64Slice by @​nmvalera in spf13/viper#2015
• feat: use maintained yaml library by @​sagikazarmark in spf13/viper#2040

Bug Fixes 🐛

• fix(config): get config type from v.configType or config file ext by @​GuillaumeBAECHLER in spf13/viper#2003
• fix: config type check when loading any config by @​sagikazarmark in spf13/viper#2007

Dependency Updates ⬆️

• Update dependencies by @​sagikazarmark in spf13/viper#1993
• build(deps): bump github.com/spf13/cast from 1.7.1 to 1.8.0 by @​dependabot[bot] in spf13/viper#2017
• build(deps): bump github.com/pelletier/go-toml/v2 from 2.2.3 to 2.2.4 by @​dependabot[bot] in spf13/viper#2013
• build(deps): bump github.com/sagikazarmark/locafero from 0.8.0 to 0.9.0 by @​dependabot[bot] in spf13/viper#2008
• build(deps): bump golang.org/x/net from 0.37.0 to 0.38.0 in /remote by @​dependabot[bot] in spf13/viper#2016
• build(deps): bump github.com/spf13/cast from 1.8.0 to 1.9.2 by @​dependabot[bot] in spf13/viper#2020
• build(deps): bump github.com/go-viper/mapstructure/v2 from 2.2.1 to 2.3.0 by @​dependabot[bot] in spf13/viper#2028
• build(deps): bump github.com/go-viper/mapstructure/v2 from 2.3.0 to 2.4.0 by @​dependabot[bot] in spf13/viper#2035
• build(deps): bump github.com/spf13/pflag from 1.0.6 to 1.0.7 by @​dependabot[bot] in spf13/viper#2036
• build(deps): bump github.com/fsnotify/fsnotify from 1.8.0 to 1.9.0 by @​dependabot[bot] in spf13/viper#2012
• build(deps): bump github.com/stretchr/testify from 1.10.0 to 1.11.1 by @​dependabot[bot] in spf13/viper#2052
• build(deps): bump github.com/go-viper/mapstructure/v2 from 2.3.0 to 2.4.0 in /remote by @​dependabot[bot] in spf13/viper#2048
• build(deps): bump github.com/spf13/pflag from 1.0.7 to 1.0.10 by @​dependabot[bot] in spf13/viper#2056
• chore: update dependencies by @​sagikazarmark in spf13/viper#2057

Other Changes

• Update update guide with mapstructure package replacement. by @​aldas in spf13/viper#2004
• refactor: use the built-in max/min to simplify the code by @​yingshanghuangqiao in spf13/viper#2029

New Contributors

• @​GuillaumeBAECHLER made their first contribution in spf13/viper#2003
• @​aldas made their first contribution in spf13/viper#2004
• @​nmvalera made their first contribution in spf13/viper#2015
• @​yingshanghuangqiao made their first contribution in spf13/viper#2029
• @​ccoVeille made their first contribution in spf13/viper#2046
• @​spacez320 made their first contribution in spf13/viper#2050

Full Changelog: spf13/viper@v1.20.0...v1.21.0

v1.20.1

What's Changed

Bug Fixes 🐛

• Backport config type fixes to 1.20.x by @​sagikazarmark in spf13/viper#2005

Full Changelog: spf13/viper@v1.20.0...v1.20.1

v1.20.0

... (truncated)

Commits

• 394040c ci: build on go 1.25
• 812f548 chore: update dependencies
• d5271ef ci: update stale workflow
• dff303b feat: add a stale issue scheduled action
• 1287976 build(deps): bump github.com/spf13/pflag from 1.0.7 to 1.0.10
• 38932cd build(deps): bump github.com/go-viper/mapstructure/v2 in /remote
• 6d014be build(deps): bump github.com/stretchr/testify from 1.10.0 to 1.11.1
• b74c7ee build(deps): bump github.com/fsnotify/fsnotify from 1.8.0 to 1.9.0
• acd05e1 fix: linting issues
• ae5a8e2 ci: upgrade golangci-lint
• Additional commits viewable in compare view

Updates github.com/streamingfast/logging from 0.0.0-20230608130331-f22c91403091 to 1.2.2

Release notes

Sourced from github.com/streamingfast/logging's releases.

v1.2.2

Added

• Registry.GetTracerByPackageID(packageID string) (*bool, bool) exposes the raw trace-enabled pointer for a registered logger, allowing external bridges (e.g. a v2 compatibility layer) to mirror trace state into v1 tracers.
• logging.LoggerFromContext(ctx, fallback) as the canonical replacement for logging.Logger(ctx, fallback).

Deprecated

• logging.Logger(ctx, fallback) — use logging.LoggerFromContext instead, or the one-liner level helpers logging.Info, logging.Debug, etc.

v1.2.1

Added

• zapx.TruncatedStringer, an lazy version of zapx.TruncatedString.

v1.2.0

Added

• GlobalRegistry() Registry exposes the global registry, allowing a future v2 module to discover and re-instantiate all loggers registered via v1 PackageLogger.
• Registry.All(fn func(packageID, shortName string)) iterates over all registered loggers in a registry, enabling cross-module migration scenarios.
• Loggers registered via PackageLogger after InstantiateLoggers has already been called are now immediately instantiated and have the same level rules (default level, pre-spec, env spec) applied to them.

Fixed

• SetLevelFor now re-applies the current environment variable overrides (DLOG, DEBUG, TRACE, …) after setting the level, so the provided level acts as a baseline that env vars can override. This fixes the common pattern of calling SetLevelFor(".*", zap.WarnLevel, false) in a Cobra PreRun hook while still allowing DLOG/DEBUG/TRACE to take effect.

Changed

• The default text encoder use to encode log entries now emits the level when coloring is disabled.
• Deprecated logging.IsTraceEnabled, define your logger and Tracer directly with var zlog, tracer = logging.PackageLogger(<shortName>, "...") instead of separately, tracer.Enabled() can then be used to determine if tracing should be enabled (can be enable dynamically).
• Deprecated logging.TestingOverride, use logging.InstantiateLoggers directly.
• Deprecated logging.Overidde, use logging.InstantiateLoggers directly and use the logging.WithDefaultSpec to configure the various loggers.` instead.
• Deprecated logging.Register, use var zlog, _ = logging.PackageLogger(<shortName>, "...") instead.
• Deprecated logging.RegisterOnUpdate, use logging.LoggerOnUpdate instead (will probably be removed actually entirely since it's not needed anymore).
• Deprecated logging.WithServiceName, no replacement yet (will be logging.LoggerServiceName in a future release, if unspecified shortName will be used).
• Deprecated logging.RootLogger, use logging.PackageLogger and control levels via logging.WithDefaultSpec(...) in InstantiateLoggers instead (e.g. WithDefaultSpec("logger1=info,logger2=debug,.*=warn")). The root logger concept tried to be smart about defaulting to info which caused API confusion.

Removed

• BREAKING CHANGE Removed logging.Handler, it has been moved to dtracing package to limit transitive depdendencies on this project, you should use dtracing.NewAddTraceIDAwareLoggerMiddleware instead.

Changelog

Sourced from github.com/streamingfast/logging's changelog.

v1.2.2

Added

• Registry.GetTracerByPackageID(packageID string) (*bool, bool) exposes the raw trace-enabled pointer for a registered logger, allowing external bridges (e.g. a v2 compatibility layer) to mirror trace state into v1 tracers.
• logging.LoggerFromContext(ctx, fallback) as the canonical replacement for logging.Logger(ctx, fallback).

Deprecated

• logging.Logger(ctx, fallback) — use logging.LoggerFromContext instead, or the one-liner level helpers logging.Info, logging.Debug, etc.

v1.2.1

Added

• zapx.TruncatedStringer, an lazy version of zapx.TruncatedString.

v1.2.0

Added

• GlobalRegistry() Registry exposes the global registry, allowing a future v2 module to discover and re-instantiate all loggers registered via v1 PackageLogger.
• Registry.All(fn func(packageID, shortName string)) iterates over all registered loggers in a registry, enabling cross-module migration scenarios.
• Loggers registered via PackageLogger after InstantiateLoggers has already been called are now immediately instantiated and have the same level rules (default level, pre-spec, env spec) applied to them.

Fixed

• SetLevelFor now re-applies the current environment variable overrides (DLOG, DEBUG, TRACE, …) after setting the level, so the provided level acts as a baseline that env vars can override. This fixes the common pattern of calling SetLevelFor(".*", zap.WarnLevel, false) in a Cobra PreRun hook while still allowing DLOG/DEBUG/TRACE to take effect.

Changed

• The default text encoder use to encode log entries now emits the level when coloring is disabled.
• Deprecated logging.IsTraceEnabled, define your logger and Tracer directly with var zlog, tracer = logging.PackageLogger(<shortName>, "...") instead of separately, tracer.Enabled() can then be used to determine if tracing should be enabled (can be enable dynamically).
• Deprecated logging.TestingOverride, use logging.InstantiateLoggers directly.
• Deprecated logging.Overidde, use logging.InstantiateLoggers directly and use the logging.WithDefaultSpec to configure the various loggers.` instead.
• Deprecated logging.Register, use var zlog, _ = logging.PackageLogger(<shortName>, "...") instead.
• Deprecated logging.RegisterOnUpdate, use logging.LoggerOnUpdate instead (will probably be removed actually entirely since it's not needed anymore).
• Deprecated logging.WithServiceName, no replacement yet (will be logging.LoggerServiceName in a future release, if unspecified shortName will be used).
• Deprecated logging.RootLogger, use logging.PackageLogger and control levels via logging.WithDefaultSpec(...) in InstantiateLoggers instead (e.g. WithDefaultSpec("logger1=info,logger2=debug,.*=warn")). The root logger concept tried to be smart about defaulting to info which caused API confusion.

Removed

• BREAKING CHANGE Removed logging.Handler, it has been moved to dtracing package to limit transitive depdendencies on this project, you should use dtracing.NewAddTraceIDAwareLoggerMiddleware instead.

2020-03-21

Changed

• License changed to Apache 2.0

Commits

• See full diff in compare view

Updates github.com/streamingfast/substreams from 1.16.7-0.20251015182509-1c9938899a91 to 1.18.4

Release notes

Sourced from github.com/streamingfast/substreams's releases.

v1.18.4

• Fix server-side bug that would prevent forkableHub from correctly updating metrics when receiving partial or out-of-order blocks

v1.18.3

Server

• Add optional 'secret key' authentication between tier1 and tier2 services.
• Fixed a case where a nil pointer exception could happen on storage error(s).
• Substreams client library will no longer forcefully strip authentication from plaintext connections.
• Substreams tier1 will now retry failed tier2 jobs that stream data directly if they have not produced any data yet.
• Substreams worker jobs will always retry tier2 jobs that return with codes.Unavailable: no healthy upstream, considering this error as load-balancer version of codes.ResourceExhausted.
• Substreams will reject requests with stores when expected total memory usage from stores alone are above 45% (down from prev. 75%) You can set SUBSTREAMS_TOTAL_STORE_SIZE_LIMIT_PERCENT=75 to go back to previous behavior or SUBSTREAMS_ENFORCE_TOTAL_STORE_SIZE_LIMIT=false to disable the feature.

v1.18.2

Sink

• Fix InferOutputModuleFromPackage sentinel value causing error when used with manifests containing a networks: section. The sentinel value was being passed to the manifest reader before resolution, causing a "could not find module @!##InferOutputModuleFromSpkg##!@ in graph" error.

v1.18.1

Server-side fixes

• Fix V4 buffer flushing on end-of-file: the buffer is now properly flushed when the last block in a segment is reached
• Fix error handling for InvalidArgument and other validation errors: they were shown as Unknown
• Fix partial blocks output in V4: prevent NewPartial and UndoPartial cursor steps from being exposed to clients (normalized to New/Undo respectively)
• Fix partial block data to be correctly wrapped in BlockScopedDatas on v4.
• Last partial blocks are now accepted interchangeably with new blocks and vice-versa, allowing faster full blocks for requests that do not ask for partial blocks.

v1.18.0

CLI

• Improved substreams auth command to better guide new users by showing the registration link alongside the authentication link. The command now also accepts API keys directly and automatically exchanges them for JWT tokens.

• Added support for buf.build commit references in descriptor set module versions. In addition to semantic versions (e.g., v1.2.3), you can now use buf.build commit hashes (32 lowercase hex characters, e.g., @f3ab5976b9ba4f9bac28b26271fca7d7). Commit references are also cached since they are immutable.

• Fixed protogen hash caching behavior when descriptor sets don't have a pinned version. Previously, when using descriptor sets without a version (resolving to "latest"), the .last_generated_hash file would cache incorrectly and skip regeneration even when the remote content had changed. Now:

  • Descriptor sets without a deterministic version (semver or commit ref) will always trigger regeneration
  • A warning is emitted listing which descriptor sets need pinned versions
  • The hash file is removed when non-deterministic descriptor sets are present to prevent stale caches

Server

• Improved 'partial blocks': support new pbbstream's "LastPartial" field, fix 'undo' scenarios for stores

Performance (RPC V4)

This release introduces significant performance optimizations to the Substreams gRPC communication layer. See RPC Protocol Reference for details.

• RPC V4 protocol with BlockScopedDatas batching: The new V4 protocol batches multiple BlockScopedData messages into a single BlockScopedDatas response, reducing gRPC round-trips and message framing overhead during backfill.

... (truncated)

Commits

• See full diff in compare view

Updates go.uber.org/zap from 1.27.0 to 1.27.1

Release notes

Sourced from go.uber.org/zap's releases.

v1.27.1

Enhancements:

• #1501[]: prevent Object from panicking on nils
• #1511[]: Fix a race condition in WithLazy.

Thanks to @​rabbbit, @​alshopov, @​jquirke, @​arukiidou for their contributions to this release.

#1501: uber-go/zap#1501 #1511: uber-go/zap#1511

Changelog

Sourced from go.uber.org/zap's changelog.

1.27.1 (19 Nov 2025)

Enhancements:

• #1501[]: prevent Object from panicking on nils
• #1511[]: Fix a race condition in WithLazy.

Thanks to @​rabbbit, @​alshopov, @​jquirke, @​arukiidou for their contributions to this release.

#1501: uber-go/zap#1501 #1511: uber-go/zap#1511

Commits

• 7b755a3 release 1.27.1 (#1521)
• d6b395b Update lazy logger not to materialize unless it's being written to (#1519)
• 4b9cea0 ci: Test with Go 1.24, Go 1.25 (#1508)
• 7c80d7b Fix race condition in WithLazy implementation (#1426) (#1511)
• 07077a6 Prevent zap.Object from panicing on nils (#1501)
• a6afd05 Fix lint check name (#1502)
• 6d48253 chore: fix typo (#1482)
• 32f2ec1 Fix the field test for bool type (#1480)
• fe16eb5 Upgrade grpc in zapgrc test package & bump go version (#1478)
• 5f00c34 test(AtomicLevel): demonstrate Handler is not vulnerable to XSS (#1477)
• Additional commits viewable in compare view

Updates google.golang.org/grpc from 1.72.0 to 1.77.0

Release notes

Sourced from google.golang.org/grpc's releases.

Release 1.77.0

API Changes

• mem: Replace the Reader interface with a struct for better performance and maintainability. (#8669)

Behavior Changes

• balancer/pickfirst: Remove support for the old pick_first LB policy via the environment variable GRPC_EXPERIMENTAL_ENABLE_NEW_PICK_FIRST=false. The new pick_first has been the default since v1.71.0. (#8672)

Bug Fixes

• xdsclient: Fix a race condition in the ADS stream implementation that could result in resource-not-found errors, causing the gRPC client channel to move to TransientFailure. (#8605)
• client: Ignore HTTP status header for gRPC streams. (#8548)
• client: Set a read deadline when closing a transport to prevent it from blocking indefinitely on a broken connection. (#8534)
  • Special Thanks: @​jgold2-stripe
• client: Fix a bug where default port 443 was not automatically added to addresses without a specified port when sent to a proxy.
  • Setting environment variable GRPC_EXPERIMENTAL_ENABLE_DEFAULT_PORT_FOR_PROXY_TARGET=false disables this change; please file a bug if any problems are encountered as we will remove this option soon. (#8613)
• balancer/pickfirst: Fix a bug where duplicate addresses were not being ignored as intended. (#8611)
• server: Fix a bug that caused overcounting of channelz metrics for successful and failed streams. (#8573)
  • Special Thanks: @​hugehoo
• balancer/pickfirst: When configured, shuffle addresses in resolver updates that lack endpoints. Since gRPC automatically adds endpoints to resolver updates, this bug only affects custom LB policies that delegate to pick_first but don't set endpoints. (#8610)
• mem: Clear large buffers before re-using. (#8670)

Performance Improvements

• transport: Reduce heap allocations to reduce time spent in garbage collection. (#8624, #8630, #8639, #8668)
• transport: Avoid copies when reading and writing Data frames. (#8657, #8667)
• mem: Avoid clearing newly allocated buffers. (#8670)

New Features

• outlierdetection: Add metrics specified in gRFC A91. (#8644)
  • Special Thanks: @​davinci26, @​PardhuKonakanchi
• stats/opentelemetry: Add support for optional label grpc.lb.backend_service in per-call metrics (#8637)
• xds: Add support for JWT Call Credentials as specified in gRFC A97. Set environment variable GRPC_EXPERIMENTAL_XDS_BOOTSTRAP_CALL_CREDS=true to enable this feature. (#8536)
  • Special Thanks: @​dimpavloff
• experimental/stats: Add support for up/down counters. (#8581)

Release 1.76.0

Dependencies

• Minimum supported Go version is now 1.24 (#8509)
  • Special Thanks: @​kevinGC

Bug Fixes

• client: Return status INTERNAL when a server sends zero response messages for a unary or client-streaming RPC. (#8523)
• client: Fail RPCs with status INTERNAL instead of UNKNOWN upon receiving http headers with status 1xx and END_STREAM flag set. (#8518)
  • Special Thanks: @​vinothkumarr227
• pick_first: Fix race condition that could cause pick_first to get stuck in IDLE state on backend address change. (#8615)

... (truncated)

Commits

• 805b1f8 Change version to 1.77.0 (#8677)
• ea7b66e Cherrypick #8702 to v1.77.x (#8709)
• cadae08 Cherry-pick #8536 to v1.77.x (#8691)
• 4288cfc Cherrypick #8657 and #8667 to v1.77.x (#8690)
• f959da6 transport: Reduce heap allocations (#8668)
• 0d49384 deps: update all dependencies (#8673)
• e3e142d pickfirst: Remove old pickfirst (#8672)
• 254ab10 documentation: fix typos in benchmark and auth docs (#8674)
• 2d56bda mem: Remove Reader interface and export the concrete struct (#8669)
• 8ab0c82 mem: Avoid clearing new buffers and clear buffers from simpleBufferPools (#8670)
• Additional commits viewable in compare view

Updates google.golang.org/protobuf from 1.36.6 to 1.36.11

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions