Skip to content

fix(deps): update gomod dependencies#251

Open
red-hat-konflux-kflux-prd-rh03[bot] wants to merge 1 commit into
masterfrom
konflux/mintmaker/master/gomod-dependencies
Open

fix(deps): update gomod dependencies#251
red-hat-konflux-kflux-prd-rh03[bot] wants to merge 1 commit into
masterfrom
konflux/mintmaker/master/gomod-dependencies

Conversation

@red-hat-konflux-kflux-prd-rh03

@red-hat-konflux-kflux-prd-rh03 red-hat-konflux-kflux-prd-rh03 Bot commented Jul 3, 2026

Copy link
Copy Markdown
Contributor

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package Change Age Confidence Type Update Pending
github.com/Masterminds/semver/v3 v3.4.0v3.5.0 age confidence indirect minor
github.com/emicklei/go-restful/v3 v3.12.2v3.13.0 age confidence indirect minor
github.com/evanphx/json-patch v4.12.0+incompatiblev4.13.0+incompatible age confidence indirect minor
github.com/fsnotify/fsnotify v1.9.0v1.10.1 age confidence indirect minor
github.com/fxamacker/cbor/v2 v2.9.0v2.9.2 age confidence indirect patch
github.com/go-errors/errors v1.4.2v1.5.1 age confidence indirect minor
github.com/go-openapi/jsonpointer v0.21.0v0.24.0 age confidence indirect minor
github.com/go-openapi/jsonreference v0.20.4v0.21.6 age confidence indirect minor
github.com/go-openapi/swag v0.23.0v0.27.0 age confidence indirect minor
github.com/lib/pq v1.10.5v1.12.3 age confidence indirect minor
github.com/mailru/easyjson v0.7.7v0.9.2 age confidence indirect minor
github.com/moby/spdystream v0.5.0v0.5.1 age confidence indirect patch
github.com/onsi/ginkgo/v2 v2.28.1v2.32.0 age confidence require minor
github.com/onsi/gomega v1.39.0v1.42.1 age confidence require minor
github.com/openshift-online/ocm-api-model/clientapi v0.0.453v0.0.461 age confidence indirect patch
github.com/openshift-online/ocm-api-model/model v0.0.453v0.0.461 age confidence indirect patch
github.com/openshift-online/ocm-sdk-go v0.1.499v0.1.505 age confidence require patch
github.com/openshift/api 41627d8a3d85be require digest
github.com/pelletier/go-toml/v2 v2.0.6v2.4.3 age confidence indirect minor
github.com/prometheus/alertmanager v0.25.1v0.33.1 age confidence require minor
github.com/prometheus/common v0.66.1v0.69.0 age confidence indirect minor
github.com/prometheus/procfs v0.16.1v0.21.1 age confidence indirect minor
github.com/sirupsen/logrus v1.9.3v1.9.4 age confidence require patch
github.com/spf13/afero v1.9.3v1.15.0 age confidence indirect minor
github.com/spf13/cast v1.5.0v1.10.0 age confidence indirect minor
github.com/spf13/cobra v1.10.0v1.10.2 age confidence require patch
github.com/spf13/pflag v1.0.9v1.0.10 age confidence require patch
github.com/spf13/viper v1.15.0v1.21.0 age confidence require minor
github.com/subosito/gotenv v1.4.2v1.6.0 age confidence indirect minor
go.yaml.in/yaml/v2 v2.4.3v2.4.4 age confidence indirect patch
golang.org/x/mod v0.35.0v0.37.0 age confidence indirect minor v0.38.0
golang.org/x/net v0.55.0v0.56.0 age confidence indirect minor v0.57.0
golang.org/x/oauth2 v0.30.0v0.36.0 age confidence indirect minor
golang.org/x/sync v0.20.0v0.22.0 age confidence indirect minor
golang.org/x/sys v0.45.0v0.47.0 age confidence indirect minor
golang.org/x/term v0.43.0v0.44.0 age confidence indirect minor v0.45.0
golang.org/x/text v0.37.0v0.39.0 age confidence indirect minor v0.40.0
golang.org/x/time v0.9.0v0.15.0 age confidence indirect minor
golang.org/x/tools v0.44.0v0.47.0 age confidence indirect minor v0.48.0
gomodules.xyz/jsonpatch/v2 v2.4.0v2.5.0 age confidence indirect minor
google.golang.org/protobuf v1.36.8v1.36.11 age confidence indirect patch
gopkg.in/ini.v1 v1.67.0v1.67.3 age confidence indirect patch
k8s.io/api v0.35.2v0.36.2 age confidence require minor
k8s.io/apiextensions-apiserver v0.35.2v0.36.2 age confidence indirect minor
k8s.io/apimachinery v0.35.2v0.36.2 age confidence require minor
k8s.io/cli-runtime v0.35.2v0.36.2 age confidence indirect minor
k8s.io/client-go v0.35.2v0.36.2 age confidence require minor
k8s.io/component-base v0.35.2v0.36.2 age confidence indirect minor
k8s.io/klog/v2 v2.130.1v2.140.0 age confidence indirect minor
k8s.io/kube-openapi 16be699cdb1db5 age confidence indirect digest
k8s.io/kubectl v0.35.2v0.36.2 age confidence require minor
k8s.io/utils 28399d8cf1189d age confidence indirect digest
sigs.k8s.io/controller-runtime v0.21.0v0.24.1 age confidence require minor
sigs.k8s.io/e2e-framework v0.2.0v0.7.0 age confidence require minor
sigs.k8s.io/kustomize/api v0.20.1v0.21.1 age confidence indirect minor
sigs.k8s.io/kustomize/kyaml v0.20.1v0.21.1 age confidence indirect minor
sigs.k8s.io/structured-merge-diff/v6 v6.3.0v6.4.1 age confidence indirect minor v6.4.2

Release Notes

Masterminds/semver (github.com/Masterminds/semver/v3)

v3.5.0

Compare Source

What's Changed

New Contributors

Full Changelog: Masterminds/semver@v3.4.0...v3.5.0

emicklei/go-restful (github.com/emicklei/go-restful/v3)

v3.13.0

Compare Source

  • optimize performance of path matching in CurlyRouter ( thanks @​wenhuang, Wen Huang)
evanphx/json-patch (github.com/evanphx/json-patch)

v4.13.0+incompatible

Compare Source

fsnotify/fsnotify (github.com/fsnotify/fsnotify)

v1.10.1

Compare Source

Changes and fixes
  • inotify: don't remove sibling watches sharing a path prefix (#​754)

  • inotify, windows: don't rename sibling watches sharing a path prefix
    (#​755)

v1.10.0

Compare Source

This version of fsnotify needs Go 1.23.

Changes and fixes
  • inotify: improve initialization error message (#​731)

  • inotify: send Rename event if recursive watch is renamed (#​696)

  • inotify: avoid copying event buffers when reading names (#​741)

  • kqueue: skip dangling symlinks (ENOENT) in watchDirectoryFiles, so a bad entry no longer aborts Watcher.Add for the whole directory (#​748)

  • kqueue: drop watches directly in Close() to fix a file descriptor leak when recycling watchers (#​740)

  • windows: fix nil pointer dereference in remWatch (#​736)

  • windows: lock watch field updates against concurrent WatchList to fix a race introduced in v1.9.0 (#​709, #​749)

fxamacker/cbor (github.com/fxamacker/cbor/v2)

v2.9.2

Compare Source

This release refactors and hardens the streaming encoder by adding stricter checks for encoding CBOR indefinite-length data. Other changes include minor bugfixes, defensive checks, and more tests.

Projects that don't use CBOR indefinite-length data may also want to upgrade (summary of prior releases).

The stricter checks in the encoder prevent improper use of the library and bad inputs from producing malformed CBOR indefinite-length data that would be rejected by the decoder.

This release passed fuzz tests (billions of execs) and it is production quality.

What's Changed

  • Reject encoding indefinite-length map with odd item count by @​fxamacker in #​764
  • Reject encoding indefinite-length data item as a chunk inside indefinite-length byte string or text string by @​fxamacker in #​765
  • Make TagSet.Remove a no-op when contentType is nil by @​fxamacker in #​766
  • Refactor indefinite-length encoding and improve chunk validation during encoding by @​fxamacker in #​767
  • Add more tests, fix a nit in unreachable panic message, update docs & ci by @​fxamacker in #​768
CI / GitHub Actions and Docs
🔎 Details...

Full Changelog: fxamacker/cbor@v2.9.1...v2.9.2

v2.9.1

Compare Source

This release includes important bugfixes, defensive checks, improved code quality, and more tests. Although not public, the fuzzer was also improved by adding more fuzz tests.

🐞 Bug fixes related to the keyasint feature

These changes only affect Go struct fields tagged with keyasint:

  • [Decoding] Reject integer keys that exceed math.MaxInt64 when decoding CBOR map to a struct with keyasint field (PR #​757)
  • [Decoding] Prevent string representation of an integer key from matching the struct field tagged by keyasint (PR #​757)
  • [Encoding & Decoding] Deduplicate struct fields with the same normalized keyasint tag values (PR #​757)
🐞 Other bug fixes and defensive checks

Some of the bugs fixed are related to decoding extreme values that cannot be encoded with this library. For example, the decoder checks if epoch time encoded as CBOR float value representing hundreds of billions of years overflows int64(seconds).

NOTE: It is generally good practice to avoid using floating point to store epoch time (even when not using CBOR).

  • [Decoding] Reject decoding epoch time encoded as floats that overflow int64 (PR #​753)
  • [Encoding] Return a cloned slice for an empty RawMessage from RawMessage.MarshalCBOR (PR #​753)
  • [Encoding] Reject encoding nil inside indefinite-length strings (PR #​750)
  • [Diagnostic] Accept valid U+FFFD replacement character (PR #​753)

What's Changed

CI / GitHub Actions and Docs
🔎 Details...

New Contributors

Full Changelog: fxamacker/cbor@v2.9.0...v2.9.1

go-errors/errors (github.com/go-errors/errors)

v1.5.1

Compare Source

v1.5.0

Compare Source

go-openapi/jsonpointer (github.com/go-openapi/jsonpointer)

v0.24.0

Compare Source

0.24.0 - 2026-06-29

Full Changelog: go-openapi/jsonpointer@v0.23.2...v0.24.0

17 commits in this release.


Implemented enhancements
  • feat(jsonname): added new json name provider more respectful of go conventions for JSON (#​195) by @​fredbi ...
Refactor
  • refact: refactored the package into multiple specialized sub-packages by @​fredbi ...
  • refact loading, jsonutils, yamlutils utililities by @​fredbi ...
Documentation
Code quality
Testing
Miscellaneous tasks
  • chore: removed most remaining external dependencies by @​fredbi ...
Updates
  • build(deps): bump the go-openapi-dependencies group across 15 directories with 2 updates by @​dependabot[bot] ...
  • build(deps): bump the go-openapi-dependencies group across 15 directories with 2 updates by @​dependabot[bot] ...
Other (technical)

People who contributed to this release

jsonpointer license terms

License

v0.23.2

Compare Source

0.23.2 - 2026-06-26

Full Changelog: go-openapi/jsonpointer@v0.23.1...v0.23.2

13 commits in this release.


Implemented enhancements
  • feat(ci): added shared workflow for bot-pr monitoring by @​fredbi ...
Documentation
Miscellaneous tasks
Updates

People who contributed to this release

jsonpointer license terms

License

v0.23.1

Compare Source

0.23.1 - 2026-04-18

Full Changelog: go-openapi/jsonpointer@v0.23.0...v0.23.1

5 commits in this release.


Fixed bugs
  • fix(offset): in Offset method, fixed index of value of array element. by @​fredbi in #​128 ...
Documentation
Updates

People who contributed to this release

jsonpointer license terms

License

v0.23.0

Compare Source

0.23.0 - 2026-04-15

Support for known limitations

Full Changelog: go-openapi/jsonpointer@v0.22.5...v0.23.0

16 commits in this release.


Implemented enhancements
Fixed bugs
Documentation
Miscellaneous tasks
  • chore: bump go directive to 1.

Note

PR body was truncated to here.


Configuration

📅 Schedule: (in timezone UTC)

  • Branch creation
    • Between 02:00 AM and 04:59 AM, Monday through Friday (* 2-4 * * 1-5)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.


  • If you want to rebase/retry this PR, check this box

To execute skipped test pipelines write comment /ok-to-test.


Documentation

Find out how to configure dependency updates in MintMaker documentation or see all available configuration options in Renovate documentation.

@red-hat-konflux-kflux-prd-rh03 red-hat-konflux-kflux-prd-rh03 Bot added approved Indicates a PR has been approved by an approver from all required OWNERS files. lgtm Indicates that a PR is ready to be merged. labels Jul 3, 2026
@red-hat-konflux-kflux-prd-rh03

red-hat-konflux-kflux-prd-rh03 Bot commented Jul 3, 2026

Copy link
Copy Markdown
Contributor Author

ℹ️ Artifact update notice

File name: go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

  • 1 additional dependency was updated
  • The go directive was updated for compatibility reasons

Details:

Package Change
go 1.25.0 -> 1.26.0
github.com/google/pprof v0.0.0-20260302011040-a15ffb7f9dcc -> v0.0.0-20260402051712-545e8a4df936

@openshift-ci openshift-ci Bot added the needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. label Jul 3, 2026
@openshift-ci

openshift-ci Bot commented Jul 3, 2026

Copy link
Copy Markdown
Contributor

Hi @red-hat-konflux-kflux-prd-rh03[bot]. Thanks for your PR.

I'm waiting for a openshift member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work.

Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@openshift-merge-bot

Copy link
Copy Markdown
Contributor

/retest-required

Remaining retests: 0 against base HEAD 341f099 and 2 for PR HEAD 7a1bd2b in total

@openshift-merge-bot

Copy link
Copy Markdown
Contributor

/retest-required

Remaining retests: 0 against base HEAD f50872a and 1 for PR HEAD 7a1bd2b in total

@openshift-ci

openshift-ci Bot commented Jul 3, 2026

Copy link
Copy Markdown
Contributor

@red-hat-konflux-kflux-prd-rh03[bot]: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
ci/prow/lint 7a1bd2b link true /test lint
ci/prow/coverage 7a1bd2b link true /test coverage
ci/prow/test 7a1bd2b link true /test test
ci/prow/images 7a1bd2b link true /test images

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

@red-hat-konflux-kflux-prd-rh03 red-hat-konflux-kflux-prd-rh03 Bot force-pushed the konflux/mintmaker/master/gomod-dependencies branch from 7a1bd2b to 1e327eb Compare July 6, 2026 04:03
@openshift-ci openshift-ci Bot removed the lgtm Indicates that a PR is ready to be merged. label Jul 6, 2026
@openshift-ci

openshift-ci Bot commented Jul 6, 2026

Copy link
Copy Markdown
Contributor

New changes are detected. LGTM label has been removed.

@red-hat-konflux-kflux-prd-rh03 red-hat-konflux-kflux-prd-rh03 Bot force-pushed the konflux/mintmaker/master/gomod-dependencies branch 3 times, most recently from dd3ff24 to 7f9370e Compare July 9, 2026 04:03
Signed-off-by: red-hat-konflux-kflux-prd-rh03 <206760901+red-hat-konflux-kflux-prd-rh03[bot]@users.noreply.github.com>
@red-hat-konflux-kflux-prd-rh03 red-hat-konflux-kflux-prd-rh03 Bot force-pushed the konflux/mintmaker/master/gomod-dependencies branch from 7f9370e to 9ef580e Compare July 10, 2026 04:03
@openshift-ci

openshift-ci Bot commented Jul 10, 2026

Copy link
Copy Markdown
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

Approval requirements bypassed by manually added approval.

This pull-request has been approved by: red-hat-konflux-kflux-prd-rh03[bot]

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

approved Indicates a PR has been approved by an approver from all required OWNERS files. needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants