[release-v1.17][gomod]: Bump the minor group across 1 directory with 3 updates

[dependabot]

Bumps the minor group with 3 updates in the / directory: github.com/getkin/kin-openapi, github.com/oapi-codegen/oapi-codegen/v2 and github.com/oapi-codegen/runtime.

Updates github.com/getkin/kin-openapi from 0.133.0 to 0.134.0

Release notes

Sourced from github.com/getkin/kin-openapi's releases.

v0.134.0

What's Changed

• openapi3filter: feat(multipart-ct-decoder): default body decoder on binary schema by @​mieltn in getkin/kin-openapi#1097
• openapi3: ensure SchemaErrors get the correct path for allOf schemas by @​jamesfcarter in getkin/kin-openapi#1098
• openapi3filter: Fix empty string handling in parameter validation by @​utah-KT in getkin/kin-openapi#1096
• tidy(docs): Update references to oapi-codegen project URL (issue getkin#1094) by @​frenchi in getkin/kin-openapi#1095
• openapi2conv: fix allOf inside additionalProperties by @​dani-maarouf in getkin/kin-openapi#1103
• openapi3filter: Reject requests with body when non expected (issue 1100) by @​CynanX in getkin/kin-openapi#1101
• openapi3: fix for RFC3339 validation: time-offset is a required component by @​mpreu in getkin/kin-openapi#1104
• openapi3: add file path to origin location tracking by @​reuvenharrison in getkin/kin-openapi#1128
• openapi3filter: fix bug where absent optional properties fail validation in form-urlencoded requests by @​thierry-f-78 in getkin/kin-openapi#1110
• feat: add document-scoped format validators to prevent global state pollution by @​the-corp-mark in getkin/kin-openapi#1126
• openapi3: process discriminator mapping values as refs by @​RaduPetreTarean in getkin/kin-openapi#1108
• openapi3: serialize Extensions when using $ref by @​irees in getkin/kin-openapi#1131

New Contributors

• @​mieltn made their first contribution in getkin/kin-openapi#1097
• @​jamesfcarter made their first contribution in getkin/kin-openapi#1098
• @​utah-KT made their first contribution in getkin/kin-openapi#1096
• @​frenchi made their first contribution in getkin/kin-openapi#1095
• @​dani-maarouf made their first contribution in getkin/kin-openapi#1103
• @​CynanX made their first contribution in getkin/kin-openapi#1101
• @​mpreu made their first contribution in getkin/kin-openapi#1104
• @​thierry-f-78 made their first contribution in getkin/kin-openapi#1110
• @​the-corp-mark made their first contribution in getkin/kin-openapi#1126
• @​RaduPetreTarean made their first contribution in getkin/kin-openapi#1108

Full Changelog: getkin/kin-openapi@v0.133.0...v0.134.0

Commits

• 713eff1 openapi3: serialize Extensions when using $ref (#1131)
• 88234d0 openapi3: process discriminator mapping values as refs (#1108)
• b4a86ce feat: add document-scoped format validators to prevent global state pollution...
• fd00a26 openapi3filter: fix bug where absent optional properties fail validation in f...
• ede8b1f openapi3: add file path to origin location tracking (#1128)
• 45db2ad Fix RFC3339 validation (#1104)
• 2ac6346 feat: support rejecting when request body present but not required by specifi...
• 6321ee8 openapi2conv: fix allOf inside additionalProperties (#1103)
• f53e403 tidy(docs): Update references to oapi-codegen project URL (issue getkin#1094)...
• 6a04fdf openapi3: Allow usage of empty string (#1096)
• Additional commits viewable in compare view

Updates github.com/oapi-codegen/oapi-codegen/v2 from 2.5.1 to 2.6.0

Release notes

Sourced from github.com/oapi-codegen/oapi-codegen/v2's releases.

v2.6.0: 7th anniversary release 🎂

For those that aren't aware, 7 years ago to the day, oapi-codegen was born!

(Well, technically it's tonight at midnight UTC, but who's splitting hairs?)

There's nothing too special planned for today, but we thought it'd be the perfect time to cut a slice of cake a release!

🎉 Notable changes

New generated code requires oapi-codegen/runtime v1.2.0+

As part of #2256, github.com/oapi-codegen/runtime v1.2.0 is needed alongside github.com/oapi-codegen/oapi-codegen, for new generated code.

This is providing a more future-proofed means to bind parameters.

See the release notes for the runtime package, and #2256 for more information.

oapi-codegen was part of the GitHub Secure Open Source Fund

oapi-codegen was one of the projects taking part in the third GitHub Secure Open Source Fund session.

We've written up more about what we've learned, and have some more things to share with you over the coming months about lessons we've learned and improvements we've taken that we can share.

We were pretty chuffed to be selected, and it's already helped improve our security posture as a project, which is also very important for the wider ecosystem!

go directive bump in next release

Long-time users will be aware that we work very hard to try and keep our requirement for Go source compatibility, through the go directive, especially as we recommend folks use oapi-codegen as a source-tracked dependency.

For more details about this, see our Support Model docs.

In the next minor release, we'll be setting our minimum go directive to Go 1.24 (End-of-Life on 2026-02-11), as it's required for a number of dependencies of ours to be updated any higher, and a change to the module import path for Speakeasy's OpenAPI Overlay library requires us fix this centrally for our users to be able to continue updating their libraries.

[!NOTE] Nothing is changing as part of v2.6.0, this is a pre-announcement for v2.7.0.

Behind the scenes cleanup

There's also been some work behind-the-scenes to try and clean up outstanding issues (of which we know there are many!) that have been fixed, as well as Marcin's work on trying to do some more significant rework of the internals with help from Claude.

There's still, as ever, work to go with this - as we've mentioned before, sponsoring our work would be greatly appreciated, so we can continue to put in the work, considering this is a widely used and depended on project.

🚀 New features and improvements

• feat: Pass schema type/formats to runtime v1.2.0 to allow better parameter serialization (#2256) @​mromaszewicz
• feat: add Valid() method to generated enum types (#2227) @​mromaszewicz
• Support nullable slice elements and map values (#2185) @​iamtakingiteasy

... (truncated)

Commits

• efb2df3 docs: add example of using Renovate to sync files between repos
• d04991e fix: qualify external ref schema types in default response codes (#2241)
• 15fc536 fix: pass OpenAPI type/format to runtime parameter binding and styling functions
• 28d0083 Update github.com/oapi-codegen/runtime to v1.2.0
• 890e8de chore(deps): update module github.com/golangci/golangci-lint to v2.10.1 (make...
• 6f6e243 chore(deps): update github/codeql-action action to v4.32.4 (.github/workflows)
• 3f9222e chore(deps): update actions/setup-go action to v6.3.0 (.github/workflows)
• 33cd677 chore(deps): update actions/checkout action to v6 (.github/workflows)
• 109fbfa chore(deps): update release-drafter/release-drafter action to v6.2.0 (.github...
• c184310 chore(deps): update actions/upload-artifact action to v7 (.github/workflows)
• Additional commits viewable in compare view

Updates github.com/oapi-codegen/runtime from 1.1.2 to 1.2.0

Release notes

Sourced from github.com/oapi-codegen/runtime's releases.

Parameter binding extensions, bug fixes, dependency updates

Notable Changes

The main change in this release is the addition of new Parameter binding and styling functions, which allow the code generator to pass in the type and format from the spec. Previously, we inferred what we wanted to do based on the destination type, however, it's not always possible to decide this without information about the specification.

🚀 New features and improvements

• feat: add BindRawQueryParameter for correct comma handling (#92) @​mromaszewicz
• fix: add TypeHint-aware parameter binding and styling for []byte (#97) (#98) @​mromaszewicz
• Support array of objects parameters (#40) @​danicc097
• Allow BindStyledParameterWithOptions to fill maps (#72) @​JoZie

🐛 Bug fixes

• fix: bind Date and Time query params as scalar values (#21) (#93) @​mromaszewicz
• fix: support non-indexed deepObject array unmarshaling (#22) (#96) @​mromaszewicz
• fix: correct time.Time date-only fallback parsing in deepObject (#95) @​mromaszewicz
• Refactor date parsing error handling (#88) @​jsnfwlr
• fix: improve email validation using net/mail package (#60) @​sniperwolf
• Fix deepObject marshalling losing json number format/precision (#29) @​mgabeler-lee-6rs
• Fix issue 55 (#56) @​mikhalytch
• fix(deepobject): support nested objects in deepObject arrays (#84) @​adrianbrad

👻 Maintenance

• feat(fix): bump gin version (#51) @​Gamawn
• Update golang.org/x/crypto to v0.32.0 (#59) @​kojustin
• Updated Golang reference to address security vulnerability (#57) @​ivan-manzhulin
• Fix linter errors (#85) @​mromaszewicz
• build: capture govulncheck results as Code Scanning alerts (#80) @​jamietanna

📦 Dependency updates

• chore(deps): update release-drafter/release-drafter action to v6 (#31) @renovate[bot]

Sponsors

We would like to thank our sponsors for their support during this release.

... (truncated)

Commits

• b76a24f fix: bind Date and Time query params as scalar values (#21) (#93)
• 1f844c3 feat: add BindRawQueryParameter for correct comma handling (#92)
• ca4e933 fix: support non-indexed deepObject array unmarshaling (#22) (#96)
• ead11e4 fix: correct time.Time date-only fallback parsing in deepObject (#95)
• 224825a fix: add Type/Format-aware parameter binding and styling for []byte (#97) (#98)
• 03288f9 Refactor date parsing error handling (#88)
• effec1a feat(fix): bump gin version (#51)
• 53a813b fix: improve email validation using net/mail package (#60)
• 451d249 Update golang.org/x/crypto to v0.32.0 (#59)
• 7dffa6e Updated Golang reference to address security vulnerability (#57)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: dependabot[bot]
Once this PR has been reviewed and has the lgtm label, please assign aliok for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[openshift-ci]

Hi @dependabot[bot]. Thanks for your PR.

I'm waiting for a openshift-knative member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work.

Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.