chore(deps): update go dependencies

[red-hat-konflux]

This PR contains the following updates:

Package	Type	Update	Change
cel.dev/expr	indirect	minor	v0.24.0 -> v0.25.1
cuelang.org/go	indirect	minor	v0.14.2 -> v0.15.1
github.com/AliyunContainerService/ack-ram-tool/pkg/credentials/provider	indirect	minor	v0.19.0 -> v0.20.0
github.com/AliyunContainerService/ack-ram-tool/pkg/ecsmetadata	indirect	patch	v0.0.9 -> v0.0.10
github.com/Azure/azure-sdk-for-go/sdk/azcore	require	minor	v1.19.1 -> v1.20.0
github.com/Azure/azure-sdk-for-go/sdk/azidentity	require	patch	v1.13.0 -> v1.13.1
github.com/AzureAD/microsoft-authentication-library-for-go	indirect	minor	v1.5.0 -> v1.6.0
github.com/ThalesIgnite/crypto11	indirect	minor	v1.2.5 -> v1.6.0
github.com/aliyun/credentials-go	indirect	patch	v1.4.7 -> v1.4.8
github.com/aws/aws-sdk-go-v2/credentials	indirect	minor	v1.18.17 -> v1.19.2
github.com/aws/aws-sdk-go-v2/feature/ec2/imds	indirect	patch	v1.18.10 -> v1.18.14
github.com/aws/aws-sdk-go-v2/internal/configsources	indirect	patch	v1.4.10 -> v1.4.14
github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding	indirect	patch	v1.13.2 -> v1.13.3
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url	indirect	patch	v1.13.10 -> v1.13.14
github.com/aws/smithy-go	indirect	patch	v1.23.1 -> v1.23.2
github.com/awslabs/amazon-ecr-credential-helper/ecr-login	require	minor	v0.10.1 -> v0.11.0
github.com/cncf/xds/go	indirect	digest	2ee22ca -> 8bfbf64
github.com/containerd/stargz-snapshotter/estargz	indirect	patch	v0.18.0 -> v0.18.1
github.com/go-openapi/analysis	indirect	patch	v0.24.0 -> v0.24.1
github.com/go-openapi/errors	indirect	patch	v0.22.3 -> v0.22.4
github.com/go-openapi/jsonpointer	indirect	patch	v0.22.1 -> v0.22.3
github.com/go-openapi/jsonreference	indirect	patch	v0.21.2 -> v0.21.3
github.com/go-openapi/loads	indirect	patch	v0.23.1 -> v0.23.2
github.com/go-openapi/spec	indirect	patch	v0.22.0 -> v0.22.1
github.com/go-openapi/strfmt	indirect	minor	v0.24.0 -> v0.25.0
github.com/go-openapi/swag	indirect	patch	v0.25.1 -> v0.25.4
github.com/go-openapi/swag/cmdutils	indirect	patch	v0.25.1 -> v0.25.4
github.com/go-openapi/swag/conv	indirect	patch	v0.25.1 -> v0.25.4
github.com/go-openapi/swag/fileutils	indirect	patch	v0.25.1 -> v0.25.4
github.com/go-openapi/swag/jsonname	indirect	patch	v0.25.1 -> v0.25.4
github.com/go-openapi/swag/jsonutils	indirect	patch	v0.25.1 -> v0.25.4
github.com/go-openapi/swag/loading	indirect	patch	v0.25.1 -> v0.25.4
github.com/go-openapi/swag/mangling	indirect	patch	v0.25.1 -> v0.25.4
github.com/go-openapi/swag/netutils	indirect	patch	v0.25.1 -> v0.25.4
github.com/go-openapi/swag/stringutils	indirect	patch	v0.25.1 -> v0.25.4
github.com/go-openapi/swag/typeutils	indirect	patch	v0.25.1 -> v0.25.4
github.com/go-openapi/swag/yamlutils	indirect	patch	v0.25.1 -> v0.25.4
github.com/go-openapi/validate	indirect	patch	v0.25.0 -> v0.25.1
github.com/google/gnostic-models	indirect	patch	v0.7.0 -> v0.7.1
github.com/google/go-containerregistry	require	patch	v0.20.6 -> v0.20.7
github.com/google/go-containerregistry/pkg/authn/k8schain	require	digest	cb4a037 -> e075f20
github.com/google/go-containerregistry/pkg/authn/kubernetes	require	digest	cb4a037 -> e075f20
github.com/googleapis/enterprise-certificate-proxy	indirect	patch	v0.3.6 -> v0.3.7
github.com/klauspost/compress	indirect	patch	v1.18.1 -> v1.18.2
github.com/letsencrypt/boulder	require	minor	v0.20250721.0 -> v0.20251118.0
github.com/open-policy-agent/opa	indirect	minor	v1.1.0 -> v1.11.0
github.com/prometheus/common	indirect	patch	v0.67.1 -> v0.67.4
github.com/prometheus/procfs	indirect	minor	v0.17.0 -> v0.19.2
github.com/protocolbuffers/txtpbfmt	indirect	digest	f293424 -> fcb97cc
github.com/sigstore/rekor	require	patch	v1.4.2 -> v1.4.3
github.com/sigstore/scaffolding	require	patch	v0.7.22 -> v0.7.31
github.com/sigstore/sigstore	require	minor	v1.9.6-0.20251017153808-5089bd7668f3 -> v1.10.0
github.com/sigstore/sigstore/pkg/signature/kms/aws	require	minor	v1.9.5 -> v1.10.0
github.com/sigstore/sigstore/pkg/signature/kms/azure	require	minor	v1.9.5 -> v1.10.0
github.com/sigstore/sigstore/pkg/signature/kms/gcp	require	minor	v1.9.6-0.20251017153808-5089bd7668f3 -> v1.10.0
github.com/sigstore/sigstore/pkg/signature/kms/hashivault	require	minor	v1.9.5 -> v1.10.0
github.com/transparency-dev/formats	indirect	digest	404c0d5 -> 2de64aa
gitlab.com/gitlab-org/api/client-go	indirect	minor	v0.157.0 -> v0.161.1
go.mongodb.org/mongo-driver	indirect	patch	v1.17.4 -> v1.17.6
go.opentelemetry.io/proto/otlp	indirect	minor	v1.8.0 -> v1.9.0
golang.org/x/crypto	require	minor	v0.43.0 -> v0.45.0
golang.org/x/exp	indirect	digest	90e834f -> 87e1e73
golang.org/x/mod	indirect	minor	v0.29.0 -> v0.30.0
golang.org/x/net	require	minor	v0.46.0 -> v0.47.0
golang.org/x/oauth2	indirect	minor	v0.32.0 -> v0.33.0
golang.org/x/sync	indirect	minor	v0.17.0 -> v0.18.0
golang.org/x/sys	indirect	minor	v0.37.0 -> v0.38.0
golang.org/x/term	indirect	minor	v0.36.0 -> v0.37.0
golang.org/x/text	indirect	minor	v0.30.0 -> v0.31.0
golang.org/x/tools	indirect	minor	v0.38.0 -> v0.39.0
google.golang.org/api	indirect	minor	v0.252.0 -> v0.256.0
google.golang.org/genproto	indirect	digest	88f65dc -> 79d6a2a
google.golang.org/genproto/googleapis/api	indirect	digest	88f65dc -> 79d6a2a
google.golang.org/genproto/googleapis/rpc	indirect	digest	88f65dc -> 79d6a2a
k8s.io/api	require	patch	v0.34.1 -> v0.34.2
k8s.io/apiextensions-apiserver	indirect	patch	v0.34.1 -> v0.34.2
k8s.io/apimachinery	require	patch	v0.34.1 -> v0.34.2
k8s.io/client-go	require	patch	v0.34.1 -> v0.34.2
k8s.io/code-generator	replace	patch	v0.34.1 -> v0.34.2
k8s.io/code-generator	require	patch	v0.34.1 -> v0.34.2
k8s.io/kube-openapi	replace	digest	589584f -> 4e65d59
k8s.io/kube-openapi	require	digest	589584f -> 4e65d59
knative.dev/hack	require	digest	4fae780 -> 1484a9e
knative.dev/hack/schema	require	digest	4fae780 -> 1484a9e
knative.dev/pkg	require	digest	a1339c6 -> e853b1d

---

Warning

Some dependencies could not be looked up. Check the warning logs for more information.

---

Release Notes

google/cel-spec (cel.dev/expr)

v0.25.1

Compare Source

Minor additions to the v0.25.0 release

What's Changed

• Remove test/v1 directory and its protos by @​l46kok in #​487
• Add parsing tests for string and bytes literals by @​hudlow in #​489

Full Changelog: google/cel-spec@v0.25.0...v0.25.1

v0.25.0

Compare Source

What's Changed

• Initial version of the policy specification by @​jcking in #​477
• Remove orphaned ToC entry for enums as ints from the specification by @​timostamm in #​476
• Tests for selector, function, and field names formerly defined as reserved by @​hudlow in #​480
• Add a test case for lastIndexOf in string_ext against an empty string by @​l46kok in #​468
• Remove TOC from language definition by @​hudlow in #​482
• Remove int(enum) -> int signature by @​hudlow in #​483
• Clarify formatting decimals, add %f formatting test cases around rounding by @​l46kok in #​485
• Remove remaining google.rpc.Status deps from cel-spec by @​TristonianJones in #​486

New Contributors

• @​timostamm made their first contribution in #​476

Full Changelog: google/cel-spec@v0.24.0...v0.25.0

cue-lang/cue (cuelang.org/go)

v0.15.1

Compare Source

Evaluator

Fix an evalv3 regression first introduced in v0.11.0 where the and built-in function started evaluating its arguments too eagerly, causing failures in cue def.

Fix an evalv3 regression where closedness info could be lost when using a comprehension.

Fix a bug where the evaluator would panic on alias cycles with dynamic fields rather than giving a good error.

LSP

Formatting standalone CUE files - either without a package name, or outside of a CUE module - now works correctly.

Fix a bug where trying to use "find references" on a CUE module with nested modules would cause a hang.

Fix a bug where resolving path roots did not work correctly in the presence of struct embeddings.

cmd/cue

Fix a regression in v0.15.0 where cue get go no longer skipped generating CUE files without any declarations.

Go API

Fix a bug in the subsume package where a struct with a pattern constraint did not subsume a closed struct with a matching field.

Rename the bootstrap build tag used in the internal/filetypes package to cuebootstrap to avoid conflicts with build tags in other Go modules.

Full list of changes since v0.15.0

• bump pinnedReleaseGo and LanguageVersion for v0.15.1 by @​mvdan in 350755e
• lsp/fscache: improve removal of phantom package decls by @​cuematthew in bcc9a45
• internal/lsp: format standalone files without phantom pkg names by @​cuematthew in bf16055
• lsp/definitions: correct resolution of path roots by @​cuematthew in e64569f
• lsp/definitions: add test to show faulty resolution by @​cuematthew in f2076ae
• lsp/cache: stop nested modules from breaking find-references by @​cuematthew in 6d75085
• internal/core/compile: don't panic on an alias cycle with a dynamic field by @​mvdan in cf6c597
• internal/core/compile: revert and to use Func instead of RawFunc by @​mvdan in 37e8637
• cue/testdata: add test case for #​3719 by @​mvdan in de5328e
• internal/core/subsume: fix duplicate logic for pattern constraints by @​mvdan in a229275
• internal/core/subsume: add test cases for pattern constraints by @​mvdan in bca0a55
• internal/filetypes: use a less generic bootstrap build tag by @​mvdan in 94f2f0e
• cmd/cue: do not emit empty CUE files in get go again by @​mvdan in 819474c
• cmd/cue: test that we don't emit empty CUE files without --outfile by @​mvdan in e61516d
• internal/core/adt: check removed scope per conjunct by @​mvdan in 2e8e111
• cue/testdata: add a test case for #​4180 by @​mvdan in f81118c

v0.15.0

Compare Source

Changes which may break some users are marked below with: ⚠️

Note that this release no longer includes a checksums.txt asset; GitHub now provide digests natively.

LSP

This release includes the initial version of cue lsp - with support for "go to definition", "find references", rename, code completion, hover documentation, and code formatting.

See our Getting Started wiki page for instructions on how to set it up with your editor.

Please report any bugs or missing features you encounter via the Issue tracker or via the #lsp channels on Discord or Slack.

Language

explicitopen experiment for #A...

The explicitopen per-file experiment enables the posfix ... operator to explicitly open closed structs, allowing additional fields to be added. This change simplifies CUE's semantics, reduces user confusion, and enables clearer expression of type extensibility patterns.

You can try this experiment by following our how-to guide. For more information, see the proposal on GitHub and the spec change patch.

aliasv2 experiment

The aliasv2 per-file experiment implements the new "postfix aliases" syntax, and introduces a "self" predeclared identifier referring to the innermost surrounding struct or list.

You can try this experiment by following our how-to guide. For more information, see the proposal on GitHub and the spec change patch.

Other experiments

⚠️ With its proposal accepted, the keepvalidators global experiment is now stable, meaning that CUE_EXPERIMENT=keepvalidators is always enabled.

With its proposal accepted, the structcmp per-file experiment is now stable with language.version at v0.15.0 or later, meaning that the @experiment(structcmp) attribute is unnecessary as it's always enabled.

Evaluator

⚠️ Removing evalv2

The old evalv2 evaluator, which previously could be re-enabled via CUE_EXPERIMENT=evalv3=0, is now deleted. The new evalv3 evaluator has been on by default since v0.13.0, and at this point our entire test suite including Unity is working.

Removing the old evaluator reduces significant load on development, as we were able to clear out 4000 lines of code, and simplify the internal types and code structure. This is a necessary step to unblock ongoing feature and performance work in the evaluator.

As a bonus, because the old and new evaluators shared many core evaluator types, removing the fields only used by the old evaluator yields modest memory usage improvements of around 4-6%.

Performance

Evaluating concrete CUE values no longer involves dependency analysis; this should result in modest speed improvements when marshaling to YAML, via either cue export -e expr -o yaml or yaml.Marshal.

Dependency analysis now avoids computing references more than once, which resolves an expontential performance issue for some configurations using chains of CUE references.

Add caching to a part of the typochecker algorithm; this has been measured to provide performance improvements of up to 30% on a few large projects.

cue/parser now reuses more memory, which results in parsing performance improvements of up to 30% and memory savings of up to 50%, especially when loading large CUE data files.

Other changes

File embedding via the @embed attribute has gained an allowEmptyGlob option, to allow glob patterns to match zero files without causing an error.

The evaluator now shows all user errors created with the error builtin when they can be related to a disjunction failure. Previously, the evaluator would try to only show user errors directly part of a disjunction error, but that caused too many omissions.

Some error positions which were lost in the transition from evalv2 to evalv3 have been reintroduced.

Fix a bug where required fields in a definition might not be enforced when unifying with an inline struct in an expression, such as (#RequiresFoo & {bar: "baz"}).bar.

Fix a regression introduced in v0.12.0 where incomplete errors were not being handled consistently if they directly involved the top-level value.

A number of panics and error regressions in the evaluator which were reported since v0.14 have been fixed; thank you to all who reported these.

cmd/cue

A new cue help experiments command is introduced to document all available per-file and global experiments.

The cue fix --exp flag is introduced to rewrite files or packages to use new and experimental semantics with @experiment attributes.

cue mod mirror now copies OCI referrers between registries, which ensures that artifacts like signatures and attestations which reference modules being mirrored are copied as well.

cue mod resolve gains a --deps flag that lists all dependencies of the current module and which registries they resolve to.

cue get go gains an --outfile flag to generate exactly one CUE file for a single Go package, which can be useful when integrating cue get go into build systems like Bazel.

Fix a regression introduced in v0.9.0 where loading a qualified pattern like ./...:pkgname no longer filtered files based on the package name given.

cue get go now stops on any Go package loading error. Trying to continue in the presence of syntax or type-checking errors could lead to generating incorrect CUE.

Encodings

Initial support for encoding CUE schemas as JSON Schema is added. This includes a new encoding/jsonschema.Generate Go API, as well as CLI support via cue def --out jsonschema. This is currently very experimental, and many features are missing. For now, it can only generate a single version of JSON Schema, draft/2020-12.

The YAML library in the archived Go module gopkg.in/yaml.v3 has been replaced by go.yaml.in/yaml/v3, an active fork now maintained by the YAML organization.

cue exp gengotypes is improved to handle more edge cases with CUE package imports which could result in broken Go code.

The Protobuf decoder has been tweaked to not require files such as google/protobuf/timestamp.proto to exist on disk, given that they are mapped to CUE standard library APIs directly.

The Protobuf decoder has also been tweaked to support fully qualified references such as my.pkg.name.MessageName.

A bug is fixed in the TOML decoder where sub-table keys could incorrectly lead to duplicate key errors.

Standard library

The net package has gained new AddIP and AddIPCIDR functions to add numerical offsets to IP addresses or CIDR networks.

The Atoi, ParseInt, and ParseUint functions in the strconv package now work on integers with unlimited precision, like the rest of the CUE evaluator, rather than just a maximum of 64 bits.

Go API

The new cue.Value.IsClosed and cue.Value.IsClosedRecursively methods report whether a value has been closed at the top level or recursively, which is useful information when writing schema encodings.

The new cue.Patterns and cue.Selector.Pattern APIs allow introspecting pattern constraints in CUE struct values.

The new encoding/yaml.Decoder API allows decoding a stream of YAML documents, given that existing APIs did not support streams of multiple YAML documents.

encoding/json gains JSON Pointer APIs, which are already useful in packages like encoding/jsonschema.

cue/ast introduces PostfixExpr to support upcoming additions to the language syntax.

cue/ast introduces StringLabelNeedsQuoting to determine whether a string label needs to be quoted when used in CUE syntax.

cue/ast introduces NewStringLabel to create an ast.Label as either an unquoted identifier or a quoted string, depending on whether the string label needs quoting.

tools/fix has gained new APIs to fix configs to use an active experiment, as well as fixing configs to a newer language version.

cue introduces a Path.Append convenience method.

⚠️ cue/build.Instance.Match is removed, given that it was never set to any value at any point since it was added.

cue/token is adjusted so that node positions within a file never result in an offset which is outside the bounds of the file. This could easily lead to subtle bugs or panics when using node position offsets.

⚠️ The cue/token.Pos.Before method is now rewritten to match cue/token.Pos.Compare, given that it always returned "false" for positions from different files. The method is now deprecated as well.

cue/errors is adjusted so that Positions only collects printable positions, to prevent printing empty positions in the CLI.

cue/ast deprecates the File.Imports field in favor of the File.ImportSpecs iterator method. The iterator method File.ImportDecls is also introduced for completeness.

⚠️ The long-deprecated cue.ResolveReferences option API is now removed.

cue/parser.DeprecationError.Version is deprecated, as tracking CUE language versions via integers has not been used since v0.4.3, and the mechanism was never properly documented.

Full list of changes since v0.14.0

• tools/fix: fix several issues with explicitopen rewrite by @​mpvl in 4aad065
• tools/fix: add some test cases by @​mpvl in 3b2b9b4
• internal/core/adt: add __reclose by @​mpvl in f8bf47a
• doc/ref: clarify exact meaning of value for match* builtins by @​mpvl in a650c53
• internal/ci/base: cue fmt files by @​mpvl in ab19f98
• lsp/definitions: fix find-references (UsagesForOffset) by @​cuematthew in 27f5797
• internal/core/dep: fix dependencies on spread operator by @​mpvl in 5634c58
• internal/core/dep: add test for spread operator by @​mpvl in f1cd0d2
• internal/core/export: handle spread operator by @​mpvl in 52f26f9
• doc/ref/spec.md: document matchN and machIf by @​mpvl in 020764b
• cue/parser: fix too restrictive parser test by @​mpvl in 7d69171
• cue/ast/astutil: handle patching of some references in Apply by @​mpvl in b979ace
• cue/ast/astutil: include Sanitize in TestApply by @​mpvl in 57c6f9f
• tools/fix: do not add spread operator to lists by @​mpvl in 7e9a83e
• all: remove two error results which are always nil by @​mvdan in 6ed9b98
• all: remove three func results which are never used by @​mvdan in eca4996
• cmd/cue: remove unused addInjectionFlags parameter by @​mvdan in 083dd03
• internal/core/adt: make CloseInfo.AncestorPositions an iterator by @​mvdan in 82c321f
• CONTRIBUTING: discourage SSH for Gerrit more actively by @​mvdan in 2e7e5af
• pkg/path: fix test failures when executed with -count N by @​roman-mazur in 1bfde52
• internal/source: simplify ReadAll by @​mvdan in cc3d92d
• internal/source: avoid a NopCloser if src is already a Closer by @​mvdan in 6d58d63
• cue/ast/astutil: avoid walking to the root to reuse scopes by @​mvdan in 4ba9572
• lsp/fscache: set version on token.File by @​cuematthew in e79d2ea
• internal/lsp: simplify processing of package imports by @​cuematthew in bbf6f4f
• cue/ast/astutil: assume LetClause.Expr and Alias.Expr are non-nil by @​mvdan in a77e741
• cue/ast/astutil: reuse scope allocations by @​mvdan in e5706db
• cue/ast: do not allocate in SetComments when it's a no-op by @​mvdan in d88bc99
• cue/parser: reuse commentState allocations by @​mvdan in 1e30ed2
• all: replace two uses of astutil.ParseImportPath by @​mvdan in 2dcf1d8
• cue: use Vertex.SingleConjunct in Value.Source by @​mvdan in dea3faa
• cue/load: ensure that Config.ModuleRoot is clean, like Config.Dir by @​mvdan in 14472be
• cue/load: correctly handle the filesystem root as Config.ModuleRoot by @​mvdan in d7a839b
• encoding/jsonschema: avoid redundant patternProperties in Generate by @​rogpeppe in a8385f8
• cmd/cue: update help text to reflect renamed experiment by @​jpluscplusm in 7d0090a
• cmd/cue/cmd: add --deps flag to 'cue mod resolve' by @​rogpeppe in 15afd50
• cue/load: add test case showing an error when Config.ModuleRoot=="/" by @​mvdan in 44dba4e
• internal/ci/goreleaser: actually disable checksum generation by @​mvdan in 93c434c
• all: remove two obsolete and commented-out APIs by @​mvdan in 25322ae
• lsp/definitions: call pos.Offset() directly by @​cuematthew in 64182de
• internal/lsp: support standalone files with imports in modules by @​cuematthew in 7dcbdf6
• internal/lsp: add support for rename by @​cuematthew in 24300be
• internal/lsp: support references with definitions by @​cuematthew in 6feb520
• cmd/cue: adjust cue get go --outfile logic by @​mvdan in 6491013
• cue/token: rewrite Pos.Before in terms of Pos.Compare by @​mvdan in 6c2aa6a
• cue/token: don't unpack line info in Pos.Compare by @​mvdan in 9623737
• cue/token: remove unnecessary Pos.file nil checks by @​mvdan in 852de61
• cue/token: don't unpack line info in Pos.Offset by @​mvdan in 8972e06
• cue/token: don't unpack line info in Pos.Filename by @​mvdan in 6543708
• cue/token: reuse File.Offset in File.position by @​mvdan in f4ba49b
• cue/ast/astutil: use go fix -inline on ImportPathName by @​mvdan in 1850e9b
• internal/core/layer: rudimentary implementation of layers by @​mpvl in 654b5c0
• internal/core/adt: set t.id only once by @​mpvl in aae1e07
• internal/lsp: wire UsagesForOffset into the LSP by @​cuematthew in bdc3901
• lsp/definitions: implement UsagesForOffset by @​cuematthew in 5303c60
• lsp/definitions: add ability to reset definitions analysis by @​cuematthew in aba5ee2
• lsp/rangeset: add String methods by @​cuematthew in bfe4aba
• encoding/yaml: add Decoder for streaming YAML documents by @​mpvl in 738e6e4
• all: start leveraging go fix -inline by @​mvdan in 70d6a9c
• all: go fix -inline ./... by @​mvdan in 279e355
• all: rename aliasandself experiment to aliasv2 by @​mpvl in b85644f
• encoding/jsonschema: explicit close handling by @​rogpeppe in a94cfbc
• encoding/jsonschema: add tests by @​rogpeppe in 2606457
• internal/ci: don't let "---" lines break git commit trailers by @​mvdan in e735c99
• mod/modregistry: mirror referrers in Client.Mirror by @​rogpeppe in f0d24a9
• all: go fix -slicescontains ./... by @​mvdan in 7b65843
• all: go fix -stringsseq ./... by @​mvdan in 2895806
• internal/core/adt: treat equality bound as open validator by @​mpvl in 15f2a53
• internal/core/adt: add tests for Issue 4142 by @​mpvl in de886bc
• cue/testdata/eval/bounds.txtar: accept v3 as golden by @​mpvl in ff6f38b
• cue: support ... operator in Expr by @​mpvl in 3d8e9ea
• internal/ci: bump Go and goreleaser by @​mvdan in 64a5e68
• update all dependencies by @​mvdan in d4d62e6
• tools/fix: add fixAliasAndSelf by @​mpvl in 2b281ea
• internal/core: make label references work for all field types by @​mpvl in 23a328a
• cue/ast/astutil: add resolver support for postfix aliases by @​mpvl in 4d8b1da
• internal/core/adt: report error for missing required fields by @​mpvl in a25fb94
• internal/core/adt: add tests for issue 3918 by @​mpvl in 166a851
• cue/parser|format: implement postfix alias syntax by @​mpvl in 0eb7de7
• all: apply more gopls suggestions by @​mvdan in 8d2909c
• lsp/definitions: fix broken build due to self renaming by @​cuematthew in 8df341b
• internal/cueexperiment: rename self experiment to aliasandself by @​mpvl in a8dce0b
• internal/ci: use unauthenticated GerritHub URL by @​jpluscplusm in 3dabab4
• cue: add postfix alias syntax infrastructure by @​mpvl in d92ce18
• internal/core/adt: fix disjunction related mem mgmt bug by @​mpvl in 335e4fb
• encoding/jsonschema: optimize items in definitions too by @​rogpeppe in 098b6d1
• encoding/jsonschema: add a test to check optimization in definitions by @​rogpeppe in 29ad8ee
• all: fix a number of bad godocs spotted by gopls by @​mvdan in 5b42b38
• encoding: fix two gopls warnings by @​mvdan in 33621a6
• switch this repository to cue.gerrithub.io by @​mvdan in 2a81d1e
• encoding/jsonschema: use unique item values in Generate by @​rogpeppe in 947c85c
• internal/anyunique: new package by @​rogpeppe in 84c673a
• encoding/jsonschema: recognize pattern constraints in Generate by @​rogpeppe in c356c10
• encoding/jsonschema: fix patternProperties in Extract by @​rogpeppe in fc58592
• encoding/jsonschema: recognize different forms of "const" by @​rogpeppe in 5433cb9
• cue: support iteration over pattern constraints by @​rogpeppe in a6f97a1
• internal/core/adt: cache containsDefID results by @​mvdan in 992c1cd
• internal/core/adt: always print errors in leaf nodes by @​mpvl in 8dce6dc
• internal/ci: stop generating checksums.txt as a release archive by @​mvdan in 15e67c0
• internal/core/adt: turn Vertex.VisitAllConjuncts into an iterator by @​mvdan in 2536d4f
• internal/core/...: fully transition away from Vertex.VisitLeafConjuncts by @​mvdan in 40aa589
• encoding/jsonschema: recognize closed structs in Generate by @​rogpeppe in 113d7b9
• cue: implement IsClosed and IsClosedRecursively by @​mpvl in b28a5f3
• encoding/jsonschema: improve teststats by @​rogpeppe in 28054b0
• encoding/jsonschema: treat close as no-op for now by @​rogpeppe in b670102
• encoding/jsonschema: recognize list.MatchN in Generate by @​rogpeppe in 09a0f42
• encoding/jsonschema: recognize explicit errors in CUE by @​rogpeppe in d293a17
• encoding/jsonschema: use error builtin rather than _|_ by @​rogpeppe in 49126bb
• cue: add test case for the fixed bug 4037 by @​mvdan in 5c6dd1c
• cue: fix panic in LookupPath on unfinalized arcs by @​rogpeppe in 4160e88
• encoding/jsonschema: recognize matchIf in Generate by @​rogpeppe in fedcd87
• internal/core/adt: avoid hang on self-references through "let" by @​mvdan in 85e008d
• encoding/yaml: consistently use cue.Concrete when calling Value.Syntax by @​mvdan in 39d559b
• encoding/jsonschema: use more generic siblings function by @​rogpeppe in 366de4b
• encoding/jsonschema: minor improvements to Generate by @​rogpeppe in 06d8b91
• encoding/jsonschema: add a few tests by @​rogpeppe in 2efaae1
• encoding/jsonschema: recognize matchN in Generate by @​rogpeppe in 40a9710
• encoding/jsonschema: round trip external tests by @​rogpeppe in 899a983
• encoding/jsonschema: list support by @​rogpeppe in b4b3d1b
• encoding/jsonschema: improve mergeAllOf behavior by @​rogpeppe in b8e3859
• internal/core/adt: test TopKind in TestKindString by @​mvdan in 42731c2
• all: continue transition away from adt.Vertex.VisitLeafConjuncts by @​mvdan in 658608c
• encoding/jsonschema: adjust for net/url fix in go@​master by @​mvdan in f79aafe
• internal/core/adt: add the Vertex.LeafConjuncts iterator by @​mvdan in 2af8a20
• internal/core/adt: turn VisitConjuncts into ConjunctsSeq by @​mvdan in [b33320b](https://redirect.github.com/cue-lang/cue/commit/b33320bac26e88703e1d9b6e0ae9bd1df5a

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

To execute skipped test pipelines write comment /ok-to-test.

---

Documentation

Find out how to configure dependency updates in MintMaker documentation or see all available configuration options in Renovate documentation.

[red-hat-konflux]

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: go.sum

Command failed: go get -t ./...
go: github.com/ThalesIgnite/[email protected]: parsing go.mod:
	module declares its path as: github.com/ThalesGroup/crypto11
	        but was required as: github.com/ThalesIgnite/crypto11