Skip to content

Update Go dependencies#61

Open
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/go-dependencies
Open

Update Go dependencies#61
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/go-dependencies

Conversation

@renovate

@renovate renovate Bot commented Feb 12, 2026

Copy link
Copy Markdown
Contributor

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package Change Age Confidence Type Update
github.com/aws/smithy-go v1.24.0v1.27.3 age confidence indirect minor
github.com/fsnotify/fsnotify v1.9.0v1.10.1 age confidence indirect minor
github.com/fxamacker/cbor/v2 v2.9.0v2.9.2 age confidence indirect patch
github.com/go-openapi/jsonpointer v0.22.4v0.24.0 age confidence indirect minor
github.com/go-openapi/jsonreference v0.21.4v0.21.6 age confidence indirect patch
github.com/go-openapi/swag v0.25.4v0.27.0 age confidence indirect minor
github.com/go-openapi/swag/cmdutils v0.25.4v0.27.0 age confidence indirect minor
github.com/go-openapi/swag/conv v0.25.4v0.27.0 age confidence indirect minor
github.com/go-openapi/swag/fileutils v0.25.4v0.27.0 age confidence indirect minor
github.com/go-openapi/swag/jsonname v0.25.4v0.27.0 age confidence indirect minor
github.com/go-openapi/swag/jsonutils v0.25.4v0.27.0 age confidence indirect minor
github.com/go-openapi/swag/loading v0.25.4v0.27.0 age confidence indirect minor
github.com/go-openapi/swag/mangling v0.25.4v0.27.0 age confidence indirect minor
github.com/go-openapi/swag/netutils v0.25.4v0.27.0 age confidence indirect minor
github.com/go-openapi/swag/stringutils v0.25.4v0.27.0 age confidence indirect minor
github.com/go-openapi/swag/typeutils v0.25.4v0.27.0 age confidence indirect minor
github.com/go-openapi/swag/yamlutils v0.25.4v0.27.0 age confidence indirect minor
github.com/grpc-ecosystem/grpc-gateway/v2 v2.27.8v2.29.0 age confidence indirect minor
github.com/hashicorp/go-version v1.8.0v1.9.0 age confidence indirect minor
github.com/mattn/go-colorable v0.1.14v0.1.15 age confidence indirect patch
github.com/mattn/go-isatty v0.0.20v0.0.22 age confidence indirect patch
github.com/rs/zerolog v1.34.0v1.35.1 age confidence indirect minor
github.com/traefik/paerser v0.2.2v0.2.3 age confidence indirect patch
go (source) 1.26.01.26.4 age confidence toolchain patch
go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc v0.16.0v0.20.0 age confidence indirect minor
go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.40.0v1.44.0 age confidence indirect minor
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.40.0v1.44.0 age confidence indirect minor
go.opentelemetry.io/otel/log v0.16.0v0.20.0 age confidence indirect minor
go.opentelemetry.io/otel/metric v1.40.0v1.44.0 age confidence indirect minor
go.opentelemetry.io/otel/sdk/log v0.16.0v0.20.0 age confidence indirect minor
go.opentelemetry.io/otel/trace v1.40.0v1.44.0 age confidence indirect minor
go.opentelemetry.io/proto/otlp v1.9.0v1.10.0 age confidence indirect minor
golang.org/x/crypto v0.48.0v0.53.0 age confidence indirect minor
golang.org/x/mod v0.33.0v0.37.0 age confidence indirect minor
golang.org/x/net v0.50.0v0.56.0 age confidence indirect minor
golang.org/x/oauth2 v0.35.0v0.36.0 age confidence indirect minor
golang.org/x/sync v0.19.0v0.21.0 age confidence indirect minor
golang.org/x/sys v0.41.0v0.46.0 age confidence indirect minor
golang.org/x/term v0.40.0v0.44.0 age confidence indirect minor
golang.org/x/text v0.34.0v0.38.0 age confidence indirect minor
golang.org/x/time v0.14.0v0.15.0 age confidence indirect minor
golang.org/x/tools v0.42.0v0.47.0 age confidence indirect minor
google.golang.org/genproto/googleapis/api 4cfbd41925bb5d age confidence indirect digest
google.golang.org/genproto/googleapis/rpc 4cfbd41925bb5d age confidence indirect digest
k8s.io/api v0.35.1v0.36.2 age confidence require minor
k8s.io/apiextensions-apiserver v0.35.1v0.36.2 age confidence require minor
k8s.io/apimachinery v0.35.1v0.36.2 age confidence require minor
k8s.io/client-go v0.35.1v0.36.2 age confidence require minor
k8s.io/klog/v2 v2.130.1v2.140.0 age confidence indirect minor
k8s.io/kube-openapi a19766b8f3fa49 age confidence indirect digest
k8s.io/utils b8788abbe93311 age confidence indirect digest
sigs.k8s.io/structured-merge-diff/v6 v6.3.2v6.4.0 age confidence indirect minor

Release Notes

aws/smithy-go (github.com/aws/smithy-go)

v1.27.3

Compare Source

General Highlights

  • Dependency Update: Updated to the latest SDK module versions

Module Highlights

  • github.com/aws/smithy-go: v1.27.3
    • Bug Fix: Fix bug in JSON doc encoder and endpoint host label format validation

v1.27.2

Compare Source

General Highlights

  • Dependency Update: Updated to the latest SDK module versions

Module Highlights

  • github.com/aws/smithy-go: v1.27.2
    • Bug Fix: Fix incorrect serialization of unions in CBOR-based protocols.

v1.27.1

Compare Source

General Highlights

  • Dependency Update: Updated to the latest SDK module versions

Module Highlights

  • github.com/aws/smithy-go: v1.27.1
    • Bug Fix: Fixed a deserialization failure in all protocols when encountering a union with explicit null members.
    • Bug Fix: Fixed a panic when deserializing nested unions in JSON- and CBOR-based protocols.

v1.27.0

Compare Source

General Highlights

  • Dependency Update: Updated to the latest SDK module versions

Module Highlights

  • github.com/aws/smithy-go: v1.27.0
    • Feature: Add APIs for schema-based serialization.
    • Feature: Add support for all current AWS and Smithy protocols.
    • Bug Fix: Enforce max nesting depth of 128 on CBOR payloads.
  • github.com/aws/smithy-go/aws-http-auth: v1.2.0
    • Feature: Add event stream signer.

v1.26.0

Compare Source

General Highlights

  • Dependency Update: Updated to the latest SDK module versions

Module Highlights

  • github.com/aws/smithy-go: v1.26.0
    • Feature: Add StringSlice to endpoint rulesfn.

v1.25.1

Compare Source

General Highlights

  • Dependency Update: Updated to the latest SDK module versions

Module Highlights

  • github.com/aws/smithy-go: v1.25.1
    • Bug Fix: Fixed a memory leak in the LRU cache implementation used by some AWS services.

v1.25.0

Compare Source

General Highlights

  • Dependency Update: Updated to the latest SDK module versions

Module Highlights

  • github.com/aws/smithy-go: v1.25.0
    • Feature: Add support for endpointBdd trait

v1.24.3

Compare Source

General Highlights

  • Dependency Update: Updated to the latest SDK module versions

Module Highlights

  • github.com/aws/smithy-go: v1.24.3
    • Bug Fix: Add additional sigv4 configuration.
  • github.com/aws/smithy-go/aws-http-auth: v1.1.3
    • Bug Fix: Add additional sigv4 configuration.

v1.24.2: Release (2026-02-27)

Compare Source

Release (2026-02-27)

General Highlights

  • Dependency Update: Bump minimum go version to 1.24.

v1.24.1

Compare Source

General Highlights

  • Dependency Update: Updated to the latest SDK module versions

Module Highlights

  • github.com/aws/smithy-go: v1.24.1
    • Feature: Add new middleware functions to get event stream output from middleware
fsnotify/fsnotify (github.com/fsnotify/fsnotify)

v1.10.1

Compare Source

Changes and fixes
  • inotify: don't remove sibling watches sharing a path prefix (#​754)

  • inotify, windows: don't rename sibling watches sharing a path prefix
    (#​755)

v1.10.0

Compare Source

This version of fsnotify needs Go 1.23.

Changes and fixes
  • inotify: improve initialization error message (#​731)

  • inotify: send Rename event if recursive watch is renamed (#​696)

  • inotify: avoid copying event buffers when reading names (#​741)

  • kqueue: skip dangling symlinks (ENOENT) in watchDirectoryFiles, so a bad entry no longer aborts Watcher.Add for the whole directory (#​748)

  • kqueue: drop watches directly in Close() to fix a file descriptor leak when recycling watchers (#​740)

  • windows: fix nil pointer dereference in remWatch (#​736)

  • windows: lock watch field updates against concurrent WatchList to fix a race introduced in v1.9.0 (#​709, #​749)

fxamacker/cbor (github.com/fxamacker/cbor/v2)

v2.9.2

Compare Source

This release refactors and hardens the streaming encoder by adding stricter checks for encoding CBOR indefinite-length data. Other changes include minor bugfixes, defensive checks, and more tests.

Projects that don't use CBOR indefinite-length data may also want to upgrade (summary of prior releases).

The stricter checks in the encoder prevent improper use of the library and bad inputs from producing malformed CBOR indefinite-length data that would be rejected by the decoder.

This release passed fuzz tests (billions of execs) and it is production quality.

What's Changed

  • Reject encoding indefinite-length map with odd item count by @​fxamacker in #​764
  • Reject encoding indefinite-length data item as a chunk inside indefinite-length byte string or text string by @​fxamacker in #​765
  • Make TagSet.Remove a no-op when contentType is nil by @​fxamacker in #​766
  • Refactor indefinite-length encoding and improve chunk validation during encoding by @​fxamacker in #​767
  • Add more tests, fix a nit in unreachable panic message, update docs & ci by @​fxamacker in #​768
CI / GitHub Actions and Docs
🔎 Details...

Full Changelog: fxamacker/cbor@v2.9.1...v2.9.2

v2.9.1

Compare Source

This release includes important bugfixes, defensive checks, improved code quality, and more tests. Although not public, the fuzzer was also improved by adding more fuzz tests.

🐞 Bug fixes related to the keyasint feature

These changes only affect Go struct fields tagged with keyasint:

  • [Decoding] Reject integer keys that exceed math.MaxInt64 when decoding CBOR map to a struct with keyasint field (PR #​757)
  • [Decoding] Prevent string representation of an integer key from matching the struct field tagged by keyasint (PR #​757)
  • [Encoding & Decoding] Deduplicate struct fields with the same normalized keyasint tag values (PR #​757)
🐞 Other bug fixes and defensive checks

Some of the bugs fixed are related to decoding extreme values that cannot be encoded with this library. For example, the decoder checks if epoch time encoded as CBOR float value representing hundreds of billions of years overflows int64(seconds).

NOTE: It is generally good practice to avoid using floating point to store epoch time (even when not using CBOR).

  • [Decoding] Reject decoding epoch time encoded as floats that overflow int64 (PR #​753)
  • [Encoding] Return a cloned slice for an empty RawMessage from RawMessage.MarshalCBOR (PR #​753)
  • [Encoding] Reject encoding nil inside indefinite-length strings (PR #​750)
  • [Diagnostic] Accept valid U+FFFD replacement character (PR #​753)

What's Changed

CI / GitHub Actions and Docs
🔎 Details...

New Contributors

Full Changelog: fxamacker/cbor@v2.9.0...v2.9.1

go-openapi/jsonpointer (github.com/go-openapi/jsonpointer)

v0.24.0

Compare Source

0.24.0 - 2026-06-29

Full Changelog: go-openapi/jsonpointer@v0.23.2...v0.24.0

17 commits in this release.


Implemented enhancements
  • feat(jsonname): added new json name provider more respectful of go conventions for JSON (#​195) by @​fredbi ...
Refactor
  • refact: refactored the package into multiple specialized sub-packages by @​fredbi ...
  • refact loading, jsonutils, yamlutils utililities by @​fredbi ...
Documentation
Code quality
Testing
Miscellaneous tasks
  • chore: removed most remaining external dependencies by @​fredbi ...
Updates
  • build(deps): bump the go-openapi-dependencies group across 15 directories with 2 updates by @​dependabot[bot] ...
  • build(deps): bump the go-openapi-dependencies group across 15 directories with 2 updates by @​dependabot[bot] ...
Other (technical)

People who contributed to this release

jsonpointer license terms

License

v0.23.2

Compare Source

0.23.2 - 2026-06-26

Full Changelog: go-openapi/jsonpointer@v0.23.1...v0.23.2

13 commits in this release.


Implemented enhancements
  • feat(ci): added shared workflow for bot-pr monitoring by @​fredbi ...
Documentation
Miscellaneous tasks
Updates

People who contributed to this release

jsonpointer license terms

License

v0.23.1

Compare Source

0.23.1 - 2026-04-18

Full Changelog: go-openapi/jsonpointer@v0.23.0...v0.23.1

5 commits in this release.


Fixed bugs
  • fix(offset): in Offset method, fixed index of value of array element. by @​fredbi in #​128 ...
Documentation
Updates

People who contributed to this release

jsonpointer license terms

License

v0.23.0

Compare Source

0.23.0 - 2026-04-15

Support for known limitations

Full Changelog: go-openapi/jsonpointer@v0.22.5...v0.23.0

16 commits in this release.


Implemented enhancements
Fixed bugs
Documentation

Note

PR body was truncated to here.


Configuration

📅 Schedule: (UTC)

  • Branch creation
    • At any time (no schedule defined)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate Bot force-pushed the renovate/go-dependencies branch from c5aa940 to bda3068 Compare February 13, 2026 08:57
@renovate renovate Bot changed the title Update module go.yaml.in/yaml/v2 to v2.4.3 Update Go dependencies Feb 13, 2026
@renovate renovate Bot force-pushed the renovate/go-dependencies branch 5 times, most recently from 3d2dcbc to 7733261 Compare February 23, 2026 23:46
@renovate renovate Bot force-pushed the renovate/go-dependencies branch 7 times, most recently from 4299dcb to 412b9f6 Compare March 4, 2026 21:03
@renovate renovate Bot force-pushed the renovate/go-dependencies branch 13 times, most recently from 96c5f3d to 1195136 Compare March 12, 2026 05:15
@renovate renovate Bot force-pushed the renovate/go-dependencies branch 3 times, most recently from 197119b to d98497a Compare March 17, 2026 20:58
@renovate renovate Bot force-pushed the renovate/go-dependencies branch 3 times, most recently from 6c54a5c to 09548fa Compare March 30, 2026 20:42
@renovate

renovate Bot commented Mar 30, 2026

Copy link
Copy Markdown
Contributor Author

ℹ️ Artifact update notice

File name: go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

  • 5 additional dependencies were updated

Details:

Package Change
github.com/go-jose/go-jose/v4 v4.1.3 -> v4.1.4
go.opentelemetry.io/otel v1.40.0 -> v1.44.0
go.opentelemetry.io/otel/sdk v1.40.0 -> v1.44.0
google.golang.org/grpc v1.79.0 -> v1.81.1
google.golang.org/protobuf v1.36.11 -> v1.36.12-0.20260120151049-f2248ac996af

@renovate renovate Bot force-pushed the renovate/go-dependencies branch 9 times, most recently from bc58ff3 to a1db88c Compare April 7, 2026 00:57
@renovate renovate Bot force-pushed the renovate/go-dependencies branch 11 times, most recently from eb82af5 to 00afaeb Compare April 14, 2026 21:06
@renovate renovate Bot force-pushed the renovate/go-dependencies branch 5 times, most recently from 6191a8a to 9784503 Compare April 19, 2026 18:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants