chore(deps): bump the security group across 1 directory with 27 updates #1796

dependabot · 2025-06-17T01:33:21Z

Bumps the security group with 21 updates in the / directory:

Package	From	To
github.com/casbin/govaluate	`1.3.0`	`1.7.0`
github.com/containers/image/v5	`5.34.3`	`5.35.0`
github.com/go-logr/logr	`1.4.2`	`1.4.3`
github.com/go-sql-driver/mysql	`1.9.2`	`1.9.3`
github.com/jackc/pgx/v5	`5.7.4`	`5.7.5`
github.com/microsoft/go-mssqldb	`1.8.0`	`1.8.2`
github.com/miekg/dns	`1.1.65`	`1.1.66`
github.com/shirou/gopsutil/v4	`4.25.3`	`4.25.5`
github.com/vishvananda/netlink	`1.3.0`	`1.3.1`
github.com/vmware-tanzu/velero	`1.16.0`	`1.16.1`
go.opentelemetry.io/otel	`1.35.0`	`1.36.0`
go.opentelemetry.io/otel/sdk	`1.35.0`	`1.36.0`
golang.org/x/mod	`0.24.0`	`0.25.0`
golang.org/x/sync	`0.13.0`	`0.15.0`
k8s.io/api	`0.32.3`	`0.33.1`
k8s.io/apiextensions-apiserver	`0.32.3`	`0.33.1`
k8s.io/cli-runtime	`0.32.3`	`0.33.1`
sigs.k8s.io/controller-runtime	`0.20.4`	`0.21.0`
golang.org/x/net	`0.39.0`	`0.41.0`
helm.sh/helm/v3	`3.17.3`	`3.18.3`
k8s.io/kubelet	`0.32.3`	`0.33.1`

Updates github.com/casbin/govaluate from 1.3.0 to 1.7.0

Release notes

Sourced from github.com/casbin/govaluate's releases.

v1.7.0

1.7.0 (2025-05-21)

Features

Add Sample Locking + Massive Parallel test (#15) (d795199)

v1.6.0

1.6.0 (2025-05-21)

Features

fix handling multi-byte characters both before and after single byte (#19) (df0c938)

v1.5.0

1.5.0 (2025-05-20)

Features

fix unicode var bug by handling multi-byte characters before single byte characters in input (#17) (358dbb2)

v1.4.0

1.4.0 (2025-05-10)

Features

reduce memory allocs to optimize performance (#13) (4697815)

Commits

d795199 feat: Add Sample Locking + Massive Parallel test (#15)
df0c938 feat: fix handling multi-byte characters both before and after single byte (#19)
358dbb2 feat: fix unicode var bug by handling multi-byte characters before single byt...
4697815 feat: reduce memory allocs to optimize performance (#13)
See full diff in compare view

Updates github.com/containers/image/v5 from 5.34.3 to 5.35.0

Release notes

Sourced from github.com/containers/image/v5's releases.

v5.35.0

What's Changed

Bump c/storage to v1.57.1, c/image to v5.34.0, then to v5.35.0-dev by @TomSweeneyRedHat in containers/image#2700

Update module github.com/vbatts/tar-split to v0.12.1 by @renovate in containers/image#2699

Update dependency containers/automation_images to v20250131 by @renovate in containers/image#2703

Update module golang.org/x/oauth2 to v0.26.0 by @renovate in containers/image#2705

Update module golang.org/x/sync to v0.11.0 by @renovate in containers/image#2706

Update module golang.org/x/sys to v0.30.0 by @renovate in containers/image#2707

Update module golang.org/x/term to v0.29.0 by @renovate in containers/image#2708

Add docker media types in OCI formats by @brbayes-msft in containers/image#2695

use new ReflinkOrCopy() from c/storage by @Luap99 in containers/image#2714

Update module golang.org/x/crypto to v0.33.0 by @renovate in containers/image#2712

Update module github.com/vbauerster/mpb/v8 to v8.9.2 by @renovate in containers/image#2711

Update module github.com/sigstore/rekor to v1.3.9 by @renovate in containers/image#2697

Update dependency golangci/golangci-lint to v1.64.3 by @renovate in containers/image#2715

Update dependency golangci/golangci-lint to v1.64.4 by @renovate in containers/image#2716

Update module github.com/sigstore/sigstore to v1.8.14 by @renovate in containers/image#2720

Update dependency golangci/golangci-lint to v1.64.5 by @renovate in containers/image#2719

policy.json BYOPKI signature verification API by @QiWang19 in containers/image#2579

Update module github.com/klauspost/compress to v1.18.0 by @renovate in containers/image#2722

Update module github.com/sigstore/sigstore to v1.8.15 by @renovate in containers/image#2723

Small cleanups + one bug fix by @mtrmac in containers/image#2718

oci/layout: add GetLocalBlobPath() by @Luap99 in containers/image#2728

Update module github.com/docker/docker to v28 by @renovate in containers/image#2727

Update module github.com/docker/cli to v28 by @renovate in containers/image#2726

OCPBUGS-51217: CVE-2025-27144: Bump go-jose to v4.0.5 by @sherine-k in containers/image#2738

Update module github.com/vbauerster/mpb/v8 to v8.9.3 by @renovate in containers/image#2735

Update module github.com/go-jose/go-jose/v3 to v3.0.4 [SECURITY] by @renovate in containers/image#2739

Update module github.com/docker/docker to v28.0.1+incompatible by @renovate in containers/image#2737

Update module github.com/docker/cli to v28.0.1+incompatible by @renovate in containers/image#2736

feat: add DestinationTimestamp to copy options by @aeijdenberg in containers/image#2730

fix(deps): update module github.com/docker/docker-credential-helpers to v0.9.1 by @renovate in containers/image#2740

Fix omitempty for PKI struct by @QiWang19 in containers/image#2746

fix: handle error on Close() of writable objects by @aeijdenberg in containers/image#2731

fix(deps): update github.com/containers/storage digest to 700b765 by @renovate in containers/image#2748

fix(deps): update github.com/cyberphone/json-canonicalization digest to 19d51d7 by @renovate in containers/image#2749

chore(deps): update dependency golangci/golangci-lint to v1.64.6 by @renovate in containers/image#2751

Merge back v5.34.1 into main by @Luap99 in containers/image#2755

fix(deps): update module github.com/opencontainers/image-spec to v1.1.1 by @renovate in containers/image#2752

Microoptimize an API use per gopls modernize by @mtrmac in containers/image#2732

Misc small nits to CI and build by @kolyshkin in containers/image#2573

fix(deps): update module github.com/docker/docker-credential-helpers to v0.9.2 by @renovate in containers/image#2757

fix: typo err and grammar err by @warjiang in containers/image#2758

Update c/storage after containers/storage#2276 by @mtrmac in containers/image#2769

Improve handling and documentation of various transport reference corner cases by @mtrmac in containers/image#2767

Migrate from github.com/xeipuuv/gojsonschema to github.com/santhosh-tekuri/jsonschema/v5 by @mtrmac in containers/image#2756

Don't silently ignore errors determining size in TryReuseBlob by @mtrmac in containers/image#2709

Add proxy for dockerClient by @warjiang in containers/image#2764

chore(deps): update dependency golangci/golangci-lint to v1.64.7 by @renovate in containers/image#2773

Update to Go 1.23 by @mtrmac in containers/image#2774

... (truncated)

Commits

617c288 Bump to c/image v5.35.0
1b83b3a Bump to c/storage v1.58.0
4279b17 Merge pull request #2826 from containers/renovate/golangci-golangci-lint-2.x
1d14076 chore(deps): update dependency golangci/golangci-lint to v2.1.1
12c8495 Merge pull request #2824 from containers/renovate/github.com-sigstore-rekor-1.x
010f504 fix(deps): update module github.com/sigstore/rekor to v1.3.10
9b83c49 Merge pull request #2823 from Luap99/github
a4b363d .github: check_cirrus_cron work around github bug
37150b4 .github: remove cirrus rerun action
6116c41 Merge pull request #2822 from containers/renovate/github.com-sigstore-sigstor...
Additional commits viewable in compare view

Updates github.com/go-logr/logr from 1.4.2 to 1.4.3

Release notes

Sourced from github.com/go-logr/logr's releases.

v1.4.3

Minor release.

What's Changed

Fix slog tests for 1.25 by @hoeppi-google in go-logr/logr#361

Remove one exception from Slog testing by @thockin in go-logr/logr#362

New Contributors

@hoeppi-google made their first contribution in go-logr/logr#361

Full Changelog: go-logr/logr@v1.4.2...v1.4.3

Commits

38a1c47 build(deps): bump github/codeql-action from 3.28.17 to 3.28.18
f08bedd build(deps): bump actions/setup-go from 5.4.0 to 5.5.0
6295e99 build(deps): bump golangci/golangci-lint-action from 7.0.0 to 8.0.0
028840d build(deps): bump github/codeql-action from 3.28.15 to 3.28.17
511e5fa Merge pull request #367 from go-logr/dependabot/github_actions/github/codeql-...
d806463 build(deps): bump github/codeql-action from 3.28.13 to 3.28.15
158c311 Merge pull request #366 from thockin/master
c79ddb3 Update to support golangci-lint v2
20a64ba build(deps): bump github/codeql-action from 3.28.12 to 3.28.13
0385e14 Add comments around slog exceptions
Additional commits viewable in compare view

Updates github.com/go-sql-driver/mysql from 1.9.2 to 1.9.3

Release notes

Sourced from github.com/go-sql-driver/mysql's releases.

v1.9.3

What's Changed

[1.9] test stability improvement. by @methane in go-sql-driver/mysql#1699

[1.9] Transaction Commit/Rollback returns conn's cached error by @methane in go-sql-driver/mysql#1702

backport benchmark_test by @methane in go-sql-driver/mysql#1706

[1.9] optimize readPacket (#1705) by @methane in go-sql-driver/mysql#1707

[1.9] fix PING on compressed connections by @methane in go-sql-driver/mysql#1723

release v1.9.3 by @methane in go-sql-driver/mysql#1725

Full Changelog: go-sql-driver/mysql@v1.9.2...v1.9.3

Changelog

Sourced from github.com/go-sql-driver/mysql's changelog.

v1.9.3 (2025-06-13)

tx.Commit() and tx.Rollback() returned ErrInvalidConn always. Now they return cached real error if present. (#1690)

Optimize reading small resultsets to fix performance regression introduced by compression protocol support. (#1707)

Fix db.Ping() on compressed connection. (#1723)

Commits

62984ad release v1.9.3 (#1725)
324cbb3 [1.9] fix PING on compressed connections (#1723)
dfd973a optimize readPacket (#1707)
2ed589b backport benchmark_test (#1706)
ac04e5f Transaction Commit/Rollback returns conn's cached error (#1702)
1bee809 test stability improvement. (#1699)
See full diff in compare view

Updates github.com/jackc/pgx/v5 from 5.7.4 to 5.7.5

Changelog

Sourced from github.com/jackc/pgx/v5's changelog.

5.7.5 (May 17, 2025)

Support sslnegotiation connection option (divyam234)

Update golang.org/x/crypto to v0.37.0. This placates security scanners that were unable to see that pgx did not use the behavior affected by https://pkg.go.dev/vuln/GO-2025-3487.

TraceLog now logs Acquire and Release at the debug level (dave sinclair)

Add support for PGTZ environment variable

Add support for PGOPTIONS environment variable

Unpin memory used by Rows quicker

Remove PlanScan memoization. This resolves a rare issue where scanning could be broken for one type by first scanning another. The problem was in the memoization system and benchmarking revealed that memoization was not providing any meaningful benefit.

Commits

15bca4a Release v5.7.5
1d557f9 Remove PlanScan memoization
de7fe81 Use reflect.TypeFor instead of reflect.TypeOf
d9eb089 Remove unused function
6be24eb Fix comment typo
07871c0 Zero internal baseRows references to allow GC earlier
777e7e5 Merge pull request #2313 from stampy88/tracelog_pool_additions
151bd02 Switched to LogLevelDebug
540fcaa Add support for PGOPTIONS environment variable
3a248e3 Add support for PGTZ environment variable
Additional commits viewable in compare view

Updates github.com/microsoft/go-mssqldb from 1.8.0 to 1.8.2

Release notes

Sourced from github.com/microsoft/go-mssqldb's releases.

v1.8.2

What's Changed

Work around build error introduced by the new 'go vet' tests analyser by @leon-matthews in microsoft/go-mssqldb#259

isProc: added COMMIT and ROLLBACK command to the builtin commands by @giautm in microsoft/go-mssqldb#261

[WIP] Parse does not recognize Pwd as a valid password field alias by @copilot-swe-agent in microsoft/go-mssqldb#263

New Contributors

@leon-matthews made their first contribution in microsoft/go-mssqldb#259

@copilot-swe-agent made their first contribution in microsoft/go-mssqldb#263

Full Changelog: microsoft/go-mssqldb@v1.8.1...v1.8.2

Changelog

Sourced from github.com/microsoft/go-mssqldb's changelog.

1.8.2

Bug fixes

Added "Pwd" as a recognized alias for "Password" in connection strings (#262)

Updated isProc to detect more keywords

1.7.0

Changed

Changed always encrypted key provider error handling not to panic on failure

Features

Support DER certificates for server authentication (#152)

Bug fixes

Improved speed of CharsetToUTF8 (#154)

1.7.0

Changed

krb5 authenticator supports standard Kerberos environment variables for configuration

1.6.0

Changed

Go.mod updated to Go 1.17

Azure SDK for Go dependencies updated

Features

Added ActiveDirectoryAzCli and ActiveDirectoryDeviceCode authentication types to azuread package

Always Encrypted encryption and decryption with 2 hour key cache (#116)

'pfx', 'MSSQL_CERTIFICATE_STORE', and 'AZURE_KEY_VAULT' encryption key providers

TDS8 can now be used for connections by setting encrypt="strict"

1.5.0

Features

Bug fixes

Handle extended character in SQL instance names for browser lookup (#122)

1.4.0

... (truncated)

Commits

d3c6336 Parse does not recognize Pwd as a valid password field alias (#263)
661c0e6 isProc: added COMMIT and ROLLBACK command to the builtin commands list (#...
a3ce042 Work around build error introduced by the new 'go vet' tests analyser in v1.2...
6b3e174 replace ioutil with io everywhere (#258)
46d39b9 bump: github.com/golang-jwt/jwt/v5 v5.2.1 => v5.2.2 (#256)
549c925 isProc: recognize builtin-commands (#252)
b9933eb DATETIME: fix 1/300 of a seconds rounding logic (Bulk Copy related) (#242)
e804768 Add JSON-encoded version of NULL uniqueidentifier (#238)
d27f997 Try to fix the github PR validation workflow (#240)
ba24acc Fix GUID conversion (#207)
See full diff in compare view

Updates github.com/miekg/dns from 1.1.65 to 1.1.66

Commits

10d76bc Release 1.1.66
ed312a3 Fix logic in xfr ReadMsg + add test (#1649)
27318b9 RFC 8490: Implement DSO type registry
01abd80 DSO: Use Stateful as the suffix
64211b3 Add the rcode DSO-TYPE Not Implemented / RFC8490 (#1648)
8ec9f67 Upgrade all deps (#1647)
8a570c6 A comment concerning newline while scanning (#1645)
739cf21 Return error for empty target (#1627)
See full diff in compare view

Updates github.com/shirou/gopsutil/v4 from 4.25.3 to 4.25.5

Release notes

Sourced from github.com/shirou/gopsutil/v4's releases.

v4.25.5

What's Changed

cpu

Remove wmi for Get physical CPU core count by @OrbintSoft in shirou/gopsutil#1839

fix ignore nakedret by @mmorel-35 in shirou/gopsutil#1847

Fix issues with GetLastError() usage by @secDre4mer in shirou/gopsutil#1848

docker

rename containerid arguments to containerID by @mmorel-35 in shirou/gopsutil#1862

host

Other Changes

fix(ST1005): Incorrectly formatted error string by @mmorel-35 in shirou/gopsutil#1846

[darwin]: bump purego veresion to 0.8.3 by @shirou in shirou/gopsutil#1852

chore: enable staticcheck by @mmorel-35 in shirou/gopsutil#1842

New Contributors

@OrbintSoft made their first contribution in shirou/gopsutil#1839

Full Changelog: shirou/gopsutil@v4.25.4...v4.25.5

v4.25.4

What's Changed

cpu

fix nil ptr by @dvovk in shirou/gopsutil#1835

Fix win32_SystemProcessorPerformanceInformation struct by @niemp100 in shirou/gopsutil#1831

disk

[disk][linux] add bcachefs magic by @NewbieOrange in shirou/gopsutil#1838

host

refactor: using fmt.Errorf in InfoWithContext by @s0ders in shirou/gopsutil#1840

Other Changes

fix: update github actions runner images by @shirou in shirou/gopsutil#1841

chore: enable govet linter by @mmorel-35 in shirou/gopsutil#1825

[chore]: bump golangci-lint to v2.1.1 by @mmorel-35 in shirou/gopsutil#1829

chore: enable ineffassign linter by @mmorel-35 in shirou/gopsutil#1843

New Contributors

@NewbieOrange made their first contribution in shirou/gopsutil#1838

@dvovk made their first contribution in shirou/gopsutil#1835

@niemp100 made their first contribution in shirou/gopsutil#1831

@s0ders made their first contribution in shirou/gopsutil#1840

Full Changelog: shirou/gopsutil@v4.25.3...v4.25.4

Commits

15412ac Merge pull request #1844 from shirou/dependabot/github_actions/golangci/golan...
2c7ae10 Merge pull request #1862 from mmorel-35/containerid
bcbca49 rename containerid arguments to containerID
b2c442f Merge pull request #1860 from shirou/dependabot/go_modules/github.com/ebiteng...
e3ebde9 chore(deps): bump github.com/ebitengine/purego from 0.8.3 to 0.8.4
34ac457 Merge pull request #1848 from secDre4mer/master
95eb2c3 Merge pull request #1851 from shirou/dependabot/github_actions/actions/setup-...
7597e32 chore(deps): bump actions/setup-go from 5.4.0 to 5.5.0
3ef5d4c Merge pull request #1847 from mmorel-35/nakedret
6a79b39 fix ignore nakedret
Additional commits viewable in compare view

Updates github.com/vishvananda/netlink from 1.3.0 to 1.3.1

Release notes

Sourced from github.com/vishvananda/netlink's releases.

v1.3.1

What's Changed

Fix deprecated comments by @champtar in vishvananda/netlink#1011

Fix: Do not crash when enumerating tc filters with unknown actionType by @Matus-p in vishvananda/netlink#1013

Fix SetSendTimeout/SetReceiveTimeout by @robmry in vishvananda/netlink#1012

capture and return errors in ConntrackDeleteFilters by @aroradaman in vishvananda/netlink#1014

Fix FouList attribute body truncated error with kernel 5.2+ by @chanfung032 in vishvananda/netlink#1017

Preserve results when NLM_F_DUMP_INTR is set by @robmry in vishvananda/netlink#1018

netkit: Add support for IFLA_NETKIT_SCRUB and IFLA_NETKIT_PEER_SCRUB by @jrife in vishvananda/netlink#1022

fix CI failed Incidental in TestRuleListFiltered by @wangling94 in vishvananda/netlink#1043

disable broadcast if broadcast is set to net.IPv4zero by @WeidiDeng in vishvananda/netlink#1037

.github/workflows: Bump CI Go version to v1.22 by @dylandreimerink in vishvananda/netlink#1049

TC FLOWER enrich match field and action about vlan by @wangling94 in vishvananda/netlink#1045

link_linux: Add deserialization of IFF_RUNNING flag by @dylandreimerink in vishvananda/netlink#1038

Preserve results when NLM_F_DUMP_INTR is set by @adrianmoisey in vishvananda/netlink#1050

Add IFLA_PARENT_DEV_NAME / IFLA_PARENT_DEV_BUS_NAME to links by @akerouanton in vishvananda/netlink#1051

conntrack: prevent potential memory leak by @aroradaman in vishvananda/netlink#1058

Fix parsing 4-bytes attribute by @Asphaltt in vishvananda/netlink#1034

fix: Use correct offset for unix socket diagnosis by @srebhan in vishvananda/netlink#1061

vxlan: Fix parseVxlanData for source port range by @borkmann in vishvananda/netlink#1062

netkit: Allow setting MAC address in L2 mode by @jrife in vishvananda/netlink#1063

Add support for MTU Lock by @trozet in vishvananda/netlink#1067

pedit: Fix EncodeActions to add TcGen for pedit action by @chent1996 in vishvananda/netlink#1065

go.mod: github.com/vishvananda/netns v0.0.5 by @thaJeztah in vishvananda/netlink#1056

Add OifIndex option for RouteGetWithOptions by @dylandreimerink in vishvananda/netlink#1060

Support TC "sample" filter action by @lorenz in vishvananda/netlink#1042

Add support for XFRMA_SA_DIR and XFRMA_SA_PCPU attributes for XFRM by @ChinmayaSharma-hue in vishvananda/netlink#1044

Add support for ARP/ND Timestamps when retriving neighbors by @jlamanna in vishvananda/netlink#1039

New Contributors

@Matus-p made their first contribution in vishvananda/netlink#1013

@robmry made their first contribution in vishvananda/netlink#1012

@chanfung032 made their first contribution in vishvananda/netlink#1017

@jrife made their first contribution in vishvananda/netlink#1022

@wangling94 made their first contribution in vishvananda/netlink#1043

@WeidiDeng made their first contribution in vishvananda/netlink#1037

@dylandreimerink made their first contribution in vishvananda/netlink#1049

@adrianmoisey made their first contribution in vishvananda/netlink#1050

@akerouanton made their first contribution in vishvananda/netlink#1051

@Asphaltt made their first contribution in vishvananda/netlink#1034

@trozet made their first contribution in vishvananda/netlink#1067

@ChinmayaSharma-hue made their first contribution in vishvananda/netlink#1044

@jlamanna made their first contribution in vishvananda/netlink#1039

Full Changelog: vishvananda/netlink@v1.3.0...v1.3.1

What's Changed

Fix deprecated comments by @champtar in vishvananda/netlink#1011

Fix: Do not crash when enumerating tc filters with unknown actionType by @Matus-p in vishvananda/netlink#1013

Fix SetSendTimeout/SetReceiveTimeout by @robmry in vishvananda/netlink#1012

... (truncated)

Commits

17daef6 vlan: add support for flags and qos maps
b929916 filter: add classid and port range support for flower
06c2c01 feat: add vlanid - tunnelid mapping support
c4bb4f9 rdma: support rdma metrics: resource and statistic
e9f11f7 bugfix: parse ipv4 src/dst error
1f4f72c Mimic ipset C code for determining correct default ipset revision
2426b05 qdisc: fix wrong type info of tc_sfq_qopt
a2e4b9a veth: allow configuring peer attributes beyond namespace and address
9d88d83 feat: add support for RtoMin lock
6b5dd30 geneve: Support setting/getting source port range
Additional commits viewable in compare view

Updates github.com/vmware-tanzu/velero from 1.16.0 to 1.16.1

Release notes

Sourced from github.com/vmware-tanzu/velero's releases.

v1.16.1

Download

https://github.com/vmware-tanzu/velero/releases/tag/v1.16.1

Container Image

velero/velero:v1.16.1

Documentation

https://velero.io/docs/v1.16/

Upgrading

https://velero.io/docs/v1.16/upgrade-to-1.16/

All Changes

Call WaitGroup.Done() once only when PVB changes to final status the first time to avoid panic (#8940, @ywk253100)

Add VolumeSnapshotContent into the RIA and the mustHave resource list. (#8926, @blackpiglet)

Warn for not found error in patching managed fields (#8916, @sseago)

Fix issue 8878, relief node os deduction error checks (#8911, @Lyndon-Li)

v1.16.1-rc.1

v1.16.1

Download

https://github.com/vmware-tanzu/velero/releases/tag/v1.16.1-rc.1

Container Image

velero/velero:v1.16.1-rc.1

Documentation

https://velero.io/docs/v1.16/

Upgrading

https://velero.io/docs/v1.16/upgrade-to-1.16/

All Changes

Call WaitGroup.Done() once only when PVB changes to final status the first time to avoid panic (#8940, @ywk253100)

Add VolumeSnapshotContent into the RIA and the mustHave resource list. (#8926, @blackpiglet)

Warn for not found error in patching managed fields (#8916, @sseago)

Fix issue 8878, relief node os deduction error checks (#8911, @Lyndon-Li)

Commits

2eb97fa Merge pull request #8940 from ywk253100/250514_fix
f64fb36 Call WaitGroup.Done() once only when PVB changes to final status the first ti...
4bd86f1 Merge pull request #8939 from blackpiglet/modify_image_usage_1.16
18ef5e6 Support using image registry proxy in more cases.
01aa538 Add default bakcup repository configuration for E2E.
3617172 Merge pull request #8928 from Lyndon-Li/release-1.16
82dce51 1.16.1 changelog update
659a352 Add VolumeSnapshotContent into the RIA and the mustHave resource list. (#8926)
9eeea4f Merge pull request #8922 from Lyndon-Li/release-1.16
e1068d6 bump up base image
Additional commits viewable in compare view

Updates go.opentelemetry.io/otel from 1.35.0 to 1.36.0

Changelog

Sourced from go.opentelemetry.io/otel's changelog.

[1.36.0/0.58.0/0.12.0] 2025-05-20

Added

Add exponential histogram support in go.opentelemetry.io/otel/exporters/prometheus. (#6421)

The go.opentelemetry.io/otel/semconv/v1.31.0 package. The package contains semantic conventions from the v1.31.0 version of the OpenTelemetry Semantic Conventions. See the migration documentation for information on how to upgrade from go.opentelemetry.io/otel/semconv/v1.30.0. (#6479)

Add Recording, Scope, and Record types in go.opentelemetry.io/otel/log/logtest. (#6507)

Add WithHTTPClient option to configure the http.Client used by go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp. (#6751)

Add WithHTTPClient option to configure the http.Client used by go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp. (#6752)

Add WithHTTPClient option to configure the http.Client used by go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp. (#6688)

Add ValuesGetter in go.opentelemetry.io/otel/propagation, a TextMapCarrier that supports retrieving multiple values for a single key. (#5973)

Add Values method to HeaderCarrier to implement the new ValuesGetter interface in go.opentelemetry.io/otel/propagation. (#5973)

Update Baggage in go.opentelemetry.io/otel/propagation to retrieve multiple values for a key when the carrier implements ValuesGetter. (#597...
Description has been truncated

Bumps the security group with 21 updates in the / directory: | Package | From | To | | --- | --- | --- | | [github.com/casbin/govaluate](https://github.com/casbin/govaluate) | `1.3.0` | `1.7.0` | | [github.com/containers/image/v5](https://github.com/containers/image) | `5.34.3` | `5.35.0` | | [github.com/go-logr/logr](https://github.com/go-logr/logr) | `1.4.2` | `1.4.3` | | [github.com/go-sql-driver/mysql](https://github.com/go-sql-driver/mysql) | `1.9.2` | `1.9.3` | | [github.com/jackc/pgx/v5](https://github.com/jackc/pgx) | `5.7.4` | `5.7.5` | | [github.com/microsoft/go-mssqldb](https://github.com/microsoft/go-mssqldb) | `1.8.0` | `1.8.2` | | [github.com/miekg/dns](https://github.com/miekg/dns) | `1.1.65` | `1.1.66` | | [github.com/shirou/gopsutil/v4](https://github.com/shirou/gopsutil) | `4.25.3` | `4.25.5` | | [github.com/vishvananda/netlink](https://github.com/vishvananda/netlink) | `1.3.0` | `1.3.1` | | [github.com/vmware-tanzu/velero](https://github.com/vmware-tanzu/velero) | `1.16.0` | `1.16.1` | | [go.opentelemetry.io/otel](https://github.com/open-telemetry/opentelemetry-go) | `1.35.0` | `1.36.0` | | [go.opentelemetry.io/otel/sdk](https://github.com/open-telemetry/opentelemetry-go) | `1.35.0` | `1.36.0` | | [golang.org/x/mod](https://github.com/golang/mod) | `0.24.0` | `0.25.0` | | [golang.org/x/sync](https://github.com/golang/sync) | `0.13.0` | `0.15.0` | | [k8s.io/api](https://github.com/kubernetes/api) | `0.32.3` | `0.33.1` | | [k8s.io/apiextensions-apiserver](https://github.com/kubernetes/apiextensions-apiserver) | `0.32.3` | `0.33.1` | | [k8s.io/cli-runtime](https://github.com/kubernetes/cli-runtime) | `0.32.3` | `0.33.1` | | [sigs.k8s.io/controller-runtime](https://github.com/kubernetes-sigs/controller-runtime) | `0.20.4` | `0.21.0` | | [golang.org/x/net](https://github.com/golang/net) | `0.39.0` | `0.41.0` | | [helm.sh/helm/v3](https://github.com/helm/helm) | `3.17.3` | `3.18.3` | | [k8s.io/kubelet](https://github.com/kubernetes/kubelet) | `0.32.3` | `0.33.1` | Updates `github.com/casbin/govaluate` from 1.3.0 to 1.7.0 - [Release notes](https://github.com/casbin/govaluate/releases) - [Changelog](https://github.com/casbin/govaluate/blob/master/.releaserc.json) - [Commits](casbin/govaluate@v1.3.0...v1.7.0) Updates `github.com/containers/image/v5` from 5.34.3 to 5.35.0 - [Release notes](https://github.com/containers/image/releases) - [Commits](containers/image@v5.34.3...v5.35.0) Updates `github.com/go-logr/logr` from 1.4.2 to 1.4.3 - [Release notes](https://github.com/go-logr/logr/releases) - [Changelog](https://github.com/go-logr/logr/blob/master/CHANGELOG.md) - [Commits](go-logr/logr@v1.4.2...v1.4.3) Updates `github.com/go-sql-driver/mysql` from 1.9.2 to 1.9.3 - [Release notes](https://github.com/go-sql-driver/mysql/releases) - [Changelog](https://github.com/go-sql-driver/mysql/blob/v1.9.3/CHANGELOG.md) - [Commits](go-sql-driver/mysql@v1.9.2...v1.9.3) Updates `github.com/jackc/pgx/v5` from 5.7.4 to 5.7.5 - [Changelog](https://github.com/jackc/pgx/blob/master/CHANGELOG.md) - [Commits](jackc/pgx@v5.7.4...v5.7.5) Updates `github.com/microsoft/go-mssqldb` from 1.8.0 to 1.8.2 - [Release notes](https://github.com/microsoft/go-mssqldb/releases) - [Changelog](https://github.com/microsoft/go-mssqldb/blob/main/CHANGELOG.md) - [Commits](microsoft/go-mssqldb@v1.8.0...v1.8.2) Updates `github.com/miekg/dns` from 1.1.65 to 1.1.66 - [Changelog](https://github.com/miekg/dns/blob/master/Makefile.release) - [Commits](miekg/dns@v1.1.65...v1.1.66) Updates `github.com/shirou/gopsutil/v4` from 4.25.3 to 4.25.5 - [Release notes](https://github.com/shirou/gopsutil/releases) - [Commits](shirou/gopsutil@v4.25.3...v4.25.5) Updates `github.com/vishvananda/netlink` from 1.3.0 to 1.3.1 - [Release notes](https://github.com/vishvananda/netlink/releases) - [Commits](vishvananda/netlink@v1.3.0...v1.3.1) Updates `github.com/vmware-tanzu/velero` from 1.16.0 to 1.16.1 - [Release notes](https://github.com/vmware-tanzu/velero/releases) - [Changelog](https://github.com/vmware-tanzu/velero/blob/main/CHANGELOG.md) - [Commits](vmware-tanzu/velero@v1.16.0...v1.16.1) Updates `go.opentelemetry.io/otel` from 1.35.0 to 1.36.0 - [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases) - [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md) - [Commits](open-telemetry/opentelemetry-go@v1.35.0...v1.36.0) Updates `go.opentelemetry.io/otel/sdk` from 1.35.0 to 1.36.0 - [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases) - [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md) - [Commits](open-telemetry/opentelemetry-go@v1.35.0...v1.36.0) Updates `golang.org/x/mod` from 0.24.0 to 0.25.0 - [Commits](golang/mod@v0.24.0...v0.25.0) Updates `golang.org/x/sync` from 0.13.0 to 0.15.0 - [Commits](golang/sync@v0.13.0...v0.15.0) Updates `k8s.io/api` from 0.32.3 to 0.33.1 - [Commits](kubernetes/api@v0.32.3...v0.33.1) Updates `k8s.io/apiextensions-apiserver` from 0.32.3 to 0.33.1 - [Release notes](https://github.com/kubernetes/apiextensions-apiserver/releases) - [Commits](kubernetes/apiextensions-apiserver@v0.32.3...v0.33.1) Updates `k8s.io/apimachinery` from 0.32.3 to 0.33.1 - [Commits](kubernetes/apimachinery@v0.32.3...v0.33.1) Updates `k8s.io/apiserver` from 0.32.3 to 0.33.1 - [Commits](kubernetes/apiserver@v0.32.3...v0.33.1) Updates `k8s.io/cli-runtime` from 0.32.3 to 0.33.1 - [Commits](kubernetes/cli-runtime@v0.32.3...v0.33.1) Updates `k8s.io/client-go` from 0.32.3 to 0.33.1 - [Changelog](https://github.com/kubernetes/client-go/blob/master/CHANGELOG.md) - [Commits](kubernetes/client-go@v0.32.3...v0.33.1) Updates `sigs.k8s.io/controller-runtime` from 0.20.4 to 0.21.0 - [Release notes](https://github.com/kubernetes-sigs/controller-runtime/releases) - [Changelog](https://github.com/kubernetes-sigs/controller-runtime/blob/main/RELEASE.md) - [Commits](kubernetes-sigs/controller-runtime@v0.20.4...v0.21.0) Updates `golang.org/x/net` from 0.39.0 to 0.41.0 - [Commits](golang/net@v0.39.0...v0.41.0) Updates `golang.org/x/sys` from 0.32.0 to 0.33.0 - [Commits](golang/sys@v0.32.0...v0.33.0) Updates `golang.org/x/text` from 0.24.0 to 0.26.0 - [Release notes](https://github.com/golang/text/releases) - [Commits](golang/text@v0.24.0...v0.26.0) Updates `helm.sh/helm/v3` from 3.17.3 to 3.18.3 - [Release notes](https://github.com/helm/helm/releases) - [Commits](helm/helm@v3.17.3...v3.18.3) Updates `k8s.io/kubelet` from 0.32.3 to 0.33.1 - [Commits](kubernetes/kubelet@v0.32.3...v0.33.1) Updates `k8s.io/metrics` from 0.32.3 to 0.33.1 - [Commits](kubernetes/metrics@v0.32.3...v0.33.1) --- updated-dependencies: - dependency-name: github.com/casbin/govaluate dependency-version: 1.7.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: security - dependency-name: github.com/containers/image/v5 dependency-version: 5.35.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: security - dependency-name: github.com/go-logr/logr dependency-version: 1.4.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: security - dependency-name: github.com/go-sql-driver/mysql dependency-version: 1.9.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: security - dependency-name: github.com/jackc/pgx/v5 dependency-version: 5.7.5 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: security - dependency-name: github.com/microsoft/go-mssqldb dependency-version: 1.8.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: security - dependency-name: github.com/miekg/dns dependency-version: 1.1.66 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: security - dependency-name: github.com/shirou/gopsutil/v4 dependency-version: 4.25.5 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: security - dependency-name: github.com/vishvananda/netlink dependency-version: 1.3.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: security - dependency-name: github.com/vmware-tanzu/velero dependency-version: 1.16.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: security - dependency-name: go.opentelemetry.io/otel dependency-version: 1.36.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: security - dependency-name: go.opentelemetry.io/otel/sdk dependency-version: 1.36.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: security - dependency-name: golang.org/x/mod dependency-version: 0.25.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: security - dependency-name: golang.org/x/sync dependency-version: 0.15.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: security - dependency-name: k8s.io/api dependency-version: 0.33.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: security - dependency-name: k8s.io/apiextensions-apiserver dependency-version: 0.33.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: security - dependency-name: k8s.io/apimachinery dependency-version: 0.33.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: security - dependency-name: k8s.io/apiserver dependency-version: 0.33.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: security - dependency-name: k8s.io/cli-runtime dependency-version: 0.33.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: security - dependency-name: k8s.io/client-go dependency-version: 0.33.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: security - dependency-name: sigs.k8s.io/controller-runtime dependency-version: 0.21.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: security - dependency-name: golang.org/x/net dependency-version: 0.41.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: security - dependency-name: golang.org/x/sys dependency-version: 0.33.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: security - dependency-name: golang.org/x/text dependency-version: 0.26.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: security - dependency-name: helm.sh/helm/v3 dependency-version: 3.18.3 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: security - dependency-name: k8s.io/kubelet dependency-version: 0.33.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: security - dependency-name: k8s.io/metrics dependency-version: 0.33.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: security ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot bot added dependencies go type::security labels Jun 17, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

chore(deps): bump the security group across 1 directory with 27 updates #1796

chore(deps): bump the security group across 1 directory with 27 updates #1796

Uh oh!

dependabot bot commented on behalf of github Jun 17, 2025

Uh oh!

Uh oh!

chore(deps): bump the security group across 1 directory with 27 updates #1796

Are you sure you want to change the base?

chore(deps): bump the security group across 1 directory with 27 updates #1796

Uh oh!

Conversation

dependabot bot commented on behalf of github Jun 17, 2025

v1.7.0

1.7.0 (2025-05-21)

Features

v1.6.0

1.6.0 (2025-05-21)

Features

v1.5.0

1.5.0 (2025-05-20)

Features

v1.4.0

1.4.0 (2025-05-10)

Features

v5.35.0

What's Changed

v1.4.3

What's Changed

New Contributors

v1.9.3

What's Changed

v1.9.3 (2025-06-13)

5.7.5 (May 17, 2025)

v1.8.2

What's Changed

New Contributors

1.8.2

Bug fixes

1.7.0

Changed

Features

Bug fixes

1.7.0

Changed

1.6.0

Changed

Features

1.5.0

Features

Bug fixes

1.4.0

v4.25.5

What's Changed

cpu

docker

host

Other Changes

New Contributors

v4.25.4

What's Changed

cpu

disk

host

Other Changes

New Contributors

v1.3.1

What's Changed

New Contributors

What's Changed

v1.16.1

Download

Container Image

Documentation

Upgrading

All Changes

v1.16.1-rc.1

v1.16.1

Download

Container Image

Documentation

Upgrading

All Changes

[1.36.0/0.58.0/0.12.0] 2025-05-20

Added

Uh oh!

Uh oh!