Skip to content

chore(deps): bump github.com/twmb/franz-go/plugin/kprom from 1.4.0 to 1.5.0#217

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/go_modules/github.com/twmb/franz-go/plugin/kprom-1.5.0
Open

chore(deps): bump github.com/twmb/franz-go/plugin/kprom from 1.4.0 to 1.5.0#217
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/go_modules/github.com/twmb/franz-go/plugin/kprom-1.5.0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 2, 2026

Copy link
Copy Markdown
Contributor

Bumps github.com/twmb/franz-go/plugin/kprom from 1.4.0 to 1.5.0.

Changelog

Sourced from github.com/twmb/franz-go/plugin/kprom's changelog.

v1.5.0

This release adds a few new APIs, has a few small behavior changes, and has one "breaking" change.

Breaking changes

The kerberos package is now a dedicated separate module. Rather than requiring a major version bump, since this fix is entirely at the module level for an almost entirely unused package, I figured it is okayish to technically break compatibility for the few usages of this package, when the fix can be done entirely when go geting.

The gokrb5 library, basically the only library in the Go ecosystem that implements Kerberos, has a slightly broken license. Organizations that are sensitive to this were required to not use franz-go even if they did not use Kerberos because franz-go pulls in a dependency on gokrb5.

Now, with kerberos being a distinct and separate module, depending on franz-go only will not cause an indirect dependency on gokrb5.

If your upgrade is broken by this change, run:

go get github.com/twmb/franz-go/pkg/sasl/kerberos@v1.0.0
go get github.com/twmb/franz-go@v1.5.0

Behavior changes

  • UnknownTopicRetries now allows -1 to signal disabling the option (meaning unlimited retries, rather than no retries). This follows the convention of other options where -1 disables limits.

Improvements

  • Waiting for unknown topics while producing now takes into account both the produce context and aborting. Previously, the record context was only taken into account after a topic was loaded. The same is true for aborting buffered records: previously, abort would hang until a topic was loaded.

  • New APIs are added to kmsg to deprecate the previous Into functions. The Into functions still exist and will not be removed until kadm is stabilized (see #141).

Features

  • ConsumeResetOffset is now clearer, you can now use NoResetOffset with

... (truncated)

Commits
  • 6ed27f5 CHANGELOG: note v1.5
  • a2cbbf8 go.{mod,sum}: go get -u ./...; go mod tidy
  • cba9e26 PreCommitContextFn => PreCommitFnContext before v1.5
  • 744a60e Offset.AfterMilli: properly save noReset
  • ce7a84f kerberos: split into dedicated module, p1
  • e8e5c82 kgo: improve ConsumeResetOffset, NoResetOffset, add Offset.AfterMilli
  • b457742 balancing: LogLevelError if BalanceOrError returns an error
  • e8e5117 switch IntoSyncAssignmentOrError to GroupMemberBalancerOrError
  • b5256c7 kadm: fix long standing poor API (Into fns)
  • 8148c55 BalancePlan: add AsMemberIDMap
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [github.com/twmb/franz-go/plugin/kprom](https://github.com/twmb/franz-go) from 1.4.0 to 1.5.0.
- [Changelog](https://github.com/twmb/franz-go/blob/master/CHANGELOG.md)
- [Commits](twmb/franz-go@v1.4.0...v1.5.0)

---
updated-dependencies:
- dependency-name: github.com/twmb/franz-go/plugin/kprom
  dependency-version: 1.5.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added the dependencies Dependency related work label Jul 2, 2026
@schmidtw schmidtw enabled auto-merge (squash) July 2, 2026 01:34
@codecov

codecov Bot commented Jul 2, 2026

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 90.51%. Comparing base (573e436) to head (929ebfa).
⚠️ Report is 1 commits behind head on main.

Additional details and impacted files
@@           Coverage Diff           @@
##             main     #217   +/-   ##
=======================================
  Coverage   90.51%   90.51%           
=======================================
  Files          13       13           
  Lines         675      675           
=======================================
  Hits          611      611           
  Misses         46       46           
  Partials       18       18           
Flag Coverage Δ
unittests 90.51% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Dependency related work

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants