Skip to content

chore(deps): Bump github.com/twmb/franz-go/pkg/kadm from 1.17.1 to 1.17.2#21

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/go_modules/github.com/twmb/franz-go/pkg/kadm-1.17.2
Open

chore(deps): Bump github.com/twmb/franz-go/pkg/kadm from 1.17.1 to 1.17.2#21
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/go_modules/github.com/twmb/franz-go/pkg/kadm-1.17.2

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Feb 4, 2026

Bumps github.com/twmb/franz-go/pkg/kadm from 1.17.1 to 1.17.2.

Changelog

Sourced from github.com/twmb/franz-go/pkg/kadm's changelog.

v1.20.6

This patch release has two improvements.

Previously, you could not use poll functions multiple times if using BlockRebalanceOnPoll, because rebalancing had a higher lock priority than polling and would block all further poll calls. This has been changed to allow you to call poll as much as you want until you AllowRebalance. Thanks @​KiKoS0!

If brokers indicated they supported epochs, but then used -1 everywhere for that epoch, Mark functions would ignore records being marked and you would never commit progress. This was due to the client defaulting to a 0 epoch internally (and not using it if the broker did not support it), meaning -1 would be ignored. Brokers that use indicate support but use -1 are now supported. This was only found to be a problem against Azure Event Hubs.

  • 7cd5ea65 kgo: fix mark <=> epoch interaction, make epoch handling more resilient
  • 94fd8622 kgo: fix deadlock when polling multiple times while blocked from a rebalance

v1.20.5

This fixes a commit in 1.20.4 that accidentally broke client metrics (KIP-714) and inadvertently made a log spammy. In addition to the fix, a few logs around client metrics have been reduced in severity.

The new-as-of-1.20 OnPartitionsCallbackBlocked is now called in a goroutine, reducing the chance that you accidentally run into a deadlock based on how you structure handling the hook.

Deps have been bumped to eliminate any security scanners that flag on CVEs (even though this is a library and you can bump the dep in your own binary).

The kgo.Fetches.Errors doc has been expanded to account for previously undocumented errors, and updates guidance on what's retryable vs what is not.

  • e86bb6c9 kgo: info=>debug for a few logs in client metrics
  • 7c7ca2b4 kgo: call OnPartitionsCallbackBlocked concurrently
  • ebf29a4a all: bump deps
  • 97b4a1d4 kgo.Fetches.Errors doc: clarify && expand for two undoc'd errors
  • 13ea38e3 bug kgo: fix remaining usage of kgo.maxVers/kgo.maxVersion (thanks @​vincentbernat!)

v1.20.4

This patch release contains fixes for two data races: one new one introduced in 1.20.3 with sharded requests (a super obvious oversight in retrospect..) and a fix for a hard to encounter race that has existed for years when using

... (truncated)

Commits
  • e0832fc Merge pull request #1219 from weeco/ms/fix-internal-topics-filter
  • 80b0849 kadm: fix ListTopics filtering internal topics when explicitly requested
  • a09f0e7 Merge pull request #1216 from carsonip/typo
  • 9631005 go fmt
  • ec9764d chore: fix typos
  • 0c71f7e Merge pull request #1213 from twmb/kfake
  • 30e5535 kfake: fix erroneous missing []
  • f3598ef Merge pull request #1212 from twmb/batch_records
  • ddcaef5 kfake: add BatchRecords(b kmsg.RecordBatch) ([]kmsg.Record, error)
  • 5069e93 Merge pull request #1211 from arxeiss/testing-docs
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
chore(deps): Bump github.com/twmb/franz-go/pkg/kadm
52b6772 
Bumps [github.com/twmb/franz-go/pkg/kadm](https://github.com/twmb/franz-go) from 1.17.1 to 1.17.2.
- [Changelog](https://github.com/twmb/franz-go/blob/master/CHANGELOG.md)
- [Commits](twmb/franz-go@v1.17.1...pkg/kadm/v1.17.2)

---
updated-dependencies:
- dependency-name: github.com/twmb/franz-go/pkg/kadm
  dependency-version: 1.17.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Feb 4, 2026

Labels

The following labels could not be found: automerge, dependencies, go. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants