Skip to content

build(deps): bump the go-dependencies group across 1 directory with 29 updates#3321

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/go_modules/go-dependencies-44f3fb116c
Open

build(deps): bump the go-dependencies group across 1 directory with 29 updates#3321
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/go_modules/go-dependencies-44f3fb116c

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 2, 2026

Copy link
Copy Markdown
Contributor

Bumps the go-dependencies group with 26 updates in the / directory:

Package From To
github.com/Azure/azure-sdk-for-go/sdk/azidentity 1.13.1 1.14.0
github.com/labstack/echo/v4 4.15.2 4.15.4
github.com/onsi/ginkgo/v2 2.29.0 2.32.0
github.com/onsi/gomega 1.40.0 1.42.1
github.com/ory/client-go 1.22.39 1.22.59
gorm.io/gorm 1.31.1 1.31.2
k8s.io/apimachinery 0.36.1 0.36.2
k8s.io/client-go 0.36.1 0.36.2
github.com/aws/aws-sdk-go-v2 1.42.0 1.42.1
github.com/aws/aws-sdk-go-v2/config 1.32.25 1.32.27
github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs 1.75.2 1.78.2
github.com/firebase/genkit/go 1.9.0 1.10.0
github.com/flanksource/clicky 1.21.18 1.21.34
github.com/flanksource/commons-test 0.1.13 0.1.14
github.com/flanksource/deps 1.0.35 1.0.36
github.com/fluxcd/pkg/gittestserver 0.28.0 0.29.0
github.com/jenkins-x/go-scm 1.15.22 1.15.31
github.com/mark3labs/mcp-go 0.53.0 0.55.1
github.com/prometheus/common 0.68.1 0.69.0
github.com/redis/go-redis/v9 9.19.0 9.21.0
github.com/slack-go/slack 0.23.1 0.27.0
github.com/tg123/go-htpasswd 1.2.4 1.2.5
github.com/xavidop/genkit-aws-bedrock-go 1.14.0 1.20.1
go.opentelemetry.io/contrib/instrumentation/github.com/labstack/echo/otelecho 0.68.0 0.69.0
google.golang.org/api 0.283.0 0.287.0
google.golang.org/grpc 1.81.1 1.82.0

Updates github.com/Azure/azure-sdk-for-go/sdk/azidentity from 1.13.1 to 1.14.0

Release notes

Sourced from github.com/Azure/azure-sdk-for-go/sdk/azidentity's releases.

sdk/azidentity/v1.14.0

1.14.0 (2026-06-15)

Breaking Changes

These changes affect only code written against a beta version such as v1.14.0-beta.3

  • Removed WorkloadIdentityCredentialOptions.EnableAzureProxy. It will return in v1.15.0-beta.1

Bugs Fixed

  • AzureDeveloperCLICredential improved reporting of error messages returned from azd

Other Changes

  • Returned azidentity errors include links to the troubleshooting guide when appropriate
  • This module now requires a minimum Go version of 1.25
  • Upgraded dependencies
Commits

Updates github.com/labstack/echo/v4 from 4.15.2 to 4.15.4

Release notes

Sourced from github.com/labstack/echo/v4's releases.

v4.15.4

Security

Fixes GHSA-vfp3-v2gw-7wfq: an encoded path separator (%2F or %5C) in a static file URL could bypass route-level middleware (e.g. authentication on a sibling route) and disclose static files. Both StaticDirectoryHandler (used by Static/StaticFS) and the Static middleware are affected. Backport of the v5 fix (#3016, released in v5.2.1). Thanks to @​a-tt-om and @​oran-gugu for reporting.


Make serving static file releated methods and middleware not unescape path by default - so how the way Router interprets paths and Static methods/middleware is consistent.

Given following situation:

// 0.
// given folder structure:
// private.txt
// public/
// public/index.html
// public/text.txt
// public/admin/private.txt
// 1. share public/ folder contents from the server root. This folder actually contains subfolder admin which
// contents we want to forbid from downloading
e.Static("/", "public")
// 2. naively assume that everything under /admin folder is now forbidden
e.GET("/admin/*", func(c *Context) error {
return ErrForbidden
})

Then requests to /admin%2fprivate.txt would not be matched to GET /admin/* route (routing does not look unescaped path) and static file serving will use unescaped path to serve the file.

Note: this way of "guarding" subfolders will never work for for paths like /assets/../admin%2fprivate.txt which will path.Clean("/assets/../admin%2fprivate.txt") to /admin/private.txt and are servable if static file serving is configured to unescape paths.

If you want to guard routes - use middlewares on Static* methods and before Static middleware.

Breaking change / migration: If you serve files whose names contain URL-encoded characters (e.g., /hello%20world.txthello world.txt), you must now opt in:

	e := echo.New()
	e.EnablePathUnescapingStaticFiles = true  // <-- enable old behavior
	e.Static("/", "public")

for static middleware

	e.Use(middleware.StaticWithConfig(middleware.StaticConfig{
		EnablePathUnescaping: true, // <-- enable old behavior
	}))

... (truncated)

Changelog

Sourced from github.com/labstack/echo/v4's changelog.

v4.15.4 - 2026-06-15

Security

Fixes GHSA-vfp3-v2gw-7wfq

Make serving static file releated methods and middleware not unescape path by default - so how the way Router interprets paths and Static methods/middleware is consistent.

Given following situation:

// 0.
// given folder structure:
// private.txt
// public/
// public/index.html
// public/text.txt
// public/admin/private.txt
// 1. share public/ folder contents from the server root. This folder actually contains subfolder admin which
// contents we want to forbid from downloading
e.Static("/", "public")
// 2. naively assume that everything under /admin folder is now forbidden
e.GET("/admin/*", func(c *Context) error {
return ErrForbidden
})

Then requests to /admin%2fprivate.txt would not be matched to GET /admin/* route (routing does not look unescaped path) and static file serving will use unescaped path to serve the file.

Note: this way of "guarding" subfolders will never work for for paths like /assets/../admin%2fprivate.txt which will path.Clean("/assets/../admin%2fprivate.txt") to /admin/private.txt and are servable if static file serving is configured to unescape paths.

If you want to guard routes - use middlewares on Static* methods and before Static middleware.

Breaking change / migration: If you serve files whose names contain URL-encoded characters (e.g., /hello%20world.txthello world.txt), you must now opt in:

	e := echo.New()
	e.EnablePathUnescapingStaticFiles = true  // <-- enable old behavior
	e.Static("/", "public")

for static middleware

	e.Use(middleware.StaticWithConfig(middleware.StaticConfig{
		EnablePathUnescaping: true, // <-- enable old behavior
	}))

v4.15.3 - 2026-06-14

... (truncated)

Commits
  • ec79b58 Merge pull request #3020 from aldas/v4_v4-15-4_changelog
  • 2714c07 Changelog for v4.15.4 - security fix
  • 13f0ed1 Merge pull request #3019 from aldas/v4_backport_3016
  • d16a4ec backport PR 3016 from v4
  • 8f167b9 Merge pull request #3018 from aldas/v4_remove_v5_dep
  • 9afa4ba remove dependency on labstack/echo v5 introduced in go.mod and go.sum
  • 1e05f63 Merge pull request #3017 from aldas/v4_ci_updates
  • 11a3cc4 Update dependencies and add ignore for linting
  • 26bd016 Update CI action versions
  • aa52f6a ci: run workflows on the v4 branch, not just master (#3013)
  • Additional commits viewable in compare view

Updates github.com/onsi/ginkgo/v2 from 2.29.0 to 2.32.0

Release notes

Sourced from github.com/onsi/ginkgo/v2's releases.

v2.32.0

2.32.0

-fd generate RSpec-style documentation output. Thank @​woodie ! --sleep-on-failure pauses a failed spec before teardown. Thanks @​qinqon !

v2.31.0

2.31.0

Add a bunch of Claude Skills via the marketplace:

/plugin marketplace add onsi/ginkgo
/plugin install ginkgo@ginkgo

v2.30.0

2.30.0

Features

Ginkgo now allows extentions/global.Reset to support running multiple suites from within a single process. This may take some massaging on your part (see 1672) but can dramatically speed up codebases with O(hundreds) of test suites.

Thanks @​lawrencejones !

Fixes

  • Fix nested --github-output group for progress report nested inside timeline [4f62d7a]
Changelog

Sourced from github.com/onsi/ginkgo/v2's changelog.

2.32.0

-fd generate RSpec-style documentation output. Thank @​woodie ! --sleep-on-failure pauses a failed spec before teardown. Thanks @​qinqon !

2.31.0

Add a bunch of Claude Skills via the marketplace:

/plugin marketplace add onsi/ginkgo
/plugin install ginkgo@ginkgo

2.30.0

Features

Ginkgo now allows extentions/global.Reset to support running multiple suites from within a single process. This may take some massaging on your part (see 1672) but can dramatically speed up codebases with O(hundreds) of test suites.

Thanks @​lawrencejones !

Fixes

  • Fix nested --github-output group for progress report nested inside timeline [4f62d7a]
Commits
  • 9ff1646 v2.32.0
  • 0491f2a Make -fd exclusive of -p/-procs and -randomize-all
  • 334f74a respect SilenceSkips in fd mode, add test
  • 21047ce No need for a new method.
  • 7d281e1 Break out to two methods.
  • 5313727 More integration, fewer changes.
  • b83f524 Fewer new methods.
  • 73c59df feat: add -fd flag for RSpec-style documentation output
  • 76a2074 feat: add --sleep-on-failure to pause a failed spec before teardown
  • 3c7bde4 v2.31.0
  • Additional commits viewable in compare view

Updates github.com/onsi/gomega from 1.40.0 to 1.42.1

Release notes

Sourced from github.com/onsi/gomega's releases.

v1.42.1

1.42.1

Bump Dependencies

v1.42.0

1.42.0

Add a set of Claude skill as a marketplace plugin

v1.41.0

No release notes provided.

Changelog

Sourced from github.com/onsi/gomega's changelog.

1.42.1

Bump Dependencies

1.42.0

Add a set of Claude skill as a marketplace plugin

1.41.0

Features

Add BeASlice and BeAnArray matchers

Fixes

Object formatting now detects pointer cycles to avoid runaway formatting output.

Commits

Updates github.com/ory/client-go from 1.22.39 to 1.22.59

Commits
  • 842377d autogen: regenerate OpenAPI client for v1.22.59
  • 2dc8874 autogen: regenerate OpenAPI client for v1.22.58
  • 59bb686 autogen: regenerate OpenAPI client for v1.22.57
  • 7e19e86 autogen: regenerate OpenAPI client for v1.22.56
  • 5b9c92c autogen: regenerate OpenAPI client for v1.22.55
  • 44f1c18 autogen: regenerate OpenAPI client for v1.22.54
  • 2a28c24 autogen: regenerate OpenAPI client for v1.22.53
  • b8d3d47 autogen: regenerate OpenAPI client for v1.22.52
  • ece3542 autogen: regenerate OpenAPI client for v1.22.51
  • 67d8f58 autogen: regenerate OpenAPI client for v1.22.50
  • Additional commits viewable in compare view

Updates gorm.io/gorm from 1.31.1 to 1.31.2

Release notes

Sourced from gorm.io/gorm's releases.

Release v1.31.2

Changes

Commits
  • 1d6ce99 Fix potential rows leak on panic by deferring rows.Close() (#7798)
  • f648834 perf: replace fmt.Sprintf with strconv in ExplainSQL numeric formatting (#7796)
  • 49cd6b8 Document NowFunc timezone behavior (#7799)
  • d0ee5e2 correct typo and rename fileType to fieldType in AlterColumn (#7748)
  • 2a22022 fix: panic when using clause.Returning with CreateInBatches (#7768)
  • 3322929 fix(migrator): add nil guards to ColumnType methods to prevent panic (#7767)
  • 40cd2af ci: switch tests Go matrix to stable/oldstable and update setup-go (#7726)
  • ba38501 chore(ci): bump actions/stale to v9 (#7696)
  • c1f742d fix: don't override alterColumn when defaults match (#7728)
  • c14d3ac update github ci golang version
  • Additional commits viewable in compare view

Updates k8s.io/apimachinery from 0.36.1 to 0.36.2

Commits

Updates k8s.io/client-go from 0.36.1 to 0.36.2

Commits

Updates github.com/aws/aws-sdk-go-v2 from 1.42.0 to 1.42.1

Commits

Updates github.com/aws/aws-sdk-go-v2/config from 1.32.25 to 1.32.27

Commits

Updates github.com/aws/aws-sdk-go-v2/credentials from 1.19.24 to 1.19.26

Commits

Updates github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs from 1.75.2 to 1.78.2

Commits

Updates github.com/aws/aws-sdk-go-v2/service/sts from 1.43.3 to 1.43.5

Commits

Updates github.com/firebase/genkit/go from 1.9.0 to 1.10.0

Release notes

Sourced from github.com/firebase/genkit/go's releases.

Genkit JS 1.10.0

What's Changed

Dev UI changes:

Full Changelog: https://github.com/firebase/genkit/compare/genkit@1.9.0...genkit@1.10.0

Commits
  • 2b555af feat(go): realtime telemetry for live agents and the basic-agents sample (#5637)
  • f37effb chore: JS version bump
  • 54c60aa chore: CLI version bump
  • a21d43d feat(go/ai/exp/localstore): add per-session pointer files for faster snapshot...
  • fcf87c4 chore(py/samples): drop redundant uvloop dependency (#5595)
  • aacfdee chore(js): add missing license headers to vercel-ai-elements configs (#5623)
  • dc67fba feat(js/ai/session-stores): add per-session pointer files for faster snapshot...
  • 2fed8df feat(go/genkit): gate genkit/exp behind WithExperimental() init option (#5620)
  • 4f78d0d fix(go/ai/exp/localstore): default FileSessionStore snapshots to a "global" s...
  • b477126 feat(go): experimental agent middleware for sub-agent delegation and artifact...
  • Additional commits viewable in compare view

Updates github.com/flanksource/clicky from 1.21.18 to 1.21.34

Release notes

Sourced from github.com/flanksource/clicky's releases.

v1.21.34

1.21.34 (2026-06-30)

♻️ Code Refactoring

  • Refactor cache and store layer with abstract cache.Store interface (b766cd3)
  • aichat: depend on captain pkg/api runtime contract over pkg/ai (21ce9d1)

✨ Features

  • agent: add captain agent-framework engine for claude-agent and codex models (10d1a6e)

🐛 Bug Fixes

  • Fix and improve markdown parsing and entity metadata handling (fd070b0)

📦 Build System

  • aichat: require captain v0.0.9 for the pkg/api runtime contract (25a484b)
  • examples: bump indirect captain to v0.0.9 (05d1a4e)

🔧 Maintenance

  • release: pin sub-modules to v1.21.33 [skip ci] (250ebf9)

v1.21.33

1.21.33 (2026-06-28)

⚠ BREAKING CHANGES

  • prompt: PromptSelect, PromptMultiSelect, and PromptText now delegate to context-aware internal functions; behavior is unchanged for callers without a Scope.

✨ Features

  • exec: add bidirectional stdio pipes for long-lived processes (e93b8ca)
  • prompt: add context-aware prompt routing and interactive sink support (07e5ab6)

🐛 Bug Fixes

  • ci,prompt,exec: tidy go.mod and address review findings (c1a9660)
  • ci: tidy example submodule go.mod files (fa5980c)

... (truncated)

Changelog

Sourced from github.com/flanksource/clicky's changelog.

1.21.34 (2026-06-30)

♻️ Code Refactoring

  • Refactor cache and store layer with abstract cache.Store interface (b766cd3)
  • aichat: depend on captain pkg/api runtime contract over pkg/ai (21ce9d1)

✨ Features

  • agent: add captain agent-framework engine for claude-agent and codex models (10d1a6e)

🐛 Bug Fixes

  • Fix and improve markdown parsing and entity metadata handling (fd070b0)

📦 Build System

  • aichat: require captain v0.0.9 for the pkg/api runtime contract (25a484b)
  • examples: bump indirect captain to v0.0.9 (05d1a4e)

🔧 Maintenance

  • release: pin sub-modules to v1.21.33 [skip ci] (250ebf9)

1.21.33 (2026-06-28)

⚠ BREAKING CHANGES

  • prompt: PromptSelect, PromptMultiSelect, and PromptText now delegate to context-aware internal functions; behavior is unchanged for callers without a Scope.

✨ Features

  • exec: add bidirectional stdio pipes for long-lived processes (e93b8ca)
  • prompt: add context-aware prompt routing and interactive sink support (07e5ab6)

🐛 Bug Fixes

  • ci,prompt,exec: tidy go.mod and address review findings (c1a9660)
  • ci: tidy example submodule go.mod files (fa5980c)

🔧 Maintenance

... (truncated)

Commits
  • 45b427c chore(release): 1.21.34 [skip ci]
  • 05d1a4e build(examples): bump indirect captain to v0.0.9
  • 25a484b build(aichat): require captain v0.0.9 for the pkg/api runtime contract
  • 21ce9d1 refactor(aichat): depend on captain pkg/api runtime contract over pkg/ai
  • 10d1a6e feat(agent): add captain agent-framework engine for claude-agent and codex mo...
  • fd070b0 fix: Fix and improve markdown parsing and entity metadata handling
  • b766cd3 refactor: Refactor cache and store layer with abstract cache.Store interface
  • 250ebf9 chore(release): pin sub-modules to v1.21.33 [skip ci]
  • 27d907d chore(release): 1.21.33 [skip ci]
  • fa5980c fix(ci): tidy example submodule go.mod files
  • Additional commits viewable in compare view

Updates github.com/flanksource/commons-test from 0.1.13 to 0.1.14

Release notes

Sourced from github.com/flanksource/commons-test's releases.

v0.1.14

What's Changed

Full Changelog: flanksource/commons-test@v0.1.13...v0.1.14

Commits

Updates github.com/flanksource/deps from 1.0.35 to 1.0.36

Release notes

Sourced from github.com/flanksource/deps's releases.

v1.0.36

1.0.36 (2026-07-01)

Bug Fixes

  • ci: use flanksource/action-workflows for release (#49) (8b6fb04)
  • resolve security insights (go-jose, x/image, workflow permissions) (77816e0)

Features

  • Do not use GitHub API when possible (#47) (66d550e)
Commits
  • 8b6fb04 fix(ci): use flanksource/action-workflows for release (#49)
  • f613d24 test(e2e): skip graalvm on linux due to tag/version scheme change
  • 77816e0 fix: resolve security insights (go-jose, x/image, workflow permissions)
  • 66d550e feat: Do not use GitHub API when possible (#47)
  • See full diff in compare view

Updates github.com/fluxcd/pkg/gittestserver from 0.28.0 to 0.29.0

Commits
  • 3ba849f Merge pull request #919 from fluxcd/auth-valid-registry
  • d89e633 [RFC-0010] Validate artifact repository for all auth providers
  • 1985bd8 Merge pull request #918 from fluxcd/gogit-agnostic
  • 5b6454a Package git/gogit should be agnostic of providers
  • See full diff in compare view

Updates github.com/jenkins-x/go-scm from 1.15.22 to 1.15.31

Release notes

Sourced from github.com/jenkins-x/go-scm's releases.

1.15.31

Changes in version 1.15.31

Bug Fixes

  • Bitbucket: updated URL for retrieving a list of workspaces (Nathan Hale)

Chores

  • release 1.15.31 (jenkins-x-bot)
  • add variables (jenkins-x-bot)

1.15.30

Changes in version 1.15.30

Chores

  • release 1.15.30 (jenkins-x-bot)
  • add variables (jenkins-x-bot)
  • deps: bump k8s.io/apimachinery from 0.36.1 to 0.36.2 (dependabot[bot])

1.15.29

Changes in version 1.15.29

Chores

  • release 1.15.29 (jenkins-x-bot)
  • add variables (jenkins-x-bot)
  • deps: bump github.com/sirupsen/logrus from 1.9.3 to 1.9.4 (dependabot[bot])

1.15.28

Changes in version 1.15.28

Chores

  • release 1.15.28 (jenkins-x-bot)
  • add variables (jenkins-x-bot)
  • deps: bump code.gitea.io/sdk/gitea from 0.14.0 to 0.22.1 (dependabot[bot])

1.15.27

Changes in version 1.15.27

Chores

  • release 1.15.27 (jenkins-x-bot)
  • add variables (jenkins-x-bot)
  • use stdlib (Mårten Svantesson)
  • deps: bump k8s.io/apimachinery from 0.34.1 to 0.36.1 (dependabot[bot])

1.15.26

... (truncated)

Commits
  • b2cac59 chore: release 1.15.31
  • 9853dcc chore: add variables
  • a062408 Merge pull request #541 from NrdyN8/main
  • e4953cf fix(Bitbucket): updated URL for retrieving a list of workspaces
  • c03f672 Merge pull request #539 from jenkins-x/dependabot/go_modules/k8s.io/apimachin...
  • e921d4f chore(deps): bump k8s.io/apimachinery from 0.36.1 to 0.36.2
  • 690a83a Merge pull request #538 from jenkins-x/dependabot/go_modules/github.com/sirup...
  • 1ff58a3 chore(deps): bump github.com/sirupsen/logrus from 1.9.3 to 1.9.4
  • 66929c8 Merge pull request #527 from vdemeester/dependabot/go_modules/code.gitea.io/s...
  • cb1f5b9 chore(deps): bump code.gitea.io/sdk/gitea from 0.14.0 to 0.22.1
  • Additional commits viewable in compare view

Updates github.com/mark3labs/mcp-go from 0.53.0 to 0.55.1

Release notes

Sourced from github.com/mark3labs/mcp-go's releases.

Release v0.55.1

No release notes provided.

Release v0.55.0

No release notes provided.

Release v0.54.1

No release notes provided.

Release v0.54.0

What's Changed

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Jul 2, 2026
@socket-security

socket-security Bot commented Jul 2, 2026

Copy link
Copy Markdown

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security
Vulnerability Quality Maintenance License
Updatedgolang/​github.com/​aws/​aws-sdk-go-v2@​v1.42.0 ⏵ v1.42.171100100100100
Addedgolang/​github.com/​onsi/​gomega@​v1.42.171100100100100
Updatedgolang/​github.com/​labstack/​echo/​v4@​v4.15.2 ⏵ v4.15.472 +1100100100100
Updatedgolang/​github.com/​slack-go/​slack@​v0.23.1 ⏵ v0.27.073 +1100100100100
Updatedgolang/​github.com/​mark3labs/​mcp-go@​v0.53.0 ⏵ v0.55.173 +1100100100100
Updatedgolang/​github.com/​jenkins-x/​go-scm@​v1.15.22 ⏵ v1.15.3174 +1100100100100
Updatedgolang/​github.com/​flanksource/​clicky@​v1.21.18 ⏵ v1.21.3474 +1100100100100
Updatedgolang/​github.com/​firebase/​genkit/​go@​v1.9.0 ⏵ v1.10.074 +1100100100100
Updatedgolang/​github.com/​redis/​go-redis/​v9@​v9.19.0 ⏵ v9.21.074 +1100100100100
Updatedgolang/​k8s.io/​apimachinery@​v0.36.1 ⏵ v0.36.274100100100100
Addedgolang/​google.golang.org/​grpc@​v1.82.075100100100100
Updatedgolang/​k8s.io/​client-go@​v0.36.1 ⏵ v0.36.27510010075100
Updatedgolang/​k8s.io/​api@​v0.36.1 ⏵ v0.36.276100100100100
Updatedgolang/​google.golang.org/​api@​v0.283.0 ⏵ v0.287.079 +1100100100100
Updatedgolang/​github.com/​prometheus/​common@​v0.68.1 ⏵ v0.69.09210010010080
Updatedgolang/​gorm.io/​gorm@​v1.31.1 ⏵ v1.31.282 +1100100100100
Updatedgolang/​github.com/​Azure/​azure-sdk-for-go/​sdk/​azidentity@​v1.13.1 ⏵ v1.14.082 -3100100100100
Updatedgolang/​github.com/​onsi/​ginkgo/​v2@​v2.29.0 ⏵ v2.32.084 +1100100100100
Updatedgolang/​github.com/​ory/​client-go@​v1.22.39 ⏵ v1.22.5987 -2100100100100
Updatedgolang/​github.com/​aws/​aws-sdk-go-v2/​config@​v1.32.25 ⏵ v1.32.2788100100100100
Updatedgolang/​github.com/​flanksource/​deps@​v1.0.35 ⏵ v1.0.3692 +1100100100100
Updatedgolang/​go.opentelemetry.io/​contrib/​instrumentation/​github.com/​labstack/​echo/​otelecho@​v0.68.0 ⏵ v0.69.098100100100100
Updatedgolang/​github.com/​aws/​aws-sdk-go-v2/​credentials@​v1.19.24 ⏵ v1.19.2698100100100100
Updatedgolang/​github.com/​flanksource/​commons-test@​v0.1.13 ⏵ v0.1.1498 +1100100100100
Updatedgolang/​github.com/​aws/​aws-sdk-go-v2/​service/​sts@​v1.43.3 ⏵ v1.43.598100100100100
Updatedgolang/​github.com/​aws/​aws-sdk-go-v2/​service/​cloudwatchlogs@​v1.75.2 ⏵ v1.78.299100100100100
Updatedgolang/​github.com/​tg123/​go-htpasswd@​v1.2.4 ⏵ v1.2.5100 +1100100100100
Updatedgolang/​github.com/​fluxcd/​pkg/​gittestserver@​v0.28.0 ⏵ v0.29.0100100100100100
Updatedgolang/​github.com/​xavidop/​genkit-aws-bedrock-go@​v1.14.0 ⏵ v1.20.1100100100100100

View full report

@socket-security

socket-security Bot commented Jul 2, 2026

Copy link
Copy Markdown

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action Severity Alert  (click "▶" to expand/collapse)
Warn High
Obfuscated code: golang k8s.io/client-go is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: go.modgolang/k8s.io/client-go@v0.36.2

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore golang/k8s.io/client-go@v0.36.2. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

@dependabot
dependabot Bot force-pushed the dependabot/go_modules/go-dependencies-44f3fb116c branch from bff5de2 to 74c9028 Compare July 2, 2026 11:21
…9 updates

Bumps the go-dependencies group with 26 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [github.com/Azure/azure-sdk-for-go/sdk/azidentity](https://github.com/Azure/azure-sdk-for-go) | `1.13.1` | `1.14.0` |
| [github.com/labstack/echo/v4](https://github.com/labstack/echo) | `4.15.2` | `4.15.4` |
| [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo) | `2.29.0` | `2.32.0` |
| [github.com/onsi/gomega](https://github.com/onsi/gomega) | `1.40.0` | `1.42.1` |
| [github.com/ory/client-go](https://github.com/ory/client-go) | `1.22.39` | `1.22.59` |
| [gorm.io/gorm](https://github.com/go-gorm/gorm) | `1.31.1` | `1.31.2` |
| [k8s.io/apimachinery](https://github.com/kubernetes/apimachinery) | `0.36.1` | `0.36.2` |
| [k8s.io/client-go](https://github.com/kubernetes/client-go) | `0.36.1` | `0.36.2` |
| [github.com/aws/aws-sdk-go-v2](https://github.com/aws/aws-sdk-go-v2) | `1.42.0` | `1.42.1` |
| [github.com/aws/aws-sdk-go-v2/config](https://github.com/aws/aws-sdk-go-v2) | `1.32.25` | `1.32.27` |
| [github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs](https://github.com/aws/aws-sdk-go-v2) | `1.75.2` | `1.78.2` |
| [github.com/firebase/genkit/go](https://github.com/firebase/genkit) | `1.9.0` | `1.10.0` |
| [github.com/flanksource/clicky](https://github.com/flanksource/clicky) | `1.21.18` | `1.21.34` |
| [github.com/flanksource/commons-test](https://github.com/flanksource/commons-test) | `0.1.13` | `0.1.14` |
| [github.com/flanksource/deps](https://github.com/flanksource/deps) | `1.0.35` | `1.0.36` |
| [github.com/fluxcd/pkg/gittestserver](https://github.com/fluxcd/pkg) | `0.28.0` | `0.29.0` |
| [github.com/jenkins-x/go-scm](https://github.com/jenkins-x/go-scm) | `1.15.22` | `1.15.31` |
| [github.com/mark3labs/mcp-go](https://github.com/mark3labs/mcp-go) | `0.53.0` | `0.55.1` |
| [github.com/prometheus/common](https://github.com/prometheus/common) | `0.68.1` | `0.69.0` |
| [github.com/redis/go-redis/v9](https://github.com/redis/go-redis) | `9.19.0` | `9.21.0` |
| [github.com/slack-go/slack](https://github.com/slack-go/slack) | `0.23.1` | `0.27.0` |
| [github.com/tg123/go-htpasswd](https://github.com/tg123/go-htpasswd) | `1.2.4` | `1.2.5` |
| [github.com/xavidop/genkit-aws-bedrock-go](https://github.com/xavidop/genkit-aws-bedrock-go) | `1.14.0` | `1.20.1` |
| [go.opentelemetry.io/contrib/instrumentation/github.com/labstack/echo/otelecho](https://github.com/open-telemetry/opentelemetry-go-contrib) | `0.68.0` | `0.69.0` |
| [google.golang.org/api](https://github.com/googleapis/google-api-go-client) | `0.283.0` | `0.287.0` |
| [google.golang.org/grpc](https://github.com/grpc/grpc-go) | `1.81.1` | `1.82.0` |



Updates `github.com/Azure/azure-sdk-for-go/sdk/azidentity` from 1.13.1 to 1.14.0
- [Release notes](https://github.com/Azure/azure-sdk-for-go/releases)
- [Commits](Azure/azure-sdk-for-go@sdk/azidentity/v1.13.1...sdk/azcore/v1.14.0)

Updates `github.com/labstack/echo/v4` from 4.15.2 to 4.15.4
- [Release notes](https://github.com/labstack/echo/releases)
- [Changelog](https://github.com/labstack/echo/blob/v4.15.4/CHANGELOG.md)
- [Commits](labstack/echo@v4.15.2...v4.15.4)

Updates `github.com/onsi/ginkgo/v2` from 2.29.0 to 2.32.0
- [Release notes](https://github.com/onsi/ginkgo/releases)
- [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md)
- [Commits](onsi/ginkgo@v2.29.0...v2.32.0)

Updates `github.com/onsi/gomega` from 1.40.0 to 1.42.1
- [Release notes](https://github.com/onsi/gomega/releases)
- [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md)
- [Commits](onsi/gomega@v1.40.0...v1.42.1)

Updates `github.com/ory/client-go` from 1.22.39 to 1.22.59
- [Commits](ory/client-go@v1.22.39...v1.22.59)

Updates `gorm.io/gorm` from 1.31.1 to 1.31.2
- [Release notes](https://github.com/go-gorm/gorm/releases)
- [Commits](go-gorm/gorm@v1.31.1...v1.31.2)

Updates `k8s.io/apimachinery` from 0.36.1 to 0.36.2
- [Commits](kubernetes/apimachinery@v0.36.1...v0.36.2)

Updates `k8s.io/client-go` from 0.36.1 to 0.36.2
- [Changelog](https://github.com/kubernetes/client-go/blob/master/CHANGELOG.md)
- [Commits](kubernetes/client-go@v0.36.1...v0.36.2)

Updates `github.com/aws/aws-sdk-go-v2` from 1.42.0 to 1.42.1
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](aws/aws-sdk-go-v2@v1.42.0...v1.42.1)

Updates `github.com/aws/aws-sdk-go-v2/config` from 1.32.25 to 1.32.27
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](aws/aws-sdk-go-v2@config/v1.32.25...config/v1.32.27)

Updates `github.com/aws/aws-sdk-go-v2/credentials` from 1.19.24 to 1.19.26
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](aws/aws-sdk-go-v2@credentials/v1.19.24...credentials/v1.19.26)

Updates `github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs` from 1.75.2 to 1.78.2
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](aws/aws-sdk-go-v2@service/s3/v1.75.2...service/s3/v1.78.2)

Updates `github.com/aws/aws-sdk-go-v2/service/sts` from 1.43.3 to 1.43.5
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](aws/aws-sdk-go-v2@service/amp/v1.43.3...service/sts/v1.43.5)

Updates `github.com/firebase/genkit/go` from 1.9.0 to 1.10.0
- [Release notes](https://github.com/firebase/genkit/releases)
- [Commits](genkit-ai/genkit@go/v1.9.0...go/v1.10.0)

Updates `github.com/flanksource/clicky` from 1.21.18 to 1.21.34
- [Release notes](https://github.com/flanksource/clicky/releases)
- [Changelog](https://github.com/flanksource/clicky/blob/main/CHANGELOG.md)
- [Commits](flanksource/clicky@v1.21.18...v1.21.34)

Updates `github.com/flanksource/commons-test` from 0.1.13 to 0.1.14
- [Release notes](https://github.com/flanksource/commons-test/releases)
- [Commits](flanksource/commons-test@v0.1.13...v0.1.14)

Updates `github.com/flanksource/deps` from 1.0.35 to 1.0.36
- [Release notes](https://github.com/flanksource/deps/releases)
- [Changelog](https://github.com/flanksource/deps/blob/main/CHANGELOG.md)
- [Commits](flanksource/deps@v1.0.35...v1.0.36)

Updates `github.com/fluxcd/pkg/gittestserver` from 0.28.0 to 0.29.0
- [Commits](fluxcd/pkg@git/v0.28.0...git/v0.29.0)

Updates `github.com/jenkins-x/go-scm` from 1.15.22 to 1.15.31
- [Release notes](https://github.com/jenkins-x/go-scm/releases)
- [Changelog](https://github.com/jenkins-x/go-scm/blob/main/CHANGELOG.md)
- [Commits](jenkins-x/go-scm@v1.15.22...v1.15.31)

Updates `github.com/mark3labs/mcp-go` from 0.53.0 to 0.55.1
- [Release notes](https://github.com/mark3labs/mcp-go/releases)
- [Commits](mark3labs/mcp-go@v0.53.0...v0.55.1)

Updates `github.com/prometheus/common` from 0.68.1 to 0.69.0
- [Release notes](https://github.com/prometheus/common/releases)
- [Changelog](https://github.com/prometheus/common/blob/main/CHANGELOG.md)
- [Commits](prometheus/common@v0.68.1...v0.69.0)

Updates `github.com/redis/go-redis/v9` from 9.19.0 to 9.21.0
- [Release notes](https://github.com/redis/go-redis/releases)
- [Changelog](https://github.com/redis/go-redis/blob/master/RELEASE-NOTES.md)
- [Commits](redis/go-redis@v9.19.0...v9.21.0)

Updates `github.com/slack-go/slack` from 0.23.1 to 0.27.0
- [Release notes](https://github.com/slack-go/slack/releases)
- [Changelog](https://github.com/slack-go/slack/blob/master/CHANGELOG.md)
- [Commits](slack-go/slack@v0.23.1...v0.27.0)

Updates `github.com/tg123/go-htpasswd` from 1.2.4 to 1.2.5
- [Release notes](https://github.com/tg123/go-htpasswd/releases)
- [Commits](tg123/go-htpasswd@v1.2.4...v1.2.5)

Updates `github.com/xavidop/genkit-aws-bedrock-go` from 1.14.0 to 1.20.1
- [Release notes](https://github.com/xavidop/genkit-aws-bedrock-go/releases)
- [Changelog](https://github.com/genkit-ai/aws-bedrock-go-plugin/blob/main/CHANGELOG.md)
- [Commits](genkit-ai/aws-bedrock-go-plugin@v1.14.0...v1.20.1)

Updates `go.opentelemetry.io/contrib/instrumentation/github.com/labstack/echo/otelecho` from 0.68.0 to 0.69.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go-contrib/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go-contrib/blob/main/CHANGELOG.md)
- [Commits](open-telemetry/opentelemetry-go-contrib@zpages/v0.68.0...zpages/v0.69.0)

Updates `k8s.io/api` from 0.36.1 to 0.36.2
- [Commits](kubernetes/api@v0.36.1...v0.36.2)

Updates `google.golang.org/api` from 0.283.0 to 0.287.0
- [Release notes](https://github.com/googleapis/google-api-go-client/releases)
- [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md)
- [Commits](googleapis/google-api-go-client@v0.283.0...v0.287.0)

Updates `google.golang.org/grpc` from 1.81.1 to 1.82.0
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](grpc/grpc-go@v1.81.1...v1.82.0)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2
  dependency-version: 1.42.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go-dependencies
- dependency-name: github.com/aws/aws-sdk-go-v2/config
  dependency-version: 1.32.27
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go-dependencies
- dependency-name: github.com/aws/aws-sdk-go-v2/credentials
  dependency-version: 1.19.26
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go-dependencies
- dependency-name: github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs
  dependency-version: 1.78.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-dependencies
- dependency-name: github.com/aws/aws-sdk-go-v2/service/sts
  dependency-version: 1.43.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go-dependencies
- dependency-name: github.com/Azure/azure-sdk-for-go/sdk/azidentity
  dependency-version: 1.14.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-dependencies
- dependency-name: github.com/firebase/genkit/go
  dependency-version: 1.10.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-dependencies
- dependency-name: github.com/flanksource/clicky
  dependency-version: 1.21.34
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go-dependencies
- dependency-name: github.com/flanksource/commons-test
  dependency-version: 0.1.14
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go-dependencies
- dependency-name: github.com/flanksource/deps
  dependency-version: 1.0.36
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go-dependencies
- dependency-name: github.com/fluxcd/pkg/gittestserver
  dependency-version: 0.29.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-dependencies
- dependency-name: github.com/jenkins-x/go-scm
  dependency-version: 1.15.31
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go-dependencies
- dependency-name: github.com/labstack/echo/v4
  dependency-version: 4.15.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go-dependencies
- dependency-name: github.com/mark3labs/mcp-go
  dependency-version: 0.55.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-dependencies
- dependency-name: github.com/onsi/ginkgo/v2
  dependency-version: 2.32.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-dependencies
- dependency-name: github.com/onsi/gomega
  dependency-version: 1.42.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-dependencies
- dependency-name: github.com/ory/client-go
  dependency-version: 1.22.59
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go-dependencies
- dependency-name: github.com/prometheus/common
  dependency-version: 0.69.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-dependencies
- dependency-name: github.com/redis/go-redis/v9
  dependency-version: 9.21.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-dependencies
- dependency-name: github.com/slack-go/slack
  dependency-version: 0.27.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-dependencies
- dependency-name: github.com/tg123/go-htpasswd
  dependency-version: 1.2.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go-dependencies
- dependency-name: github.com/xavidop/genkit-aws-bedrock-go
  dependency-version: 1.20.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-dependencies
- dependency-name: go.opentelemetry.io/contrib/instrumentation/github.com/labstack/echo/otelecho
  dependency-version: 0.69.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-dependencies
- dependency-name: google.golang.org/api
  dependency-version: 0.287.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-dependencies
- dependency-name: google.golang.org/grpc
  dependency-version: 1.82.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-dependencies
- dependency-name: gorm.io/gorm
  dependency-version: 1.31.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go-dependencies
- dependency-name: k8s.io/api
  dependency-version: 0.36.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go-dependencies
- dependency-name: k8s.io/apimachinery
  dependency-version: 0.36.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go-dependencies
- dependency-name: k8s.io/client-go
  dependency-version: 0.36.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
dependabot Bot force-pushed the dependabot/go_modules/go-dependencies-44f3fb116c branch from 74c9028 to 3166e61 Compare July 2, 2026 12:05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file go Pull requests that update Go code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants