Skip to content

fix(deps): update all non-major gomod dependencies #69

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Aug 8, 2025
Merged

fix(deps): update all non-major gomod dependencies #69

merged 1 commit into from
Aug 8, 2025

Conversation

@red-hat-konflux
Copy link
Contributor

@red-hat-konflux red-hat-konflux bot commented Apr 13, 2025
edited
Loading

This PR contains the following updates:

Package Change Age Confidence
dario.cat/mergo v1.0.1 -> v1.0.2 age confidence
github.com/ProtonMail/go-crypto v1.1.5 -> v1.3.0 age confidence
github.com/cloudflare/circl v1.3.7 -> v1.6.1 age confidence
github.com/cyphar/filepath-securejoin v0.3.6 -> v0.4.1 age confidence
github.com/go-git/go-git/v5 v5.13.2 -> v5.16.2 age confidence
github.com/go-jose/go-jose/v4 v4.0.4 -> v4.1.2 age confidence
github.com/hashicorp/go-retryablehttp v0.7.7 -> v0.7.8 age confidence
github.com/hashicorp/go-secure-stdlib/parseutil v0.1.8 -> v0.2.0 age confidence
github.com/hashicorp/terraform-exec v0.21.0 -> v0.23.0 age confidence
github.com/hashicorp/terraform-json v0.23.0 -> v0.25.0 age confidence
github.com/hashicorp/vault/api v1.16.0 -> v1.20.0 age confidence
github.com/pjbgf/sha1cd v0.3.2 -> v0.4.0 age confidence
github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3 -> v1.4.0 age confidence
github.com/skeema/knownhosts v1.3.0 -> v1.3.1 age confidence
github.com/zclconf/go-cty v1.15.0 -> v1.16.3 age confidence
golang.org/x/crypto v0.32.0 -> v0.41.0 age confidence
golang.org/x/net v0.34.0 -> v0.43.0 age confidence
golang.org/x/sys v0.29.0 -> v0.35.0 age confidence
golang.org/x/text v0.21.0 -> v0.28.0 age confidence
golang.org/x/time v0.7.0 -> v0.12.0 age confidence

Release Notes

imdario/mergo (dario.cat/mergo)

v1.0.2

Compare Source

What's Changed

  • Drops gopkg.in/yaml.v3, only used for loading fixtures. Thanks @​trim21 for bringing to my attention (#​262) that this library is no longer maintained.

Full Changelog: darccio/mergo@v1.0.1...v1.0.2

ProtonMail/go-crypto (github.com/ProtonMail/go-crypto)

v1.3.0

Compare Source

What's Changed

Full Changelog: ProtonMail/go-crypto@v1.2.0...v1.3.0

v1.2.0

Compare Source

What's Changed

Full Changelog: ProtonMail/go-crypto@v1.1.6...v1.2.0

v1.1.6

Compare Source

What's Changed

Full Changelog: ProtonMail/go-crypto@v1.1.5...v1.1.6

cloudflare/circl (github.com/cloudflare/circl)

v1.6.1: CIRCL v1.6.1

Compare Source

CIRCL v1.6.1

  • Fixes some point checks on the FourQ curve.
  • Hybrid KEM fails on low-order points.
What's Changed

Full Changelog: cloudflare/circl@v1.6.0...v1.6.1

v1.6.0: CIRCL v1.6.0

Compare Source

CIRCL v1.6.0

New!
What's Changed
New Contributors

Full Changelog: cloudflare/circl@v1.5.0...v1.6.0

v1.5.0: CIRCL v1.5.0

Compare Source

CIRCL v1.5.0

New: ML-DSA, Module-Lattice-based Digital Signature Algorithm.

What's Changed
New Contributors

Full Changelog: cloudflare/circl@v1.4.0...v1.5.0

v1.4.0: CIRCL v1.4.0

Compare Source

CIRCL v1.4.0

Changes

New: ML-KEM compatible with FIPS-203.

Commit History

Full Changelog: cloudflare/circl@v1.3.9...v1.4.0

v1.3.9: CIRCL v1.3.9

Compare Source

CIRCL v1.3.9

Changes:
  • Fix bug on BLS12381 decoding elements.
Commit History

Full Changelog: cloudflare/circl@v1.3.8...v1.3.9

v1.3.8: CIRCL v1.3.8

Compare Source

CIRCL v1.3.8

New

  • BLS Signatures on top of BLS12-381.
  • Adopt faster squaring in pairings.
  • BlindRSA compliant with RFC9474.
  • (Verifiable) Secret Sharing compatible with the Group interface (elliptic curves).

Notice

What's Changed
New Contributors

Full Changelog: cloudflare/circl@v1.3.7...v1.3.8

cyphar/filepath-securejoin (github.com/cyphar/filepath-securejoin)

v0.4.1

Compare Source

This release fixes a regression introduced in one of the hardening
features added to filepath-securejoin 0.4.0.

  • The restrictions added for root paths passed to SecureJoin in 0.4.0 was
    found to be too strict and caused some regressions when folks tried to
    update, so this restriction has been relaxed to only return an error if the
    path contains a .. component. We still recommend users use filepath.Clean
    (and even filepath.EvalSymlinks) on the root path they are using, but at
    least you will no longer be punished for "trivial" unclean paths. (#​46)

Signed-off-by: Aleksa Sarai cyphar@cyphar.com

v0.4.0

Compare Source

This release primarily includes a few minor breaking changes to make the
MkdirAll and SecureJoin interfaces more robust against accidental
misuse.

  • SecureJoin(VFS) will now return an error if the provided root is not a
    filepath.Clean'd path.

    While it is ultimately the responsibility of the caller to ensure the root is
    a safe path to use, passing a path like /symlink/.. as a root would result
    in the SecureJoin'd path being placed in / even though /symlink/..
    might be a different directory, and so we should more strongly discourage
    such usage.

    All major users of securejoin.SecureJoin already ensure that the paths they
    provide are safe (and this is ultimately a question of user error), but
    removing this foot-gun is probably a good idea. Of course, this is
    necessarily a breaking API change (though we expect no real users to be
    affected by it).

    Thanks to Erik Sjölund, who initially
    reported this issue as a possible security issue.

  • MkdirAll and MkdirHandle now take an os.FileMode-style mode argument
    instead of a raw unix.S_*-style mode argument, which may cause compile-time
    type errors depending on how you use filepath-securejoin. For most users,
    there will be no change in behaviour aside from the type change (as the
    bottom 0o777 bits are the same in both formats, and most users are probably
    only using those bits).

    However, if you were using unix.S_ISVTX to set the sticky bit with
    MkdirAll(Handle) you will need to switch to os.ModeSticky otherwise you
    will get a runtime error with this update. In addition, the error message you
    will get from passing unix.S_ISUID and unix.S_ISGID will be different as
    they are treated as invalid bits now (note that previously passing said bits
    was also an error).

Thanks to the following contributors for helping make this release
possible:

Signed-off-by: Aleksa Sarai cyphar@cyphar.com

go-git/go-git (github.com/go-git/go-git/v5)

v5.16.2

Compare Source

What's Changed

Full Changelog: go-git/go-git@v5.16.1...v5.16.2

v5.16.1

Compare Source

What's Changed

New Contributors

Full Changelog: go-git/go-git@v5.16.0...v5.16.1

v5.16.0

Compare Source

What's Changed

Full Changelog: go-git/go-git@v5.15.0...v5.16.0

v5.15.0

Compare Source

What's Changed

Full Changelog: go-git/go-git@v5.14.0...v5.15.0

v5.14.0

Compare Source

What's Changed

⚠️ Note that this version requires Go 1.23, due to the bump to golang.org/x/crypto@v0.35.0 which mitigates the CVE above. User's that can't bump to Go 1.23 will need to remain on the previous v5.13.x release.

Full Changelog: go-git/go-git@v5.13.2...v5.14.0

go-jose/go-jose (github.com/go-jose/go-jose/v4)

v4.1.2

Compare Source

What's Changed

go-jose v4.1.2 improves some documentation, errors, and removes the only 3rd-party dependency.

New Contributors

Full Changelog: go-jose/go-jose@v4.1.1...v4.1.2

v4.1.1

Compare Source

What's Changed

New Contributors

Full Changelog: go-jose/go-jose@v4.1.0...v4.1.1

v4.1.0

Compare Source

What's Changed

New Contributors

Full Changelog: go-jose/go-jose@v4.0.5...v4.1.0

v4.0.5

Compare Source

What's Changed

Fixes GHSA-c6gw-w398-hv78

Various other dependency updates, small fixes, and documentation updates in the full changelog

New Contributors

Full Changelog: go-jose/go-jose@v4.0.4...v4.0.5

hashicorp/go-retryablehttp (github.com/hashicorp/go-retryablehttp)

v0.7.8

Compare Source

hashicorp/terraform-exec (github.com/hashicorp/terraform-exec)

v0.23.0

Compare Source

ENHANCEMENTS:

  • Context cancellation on Unix systems will now send Terraform process SIGINT instead of killing it (which is otherwise default os/exec behaviour) (#​512)
    • You can change the default 60s WaitDelay via SetWaitDelay(time.Duration)
  • error type returned from individual commands now implements Unwrap making it possible to pass it into errors.As and access lower-level error such as exec.ExitError (#​512)

NOTES:

  • go: Require Go 1.23 (previously 1.22) (#​499)
  • Declare support of Terraform 0.12+ (#​510)

v0.22.0

Compare Source

ENHANCEMENTS:

  • tfexec: Add support for terraform init --json via InitJSON (#​478)

INTERNAL:

  • go: Require Go 1.22 (previously 1.18) (#​499)
hashicorp/terraform-json (github.com/hashicorp/terraform-json)

v0.25.0

Compare Source

ENHANCEMENTS:

INTERNAL:

Full Changelog: hashicorp/terraform-json@v0.24.0...v0.25.0

v0.24.0

Compare Source

ENHANCEMENTS:

INTERNAL:

New Contributors

Full Changelog: hashicorp/terraform-json@v0.23.0...v0.24.0

hashicorp/vault (github.com/hashicorp/vault/api)

v1.20.0

Compare Source

1.20.0

June 25, 2025

SECURITY:

  • core: require a nonce when cancelling a rekey operation that was initiated within the last 10 minutes. [GH-30794]

CHANGES:

  • UI: remove outdated and unneeded js string extensions [GH-29834]
  • activity (enterprise): The sys/internal/counters/activity endpoint will return actual values for new clients in the current month.
  • activity (enterprise): provided values for start_time and end_time in sys/internal/counters/activity are aligned to the corresponding billing period.
  • activity: provided value for end_time in sys/internal/counters/activity is now capped at the end of the last completed month. [GH-30164]
  • api: Update the default API client to check for the Retry-After header and, if it exists, wait for the specified duration before retrying the request. [GH-30887]
  • auth/alicloud: Update plugin to v0.21.0 [GH-30810]
  • auth/azure: Update plugin to v0.20.2. Login requires resource_group_name, vm_name, and vmss_name to match token claims [GH-30052]
  • auth/azure: Update plugin to v0.20.3 [GH-30082]
  • auth/azure: Update plugin to v0.20.4 [GH-30543]
  • auth/azure: Update plugin to v0.21.0 [GH-30872]
  • auth/azure: Update plugin to v0.21.1 [GH-31010]
  • auth/cf: Update plugin to v0.20.1 [GH-30583]
  • auth/cf: Update plugin to v0.21.0 [GH-30842]
  • auth/gcp: Update plugin to v0.20.2 [GH-30081]
  • auth/jwt: Update plugin to v0.23.2 [GH-30431]
  • auth/jwt: Update plugin to v0.24.1 [GH-30876]
  • auth/kerberos: Update plugin to v0.15.0 [GH-30845]
  • auth/kubernetes: Update plugin to v0.22.1 [GH-30910]
  • auth/oci: Update plugin to v0.19.0 [GH-30841]
  • auth/saml: Update plugin to v0.6.0
  • core: Bump Go version to 1.24.4.
  • core: Verify that the client IP address extracted from an X-Forwarded-For header is a valid IPv4 or IPv6 address [GH-29774]
  • database/couchbase: Update plugin to v0.14.0 [GH-30836]
  • database/elasticsearch: Update plugin to v0.18.0 [GH-30796]
  • database/mongodbatlas: Update plugin to v0.15.0 [GH-30856]
  • database/redis-elasticache: Update plugin to v0.7.0 [GH-30785]
  • database/redis: Update plugin to v0.6.0 [GH-30797]
  • database/snowflake: Update plugin to v0.14.0 [GH-30748]
  • database/snowflake: Update plugin to v0.14.1 [GH-30868]
  • logical/system: add ent stub for plugin catalog handling [GH-30890]
  • quotas/rate-limit: Round up the Retry-After value to the nearest second when calculating the retry delay. [GH-30887]
  • secrets/ad: Update plugin to v0.21.0 [GH-30819]
  • secrets/alicloud: Update plugin to v0.20.0 [GH-30809]
  • secrets/azure: Update plugin to v0.21.2 [GH-30037]
  • secrets/azure: Update plugin to v0.21.3 [GH-30083]
  • secrets/azure: Update plugin to v0.22.0 [GH-30832]
  • secrets/gcp: Update plugin to v0.21.2 [GH-29970]
  • secrets/gcp: Update plugin to v0.21.3 [GH-30080]
  • secrets/gcp: Update plugin to v0.22.0 [GH-30846]
  • secrets/gcpkms: Update plugin to v0.21.0 [GH-30835]
  • secrets/kubernetes: Update plugin to v0.11.0 [GH-30855]
  • secrets/kv: Update plugin to v0.24.0 [GH-30826]
  • secrets/mongodbatlas: Update plugin to v0.15.0 [GH-30860]
  • secrets/openldap: Update plugin to v0.15.2 [GH-30079]
  • secrets/openldap: Update plugin to v0.15.4 [GH-30279]
  • secrets/openldap: Update plugin to v0.16.0 [GH-30844]
  • secrets/terraform: Update plugin to v0.12.0 [GH-30905]
  • server: disable_mlock configuration option is now required for integrated storage and no longer has a default. If you are using the default value with integrated storage, you must now explicitly set disable_mlock to true or false or Vault server will fail to start. [GH-29974]
  • ui/activity: Replaces mount and namespace attribution charts with a table to allow sorting
    client count data by namespace, mount_path, mount_type or number of clients for
    a selected month. [GH-30678]
  • ui: Client count side nav link 'Vault Usage Metrics' renamed to 'Client Usage' [GH-30765]
  • ui: Client counting "running total" charts now reflect new clients only [GH-30506]
  • ui: Removed FormError component (not used) [GH-34699]
  • ui: Selecting a different method in the login form no longer updates the /vault/auth?with= query parameter [GH-30500]
  • ui: /vault/auth?with= query parameter now exclusively refers to the auth mount path and renders a simplified form [GH-30500]

FEATURES:

  • Auto Irrevocable Lease Removal (Enterprise): Add the Vault Enterprise configuration param, remove_irrevocable_lease_after. When set to a non-zero value, this will automatically delete irrevocable leases after the configured duration exceeds the lease's expire time. The minimum duration allowed for this field is two days. [GH-30703]
  • Development Cluster Configuration (Enterprise): Added development_cluster as a field to Vault's utilization reports.
    The field is configurable via HCL and indicates whether the cluster is being used in a development environment, defaults to false if not set. [GH-30659]
  • Entity-based and collective rate limit quotas (Enterprise): Add new group_by field to the rate limit quota API to support different grouping modes.
  • Login form customization (Enterprise): Adds support to choose a default and/or backup auth methods for the web UI login form to streamline the web UI login experience. [GH-30700]
  • Plugin Downloads: Support automatically downloading official HashiCorp secret and auth plugins from releases.hashicorp.com (beta)
  • SSH Key Signing Improvements (Enterprise): Add support for using managed keys to sign SSH keys in the SSH secrets engine.
  • Secret Recovery from Snapshot (Enterprise): Adds a framework to load an integrated storage
    snapshot into Vault and read, list, and recover KV v1 and cubbyhole secrets from the snapshot. [GH-30739]
  • UI Secrets Engines: TOTP secrets engine is now supported. [GH-29751]
  • UI Telemetry: Add Posthog for UI telemetry tracking on Vault Dedicated managed clusters [GH-30425]
  • Vault Namespace Picker: Updating the Vault Namespace Picker to enable search functionality, allow direct navigation to nested namespaces and improve accessibility. [GH-30490]
  • Vault PKI SCEP Server (Enterprise): Support for the Simple Certificate Enrollment Protocol (SCEP) has been added to the Vault PKI Plugin. This allows standard SCEP clients to request certificates from a Vault server with no knowledge of Vault APIs.

IMPROVEMENTS:

  • activity (enterprise): Added vault.client.billing_period.activity telemetry metric to emit information about the total number of distinct clients used in the current billing period.
  • activity: mount_type was added to the API response of sys/internal/counters/activity [GH-30071]
  • activity: mount_type was added to the API response of sys/internal/counters/activity
  • api (enterprise): Added a new API, /sys/utilization-report, giving a snapshot overview of Vault's utilization at a high level.
  • api/client: Add Cert auth method support. This allows the client to authenticate using a client certificate. [GH-29546]
  • core (enterprise): Updated code and documentation to support FIPS 140-3 compliant algorithms.
  • core (enterprise): allow a root token to relock a namespace locked by the Namespace API Lock feature.
  • core (enterprise): report errors from the underlying seal when getting entropy.
  • core (enterprise): update to FIPS 140-3 cryptographic module in the FIPS builds.
  • core/metrics: added a new telemetry metric, vault.core.response_status_code, with two labels, code, and type, detailing the status codes of all responses to requests that Vault handles. [GH-30354]
  • core: Improve memory use of path management for namespaces, auth methods, and secrets engines. Now Vault should handle larger numbers of namespaces and multiple instances of the same secrets engine or auth method more efficiently. [GH-31022]
  • core: Updated code and documentation to support FIPS 140-3 compliant algorithms. [GH-30576]
  • core: support for X25519MLKEM768 (post quantum key agreement) in the Go TLS stack. [GH-30603]
  • events: Add vault_index to an event's metadata if the metadata contains modified=true, to support client consistency controls when reading from Vault in response to an event where storage was modified. [GH-30725]
  • physical/postgres: Adds support to authenticate with the PostgreSQL Backend server with cloud based identities (AWS IAM, Azure MSI and GCP IAM) [GH-30681]
  • plugins: Support registration of CE plugins with extracted artifact directory. [GH-30673]
  • secrets/aws: Add LIST endpoint to the AWS secrets engine static roles. [GH-29842]
  • secrets/pki: Add Delta (Freshest) CRL support to AIA information (both mount-level and issuer configured) [GH-30319]
  • secrets/transit (enterprise): enable the use of 192-bit keys for AES CMAC
  • storage/mysql: Added support for getting mysql backend username and password from the environment variables VAULT_MYSQL_USERNAME and VAULT_MYSQL_PASSWORD. [GH-30136]
  • storage/raft: Upgrade hashicorp/raft library to v1.7.3 which includes additional logging on the leader when opening and sending a snapshot to a follower. [GH-29976]
  • transit: Exclude the partial wrapping key path from the transit/keys LIST operation. [[GH-30728](https://redirect.github.com/ha

Configuration

📅 Schedule: Branch creation - "after 5am on sunday" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

To execute skipped test pipelines write comment /ok-to-test.

This PR has been generated by MintMaker (powered by Renovate Bot).

@red-hat-konflux
Copy link
Contributor Author

red-hat-konflux bot commented Apr 13, 2025
edited
Loading

ℹ Artifact update notice

File name: go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

  • 1 additional dependency was updated

Details:

Package Change
github.com/hashicorp/hcl v1.0.0 -> v1.0.1-vault-7

@red-hat-konflux red-hat-konflux bot force-pushed the konflux/mintmaker/main/all-minor-patch-gomod branch 2 times, most recently from b7aa234 to 93c4738 Compare April 15, 2025 20:53
@red-hat-konflux red-hat-konflux bot force-pushed the konflux/mintmaker/main/all-minor-patch-gomod branch 3 times, most recently from 7be916e to c213b16 Compare May 8, 2025 01:30
@red-hat-konflux red-hat-konflux bot force-pushed the konflux/mintmaker/main/all-minor-patch-gomod branch 3 times, most recently from 55d26da to ce165c1 Compare May 20, 2025 18:15
@red-hat-konflux red-hat-konflux bot force-pushed the konflux/mintmaker/main/all-minor-patch-gomod branch 8 times, most recently from e7d7f94 to edc6310 Compare June 18, 2025 21:54
@red-hat-konflux red-hat-konflux bot force-pushed the konflux/mintmaker/main/all-minor-patch-gomod branch 13 times, most recently from 826d110 to 9959e45 Compare June 27, 2025 08:42
@red-hat-konflux red-hat-konflux bot force-pushed the konflux/mintmaker/main/all-minor-patch-gomod branch 10 times, most recently from 28db877 to c18701f Compare July 15, 2025 09:02
@red-hat-konflux red-hat-konflux bot force-pushed the konflux/mintmaker/main/all-minor-patch-gomod branch 5 times, most recently from 6db6f47 to 7f89e31 Compare July 23, 2025 20:52
@red-hat-konflux red-hat-konflux bot force-pushed the konflux/mintmaker/main/all-minor-patch-gomod branch from 7f89e31 to 15111bc Compare July 25, 2025 21:12
@cubismod cubismod added this pull request to the merge queue Jul 26, 2025
@github-merge-queue github-merge-queue bot removed this pull request from the merge queue due to no response for status checks Jul 26, 2025
@cubismod cubismod added this pull request to the merge queue Jul 26, 2025
@red-hat-konflux
Copy link
Contributor Author

red-hat-konflux bot commented Jul 27, 2025

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

⚠️ Warning: custom changes will be lost.

@cubismod cubismod force-pushed the konflux/mintmaker/main/all-minor-patch-gomod branch from 8b8f9f4 to 6749de7 Compare July 28, 2025 13:14
@red-hat-konflux red-hat-konflux bot force-pushed the konflux/mintmaker/main/all-minor-patch-gomod branch 4 times, most recently from 3268419 to 1599f85 Compare August 8, 2025 00:15
@cubismod
Copy link
Contributor

cubismod commented Aug 8, 2025

/retest

@red-hat-konflux @cubismod
fix(deps): update all non-major gomod dependencies
df38ace 
Signed-off-by: red-hat-konflux <126015336+red-hat-konflux[bot]@users.noreply.github.com>
@cubismod cubismod force-pushed the konflux/mintmaker/main/all-minor-patch-gomod branch from 1599f85 to df38ace Compare August 8, 2025 14:21
@cubismod cubismod merged commit febf5ca into main Aug 8, 2025
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cubismod cubismod cubismod approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@cubismod