chore(deps): update go dependencies

[red-hat-konflux]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Type	Update	Change
cloud.google.com/go/pubsub	require	major	v1.50.2 → v2.6.0
cloud.google.com/go/pubsub/v2	require	minor	v2.5.1 → v2.6.0
cloud.google.com/go/storage	indirect	patch	v1.62.0 → v1.62.1
github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp	indirect	minor	v1.31.0 → v1.32.0
github.com/cenkalti/backoff/v4	indirect	major	v4.3.0 → v5.0.3
github.com/fxamacker/cbor/v2	indirect	patch	v2.9.0 → v2.9.2
github.com/go-chi/chi/v5	require	patch	v5.2.3 → v5.2.5
github.com/golang-jwt/jwt/v5	indirect	patch	v5.3.0 → v5.3.1
github.com/grpc-ecosystem/go-grpc-middleware	require	major	v1.4.0 → v2.3.3
github.com/hashicorp/hcl	indirect	major	v1.0.1-vault-7 → v2.24.0
github.com/pelletier/go-toml/v2	indirect	minor	v2.2.4 → v2.3.1
github.com/redis/go-redis/v9	require	minor	v9.14.1 → v9.19.0
github.com/sassoftware/relic/v7	require	major	v7.6.2 → v8.2.0
github.com/theupdateframework/go-tuf	require	major	v0.7.0 → v2.4.1
github.com/tink-crypto/tink-go-awskms/v2	require	major	v2.1.0 → v3.0.0
go.opentelemetry.io/contrib/detectors/gcp	indirect	minor	v1.42.0 → v1.43.0
go.uber.org/zap	require	minor	v1.27.1 → v1.28.0
go.yaml.in/yaml/v2	indirect	major	v2.4.3 → v3.0.4
google.golang.org/api	require	minor	v0.278.0 → v0.279.0
gopkg.in/ini.v1	require	patch	v1.67.0 → v1.67.2
gopkg.in/yaml.v2	indirect	major	v2.4.0 → v3.0.1
gopkg.in/yaml.v2	require	major	v2.4.0 → v3.0.1

---

Warning

Some dependencies could not be looked up. Check the warning logs for more information.

---

Release Notes

cenkalti/backoff (github.com/cenkalti/backoff/v4)

v5.0.3

Compare Source

v5.0.2

Compare Source

v5.0.1

Compare Source

v5.0.0

Compare Source

fxamacker/cbor (github.com/fxamacker/cbor/v2)

v2.9.2

Compare Source

This release refactors and hardens the streaming encoder by adding stricter checks for encoding CBOR indefinite-length data. Other changes include minor bugfixes, defensive checks, and more tests.

Projects that don't use CBOR indefinite-length data may also want to upgrade (summary of prior releases).

The stricter checks in the encoder prevent improper use of the library and bad inputs from producing malformed CBOR indefinite-length data that would be rejected by the decoder.

This release passed fuzz tests (billions of execs) and it is production quality.

What's Changed

• Reject encoding indefinite-length map with odd item count by @​fxamacker in #​764
• Reject encoding indefinite-length data item as a chunk inside indefinite-length byte string or text string by @​fxamacker in #​765
• Make TagSet.Remove a no-op when contentType is nil by @​fxamacker in #​766
• Refactor indefinite-length encoding and improve chunk validation during encoding by @​fxamacker in #​767
• Add more tests, fix a nit in unreachable panic message, update docs & ci by @​fxamacker in #​768

CI / GitHub Actions and Docs

🔎 Details...

• Bump actions/setup-go from 6.3.0 to 6.4.0 by @​dependabot[bot] in #​760
• Bump github/codeql-action from 4.34.1 to 4.35.1 by @​dependabot[bot] in #​761
• Bump github/codeql-action from 4.35.1 to 4.35.2 by @​dependabot[bot] in #​763
• Update README for v2.9.2 release by @​fxamacker in #​769

Full Changelog: fxamacker/cbor@v2.9.1...v2.9.2

v2.9.1

Compare Source

This release includes important bugfixes, defensive checks, improved code quality, and more tests. Although not public, the fuzzer was also improved by adding more fuzz tests.

🐞 Bug fixes related to the keyasint feature

These changes only affect Go struct fields tagged with keyasint:

• [Decoding] Reject integer keys that exceed math.MaxInt64 when decoding CBOR map to a struct with keyasint field (PR #​757)
• [Decoding] Prevent string representation of an integer key from matching the struct field tagged by keyasint (PR #​757)
• [Encoding & Decoding] Deduplicate struct fields with the same normalized keyasint tag values (PR #​757)

🐞 Other bug fixes and defensive checks

Some of the bugs fixed are related to decoding extreme values that cannot be encoded with this library. For example, the decoder checks if epoch time encoded as CBOR float value representing hundreds of billions of years overflows int64(seconds).

NOTE: It is generally good practice to avoid using floating point to store epoch time (even when not using CBOR).

• [Decoding] Reject decoding epoch time encoded as floats that overflow int64 (PR #​753)
• [Encoding] Return a cloned slice for an empty RawMessage from RawMessage.MarshalCBOR (PR #​753)
• [Encoding] Reject encoding nil inside indefinite-length strings (PR #​750)
• [Diagnostic] Accept valid U+FFFD replacement character (PR #​753)

What's Changed

• 🆕 Add TimeMode encoding option TimeRFC3339NanoUTC by @​fxamacker in #​688
• Use actual negative zero in tests by @​makew0rld in #​708
• Reject encoding nil inside CBOR indefinite-length string by @​fxamacker in #​750
• Refactor and add tests by @​fxamacker in #​752
• Small bugfixes, defensive checks, and improvements by @​fxamacker in #​753
• Refactor parseMapToStruct(), getDecodingStructType(), getEncodingStructType(), and field struct by @​fxamacker in #​754
• Fix several issues related to keyasint tag option by @​fxamacker in #​757

CI / GitHub Actions and Docs

🔎 Details...

• Bump github/codeql-action from 3.29.2 to 3.29.4 by @​dependabot[bot] in #​690
• Bump github/codeql-action from 3.29.4 to 3.29.5 by @​dependabot[bot] in #​691
• Bump actions/checkout from 4.2.2 to 5.0.0 by @​dependabot[bot] in #​696
• Bump github/codeql-action from 3.29.7 to 3.29.9 by @​dependabot[bot] in #​697
• Bump github/codeql-action from 3.29.9 to 3.29.11 by @​dependabot[bot] in #​700
• Bump github/codeql-action from 3.29.11 to 3.30.0 by @​dependabot[bot] in #​702
• Bump actions/setup-go from 5.5.0 to 6.0.0 by @​dependabot[bot] in #​703
• Bump github/codeql-action from 3.30.0 to 3.30.3 by @​dependabot[bot] in #​706
• Bump github/codeql-action from 3.30.3 to 3.30.4 by @​dependabot[bot] in #​710
• Bump github/codeql-action from 3.30.4 to 3.30.6 by @​dependabot[bot] in #​712
• Bump github/codeql-action from 3.30.6 to 4.30.7 by @​dependabot[bot] in #​713
• Bump github/codeql-action from 4.30.7 to 4.30.8 by @​dependabot[bot] in #​716
• Bump github/codeql-action from 4.30.8 to 4.30.9 by @​dependabot[bot] in #​718
• Bump github/codeql-action from 4.30.9 to 4.31.2 by @​dependabot[bot] in #​720
• Bump github/codeql-action from 4.31.2 to 4.31.3 by @​dependabot[bot] in #​721
• Bump github/codeql-action from 4.31.3 to 4.31.4 by @​dependabot[bot] in #​724
• Bump actions/setup-go from 6.0.0 to 6.1.0 by @​dependabot[bot] in #​725
• Bump actions/checkout from 5.0.0 to 6.0.0 by @​dependabot[bot] in #​726
• Bump github/codeql-action from 4.31.4 to 4.31.5 by @​dependabot[bot] in #​727
• Bump github/codeql-action from 4.31.5 to 4.31.6 by @​dependabot[bot] in #​728
• Bump actions/checkout from 6.0.0 to 6.0.1 by @​dependabot[bot] in #​729
• Bump github/codeql-action from 4.31.6 to 4.31.8 by @​dependabot[bot] in #​732
• Bump github/codeql-action from 4.31.8 to 4.31.9 by @​dependabot[bot] in #​733
• Bump github/codeql-action from 4.31.9 to 4.31.10 by @​dependabot[bot] in #​738
• Bump actions/setup-go from 6.1.0 to 6.2.0 by @​dependabot[bot] in #​739
• Bump actions/checkout from 6.0.1 to 6.0.2 by @​dependabot[bot] in #​740
• Bump github/codeql-action from 4.31.10 to 4.32.0 by @​dependabot[bot] in #​742
• Bump github/codeql-action from 4.32.0 to 4.32.3 by @​dependabot[bot] in #​745
• Bump actions/setup-go from 6.2.0 to 6.3.0 by @​dependabot[bot] in #​746
• Bump github/codeql-action from 4.32.3 to 4.32.4 by @​dependabot[bot] in #​747
• Bump github/codeql-action from 4.32.4 to 4.32.6 by @​dependabot[bot] in #​748
• Bump github/codeql-action from 4.32.6 to 4.34.0 by @​dependabot[bot] in #​749
• Bump github/codeql-action from 4.34.0 to 4.34.1 by @​dependabot[bot] in #​751
• Update README status section by @​fxamacker in #​758

New Contributors

• @​makew0rld made their first contributihttps://github.com/fxamacker/cbor/pull/708ll/708

Full Changelog: fxamacker/cbor@v2.9.0...v2.9.1

go-chi/chi (github.com/go-chi/chi/v5)

v5.2.5

Compare Source

What's Changed

• Bump minimum Go to 1.22 and use new features by @​JRaspass in #​1017
• Refactor graceful shutdown example by @​mikereid1 in #​994
• Refactor to use atomic type by @​cuiweixie in #​1019
• update reverseMethodMap in RegisterMethod by @​cixel in #​1022
• Update comment about min Go version by @​JRaspass in #​1023
• middleware: harden RedirectSlashes handler by @​pkieltyka in #​1044
• Fix(middleware): Prevent double handler invocation in RouteHeaders with empty router by @​mahanadh in #​1045

New Contributors

• @​mikereid1 made their first contribution in #​994
• @​cuiweixie made their first contribution in #​1019
• @​cixel made their first contribution in #​1022
• @​mahanadh made their first contribution in #​1045

Full Changelog: go-chi/chi@v5.2.3...v5.2.5

v5.2.4

Compare Source

golang-jwt/jwt (github.com/golang-jwt/jwt/v5)

v5.3.1

Compare Source

What's Changed

🔐 Features

• Add spellcheck Github action to catch common spelling mistakes by @​equalsgibson in #​458
• Add WithNotBeforeRequired parser option and add test coverage by @​equalsgibson in #​456
• Update godoc example func to properly refer to NewWithClaims() by @​equalsgibson in #​459
• Update github workflows by @​mfridman in #​462
• Additional test for CustomClaims that validates unmarshalling behaviour by @​equalsgibson in #​457
• Fix early file close in jwt cli by @​mfridman in #​472
• Add TPM signature reference by @​salrashid123 in #​473
• Remove misleading ParserOptions documentation in #​484
• Save signature to Token struct after successful signing by @​EgorSheff in #​417
• Set token.Signature in ParseUnverified by @​slickwilli in #​414

👒 Dependencies

• Bump crate-ci/typos from 1.34.0 to 1.35.3 by @​dependabot[bot] in #​461
• Bump crate-ci/typos from 1.35.4 to 1.36.2 by @​dependabot[bot] in #​470
• Bump github/codeql-action from 3 to 4 by @​dependabot[bot] in #​478
• Bump crate-ci/typos from 1.36.2 to 1.39.0 by @​dependabot[bot] in #​480
• Bump golangci/golangci-lint-action from 8 to 9 by @​dependabot[bot] in #​481
• Bump actions/setup-go from 5 to 6 by @​dependabot[bot] in #​469
• Bump crate-ci/typos from 1.39.0 to 1.40.0 by @​dependabot[bot] in #​488
• Bump actions/checkout from 5 to 6 by @​dependabot[bot] in #​487
• Bump crate-ci/typos from 1.40.0 to 1.41.0 by @​dependabot[bot] in #​490
• Bump crate-ci/typos from 1.41.0 to 1.42.1 by @​dependabot[bot] in #​492

New Contributors

• @​equalsgibson made their first contribution in #​458
• @​salrashid123 made their first contribution in #​473
• @​EgorSheff made their first contribution in #​417
• @​slickwilli made their first contribution in #​414

Full Changelog: golang-jwt/jwt@v5.3.0...v5.3.1

grpc-ecosystem/go-grpc-middleware (github.com/grpc-ecosystem/go-grpc-middleware)

v2.3.3

Compare Source

What's Changed

• add WithLabelsFromContext prometheus interceptor option by @​benjibuiltit in #​758
• fix: correct comment typo in StreamServerInterceptor function by @​haru-256 in #​760
• Minor refactor to remove duplication by @​nwnt in #​761
• chore: migrate golangci-lint to v2.3.0 by @​mmorel-35 in #​765
• chore: enable misspell linter with golangci-lint by @​mmorel-35 in #​768
• chore: enable errorlint by @​mmorel-35 in #​774
• chore: update buf to v1.55.1 by @​mmorel-35 in #​767
• chore: update dependabot configuration for gomod and github-actions by @​mmorel-35 in #​775
• chore: enable testifylint linter by @​mmorel-35 in #​769
• chore: enable several rules from go-critic by @​mmorel-35 in #​766
• chore: enable several rules from govet by @​mmorel-35 in #​773
• chore: enable contextcheck and fatcontext linters by @​mmorel-35 in #​770
• chore: enable usestdlibvars linter by @​mmorel-35 in #​772
• chore: enable promlinter linter by @​mmorel-35 in #​771
• chore: enable usetesting linter by @​mmorel-35 in #​784
• build(deps): bump google.golang.org/grpc from 1.67.1 to 1.74.2 by @​mmorel-35 in #​785
• chore: enable hugeParam rule from go-critic by @​mmorel-35 in #​786
• chore: use actions/setup-go native cache by @​mmorel-35 in #​787
• fix(#​794): Wrapping codes.OK should not cause panic by @​floppyzedolfin in #​795
• feat(prometheus): add ContextLabels to ClientMetrics by @​ArtARTs36 in #​798
• fix(ci): tidy module before linting by @​manute in #​808
• [Prometheus] Fix pre-registration of handled metrics with context labels by @​t-bowcock in #​810
• avoid unnecessary logging field creation when payload logging is disabled by @​dbeneker in #​809

New Contributors

• @​benjibuiltit made their first contribution in #​758
• @​haru-256 made their first contribution in #​760
• @​nwnt made their first contribution in #​761
• @​mmorel-35 made their first contribution in #​765
• @​floppyzedolfin made their first contribution in #​795
• @​ArtARTs36 made their first contribution in #​798
• @​manute made their first contribution in #​808
• @​t-bowcock made their first contribution in #​810
• @​dbeneker made their first contribution in #​809

Full Changelog: grpc-ecosystem/go-grpc-middleware@v2.3.2...v2.3.3

v2.3.2

Compare Source

What's Changed

• chore: fix some typos by @​dockercui in #​755
• update module for protovalidate by @​calmh in #​757

New Contributors

• @​dockercui made their first contribution in #​755
• @​calmh made their first contribution in #​757

Full Changelog: grpc-ecosystem/go-grpc-middleware@v2.3.1...v2.3.2

v2.3.1

Compare Source

What's Changed

• Return uint64 from exponentBase2 function by @​fesiqueira in #​753
• add build tag to disable tracing by @​rashmi-tondare in #​754

New Contributors

• @​fesiqueira made their first contribution in #​753
• @​rashmi-tondare made their first contribution in #​754

Full Changelog: grpc-ecosystem/go-grpc-middleware@v2.3.0...v2.3.1

v2.3.0

Compare Source

What's Changed

• logging: add AddFields by @​kindermoumoute in #​739
• logging: store the propagated context in the reporter by @​kindermoumoute in #​740
• Add skip_healthchecks logging example by @​bkane-msft in #​742
• grpc_retry backoff overflow by @​JacobSMoller in #​747
• defer cancel() leaks memory by @​JacobSMoller in #​748
• protovalidate: support new protovalidate-go Validator interface by @​zchee in #​746

New Contributors

• @​bkane-msft made their first contribution in #​742
• @​JacobSMoller made their first contribution in #​747
• @​zchee made their first contribution in #​746

Full Changelog: grpc-ecosystem/go-grpc-middleware@v2.2.0...v2.3.0

v2.2.0

Compare Source

What's Changed

• Call retry callback on retry by @​fredr in #​700
• interceptors: Update logging interceptor Reporter to re-extract fields from context before logging by @​chancez in #​702
• logging: Document correct WithFieldsFromContext/WithFieldsFromContextAndCallMeta usage by @​chancez in #​703
• Include error details in protovalidate responses by @​akshayjshah in #​714
• protovalidate: avoid pointer comparisons by @​akshayjshah in #​715
• Support for namespace in grpc prometheus counter and histogram metrics by @​hyungi in #​718
• Protovalidate interceptor cleanup, Go version bump by @​ash2k in #​721
• Use ValueFromIncomingContext() to reduce allocations and copying by @​ash2k in #​723
• Update examples to the latest otelgrpc API by @​nmittler in #​729
• Fix grpc middleware interceptor not PostCall-ing when a streaming RPC with non-streaming server finishes successfully. by @​alexandrupitis1 in #​725
• x-retry-attempt to StreamClientInterceptor by @​Boklazhenko in #​733
• logging: add WithErrorFields by @​kindermoumoute in #​734
• example: use slog instead of go-kit by @​kindermoumoute in #​735

New Contributors

• @​fredr made their first contribution in #​700
• @​marefr made their first contribution in #​706
• @​akshayjshah made their first contribution in #​714
• @​hyungi made their first contribution in #​718
• @​nmittler made their first contribution in #​729
• @​alexandrupitis1 made their first contribution in #​725
• @​Boklazhenko made their first contribution in #​733
• @​kindermoumoute made their first contribution in #​734

Full Changelog: grpc-ecosystem/go-grpc-middleware@v2.1.0...v2.2.0

v2.1.0

Compare Source

What's Changed

• Support for subsystem in grpc prometheus counter and histogram metrics by @​rohsaini in #​643
• doc: update client interceptors chaining example with grpc functions by @​dethi in #​669
• adds fields from durationFieldFunc to request/response log entries by @​vroldanbet in #​670
• add doc for disabling log opts by @​coleenquadros in #​680
• Middleware for determining the real ip of the client by @​MadsRC in #​682
• protovalidate: add option to ignore certain message types by @​igor-tsiglyar in #​684
• Update README.md by @​zeroboo in #​688
• Fix InitializeMetrics signature to allow use with xds.GRPCServer by @​bozaro in #​689
• Support retriable func condition by @​tamayika in #​687
• Extend realip parsing of GRPC peer address to handle IPv6 by @​surik in #​692
• Fix logging Example : log only first field by @​arckadious in #​694
• Extent realip interceptors with ip selection based on proxy count and list by @​surik in #​695
• Fix for vulnerability CVE-2023-44487 by @​vkaushik in #​696

New Contributors

• @​rohsaini made their first contribution in #​643
• @​dethi made their first contribution in #​669
• @​vroldanbet made their first contribution in #​670
• @​MadsRC made their first contribution in #​682
• @​igor-tsiglyar made their first contribution in #​684
• @​zeroboo made their first contribution in #​688
• @​bozaro made their first contribution in #​689
• @​tamayika made their first contribution in #​687
• @​surik made their first contribution in #​692
• @​arckadious made their first contribution in #​694
• @​vkaushik made their first contribution in #​696

Full Changelog: grpc-ecosystem/go-grpc-middleware@v2.0.1...v2.1.0

v2.0.1

Compare Source

What's Changed

• Fix outdated 'make proto' command by @​takp in #​623
• Fix linting errors by @​takp in #​624
• Logging: Add missing variadic operator for fields by @​olivierlemasle in #​629
• feat: Support extracting fields from CallMeta by @​fsaintjacques in #​628
• Fix "make test" and "make lint" by @​olivierlemasle in #​627
• Do not set timeout for stream initialization by @​DavyJohnes in #​645
• Add logging option to disable fields in log entry by @​coleenquadros in #​631
• Update logging adapter docs by @​aboryslawski in #​647

New Contributors

• @​takp made their first contribution in #​623
• @​olivierlemasle made their first contribution in #​629
• @​fsaintjacques made their first contribution in #​628
• @​DavyJohnes made their first contribution in #​645
• @​coleenquadros made their first contribution in #​631
• @​aboryslawski made their first contribution in #​647

Full Changelog: grpc-ecosystem/go-grpc-middleware@v2.0.0...v2.0.1

v2.0.0

Compare Source

This is the first stable release of the new v2 release branch 🎉

Many of the interceptors have been rewritten from scratch and the project has been upgraded to use the Go Protobuf v2 API.

See the project README for details and migration guide. Thanks to all contributors who made this possible! 💪🏽

What's Changed

• Initial change for v2. by @​bwplotka in #​276
• Updated README with note that it's under development. by @​bwplotka in #​278
• Fix typo in field extractor (splices -> slices) (#​287) by @​bvwells in #​289
• Moved imports to v2; Moved to Go 1.14.2 by @​bwplotka in #​290
• Formatted code; Added goimports to Makefile, Renamed pb_testproto to testpb. by @​bwplotka in #​291
• Fixed providers go modules, examples and consistency. by @​bwplotka in #​292
• added example for AuthFuncOverride v2 branch by @​tegk in #​294
• Added some description of the Makefile in the contributing.md by @​yashrsharma44 in #​298
• v2: Add support for the zerolog logging provider by @​irridia in #​299
• proto: fix gogoproto import by @​johanbrandhorst in #​302
• Retry dial and connection errors for grpc stream. by @​kartlee in #​308
• Moved to GH actions; Added lint; Added issue/PR templates. by @​bwplotka in #​296
• inline localhost certificate into go file by @​bmon in #​318
• Update streaming interceptor example by @​G07cha in #​322
• Do not stop retrying based on earlier good message from the stream by @​kartlee in #​323
• test certs - cherry-pick PR325 on v2 by @​dmitris in #​331
• add all make target, reword instructions by @​dmitris in #​335
• remove 1.12.x from build config for consistency with master by @​dmitris in #​337
• [v2] Fix the special case for jaeger format traceid extraction by @​nvx in #​340
• [v2] Fix ctxtags TagBasedRequestFieldExtractor extracting from fields in a oneof by @​nvx in #​339
• Request Logging by @​yashrsharma44 in #​311
• Bug fix for data race by @​yashrsharma44 in #​354
• make ratelimit interface context aware by @​xinxiao in #​367
• Add error param to the decider method of logging middleware by @​yashrsharma44 in #​372
• [v2] Add skip interceptor by @​XSAM in #​364
• Chain middleware by @​drewwells in #​385
• Update travis ci badget to Github actions badge. by @​drewwells in #​384
• Upgraded proto related deps: grpc and protobuf; removed gogo from core. by @​bwplotka in #​321
• improve v2 rate-limiter by @​MalloZup in #​380
• Moved to buf; Added buf lint; Fixed ping service to match standards; … by @​bwplotka in #​383
• Add timer interface for OpenMetrics(Prometheus) Provider by @​yashrsharma44 in #​387
• [Rate-limit provider]: Add token bucket implementation of rate-limiter by @​MalloZup in #​386
• Add OpenMetrics(Prometheus) in the provider module by @​yashrsharma44 in #​379
• v2: Client unary interceptor timeout on v2 branch by @​instabledesign in #​330
• add onRetryCallback callback function by @​shamil in #​405
• v2: validator support for protoc-gen-validate 0.6.0 by @​danielhochman in #​418
• v2: Refactor metrics interceptor and fix tests by @​ash2k in #​413
• Support customization of timestamp format (v2 branch) by @​stanhu in #​399
• Fixed misleading comments in the interceptor file by @​iamrajiv in #​424
• v2: Switch from github.com/go-kit/kit to github.com/go-kit/log interfaces by @​liggitt in #​427
• v2: Add support for the phuslog logging provider by @​ogimenezb in #​425
• v2:providers/zap: fix caller annotation by @​jkawamoto in #​432
• Added Dependabot by @​iamrajiv in #​376
• Added a Copyright check in the Makefile by [@​yashrsharma44](https://redirect.

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

To execute skipped test pipelines write comment /ok-to-test.

---

Documentation

Find out how to configure dependency updates in MintMaker documentation or see all available configuration options in Renovate documentation.

[red-hat-konflux]

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: go.sum

Command failed: go mod tidy
go: downloading github.com/grpc-ecosystem/go-grpc-middleware/v2 v2.3.3
go: downloading github.com/theupdateframework/go-tuf/v2 v2.4.1
go: downloading github.com/sassoftware/relic/v8 v8.2.0
go: downloading github.com/tink-crypto/tink-go-awskms/v3 v3.0.0
go: downloading github.com/mattn/go-sqlite3 v1.14.44
go: downloading cloud.google.com/go/pubsub v1.50.2
go: downloading github.com/go-openapi/testify/v2 v2.5.0
go: downloading github.com/lib/pq v1.12.0
go: downloading github.com/onsi/gomega v1.25.0
go: downloading github.com/onsi/ginkgo v1.16.5
go: downloading github.com/hashicorp/go-hclog v1.6.3
go: downloading k8s.io/api v0.35.3
go: downloading github.com/go-openapi/testify/enable/yaml/v2 v2.5.0
go: downloading github.com/bsm/ginkgo/v2 v2.12.0
go: downloading github.com/bsm/gomega v1.27.10
go: downloading github.com/codahale/rfc6979 v0.0.0-20141003034818-6a90f24967eb
go: downloading github.com/go-openapi/swag/jsonutils/fixtures_test v0.26.0
go: downloading gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c
go: downloading github.com/frankban/quicktest v1.14.6
go: downloading github.com/zeebo/xxh3 v1.1.0
go: downloading github.com/google/go-replayers/grpcreplay v1.3.0
go: downloading github.com/google/go-replayers/httpreplay v1.2.0
go: downloading go.opentelemetry.io/otel/exporters/stdout/stdoutmetric v1.43.0
go: downloading github.com/Azure/azure-sdk-for-go/sdk/azidentity/cache v0.3.2
go: downloading github.com/Azure/azure-sdk-for-go v68.0.0+incompatible
go: downloading github.com/golang/protobuf v1.5.4
go: downloading github.com/go-test/deep v1.1.1
go: downloading github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/cloudmock v0.56.0
go: downloading github.com/fatih/color v1.18.0
go: downloading github.com/mattn/go-colorable v0.1.14
go: downloading github.com/mattn/go-isatty v0.0.20
go: downloading gonum.org/v1/gonum v0.17.0
go: downloading github.com/envoyproxy/go-control-plane v0.14.0
go: downloading github.com/google/martian/v3 v3.3.3
go: downloading github.com/kr/pretty v0.3.1
go: downloading cloud.google.com/go/logging v1.18.0
go: downloading cloud.google.com/go/trace v1.16.0
go: downloading github.com/stretchr/objx v0.5.2
go: downloading github.com/kr/text v0.2.0
go: downloading github.com/rogpeppe/go-internal v1.14.1
go: downloading github.com/klauspost/cpuid/v2 v2.2.10
go: downloading go.einride.tech/aip v0.83.0
go: downloading github.com/golang/groupcache v0.0.0-20241129210726-2c02b8208cf8
go: downloading github.com/envoyproxy/go-control-plane/ratelimit v0.1.0
go: downloading github.com/nxadm/tail v1.4.11
go: downloading github.com/ProtonMail/go-crypto v1.0.0
go: downloading gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7
go: downloading github.com/cloudflare/circl v1.3.8
go: downloading k8s.io/apimachinery v0.35.3
go: downloading sigs.k8s.io/randfill v1.0.0
go: downloading k8s.io/utils v0.0.0-20251002143259-bc988d571ff4
go: downloading sigs.k8s.io/json v0.0.0-20250730193827-2d320260d730
go: downloading gopkg.in/inf.v0 v0.9.1
go: downloading sigs.k8s.io/structured-merge-diff/v6 v6.3.0
go: downloading k8s.io/kube-openapi v0.0.0-20250910181357-589584f1c912
go: downloading github.com/json-iterator/go v1.1.12
go: downloading github.com/modern-go/reflect2 v1.0.3-0.20250322232337-35a7c28c31ee
go: downloading github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd
go: downloading github.com/AzureAD/microsoft-authentication-extensions-for-go/cache v0.1.1
go: downloading github.com/keybase/go-keychain v0.0.1
go: finding module for package github.com/theupdateframework/go-tuf/v2
go: finding module for package github.com/theupdateframework/go-tuf/v2/verify
go: finding module for package github.com/theupdateframework/go-tuf/v2/data
go: finding module for package github.com/theupdateframework/go-tuf/v2/pkg/keys
go: finding module for package github.com/grpc-ecosystem/go-grpc-middleware/v2/retry
go: finding module for package cloud.google.com/go/pubsub/v2/v2
go: finding module for package github.com/theupdateframework/go-tuf/v2/pkg/deprecated/set_ecdsa
go: github.com/sigstore/rekor/pkg/pki/tuf imports
	github.com/theupdateframework/go-tuf/v2/data: module github.com/theupdateframework/go-tuf/v2@latest found (v2.4.1), but does not contain package github.com/theupdateframework/go-tuf/v2/data
go: github.com/sigstore/rekor/pkg/pki/tuf imports
	github.com/theupdateframework/go-tuf/v2/pkg/keys: module github.com/theupdateframework/go-tuf/v2@latest found (v2.4.1), but does not contain package github.com/theupdateframework/go-tuf/v2/pkg/keys
go: github.com/sigstore/rekor/pkg/pki/tuf imports
	github.com/theupdateframework/go-tuf/v2/verify: module github.com/theupdateframework/go-tuf/v2@latest found (v2.4.1), but does not contain package github.com/theupdateframework/go-tuf/v2/verify
go: github.com/sigstore/rekor/pkg/pubsub/gcp imports
	cloud.google.com/go/pubsub/v2/v2: module cloud.google.com/go/pubsub/v2@latest found (v2.6.0), but does not contain package cloud.google.com/go/pubsub/v2/v2
go: github.com/sigstore/rekor/pkg/signer imports
	github.com/grpc-ecosystem/go-grpc-middleware/v2/retry: module github.com/grpc-ecosystem/go-grpc-middleware/v2@latest found (v2.3.3), but does not contain package github.com/grpc-ecosystem/go-grpc-middleware/v2/retry
go: github.com/sigstore/rekor/pkg/types/tuf/v0.0.1 imports
	github.com/theupdateframework/go-tuf/v2/pkg/deprecated/set_ecdsa: module github.com/theupdateframework/go-tuf/v2@latest found (v2.4.1), but does not contain package github.com/theupdateframework/go-tuf/v2/pkg/deprecated/set_ecdsa
go: github.com/sigstore/rekor/pkg/pki/tuf tested by
	github.com/sigstore/rekor/pkg/pki/tuf.test imports
	github.com/theupdateframework/go-tuf/v2: module github.com/theupdateframework/go-tuf/v2@latest found (v2.4.1), but does not contain package github.com/theupdateframework/go-tuf/v2