Skip to content

chore(deps): update go dependencies#1718

Merged
osmman merged 2 commits into
mainfrom
konflux/mintmaker/main/go-deps
May 20, 2026
Merged

chore(deps): update go dependencies#1718
osmman merged 2 commits into
mainfrom
konflux/mintmaker/main/go-deps

Conversation

@red-hat-konflux
Copy link
Copy Markdown
Contributor

@red-hat-konflux red-hat-konflux Bot commented Mar 30, 2026
edited
Loading

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package Type Update Change
github.com/Masterminds/semver/v3 indirect minor v3.4.0v3.5.0
github.com/docker/cli indirect minor v29.3.0+incompatiblev29.5.1+incompatible
github.com/docker/docker-credential-helpers indirect patch v0.9.5v0.9.7
github.com/emicklei/go-restful/v3 indirect minor v3.12.2v3.13.0
github.com/fsnotify/fsnotify indirect minor v1.9.0v1.10.1
github.com/fxamacker/cbor/v2 indirect patch v2.9.0v2.9.2
github.com/go-openapi/jsonpointer indirect minor v0.22.5v0.23.1
github.com/go-openapi/swag indirect minor v0.25.5v0.26.0
github.com/go-openapi/swag/cmdutils indirect minor v0.25.5v0.26.0
github.com/go-openapi/swag/conv indirect minor v0.25.5v0.26.0
github.com/go-openapi/swag/fileutils indirect minor v0.25.5v0.26.0
github.com/go-openapi/swag/jsonname indirect minor v0.25.5v0.26.0
github.com/go-openapi/swag/jsonutils indirect minor v0.25.5v0.26.0
github.com/go-openapi/swag/loading indirect minor v0.25.5v0.26.0
github.com/go-openapi/swag/mangling indirect minor v0.25.5v0.26.0
github.com/go-openapi/swag/netutils indirect minor v0.25.5v0.26.0
github.com/go-openapi/swag/stringutils indirect minor v0.25.5v0.26.0
github.com/go-openapi/swag/typeutils indirect minor v0.25.5v0.26.0
github.com/go-openapi/swag/yamlutils indirect minor v0.25.5v0.26.0
github.com/go-sql-driver/mysql require minor v1.9.3v1.10.0
github.com/google/pprof indirect digest a15ffb792041b7
github.com/google/trillian require patch v1.7.2v1.7.3
github.com/klauspost/compress indirect patch v1.18.5v1.18.6
github.com/moby/spdystream indirect patch v0.5.0v0.5.1
github.com/onsi/ginkgo/v2 require minor v2.27.2v2.29.0
github.com/onsi/gomega require minor v1.38.2v1.41.0
github.com/openshift/api require digest 1e7cd4bdcaca8e
github.com/vbatts/tar-split indirect patch v0.12.2v0.12.3
go.yaml.in/yaml/v2 indirect major v2.4.3v3.0.4
golang.org/x/mod indirect minor v0.34.0v0.36.0
golang.org/x/net indirect minor v0.52.0v0.54.0
golang.org/x/sys indirect minor v0.42.0v0.44.0
golang.org/x/term indirect minor v0.41.0v0.43.0
golang.org/x/text indirect minor v0.35.0v0.37.0
golang.org/x/tools indirect minor v0.43.0v0.45.0
gomodules.xyz/jsonpatch/v2 indirect major v2.4.0v3.0.1
gopkg.in/evanphx/json-patch.v4 indirect major v4.13.0v5.9.11
k8s.io/api require minor v0.35.3v0.36.1
k8s.io/apiextensions-apiserver indirect minor v0.35.3v0.36.1
k8s.io/apimachinery require minor v0.35.3v0.36.1
k8s.io/client-go require minor v0.35.3v0.36.1
k8s.io/klog/v2 require minor v2.130.1v2.140.0
k8s.io/kube-aggregator require minor v0.35.3v0.36.1
k8s.io/kube-openapi indirect digest 5883c5ebbf5c55
k8s.io/utils require digest 28399d8ff6756f
sigs.k8s.io/controller-runtime require minor v0.23.3v0.24.1
sigs.k8s.io/structured-merge-diff/v6 indirect minor v6.3.3-0.20260224192135-eedc5365731cv6.4.0

Warning

Some dependencies could not be looked up. Check the warning logs for more information.

Release Notes

Masterminds/semver (github.com/Masterminds/semver/v3)

v3.5.0

Compare Source

What's Changed

New Contributors

Full Changelog: Masterminds/semver@v3.4.0...v3.5.0

docker/cli (github.com/docker/cli)

v29.5.1+incompatible

Compare Source

v29.5.0+incompatible

Compare Source

v29.4.3+incompatible

Compare Source

v29.4.2+incompatible

Compare Source

v29.4.1+incompatible

Compare Source

v29.4.0+incompatible

Compare Source

v29.3.1+incompatible

Compare Source

docker/docker-credential-helpers (github.com/docker/docker-credential-helpers)

v0.9.7

Compare Source

What's Changed

  • update to go1.26.3
  • ci: update zizmore action to v1.7.1

Full Changelog: docker/docker-credential-helpers@v0.9.6...v0.9.7

v0.9.6

Compare Source

What's Changed

  • update to go1.25.9
  • secretservice: allow building on openbsd
  • wincred: minor cleanups
  • Dockerfile: document build-args
  • Dockerfile: update golangci-lint to v2.11
  • Dockerfile: update xx to v1.9.0
  • ci: set default permissions and timeouts
  • ci: update actions
  • ci: pin actions by sha
  • ci: add zizmor workflow

Full Changelog: docker/docker-credential-helpers@v0.9.5...v0.9.6

emicklei/go-restful (github.com/emicklei/go-restful/v3)

v3.13.0

Compare Source

  • optimize performance of path matching in CurlyRouter ( thanks @​wenhuang, Wen Huang)
fsnotify/fsnotify (github.com/fsnotify/fsnotify)

v1.10.1

Compare Source

Changes and fixes

  • inotify: don't remove sibling watches sharing a path prefix (#​754)

  • inotify, windows: don't rename sibling watches sharing a path prefix
    (#​755)

v1.10.0

Compare Source

This version of fsnotify needs Go 1.23.

Changes and fixes

  • inotify: improve initialization error message (#​731)

  • inotify: send Rename event if recursive watch is renamed (#​696)

  • inotify: avoid copying event buffers when reading names (#​741)

  • kqueue: skip dangling symlinks (ENOENT) in watchDirectoryFiles, so a bad entry no longer aborts Watcher.Add for the whole directory (#​748)

  • kqueue: drop watches directly in Close() to fix a file descriptor leak when recycling watchers (#​740)

  • windows: fix nil pointer dereference in remWatch (#​736)

  • windows: lock watch field updates against concurrent WatchList to fix a race introduced in v1.9.0 (#​709, #​749)

fxamacker/cbor (github.com/fxamacker/cbor/v2)

v2.9.2

Compare Source

This release refactors and hardens the streaming encoder by adding stricter checks for encoding CBOR indefinite-length data. Other changes include minor bugfixes, defensive checks, and more tests.

Projects that don't use CBOR indefinite-length data may also want to upgrade (summary of prior releases).

The stricter checks in the encoder prevent improper use of the library and bad inputs from producing malformed CBOR indefinite-length data that would be rejected by the decoder.

This release passed fuzz tests (billions of execs) and it is production quality.

What's Changed
  • Reject encoding indefinite-length map with odd item count by @​fxamacker in #​764
  • Reject encoding indefinite-length data item as a chunk inside indefinite-length byte string or text string by @​fxamacker in #​765
  • Make TagSet.Remove a no-op when contentType is nil by @​fxamacker in #​766
  • Refactor indefinite-length encoding and improve chunk validation during encoding by @​fxamacker in #​767
  • Add more tests, fix a nit in unreachable panic message, update docs & ci by @​fxamacker in #​768
CI / GitHub Actions and Docs
🔎 Details...

Full Changelog: fxamacker/cbor@v2.9.1...v2.9.2

v2.9.1

Compare Source

This release includes important bugfixes, defensive checks, improved code quality, and more tests. Although not public, the fuzzer was also improved by adding more fuzz tests.

🐞 Bug fixes related to the keyasint feature

These changes only affect Go struct fields tagged with keyasint:

  • [Decoding] Reject integer keys that exceed math.MaxInt64 when decoding CBOR map to a struct with keyasint field (PR #​757)
  • [Decoding] Prevent string representation of an integer key from matching the struct field tagged by keyasint (PR #​757)
  • [Encoding & Decoding] Deduplicate struct fields with the same normalized keyasint tag values (PR #​757)
🐞 Other bug fixes and defensive checks

Some of the bugs fixed are related to decoding extreme values that cannot be encoded with this library. For example, the decoder checks if epoch time encoded as CBOR float value representing hundreds of billions of years overflows int64(seconds).

NOTE: It is generally good practice to avoid using floating point to store epoch time (even when not using CBOR).

  • [Decoding] Reject decoding epoch time encoded as floats that overflow int64 (PR #​753)
  • [Encoding] Return a cloned slice for an empty RawMessage from RawMessage.MarshalCBOR (PR #​753)
  • [Encoding] Reject encoding nil inside indefinite-length strings (PR #​750)
  • [Diagnostic] Accept valid U+FFFD replacement character (PR #​753)
What's Changed
CI / GitHub Actions and Docs
🔎 Details...

New Contributors

Full Changelog: fxamacker/cbor@v2.9.0...v2.9.1

go-openapi/jsonpointer (github.com/go-openapi/jsonpointer)

v0.23.1

Compare Source

0.23.1 - 2026-04-18

Full Changelog: go-openapi/jsonpointer@v0.23.0...v0.23.1

5 commits in this release.

Fixed bugs
  • fix(offset): in Offset method, fixed index of value of array element. by @​fredbi in #​128 ...
Documentation
Updates
People who contributed to this release

jsonpointer license terms

License

v0.23.0

Compare Source

0.23.0 - 2026-04-15

Support for known limitations

Full Changelog: go-openapi/jsonpointer@v0.22.5...v0.23.0

16 commits in this release.

Implemented enhancements
Fixed bugs
Documentation
Miscellaneous tasks
Updates
People who contributed to this release
New Contributors

jsonpointer license terms

License

go-openapi/swag (github.com/go-openapi/swag)

v0.26.0

Compare Source

0.26.0 - 2026-04-15

Full Changelog: go-openapi/swag@v0.25.5...v0.26.0

14 commits in this release.

Implemented enhancements
  • feat(jsonname): added new json name provider more respectful of go co… by @​fredbi in #​195 ...
Documentation
Code quality
Miscellaneous tasks
Updates
People who contributed to this release

swag license terms

License

Per-module changes

cmdutils (0.26.0)

Miscellaneous tasks

conv (0.26.0)

Miscellaneous tasks
Updates

fileutils (0.26.0)

Miscellaneous tasks
Updates

jsonname (0.26.0)

Implemented enhancements
  • feat(jsonname): added new json name provider more respectful of go co… by @​fredbi in #​195 ...
Miscellaneous tasks
Updates

jsonutils/adapters/easyjson (0.26.0)

Miscellaneous tasks
Updates

jsonutils/adapters/testintegration/benchmarks (0.26.0)

Miscellaneous tasks
Updates

jsonutils/adapters/testintegration (0.26.0)

Miscellaneous tasks
Updates

jsonutils/fixtures_test (0.26.0)

Miscellaneous tasks
Updates

jsonutils (0.26.0)

Miscellaneous tasks
Updates

loading (0.26.0)

Miscellaneous tasks
Updates

mangling (0.26.0)

Miscellaneous tasks
Updates

netutils (0.26.0)

Miscellaneous tasks
Updates

stringutils (0.26.0)

Miscellaneous tasks
Updates

typeutils (0.26.0)

Miscellaneous tasks
Updates
  • build(deps): bump the go-openapi-dependencies group across 15 directories with 2 updates by @​dependabot[bot] in #​193 ...
  • build(deps): bump the go-openapi-dependencies group across 15 directories with 2 updates by [@​dependabot[bot]](https://redirec

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

To execute skipped test pipelines write comment /ok-to-test.

Documentation

Find out how to configure dependency updates in MintMaker documentation or see all available configuration options in Renovate documentation.

@red-hat-konflux red-hat-konflux Bot force-pushed the konflux/mintmaker/main/go-deps branch from 722ba52 to 878575a Compare March 30, 2026 18:55
@red-hat-konflux red-hat-konflux Bot changed the title chore(deps): update github.com/openshift/api digest to 94aed51 chore(deps): update go dependencies Mar 30, 2026
@red-hat-konflux
Copy link
Copy Markdown
Contributor Author

red-hat-konflux Bot commented Mar 30, 2026

ℹ Artifact update notice

File name: go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

  • 1 additional dependency was updated

Details:

Package Change
k8s.io/klog/v2 v2.130.1 -> v2.140.0

@red-hat-konflux red-hat-konflux Bot force-pushed the konflux/mintmaker/main/go-deps branch 6 times, most recently from b597bb6 to 91d7fa4 Compare April 2, 2026 14:49
@red-hat-konflux
Copy link
Copy Markdown
Contributor Author

red-hat-konflux Bot commented Apr 2, 2026
edited
Loading

ℹ️ Artifact update notice

File name: go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

  • 1 additional dependency was updated
  • The go directive was updated for compatibility reasons

Details:

Package Change
go 1.25.7 -> 1.26.0
google.golang.org/protobuf v1.36.11 -> v1.36.12-0.20260120151049-f2248ac996af

@red-hat-konflux red-hat-konflux Bot force-pushed the konflux/mintmaker/main/go-deps branch 19 times, most recently from db08a93 to 8614b93 Compare April 13, 2026 17:02
@red-hat-konflux red-hat-konflux Bot force-pushed the konflux/mintmaker/main/go-deps branch 23 times, most recently from aff813b to 2d0a0e3 Compare April 25, 2026 11:21
@red-hat-konflux red-hat-konflux Bot force-pushed the konflux/mintmaker/main/go-deps branch 2 times, most recently from 970d23b to d024fb5 Compare April 26, 2026 18:27
@codecov-commenter
Copy link
Copy Markdown

codecov-commenter commented May 18, 2026
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 23.36%. Comparing base (d4a3f10) to head (40aeb9f).

Additional details and impacted files 
@@           Coverage Diff           @@
##             main    #1718   +/-   ##
=======================================
  Coverage   23.36%   23.36%           
=======================================
  Files         193      193           
  Lines       10319    10319           
=======================================
  Hits         2411     2411           
  Misses       7717     7717           
  Partials      191      191
Flag Coverage Δ
unit 23.36% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@red-hat-konflux @osmman
chore(deps): update go dependencies
4342b95 
Signed-off-by: red-hat-konflux <126015336+red-hat-konflux[bot]@users.noreply.github.com>
@qodo-for-securesign
Copy link
Copy Markdown

qodo-for-securesign Bot commented May 20, 2026

CI Feedback 🧐

A test triggered by this PR failed. Here is an AI-generated analysis of the failure:

Action: golangci

Failed stage: golangci-lint [❌]

Failed test name: ""

Failure summary:

The action failed during the golangci-lint step because it could not load the linter configuration:

- golangci-lint v2.8.0 was built with Go 1.25.5, but the repo/config targets Go 1.26.0 (log line
241).
- As a result, golangci-lint run terminated with exit code 3 (log line 243).

Relevant error logs: 
1:  ##[group]Runner Image Provisioner
2:  Hosted Compute Agent
...

226:  ##[group]Install
227:  Finding needed golangci-lint version...
228:  Installation mode: binary
229:  Installing golangci-lint binary v2.8.0...
230:  Downloading binary https://github.com/golangci/golangci-lint/releases/download/v2.8.0/golangci-lint-2.8.0-linux-amd64.tar.gz ...
231:  [command]/usr/bin/tar xz --overwrite --warning=no-unknown-keyword --overwrite -C /home/runner -f /home/runner/work/_temp/b97efec9-8bc6-40c6-8932-9245ea032702
232:  Installed golangci-lint into /home/runner/golangci-lint-2.8.0-linux-amd64/golangci-lint in 570ms
233:  ##[endgroup]
234:  ##[group]run golangci-lint
235:  Running [/home/runner/golangci-lint-2.8.0-linux-amd64/golangci-lint config path] in [/home/runner/work/secure-sign-operator/secure-sign-operator] ...
236:  Running [/home/runner/golangci-lint-2.8.0-linux-amd64/golangci-lint run  --verbose --timeout=15m] in [/home/runner/work/secure-sign-operator/secure-sign-operator] ...
237:  level=info msg="golangci-lint has version 2.8.0 built with go1.25.5 from e2e40021 on 2026-01-07T21:29:47Z"
238:  level=info msg="[config_reader] Config search paths: [./ /home/runner/work/secure-sign-operator/secure-sign-operator /home/runner/work/secure-sign-operator /home/runner/work /home/runner /home /]"
239:  level=info msg="[config_reader] Used config file .golangci.yml"
240:  level=info msg="[config_reader] Module name \"github.com/securesign/operator\""
241:  Error: can't load config: the Go language version (go1.25) used to build golangci-lint is lower than the targeted Go version (1.26.0)
242:  The command is terminated due to an error: can't load config: the Go language version (go1.25) used to build golangci-lint is lower than the targeted Go version (1.26.0)
243:  ##[error]golangci-lint exit with code 3
244:  Ran golangci-lint in 110ms
245:  ##[endgroup]
246:  Post job cleanup.
247:  (node:2385) [DEP0040] DeprecationWarning: The `punycode` module is deprecated. Please use a userland alternative instead.
248:  (Use `node --trace-deprecation ...` to show where the warning was created)
249:  [warning] Path Validation Error: Path(s) specified in the action for caching do(es) not exist, hence no cache is being saved.
250:  Post job cleanup.

@osmman @claude
chore: bump golangci-lint to v2.12.2 for Go 1.26 support
40aeb9f 
golangci-lint v2.8.0 was built with go1.25.5 and refuses to run when
go.mod specifies go 1.26.0. v2.12.2 (released 2026-05-06) supports Go 1.26.

Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@osmman osmman osmman approved these changes

Assignees

No one assigned

Labels

dependencies

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@codecov-commenter @osmman