chore(deps): update go dependencies

[red-hat-konflux]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Type	Update	Change
chainguard.dev/sdk	require	patch	v0.1.54 → v0.1.55
cloud.google.com/go/iam	indirect	minor	v1.9.0 → v1.11.0
cloud.google.com/go/kms	indirect	minor	v1.29.0 → v1.31.0
cloud.google.com/go/security	require	minor	v1.22.0 → v1.24.0
github.com/AzureAD/microsoft-authentication-library-for-go	indirect	patch	v1.7.1 → v1.7.2
github.com/Masterminds/semver/v3	indirect	minor	v3.3.1 → v3.5.0
github.com/aws/aws-sdk-go	indirect	patch	v1.55.7 → v1.55.8
github.com/aws/aws-sdk-go-v2	indirect	patch	v1.41.6 → v1.41.7
github.com/aws/aws-sdk-go-v2/config	indirect	patch	v1.32.16 → v1.32.17
github.com/aws/aws-sdk-go-v2/credentials	indirect	patch	v1.19.15 → v1.19.16
github.com/aws/aws-sdk-go-v2/feature/ec2/imds	indirect	patch	v1.18.22 → v1.18.23
github.com/aws/aws-sdk-go-v2/internal/configsources	indirect	patch	v1.4.22 → v1.4.23
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2	indirect	patch	v2.7.22 → v2.7.23
github.com/aws/aws-sdk-go-v2/internal/v4a	indirect	patch	v1.4.23 → v1.4.24
github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding	indirect	patch	v1.13.8 → v1.13.9
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url	indirect	patch	v1.13.22 → v1.13.23
github.com/aws/aws-sdk-go-v2/service/kms	indirect	patch	v1.51.0 → v1.51.1
github.com/aws/aws-sdk-go-v2/service/signin	indirect	patch	v1.0.10 → v1.0.11
github.com/aws/aws-sdk-go-v2/service/sso	indirect	patch	v1.30.16 → v1.30.17
github.com/aws/aws-sdk-go-v2/service/ssooidc	indirect	patch	v1.35.20 → v1.35.21
github.com/aws/aws-sdk-go-v2/service/sts	indirect	patch	v1.42.0 → v1.42.1
github.com/aws/smithy-go	indirect	patch	v1.25.0 → v1.25.1
github.com/bmatcuk/doublestar/v4	indirect	minor	v4.9.1 → v4.10.0
github.com/clipperhouse/displaywidth	indirect	minor	v0.10.0 → v0.11.0
github.com/clipperhouse/uax29/v2	indirect	minor	v2.6.0 → v2.7.0
github.com/fatih/color	indirect	minor	v1.18.0 → v1.19.0
github.com/fsnotify/fsnotify	require	minor	v1.9.0 → v1.10.1
github.com/go-jose/go-jose/v3	indirect	major	v3.0.5 → v4.1.4
github.com/go-viper/mapstructure/v2	indirect	minor	v2.4.0 → v2.5.0
github.com/golang-jwt/jwt/v5	indirect	patch	v5.3.0 → v5.3.1
github.com/googleapis/api-linter/v2	indirect	minor	v2.0.0 → v2.3.1
github.com/grpc-ecosystem/go-grpc-middleware	require	major	v1.4.0 → v2.3.3
github.com/grpc-ecosystem/grpc-gateway/v2	indirect	minor	v2.27.3 → v2.29.0
github.com/grpc-ecosystem/grpc-gateway/v2	require	minor	v2.28.0 → v2.29.0
github.com/hashicorp/hcl	indirect	major	v1.0.1-vault-7 → v2.24.0
github.com/letsencrypt/boulder	indirect	minor	v0.20260420.0 → v0.20260512.0
github.com/mattn/go-isatty	indirect	patch	v0.0.20 → v0.0.22
github.com/olekukonko/errors	indirect	minor	v1.2.0 → v1.3.0
github.com/olekukonko/ll	indirect	patch	v0.1.6 → v0.1.8
github.com/pelletier/go-toml/v2	indirect	minor	v2.2.4 → v2.3.1
github.com/sigstore/sigstore	require	patch	v1.10.5 → v1.10.6
github.com/sigstore/sigstore/pkg/signature/kms/aws	require	patch	v1.10.5 → v1.10.6
github.com/sigstore/sigstore/pkg/signature/kms/azure	require	patch	v1.10.5 → v1.10.6
github.com/sigstore/sigstore/pkg/signature/kms/gcp	require	patch	v1.10.5 → v1.10.6
github.com/sigstore/sigstore/pkg/signature/kms/hashivault	require	patch	v1.10.5 → v1.10.6
github.com/tink-crypto/tink-go-awskms/v2	require	major	v2.1.0 → v3.0.0
go.opentelemetry.io/otel/exporters/otlp/otlptrace	indirect	minor	v1.42.0 → v1.43.0
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc	indirect	minor	v1.42.0 → v1.43.0
go.step.sm/crypto	require	minor	v0.77.9 → v0.81.0
go.uber.org/zap	require	minor	v1.27.1 → v1.28.0
go.yaml.in/yaml/v2	indirect	major	v2.4.4 → v3.0.4
goa.design/goa/v3	require	minor	v3.23.4 → v3.26.0
golang.org/x/crypto	indirect	minor	v0.50.0 → v0.51.0
golang.org/x/net	indirect	minor	v0.53.0 → v0.54.0
golang.org/x/sys	indirect	minor	v0.43.0 → v0.44.0
golang.org/x/term	indirect	minor	v0.42.0 → v0.43.0
golang.org/x/text	indirect	minor	v0.36.0 → v0.37.0
google.golang.org/api	require	minor	v0.276.0 → v0.279.0
google.golang.org/genproto	indirect	digest	7cedc36 → 3700d41
google.golang.org/genproto/googleapis/api	indirect	digest	7cedc36 → 3700d41
google.golang.org/genproto/googleapis/api	require	digest	7cedc36 → 3700d41
google.golang.org/genproto/googleapis/rpc	indirect	digest	7cedc36 → 3700d41
google.golang.org/grpc	indirect	minor	v1.80.0 → v1.81.1
google.golang.org/grpc	require	minor	v1.80.0 → v1.81.1
google.golang.org/grpc/cmd/protoc-gen-go-grpc	indirect	patch	v1.6.1 → v1.6.2

---

Warning

Some dependencies could not be looked up. Check the warning logs for more information.

---

Release Notes

chainguard-dev/sdk (chainguard.dev/sdk)

v0.1.55

Compare Source

Full Changelog: chainguard-dev/sdk@v0.1.54...v0.1.55

AzureAD/microsoft-authentication-library-for-go (github.com/AzureAD/microsoft-authentication-library-for-go)

v1.7.2

Compare Source

What's Changed

• Adjust constants used in FMI tests by @​Avery-Dunn in #​608
• Update version to 1.7.1 by @​Avery-Dunn in #​607
• Add MSAL client metadata headers to IMDS managed identity requests by @​Copilot in #​611
• Disable gzip compression #​613 by @​4gust in #​616
• Update version.go by @​4gust in #​617

New Contributors

• @​Copilot made their first contribution in #​611

Full Changelog: AzureAD/microsoft-authentication-library-for-go@v1.7.1...v1.7.2

Masterminds/semver (github.com/Masterminds/semver/v3)

v3.5.0

Compare Source

What's Changed

• Adding more prerelease tests by @​mattfarina in #​273
• Update constraint error messages by @​mattfarina in #​278
• Fix edge cases by @​mattfarina in #​279
• Adding some checks in by @​mattfarina in #​280
• Updating deps by @​mattfarina in #​281
• Bump github/codeql-action from 4.35.1 to 4.35.2 by @​dependabot[bot] in #​282
• Bump actions/cache from 4.2.3 to 5.0.5 by @​dependabot[bot] in #​283
• Bump golangci/golangci-lint-action from 7.0.1 to 9.2.0 by @​dependabot[bot] in #​284
• Updating gitignore for devcontainers by @​mattfarina in #​286
• Fixing some quality issues by @​mattfarina in #​287

New Contributors

• @​dependabot[bot] made their first contribution in #​282

Full Changelog: Masterminds/semver@v3.4.0...v3.5.0

v3.4.0

Compare Source

There are a few changes in this release to highlight:

1. Constraints now has a property IncludePrerelease. When set to true the Check and Validate methods will include prereleases.
2. When an AND group has one constraint with a prerelease but more than one constraint then prereleases will be included. For example, >1.0.0-beta.1 < 2. In the past this would not have included prereleases because each constraint needed to have a prerelease. Now, only one constraint needs to have a prerelease. This is considered a long standing bug fix. Note, this does not carry across OR groups. For example, >1.0.0-beta.1 < 2 || > 3. In this case, prereleases will not be included when evaluating against >3.
3. NewVersion coercion with leading "0"'s is restored. This can be disabled by setting the package level property CoerceNewVersion to false.

What's Changed

• fix the CodeQL link by @​dmitris in #​257
• Restore detailed errors when failed to parse with NewVersion by @​mattfarina in #​262
• updating go version tested with by @​mattfarina in #​263
• Restore the ability to have leading 0's with NewVersion by @​mattfarina in #​266
• Handle pre-releases on all in an and group by @​mattfarina in #​267
• Add property to include prereleases by @​mattfarina in #​268
• Updating the error message handling by @​mattfarina in #​269
• Update the release notes and readme for new version by @​mattfarina in #​270

New Contributors

• @​dmitris made their first contribution in #​257

Full Changelog: Masterminds/semver@v3.3.1...v3.4.0

aws/aws-sdk-go (github.com/aws/aws-sdk-go)

v1.55.8

Compare Source

SDK Features

• Mark the module and all packages as deprecated.
  • This SDK has entered end-of-support.

aws/aws-sdk-go-v2 (github.com/aws/aws-sdk-go-v2)

v1.41.7

Compare Source

Module Highlights

• github.com/aws/aws-sdk-go-v2/service/ecs: v1.41.7
  • Documentation: Documentation only update for Amazon ECS.
• github.com/aws/aws-sdk-go-v2/service/glue: v1.78.0
  • Feature: Adding View related fields to responses of read-only Table APIs.
• github.com/aws/aws-sdk-go-v2/service/ivschat: v1.12.5
  • Documentation: Doc-only update. Changed "Resources" to "Key Concepts" in docs and updated text.
• github.com/aws/aws-sdk-go-v2/service/rolesanywhere: v1.10.0
  • Feature: This release increases the limit on the roleArns request parameter for the *Profile APIs that support it. This parameter can now take up to 250 role ARNs.
• github.com/aws/aws-sdk-go-v2/service/securityhub: v1.47.2
  • Documentation: Documentation updates for AWS Security Hub

aws/smithy-go (github.com/aws/smithy-go)

v1.25.1

Compare Source

General Highlights

• Dependency Update: Updated to the latest SDK module versions

Module Highlights

• github.com/aws/smithy-go: v1.25.1
  • Bug Fix: Fixed a memory leak in the LRU cache implementation used by some AWS services.

bmatcuk/doublestar (github.com/bmatcuk/doublestar/v4)

v4.10.0: Added WithNoHidden option

Compare Source

Added support for a WithNoHidden option to ignore hidden files in patterns that might unintentionally match them. For example, a .config directory would not be matched by * or recursed into by **, but would be matched by .* or recursed by .config/**.

Thanks to @​lukasngl for the initial PR and idea!

What's Changed

• feat: add WithNoHidden option to skip hidden files by @​lukasngl in #​109

New Contributors

• @​lukasngl made their first contribution in #​109

Full Changelog: bmatcuk/doublestar@v4.9.2...v4.10.0

v4.9.2: Fixed Handling of Paths With Meta Chars Using Alts

Compare Source

@​toga4 submitted a PR that fixed a small bug with the way paths were handled when the pattern used {alts}: if some part of the on-disk path that came before the {alt} included meta characters (say, a directory name that included the character ?), these meta characters were not escaped when they were passed back through the globbing routines. This caused doublestar to interpret them as actual meta characters, rather than a fixed-string path as it should have. Nice find, @​toga4 !

What's Changed

• fix: escape meta characters in paths during brace expansion by @​toga4 in #​108

New Contributors

• @​toga4 made their first contribution in #​108

Full Changelog: bmatcuk/doublestar@v4.9.1...v4.9.2

clipperhouse/displaywidth (github.com/clipperhouse/displaywidth)

v0.11.0

Compare Source

clipperhouse/uax29 (github.com/clipperhouse/uax29/v2)

v2.7.0

Compare Source

fatih/color (github.com/fatih/color)

v1.19.0

Compare Source

What's Changed

• Bump golang.org/x/sys from 0.25.0 to 0.28.0 by @​dependabot[bot] in #​246
• Fix for issue #​230 set/unsetwriter symmetric wrt color support detection by @​ataypamart in #​243
• chore: go mod cleanup by @​sashamelentyev in #​244
• Bump golang.org/x/sys from 0.28.0 to 0.30.0 by @​dependabot[bot] in #​249
• Bump github.com/mattn/go-colorable from 0.1.13 to 0.1.14 by @​dependabot[bot] in #​248
• Update CI and go deps by @​fatih in #​254
• Bump golang.org/x/sys from 0.31.0 to 0.37.0 by @​dependabot[bot] in #​268
• fix: include escape codes in byte counts from Fprint, Fprintf by @​qualidafial in #​282
• Bump golang.org/x/sys from 0.37.0 to 0.40.0 by @​dependabot[bot] in #​277
• fix: add nil check for os.Stdout to prevent panic on Windows services by @​majiayu000 in #​275
• Bump dominikh/staticcheck-action from 1.3.1 to 1.4.0 by @​dependabot[bot] in #​259
• Bump actions/checkout from 4 to 6 by @​dependabot[bot] in #​273
• Optimize Color.Equals performance (O(n²) → O(n)) by @​UnSubble in #​269
• Bump actions/setup-go from 5 to 6 by @​dependabot[bot] in #​266

New Contributors

• @​ataypamart made their first contribution in #​243
• @​sashamelentyev made their first contribution in #​244
• @​qualidafial made their first contribution in #​282
• @​majiayu000 made their first contribution in #​275
• @​UnSubble made their first contribution in #​269

Full Changelog: fatih/color@v1.18.0...v1.19.0

fsnotify/fsnotify (github.com/fsnotify/fsnotify)

v1.10.1

Compare Source

Changes and fixes

• inotify: don't remove sibling watches sharing a path prefix (#​754)

• inotify, windows: don't rename sibling watches sharing a path prefix
  (#​755)

v1.10.0

Compare Source

This version of fsnotify needs Go 1.23.

Changes and fixes

• inotify: improve initialization error message (#​731)

• inotify: send Rename event if recursive watch is renamed (#​696)

• inotify: avoid copying event buffers when reading names (#​741)

• kqueue: skip dangling symlinks (ENOENT) in watchDirectoryFiles, so a bad entry no longer aborts Watcher.Add for the whole directory (#​748)

• kqueue: drop watches directly in Close() to fix a file descriptor leak when recycling watchers (#​740)

• windows: fix nil pointer dereference in remWatch (#​736)

• windows: lock watch field updates against concurrent WatchList to fix a race introduced in v1.9.0 (#​709, #​749)

go-jose/go-jose (github.com/go-jose/go-jose/v3)

v4.1.4

Compare Source

What's Changed

Fixes Panic in JWE decryption. See GHSA-78h2-9frx-2jm8

Full Changelog: go-jose/go-jose@v4.1.3...v4.1.4

v4.1.3

Compare Source

This release drops Go 1.23 support as that Go release is no longer supported. With that, we can drop x/crypto and no longer have any external dependencies in go-jose outside of the standard library!

This release fixes a bug where a critical b64 header was ignored if in an unprotected header. It is now rejected instead of ignored.

What's Changed

• Remove Go 1.23 support by @​mcpherrinm in #​205
• Reject JWS with an unprotected critical b64 header by @​mcpherrinm in #​210

Full Changelog: go-jose/go-jose@v4.1.2...v4.1.3

v4.1.2

Compare Source

What's Changed

go-jose v4.1.2 improves some documentation, errors, and removes the only 3rd-party dependency.

• Update go-jose documentation by @​mcpherrinm in #​198
• Remove dependency on testify by @​wardviaene in #​197
• Improve error message for invalid private keys by @​ProjectMutilation in #​195
• JWK unsupported error when unmarshalling by @​fprojetto in #​191
• Add JSONWebKey type to makeJWERecipient by @​alvarolivie in #​200
• testutils/assert: remove True, Nil, NotNil by @​jsha in #​202

New Contributors

• @​wardviaene made their first contribution in #​197
• @​fprojetto made their first contribution in #​191
• @​alvarolivie made their first contribution in #​200

Full Changelog: go-jose/go-jose@v4.1.1...v4.1.2

v4.1.1

Compare Source

What's Changed

• Drop go-cmp dependency by @​mcpherrinm in #​186
• jws: improve performance and allocations for ParseSignedCompact by @​drakkan in #​188
• Add missing quote to unknown curve message #​170 by @​sudhanvaghebbale in #​189
• Fix incorrect validation by @​ProjectMutilation in #​192
• Restore Go 1.23 compatibility by @​anuraaga in #​193

New Contributors

• @​drakkan made their first contribution in #​188
• @​sudhanvaghebbale made their first contribution in #​189
• @​ProjectMutilation made their first contribution in #​192
• @​anuraaga made their first contribution in #​193

Full Changelog: go-jose/go-jose@v4.1.0...v4.1.1

v4.1.0

Compare Source

What's Changed

• Document signatureAlgorithms argument by @​tgeoghegan in #​163
• Add custom error for unsupported JWS signature algorithms by @​beautifulentropy in #​181
• use stdlib pbkdf2 package on go 1.24 by @​kruskall in #​180
• The minimum supported Go version is now 1.24

New Contributors

• @​kruskall made their first contribution in #​180

Full Changelog: go-jose/go-jose@v4.0.5...v4.1.0

v4.0.5

Compare Source

What's Changed

• Don't allow unbounded amounts of splits by @​mcpherrinm in #​167

Fixes GHSA-c6gw-w398-hv78

Various other dependency updates, small fixes, and documentation updates in the full changelog

New Contributors

• @​tgeoghegan made their first contribution in #​161

Full Changelog: go-jose/go-jose@v4.0.4...v4.0.5

v4.0.4: Version 4.0.4

Compare Source

Fixed

• Reverted "Allow unmarshalling JSONWebKeySets with unsupported key types" as a breaking change. See #​136 / #​137.

v4.0.3: Version 4.0.3

Compare Source

Changed

• Allow unmarshalling JSONWebKeySets with unsupported key types (#​130)
• Document that OpaqueKeyEncrypter can't be implemented (for now) (#​129)
• Dependency updates

v4.0.2: Version 4.0.2

Compare Source

What's Changed

• Improved documentation of Verify() to note that JSONWebKeySet is a supported argument type
• Defined exported error values for missing x5c header and unsupported elliptic curves error cases

New Contributors

• @​mitar made their first contribution in #​104
• @​milosgajdos made their first contribution in #​117

Full Changelog: go-jose/go-jose@v4.0.1...v4.0.2

v4.0.1: Version 4.0.1

Compare Source

Fixed

• An attacker could send a JWE containing compressed data that used large
  amounts of memory and CPU when decompressed by Decrypt or DecryptMulti.
  Those functions now return an error if the decompressed data would exceed
  250kB or 10x the compressed size (whichever is larger). Thanks to
  Enze Wang@​Alioth and Jianjun Chen@​Zhongguancun Lab (@​zer0yu and @​chenjj)
  for reporting.

v4.0.0: Version 4.0.0

Compare Source

This release makes some breaking changes in order to more thoroughly address the vulnerabilities discussed in Three New Attacks Against JSON Web Tokens, "Sign/encrypt confusion", "Billion hash attack", and "Polyglot token".

Changed

• Limit JWT encryption types (exclude password or public key types) (#​78)
• Enforce minimum length for HMAC keys (#​85)
• jwt: match any audience in a list, rather than requiring all audiences (#​81)
• jwt: accept only Compact Serialization (#​75)
• jws: Add expected algorithms for signatures (#​74)
• Require specifying expected algorithms for ParseEncrypted,
  ParseSigned, ParseDetached, jwt.ParseEncrypted, jwt.ParseSigned,
  jwt.ParseSignedAndEncrypted (#​69, #​74)
  • Usually there is a small, known set of appropriate algorithms for a program to use and it's a mistake to allow unexpected algorithms. For instance the "billion hash attack" relies in part on programs accepting the PBES2 encryption algorithm and doing the necessary work even if they weren't specifically configured to allow PBES2.
• Revert "Strip padding off base64 strings" (#​82)
• The specs require base64url encoding without padding.
• Minimum supported Go version is now 1.21

Added

• ParseSignedCompact, ParseSignedJSON, ParseEncryptedCompact, ParseEncryptedJSON.
  • These allow parsing a specific serialization, as opposed to ParseSigned and ParseEncrypted, which try to automatically detect which serialization was provided. It's common to require a specific serialization for a specific protocol - for instance JWT requires Compact serialization.

go-viper/mapstructure (github.com/go-viper/mapstructure/v2)

v2.5.0

Compare Source

What's Changed

• Print qualified type name when ErrorUnused=true causes errors for unused keys in embedded fields by @​jmacd in #​113
• build(deps): bump github/codeql-action from 3.29.2 to 3.29.5 by @​dependabot[bot] in #​126
• build(deps): bump github/codeql-action from 3.29.7 to 3.29.10 by @​dependabot[bot] in #​131
• build(deps): bump actions/checkout from 4.2.2 to 5.0.0 by @​dependabot[bot] in #​129
• feat: support for automatically initializing squashed pointer structs by @​tuunit in #​71
• build(deps): bump actions/setup-go from 5.5.0 to 6.0.0 by @​dependabot[bot] in #​134
• build(deps): bump ossf/scorecard-action from 2.4.2 to 2.4.3 by @​dependabot[bot] in #​142
• Fix slice deep map (owned) by @​jphastings in #​144
• chore: fix lint violations by @​sagikazarmark in #​157
• chore: switch to devenv by @​sagikazarmark in #​158
• build(deps): bump actions/upload-artifact from 4.6.2 to 5.0.0 by @​dependabot[bot] in #​151
• build(deps): bump github/codeql-action from 3.29.10 to 4.31.2 by @​dependabot[bot] in #​153
• build(deps): bump golangci/golangci-lint-action from 8.0.0 to 9.0.0 by @​dependabot[bot] in #​154
• build(deps): bump actions/checkout from 5.0.0 to 6.0.1 by @​dependabot[bot] in #​160
• build(deps): bump actions/setup-go from 6.0.0 to 6.1.0 by @​dependabot[bot] in #​159
• build(deps): bump github/codeql-action from 4.31.7 to 4.31.8 by @​dependabot[bot] in #​162
• build(deps): bump actions/upload-artifact from 5.0.0 to 6.0.0 by @​dependabot[bot] in #​161
• build(deps): bump github/codeql-action from 4.31.8 to 4.31.9 by @​dependabot[bot] in #​163
• feature: Add map field name to convert structs dynamically instead of individually with a tag. by @​thespags in #​149
• feat(decoder): support multiple tag names in order by @​DarkiT in #​59
• feat: optional root object name by @​andreev-fn in #​137
• Add unmarshaler interface by @​sagikazarmark in #​166

New Contributors

• @​jmacd made their first contribution in #​113
• @​tuunit made their first contribution in #​71
• @​jphastings made their first contribution in #​144
• @​thespags made their first contribution in #​149
• @​DarkiT made their first contribution in #​59
• @​andreev-fn made their first contribution in #​137

Full Changelog: go-viper/mapstructure@v2.4.0...v2.5.0

golang-jwt/jwt (github.com/golang-jwt/jwt/v5)

v5.3.1

Compare Source

What's Changed

🔐 Features

• Add spellcheck Github action to catch common spelling mistakes by @​equalsgibson in #​458
• Add WithNotBeforeRequired parser option and add test coverage by @​equalsgibson in #​456
• Update godoc example func to properly refer to NewWithClaims() by @​equalsgibson in #​459
• Update github workflows by @​mfridman in #​462
• Additional test for CustomClaims that validates unmarshalling behaviour by @​equalsgibson in #​457
• Fix early file close in jwt cli by @​mfridman in #​472
• Add TPM signature reference by @​salrashid123 in #​473
• Remove misleading ParserOptions documentation in #​484
• Save signature to Token struct after successful signing by @​EgorSheff in #​417
• Set token.Signature in ParseUnverified by @​slickwilli in #​414

👒 Dependencies

• Bump crate-ci/typos from 1.34.0 to 1.35.3 by @​dependabot[bot] in #​461
• Bump crate-ci/typos from 1.35.4 to 1.36.2 by @​dependabot[bot] in #​470
• Bump github/codeql-action from 3 to 4 by @​dependabot[bot] in #​478
• Bump crate-ci/typos from 1.36.2 to 1.39.0 by @​dependabot[bot] in #​480
• Bump golangci/golangci-lint-action from 8 to 9 by @​dependabot[bot] in #​481
• Bump actions/setup-go from 5 to 6 by @​dependabot[bot] in #​469
• Bump crate-ci/typos from 1.39.0 to 1.40.0 by @​dependabot[bot] in #​488
• Bump actions/checkout from 5 to 6 by @​dependabot[bot] in #​487
• Bump crate-ci/typos from 1.40.0 to 1.41.0 by @​dependabot[bot] in #​490
• Bump crate-ci/typos from 1.41.0 to 1.42.1 by @​dependabot[bot] in #​492

New Contributors

• @​equalsgibson made their first contribution in #​458
• @​salrashid123 made their first contribution in #​473
• @​EgorSheff made their first contribution in #​417
• @​slickwilli made their first contribution in #​414

Full Changelog: golang-jwt/jwt@v5.3.0...v5.3.1

googleapis/api-linter (github.com/googleapis/api-linter/v2)

v2.3.1

Compare Source

Bug Fixes

• AIP-191: amend logic java_outer_classname for edition >= 2024 (#​1613) (dc57c9d)
• AIP-191: skip java_multiple_files for edition >= 2024 (#​1608) (75338d8)

v2.3.0

Compare Source

Features

• cli: add support for linting descriptor sets only via --skip-compilation (#​1600) (d33d4a7)

v2.2.0

Compare Source

Features

• API-140: Add Rust super-reserved identifiers (#​1591) (d9d7d7e)

Bug Fixes

• AIP-123: ignore proto2 optional name (#​1590) (d89b3f6)
• AIP-136: allow Expunge to use http delete (#​1584) (95f20bd)
• AIP-143: ignore standard code names for resources (#​1596) (a89f537)
• AIP-192: limit spaces matched for header detection (#​1593) (dc2e75b)

v2.1.0

Compare Source

Features

• AIP-133: add type check for required fields (#​1580) (2969fca)

Bug Fixes

• AIP-134: check word boundaries in synonyms rule (#​1564) (f10744f)
• AIP-123: prevent panic in getParentIDVariable with single-variable patterns (#​1565) (a09770e)
• AIP-133: avoid returning an error when return type is a message (#​1578) (3222ce4)
• AIP-136: Allow SetIamPolicy method (#​1559) (7afac03)
• AIP-216: avoid linting state-like fields in response message (#​1582) (1760e49)
• lint: allow deprecation rule on deprecated descriptor (#​1570) (f89a1b8)
• make Batch naming resource plural aware (#​1573) (c820a1c)

Documentation

• AIP-133: remove declarative-friendly requirement from spec (#​1581) (6a388a4)
• AIP-158: clarify response plural first docs (#​1571) (98a8702)
• fix missing "-" on disable rule command and config command (#​1557) (28f0707)

grpc-ecosystem/go-grpc-middleware (github.com/grpc-ecosystem/go-grpc-middleware)

v2.3.3

Compare Source

What's Changed

• add WithLabelsFromContext prometheus interceptor option by @​benjibuiltit in #​758
• fix: correct comment typo in StreamServerInterceptor function by @​haru-256 in #​760
• Minor refactor to remove duplication by @​nwnt in #​761
• chore: migrate golangci-lint to v2.3.0 by @​mmorel-35 in #​765
• chore: enable misspell linter with golangci-lint by @​mmorel-35 in #​768
• chore: enable errorlint by [@​mm

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

To execute skipped test pipelines write comment /ok-to-test.

---

Documentation

Find out how to configure dependency updates in MintMaker documentation or see all available configuration options in Renovate documentation.

[red-hat-konflux]

ℹ️ Artifact update notice

File name: go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

• 1 additional dependency was updated
• The go directive was updated for compatibility reasons

Details:

Package	Change
go	1.25.9 -> 1.26.0
github.com/aws/aws-sdk-go-v2/config	v1.32.16 -> v1.32.17

File name: hack/tools/go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

• 1 additional dependency was updated

Details:

Package	Change
github.com/bmatcuk/doublestar/v4	v4.9.1 -> v4.10.0

[petrpinkas]

/retest

[red-hat-konflux]

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: go.sum

Command failed: go mod tidy
go: downloading github.com/tink-crypto/tink-go-awskms/v3 v3.0.0
go: downloading go.uber.org/goleak v1.3.0
go: downloading github.com/go-rod/rod v0.116.2
go: downloading gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c
go: downloading github.com/klauspost/compress v1.18.5
go: downloading github.com/frankban/quicktest v1.14.6
go: downloading go.opentelemetry.io/otel/sdk/metric v1.43.0
go: downloading github.com/Azure/azure-sdk-for-go/sdk/azidentity/cache v0.3.2
go: downloading github.com/go-test/deep v1.1.1
go: downloading github.com/hashicorp/go-hclog v1.6.3
go: downloading github.com/ysmood/goob v0.4.0
go: downloading github.com/ysmood/got v0.40.0
go: downloading github.com/ysmood/gson v0.7.3
go: downloading github.com/ysmood/fetchup v0.2.3
go: downloading github.com/ysmood/leakless v0.9.0
go: downloading github.com/kr/pretty v0.3.1
go: downloading github.com/AzureAD/microsoft-authentication-extensions-for-go/cache v0.1.1
go: downloading github.com/fatih/color v1.18.0
go: downloading github.com/mattn/go-colorable v0.1.14
go: downloading github.com/mattn/go-isatty v0.0.20
go: downloading github.com/jmhodges/clock v1.2.0
go: downloading github.com/kr/text v0.2.0
go: downloading github.com/rogpeppe/go-internal v1.14.1
go: downloading gonum.org/v1/gonum v0.17.0
go: downloading github.com/envoyproxy/go-control-plane/envoy v1.37.0
go: downloading github.com/keybase/go-keychain v0.0.1
go: downloading github.com/envoyproxy/go-control-plane v0.14.0
go: downloading github.com/envoyproxy/protoc-gen-validate v1.3.3
go: downloading github.com/cncf/xds/go v0.0.0-20260202195803-dba9d589def2
go: downloading github.com/planetscale/vtprotobuf v0.6.1-0.20240319094008-0393e58bdf10
go: finding module for package github.com/grpc-ecosystem/go-grpc-middleware/v2/logging/zap
go: finding module for package github.com/grpc-ecosystem/go-grpc-middleware/v2/recovery
go: finding module for package github.com/grpc-ecosystem/go-grpc-middleware/v2/retry
go: finding module for package github.com/grpc-ecosystem/go-grpc-middleware/v2/logging/zap/ctxzap
go: github.com/sigstore/fulcio/cmd/app imports
	github.com/grpc-ecosystem/go-grpc-middleware/v2/logging/zap: module github.com/grpc-ecosystem/go-grpc-middleware/v2@latest found (v2.3.3), but does not contain package github.com/grpc-ecosystem/go-grpc-middleware/v2/logging/zap
go: github.com/sigstore/fulcio/cmd/app imports
	github.com/grpc-ecosystem/go-grpc-middleware/v2/recovery: module github.com/grpc-ecosystem/go-grpc-middleware/v2@latest found (v2.3.3), but does not contain package github.com/grpc-ecosystem/go-grpc-middleware/v2/recovery
go: github.com/sigstore/fulcio/cmd/app imports
	github.com/grpc-ecosystem/go-grpc-middleware/v2/retry: module github.com/grpc-ecosystem/go-grpc-middleware/v2@latest found (v2.3.3), but does not contain package github.com/grpc-ecosystem/go-grpc-middleware/v2/retry
go: github.com/sigstore/fulcio/pkg/log imports
	github.com/grpc-ecosystem/go-grpc-middleware/v2/logging/zap/ctxzap: module github.com/grpc-ecosystem/go-grpc-middleware/v2@latest found (v2.3.3), but does not contain package github.com/grpc-ecosystem/go-grpc-middleware/v2/logging/zap/ctxzap