Skip to content

chore(deps): update go dependencies #418

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

chore(deps): update go dependencies #418

wants to merge 1 commit into from
+120 −120

Conversation

@red-hat-konflux
Copy link

@red-hat-konflux red-hat-konflux bot commented Aug 3, 2025
edited
Loading

This PR contains the following updates:

Package Type Update Change
cloud.google.com/go indirect minor v0.120.0 -> v0.123.0
cloud.google.com/go/auth indirect minor v0.16.0 -> v0.17.0
cloud.google.com/go/compute/metadata indirect minor v0.6.0 -> v0.9.0
cloud.google.com/go/iam indirect patch v1.5.0 -> v1.5.3
cloud.google.com/go/kms indirect minor v1.21.2 -> v1.23.2
cloud.google.com/go/longrunning indirect minor v0.6.6 -> v0.7.0
cuelabs.dev/go/oci/ociregistry indirect digest 2c00c10 -> b12090c
cuelang.org/go require minor v0.12.1 -> v0.15.1
github.com/AliyunContainerService/ack-ram-tool/pkg/credentials/provider indirect minor v0.14.0 -> v0.20.0
github.com/Azure/azure-sdk-for-go/sdk/azcore indirect minor v1.18.0 -> v1.20.0
github.com/Azure/azure-sdk-for-go/sdk/azidentity indirect minor v1.9.0 -> v1.13.1
github.com/Azure/azure-sdk-for-go/sdk/internal indirect patch v1.11.1 -> v1.11.2
github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/internal indirect minor v1.1.1 -> v1.2.0
github.com/Azure/go-autorest/autorest indirect patch v0.11.29 -> v0.11.30
github.com/Azure/go-autorest/autorest/adal indirect patch v0.9.23 -> v0.9.24
github.com/Azure/go-autorest/autorest/azure/auth indirect patch v0.5.12 -> v0.5.13
github.com/Azure/go-autorest/autorest/azure/cli indirect patch v0.4.6 -> v0.4.7
github.com/Azure/go-autorest/autorest/date indirect patch v0.3.0 -> v0.3.1
github.com/Azure/go-autorest/logger indirect patch v0.2.1 -> v0.2.2
github.com/Azure/go-autorest/tracing indirect patch v0.6.0 -> v0.6.1
github.com/AzureAD/microsoft-authentication-library-for-go indirect minor v1.4.2 -> v1.6.0
github.com/ThalesIgnite/crypto11 require minor v1.2.5 -> v1.6.0
github.com/alibabacloud-go/alibabacloud-gateway-spi indirect patch v0.0.4 -> v0.0.5
github.com/alibabacloud-go/debug indirect patch v1.0.0 -> v1.0.1
github.com/alibabacloud-go/openapi-util indirect patch v0.1.0 -> v0.1.1
github.com/alibabacloud-go/tea indirect minor v1.2.1 -> v1.3.13
github.com/aliyun/credentials-go indirect minor v1.3.2 -> v1.4.8
github.com/aws/aws-sdk-go-v2/credentials indirect minor v1.17.67 -> v1.19.2
github.com/aws/aws-sdk-go-v2/feature/ec2/imds indirect minor v1.16.30 -> v1.18.14
github.com/aws/aws-sdk-go-v2/internal/configsources indirect minor v1.3.34 -> v1.4.14
github.com/aws/aws-sdk-go-v2/internal/ini indirect patch v1.8.3 -> v1.8.4
github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding indirect minor v1.12.3 -> v1.13.3
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url indirect minor v1.12.15 -> v1.13.14
github.com/aws/smithy-go indirect minor v1.22.3 -> v1.23.2
github.com/awslabs/amazon-ecr-credential-helper/ecr-login require minor v0.9.1 -> v0.11.0
github.com/buildkite/go-pipeline indirect minor v0.13.3 -> v0.16.0
github.com/buildkite/roko indirect minor v1.3.1 -> v1.4.0
github.com/cloudflare/circl indirect minor v1.3.7 -> v1.6.1
github.com/containerd/stargz-snapshotter/estargz indirect minor v0.16.3 -> v0.18.1
github.com/digitorus/pkcs7 indirect digest 3a137a8 -> ffadbf3
github.com/digitorus/timestamp require digest 220c5c2 -> c455327
github.com/docker/docker-credential-helpers indirect patch v0.9.3 -> v0.9.4
github.com/emicklei/proto indirect minor v1.13.4 -> v1.14.2
github.com/fsnotify/fsnotify indirect minor v1.8.0 -> v1.9.0
github.com/go-logr/logr indirect patch v1.4.2 -> v1.4.3
github.com/go-openapi/analysis indirect minor v0.23.0 -> v0.24.1
github.com/go-openapi/errors indirect patch v0.22.1 -> v0.22.4
github.com/go-openapi/jsonpointer indirect minor v0.21.0 -> v0.22.3
github.com/go-openapi/jsonreference indirect patch v0.21.0 -> v0.21.3
github.com/go-openapi/loads indirect minor v0.22.0 -> v0.23.2
github.com/go-openapi/runtime require minor v0.28.0 -> v0.29.2
github.com/go-openapi/spec indirect minor v0.21.0 -> v0.22.1
github.com/go-openapi/strfmt require minor v0.23.0 -> v0.25.0
github.com/go-openapi/swag require minor v0.23.1 -> v0.25.4
github.com/go-openapi/validate indirect minor v0.24.0 -> v0.25.1
github.com/google/certificate-transparency-go require patch v1.3.1 -> v1.3.2
github.com/google/gnostic-models indirect minor v0.6.9 -> v0.7.1
github.com/google/go-containerregistry require patch v0.20.3 -> v0.20.7
github.com/googleapis/enterprise-certificate-proxy indirect patch v0.3.6 -> v0.3.7
github.com/in-toto/attestation indirect patch v1.1.1 -> v1.1.2
github.com/klauspost/compress indirect patch v1.18.0 -> v1.18.2
github.com/letsencrypt/boulder indirect minor v0.0.0-20240620165639-de9c06129bec -> v0.20251118.0
github.com/mailru/easyjson indirect patch v0.9.0 -> v0.9.1
github.com/open-policy-agent/opa require minor v1.1.0 -> v1.11.0
github.com/prometheus/client_golang indirect minor v1.22.0 -> v1.23.2
github.com/prometheus/common indirect minor v0.63.0 -> v0.67.4
github.com/prometheus/procfs indirect minor v0.15.1 -> v0.19.2
github.com/protocolbuffers/txtpbfmt indirect digest a5fe556 -> fcb97cc
github.com/sagikazarmark/locafero indirect minor v0.7.0 -> v0.12.0
github.com/secure-systems-lab/go-securesystemslib require patch v0.9.0 -> v0.9.1
github.com/sigstore/fulcio require minor v1.6.6 -> v1.8.2
github.com/sigstore/protobuf-specs require minor v0.4.2 -> v0.5.0
github.com/sigstore/rekor require minor v1.3.10 -> v1.4.3
github.com/sigstore/sigstore require minor v1.9.4 -> v1.10.0
github.com/sigstore/sigstore-go require patch v0.7.2 -> v0.7.3
github.com/sigstore/sigstore/pkg/signature/kms/aws require minor v1.9.4 -> v1.10.0
github.com/sigstore/sigstore/pkg/signature/kms/azure require minor v1.9.4 -> v1.10.0
github.com/sigstore/sigstore/pkg/signature/kms/gcp require minor v1.9.4 -> v1.10.0
github.com/sigstore/sigstore/pkg/signature/kms/hashivault require minor v1.9.4 -> v1.10.0
github.com/sigstore/timestamp-authority require patch v1.2.7 -> v1.2.9
github.com/spf13/afero indirect minor v1.12.0 -> v1.15.0
github.com/spf13/cast indirect minor v1.7.1 -> v1.10.0
github.com/spf13/cobra require minor v1.9.1 -> v1.10.1
github.com/spf13/pflag require patch v1.0.6 -> v1.0.10
github.com/spf13/viper require minor v1.20.1 -> v1.21.0
github.com/stretchr/testify require minor v1.10.0 -> v1.11.1
github.com/vbatts/tar-split indirect patch v0.12.1 -> v0.12.2
gitlab.com/gitlab-org/api/client-go require minor v0.128.0 -> v0.161.1
go.mongodb.org/mongo-driver indirect minor v1.14.0 -> v1.17.6
go.opentelemetry.io/auto/sdk indirect minor v1.1.0 -> v1.2.1
go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc indirect minor v0.60.0 -> v0.63.0
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp indirect minor v0.60.0 -> v0.63.0
go.step.sm/crypto indirect minor v0.63.0 -> v0.74.0
golang.org/x/crypto indirect minor v0.35.0 -> v0.45.0
golang.org/x/crypto require minor v0.40.0 -> v0.45.0
golang.org/x/exp indirect digest 054e65f -> 87e1e73
golang.org/x/mod indirect minor v0.25.0 -> v0.30.0
golang.org/x/net indirect minor v0.42.0 -> v0.47.0
golang.org/x/oauth2 require minor v0.30.0 -> v0.33.0
golang.org/x/sync require minor v0.16.0 -> v0.18.0
golang.org/x/sys indirect minor v0.34.0 -> v0.38.0
golang.org/x/term require minor v0.33.0 -> v0.37.0
golang.org/x/text indirect minor v0.27.0 -> v0.31.0
golang.org/x/time indirect minor v0.12.0 -> v0.14.0
golang.org/x/tools indirect minor v0.34.0 -> v0.39.0
google.golang.org/api require minor v0.230.0 -> v0.256.0
google.golang.org/genproto indirect digest a0af3ef -> 79d6a2a
google.golang.org/genproto/googleapis/api indirect digest 207652e -> 79d6a2a
google.golang.org/genproto/googleapis/rpc indirect digest 207652e -> 79d6a2a
k8s.io/api require minor v0.28.3 -> v0.34.2
k8s.io/apimachinery require minor v0.28.3 -> v0.34.2
k8s.io/client-go require minor v0.28.3 -> v0.34.2
k8s.io/kube-openapi indirect digest c8a335a -> 4e65d59
k8s.io/utils require digest 24370be -> bc988d5
sigs.k8s.io/json indirect digest cfa47c3 -> 2d32026
sigs.k8s.io/release-utils require minor v0.11.1 -> v0.12.2
sigs.k8s.io/yaml indirect minor v1.4.0 -> v1.6.0

Warning

Some dependencies could not be looked up. Check the warning logs for more information.

Release Notes

googleapis/google-cloud-go (cloud.google.com/go)

v0.123.0

Compare Source

Features
Bug Fixes

v0.122.0

Compare Source

Features
Bug Fixes

v0.121.6

Compare Source

Bug Fixes
  • internal/librariangen: Fix Dockerfile permissions for go mod tidy (#​12704) (0e70a0b)

v0.121.5

Compare Source

Bug Fixes
  • internal/librariangen: Get README title from service config yaml (#​12676) (b3b8f70)
  • internal/librariangen: Update source_paths to source_roots in generate-request.json (#​12691) (2adb6f9)

v0.121.4

Compare Source

Bug Fixes
  • geminidataanalytics: Correct resource reference type for parent field in data_chat_service.proto (98ba6f0)
  • internal/postprocessor: Add git (#​12524) (82030ee)

v0.121.3

Compare Source

Documentation
  • impersonate: Address TODO in impersonate/example_test.go (#​12401) (dd096ec)

v0.121.2

Compare Source

Documentation

v0.121.1

Compare Source

Bug Fixes
  • civil: Add support for civil.Date, civil.Time and civil.DateTime arguments to their respective Scan methods (#​12240) (7127ce9), refs #​12060

v0.121.0

Compare Source

Features

v0.120.1

Compare Source

Bug Fixes
cue-lang/cue (cuelang.org/go)

v0.15.1

Compare Source

Evaluator

Fix an evalv3 regression first introduced in v0.11.0 where the and built-in function started evaluating its arguments too eagerly, causing failures in cue def.

Fix an evalv3 regression where closedness info could be lost when using a comprehension.

Fix a bug where the evaluator would panic on alias cycles with dynamic fields rather than giving a good error.

LSP

Formatting standalone CUE files - either without a package name, or outside of a CUE module - now works correctly.

Fix a bug where trying to use "find references" on a CUE module with nested modules would cause a hang.

Fix a bug where resolving path roots did not work correctly in the presence of struct embeddings.

cmd/cue

Fix a regression in v0.15.0 where cue get go no longer skipped generating CUE files without any declarations.

Go API

Fix a bug in the subsume package where a struct with a pattern constraint did not subsume a closed struct with a matching field.

Rename the bootstrap build tag used in the internal/filetypes package to cuebootstrap to avoid conflicts with build tags in other Go modules.

Full list of changes since v0.15.0

v0.15.0

Compare Source

Changes which may break some users are marked below with: ⚠️

Note that this release no longer includes a checksums.txt asset; GitHub now provide digests natively.

LSP

This release includes the initial version of cue lsp - with support for "go to definition", "find references", rename, code completion, hover documentation, and code formatting.

See our Getting Started wiki page for instructions on how to set it up with your editor.

Please report any bugs or missing features you encounter via the Issue tracker or via the #lsp channels on Discord or Slack.

Language

explicitopen experiment for #A...

The explicitopen per-file experiment enables the posfix ... operator to explicitly open closed structs, allowing additional fields to be added. This change simplifies CUE's semantics, reduces user confusion, and enables clearer expression of type extensibility patterns.

You can try this experiment by following our how-to guide. For more information, see the proposal on GitHub and the spec change patch.

aliasv2 experiment

The aliasv2 per-file experiment implements the new "postfix aliases" syntax, and introduces a "self" predeclared identifier referring to the innermost surrounding struct or list.

You can try this experiment by following our how-to guide. For more information, see the proposal on GitHub and the spec change patch.

Other experiments

⚠️ With its proposal accepted, the keepvalidators global experiment is now stable, meaning that CUE_EXPERIMENT=keepvalidators is always enabled.

With its proposal accepted, the structcmp per-file experiment is now stable with language.version at v0.15.0 or later, meaning that the @experiment(structcmp) attribute is unnecessary as it's always enabled.

Evaluator

⚠️ Removing evalv2

The old evalv2 evaluator, which previously could be re-enabled via CUE_EXPERIMENT=evalv3=0, is now deleted. The new evalv3 evaluator has been on by default since v0.13.0, and at this point our entire test suite including Unity is working.

Removing the old evaluator reduces significant load on development, as we were able to clear out 4000 lines of code, and simplify the internal types and code structure. This is a necessary step to unblock ongoing feature and performance work in the evaluator.

As a bonus, because the old and new evaluators shared many core evaluator types, removing the fields only used by the old evaluator yields modest memory usage improvements of around 4-6%.

Performance

Evaluating concrete CUE values no longer involves dependency analysis; this should result in modest speed improvements when marshaling to YAML, via either cue export -e expr -o yaml or yaml.Marshal.

Dependency analysis now avoids computing references more than once, which resolves an expontential performance issue for some configurations using chains of CUE references.

Add caching to a part of the typochecker algorithm; this has been measured to provide performance improvements of up to 30% on a few large projects.

cue/parser now reuses more memory, which results in parsing performance improvements of up to 30% and memory savings of up to 50%, especially when loading large CUE data files.

Other changes

File embedding via the @embed attribute has gained an allowEmptyGlob option, to allow glob patterns to match zero files without causing an error.

The evaluator now shows all user errors created with the error builtin when they can be related to a disjunction failure. Previously, the evaluator would try to only show user errors directly part of a disjunction error, but that caused too many omissions.

Some error positions which were lost in the transition from evalv2 to evalv3 have been reintroduced.

Fix a bug where required fields in a definition might not be enforced when unifying with an inline struct in an expression, such as (#RequiresFoo & {bar: "baz"}).bar.

Fix a regression introduced in v0.12.0 where incomplete errors were not being handled consistently if they directly involved the top-level value.

A number of panics and error regressions in the evaluator which were reported since v0.14 have been fixed; thank you to all who reported these.

cmd/cue

A new cue help experiments command is introduced to document all available per-file and global experiments.

The cue fix --exp flag is introduced to rewrite files or packages to use new and experimental semantics with @experiment attributes.

cue mod mirror now copies OCI referrers between registries, which ensures that artifacts like signatures and attestations which reference modules being mirrored are copied as well.

cue mod resolve gains a --deps flag that lists all dependencies of the current module and which registries they resolve to.

cue get go gains an --outfile flag to generate exactly one CUE file for a single Go package, which can be useful when integrating cue get go into build systems like Bazel.

Fix a regression introduced in v0.9.0 where loading a qualified pattern like ./...:pkgname no longer filtered files based on the package name given.

cue get go now stops on any Go package loading error. Trying to continue in the presence of syntax or type-checking errors could lead to generating incorrect CUE.

Encodings

Initial support for encoding CUE schemas as JSON Schema is added. This includes a new encoding/jsonschema.Generate Go API, as well as CLI support via cue def --out jsonschema. This is currently very experimental, and many features are missing. For now, it can only generate a single version of JSON Schema, draft/2020-12.

The YAML library in the archived Go module gopkg.in/yaml.v3 has been replaced by go.yaml.in/yaml/v3, an active fork now maintained by the YAML organization.

cue exp gengotypes is improved to handle more edge cases with CUE package imports which could result in broken Go code.

The Protobuf decoder has been tweaked to not require files such as google/protobuf/timestamp.proto to exist on disk, given that they are mapped to CUE standard library APIs directly.

The Protobuf decoder has also been tweaked to support fully qualified references such as my.pkg.name.MessageName.

A bug is fixed in the TOML decoder where sub-table keys could incorrectly lead to duplicate key errors.

Standard library

The net package has gained new AddIP and AddIPCIDR functions to add numerical offsets to IP addresses or CIDR networks.

The Atoi, ParseInt, and ParseUint functions in the strconv package now work on integers with unlimited precision, like the rest of the CUE evaluator, rather than just a maximum of 64 bits.

Go API

The new cue.Value.IsClosed and cue.Value.IsClosedRecursively methods report whether a value has been closed at the top level or recursively, which is useful information when writing schema encodings.

The new cue.Patterns and cue.Selector.Pattern APIs allow introspecting pattern constraints in CUE struct values.

The new encoding/yaml.Decoder API allows decoding a stream of YAML documents, given that existing APIs did not support streams of multiple YAML documents.

encoding/json gains JSON Pointer APIs, which are already useful in packages like encoding/jsonschema.

cue/ast introduces PostfixExpr to support upcoming additions to the language syntax.

cue/ast introduces StringLabelNeedsQuoting to determine whether a string label needs to be quoted when used in CUE syntax.

cue/ast introduces NewStringLabel to create an ast.Label as either an unquoted identifier or a quoted string, depending on whether the string label needs quoting.

tools/fix has gained new APIs to fix configs to use an active experiment, as well as fixing configs to a newer language version.

cue introduces a Path.Append convenience method.

⚠️ cue/build.Instance.Match is removed, given that it was never set to any value at any point since it was added.

cue/token is adjusted so that node positions within a file never result in an offset which is outside the bounds of the file. This could easily lead to subtle bugs or panics when using node position offsets.

⚠️ The cue/token.Pos.Before method is now rewritten to match cue/token.Pos.Compare, given that it always returned "false" for positions from different files. The method is now deprecated as well.

cue/errors is adjusted so that Positions only collects printable positions, to prevent printing empty positions in the CLI.

cue/ast deprecates the File.Imports field in favor of the File.ImportSpecs iterator method. The iterator method File.ImportDecls is also introduced for completeness.

⚠️ The long-deprecated cue.ResolveReferences option API is now removed.

cue/parser.DeprecationError.Version is deprecated, as tracking CUE language versions via integers has not been used since v0.4.3, and the mechanism was never properly documented.

Full list of changes since v0.14.0

@red-hat-konflux red-hat-konflux bot force-pushed the konflux/mintmaker/main/go-deps branch 2 times, most recently from f357ab8 to 186f9d8 Compare August 10, 2025 12:09
@red-hat-konflux red-hat-konflux bot changed the title chore(deps): update go dependencies Update Go Dependencies Aug 10, 2025
@red-hat-konflux red-hat-konflux bot force-pushed the konflux/mintmaker/main/go-deps branch 3 times, most recently from 9920c0f to ff10711 Compare August 17, 2025 12:30
@tommyd450
Copy link

tommyd450 commented Aug 19, 2025

/retest

@red-hat-konflux red-hat-konflux bot force-pushed the konflux/mintmaker/main/go-deps branch 4 times, most recently from 6177d88 to d6178d3 Compare August 24, 2025 20:31
@red-hat-konflux red-hat-konflux bot force-pushed the konflux/mintmaker/main/go-deps branch 3 times, most recently from 6aa5637 to 3715a71 Compare September 7, 2025 08:36
@red-hat-konflux red-hat-konflux bot force-pushed the konflux/mintmaker/main/go-deps branch 3 times, most recently from 9afbd4b to 144565a Compare September 14, 2025 08:39
@red-hat-konflux red-hat-konflux bot force-pushed the konflux/mintmaker/main/go-deps branch 4 times, most recently from a730bbb to e1dc0c2 Compare September 21, 2025 12:36
@red-hat-konflux red-hat-konflux bot force-pushed the konflux/mintmaker/main/go-deps branch 8 times, most recently from b91c2b5 to 97499dd Compare September 25, 2025 20:54
@red-hat-konflux red-hat-konflux bot force-pushed the konflux/mintmaker/main/go-deps branch 15 times, most recently from c5165ed to ec60748 Compare November 24, 2025 17:46
@red-hat-konflux
Copy link
Author

red-hat-konflux bot commented Nov 24, 2025
edited
Loading

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

  • any of the package files in this branch needs updating, or
  • the branch becomes conflicted, or
  • you click the rebase/retry checkbox if found above, or
  • you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: go.sum
Command failed: go get -t ./...
go: github.com/ThalesIgnite/[email protected]: parsing go.mod:
	module declares its path as: github.com/ThalesGroup/crypto11
	        but was required as: github.com/ThalesIgnite/crypto11

@red-hat-konflux red-hat-konflux bot force-pushed the konflux/mintmaker/main/go-deps branch 11 times, most recently from 3d05463 to 1ff395d Compare November 26, 2025 17:37
@red-hat-konflux red-hat-konflux bot changed the title Update Go Dependencies chore(deps): update go dependencies Nov 28, 2025
@red-hat-konflux
chore(deps): update go dependencies
4ef1ed4 
Signed-off-by: red-hat-konflux <126015336+red-hat-konflux[bot]@users.noreply.github.com>
@red-hat-konflux red-hat-konflux bot force-pushed the konflux/mintmaker/main/go-deps branch from 1ff395d to 4ef1ed4 Compare December 1, 2025 13:46
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@tommyd450