fix(deps): update module github.com/go-openapi/strfmt to v0.25.0

[renovate-sh-app]

This PR contains the following updates:

Package	Change	Age	Confidence
github.com/go-openapi/strfmt	v0.23.0 → v0.25.0

---

Release Notes

go-openapi/strfmt (github.com/go-openapi/strfmt)

v0.25.0

Compare Source

v0.24.0

Compare Source

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

Need help?

You can ask for more help in the following Slack channel: #proj-renovate-self-hosted. In that channel you can also find ADR and FAQ docs in the Resources section.

[renovate-sh-app]

ℹ Artifact update notice

File name: go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

• 8 additional dependencies were updated

Details:

Package	Change
golang.org/x/net	v0.44.0 -> v0.46.0
github.com/go-openapi/errors	v0.22.2 -> v0.22.4
go.mongodb.org/mongo-driver	v1.14.0 -> v1.17.6
golang.org/x/crypto	v0.42.0 -> v0.43.0
golang.org/x/mod	v0.27.0 -> v0.28.0
golang.org/x/sys	v0.36.0 -> v0.37.0
golang.org/x/text	v0.29.0 -> v0.30.0
golang.org/x/tools	v0.36.0 -> v0.37.0

File name: testing/alerting-gen/go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

• 13 additional dependencies were updated

Details:

Package	Change
github.com/stretchr/testify	v1.10.0 -> v1.11.1
github.com/go-openapi/analysis	v0.23.0 -> v0.24.1
github.com/go-openapi/errors	v0.22.2 -> v0.22.4
github.com/go-openapi/jsonpointer	v0.21.0 -> v0.22.1
github.com/go-openapi/jsonreference	v0.21.0 -> v0.21.3
github.com/go-openapi/loads	v0.22.0 -> v0.23.2
github.com/go-openapi/spec	v0.21.0 -> v0.22.1
go.mongodb.org/mongo-driver	v1.14.0 -> v1.17.6
go.opentelemetry.io/auto/sdk	v1.1.0 -> v1.2.1
go.opentelemetry.io/otel	v1.37.0 -> v1.38.0
go.opentelemetry.io/otel/metric	v1.37.0 -> v1.38.0
go.opentelemetry.io/otel/trace	v1.37.0 -> v1.38.0
golang.org/x/sync	v0.17.0 -> v0.18.0

[renovate-sh-app]

ℹ️ Artifact update notice

File name: go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

• 8 additional dependencies were updated

Details:

Package	Change
golang.org/x/net	v0.44.0 -> v0.46.0
github.com/go-openapi/errors	v0.22.2 -> v0.22.4
go.mongodb.org/mongo-driver	v1.14.0 -> v1.17.6
golang.org/x/crypto	v0.42.0 -> v0.43.0
golang.org/x/mod	v0.27.0 -> v0.28.0
golang.org/x/sys	v0.36.0 -> v0.37.0
golang.org/x/text	v0.29.0 -> v0.30.0
golang.org/x/tools	v0.36.0 -> v0.37.0

File name: testing/alerting-gen/go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

• 2 additional dependencies were updated

Details:

Package	Change
github.com/go-openapi/errors	v0.22.2 -> v0.22.4
go.mongodb.org/mongo-driver	v1.14.0 -> v1.17.6

[cursor]

DateTime omitempty may stop working

Medium Severity

Bumping github.com/go-openapi/strfmt to v0.25.0 can change strfmt.DateTime zero/IsZero semantics, which encoding/json may use for omitempty. This risks IntegrationStatus.LastNotifyAttempt being serialized when unset (e.g., as Unix epoch) instead of being omitted, altering the /receivers API output.

 

[cursor]

Bugbot Autofix prepared fixes for 1 of the 1 bugs found in the latest run.

• ✅ Fixed: DateTime omitempty may stop working
  • Changed LastNotifyAttempt from strfmt.DateTime to *strfmt.DateTime so that nil values are properly omitted by omitempty when no notification attempt has been made.

Or push these changes by commenting:

@cursor push ba641dbd2d

Preview (ba641dbd2d)

diff --git a/models/receivers.go b/models/receivers.go
--- a/models/receivers.go
+++ b/models/receivers.go
@@ -20,7 +20,7 @@
 type IntegrationStatus struct {
 	// A timestamp indicating the last attempt to deliver a notification regardless of the outcome.
 	// Format: date-time
-	LastNotifyAttempt strfmt.DateTime `json:"lastNotifyAttempt,omitempty"`
+	LastNotifyAttempt *strfmt.DateTime `json:"lastNotifyAttempt,omitempty"`
 
 	// Duration of the last attempt to deliver a notification in humanized format (`1s` or `15ms`, etc).
 	LastNotifyAttemptDuration string `json:"lastNotifyAttemptDuration,omitempty"`

diff --git a/notify/grafana_alertmanager.go b/notify/grafana_alertmanager.go
--- a/notify/grafana_alertmanager.go
+++ b/notify/grafana_alertmanager.go
@@ -426,10 +426,15 @@
 		integrations := make([]models.IntegrationStatus, 0, len(rcv.Integrations()))
 		for _, integration := range rcv.Integrations() {
 			ts, d, err := integration.GetReport()
+			var lastNotifyAttempt *strfmt.DateTime
+			if !ts.IsZero() {
+				dt := strfmt.DateTime(ts)
+				lastNotifyAttempt = &dt
+			}
 			integrations = append(integrations, models.IntegrationStatus{
 				Name:                      integration.Name(),
 				SendResolved:              integration.SendResolved(),
-				LastNotifyAttempt:         strfmt.DateTime(ts),
+				LastNotifyAttempt:         lastNotifyAttempt,
 				LastNotifyAttemptDuration: d.String(),
 				LastNotifyAttemptError: func() string {
 					if err != nil {

diff --git a/notify/test_receivers.go b/notify/test_receivers.go
--- a/notify/test_receivers.go
+++ b/notify/test_receivers.go
@@ -48,8 +48,9 @@
 	}
 	now := time.Now()
 	err = TestNotifier(ctx, nf[0], newTestAlert(&testAlert, now, now), now)
+	dt := strfmt.DateTime(now)
 	result := models.IntegrationStatus{
-		LastNotifyAttempt:         strfmt.DateTime(now),
+		LastNotifyAttempt:         &dt,
 		LastNotifyAttemptDuration: model.Duration(time.Since(now)).String(),
 		Name:                      nf[0].Name(),
 		SendResolved:              nf[0].SendResolved(),

[cursor]

Cursor Bugbot has reviewed your changes and found 1 potential issue.

^{Bugbot Autofix is ON. A cloud agent has been kicked off to fix the reported issue.}

[cursor]

Deprecated module added as indirect dependency

Low Severity

The update introduces golang.org/x/tools/godoc v0.1.0-deprecated as a new indirect dependency. This module's -deprecated version suffix signals it has been officially marked deprecated and superseded by golang.org/x/pkgsite/cmd/pkgsite. A documentation tool like godoc has no expected role in an alerting library's dependency graph, and its presence is unexplained — it does not appear in the testing/alerting-gen submodule despite that module also using strfmt v0.25.0, suggesting an unintended transitive pull from one of the other updated packages (e.g., go.mongodb.org/mongo-driver v1.17.6). This could trigger dependency-scanning or supply-chain security policy violations in CI.

 

[cursor]

Bugbot Autofix determined this is a false positive.

golang.org/x/tools/godoc is reintroduced by go mod tidy because transitive tests in github.com/shurcooL/httpfs (pulled via github.com/prometheus/alertmanager/asset) still import golang.org/x/tools/godoc/vfs/*, so it cannot be cleanly removed without larger dependency pinning hacks.