Skip to content

chore(deps): update go dependencies#219

Open
red-hat-konflux[bot] wants to merge 1 commit into
mainfrom
konflux/mintmaker/main/go-deps
Open

chore(deps): update go dependencies#219
red-hat-konflux[bot] wants to merge 1 commit into
mainfrom
konflux/mintmaker/main/go-deps

Conversation

@red-hat-konflux
Copy link
Copy Markdown
Contributor

@red-hat-konflux red-hat-konflux Bot commented May 5, 2026
edited
Loading

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package Type Update Change
github.com/Masterminds/semver/v3 indirect minor v3.4.0v3.5.0
github.com/docker/cli indirect minor v29.4.0+incompatiblev29.5.0+incompatible
github.com/docker/docker-credential-helpers indirect patch v0.9.6v0.9.7
github.com/fsnotify/fsnotify indirect minor v1.9.0v1.10.1
github.com/fxamacker/cbor/v2 indirect patch v2.9.0v2.9.2
github.com/google/pprof indirect digest 545e8a492041b7
github.com/klauspost/compress indirect patch v1.18.5v1.18.6
github.com/onsi/ginkgo/v2 require minor v2.27.2v2.29.0
github.com/onsi/gomega require minor v1.38.2v1.41.0
github.com/sigstore/sigstore indirect patch v1.10.5v1.10.6
github.com/theupdateframework/go-tuf/v2 require minor v2.3.0v2.4.1
github.com/vbatts/tar-split indirect patch v0.12.2v0.12.3
go.uber.org/zap indirect minor v1.27.1v1.28.0
go.yaml.in/yaml/v2 indirect major v2.4.3v3.0.4
golang.org/x/crypto indirect minor v0.50.0v0.51.0
golang.org/x/mod indirect minor v0.35.0v0.36.0
golang.org/x/net indirect minor v0.53.0v0.54.0
golang.org/x/sys indirect minor v0.43.0v0.44.0
golang.org/x/term indirect minor v0.42.0v0.43.0
golang.org/x/text indirect minor v0.36.0v0.37.0
golang.org/x/tools indirect minor v0.44.0v0.45.0
gomodules.xyz/jsonpatch/v2 indirect major v2.4.0v3.0.1
google.golang.org/genproto/googleapis/api indirect digest e10c4663700d41
gopkg.in/evanphx/json-patch.v4 indirect major v4.13.0v5.9.11
k8s.io/api require minor v0.35.4v0.36.1
k8s.io/apiextensions-apiserver indirect minor v0.35.4v0.36.1
k8s.io/apimachinery require minor v0.35.4v0.36.1
k8s.io/client-go require minor v0.35.4v0.36.1
k8s.io/kube-openapi indirect digest ec9c827ef417d0
k8s.io/utils require digest 28399d8ff6756f
sigs.k8s.io/controller-runtime require minor v0.23.3v0.24.1
sigs.k8s.io/structured-merge-diff/v6 indirect minor v6.3.3-0.20260414175839-d56620e25cf0v6.4.0

Warning

Some dependencies could not be looked up. Check the warning logs for more information.

Release Notes

Masterminds/semver (github.com/Masterminds/semver/v3)

v3.5.0

Compare Source

What's Changed

New Contributors

Full Changelog: Masterminds/semver@v3.4.0...v3.5.0

docker/cli (github.com/docker/cli)

v29.5.0+incompatible

Compare Source

v29.4.3+incompatible

Compare Source

v29.4.2+incompatible

Compare Source

v29.4.1+incompatible

Compare Source

docker/docker-credential-helpers (github.com/docker/docker-credential-helpers)

v0.9.7

Compare Source

What's Changed

  • update to go1.26.3
  • ci: update zizmore action to v1.7.1

Full Changelog: docker/docker-credential-helpers@v0.9.6...v0.9.7

fsnotify/fsnotify (github.com/fsnotify/fsnotify)

v1.10.1

Compare Source

Changes and fixes

  • inotify: don't remove sibling watches sharing a path prefix (#​754)

  • inotify, windows: don't rename sibling watches sharing a path prefix
    (#​755)

v1.10.0

Compare Source

This version of fsnotify needs Go 1.23.

Changes and fixes

  • inotify: improve initialization error message (#​731)

  • inotify: send Rename event if recursive watch is renamed (#​696)

  • inotify: avoid copying event buffers when reading names (#​741)

  • kqueue: skip dangling symlinks (ENOENT) in watchDirectoryFiles, so a bad entry no longer aborts Watcher.Add for the whole directory (#​748)

  • kqueue: drop watches directly in Close() to fix a file descriptor leak when recycling watchers (#​740)

  • windows: fix nil pointer dereference in remWatch (#​736)

  • windows: lock watch field updates against concurrent WatchList to fix a race introduced in v1.9.0 (#​709, #​749)

fxamacker/cbor (github.com/fxamacker/cbor/v2)

v2.9.2

Compare Source

This release refactors and hardens the streaming encoder by adding stricter checks for encoding CBOR indefinite-length data. Other changes include minor bugfixes, defensive checks, and more tests.

Projects that don't use CBOR indefinite-length data may also want to upgrade (summary of prior releases).

The stricter checks in the encoder prevent improper use of the library and bad inputs from producing malformed CBOR indefinite-length data that would be rejected by the decoder.

This release passed fuzz tests (billions of execs) and it is production quality.

What's Changed
  • Reject encoding indefinite-length map with odd item count by @​fxamacker in #​764
  • Reject encoding indefinite-length data item as a chunk inside indefinite-length byte string or text string by @​fxamacker in #​765
  • Make TagSet.Remove a no-op when contentType is nil by @​fxamacker in #​766
  • Refactor indefinite-length encoding and improve chunk validation during encoding by @​fxamacker in #​767
  • Add more tests, fix a nit in unreachable panic message, update docs & ci by @​fxamacker in #​768
CI / GitHub Actions and Docs
🔎 Details...

Full Changelog: fxamacker/cbor@v2.9.1...v2.9.2

v2.9.1

Compare Source

This release includes important bugfixes, defensive checks, improved code quality, and more tests. Although not public, the fuzzer was also improved by adding more fuzz tests.

🐞 Bug fixes related to the keyasint feature

These changes only affect Go struct fields tagged with keyasint:

  • [Decoding] Reject integer keys that exceed math.MaxInt64 when decoding CBOR map to a struct with keyasint field (PR #​757)
  • [Decoding] Prevent string representation of an integer key from matching the struct field tagged by keyasint (PR #​757)
  • [Encoding & Decoding] Deduplicate struct fields with the same normalized keyasint tag values (PR #​757)
🐞 Other bug fixes and defensive checks

Some of the bugs fixed are related to decoding extreme values that cannot be encoded with this library. For example, the decoder checks if epoch time encoded as CBOR float value representing hundreds of billions of years overflows int64(seconds).

NOTE: It is generally good practice to avoid using floating point to store epoch time (even when not using CBOR).

  • [Decoding] Reject decoding epoch time encoded as floats that overflow int64 (PR #​753)
  • [Encoding] Return a cloned slice for an empty RawMessage from RawMessage.MarshalCBOR (PR #​753)
  • [Encoding] Reject encoding nil inside indefinite-length strings (PR #​750)
  • [Diagnostic] Accept valid U+FFFD replacement character (PR #​753)
What's Changed
CI / GitHub Actions and Docs
🔎 Details...

New Contributors

Full Changelog: fxamacker/cbor@v2.9.0...v2.9.1

klauspost/compress (github.com/klauspost/compress)

v1.18.6

Compare Source

What's Changed

New Contributors

Full Changelog: klauspost/compress@v1.18.5...v1.18.6

onsi/ginkgo (github.com/onsi/ginkgo/v2)

v2.29.0

Compare Source

2.29.0

GinkgoHelperGo makes it easier to write test helpers that need to run in goroutines. Specifically, it makes managing the failure state and capturing failure panics correctly straightforward.

ginkgo outline now includes entries defined in DescribeTableSubtree

v2.28.3

Compare Source

2.28.3
Maintenance

Bump all dependencies

v2.28.2

Compare Source

2.28.2

  • Add ArtifactDir() to support Go 1.26 testing.TB interface [f3a36b6]
  • Implement shell completion [94151c8]
  • Add asan CLI option mirroring msan implementation [4d21dbb]
  • Bump uri from 1.0.3 to 1.0.4 in /docs (#​1630) [c102161]
  • fix aspect ratio [9619647]
  • update logos [5779304]

v2.28.1

Compare Source

2.28.1

Update all dependencies. This auto-updated the required version of Go to 1.24, consistent with the fact that Go 1.23 has been out of support for almost six months.

v2.28.0

Compare Source

2.28.0

Ginkgo's SemVer filter now supports filtering multiple components by SemVer version:

It("should work in a specific version range (1.0.0, 2.0.0) and third-party dependency redis in [8.0.0, ~)", SemVerConstraint(">= 3.2.0"), ComponentSemVerConstraint("redis", ">= 8.0.0") func() {
    // This test will only run when version is between 1.0.0 (exclusive) and 2.0.0 (exclusive) and redis version is >= 8.0.0
})

can be filtered in or out with an invocation like:

ginkgo --sem-ver-filter="2.1.1, redis=8.2.0"

Huge thanks to @​Icarus9913 for working on this!

v2.27.5

Compare Source

2.27.5

Fixes

Don't make a new formatter for each GinkgoT(); that's just silly and uses precious memory

v2.27.4

Compare Source

2.27.4

Fixes
  • CurrentTreeConstructionNodeReport: fix for nested container nodes [59bc751]

v2.27.3

Compare Source

2.27.3

Fixes

report exit result in case of failure [1c9f356]
fix data race [ece19c8]

onsi/gomega (github.com/onsi/gomega)

v1.41.0

Compare Source

v1.40.0

Compare Source

1.40.0

We're adopting a new release strategy to minimize dependency bloat in projects that consume Gomega. It is a limitation of the go mod toolchain that test subdependencies of your project's direct dependencies get pulled in as indirect dependencies. In the case of Gomega, this ends up pulling in all of Ginkgo into your go.mod even if you are only using Gomega (Gomega uses Ginkgo for its own tests).

Going forward, releases will strip out all tests, tidy up the go.mod and then push this stripped down version to a new master-lite branch. These stripped-down versions will receive the vx.y.z git tag and will be picked up by the go toolchain.

Please open an issue if this new release process causes unexpected changes for your projects.

v1.39.1

Compare Source

1.39.1

Update all dependencies. This auto-updated the required version of Go to 1.24, consistent with the fact that Go 1.23 has been out of support for almost six months.

v1.39.0

Compare Source

1.39.0

Features

Add MatchErrorStrictly which only passes if errors.Is(actual, expected) returns true. MatchError, by contrast, will fallback to string comparison.

v1.38.3

Compare Source

1.38.3

Fixes

make string formatitng more consistent for users who use format.Object directly

sigstore/sigstore (github.com/sigstore/sigstore)

v1.10.6

Compare Source

What's Changed

Full Changelog: sigstore/sigstore@v1.10.5...v1.10.6

theupdateframework/go-tuf (github.com/theupdateframework/go-tuf/v2)

v2.4.1

Compare Source

What's Changed

Full Changelog: theupdateframework/go-tuf@v2.4.0...v2.4.1

v2.4.0

Compare Source

What's Changed

Full Changelog: theupdateframework/go-tuf@v2.3.1...v2.4.0

v2.3.1

Compare Source

What's Changed

Full Changelog: theupdateframework/go-tuf@v2.3.0...v2.3.1

vbatts/tar-split (github.com/vbatts/tar-split)

v0.12.3

Compare Source

image

What's Changed

New Contributors

Full Changelog: vbatts/tar-split@v0.12.2...v0.12.3

uber-go/zap (go.uber.org/zap)

v1.28.0

Compare Source

Enhancements:

  • #​1534: Add zapcore.CheckPreWriteHook and CheckedEntry.Before method for transforming entries before they are written to any Cores.
yaml/go-yaml (go.yaml.in/yaml/v2)

v3.0.4

Compare Source

v3.0.3

Compare Source

v3.0.2

Compare Source

v3.0.1

Compare Source

v3.0.0

Compare Source

v2.4.4

Compare Source

gomodules/jsonpatch (gomodules.xyz/jsonpatch/v2)

v3.0.1

Compare Source

This release uses our forked gomodules/orderedmap library. Our forked version has 2 major changes:

  • Uses *OrderedMap instead of OrderedMap inside nested orderedmaps.
  • I ported unstructured helpers from Kubernetes to work with orderedmaps.

v3.0.0

Compare Source

This release uses iancoleman/orderedmap to generate predictable patch. This is very useful if the generated patch is checked into a VCS like git.

v2.5.0

Compare Source

What's Changed

New Contributors

Full Changelog: gomodules/jsonpatch@v2.4.0...v2.5.0

evanphx/json-patch (gopkg.in/evanphx/json-patch.v4)

v5.9.11

Compare Source

What's Changed

Full Changelog: evanphx/json-patch@v5.9.10...v5.9.11

v5.9.10

Compare Source

What's Changed

New Contributors

Full Changelog: evanphx/json-patch@v5.9.0...v5.9.10

v5.9.0

Compare Source

What's Changed

Full Changelog: evanphx/json-patch@v5.8.1...v5.9.0

v5.8.1: Fix API breakage

Compare Source

This PR fixes Operation containing a reference to internal/json and breaking the ability to manually compose one. This restores that ability using a type alias.

Full Changelog: evanphx/json-patch@v5.8.0...v5.8.1

v5.8.0: Blargh Phixs and Empathyprovements

Compare Source

This release fixes a few stray panics, addresses large number accuracy, and improves performance!

What's Changed

Full Changelog: evanphx/json-patch@v5.7.0...v5.8.0

v5.7.0: The 2023 Release

Compare Source

What's Changed

New Contributors

Full Changelog: evanphx/json-patch@v5.6.0...v5.7.0

v5.6.0: Bug fixes

Compare Source

What's Changed

New Contributors

Full Changelog: evanphx/json-patch@v5.5.0...v5.6.0

v5.5.0: Better null handling

Compare Source

This incorporates a few fixes related to how nulls are handles in array's and objects.

v5.3.0: Fix zero sized document crash

Compare Source

This fixes a crash bug where submitted an empty slice as the document would panic.

v5.2.0

Compare Source

v5.1.0

Compare Source

v5.0.0: Proper Go modules release

Compare Source

This release has a proper /v5 directory, unlike the previous releases that did not have a /v4 dir. Thanks to @​BenTheElder for getting this sorted out!

kubernetes/api (k8s.io/api)

v0.36.1

Compare Source

v0.36.0

Compare Source

v0.35.5

Compare Source

kubernetes/apiextensions-apiserver (k8s.io/apiextensions-apiserver)

v0.36.1

Compare Source

v0.36.0

Compare Source

v0.35.5

Compare Source

kubernetes/apimachinery (k8s.io/apimachinery)

v0.36.1

Compare Source

v0.36.0

Compare Source

v0.35.5

Compare Source

kubernetes/client-go (k8s.io/client-go)

v0.36.1

Compare Source

v0.36.0

Compare Source

v0.35.5

Compare Source

kubernetes-sigs/controller-runtime (sigs.k8s.io/controller-runtime)

v0.24.1

Compare Source

What's Changed

Full Changelog: kubernetes-sigs/controller-runtime@v0.24.0...v0.24.1

v0.24.0

Compare Source

⚠️ Breaking Changes

🐛 Bug Fixes

  • Cache: Fix IndexField blocking until informer is synced (#​3445)
  • Cache: Wait for cache sync when ReaderFailOnMissingInformer is true (#​3425)
  • Client: Update typed ApplyConfigurations with server response (#​3475)
  • Fakeclient: Fix SSA status patch resource version check (#​3443)
  • Fakeclient: Fix panic when using CRs with embedded pointer structs (#​3431)
  • Fakeclient: Fix status apply if existing object has managedFields set (#​3430)
  • Fakeclient: Retry GenerateName on AlreadyExists collisions (#​3498)
  • HTTP servers: Wire up base context into http servers (#​3452)

🌱 Others

  • Builder/Webhooks: Remove deprecated custom path function (#​3465)
  • Cache: Test cache reader waits for cache sync (#​3434)
  • Certwatcher: Deflake certwatcher tests (#​3457)
  • Dependencies: Use forked version of btree (#​3449)
  • Envtest: Ensure envtest stops the whole process group (#​3447)
  • Logging: Add missing space in zap-log-level flag description (#​3492)
  • Misc: Adopt new(x) over ptr.To(x) and re-enable newexpr lint (#​3489)
  • Owners: Cleanup (#​3453)
  • Recorder: Add logger into context for structured logging (#​3454)
  • Recorder: Switch to StartLogging for event debug logs (#​3451)
  • Scheme: Deprecate the scheme builder (#​3461)
  • Source/Kind: Improve logging for dynamic type kind source (#​3494)
  • Webhooks: Reduce memory usage of default webhooks (#​3463 #​3468)

🌱 CI & linters

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

To execute skipped test pipelines write comment /ok-to-test.

Documentation

Find out how to configure dependency updates in MintMaker documentation or see all available configuration options in Renovate documentation.

@red-hat-konflux
Copy link
Copy Markdown
Contributor Author

red-hat-konflux Bot commented May 5, 2026
edited
Loading

ℹ️ Artifact update notice

File name: go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

  • The go directive was updated for compatibility reasons

Details:

Package Change
go 1.25.7 -> 1.26.0

@red-hat-konflux red-hat-konflux Bot force-pushed the konflux/mintmaker/main/go-deps branch 5 times, most recently from 334d09c to 641a712 Compare May 7, 2026 11:12
@codecov-commenter
Copy link
Copy Markdown

codecov-commenter commented May 7, 2026
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 18.33%. Comparing base (8f0f772) to head (744494b).
⚠️ Report is 2 commits behind head on main.

Additional details and impacted files 
@@           Coverage Diff           @@
##             main     #219   +/-   ##
=======================================
  Coverage   18.33%   18.33%           
=======================================
  Files           3        3           
  Lines          60       60           
=======================================
  Hits           11       11           
  Misses         49       49
Flag Coverage Δ
unit 18.33% <ø> (?)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@red-hat-konflux red-hat-konflux Bot force-pushed the konflux/mintmaker/main/go-deps branch 19 times, most recently from fde352a to a42be49 Compare May 13, 2026 02:56
@red-hat-konflux red-hat-konflux Bot changed the title chore(deps): update go dependencies chore(deps): update go dependencies - autoclosed May 15, 2026
@red-hat-konflux red-hat-konflux Bot closed this May 15, 2026
@red-hat-konflux red-hat-konflux Bot deleted the konflux/mintmaker/main/go-deps branch May 15, 2026 10:42
@red-hat-konflux red-hat-konflux Bot changed the title chore(deps): update go dependencies - autoclosed chore(deps): update go dependencies May 15, 2026
@red-hat-konflux red-hat-konflux Bot reopened this May 15, 2026
@red-hat-konflux red-hat-konflux Bot force-pushed the konflux/mintmaker/main/go-deps branch 8 times, most recently from d7c9416 to 111db50 Compare May 18, 2026 02:39
@red-hat-konflux
chore(deps): update go dependencies
744494b 
Signed-off-by: red-hat-konflux <126015336+red-hat-konflux[bot]@users.noreply.github.com>
@red-hat-konflux red-hat-konflux Bot force-pushed the konflux/mintmaker/main/go-deps branch from 111db50 to 744494b Compare May 18, 2026 11:24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@codecov-commenter