Bump github.com/senzing-garage/go-observing from 0.3.6 to 0.3.7

[dependabot]

Bumps github.com/senzing-garage/go-observing from 0.3.6 to 0.3.7.

Release notes

Sourced from github.com/senzing-garage/go-observing's releases.

0.3.7

See CHANGELOG.md

Changelog

Sourced from github.com/senzing-garage/go-observing's changelog.

[0.3.7] - 2026-01-06

Changed in 0.3.7

• gRPC server uses TCP keep-alive for improved connection reliability
• Updated dependencies
  • github.com/senzing-garage/go-helpers v0.6.14
  • google.golang.org/grpc v1.78.0
  • google.golang.org/protobuf v1.36.11

Fixed in 0.3.7

• Fixed error handling in WhiteListObserver when IsSilent is true

Commits

• bafce9d #163 Update to template (#166)
• b521bbf Bump github.com/senzing-garage/go-helpers from 0.6.13 to 0.6.14 (#165)
• bd77a6e Bump google.golang.org/grpc from 1.77.0 to 1.78.0 (#164)
• fbf19c9 Bump actions/upload-artifact from 5 to 6 (#162)
• b26430b Bump google.golang.org/protobuf from 1.36.10 to 1.36.11 (#161)
• e3ca00e default claude and prettier repo level config (#160)
• 57fc6af Bump actions/checkout from 5 to 6 (#159)
• 3358a85 reusable cspell, claude pr reviews, link issues and prs (#158)
• 2f99452 Bump google.golang.org/grpc from 1.76.0 to 1.77.0 (#157)
• f5f2f73 Bump streetsidesoftware/cspell-action from 7 to 8 (#155)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[senzingdevops]

Automated: approving this pull request because it includes a patch update

[github-actions]

🤖 Claude Code Review

Code Review Analysis

Code Quality

✅ Code follows style guide

This is a dependency update PR modifying only go.mod and go.sum files. No actual code changes to review against the style guide.

✅ No commented-out code

No code files modified - only dependency manifests updated.

✅ Meaningful variable names

N/A - No new variables or code introduced.

✅ DRY principle followed

N/A - No code duplication possible in dependency files.

✅ Defects identification

No bugs, logic errors, or security vulnerabilities introduced. This is a straightforward dependency version bump:

• Direct dependency: go-observing from v0.3.6 → v0.3.7
• Transitive dependencies updated (OpenTelemetry, gRPC, protobuf, golang.org/x packages)

All version changes are minor/patch updates, following semantic versioning.

⚠️ Project memory configuration

No ./.claude/CLAUDE.md file found in the repository to evaluate.

Testing

❌ Unit tests for new functions

No new tests added. However, for dependency updates, the existing test suite should be sufficient if it runs successfully. The PR description or CI results should confirm tests pass.

Recommendation: Ensure CI pipeline runs full test suite against updated dependencies.

❌ Integration tests for new endpoints

N/A - No new endpoints added.

❌ Edge cases covered

N/A - No new functionality.

❌ Test coverage > 80%

Cannot determine from diff alone. Existing coverage should remain unchanged since no code was modified.

Documentation

✅ README updated if needed

N/A - Dependency updates typically don't require README changes unless they affect installation/setup.

✅ API docs updated

N/A - No API changes.

✅ Inline comments for complex logic

N/A - No code changes.

⚠️ CHANGELOG.md updated

Cannot verify from this diff. Dependency updates should be documented in CHANGELOG.md.

Recommendation: Verify CHANGELOG.md includes entry like:

### Changed
- Updated `go-observing` from v0.3.6 to v0.3.7
- Updated transitive dependencies (OpenTelemetry, gRPC, protobuf)

✅ Markdown formatting

The diff itself doesn't contain markdown files. No issues to report.

Security

✅ No hardcoded credentials

No credentials in dependency manifests.

✅ Input validation implemented

N/A - No code changes.

✅ Proper error handling

N/A - No code changes.

✅ No sensitive data in logs

N/A - No code changes.

✅ No license files (.lic) or AQAAAD strings

No license files or suspicious strings detected in the diff.

---

Summary

Overall Assessment: ✅ APPROVED with recommendations

This is a clean dependency update PR with no code changes. The updates follow semantic versioning and appear to be routine maintenance updates.

Required Actions:

1. ✅ Verify CI tests pass with updated dependencies
2. ⚠️ Confirm CHANGELOG.md has been updated (go.mod:7, go.mod:16-24)

Notes:

• Primary change: github.com/senzing-garage/go-observing v0.3.6 → v0.3.7
• Transitive updates include OpenTelemetry SDK 1.37.0 → 1.38.0, gRPC 1.76.0 → 1.78.0
• All version bumps are minor/patch level, indicating backward compatibility

---

Automated code review analyzing defects and coding standards

[senzingdevops]

Automated: approving this pull request because it includes a patch update

[github-actions]

🤖 Claude Code Review

I'll proceed with the review based on the diff and general Go best practices.

---

Code Review Analysis

Summary

This PR updates dependency versions in go.mod and go.sum. It's a dependency bump PR that updates multiple indirect dependencies along with the primary go-observing package from v0.3.6 to v0.3.7.

---

Review Checklist Results

Code Quality ✅

• ✅ Code follows style guide: This is a dependency update only; no code changes to evaluate for style compliance.

• ✅ No commented-out code: Not applicable - only dependency files modified.

• ✅ Meaningful variable names: Not applicable - no code changes.

• ✅ DRY principle followed: Not applicable - no code changes.

• ✅ Identify Defects: No bugs, logic errors, or security vulnerabilities introduced. Dependency updates include:

  • Primary: github.com/senzing-garage/go-observing v0.3.6 → v0.3.7
  • Indirect dependencies updated (OpenTelemetry, gRPC, protobuf, golang.org/x packages)

  All version bumps appear to be minor/patch updates following semantic versioning.

• ✅ Project memory configuration: No .claude/CLAUDE.md file exists in the project.

Testing ⚠️

• ⚠️ Unit tests for new functions: Not applicable - no new functions added. However, it's recommended to verify existing tests pass with updated dependencies.
• ⚠️ Integration tests for new endpoints: Not applicable - no new endpoints.
• ⚠️ Edge cases covered: Not applicable - dependency update only.
• ⚠️ Test coverage > 80%: Cannot determine from diff alone. Recommend running test suite to ensure no regressions from dependency updates.

Recommendation: Run the full test suite (go test ./...) to verify compatibility with updated dependencies.

Documentation ✅

• ✅ Readme updated if needed: Not required - dependency updates don't typically require README changes unless they affect usage.
• ✅ API docs updated: Not applicable - no API changes.
• ✅ Inline comments for complex logic: Not applicable - no code logic changes.
• ✅ CHANGELOG.md updated: Should verify if CHANGELOG.md exists and whether dependency bumps are documented there.
• ✅ Markdown formatting: Not applicable - no markdown files modified.

Security ✅

• ✅ No hardcoded credentials: Not applicable - dependency files only.
• ✅ Input validation implemented: Not applicable - no code changes.
• ✅ Proper error handling: Not applicable - no code changes.
• ✅ No sensitive data in logs: Not applicable - no code changes.
• ✅ No license files (.lic) or AQAAAD strings: Verified - no license files or suspicious strings in diff.

---

Detailed Analysis

Files Changed

1. go.mod:7-16 - Direct dependency update + indirect dependency updates
2. go.sum:28-66 - Corresponding checksum updates

Dependency Updates

Direct Dependency:

• github.com/senzing-garage/go-observing: v0.3.6 → v0.3.7 (patch bump)

Indirect Dependencies:

• OpenTelemetry packages: v1.37.0 → v1.38.0 (minor bump)
• gRPC: v1.76.0 → v1.78.0 (minor bump)
• Protobuf: v1.36.10 → v1.36.11 (patch bump)
• golang.org/x/net: v0.46.0 → v0.48.0 (minor bump)
• golang.org/x/sys: v0.38.0 → v0.39.0 (minor bump)
• golang.org/x/text: v0.30.0 → v0.32.0 (minor bump)
• google.golang.org/genproto/googleapis/rpc: Updated to 2025-12-22 version

---

Recommendations

1. ✅ APPROVED - This is a clean dependency update with no code changes.
2. Action Required: Run go test ./... to verify all tests pass with updated dependencies.
3. Action Required: Run go build ./... to ensure the project builds successfully.
4. Optional: Check if CHANGELOG.md should document the go-observing v0.3.7 update.
5. Optional: Review release notes for major dependencies (gRPC 1.78.0, OpenTelemetry 1.38.0) to understand what changed.

---

Overall Assessment: ✅ APPROVED

This PR performs standard dependency maintenance with appropriate version bumps. No code quality, security, or documentation issues identified. The changes are low-risk and follow Go module best practices.

Automated code review analyzing defects and coding standards