Skip to content

chore(deps): bump the go group across 1 directory with 21 updates#1171

Merged
sgaist merged 8 commits into
mainfrom
dependabot/go_modules/go-1f0d8d9b01
Jul 16, 2026
Merged

chore(deps): bump the go group across 1 directory with 21 updates#1171
sgaist merged 8 commits into
mainfrom
dependabot/go_modules/go-1f0d8d9b01

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 15, 2026

Copy link
Copy Markdown
Contributor

Bumps the go group with 15 updates in the / directory:

Package From To
github.com/elazarl/goproxy 1.7.2 1.8.4
github.com/getkin/kin-openapi 0.132.0 0.142.0
github.com/getsentry/sentry-go 0.45.1 0.48.0
github.com/go-git/go-git/v5 5.16.0 5.19.1
github.com/go-logr/logr 1.4.2 1.4.3
github.com/golang-jwt/jwt/v5 5.3.0 5.3.1
github.com/labstack/echo/v4 4.13.3 4.15.4
github.com/oapi-codegen/oapi-codegen/v2 2.5.0 2.7.2
github.com/oapi-codegen/runtime 1.1.2 1.5.0
github.com/prometheus/client_golang 1.22.0 1.23.2
github.com/spf13/cobra 1.9.1 1.10.2
github.com/spf13/viper 1.20.1 1.21.0
k8s.io/apimachinery 0.33.0 0.33.13
k8s.io/client-go 0.33.0 0.33.13
k8s.io/metrics 0.33.0 0.36.2

Updates github.com/elazarl/goproxy from 1.7.2 to 1.8.4

Release notes

Sourced from github.com/elazarl/goproxy's releases.

v1.8.4

What's Changed

New Contributors

Full Changelog: elazarl/goproxy@v1.8.3...v1.8.4

v1.8.3

What's Changed

New Contributors

Full Changelog: elazarl/goproxy@v1.8.2...v1.8.3

v1.8.2

What's Changed

New Contributors

Full Changelog: elazarl/goproxy@v1.8.1...v1.8.2

v1.8.1

What's Changed

Full Changelog: elazarl/goproxy@v1.8.0...v1.8.1

v1.8.0

What's Changed

... (truncated)

Commits
  • 636207d fix: append headers instead of overwriting when keepDestHeaders is true (#771)
  • 6584eee fix: restore examples module health and clarify sample apps (#780)
  • 038e3b9 fix(https): close client connection when target connection errors (#779)
  • e493e1c Avoid chunked response when there is http.NoBody (#776)
  • f97c264 Remove insecure skip verify from origin transport (#774)
  • a89a8d6 http: forward upstream response trailers (#773)
  • 7d1c3b5 Add test to verify that the response handler can add a value to a header with...
  • 5013f6d docs: add missing godoc comments to exported symbols (#768)
  • 3c677be Merge pull request #770 from Yanhu007/fix/304-transfer-encoding
  • 503e66e fix: don't set Transfer-Encoding: chunked on 304 responses
  • Additional commits viewable in compare view

Updates github.com/getkin/kin-openapi from 0.132.0 to 0.142.0

Release notes

Sourced from github.com/getkin/kin-openapi's releases.

v0.142.0

What's Changed

Full Changelog: getkin/kin-openapi@v0.141.0...v0.142.0

v0.141.0

What's Changed

New Contributors

Full Changelog: getkin/kin-openapi@v0.140.0...v0.141.0

v0.140.0

What's Changed

Full Changelog: getkin/kin-openapi@v0.139.0...v0.140.0

v0.139.0

What's Changed

... (truncated)

Commits
  • 1223a0f openapi3filter: fix unbounded allocation in deepObject array decoding (C-02)
  • 61f37b6 openapi3: move a test file under a test package
  • eab5230 openapi3: fix test that relied on now non-resolving domain
  • 1d0a337 Merge commit from fork
  • 98d9564 qol: Makefile for shorthand commands + preflight scripts (#1217)
  • b5bb6bc openapi3: make operation responses optional for 3.1+ (#1214)
  • ae6bf33 openapi3: support OAS 3.2 itemSchema (#1213)
  • 1b54e4c docs: Go Report Card has been sunset (#1210)
  • 4a0d049 origin: record scalar-valued map keys for location lookup (#1208)
  • 26c42cf openapi3: record block end on Origin.Key (EndLine/EndColumn) (#1207)
  • Additional commits viewable in compare view

Updates github.com/getsentry/sentry-go from 0.45.1 to 0.48.0

Release notes

Sourced from github.com/getsentry/sentry-go's releases.

0.48.0

Breaking Changes 🛠

New Features ✨

  • Add ClientOptions.DataCollection for granular control over data collected by automatic instrumentation, replacing the broad SendDefaultPII switch. DataCollection can independently configure automatic user.* population, cookies, request/response headers, HTTP bodies, and query parameters. When configured, it is the source of truth and SendDefaultPII is ignored. by @​giortzisg in #1339
    • For backwards compatibility, clients that do not configure DataCollection keep a best-effort mapping of the previous SendDefaultPII behavior. To opt in to the new defaults, pass an empty DataCollection and then restrict individual categories as needed.
    sentry.Init(sentry.ClientOptions{
        Dsn: "https://public@example.com/1",
    // Opt in to the new data collection defaults. Omitted fields use their
    // defaults: user info, cookies, headers, query params, and supported HTTP
    // bodies are collected, with sensitive values filtered.
    DataCollection: &sentry.DataCollection{},
    
    })

    • To opt in while disabling automatic user info and HTTP bodies, configure those fields explicitly:
    sentry.Init(sentry.ClientOptions{
        Dsn: "https://public@example.com/1",
        DataCollection: &sentry.DataCollection{
            UserInfo:   sentry.Set(false),
            HTTPBodies: []sentry.BodyType{},
        },
    })
  • PushScope shorthand now returns the new scope reference by @​DoctorJohn in #1335

Bug Fixes 🐛

Internal Changes 🔧

Deps

... (truncated)

Changelog

Sourced from github.com/getsentry/sentry-go's changelog.

0.48.0

Breaking Changes 🛠

New Features ✨

  • Add ClientOptions.DataCollection for granular control over data collected by automatic instrumentation, replacing the broad SendDefaultPII switch. DataCollection can independently configure automatic user.* population, cookies, request/response headers, HTTP bodies, and query parameters. When configured, it is the source of truth and SendDefaultPII is ignored. by @​giortzisg in #1339
    • For backwards compatibility, clients that do not configure DataCollection keep a best-effort mapping of the previous SendDefaultPII behavior. To opt in to the new defaults, pass an empty DataCollection and then restrict individual categories as needed.
    sentry.Init(sentry.ClientOptions{
        Dsn: "https://public@example.com/1",
    // Opt in to the new data collection defaults. Omitted fields use their
    // defaults: user info, cookies, headers, query params, and supported HTTP
    // bodies are collected, with sensitive values filtered.
    DataCollection: &sentry.DataCollection{},
    
    })

    • To opt in while disabling automatic user info and HTTP bodies, configure those fields explicitly:
    sentry.Init(sentry.ClientOptions{
        Dsn: "https://public@example.com/1",
        DataCollection: &sentry.DataCollection{
            UserInfo:   sentry.Set(false),
            HTTPBodies: []sentry.BodyType{},
        },
    })
  • PushScope shorthand now returns the new scope reference by @​DoctorJohn in #1335

Bug Fixes 🐛

Internal Changes 🔧

Deps

... (truncated)

Commits
  • d02f9ba release: 0.48.0
  • 99c424f feat!: remove issue creation from logging integrations (#1340)
  • d1c1d3f feat: parse request body for outgoing http (#1339)
  • 9b5cab2 fix: fix fiber route name when using middlewares (#1363)
  • 07a7975 fix: omit empty event id for standalone client reports (#1362)
  • c255382 build(deps): bump fiber/v2 to 2.52.14 (#1359)
  • 06c58dc ci: remove changelog-preview and codecov actions (#1357)
  • a99e044 fix: preserve '%' literal in log messages (#1358)
  • 8aaf1d4 feat: apply sensitive data filters to grpc & sql (#1333)
  • 4347773 feat: apply sensitive data filters to http (#1332)
  • Additional commits viewable in compare view

Updates github.com/go-git/go-git/v5 from 5.16.0 to 5.19.1

Release notes

Sourced from github.com/go-git/go-git/v5's releases.

v5.19.1

What's Changed

Full Changelog: go-git/go-git@v5.19.0...v5.19.1

v5.19.0

What's Changed

Full Changelog: go-git/go-git@v5.18.0...v5.19.0

v5.18.0

What's Changed

Full Changelog: go-git/go-git@v5.17.2...v5.18.0

v5.17.2

What's Changed

⚠️ This release fixes a bug (go-git/go-git#1942) that blocked some users from upgrading to v5.17.1. Thanks @​pskrbasu for reporting it. 🙇

Full Changelog: go-git/go-git@v5.17.1...v5.17.2

v5.17.1

What's Changed

... (truncated)

Commits
  • 3c3be60 Merge pull request #2137 from go-git/validate-v5
  • 3fba897 plumbing: format/packfile, cap delta chain depth in parser
  • a97d660 Merge pull request #2125 from hiddeco/v5/format-input-bounds
  • aeaa125 plumbing: format/objfile, require Header before Read
  • 1f38e17 plumbing: format/packfile, bound inflate size
  • f7545a0 plumbing: format/idxfile, bound nr by file size
  • 170b881 Merge pull request #2116 from pjbgf/symlink-v5
  • 7b6d994 Merge pull request #2117 from hiddeco/v5/worktree-fs-mkdirall-root-noop
  • f0709b3 git: Stop validating symlink target paths
  • 776d00f git: Allow MkdirAll on worktree-root paths
  • Additional commits viewable in compare view

Updates github.com/go-logr/logr from 1.4.2 to 1.4.3

Release notes

Sourced from github.com/go-logr/logr's releases.

v1.4.3

Minor release.

What's Changed

New Contributors

Full Changelog: go-logr/logr@v1.4.2...v1.4.3

Commits
  • 38a1c47 build(deps): bump github/codeql-action from 3.28.17 to 3.28.18
  • f08bedd build(deps): bump actions/setup-go from 5.4.0 to 5.5.0
  • 6295e99 build(deps): bump golangci/golangci-lint-action from 7.0.0 to 8.0.0
  • 028840d build(deps): bump github/codeql-action from 3.28.15 to 3.28.17
  • 511e5fa Merge pull request #367 from go-logr/dependabot/github_actions/github/codeql-...
  • d806463 build(deps): bump github/codeql-action from 3.28.13 to 3.28.15
  • 158c311 Merge pull request #366 from thockin/master
  • c79ddb3 Update to support golangci-lint v2
  • 20a64ba build(deps): bump github/codeql-action from 3.28.12 to 3.28.13
  • 0385e14 Add comments around slog exceptions
  • Additional commits viewable in compare view

Updates github.com/golang-jwt/jwt/v5 from 5.3.0 to 5.3.1

Release notes

Sourced from github.com/golang-jwt/jwt/v5's releases.

v5.3.1

What's Changed

🔐 Features

👒 Dependencies

New Contributors

Full Changelog: golang-jwt/jwt@v5.3.0...v5.3.1

Commits
  • 7ceae61 Add release.yml for changelog configuration
  • dce8e4d Set token.Signature in ParseUnverified (#414)
  • 8889e20 Save signature to Token struct after successful signing (#417)
  • d237f82 ci: update github-actions schedule interval to monthly
  • d8dce95 Bump crate-ci/typos from 1.41.0 to 1.42.1 (#492)
  • e931803 Bump crate-ci/typos from 1.40.0 to 1.41.0 (#490)
  • e6a0afa Bump actions/checkout from 5 to 6 (#487)
  • 9f85c9e Bump crate-ci/typos from 1.39.0 to 1.40.0 (#488)
  • 60a8669 Bump actions/setup-go from 5 to 6 (#469)
  • 76f5828 Remove misleading ParserOptions documentation (#484)
  • Additional commits viewable in compare view

Updates github.com/labstack/echo/v4 from 4.13.3 to 4.15.4

Release notes

Sourced from github.com/labstack/echo/v4's releases.

v4.15.4

Security

Fixes GHSA-vfp3-v2gw-7wfq: an encoded path separator (%2F or %5C) in a static file URL could bypass route-level middleware (e.g. authentication on a sibling route) and disclose static files. Both StaticDirectoryHandler (used by Static/StaticFS) and the Static middleware are affected. Backport of the v5 fix (#3016, released in v5.2.1). Thanks to @​a-tt-om and @​oran-gugu for reporting.


Make serving static file releated methods and middleware not unescape path by default - so how the way Router interprets paths and Static methods/middleware is consistent.

Given following situation:

// 0.
// given folder structure:
// private.txt
// public/
// public/index.html
// public/text.txt
// public/admin/private.txt
// 1. share public/ folder contents from the server root. This folder actually contains subfolder admin which
// contents we want to forbid from downloading
e.Static("/", "public")
// 2. naively assume that everything under /admin folder is now forbidden
e.GET("/admin/*", func(c *Context) error {
return ErrForbidden
})

Then requests to /admin%2fprivate.txt would not be matched to GET /admin/* route (routing does not look unescaped path) and static file serving will use unescaped path to serve the file.

Note: this way of "guarding" subfolders will never work for for paths like /assets/../admin%2fprivate.txt which will path.Clean("/assets/../admin%2fprivate.txt") to /admin/private.txt and are servable if static file serving is configured to unescape paths.

If you want to guard routes - use middlewares on Static* methods and before Static middleware.

Breaking change / migration: If you serve files whose names contain URL-encoded characters (e.g., /hello%20world.txthello world.txt), you must now opt in:

	e := echo.New()
	e.EnablePathUnescapingStaticFiles = true  // <-- enable old behavior
	e.Static("/", "public")

for static middleware

	e.Use(middleware.StaticWithConfig(middleware.StaticConfig{
		EnablePathUnescaping: true, // <-- enable old behavior
	}))

... (truncated)

Changelog

Sourced from github.com/labstack/echo/v4's changelog.

v4.15.4 - 2026-06-15

Security

Fixes GHSA-vfp3-v2gw-7wfq

Make serving static file releated methods and middleware not unescape path by default - so how the way Router interprets paths and Static methods/middleware is consistent.

Given following situation:

// 0.
// given folder structure:
// private.txt
// public/
// public/index.html
// public/text.txt
// public/admin/private.txt
// 1. share public/ folder contents from the server root. This folder actually contains subfolder admin which
// contents we want to forbid from downloading
e.Static("/", "public")
// 2. naively assume that everything under /admin folder is now forbidden
e.GET("/admin/*", func(c *Context) error {
return ErrForbidden
})

Then requests to /admin%2fprivate.txt would not be matched to GET /admin/* route (routing does not look unescaped path) and static file serving will use unescaped path to serve the file.

Note: this way of "guarding" subfolders will never work for for paths like /assets/../admin%2fprivate.txt which will path.Clean("/assets/../admin%2fprivate.txt") to /admin/private.txt and are servable if static file serving is configured to unescape paths.

If you want to guard routes - use middlewares on Static* methods and before Static middleware.

Breaking change / migration: If you serve files whose names contain URL-encoded characters (e.g., /hello%20world.txthello world.txt), you must now opt in:

	e := echo.New()
	e.EnablePathUnescapingStaticFiles = true  // <-- enable old behavior
	e.Static("/", "public")

for static middleware

	e.Use(middleware.StaticWithConfig(middleware.StaticConfig{
		EnablePathUnescaping: true, // <-- enable old behavior
	}))

v4.15.3 - 2026-06-14

... (truncated)

Commits
  • ec79b58 Merge pull request #3020 from aldas/v4_v4-15-4_changelog
  • 2714c07 Changelog for v4.15.4 - security fix
  • 13f0ed1 Merge pull request #3019 from aldas/v4_backport_3016
  • d16a4ec backport PR 3016 from v4
  • 8f167b9 Merge pull request #3018 from aldas/v4_remove_v5_dep
  • 9afa4ba remove dependency on labstack/echo v5 introduced in go.mod and go.sum
  • 1e05f63 Merge pull request #3017 from aldas/v4_ci_updates
  • 11a3cc4 Update dependencies and add ignore for linting
  • 26bd016 Update CI action versions
  • aa52f6a ci: run workflows on the v4 branch, not just master (#3013)
  • Additional commits viewable in compare view

Updates github.com/labstack/gommon from 0.4.2 to 0.5.0

Release notes

Sourced from github.com/labstack/gommon's releases.

v0.5.0

Highlights

  • email: SMTPS / implicit TLS on port 465. smtp.SendMail only speaks plain + STARTTLS, so Resend/SendGrid/etc. on :465 hang on the handshake. Detect port 465 and dial TLS directly. Added Email.TLSConfig (custom root pool / ServerName; always cloned per send) and Email.DialTimeout (scoped to the TCP/TLS connect phase).
  • email: no silent cleartext downgrade. Drive Hello() explicitly so a failed EHLO can't be swallowed and mis-read as "STARTTLS not advertised".
  • log: silence 14 go vet printf warnings. Split the internal log() method; public signatures unchanged. TestCallerFile guards the runtime.Caller skip.
  • random: fix sync.Pool copy in New(). Construct the pool directly on the struct — sync.Pool must not be copied after first use.

Toolchain (breaking)

  • Go directive bumped 1.181.23.0 to align with labstack/echo. Consumers on Go <1.23 should stay on v0.4.2.
  • CI matrix: 1.23 / 1.24 / 1.25 / 1.26 × ubuntu / macos / windows.
  • Deps refreshed: testify 1.8.4 → 1.11.1, go-colorable 0.1.13 → 0.1.14, go-isatty 0.0.20 → 0.0.21, x/sys 0.15.0 → 0.29.0 (highest that still supports Go 1.23).

Non-breaking code changes

  • bytes/bytes_test.go: replaced Parse(\"8EiB\") assertions with Parse(\"7EiB\") — 2^63 overflowed int64 and relied on implementation-defined float-to-int behavior.

Full diff

labstack/gommon#62

Commits

Updates github.com/oapi-codegen/oapi-codegen/v2 from 2.5.0 to 2.7.2

Release notes

Sourced from github.com/oapi-codegen/oapi-codegen/v2's releases.

v2.7.2 More fixes for code injection issues

String escaping fixes due to more code injection issues

We've had two more code injection issues reported in oapi-codegen, thanks @​Gal3M, @​mrostamipoor for these findings.

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Jul 15, 2026
@dependabot dependabot Bot requested review from a team and olevski as code owners July 15, 2026 13:03
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Jul 15, 2026
@sgaist

sgaist commented Jul 15, 2026

Copy link
Copy Markdown
Collaborator

@dependabot recreate

Bumps the go group with 15 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [github.com/elazarl/goproxy](https://github.com/elazarl/goproxy) | `1.7.2` | `1.8.4` |
| [github.com/getkin/kin-openapi](https://github.com/getkin/kin-openapi) | `0.132.0` | `0.142.0` |
| [github.com/getsentry/sentry-go](https://github.com/getsentry/sentry-go) | `0.45.1` | `0.48.0` |
| [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) | `5.16.0` | `5.19.1` |
| [github.com/go-logr/logr](https://github.com/go-logr/logr) | `1.4.2` | `1.4.3` |
| [github.com/golang-jwt/jwt/v5](https://github.com/golang-jwt/jwt) | `5.3.0` | `5.3.1` |
| [github.com/labstack/echo/v4](https://github.com/labstack/echo) | `4.13.3` | `4.15.4` |
| [github.com/oapi-codegen/oapi-codegen/v2](https://github.com/oapi-codegen/oapi-codegen) | `2.5.0` | `2.7.2` |
| [github.com/oapi-codegen/runtime](https://github.com/oapi-codegen/runtime) | `1.1.2` | `1.5.0` |
| [github.com/prometheus/client_golang](https://github.com/prometheus/client_golang) | `1.22.0` | `1.23.2` |
| [github.com/spf13/cobra](https://github.com/spf13/cobra) | `1.9.1` | `1.10.2` |
| [github.com/spf13/viper](https://github.com/spf13/viper) | `1.20.1` | `1.21.0` |
| [k8s.io/apimachinery](https://github.com/kubernetes/apimachinery) | `0.33.0` | `0.33.13` |
| [k8s.io/client-go](https://github.com/kubernetes/client-go) | `0.33.0` | `0.33.13` |
| [k8s.io/metrics](https://github.com/kubernetes/metrics) | `0.33.0` | `0.36.2` |



Updates `github.com/elazarl/goproxy` from 1.7.2 to 1.8.4
- [Release notes](https://github.com/elazarl/goproxy/releases)
- [Commits](elazarl/goproxy@v1.7.2...v1.8.4)

Updates `github.com/getkin/kin-openapi` from 0.132.0 to 0.142.0
- [Release notes](https://github.com/getkin/kin-openapi/releases)
- [Commits](getkin/kin-openapi@v0.132.0...v0.142.0)

Updates `github.com/getsentry/sentry-go` from 0.45.1 to 0.48.0
- [Release notes](https://github.com/getsentry/sentry-go/releases)
- [Changelog](https://github.com/getsentry/sentry-go/blob/master/CHANGELOG.md)
- [Commits](getsentry/sentry-go@v0.45.1...v0.48.0)

Updates `github.com/go-git/go-git/v5` from 5.16.0 to 5.19.1
- [Release notes](https://github.com/go-git/go-git/releases)
- [Changelog](https://github.com/go-git/go-git/blob/main/HISTORY.md)
- [Commits](go-git/go-git@v5.16.0...v5.19.1)

Updates `github.com/go-logr/logr` from 1.4.2 to 1.4.3
- [Release notes](https://github.com/go-logr/logr/releases)
- [Changelog](https://github.com/go-logr/logr/blob/master/CHANGELOG.md)
- [Commits](go-logr/logr@v1.4.2...v1.4.3)

Updates `github.com/golang-jwt/jwt/v5` from 5.3.0 to 5.3.1
- [Release notes](https://github.com/golang-jwt/jwt/releases)
- [Commits](golang-jwt/jwt@v5.3.0...v5.3.1)

Updates `github.com/labstack/echo/v4` from 4.13.3 to 4.15.4
- [Release notes](https://github.com/labstack/echo/releases)
- [Changelog](https://github.com/labstack/echo/blob/v4.15.4/CHANGELOG.md)
- [Commits](labstack/echo@v4.13.3...v4.15.4)

Updates `github.com/labstack/gommon` from 0.4.2 to 0.5.0
- [Release notes](https://github.com/labstack/gommon/releases)
- [Commits](labstack/gommon@v0.4.2...v0.5.0)

Updates `github.com/oapi-codegen/oapi-codegen/v2` from 2.5.0 to 2.7.2
- [Release notes](https://github.com/oapi-codegen/oapi-codegen/releases)
- [Commits](oapi-codegen/oapi-codegen@v2.5.0...v2.7.2)

Updates `github.com/oapi-codegen/runtime` from 1.1.2 to 1.5.0
- [Release notes](https://github.com/oapi-codegen/runtime/releases)
- [Commits](oapi-codegen/runtime@v1.1.2...v1.5.0)

Updates `github.com/oasdiff/yaml` from 0.0.0-20250309154309-f31be36b4037 to 0.1.1
- [Release notes](https://github.com/oasdiff/yaml/releases)
- [Commits](https://github.com/oasdiff/yaml/commits/v0.1.1)

Updates `github.com/prometheus/client_golang` from 1.22.0 to 1.23.2
- [Release notes](https://github.com/prometheus/client_golang/releases)
- [Changelog](https://github.com/prometheus/client_golang/blob/main/CHANGELOG.md)
- [Commits](prometheus/client_golang@v1.22.0...v1.23.2)

Updates `github.com/spf13/cobra` from 1.9.1 to 1.10.2
- [Release notes](https://github.com/spf13/cobra/releases)
- [Commits](spf13/cobra@v1.9.1...v1.10.2)

Updates `github.com/spf13/pflag` from 1.0.6 to 1.0.9
- [Release notes](https://github.com/spf13/pflag/releases)
- [Commits](spf13/pflag@v1.0.6...v1.0.9)

Updates `github.com/spf13/viper` from 1.20.1 to 1.21.0
- [Release notes](https://github.com/spf13/viper/releases)
- [Commits](spf13/viper@v1.20.1...v1.21.0)

Updates `github.com/stretchr/testify` from 1.10.0 to 1.11.1
- [Release notes](https://github.com/stretchr/testify/releases)
- [Commits](stretchr/testify@v1.10.0...v1.11.1)

Updates `golang.org/x/sys` from 0.32.0 to 0.46.0
- [Commits](golang/sys@v0.32.0...v0.46.0)

Updates `k8s.io/apimachinery` from 0.33.0 to 0.33.13
- [Commits](kubernetes/apimachinery@v0.33.0...v0.33.13)

Updates `k8s.io/client-go` from 0.33.0 to 0.33.13
- [Changelog](https://github.com/kubernetes/client-go/blob/master/CHANGELOG.md)
- [Commits](kubernetes/client-go@v0.33.0...v0.33.13)

Updates `k8s.io/metrics` from 0.33.0 to 0.36.2
- [Commits](kubernetes/metrics@v0.33.0...v0.36.2)

Updates `k8s.io/utils` from 0.0.0-20241104100929-3ea5e8cea738 to 0.0.0-20260210185600-b8788abfbbc2
- [Commits](https://github.com/kubernetes/utils/commits)

---
updated-dependencies:
- dependency-name: github.com/elazarl/goproxy
  dependency-version: 1.8.4
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: github.com/getkin/kin-openapi
  dependency-version: 0.142.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: github.com/getsentry/sentry-go
  dependency-version: 0.48.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: github.com/go-git/go-git/v5
  dependency-version: 5.19.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: github.com/go-logr/logr
  dependency-version: 1.4.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go
- dependency-name: github.com/golang-jwt/jwt/v5
  dependency-version: 5.3.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go
- dependency-name: github.com/labstack/echo/v4
  dependency-version: 4.15.4
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: github.com/labstack/gommon
  dependency-version: 0.5.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: github.com/oapi-codegen/oapi-codegen/v2
  dependency-version: 2.7.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: github.com/oapi-codegen/runtime
  dependency-version: 1.5.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: github.com/oasdiff/yaml
  dependency-version: 0.1.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: github.com/prometheus/client_golang
  dependency-version: 1.23.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: github.com/spf13/cobra
  dependency-version: 1.10.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: github.com/spf13/pflag
  dependency-version: 1.0.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go
- dependency-name: github.com/spf13/viper
  dependency-version: 1.21.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: github.com/stretchr/testify
  dependency-version: 1.11.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: golang.org/x/sys
  dependency-version: 0.46.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: k8s.io/apimachinery
  dependency-version: 0.33.13
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go
- dependency-name: k8s.io/client-go
  dependency-version: 0.33.13
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go
- dependency-name: k8s.io/metrics
  dependency-version: 0.36.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: k8s.io/utils
  dependency-version: 0.0.0-20260210185600-b8788abfbbc2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/go_modules/go-1f0d8d9b01 branch from 9638fb7 to 165f16f Compare July 15, 2026 14:29
sgaist added 3 commits July 15, 2026 17:25
So they are at the same values as the other k8s.io/ dependencies
This is to match operator-sdk current minor version of these
dependencies.
@sgaist sgaist enabled auto-merge (squash) July 15, 2026 15:27
@sgaist sgaist disabled auto-merge July 15, 2026 15:27
@sgaist sgaist enabled auto-merge (squash) July 15, 2026 15:28
sgaist
sgaist previously approved these changes Jul 15, 2026

@sgaist sgaist left a comment

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Move to go 1.26 discussed with @olevski

Following linter recommendation following update of echo.
@sgaist sgaist merged commit b161e05 into main Jul 16, 2026
8 checks passed
@sgaist sgaist deleted the dependabot/go_modules/go-1f0d8d9b01 branch July 16, 2026 08:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file go Pull requests that update Go code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant