Skip to content

fix(deps): update non-k8s-go-dependencies#251

Open
red-hat-konflux[bot] wants to merge 1 commit into
oadp-1.5from
konflux/mintmaker/oadp-1.5/non-k8s-go-dependencies
Open

fix(deps): update non-k8s-go-dependencies#251
red-hat-konflux[bot] wants to merge 1 commit into
oadp-1.5from
konflux/mintmaker/oadp-1.5/non-k8s-go-dependencies

Conversation

@red-hat-konflux

@red-hat-konflux red-hat-konflux Bot commented May 7, 2026

Copy link
Copy Markdown
Contributor

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package Change Age Confidence Type Update Pending
github.com/emicklei/go-restful/v3 v3.12.2v3.13.0 age confidence indirect minor
github.com/fsnotify/fsnotify v1.9.0v1.10.1 age confidence indirect minor
github.com/fxamacker/cbor/v2 v2.9.0v2.9.2 age confidence indirect patch
github.com/go-openapi/jsonpointer v0.21.1v0.24.0 age confidence indirect minor
github.com/go-openapi/jsonreference v0.21.0v0.21.6 age confidence indirect patch
github.com/go-openapi/swag v0.23.1v0.27.0 age confidence indirect minor
github.com/google/gnostic-models v0.7.0v0.7.1 age confidence indirect patch
github.com/hashicorp/go-hclog v0.14.1v0.16.2 age confidence indirect minor
github.com/hashicorp/go-plugin v1.6.0v1.8.0 age confidence indirect minor
github.com/hashicorp/yamux v0.1.1v0.1.2 age confidence indirect patch
github.com/kubernetes-csi/external-snapshotter/client/v8 v8.2.0v8.6.0 age confidence require minor
github.com/mailru/easyjson v0.9.0v0.9.2 age confidence indirect patch
github.com/mattn/go-colorable v0.1.14v0.1.15 age confidence indirect patch
github.com/mattn/go-isatty v0.0.20v0.0.22 age confidence indirect patch
github.com/mitchellh/go-testing-interface v1.0.0v1.14.1 age confidence indirect minor
github.com/oklog/run v1.0.0v1.2.0 age confidence indirect minor
github.com/onsi/gomega v1.38.2v1.42.1 age confidence require minor
github.com/openshift/api 68ce3d9ef71f94 indirect digest
github.com/openshift/hive/apis 3f49f262ea50dc age confidence require digest
github.com/prometheus/client_golang v1.22.0v1.23.2 age confidence indirect minor
github.com/prometheus/common v0.65.0v0.69.0 age confidence indirect minor
github.com/prometheus/procfs v0.16.1v0.21.0 age confidence indirect minor v0.21.1
github.com/sirupsen/logrus v1.9.3v1.9.4 age confidence require patch
github.com/spf13/cobra v1.9.1v1.10.2 age confidence indirect minor
github.com/spf13/pflag v1.0.7v1.0.10 age confidence indirect patch
github.com/vmware-tanzu/velero v1.14.0v1.18.2 age confidence require minor
go (source) 1.25.81.26.4 age confidence toolchain minor
go.yaml.in/yaml/v2 v2.4.2v2.4.4 age confidence indirect patch
golang.org/x/net v0.52.0v0.56.0 age confidence indirect minor
golang.org/x/oauth2 v0.34.0v0.36.0 age confidence indirect minor
golang.org/x/sync v0.20.0v0.21.0 age confidence indirect minor
golang.org/x/sys v0.42.0v0.46.0 age confidence indirect minor
golang.org/x/term v0.41.0v0.44.0 age confidence indirect minor
golang.org/x/text v0.35.0v0.38.0 age confidence indirect minor
golang.org/x/time v0.11.0v0.15.0 age confidence indirect minor
google.golang.org/grpc v1.79.3v1.81.1 age confidence indirect minor v1.82.0
google.golang.org/protobuf v1.36.10v1.36.11 age confidence indirect patch
gopkg.in/evanphx/json-patch.v4 v4.12.0v4.13.0 age confidence indirect minor

Warning

Some dependencies could not be looked up. Check the warning logs for more information.


Release Notes

emicklei/go-restful (github.com/emicklei/go-restful/v3)

v3.13.0

Compare Source

  • optimize performance of path matching in CurlyRouter ( thanks @​wenhuang, Wen Huang)
fsnotify/fsnotify (github.com/fsnotify/fsnotify)

v1.10.1

Compare Source

Changes and fixes
  • inotify: don't remove sibling watches sharing a path prefix (#​754)

  • inotify, windows: don't rename sibling watches sharing a path prefix
    (#​755)

v1.10.0

Compare Source

This version of fsnotify needs Go 1.23.

Changes and fixes
  • inotify: improve initialization error message (#​731)

  • inotify: send Rename event if recursive watch is renamed (#​696)

  • inotify: avoid copying event buffers when reading names (#​741)

  • kqueue: skip dangling symlinks (ENOENT) in watchDirectoryFiles, so a bad entry no longer aborts Watcher.Add for the whole directory (#​748)

  • kqueue: drop watches directly in Close() to fix a file descriptor leak when recycling watchers (#​740)

  • windows: fix nil pointer dereference in remWatch (#​736)

  • windows: lock watch field updates against concurrent WatchList to fix a race introduced in v1.9.0 (#​709, #​749)

fxamacker/cbor (github.com/fxamacker/cbor/v2)

v2.9.2

Compare Source

This release refactors and hardens the streaming encoder by adding stricter checks for encoding CBOR indefinite-length data. Other changes include minor bugfixes, defensive checks, and more tests.

Projects that don't use CBOR indefinite-length data may also want to upgrade (summary of prior releases).

The stricter checks in the encoder prevent improper use of the library and bad inputs from producing malformed CBOR indefinite-length data that would be rejected by the decoder.

This release passed fuzz tests (billions of execs) and it is production quality.

What's Changed
  • Reject encoding indefinite-length map with odd item count by @​fxamacker in #​764
  • Reject encoding indefinite-length data item as a chunk inside indefinite-length byte string or text string by @​fxamacker in #​765
  • Make TagSet.Remove a no-op when contentType is nil by @​fxamacker in #​766
  • Refactor indefinite-length encoding and improve chunk validation during encoding by @​fxamacker in #​767
  • Add more tests, fix a nit in unreachable panic message, update docs & ci by @​fxamacker in #​768
CI / GitHub Actions and Docs
🔎 Details...

Full Changelog: fxamacker/cbor@v2.9.1...v2.9.2

v2.9.1

Compare Source

This release includes important bugfixes, defensive checks, improved code quality, and more tests. Although not public, the fuzzer was also improved by adding more fuzz tests.

🐞 Bug fixes related to the keyasint feature

These changes only affect Go struct fields tagged with keyasint:

  • [Decoding] Reject integer keys that exceed math.MaxInt64 when decoding CBOR map to a struct with keyasint field (PR #​757)
  • [Decoding] Prevent string representation of an integer key from matching the struct field tagged by keyasint (PR #​757)
  • [Encoding & Decoding] Deduplicate struct fields with the same normalized keyasint tag values (PR #​757)
🐞 Other bug fixes and defensive checks

Some of the bugs fixed are related to decoding extreme values that cannot be encoded with this library. For example, the decoder checks if epoch time encoded as CBOR float value representing hundreds of billions of years overflows int64(seconds).

NOTE: It is generally good practice to avoid using floating point to store epoch time (even when not using CBOR).

  • [Decoding] Reject decoding epoch time encoded as floats that overflow int64 (PR #​753)
  • [Encoding] Return a cloned slice for an empty RawMessage from RawMessage.MarshalCBOR (PR #​753)
  • [Encoding] Reject encoding nil inside indefinite-length strings (PR #​750)
  • [Diagnostic] Accept valid U+FFFD replacement character (PR #​753)
What's Changed
CI / GitHub Actions and Docs
🔎 Details...

New Contributors

Full Changelog: fxamacker/cbor@v2.9.0...v2.9.1

go-openapi/jsonpointer (github.com/go-openapi/jsonpointer)

v0.24.0

Compare Source

0.24.0 - 2026-06-29

Full Changelog: go-openapi/jsonpointer@v0.23.2...v0.24.0

17 commits in this release.


Implemented enhancements
  • feat(jsonname): added new json name provider more respectful of go conventions for JSON (#​195) by @​fredbi ...
Refactor
  • refact: refactored the package into multiple specialized sub-packages by @​fredbi ...
  • refact loading, jsonutils, yamlutils utililities by @​fredbi ...
Documentation
Code quality
Testing
Miscellaneous tasks
  • chore: removed most remaining external dependencies by @​fredbi ...
Updates
  • build(deps): bump the go-openapi-dependencies group across 15 directories with 2 updates by @​dependabot[bot] ...
  • build(deps): bump the go-openapi-dependencies group across 15 directories with 2 updates by @​dependabot[bot] ...
Other (technical)

People who contributed to this release

jsonpointer license terms

License

v0.23.2

Compare Source

0.23.2 - 2026-06-26

Full Changelog: go-openapi/jsonpointer@v0.23.1...v0.23.2

13 commits in this release.


Implemented enhancements
  • feat(ci): added shared workflow for bot-pr monitoring by @​fredbi ...
Documentation
Miscellaneous tasks
Updates

People who contributed to this release

jsonpointer license terms

License

v0.23.1

Compare Source

0.23.1 - 2026-04-18

Full Changelog: go-openapi/jsonpointer@v0.23.0...v0.23.1

5 commits in this release.


Fixed bugs
  • fix(offset): in Offset method, fixed index of value of array element. by @​fredbi in #​128 ...
Documentation
Updates

People who contributed to this release

jsonpointer license terms

License

v0.23.0

Compare Source

0.23.0 - 2026-04-15

Support for known limitations

Full Changelog: go-openapi/jsonpointer@v0.22.5...v0.23.0

16 commits in this release.


Implemented enhancements
Fixed bugs
Documentation
Miscellaneous tasks
Updates

People who contributed to this release

New Contributors

jsonpointer license terms

License

v0.22.5

Compare Source

0.22.5 - 2026-03-02

Full Changelog: go-openapi/jsonpointer@v0.22.4...v0.22.5

15 commits in this release.


Documentation
Code quality
Miscellaneous tasks
Updates

People who contributed to this release

New Contributors

jsonpointer license terms

License

v0.22.4

Compare Source

0.22.4 - 2025-12-06

Full Changelog: go-openapi/jsonpointer@v0.22.3...v0.22.4

1 commits in this release.


Miscellaneous tasks

People who contributed to this release

jsonpointer license terms

License

[v0.22.3](https://r

Note

PR body was truncated to here.


Configuration

📅 Schedule: (UTC)

  • Branch creation
    • At any time (no schedule defined)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.


  • If you want to rebase/retry this PR, check this box

To execute skipped test pipelines write comment /ok-to-test.


Documentation

Find out how to configure dependency updates in MintMaker documentation or see all available configuration options in Renovate documentation.

@red-hat-konflux red-hat-konflux Bot added area/ci-tooling ok-to-test Indicates a non-member PR verified by an org member that is safe to test. labels May 7, 2026
@coderabbitai

coderabbitai Bot commented May 7, 2026

Copy link
Copy Markdown

Important

Review skipped

Auto reviews are disabled on base/target branches other than the default branch.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 166bbffa-a516-4cb5-8e9f-bf509eee9560

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

  • 🔍 Trigger review
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch konflux/mintmaker/oadp-1.5/non-k8s-go-dependencies

Comment @coderabbitai help to get the list of available commands.

@openshift-ci openshift-ci Bot requested review from csrwng and sjenning May 7, 2026 09:16
@openshift-ci

openshift-ci Bot commented May 7, 2026

Copy link
Copy Markdown

Hi @red-hat-konflux[bot]. Thanks for your PR.

I'm waiting for a openshift member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work.

Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@red-hat-konflux red-hat-konflux Bot force-pushed the konflux/mintmaker/oadp-1.5/non-k8s-go-dependencies branch 24 times, most recently from 89f861a to 528bb22 Compare May 14, 2026 01:03
@red-hat-konflux red-hat-konflux Bot force-pushed the konflux/mintmaker/oadp-1.5/non-k8s-go-dependencies branch 26 times, most recently from 0453831 to a1cbd7a Compare May 22, 2026 00:50
@red-hat-konflux

red-hat-konflux Bot commented Jun 30, 2026

Copy link
Copy Markdown
Contributor Author

ℹ️ Artifact update notice

File name: go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

  • 11 additional dependencies were updated

Details:

Package Change
k8s.io/api v0.34.2 -> v0.36.1
k8s.io/apiextensions-apiserver v0.34.2 -> v0.35.1
sigs.k8s.io/controller-runtime v0.20.4 -> v0.22.4
sigs.k8s.io/structured-merge-diff/v6 v6.3.0 -> v6.4.0
google.golang.org/genproto/googleapis/rpc v0.0.0-20251202230838-ff82c1b0f217 -> v0.0.0-20260226221140-a57be14db171
k8s.io/apimachinery v0.34.2 -> v0.36.1
k8s.io/client-go v0.34.2 -> v0.36.1
k8s.io/klog/v2 v2.130.1 -> v2.140.0
k8s.io/kube-openapi v0.0.0-20250710124328-f3f2b991d03b -> v0.0.0-20260317180543-43fb72c5454a
k8s.io/utils v0.0.0-20250604170112-4c0f3b243397 -> v0.0.0-20260210185600-b8788abfbbc2
sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8 -> v0.0.0-20250730193827-2d320260d730

@openshift-ci

openshift-ci Bot commented Jul 1, 2026

Copy link
Copy Markdown

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: red-hat-konflux[bot]
Once this PR has been reviewed and has the lgtm label, please assign kaovilai for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

Signed-off-by: red-hat-konflux <126015336+red-hat-konflux[bot]@users.noreply.github.com>
@openshift-ci

openshift-ci Bot commented Jul 3, 2026

Copy link
Copy Markdown

@red-hat-konflux[bot]: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
ci/prow/images 89f08d7 link true /test images
ci/prow/unit 89f08d7 link true /test unit
ci/prow/verify 89f08d7 link true /test verify
ci/prow/build 89f08d7 link true /test build

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

area/ci-tooling ok-to-test Indicates a non-member PR verified by an org member that is safe to test.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants