Skip to content

chore(deps): bump the go group across 1 directory with 24 updates#1158

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/go_modules/go-5e064b6f3e
Open

chore(deps): bump the go group across 1 directory with 24 updates#1158
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/go_modules/go-5e064b6f3e

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 7, 2026

Copy link
Copy Markdown
Contributor

Bumps the go group with 17 updates in the / directory:

Package From To
github.com/elazarl/goproxy 1.7.2 1.8.4
github.com/getkin/kin-openapi 0.132.0 0.142.0
github.com/getsentry/sentry-go 0.45.1 0.47.0
github.com/go-git/go-git/v5 5.16.0 5.19.1
github.com/go-logr/logr 1.4.2 1.4.3
github.com/golang-jwt/jwt/v5 5.3.0 5.3.1
github.com/labstack/echo/v4 4.13.3 4.15.4
github.com/oapi-codegen/oapi-codegen/v2 2.5.0 2.7.2
github.com/oapi-codegen/runtime 1.1.2 1.5.0
github.com/onsi/ginkgo/v2 2.23.4 2.32.0
github.com/prometheus/client_golang 1.19.1 1.23.2
github.com/spf13/cobra 1.9.1 1.10.2
github.com/spf13/viper 1.20.1 1.21.0
k8s.io/apimachinery 0.33.0 0.36.2
k8s.io/client-go 0.33.0 0.36.2
k8s.io/metrics 0.33.0 0.36.2
sigs.k8s.io/controller-runtime 0.20.4 0.24.1

Updates github.com/elazarl/goproxy from 1.7.2 to 1.8.4

Release notes

Sourced from github.com/elazarl/goproxy's releases.

v1.8.4

What's Changed

New Contributors

Full Changelog: elazarl/goproxy@v1.8.3...v1.8.4

v1.8.3

What's Changed

New Contributors

Full Changelog: elazarl/goproxy@v1.8.2...v1.8.3

v1.8.2

What's Changed

New Contributors

Full Changelog: elazarl/goproxy@v1.8.1...v1.8.2

v1.8.1

What's Changed

Full Changelog: elazarl/goproxy@v1.8.0...v1.8.1

v1.8.0

What's Changed

... (truncated)

Commits
  • 636207d fix: append headers instead of overwriting when keepDestHeaders is true (#771)
  • 6584eee fix: restore examples module health and clarify sample apps (#780)
  • 038e3b9 fix(https): close client connection when target connection errors (#779)
  • e493e1c Avoid chunked response when there is http.NoBody (#776)
  • f97c264 Remove insecure skip verify from origin transport (#774)
  • a89a8d6 http: forward upstream response trailers (#773)
  • 7d1c3b5 Add test to verify that the response handler can add a value to a header with...
  • 5013f6d docs: add missing godoc comments to exported symbols (#768)
  • 3c677be Merge pull request #770 from Yanhu007/fix/304-transfer-encoding
  • 503e66e fix: don't set Transfer-Encoding: chunked on 304 responses
  • Additional commits viewable in compare view

Updates github.com/getkin/kin-openapi from 0.132.0 to 0.142.0

Release notes

Sourced from github.com/getkin/kin-openapi's releases.

v0.142.0

What's Changed

Full Changelog: getkin/kin-openapi@v0.141.0...v0.142.0

v0.141.0

What's Changed

New Contributors

Full Changelog: getkin/kin-openapi@v0.140.0...v0.141.0

v0.140.0

What's Changed

Full Changelog: getkin/kin-openapi@v0.139.0...v0.140.0

v0.139.0

What's Changed

... (truncated)

Commits
  • 1223a0f openapi3filter: fix unbounded allocation in deepObject array decoding (C-02)
  • 61f37b6 openapi3: move a test file under a test package
  • eab5230 openapi3: fix test that relied on now non-resolving domain
  • 1d0a337 Merge commit from fork
  • 98d9564 qol: Makefile for shorthand commands + preflight scripts (#1217)
  • b5bb6bc openapi3: make operation responses optional for 3.1+ (#1214)
  • ae6bf33 openapi3: support OAS 3.2 itemSchema (#1213)
  • 1b54e4c docs: Go Report Card has been sunset (#1210)
  • 4a0d049 origin: record scalar-valued map keys for location lookup (#1208)
  • 26c42cf openapi3: record block end on Origin.Key (EndLine/EndColumn) (#1207)
  • Additional commits viewable in compare view

Updates github.com/getsentry/sentry-go from 0.45.1 to 0.47.0

Release notes

Sourced from github.com/getsentry/sentry-go's releases.

0.47.0

Breaking Changes 🛠

  • Fix transaction_info source getting set incorrectly across HTTP middleware integrations (http, fasthttp, fiber). Users should now expect traces to properly get grouped with their parameterized path. Transactions in affected integrations may regroup after upgrading. by @​giortzisg in #1325
  • remove deprecatedotel.NewSentrySpanProcessor. Users should now use the sentryotlp.NewTraceExporter instead by @​giortzisg in #1307
    // Before
    sentry.Init(sentry.ClientOptions{Dsn: dsn, EnableTracing: true, TracesSampleRate: 1.0})
    tp := sdktrace.NewTracerProvider(
    sdktrace.WithSpanProcessor(sentryotel.NewSentrySpanProcessor()),
    )
    otel.SetTextMapPropagator(sentryotel.NewSentryPropagator())
    otel.SetTracerProvider(tp)
    // After:
    sentry.Init(sentry.ClientOptions{
    Dsn: dsn, EnableTracing: true, TracesSampleRate: 1.0,
    Integrations: func(i []sentry.Integration) []sentry.Integration {
    return append(i, sentryotel.NewOtelIntegration())
    },
    })
    exporter, _ := sentryotlp.NewTraceExporter(ctx, dsn)
    tp := sdktrace.NewTracerProvider(sdktrace.WithBatcher(exporter))
    otel.SetTracerProvider(tp)

  • Enable logs by default to skip double allow behavior. Enabling logs now happens once when setting up either sentry.NewLogger or any supported integration. Also the EnableLogs flag changes to DisableLogs for a global override switch by @​giortzisg in #1306
  • Remove the ContextifyFrames integration. The recommended way to add source context is SCM by @​giortzisg in #1302

New Features ✨

  • Add fiber v3 integration by @​giortzisg in #1324
  • Bump fasthttp from 1.51.0 to 1.71.0 by @​giortzisg in #1324
  • Add sentrysql SQL tracing integration by @​giortzisg in #1305
    • Supports multiple integration paths depending on how your app opens database connections: sentrysql.Open(...), sentrysql.OpenDB(...), and wrapped drivers/connectors for custom setups.
    • Database metadata is not inferred in every setup. If the database name is not discoverable automatically, pass sentrysql.WithDatabaseName(...) so spans are populated correctly.
    • Example:
     // Simple driver-based setup
     db, err := sentrysql.Open("sqlite", ":memory:",
         sentrysql.WithDatabaseSystem(sentrysql.SystemSQLite),
         sentrysql.WithDatabaseName("main"),
     )

Internal Changes 🔧

Deps

... (truncated)

Changelog

Sourced from github.com/getsentry/sentry-go's changelog.

0.47.0

Breaking Changes 🛠

  • Fix transaction_info source getting set incorrectly across HTTP middleware integrations (http, fasthttp, fiber). Users should now expect traces to properly get grouped with their parameterized path. Transactions in affected integrations may regroup after upgrading. by @​giortzisg in #1325
  • remove deprecatedotel.NewSentrySpanProcessor. Users should now use the sentryotlp.NewTraceExporter instead by @​giortzisg in #1307
    // Before
    sentry.Init(sentry.ClientOptions{Dsn: dsn, EnableTracing: true, TracesSampleRate: 1.0})
    tp := sdktrace.NewTracerProvider(
    sdktrace.WithSpanProcessor(sentryotel.NewSentrySpanProcessor()),
    )
    otel.SetTextMapPropagator(sentryotel.NewSentryPropagator())
    otel.SetTracerProvider(tp)
    // After:
    sentry.Init(sentry.ClientOptions{
    Dsn: dsn, EnableTracing: true, TracesSampleRate: 1.0,
    Integrations: func(i []sentry.Integration) []sentry.Integration {
    return append(i, sentryotel.NewOtelIntegration())
    },
    })
    exporter, _ := sentryotlp.NewTraceExporter(ctx, dsn)
    tp := sdktrace.NewTracerProvider(sdktrace.WithBatcher(exporter))
    otel.SetTracerProvider(tp)

  • Enable logs by default to skip double allow behavior. Enabling logs now happens once when setting up either sentry.NewLogger or any supported integration. Also the EnableLogs flag changes to DisableLogs for a global override switch by @​giortzisg in #1306
  • Remove the ContextifyFrames integration. The recommended way to add source context is SCM by @​giortzisg in #1302

New Features ✨

  • Add fiber v3 integration by @​giortzisg in #1324
  • Bump fasthttp from 1.51.0 to 1.71.0 by @​giortzisg in #1324
  • Add sentrysql SQL tracing integration by @​giortzisg in #1305
    • Supports multiple integration paths depending on how your app opens database connections: sentrysql.Open(...), sentrysql.OpenDB(...), and wrapped drivers/connectors for custom setups.
    • Database metadata is not inferred in every setup. If the database name is not discoverable automatically, pass sentrysql.WithDatabaseName(...) so spans are populated correctly.
    • Example:
     // Simple driver-based setup
     db, err := sentrysql.Open("sqlite", ":memory:",
         sentrysql.WithDatabaseSystem(sentrysql.SystemSQLite),
         sentrysql.WithDatabaseName("main"),
     )

Internal Changes 🔧

Deps

... (truncated)

Commits

Updates github.com/go-git/go-git/v5 from 5.16.0 to 5.19.1

Release notes

Sourced from github.com/go-git/go-git/v5's releases.

v5.19.1

What's Changed

Full Changelog: go-git/go-git@v5.19.0...v5.19.1

v5.19.0

What's Changed

Full Changelog: go-git/go-git@v5.18.0...v5.19.0

v5.18.0

What's Changed

Full Changelog: go-git/go-git@v5.17.2...v5.18.0

v5.17.2

What's Changed

⚠️ This release fixes a bug (go-git/go-git#1942) that blocked some users from upgrading to v5.17.1. Thanks @​pskrbasu for reporting it. 🙇

Full Changelog: go-git/go-git@v5.17.1...v5.17.2

v5.17.1

What's Changed

... (truncated)

Commits
  • 3c3be60 Merge pull request #2137 from go-git/validate-v5
  • 3fba897 plumbing: format/packfile, cap delta chain depth in parser
  • a97d660 Merge pull request #2125 from hiddeco/v5/format-input-bounds
  • aeaa125 plumbing: format/objfile, require Header before Read
  • 1f38e17 plumbing: format/packfile, bound inflate size
  • f7545a0 plumbing: format/idxfile, bound nr by file size
  • 170b881 Merge pull request #2116 from pjbgf/symlink-v5
  • 7b6d994 Merge pull request #2117 from hiddeco/v5/worktree-fs-mkdirall-root-noop
  • f0709b3 git: Stop validating symlink target paths
  • 776d00f git: Allow MkdirAll on worktree-root paths
  • Additional commits viewable in compare view

Updates github.com/go-logr/logr from 1.4.2 to 1.4.3

Release notes

Sourced from github.com/go-logr/logr's releases.

v1.4.3

Minor release.

What's Changed

New Contributors

Full Changelog: go-logr/logr@v1.4.2...v1.4.3

Commits
  • 38a1c47 build(deps): bump github/codeql-action from 3.28.17 to 3.28.18
  • f08bedd build(deps): bump actions/setup-go from 5.4.0 to 5.5.0
  • 6295e99 build(deps): bump golangci/golangci-lint-action from 7.0.0 to 8.0.0
  • 028840d build(deps): bump github/codeql-action from 3.28.15 to 3.28.17
  • 511e5fa Merge pull request #367 from go-logr/dependabot/github_actions/github/codeql-...
  • d806463 build(deps): bump github/codeql-action from 3.28.13 to 3.28.15
  • 158c311 Merge pull request #366 from thockin/master
  • c79ddb3 Update to support golangci-lint v2
  • 20a64ba build(deps): bump github/codeql-action from 3.28.12 to 3.28.13
  • 0385e14 Add comments around slog exceptions
  • Additional commits viewable in compare view

Updates github.com/golang-jwt/jwt/v5 from 5.3.0 to 5.3.1

Release notes

Sourced from github.com/golang-jwt/jwt/v5's releases.

v5.3.1

What's Changed

🔐 Features

👒 Dependencies

New Contributors

Full Changelog: golang-jwt/jwt@v5.3.0...v5.3.1

Commits
  • 7ceae61 Add release.yml for changelog configuration
  • dce8e4d Set token.Signature in ParseUnverified (#414)
  • 8889e20 Save signature to Token struct after successful signing (#417)
  • d237f82 ci: update github-actions schedule interval to monthly
  • d8dce95 Bump crate-ci/typos from 1.41.0 to 1.42.1 (#492)
  • e931803 Bump crate-ci/typos from 1.40.0 to 1.41.0 (#490)
  • e6a0afa Bump actions/checkout from 5 to 6 (#487)
  • 9f85c9e Bump crate-ci/typos from 1.39.0 to 1.40.0 (#488)
  • 60a8669 Bump actions/setup-go from 5 to 6 (#469)
  • 76f5828 Remove misleading ParserOptions documentation (#484)
  • Additional commits viewable in compare view

Updates github.com/labstack/echo/v4 from 4.13.3 to 4.15.4

Release notes

Sourced from github.com/labstack/echo/v4's releases.

v4.15.4

Security

Fixes GHSA-vfp3-v2gw-7wfq: an encoded path separator (%2F or %5C) in a static file URL could bypass route-level middleware (e.g. authentication on a sibling route) and disclose static files. Both StaticDirectoryHandler (used by Static/StaticFS) and the Static middleware are affected. Backport of the v5 fix (#3016, released in v5.2.1). Thanks to @​a-tt-om and @​oran-gugu for reporting.


Make serving static file releated methods and middleware not unescape path by default - so how the way Router interprets paths and Static methods/middleware is consistent.

Given following situation:

// 0.
// given folder structure:
// private.txt
// public/
// public/index.html
// public/text.txt
// public/admin/private.txt
// 1. share public/ folder contents from the server root. This folder actually contains subfolder admin which
// contents we want to forbid from downloading
e.Static("/", "public")
// 2. naively assume that everything under /admin folder is now forbidden
e.GET("/admin/*", func(c *Context) error {
return ErrForbidden
})

Then requests to /admin%2fprivate.txt would not be matched to GET /admin/* route (routing does not look unescaped path) and static file serving will use unescaped path to serve the file.

Note: this way of "guarding" subfolders will never work for for paths like /assets/../admin%2fprivate.txt which will path.Clean("/assets/../admin%2fprivate.txt") to /admin/private.txt and are servable if static file serving is configured to unescape paths.

If you want to guard routes - use middlewares on Static* methods and before Static middleware.

Breaking change / migration: If you serve files whose names contain URL-encoded characters (e.g., /hello%20world.txthello world.txt), you must now opt in:

	e := echo.New()
	e.EnablePathUnescapingStaticFiles = true  // <-- enable old behavior
	e.Static("/", "public")

for static middleware

	e.Use(middleware.StaticWithConfig(middleware.StaticConfig{
		EnablePathUnescaping: true, // <-- enable old behavior
	}))

... (truncated)

Changelog

Sourced from github.com/labstack/echo/v4's changelog.

v4.15.4 - 2026-06-15

Security

Fixes GHSA-vfp3-v2gw-7wfq

Make serving static file releated methods and middleware not unescape path by default - so how the way Router interprets paths and Static methods/middleware is consistent.

Given following situation:

// 0.
// given folder structure:
// private.txt
// public/
// public/index.html
// public/text.txt
// public/admin/private.txt
// 1. share public/ folder contents from the server root. This folder actually contains subfolder admin which
// contents we want to forbid from downloading
e.Static("/", "public")
// 2. naively assume that everything under /admin folder is now forbidden
e.GET("/admin/*", func(c *Context) error {
return ErrForbidden
})

Then requests to /admin%2fprivate.txt would not be matched to GET /admin/* route (routing does not look unescaped path) and static file serving will use unescaped path to serve the file.

Note: this way of "guarding" subfolders will never work for for paths like /assets/../admin%2fprivate.txt which will path.Clean("/assets/../admin%2fprivate.txt") to /admin/private.txt and are servable if static file serving is configured to unescape paths.

If you want to guard routes - use middlewares on Static* methods and before Static middleware.

Breaking change / migration: If you serve files whose names contain URL-encoded characters (e.g., /hello%20world.txthello world.txt), you must now opt in:

	e := echo.New()
	e.EnablePathUnescapingStaticFiles = true  // <-- enable old behavior
	e.Static("/", "public")

for static middleware

	e.Use(middleware.StaticWithConfig(middleware.StaticConfig{
		EnablePathUnescaping: true, // <-- enable old behavior
	}))

v4.15.3 - 2026-06-14

... (truncated)

Commits
  • ec79b58 Merge pull request #3020 from aldas/v4_v4-15-4_changelog
  • 2714c07 Changelog for v4.15.4 - security fix
  • 13f0ed1 Merge pull request #3019 from aldas/v4_backport_3016
  • d16a4ec backport PR 3016 from v4
  • 8f167b9 Merge pull request #3018 from aldas/v4_remove_v5_dep
  • 9afa4ba remove dependency on labstack/echo v5 introduced in go.mod and go.sum
  • 1e05f63 Merge pull request #3017 from aldas/v4_ci_updates
  • 11a3cc4 Update dependencies and add ignore for linting
  • 26bd016 Update CI action versions
  • aa52f6a ci: run workflows on the v4 branch, not just master (#3013)
  • Additional commits viewable in compare view

Updates github.com/labstack/gommon from 0.4.2 to 0.5.0

Release notes

Sourced from github.com/labstack/gommon's releases.

v0.5.0

Highlights

  • email: SMTPS / implicit TLS on port 465. smtp.SendMail only speaks plain + STARTTLS, so Resend/SendGrid/etc. on :465 hang on the handshake. Detect port 465 and dial TLS directly. Added Email.TLSConfig (custom root pool / ServerName; always cloned per send) and Email.DialTimeout (scoped to the TCP/TLS connect phase).
  • email: no silent cleartext downgrade. Drive Hello() explicitly so a failed EHLO can't be swallowed and mis-read as "STARTTLS not advertised".
  • log: silence 14 go vet printf warnings. Split the internal log() method; public signatures unchanged. TestCallerFile guards the runtime.Caller skip.
  • random: fix sync.Pool copy in New(). Construct the pool directly on the struct — sync.Pool must not be copied after first use.

Toolchain (breaking)

  • Go directive bumped 1.181.23.0 to align with labstack/echo. Consumers on Go <1.23 should stay on v0.4.2.
  • CI matrix: 1.23 / 1.24 / 1.25 / 1.26 × ubuntu / macos / windows.
  • Deps refreshed: testify 1.8.4 → 1.11.1, go-colorable 0.1.13 → 0.1.14, go-isatty 0.0.20 → 0.0.21, x/sys 0.15.0 → 0.29.0 (highest that still supports Go 1.23).

Non-breaking code changes

  • bytes/bytes_test.go: replaced Parse(\"8EiB\") assertions with Parse(\"7EiB\") — 2^63 overflowed int64 and relied on implementation-defined float-to-int behavior.

Full diff

labstack/gommon#62

Commits

Updates github.com/oapi-codegen/oapi-codegen/v2 from 2.5.0 to 2.7.2

Release notes

Sourced from github.com/oapi-codegen/oapi-codegen/v2's releases.

v2.7.2 More fixes for code injection issues

String escaping fixes due to more code injection issues

We've had two more code injection issues reported in oapi-codegen, thanks @​Gal3M, @​mrostamipoor for these findings.

These specific issues are now patches in the main branch and in this v2.7.2 release.

You shouldn't blindly trust OpenAPI specs

This code wasn't originally written assuming code generation from random specs from the internet, and it never took any measures to protect itself from malicious specifications, the assumption being that you control your specification, and that you actually look over generated code.

For example, all these RCE exploits rely on using the package init() function in the generated code to run some malicious code at package startup. A way to test for this is to see whether an init() function is emitted, which we currently don't do.

When working with OpenAPI specifications, especially specs you find on remote servers, you should download the spec locally, run some kind of spec validator on it, like openapi-spec-validator, and only then feed it into oapi-codegen. We're very permissive in accepting broken specifications, intentionally, since people feed a lot of garbage input, but this flexibility also makes us weak to these kinds of attacks. There are hundreds of injection sites in oapi-codegen based on my survey.

For the next minor release, v2.8.0, we're going to validate the spec before code generation (oapi-codegen/oapi-codegen#2435), however, since this introduces a new set of failure modes, I don't want to include it in a maintenance release version. The future release is resilient against many forms of injection, and the spec validation has the added benefit that it can generate meaningful error messages for garbage input, where currently, we generate non-compiling code.

Until then, please do sanity checks on your input specifications, on the generated output, and don't fetch specs from the internet in your build, commit both the spec locally into your source control, and go through code review. In our repo, we've hooked up

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Jul 7, 2026
@dependabot dependabot Bot requested review from a team and olevski as code owners July 7, 2026 13:03
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Jul 7, 2026
@dependabot dependabot Bot force-pushed the dependabot/go_modules/go-5e064b6f3e branch from 4c7e052 to 6459000 Compare July 10, 2026 01:44
Bumps the go group with 17 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [github.com/elazarl/goproxy](https://github.com/elazarl/goproxy) | `1.7.2` | `1.8.4` |
| [github.com/getkin/kin-openapi](https://github.com/getkin/kin-openapi) | `0.132.0` | `0.142.0` |
| [github.com/getsentry/sentry-go](https://github.com/getsentry/sentry-go) | `0.45.1` | `0.47.0` |
| [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) | `5.16.0` | `5.19.1` |
| [github.com/go-logr/logr](https://github.com/go-logr/logr) | `1.4.2` | `1.4.3` |
| [github.com/golang-jwt/jwt/v5](https://github.com/golang-jwt/jwt) | `5.3.0` | `5.3.1` |
| [github.com/labstack/echo/v4](https://github.com/labstack/echo) | `4.13.3` | `4.15.4` |
| [github.com/oapi-codegen/oapi-codegen/v2](https://github.com/oapi-codegen/oapi-codegen) | `2.5.0` | `2.7.2` |
| [github.com/oapi-codegen/runtime](https://github.com/oapi-codegen/runtime) | `1.1.2` | `1.5.0` |
| [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo) | `2.23.4` | `2.32.0` |
| [github.com/prometheus/client_golang](https://github.com/prometheus/client_golang) | `1.19.1` | `1.23.2` |
| [github.com/spf13/cobra](https://github.com/spf13/cobra) | `1.9.1` | `1.10.2` |
| [github.com/spf13/viper](https://github.com/spf13/viper) | `1.20.1` | `1.21.0` |
| [k8s.io/apimachinery](https://github.com/kubernetes/apimachinery) | `0.33.0` | `0.36.2` |
| [k8s.io/client-go](https://github.com/kubernetes/client-go) | `0.33.0` | `0.36.2` |
| [k8s.io/metrics](https://github.com/kubernetes/metrics) | `0.33.0` | `0.36.2` |
| [sigs.k8s.io/controller-runtime](https://github.com/kubernetes-sigs/controller-runtime) | `0.20.4` | `0.24.1` |



Updates `github.com/elazarl/goproxy` from 1.7.2 to 1.8.4
- [Release notes](https://github.com/elazarl/goproxy/releases)
- [Commits](elazarl/goproxy@v1.7.2...v1.8.4)

Updates `github.com/getkin/kin-openapi` from 0.132.0 to 0.142.0
- [Release notes](https://github.com/getkin/kin-openapi/releases)
- [Commits](getkin/kin-openapi@v0.132.0...v0.142.0)

Updates `github.com/getsentry/sentry-go` from 0.45.1 to 0.47.0
- [Release notes](https://github.com/getsentry/sentry-go/releases)
- [Changelog](https://github.com/getsentry/sentry-go/blob/master/CHANGELOG.md)
- [Commits](getsentry/sentry-go@v0.45.1...v0.47.0)

Updates `github.com/go-git/go-git/v5` from 5.16.0 to 5.19.1
- [Release notes](https://github.com/go-git/go-git/releases)
- [Changelog](https://github.com/go-git/go-git/blob/main/HISTORY.md)
- [Commits](go-git/go-git@v5.16.0...v5.19.1)

Updates `github.com/go-logr/logr` from 1.4.2 to 1.4.3
- [Release notes](https://github.com/go-logr/logr/releases)
- [Changelog](https://github.com/go-logr/logr/blob/master/CHANGELOG.md)
- [Commits](go-logr/logr@v1.4.2...v1.4.3)

Updates `github.com/golang-jwt/jwt/v5` from 5.3.0 to 5.3.1
- [Release notes](https://github.com/golang-jwt/jwt/releases)
- [Commits](golang-jwt/jwt@v5.3.0...v5.3.1)

Updates `github.com/labstack/echo/v4` from 4.13.3 to 4.15.4
- [Release notes](https://github.com/labstack/echo/releases)
- [Changelog](https://github.com/labstack/echo/blob/v4.15.4/CHANGELOG.md)
- [Commits](labstack/echo@v4.13.3...v4.15.4)

Updates `github.com/labstack/gommon` from 0.4.2 to 0.5.0
- [Release notes](https://github.com/labstack/gommon/releases)
- [Commits](labstack/gommon@v0.4.2...v0.5.0)

Updates `github.com/oapi-codegen/oapi-codegen/v2` from 2.5.0 to 2.7.2
- [Release notes](https://github.com/oapi-codegen/oapi-codegen/releases)
- [Commits](oapi-codegen/oapi-codegen@v2.5.0...v2.7.2)

Updates `github.com/oapi-codegen/runtime` from 1.1.2 to 1.5.0
- [Release notes](https://github.com/oapi-codegen/runtime/releases)
- [Commits](oapi-codegen/runtime@v1.1.2...v1.5.0)

Updates `github.com/oasdiff/yaml` from 0.0.0-20250309154309-f31be36b4037 to 0.1.1
- [Release notes](https://github.com/oasdiff/yaml/releases)
- [Commits](https://github.com/oasdiff/yaml/commits/v0.1.1)

Updates `github.com/onsi/ginkgo/v2` from 2.23.4 to 2.32.0
- [Release notes](https://github.com/onsi/ginkgo/releases)
- [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md)
- [Commits](onsi/ginkgo@v2.23.4...v2.32.0)

Updates `github.com/onsi/gomega` from 1.37.0 to 1.40.0
- [Release notes](https://github.com/onsi/gomega/releases)
- [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md)
- [Commits](onsi/gomega@v1.37.0...v1.40.0)

Updates `github.com/prometheus/client_golang` from 1.19.1 to 1.23.2
- [Release notes](https://github.com/prometheus/client_golang/releases)
- [Changelog](https://github.com/prometheus/client_golang/blob/main/CHANGELOG.md)
- [Commits](prometheus/client_golang@v1.19.1...v1.23.2)

Updates `github.com/spf13/cobra` from 1.9.1 to 1.10.2
- [Release notes](https://github.com/spf13/cobra/releases)
- [Commits](spf13/cobra@v1.9.1...v1.10.2)

Updates `github.com/spf13/pflag` from 1.0.6 to 1.0.9
- [Release notes](https://github.com/spf13/pflag/releases)
- [Commits](spf13/pflag@v1.0.6...v1.0.9)

Updates `github.com/spf13/viper` from 1.20.1 to 1.21.0
- [Release notes](https://github.com/spf13/viper/releases)
- [Commits](spf13/viper@v1.20.1...v1.21.0)

Updates `github.com/stretchr/testify` from 1.10.0 to 1.11.1
- [Release notes](https://github.com/stretchr/testify/releases)
- [Commits](stretchr/testify@v1.10.0...v1.11.1)

Updates `golang.org/x/sys` from 0.32.0 to 0.46.0
- [Commits](golang/sys@v0.32.0...v0.46.0)

Updates `k8s.io/apimachinery` from 0.33.0 to 0.36.2
- [Commits](kubernetes/apimachinery@v0.33.0...v0.36.2)

Updates `k8s.io/client-go` from 0.33.0 to 0.36.2
- [Changelog](https://github.com/kubernetes/client-go/blob/master/CHANGELOG.md)
- [Commits](kubernetes/client-go@v0.33.0...v0.36.2)

Updates `k8s.io/metrics` from 0.33.0 to 0.36.2
- [Commits](kubernetes/metrics@v0.33.0...v0.36.2)

Updates `k8s.io/utils` from 0.0.0-20241104100929-3ea5e8cea738 to 0.0.0-20260210185600-b8788abfbbc2
- [Commits](https://github.com/kubernetes/utils/commits)

Updates `sigs.k8s.io/controller-runtime` from 0.20.4 to 0.24.1
- [Release notes](https://github.com/kubernetes-sigs/controller-runtime/releases)
- [Changelog](https://github.com/kubernetes-sigs/controller-runtime/blob/main/RELEASE.md)
- [Commits](kubernetes-sigs/controller-runtime@v0.20.4...v0.24.1)

---
updated-dependencies:
- dependency-name: github.com/elazarl/goproxy
  dependency-version: 1.8.4
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: github.com/getkin/kin-openapi
  dependency-version: 0.140.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: github.com/getsentry/sentry-go
  dependency-version: 0.47.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: github.com/go-git/go-git/v5
  dependency-version: 5.19.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: github.com/go-logr/logr
  dependency-version: 1.4.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go
- dependency-name: github.com/golang-jwt/jwt/v5
  dependency-version: 5.3.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go
- dependency-name: github.com/labstack/echo/v4
  dependency-version: 4.15.4
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: github.com/labstack/gommon
  dependency-version: 0.5.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: github.com/oapi-codegen/oapi-codegen/v2
  dependency-version: 2.7.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: github.com/oapi-codegen/runtime
  dependency-version: 1.4.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: github.com/oasdiff/yaml
  dependency-version: 0.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: github.com/onsi/ginkgo/v2
  dependency-version: 2.32.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: github.com/onsi/gomega
  dependency-version: 1.40.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: github.com/prometheus/client_golang
  dependency-version: 1.23.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: github.com/spf13/cobra
  dependency-version: 1.10.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: github.com/spf13/pflag
  dependency-version: 1.0.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go
- dependency-name: github.com/spf13/viper
  dependency-version: 1.21.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: github.com/stretchr/testify
  dependency-version: 1.11.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: golang.org/x/sys
  dependency-version: 0.46.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: k8s.io/apimachinery
  dependency-version: 0.36.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: k8s.io/client-go
  dependency-version: 0.36.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: k8s.io/metrics
  dependency-version: 0.36.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: k8s.io/utils
  dependency-version: 0.0.0-20260210185600-b8788abfbbc2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go
- dependency-name: sigs.k8s.io/controller-runtime
  dependency-version: 0.24.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/go_modules/go-5e064b6f3e branch from 6459000 to d12c265 Compare July 13, 2026 01:45
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file go Pull requests that update Go code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants