Skip to content

chore(deps): batch dependabot updates 2026-06-16#5065

Open
Tpuljak wants to merge 20 commits into
mainfrom
dependabot-16-06-2026
Open

chore(deps): batch dependabot updates 2026-06-16#5065
Tpuljak wants to merge 20 commits into
mainfrom
dependabot-16-06-2026

Conversation

@Tpuljak

@Tpuljak Tpuljak commented Jun 16, 2026

Copy link
Copy Markdown
Member

Summary

  • Batches all 15 open dependabot dependency updates into a single PR by cherry-picking each one onto a clean branch.
  • Lock files (yarn.lock, poetry.lock, go.sum) regenerated and go work sync applied for cross-module consistency.
  • Internal deps (api-client-go, toolbox-api-client-go) verified at or above their main baselines — no downgrades.

Notable fixes

  • mcp-go v0.32.0 -> v0.54.1 (in the gomod-prod group) changed mcp.Result.Meta from map[string]interface{} to *mcp.Meta. Updated apps/cli/mcp/tools/execute_command.go to use mcp.NewMetaFromMap(...). Folded into the gomod-prod commit.
  • Regenerated the four python client lib poetry.lock files after the pip-prod pyproject bumps.
  • Forced the transitive launch-editor resolution to 2.14.1 (it is an indirect dependency).

Closes

Closes #4796
Closes #4862
Closes #4956
Closes #4961
Closes #4969
Closes #5018
Closes #5034
Closes #5051
Closes #5056
Closes #5058
Closes #5059
Closes #5060
Closes #5061
Closes #5062
Closes #5063

Validation

  • Go apps cross-compiled with CGO_ENABLED=0 GOOS=linux GOARCH=amd64: runner, cli, daemon, proxy, snapshot-manager, ssh-gateway, daytona-e2e, otel-collector/exporter, common-go, sdk-go all build.
  • libs/computer-use is not buildable under CGO_ENABLED=0 (robotgo requires CGO) — this is pre-existing on main, unchanged by this PR.
  • yarn install produces no lockfile drift; poetry check --lock passes for all locks.

🤖 Generated with Claude Code


Summary by cubic

Batch Dependabot updates across Go, Node, Python, Docker, and CI; fixes toolbox file uploads by pinning gin, finalizes Python SDK websocket typing for newer aiohttp, and preserves Python client version pins during OpenAPI generation.

  • Dependencies

    • Go: OTel 1.44, go-redis 9.20.1, google.golang.org/grpc 1.81.1 (exporter), minio 7.2.0, golang.org/x/oauth2 0.36.0, coreos/go-oidc 3.18.0, go-playground/validator 10.30.1; CLI uses github.com/mark3labs/mcp-go 0.54.1; internal api-client-go up to 0.189.0; AWS SDK v2 bumps in sdk-go.
    • Node: next 15.5.18, vite 7.3.5, vitest 3.2.6 (+ @vitest/ui 3.2.6), form-data 4.0.6, nodemailer 8.0.9, shell-quote 1.8.4, tar 7.5.16; force launch-editor 2.14.1.
    • Python: aiohttp 3.13.5 (+ aiohttp-retry 2.9.1), pydantic 2.13.4, python-dateutil 2.9.0.post0, typing-extensions 4.15.0, urllib3 2.6.3; dev tools (pytest 8.4.2, tox 4.30.3, mypy 1.19.1); widen aiofiles to <25.2.0 in sdk-python.
    • Docker/CI: base images to golang:1.26.4-alpine, alpine:3.24, python:3.15.0b2-slim; updated ruby/setup-ruby 1.313.0 and apache/skywalking-eyes; lockfiles refreshed; go work sync run.
    • OpenAPI Python clients: ignore generator output for pyproject.toml, requirements.txt, setup.py, and test-requirements.txt to keep manual pins.
  • Bug Fixes

    • Pin github.com/gin-gonic/gin to 1.10.1 to resolve 400s on toolbox /files/upload, restoring upload/download flow (daemon, proxy, runner, common-go).
    • Python SDK: cast ws_connect to ClientWebSocketResponse in async process and code interpreter paths to satisfy newer aiohttp typing (Py3.10–3.12).

Written for commit df7b7f3. Summary will update on new commits.

Review in cubic

@Tpuljak Tpuljak requested a review from a team as a code owner June 16, 2026 08:53
@nx-cloud

nx-cloud Bot commented Jun 16, 2026

Copy link
Copy Markdown

View your CI Pipeline Execution ↗ for commit df7b7f3

Command Status Duration Result
nx e2e:cleanup daytona-e2e ✅ Succeeded <1s View ↗
nx run sdk-typescript:test:runtime ✅ Succeeded 3m 27s View ↗
nx run-many --target=test:e2e --all --nxBail=true ✅ Succeeded 6m 28s View ↗
nx e2e daytona-e2e ✅ Succeeded 1m 5s View ↗
nx run-many --target=build --projects=api,runne... ✅ Succeeded 9s View ↗

💡 Verify your cache is correct by running tasks in a sandbox. Read docs ↗


☁️ Nx Cloud last updated this comment at 2026-06-19 17:32:36 UTC

@cubic-dev-ai cubic-dev-ai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

3 issues found across 46 files

Reply with feedback, questions, or to request a fix.

Fix all with cubic | Re-trigger cubic

Comment thread images/sandbox-slim/Dockerfile Outdated
Comment thread package.json
Comment thread apps/snapshot-manager/go.mod
@Tpuljak Tpuljak force-pushed the dependabot-16-06-2026 branch 3 times, most recently from 5cda8c9 to 07129a4 Compare June 16, 2026 13:26
@MDzaja MDzaja force-pushed the dependabot-16-06-2026 branch from 07129a4 to ffce1a7 Compare June 17, 2026 08:51
@Tpuljak Tpuljak force-pushed the dependabot-16-06-2026 branch from ffce1a7 to 25722a6 Compare June 19, 2026 08:24
dependabot Bot and others added 19 commits June 19, 2026 14:18
Bumps the github-actions group with 1 update in the /.github/actions/setup-toolchain directory: [ruby/setup-ruby](https://github.com/ruby/setup-ruby).


Updates `ruby/setup-ruby` from 1.308.0 to 1.313.0
- [Release notes](https://github.com/ruby/setup-ruby/releases)
- [Changelog](https://github.com/ruby/setup-ruby/blob/master/release.rb)
- [Commits](ruby/setup-ruby@97ecb7b...89f9052)

---
updated-dependencies:
- dependency-name: ruby/setup-ruby
  dependency-version: 1.310.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
...

Signed-off-by: dependabot[bot] <support@github.com>
…ates

---
updated-dependencies:
- dependency-name: aiofiles
  dependency-version: 25.1.0
  dependency-type: direct:production
  dependency-group: pip-prod
- dependency-name: aiohttp
  dependency-version: 3.13.5
  dependency-type: direct:production
  dependency-group: pip-prod
- dependency-name: aiohttp
  dependency-version: 3.13.5
  dependency-type: direct:production
  dependency-group: pip-prod
- dependency-name: aiohttp-retry
  dependency-version: 2.9.1
  dependency-type: direct:production
  dependency-group: pip-prod
- dependency-name: aiohttp-retry
  dependency-version: 2.9.1
  dependency-type: direct:production
  dependency-group: pip-prod
- dependency-name: flake8
  dependency-version: 7.3.0
  dependency-type: direct:production
  dependency-group: pip-prod
- dependency-name: flake8
  dependency-version: 7.3.0
  dependency-type: direct:production
  dependency-group: pip-prod
- dependency-name: flake8
  dependency-version: 7.3.0
  dependency-type: direct:production
  dependency-group: pip-prod
- dependency-name: flake8
  dependency-version: 7.3.0
  dependency-type: direct:production
  dependency-group: pip-prod
- dependency-name: mypy
  dependency-version: 1.19.1
  dependency-type: direct:production
  dependency-group: pip-prod
- dependency-name: mypy
  dependency-version: 1.19.1
  dependency-type: direct:production
  dependency-group: pip-prod
- dependency-name: mypy
  dependency-version: 1.19.1
  dependency-type: direct:production
  dependency-group: pip-prod
- dependency-name: mypy
  dependency-version: 1.19.1
  dependency-type: direct:production
  dependency-group: pip-prod
- dependency-name: pydantic
  dependency-version: 2.13.4
  dependency-type: direct:production
  dependency-group: pip-prod
- dependency-name: pydantic
  dependency-version: 2.13.4
  dependency-type: direct:production
  dependency-group: pip-prod
- dependency-name: pydantic
  dependency-version: 2.13.4
  dependency-type: direct:production
  dependency-group: pip-prod
- dependency-name: pydantic
  dependency-version: 2.13.4
  dependency-type: direct:production
  dependency-group: pip-prod
- dependency-name: pytest
  dependency-version: 8.4.2
  dependency-type: direct:production
  dependency-group: pip-prod
- dependency-name: pytest
  dependency-version: 8.4.2
  dependency-type: direct:production
  dependency-group: pip-prod
- dependency-name: pytest
  dependency-version: 8.4.2
  dependency-type: direct:production
  dependency-group: pip-prod
- dependency-name: pytest
  dependency-version: 8.4.2
  dependency-type: direct:production
  dependency-group: pip-prod
- dependency-name: pytest-cov
  dependency-version: 7.1.0
  dependency-type: direct:production
  dependency-group: pip-prod
- dependency-name: pytest-cov
  dependency-version: 7.1.0
  dependency-type: direct:production
  dependency-group: pip-prod
- dependency-name: pytest-cov
  dependency-version: 7.1.0
  dependency-type: direct:production
  dependency-group: pip-prod
- dependency-name: pytest-cov
  dependency-version: 7.1.0
  dependency-type: direct:production
  dependency-group: pip-prod
- dependency-name: python-dateutil
  dependency-version: 2.9.0.post0
  dependency-type: direct:production
  dependency-group: pip-prod
- dependency-name: python-dateutil
  dependency-version: 2.9.0.post0
  dependency-type: direct:production
  dependency-group: pip-prod
- dependency-name: python-dateutil
  dependency-version: 2.9.0.post0
  dependency-type: direct:production
  dependency-group: pip-prod
- dependency-name: python-dateutil
  dependency-version: 2.9.0.post0
  dependency-type: direct:production
  dependency-group: pip-prod
- dependency-name: tox
  dependency-version: 4.30.3
  dependency-type: direct:production
  dependency-group: pip-prod
- dependency-name: tox
  dependency-version: 4.30.3
  dependency-type: direct:production
  dependency-group: pip-prod
- dependency-name: tox
  dependency-version: 4.30.3
  dependency-type: direct:production
  dependency-group: pip-prod
- dependency-name: tox
  dependency-version: 4.30.3
  dependency-type: direct:production
  dependency-group: pip-prod
- dependency-name: types-python-dateutil
  dependency-version: 2.9.0.20260124
  dependency-type: direct:production
  dependency-group: pip-prod
- dependency-name: types-python-dateutil
  dependency-version: 2.9.0.20260124
  dependency-type: direct:production
  dependency-group: pip-prod
- dependency-name: types-python-dateutil
  dependency-version: 2.9.0.20260124
  dependency-type: direct:production
  dependency-group: pip-prod
- dependency-name: types-python-dateutil
  dependency-version: 2.9.0.20260124
  dependency-type: direct:production
  dependency-group: pip-prod
- dependency-name: typing-extensions
  dependency-version: 4.15.0
  dependency-type: direct:production
  dependency-group: pip-prod
- dependency-name: typing-extensions
  dependency-version: 4.15.0
  dependency-type: direct:production
  dependency-group: pip-prod
- dependency-name: typing-extensions
  dependency-version: 4.15.0
  dependency-type: direct:production
  dependency-group: pip-prod
- dependency-name: typing-extensions
  dependency-version: 4.15.0
  dependency-type: direct:production
  dependency-group: pip-prod
- dependency-name: urllib3
  dependency-version: 2.6.3
  dependency-type: direct:production
  dependency-group: pip-prod
- dependency-name: urllib3
  dependency-version: 2.6.3
  dependency-type: direct:production
  dependency-group: pip-prod
...

Signed-off-by: dependabot[bot] <support@github.com>
Bumps [vitest](https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest) from 1.6.1 to 3.2.6.
- [Release notes](https://github.com/vitest-dev/vitest/releases)
- [Changelog](https://github.com/vitest-dev/vitest/blob/main/docs/releases.md)
- [Commits](https://github.com/vitest-dev/vitest/commits/v3.2.6/packages/vitest)

---
updated-dependencies:
- dependency-name: vitest
  dependency-version: 3.2.6
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <support@github.com>
Bumps [shell-quote](https://github.com/ljharb/shell-quote) from 1.8.3 to 1.8.4.
- [Changelog](https://github.com/ljharb/shell-quote/blob/main/CHANGELOG.md)
- [Commits](ljharb/shell-quote@v1.8.3...v1.8.4)

---
updated-dependencies:
- dependency-name: shell-quote
  dependency-version: 1.8.4
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Bumps [next](https://github.com/vercel/next.js) from 15.5.15 to 15.5.18.
- [Release notes](https://github.com/vercel/next.js/releases)
- [Changelog](https://github.com/vercel/next.js/blob/canary/release.js)
- [Commits](vercel/next.js@v15.5.15...v15.5.18)

---
updated-dependencies:
- dependency-name: next
  dependency-version: 15.5.18
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Bumps [@grpc/grpc-js](https://github.com/grpc/grpc-node) from 1.14.0 to 1.14.4.
- [Release notes](https://github.com/grpc/grpc-node/releases)
- [Commits](https://github.com/grpc/grpc-node/compare/@grpc/grpc-js@1.14.0...@grpc/grpc-js@1.14.4)

---
updated-dependencies:
- dependency-name: "@grpc/grpc-js"
  dependency-version: 1.14.4
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Bumps [tornado](https://github.com/tornadoweb/tornado) from 6.5.5 to 6.5.6.
- [Changelog](https://github.com/tornadoweb/tornado/blob/master/docs/releases.rst)
- [Commits](tornadoweb/tornado@v6.5.5...v6.5.6)

---
updated-dependencies:
- dependency-name: tornado
  dependency-version: 6.5.6
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Bumps the github-actions group with 1 update in the / directory: [apache/skywalking-eyes](https://github.com/apache/skywalking-eyes).


Updates `apache/skywalking-eyes` from ab3d1fe50d23f9c82eff489297167e2dde8ba6cb to 8e837beb243c264ffcd5ea3abd3d5d8975cd0077
- [Release notes](https://github.com/apache/skywalking-eyes/releases)
- [Changelog](https://github.com/apache/skywalking-eyes/blob/main/CHANGES.md)
- [Commits](apache/skywalking-eyes@ab3d1fe...8e837be)

---
updated-dependencies:
- dependency-name: apache/skywalking-eyes
  dependency-version: 8e837beb243c264ffcd5ea3abd3d5d8975cd0077
  dependency-type: direct:production
  dependency-group: github-actions
...

Signed-off-by: dependabot[bot] <support@github.com>
Bumps [tar](https://github.com/isaacs/node-tar) from 7.5.11 to 7.5.16.
- [Release notes](https://github.com/isaacs/node-tar/releases)
- [Changelog](https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md)
- [Commits](isaacs/node-tar@v7.5.11...v7.5.16)

---
updated-dependencies:
- dependency-name: tar
  dependency-version: 7.5.16
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Bumps [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) from 7.1.12 to 7.3.5.
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/v7.3.5/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/v7.3.5/packages/vite)

---
updated-dependencies:
- dependency-name: vite
  dependency-version: 7.3.5
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <support@github.com>
Bumps [form-data](https://github.com/form-data/form-data) from 4.0.4 to 4.0.6.
- [Release notes](https://github.com/form-data/form-data/releases)
- [Changelog](https://github.com/form-data/form-data/blob/master/CHANGELOG.md)
- [Commits](form-data/form-data@v4.0.4...v4.0.6)

---
updated-dependencies:
- dependency-name: form-data
  dependency-version: 4.0.6
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Bumps [nodemailer](https://github.com/nodemailer/nodemailer) from 8.0.4 to 8.0.9.
- [Release notes](https://github.com/nodemailer/nodemailer/releases)
- [Changelog](https://github.com/nodemailer/nodemailer/blob/master/CHANGELOG.md)
- [Commits](nodemailer/nodemailer@v8.0.4...v8.0.9)

---
updated-dependencies:
- dependency-name: nodemailer
  dependency-version: 8.0.9
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Bumps [launch-editor](https://github.com/vitejs/launch-editor) from 2.11.1 to 2.14.1.
- [Commits](vitejs/launch-editor@v2.11.1...v2.14.1)

---
updated-dependencies:
- dependency-name: launch-editor
  dependency-version: 2.14.1
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
…ith 3 updates

Bumps the docker-base-images group with 2 updates in the /apps/otel-collector directory: golang and alpine.
Bumps the docker-base-images group with 2 updates in the /apps/proxy directory: golang and alpine.
Bumps the docker-base-images group with 1 update in the /apps/runner directory: golang.
Bumps the docker-base-images group with 2 updates in the /apps/snapshot-manager directory: golang and alpine.
Bumps the docker-base-images group with 2 updates in the /apps/ssh-gateway directory: golang and alpine.
Bumps the docker-base-images group with 1 update in the /images/sandbox-slim directory: python.

Updates `golang` from 1.25.11-alpine to 1.26.4-alpine

Updates `alpine` from 3.23 to 3.24

Updates `golang` from 1.25.11-alpine to 1.26.4-alpine

Updates `alpine` from 3.23 to 3.24

Updates `golang` from 1.25.11-alpine to 1.26.4-alpine

Updates `golang` from 1.25.11-alpine to 1.26.4-alpine

Updates `alpine` from 3.23 to 3.24

Updates `golang` from 1.25.11-alpine to 1.26.4-alpine

Updates `alpine` from 3.23 to 3.24

Updates `python` from 3.14.5-slim to 3.15.0b2-slim

---
updated-dependencies:
- dependency-name: golang
  dependency-version: 1.26.4-alpine
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: docker-base-images
- dependency-name: alpine
  dependency-version: '3.24'
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: docker-base-images
- dependency-name: golang
  dependency-version: 1.26.4-alpine
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: docker-base-images
- dependency-name: alpine
  dependency-version: '3.24'
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: docker-base-images
- dependency-name: golang
  dependency-version: 1.26.4-alpine
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: docker-base-images
- dependency-name: golang
  dependency-version: 1.26.4-alpine
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: docker-base-images
- dependency-name: alpine
  dependency-version: '3.24'
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: docker-base-images
- dependency-name: golang
  dependency-version: 1.26.4-alpine
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: docker-base-images
- dependency-name: alpine
  dependency-version: '3.24'
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: docker-base-images
- dependency-name: python
  dependency-version: 3.15.0b2-slim
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: docker-base-images
...

Signed-off-by: dependabot[bot] <support@github.com>
…pdates

Bumps the gomod-prod group with 7 updates in the /apps/cli directory:

| Package | From | To |
| --- | --- | --- |
| [github.com/charmbracelet/bubbletea](https://github.com/charmbracelet/bubbletea) | `1.1.0` | `1.3.10` |
| [github.com/mark3labs/mcp-go](https://github.com/mark3labs/mcp-go) | `0.32.0` | `0.54.1` |
| [golang.org/x/oauth2](https://github.com/golang/oauth2) | `0.35.0` | `0.36.0` |
| [github.com/charmbracelet/bubbles](https://github.com/charmbracelet/bubbles) | `0.20.0` | `0.21.1` |
| [github.com/charmbracelet/huh](https://github.com/charmbracelet/huh) | `0.6.0` | `0.8.0` |
| [github.com/coreos/go-oidc/v3](https://github.com/coreos/go-oidc) | `3.12.0` | `3.18.0` |
| [github.com/minio/minio-go/v7](https://github.com/minio/minio-go) | `7.0.91` | `7.2.0` |

Bumps the gomod-prod group with 3 updates in the /apps/snapshot-manager directory: [github.com/lmittmann/tint](https://github.com/lmittmann/tint), [github.com/mattn/go-isatty](https://github.com/mattn/go-isatty) and [golang.org/x/crypto](https://github.com/golang/crypto).
Bumps the gomod-prod group with 1 update in the /apps/ssh-gateway directory: [golang.org/x/crypto](https://github.com/golang/crypto).
Bumps the gomod-prod group with 11 updates in the /libs/common-go directory:

| Package | From | To |
| --- | --- | --- |
| [github.com/daytonaio/daytona/libs/api-client-go](https://github.com/daytonaio/daytona) | `0.152.1` | `0.187.0` |
| [github.com/gin-gonic/gin](https://github.com/gin-gonic/gin) | `1.10.1` | `1.12.0` |
| [go.opentelemetry.io/otel/sdk](https://github.com/open-telemetry/opentelemetry-go) | `1.43.0` | `1.44.0` |
| [go.opentelemetry.io/otel/sdk/log](https://github.com/open-telemetry/opentelemetry-go) | `0.19.0` | `0.20.0` |
| [github.com/redis/go-redis/v9](https://github.com/redis/go-redis) | `9.10.0` | `9.20.1` |
| [go.opentelemetry.io/contrib/bridges/otelslog](https://github.com/open-telemetry/opentelemetry-go-contrib) | `0.13.0` | `0.19.0` |
| [go.opentelemetry.io/contrib/instrumentation/host](https://github.com/open-telemetry/opentelemetry-go-contrib) | `0.64.0` | `0.69.0` |
| [go.opentelemetry.io/contrib/instrumentation/runtime](https://github.com/open-telemetry/opentelemetry-go-contrib) | `0.64.0` | `0.69.0` |
| [go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp](https://github.com/open-telemetry/opentelemetry-go) | `0.19.0` | `0.20.0` |
| [go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp](https://github.com/open-telemetry/opentelemetry-go) | `1.43.0` | `1.44.0` |
| [go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp](https://github.com/open-telemetry/opentelemetry-go) | `1.43.0` | `1.44.0` |

Bumps the gomod-prod group with 6 updates in the /libs/sdk-go directory:

| Package | From | To |
| --- | --- | --- |
| [go.opentelemetry.io/otel/sdk](https://github.com/open-telemetry/opentelemetry-go) | `1.43.0` | `1.44.0` |
| [go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp](https://github.com/open-telemetry/opentelemetry-go) | `1.43.0` | `1.44.0` |
| [go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp](https://github.com/open-telemetry/opentelemetry-go) | `1.43.0` | `1.44.0` |
| [github.com/aws/aws-sdk-go-v2](https://github.com/aws/aws-sdk-go-v2) | `1.41.6` | `1.42.0` |
| [github.com/aws/aws-sdk-go-v2/credentials](https://github.com/aws/aws-sdk-go-v2) | `1.19.15` | `1.19.24` |
| [github.com/aws/aws-sdk-go-v2/service/s3](https://github.com/aws/aws-sdk-go-v2) | `1.97.3` | `1.103.3` |

Updates `github.com/charmbracelet/bubbletea` from 1.1.0 to 1.3.10
- [Release notes](https://github.com/charmbracelet/bubbletea/releases)
- [Commits](charmbracelet/bubbletea@v1.1.0...v1.3.10)

Updates `github.com/mark3labs/mcp-go` from 0.32.0 to 0.54.1
- [Release notes](https://github.com/mark3labs/mcp-go/releases)
- [Commits](mark3labs/mcp-go@v0.32.0...v0.54.1)

Updates `golang.org/x/oauth2` from 0.35.0 to 0.36.0
- [Commits](golang/oauth2@v0.35.0...v0.36.0)

Updates `github.com/charmbracelet/bubbles` from 0.20.0 to 0.21.1
- [Release notes](https://github.com/charmbracelet/bubbles/releases)
- [Commits](charmbracelet/bubbles@v0.20.0...v0.21.1)

Updates `github.com/charmbracelet/huh` from 0.6.0 to 0.8.0
- [Release notes](https://github.com/charmbracelet/huh/releases)
- [Commits](charmbracelet/huh@v0.6.0...v0.8.0)

Updates `github.com/charmbracelet/lipgloss` from 1.0.0 to 1.1.0
- [Release notes](https://github.com/charmbracelet/lipgloss/releases)
- [Commits](charmbracelet/lipgloss@v1.0.0...v1.1.0)

Updates `github.com/coreos/go-oidc/v3` from 3.12.0 to 3.18.0
- [Release notes](https://github.com/coreos/go-oidc/releases)
- [Commits](coreos/go-oidc@v3.12.0...v3.18.0)

Updates `github.com/minio/minio-go/v7` from 7.0.91 to 7.2.0
- [Release notes](https://github.com/minio/minio-go/releases)
- [Commits](minio/minio-go@v7.0.91...v7.2.0)

Updates `golang.org/x/term` from 0.42.0 to 0.43.0
- [Commits](golang/term@v0.42.0...v0.43.0)

Updates `github.com/lmittmann/tint` from 1.1.2 to 1.1.3
- [Release notes](https://github.com/lmittmann/tint/releases)
- [Commits](lmittmann/tint@v1.1.2...v1.1.3)

Updates `github.com/mattn/go-isatty` from 0.0.20 to 0.0.22
- [Commits](mattn/go-isatty@v0.0.20...v0.0.22)

Updates `golang.org/x/crypto` from 0.50.0 to 0.53.0
- [Commits](golang/crypto@v0.50.0...v0.53.0)

Updates `golang.org/x/crypto` from 0.50.0 to 0.53.0
- [Commits](golang/crypto@v0.50.0...v0.53.0)

Updates `github.com/daytonaio/daytona/libs/api-client-go` from 0.152.1 to 0.187.0
- [Release notes](https://github.com/daytonaio/daytona/releases)
- [Commits](v0.152.1...v0.187.0)

Updates `github.com/gin-gonic/gin` from 1.10.1 to 1.12.0
- [Release notes](https://github.com/gin-gonic/gin/releases)
- [Changelog](https://github.com/gin-gonic/gin/blob/master/CHANGELOG.md)
- [Commits](gin-gonic/gin@v1.10.1...v1.12.0)

Updates `go.opentelemetry.io/otel/sdk` from 1.43.0 to 1.44.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](open-telemetry/opentelemetry-go@v1.43.0...v1.44.0)

Updates `go.opentelemetry.io/otel/sdk/log` from 0.19.0 to 0.20.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](open-telemetry/opentelemetry-go@v0.19.0...v0.20.0)

Updates `go.opentelemetry.io/otel/sdk/metric` from 1.43.0 to 1.44.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](open-telemetry/opentelemetry-go@v1.43.0...v1.44.0)

Updates `go.opentelemetry.io/otel` from 1.43.0 to 1.44.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](open-telemetry/opentelemetry-go@v1.43.0...v1.44.0)

Updates `github.com/redis/go-redis/v9` from 9.10.0 to 9.20.1
- [Release notes](https://github.com/redis/go-redis/releases)
- [Changelog](https://github.com/redis/go-redis/blob/master/RELEASE-NOTES.md)
- [Commits](redis/go-redis@v9.10.0...v9.20.1)

Updates `go.opentelemetry.io/contrib/bridges/otelslog` from 0.13.0 to 0.19.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go-contrib/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go-contrib/blob/main/CHANGELOG.md)
- [Commits](open-telemetry/opentelemetry-go-contrib@v0.13.0...v0.19.0)

Updates `go.opentelemetry.io/contrib/instrumentation/host` from 0.64.0 to 0.69.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go-contrib/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go-contrib/blob/main/CHANGELOG.md)
- [Commits](open-telemetry/opentelemetry-go-contrib@zpages/v0.64.0...zpages/v0.69.0)

Updates `go.opentelemetry.io/contrib/instrumentation/runtime` from 0.64.0 to 0.69.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go-contrib/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go-contrib/blob/main/CHANGELOG.md)
- [Commits](open-telemetry/opentelemetry-go-contrib@zpages/v0.64.0...zpages/v0.69.0)

Updates `go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp` from 0.19.0 to 0.20.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](open-telemetry/opentelemetry-go@v0.19.0...v0.20.0)

Updates `go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp` from 1.43.0 to 1.44.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](open-telemetry/opentelemetry-go@v1.43.0...v1.44.0)

Updates `go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp` from 1.43.0 to 1.44.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](open-telemetry/opentelemetry-go@v1.43.0...v1.44.0)

Updates `go.opentelemetry.io/otel/log` from 0.19.0 to 0.20.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](open-telemetry/opentelemetry-go@v0.19.0...v0.20.0)

Updates `go.opentelemetry.io/otel/metric` from 1.43.0 to 1.44.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](open-telemetry/opentelemetry-go@v1.43.0...v1.44.0)

Updates `go.opentelemetry.io/otel/sdk` from 1.43.0 to 1.44.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](open-telemetry/opentelemetry-go@v1.43.0...v1.44.0)

Updates `go.opentelemetry.io/otel/sdk/metric` from 1.43.0 to 1.44.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](open-telemetry/opentelemetry-go@v1.43.0...v1.44.0)

Updates `go.opentelemetry.io/otel` from 1.43.0 to 1.44.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](open-telemetry/opentelemetry-go@v1.43.0...v1.44.0)

Updates `go.opentelemetry.io/otel/trace` from 1.43.0 to 1.44.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](open-telemetry/opentelemetry-go@v1.43.0...v1.44.0)

Updates `go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp` from 1.43.0 to 1.44.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](open-telemetry/opentelemetry-go@v1.43.0...v1.44.0)

Updates `go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp` from 1.43.0 to 1.44.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](open-telemetry/opentelemetry-go@v1.43.0...v1.44.0)

Updates `go.opentelemetry.io/otel/metric` from 1.43.0 to 1.44.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](open-telemetry/opentelemetry-go@v1.43.0...v1.44.0)

Updates `github.com/aws/aws-sdk-go-v2` from 1.41.6 to 1.42.0
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](aws/aws-sdk-go-v2@v1.41.6...v1.42.0)

Updates `github.com/aws/aws-sdk-go-v2/credentials` from 1.19.15 to 1.19.24
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](aws/aws-sdk-go-v2@credentials/v1.19.15...credentials/v1.19.24)

Updates `github.com/aws/aws-sdk-go-v2/service/s3` from 1.97.3 to 1.103.3
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](aws/aws-sdk-go-v2@service/s3/v1.97.3...service/s3/v1.103.3)

---
updated-dependencies:
- dependency-name: github.com/charmbracelet/bubbletea
  dependency-version: 1.3.10
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gomod-prod
- dependency-name: github.com/mark3labs/mcp-go
  dependency-version: 0.54.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gomod-prod
- dependency-name: golang.org/x/oauth2
  dependency-version: 0.36.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gomod-prod
- dependency-name: github.com/charmbracelet/bubbles
  dependency-version: 0.21.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gomod-prod
- dependency-name: github.com/charmbracelet/huh
  dependency-version: 0.8.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gomod-prod
- dependency-name: github.com/charmbracelet/lipgloss
  dependency-version: 1.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gomod-prod
- dependency-name: github.com/coreos/go-oidc/v3
  dependency-version: 3.18.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gomod-prod
- dependency-name: github.com/minio/minio-go/v7
  dependency-version: 7.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gomod-prod
- dependency-name: golang.org/x/term
  dependency-version: 0.43.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gomod-prod
- dependency-name: github.com/lmittmann/tint
  dependency-version: 1.1.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: gomod-prod
- dependency-name: github.com/mattn/go-isatty
  dependency-version: 0.0.22
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: gomod-prod
- dependency-name: golang.org/x/crypto
  dependency-version: 0.53.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gomod-prod
- dependency-name: golang.org/x/crypto
  dependency-version: 0.53.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gomod-prod
- dependency-name: github.com/daytonaio/daytona/libs/api-client-go
  dependency-version: 0.187.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gomod-prod
- dependency-name: github.com/gin-gonic/gin
  dependency-version: 1.12.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gomod-prod
- dependency-name: go.opentelemetry.io/otel/sdk
  dependency-version: 1.44.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gomod-prod
- dependency-name: go.opentelemetry.io/otel/sdk/log
  dependency-version: 0.20.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gomod-prod
- dependency-name: go.opentelemetry.io/otel/sdk/metric
  dependency-version: 1.44.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gomod-prod
- dependency-name: go.opentelemetry.io/otel
  dependency-version: 1.44.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gomod-prod
- dependency-name: github.com/redis/go-redis/v9
  dependency-version: 9.20.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gomod-prod
- dependency-name: go.opentelemetry.io/contrib/bridges/otelslog
  dependency-version: 0.19.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gomod-prod
- dependency-name: go.opentelemetry.io/contrib/instrumentation/host
  dependency-version: 0.69.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gomod-prod
- dependency-name: go.opentelemetry.io/contrib/instrumentation/runtime
  dependency-version: 0.69.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gomod-prod
- dependency-name: go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp
  dependency-version: 0.20.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gomod-prod
- dependency-name: go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp
  dependency-version: 1.44.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gomod-prod
- dependency-name: go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp
  dependency-version: 1.44.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gomod-prod
- dependency-name: go.opentelemetry.io/otel/log
  dependency-version: 0.20.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gomod-prod
- dependency-name: go.opentelemetry.io/otel/metric
  dependency-version: 1.44.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gomod-prod
- dependency-name: go.opentelemetry.io/otel/sdk
  dependency-version: 1.44.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gomod-prod
- dependency-name: go.opentelemetry.io/otel/sdk/metric
  dependency-version: 1.44.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gomod-prod
- dependency-name: go.opentelemetry.io/otel
  dependency-version: 1.44.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gomod-prod
- dependency-name: go.opentelemetry.io/otel/trace
  dependency-version: 1.44.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gomod-prod
- dependency-name: go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp
  dependency-version: 1.44.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gomod-prod
- dependency-name: go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp
  dependency-version: 1.44.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gomod-prod
- dependency-name: go.opentelemetry.io/otel/metric
  dependency-version: 1.44.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gomod-prod
- dependency-name: github.com/aws/aws-sdk-go-v2
  dependency-version: 1.42.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gomod-prod
- dependency-name: github.com/aws/aws-sdk-go-v2/credentials
  dependency-version: 1.19.24
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: gomod-prod
- dependency-name: github.com/aws/aws-sdk-go-v2/service/s3
  dependency-version: 1.103.3
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gomod-prod
...

Signed-off-by: dependabot[bot] <support@github.com>
Keep only the tornado 6.5.5 -> 6.5.6 bump; revert the generator
version comment and cosmetic colorama marker reorder introduced by
regenerating with a newer Poetry.

Signed-off-by: Toma Puljak <toma.puljak@hotmail.com>
Signed-off-by: Toma Puljak <toma.puljak@hotmail.com>
Signed-off-by: Toma Puljak <toma.puljak@hotmail.com>
Signed-off-by: MDzaja <mirkodzaja0@gmail.com>
The gomod-prod batch bumped github.com/gin-gonic/gin v1.10.1 -> v1.12.0,
which broke the toolbox /files/upload endpoint: multipart uploads began
returning 400 with an empty body (no rendered error), cascading to 404
on /files/download. Confirmed via the daytona-e2e suite that pinning gin
back to v1.10.1 restores the file write/read roundtrip.

Reverted across every module the group touched (daemon, proxy, runner,
common-go) and reconciled with 'go work sync'.

Signed-off-by: Toma Puljak <toma.puljak@hotmail.com>
@Tpuljak Tpuljak force-pushed the dependabot-16-06-2026 branch from 25722a6 to 0e60c2a Compare June 19, 2026 14:20
…erator

Signed-off-by: MDzaja <mirkodzaja0@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants