fix(go.mod/go.sum): update minor dependencies (golang) #60

renovate · 2025-09-13T09:58:32Z

This PR contains the following updates:

Package	Change	Age	Confidence
filippo.io/age	`v1.2.1` → `v1.3.1`
github.com/fluxcd/pkg/apis/event	`v0.19.0` → `v0.21.0`
github.com/fluxcd/pkg/runtime	`v0.84.0` → `v0.93.0`
github.com/fluxcd/source-controller/api	`v1.6.2` → `v1.7.4`
github.com/getsops/sops/v3	`v3.10.2` → `v3.11.0`
k8s.io/apiextensions-apiserver	`v0.34.2` → `v0.35.0`
k8s.io/apimachinery	`v0.34.2` → `v0.35.0`
k8s.io/client-go	`v0.34.2` → `v0.35.0`
k8s.io/code-generator	`v0.34.2` → `v0.35.0`
k8s.io/kube-aggregator	`v0.34.2` → `v0.35.0`
sigs.k8s.io/controller-tools	`v0.19.0` → `v0.20.0`

Release Notes

FiloSottile/age (filippo.io/age)

`v1.3.1`

Compare Source

v1.3.1 is a minor release to restore version injection from downstream package build processes.

See the v1.3.0 release notes for an overview of recent additions.

`v1.3.0`: age v1.3.0: post-quantum (and more)!

Compare Source

Exactly six years after the first age beta release, v1.3.0 brings post-quantum resistance to age, along with a couple long-requested features, built-in support for recipients compatible with hardware plugins, I/O API improvements, and many usability enhancements.

Post-quantum recipients

age now has native post-quantum recipients based on HPKE with a hybrid ML-KEM-768 KEM. The recipients start with age1pq1..., and the identities start with AGE-SECRET-KEY-PQ-1....

To generate a post-quantum keypair:

$ age-keygen -pq

If you have your own age implementation, C2SP has the specification, and CCTV has test vectors for the new hybrid recipient types.

(If you are using an older age client, an optional plugin is available that provides out-of-the-box support for encryption to hybrid recipients. Hybrid identities can be converted to work with the plugin with age-plugin-pq -identity.)

New I/O APIs

The new DecryptReaderAt API implements seeking decryption, which can be used with zip.NewReader.

The new EncryptReader API implements pull-based encryption by wrapping an io.Reader, as opposed to wrapping an io.Writer like Encrypt.

age-inspect

The new age-inspect(1) tool presents the metadata of an age file without decrypting it.

hello.age is an age file, version "age-encryption.org/v1".

This file is ASCII-armored.

This file is encrypted to the following recipient types:
  - "mlkem768x25519"

This file uses post-quantum encryption.

Size breakdown (assuming it decrypts successfully):

    Header                      1627 bytes
    Armor overhead              1350 bytes
    Encryption overhead           32 bytes
    Payload                     1959 bytes
                        -------------------
    Total                       4968 bytes

Tip: for machine-readable output, use --json.

Built-in recipients compatible with hardware plugins

age(1) now supports encrypting to age1tag1... and age1tagpq1... recipients, which are compatible with hardware plugins. The latest or upcoming versions of age-plugin-yubikey, age-plugin-tpm, and age-plugin-se will support producing these recipients for existing and new keys, and decrypting files encrypted to them.

The filippo.io/age/tag package provides an implementation, including a Recipient.Tag method useful to plugin implementations.

C2SP has the specification for these recipient types.

(For users that are using older age clients, there are compatiblity plugins that can be shipped along with the hardware plugins.)

Non-interactive passphrase input

We have long resisted implementing non-interactive CLI passphrase input, because most use cases are more securely and/or efficiently served by native keys or passphrase-encrypted identities. However, there are some residual use cases.

This is now available through the batchpass plugin, but we invite everyone to read the warning in the man page and help text.

Go framework for implementing plugins

The filippo.io/age/plugin package now provides a framework for exposing age.Recipient and age.Identity implementations as standalone CLI plugins.

For example, this is the entire age-plugin-tagpq compatibility implementation:

package main

import (
	"log"
	"os"

	"filippo.io/age"
	"filippo.io/age/plugin"
	"filippo.io/age/tag"
)

func main() {
	p, err := plugin.New("tagpq")
	if err != nil {
		log.Fatal(err)
	}
	p.HandleRecipient(func(b []byte) (age.Recipient, error) {
		return tag.NewHybridRecipient(b)
	})
	os.Exit(p.Main())
}

Moreover, the new plugin.NewTerminalUI function provides a ready-to-use terminal-based ClientUI implementation for the existing plugin client API.

Armor fixes

The CLI now allows some leading whitespace before the armor header, as the API always did. The API and CLI now reject empty lines in armored data, as required by the spec.

Detached headers

The new set of APIs ExtractHeader, DecryptHeader, and NewInjectedFileKeyIdentity allow working with detached age headers, where the file key is unwrapped separately from the actual file decryption. This can be useful for efficiency or to delegate unwrapping without exposing the file contents.

Usability improvements

The CLI will now refuse to output decrypted binary data to the terminal. (We did this before attending the gpg.fail talk!)

Native identities are now tried first when decrypting through both the CLI and the API, since they can't require interaction. Order is otherwise preserved.

NoIdentityMatchError now exposes the stanza types of the header, unwraps to the errors returned by the Identity.Unwrap method calls, and prints the underlying error if only one identity was provided.

Virtual terminal processing is now enabled on Windows terminals that don't enable it by default, so that ANSI escape sequences work as expected.

docker.io/fluxcd/source-controller:v1.7.0
ghcr.io/fluxcd/source-controller:v1.7.0

Supported architectures: linux/amd64, linux/arm64 and linux/arm/v7.

The container images are built on GitHub hosted runners and are signed with cosign and GitHub OIDC.
To verify the images and their provenance (SLSA level 3), please see the security documentation.

getsops/sops (github.com/getsops/sops/v3)

`v3.11.0`

Compare Source

Installation

To install sops, download one of the pre-built binaries provided for your platform from the artifacts attached to this release.

For instance, if you are using Linux on an AMD64 architecture:

# Download the binary
curl -LO https://github.com/getsops/sops/releases/download/v3.11.0/sops-v3.11.0.linux.amd64

# Move the binary in to your PATH
mv sops-v3.11.0.linux.amd64 /usr/local/bin/sops

# Make the binary executable
chmod +x /usr/local/bin/sops

Verify checksums file signature

The checksums file provided within the artifacts attached to this release is signed using Cosign with GitHub OIDC. To validate the signature of this file, run the following commands:

# Download the checksums file, certificate and signature
curl -LO https://github.com/getsops/sops/releases/download/v3.11.0/sops-v3.11.0.checksums.txt
curl -LO https://github.com/getsops/sops/releases/download/v3.11.0/sops-v3.11.0.checksums.pem
curl -LO https://github.com/getsops/sops/releases/download/v3.11.0/sops-v3.11.0.checksums.sig

# Verify the checksums file
cosign verify-blob sops-v3.11.0.checksums.txt \
  --certificate sops-v3.11.0.checksums.pem \
  --signature sops-v3.11.0.checksums.sig \
  --certificate-identity-regexp=https://github.com/getsops \
  --certificate-oidc-issuer=https://token.actions.githubusercontent.com

Verify binary integrity

To verify the integrity of the downloaded binary, you can utilize the checksums file after having validated its signature:

# Verify the binary using the checksums file
sha256sum -c sops-v3.11.0.checksums.txt --ignore-missing

Verify artifact provenance

The SLSA provenance of the binaries, packages, and SBOMs can be found within the artifacts associated with this release. It is presented through an in-toto link metadata file named sops-v3.11.0.intoto.jsonl. To verify the provenance of an artifact, you can utilize the slsa-verifier tool:

# Download the metadata file
curl -LO  https://github.com/getsops/sops/releases/download/v3.11.0/sops-v3.11.0.intoto.jsonl

# Verify the provenance of the artifact
slsa-verifier verify-artifact <artifact> \
  --provenance-path sops-v3.11.0.intoto.jsonl \
  --source-uri github.com/getsops/sops \
  --source-tag v3.11.0

Container Images

The sops binaries are also available as container images, based on Debian (slim) and Alpine Linux. The Debian-based container images include any dependencies which may be required to make use of certain key services, such as GnuPG, AWS KMS, Azure Key Vault, and Google Cloud KMS. The Alpine-based container images are smaller in size, but do not include these dependencies.

These container images are available for the following architectures: linux/amd64 and linux/arm64.

GitHub Container Registry

ghcr.io/getsops/sops:v3.11.0
ghcr.io/getsops/sops:v3.11.0-alpine

Quay.io

quay.io/getsops/sops:v3.11.0
quay.io/getsops/sops:v3.11.0-alpine

Verify container image signature

The container images are signed using Cosign with GitHub OIDC. To validate the signature of an image, run the following command:

cosign verify ghcr.io/getsops/sops:v3.11.0 \
  --certificate-identity-regexp=https://github.com/getsops \
  --certificate-oidc-issuer=https://token.actions.githubusercontent.com \
  -o text

Verify container image provenance

The container images include SLSA provenance attestations. For more information around the verification of this, please refer to the slsa-verifier documentation.

Software Bill of Materials

The Software Bill of Materials (SBOM) for each binary is accessible within the artifacts enclosed with this release. It is presented as an SPDX JSON file, formatted as <binary>.spdx.sbom.json.

What's Changed

build(deps): Bump the go group with 4 updates by @dependabot[bot] in #1845
build(deps): Bump the go group with 5 updates by @dependabot[bot] in #1850
build(deps): Bump the ci group with 4 updates by @dependabot[bot] in #1849
build(deps): Bump the go group with 8 updates by @dependabot[bot] in #1854
build(deps): Bump tempfile from 3.19.1 to 3.20.0 in /functional-tests in the rust group by @dependabot[bot] in #1853
build(deps): Bump actions/setup-go from 5.4.0 to 5.5.0 in the ci group by @dependabot[bot] in #1852
use bullet points for structure by @md42 in #1844
Introduce EncryptContext and DecryptContext for AWS, Azure, GCP, PGP and HashiCorp Vault by @matheuscscp in #1848
build(deps): Bump the go group with 5 updates by @dependabot[bot] in #1856
build(deps): Bump the ci group with 2 updates by @dependabot[bot] in #1857
Allow injecting custom HTTP client for AWS, Azure, GCP and HashiCorp Vault by @matheuscscp in #1838
Update authors in main.go by @jvehent in #1860
build(deps): Bump the go group with 7 updates by @dependabot[bot] in #1861
Remove unmatched '`' from README.rst by @wasv in #1863
build(deps): Bump the go group with 4 updates by @dependabot[bot] in #1867
build(deps): Bump alpine from 3.21 to 3.22 in /.release in the docker group by @dependabot[bot] in #1866
build(deps): Bump the go group with 12 updates by @dependabot[bot] in #1870
build(deps): Bump github/codeql-action from 3.28.18 to 3.28.19 in the ci group by @dependabot[bot] in #1869
build(deps): Bump github.com/cloudflare/circl from 1.6.0 to 1.6.1 by @dependabot[bot] in #1871
build(deps): Bump the go group with 12 updates by @dependabot[bot] in #1872
build(deps): Bump the ci group across 1 directory with 3 updates by @dependabot[bot] in #1874
build(deps): Bump the go group with 8 updates by @dependabot[bot] in #1878
build(deps): Bump the ci group with 2 updates by @dependabot[bot] in #1879
build(deps): Bump github.com/go-viper/mapstructure/v2 from 2.2.1 to 2.3.0 by @dependabot[bot] in #1882
Fix Typo in README.rst by @inverted-tree in #1881
build(deps): Bump the go group with 4 updates by @dependabot[bot] in #1884
build(deps): Bump the ci group with 2 updates by @dependabot[bot] in #1883
Correct Windows path to store keys.txt by @EshemMimi in #1885
build(deps): Bump the go group with 3 updates by @dependabot[bot] in #1888
build(deps): Bump the ci group with 2 updates by @dependabot[bot] in #1889
build(deps): Bump the go group with 6 updates by @dependabot[bot] in #1893
Add "--value-file" option to "sops set [...]" by @bjornfor in #1876
Document XDG_CONFIG_HOME support on mac by @fredericrous in #1897
Fix Shamir threshold encoding for INI and ENV files by @felixfontein in #1899
build(deps): Bump the go group with 12 updates by @dependabot[bot] in #1908
build(deps): Bump serde_json from 1.0.140 to 1.0.142 in /functional-tests in the rust group by @dependabot[bot] in #1907
build(deps): Bump the ci group with 3 updates by @dependabot[bot] in #1905
Fix docs: mention all stores instead of just YAML, JSON, and BINARY by @felixfontein in #1895
Ensure temporary file for editing is only read-writable by owner by @felixfontein in #1903
Add --value-stdin option to sops set by @felixfontein in #1894
Collect age identity loading errors and only report if decryption failed by @felixfontein in #1898
add completion script. Resolves #1868 by @longxiucai in #1892
Resolves #1864. Adds Native List as an option for configuring keys. by @lucqui in #1880
Fix example.yaml file by @felixfontein in #1909
build(deps): Bump the go group with 15 updates by @dependabot[bot] in #1912
build(deps): Bump the ci group with 4 updates by @dependabot[bot] in #1911
build(deps): Bump the go group with 9 updates by @dependabot[bot] in #1917
build(deps): Bump the ci group with 4 updates by @dependabot[bot] in #1916
build(deps): Bump github.com/go-viper/mapstructure/v2 from 2.3.0 to 2.4.0 by @dependabot[bot] in #1920
build(deps): Bump the go group with 14 updates by @dependabot[bot] in #1923
build(deps): Bump the rust group in /functional-tests with 2 updates by @dependabot[bot] in #1921
build(deps): Bump github/codeql-action from 3.29.9 to 3.29.11 in the ci group by @dependabot[bot] in #1922
Docs: remove paragraph on GPG/PGP keyservers by @felixfontein in #1928
Allow to configure --enable-local-keyservice and --keyservice through env variables by @felixfontein in #1930
build(deps): Bump the ci group with 2 updates by @dependabot[bot] in #1937
fix: correct destination validation logic to detect all conflicts by @bruce-szalwinski-he in #1936
Switch from deprecated gopkg.in/yaml.v3 to go.yaml.in/yaml/v3 by @sylr in #1934
INI: fix converting integers to strings; improve float and time.Time formatting by @felixfontein in #1929
feat(azkv): Skipping key-version will get latest key by @daogilvie in #1919
Fix keyservice client for unix domain sockets by @matheuscscp in #1910
README: fix argument order by @felixfontein in #1940
Allow non-complex non-string values in dotenv and exec-env by @billy4479 in #1933
Fix mention of macOS XDG_CONFIG_HOME fallback by @felixfontein in #1944
Improve age identity loading by @felixfontein in #1931
build(deps): Bump the rust group in /functional-tests with 4 updates by @dependabot[bot] in #1948
build(deps): Bump the ci group with 2 updates by @dependabot[bot] in #1949
build(deps): Bump the rust group in /functional-tests with 2 updates by @dependabot[bot] in #1954
build(deps): Bump anchore/sbom-action from 0.20.5 to 0.20.6 in the ci group by @dependabot[bot] in #1955
Start documenting the configuration file format by @felixfontein in #1946
CI: Build with Go 1.24 and 1.25, release with 1.25 by @felixfontein in #1945
build(deps): Bump the go group across 1 directory with 21 updates by @dependabot[bot] in #1956
When encrypting, load the config only once by @felixfontein in #1939
build(deps): Bump the go group across 1 directory with 10 updates by @dependabot[bot] in #1958
Ignore encryption selection options for binary store (and warn when they are used) by @felixfontein in #1927
AZKV: Also allow to omit version for AZKV keys specified in key groups by @felixfontein in #1947
Complex values in dotenv, and exec-env: do not print sensitive value in error message by @felixfontein in #1959
Release 3.11.0 by @felixfontein in #1960

New Contributors

@md42 made their first contribution in #1844
@wasv made their first contribution in #1863
@inverted-tree made their first contribution in #1881
@EshemMimi made their first contribution in #1885
@bjornfor made their first contribution in #1876
@fredericrous made their first contribution in #1897
@longxiucai made their first contribution in #1892
@lucqui made their first contribution in #1880
@bruce-szalwinski-he made their first contribution in #1936
@sylr made their first contribution in #1934
@daogilvie made their first contribution in #1919
@billy4479 made their first contribution in #1933

⚠️ Bump to k8s.io/* v0.35.0 by @sbueringer in #1318
⚠️ Start from local type declaration when applying schema by @JoelSpeed in #1270
⚠️ Revert local override breaking behavioural change by @JoelSpeed in #1310
✨ Allow title to be set on a type by @cbandy in #1282
✨ crd/marker: add AtLeastOneOf constraint by @shashankram in #1278
✨ Add k8s:required and k8s:optional markers by @lalitc375 in #1247
✨ Publish Windows ARM64 controller-gen and envtest binaries by @bear-redhat in #1297
🐛 Sort manifest webhooks by @HaraldNordgren in #1295
🐛 Prevent XValidation duplication by verifying if the rule already exists by @mcbenjemaa in #1296

Misc

🌱 Change sort to slices package by @dongjiang1989 in #1299
🌱 Use modernize linter by @HaraldNordgren in #1300
🌱 Update importas in golangci config by @dongjiang1989 in #1309
🌱 Stop setting invalid formats int32/int64 for integer types by @sbueringer in #1274
🌱 Revert "Stop setting invalid formats int32/int64 for integer types" by @sbueringer in #1275

envtest

✨Release envtest v1.34.1 by @dongjiang1989 in #1280
✨Release envtest v1.35.0-alpha.3 by @bear-redhat in #1303
✨Release envtest v1.35.0 by @dongjiang1989 in #1317
🌱 Promotion of envtest release for Kubernetes v1.34.1 by @sbueringer in #1285
🌱 Promotion of envtest release for Kubernetes v1.35.0-alpha.3 by @sbueringer in #1304
🌱 Promotion of envtest release for Kubernetes v1.35.0 by @sbueringer in #1319

Dependency bumps

🌱 Bump to k8s.io/* v0.34.1 by @dongjiang1989 in #1279
🌱 Bump golang.org/x/tools from 0.37.0 to 0.38.0 in the all-go-mod-patch-and-minor group by @dependabot[bot] in #1291
🌱 Bump golang.org/x/tools from 0.38.0 to 0.39.0 in the all-go-mod-patch-and-minor group by @dependabot[bot] in #1307
🌱 Bump the all-go-mod-patch-and-minor group across 1 directory with 3 updates by @dependabot[bot] in #1277
🌱 Bump the all-go-mod-patch-and-minor group across 1 directory with 3 updates by @dependabot[bot] in #1315
🌱 Bump the all-go-mod-patch-and-minor group with 2 updates by @dependabot[bot] in #1284
🌱Update golangci-lint version to v2.4.0 by @dongjiang1989 in #1281
🌱Update golangci-lint version to v2.5.0 by @dongjiang1989 in #1288
🌱 Bump softprops/action-gh-release from 2.3.3 to 2.3.4 in the all-github-actions group by @dependabot[bot] in #1290
🌱 Bump softprops/action-gh-release from 2.3.4 to 2.4.1 in the all-github-actions group by @dependabot[bot] in #1292
🌱 Bump the all-github-actions group across 1 directory with 5 updates by @dependabot[bot] in #1316
🌱 Bump the all-github-actions group with 2 updates by @dependabot[bot] in #1305
🌱 Bump the all-github-actions group with 3 updates by @dependabot[bot] in #1276
🌱 Bump the all-github-actions group with 4 updates by @dependabot[bot] in #1308
🌱 Bump tj-actions/changed-files from 46.0.5 to 47.0.0 in the all-github-actions group by @dependabot[bot] in #1283

New Contributors

@lalitc375 made their first contribution in #1247
@bear-redhat made their first contribution in #1297
@HaraldNordgren made their first contribution in #1295
@mcbenjemaa made their first contribution in #1296

Full Changelog: kubernetes-sigs/controller-tools@v0.19.0...v0.20.0

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

renovate · 2025-09-28T22:04:04Z

ℹ Artifact update notice

File name: go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

77 additional dependencies were updated

Details:

Package	Change
`k8s.io/apiextensions-apiserver`	`v0.34.1` -> `v0.34.2`
`k8s.io/apimachinery`	`v0.34.1` -> `v0.34.2`
`k8s.io/client-go`	`v0.34.1` -> `v0.34.2`
`k8s.io/code-generator`	`v0.34.1` -> `v0.34.2`
`sigs.k8s.io/controller-runtime`	`v0.22.1` -> `v0.22.4`
`cloud.google.com/go`	`v0.120.0` -> `v0.121.6`
`cloud.google.com/go/auth`	`v0.15.0` -> `v0.16.5`
`cloud.google.com/go/compute/metadata`	`v0.6.0` -> `v0.8.4`
`cloud.google.com/go/iam`	`v1.4.2` -> `v1.5.2`
`cloud.google.com/go/kms`	`v1.21.1` -> `v1.23.0`
`cloud.google.com/go/longrunning`	`v0.6.6` -> `v0.6.7`
`cloud.google.com/go/monitoring`	`v1.24.1` -> `v1.24.2`
`cloud.google.com/go/storage`	`v1.51.0` -> `v1.57.0`
`github.com/Azure/azure-sdk-for-go/sdk/azcore`	`v1.18.0` -> `v1.19.1`
`github.com/Azure/azure-sdk-for-go/sdk/azidentity`	`v1.9.0` -> `v1.12.0`
`github.com/Azure/azure-sdk-for-go/sdk/internal`	`v1.11.1` -> `v1.11.2`
`github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azkeys`	`v1.3.1` -> `v1.4.0`
`github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/internal`	`v1.1.1` -> `v1.2.0`
`github.com/AzureAD/microsoft-authentication-library-for-go`	`v1.4.2` -> `v1.5.0`
`github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp`	`v1.27.0` -> `v1.29.0`
`github.com/GoogleCloudPlatform/opentelemetry-operations-go/exporter/metric`	`v0.51.0` -> `v0.53.0`
`github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/resourcemapping`	`v0.51.0` -> `v0.53.0`
`github.com/ProtonMail/go-crypto`	`v1.2.0` -> `v1.3.0`
`github.com/aws/aws-sdk-go-v2`	`v1.36.3` -> `v1.39.2`
`github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream`	`v1.6.10` -> `v1.7.1`
`github.com/aws/aws-sdk-go-v2/config`	`v1.29.14` -> `v1.31.11`
`github.com/aws/aws-sdk-go-v2/credentials`	`v1.17.67` -> `v1.18.15`
`github.com/aws/aws-sdk-go-v2/feature/ec2/imds`	`v1.16.30` -> `v1.18.9`
`github.com/aws/aws-sdk-go-v2/feature/s3/manager`	`v1.17.72` -> `v1.19.9`
`github.com/aws/aws-sdk-go-v2/internal/configsources`	`v1.3.34` -> `v1.4.9`
`github.com/aws/aws-sdk-go-v2/internal/endpoints/v2`	`v2.6.34` -> `v2.7.9`
`github.com/aws/aws-sdk-go-v2/internal/v4a`	`v1.3.34` -> `v1.4.9`
`github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding`	`v1.12.3` -> `v1.13.1`
`github.com/aws/aws-sdk-go-v2/service/internal/checksum`	`v1.7.0` -> `v1.8.9`
`github.com/aws/aws-sdk-go-v2/service/internal/presigned-url`	`v1.12.15` -> `v1.13.9`
`github.com/aws/aws-sdk-go-v2/service/internal/s3shared`	`v1.18.15` -> `v1.19.9`
`github.com/aws/aws-sdk-go-v2/service/kms`	`v1.38.3` -> `v1.45.6`
`github.com/aws/aws-sdk-go-v2/service/s3`	`v1.79.2` -> `v1.88.3`
`github.com/aws/aws-sdk-go-v2/service/sso`	`v1.25.3` -> `v1.29.5`
`github.com/aws/aws-sdk-go-v2/service/ssooidc`	`v1.30.1` -> `v1.35.1`
`github.com/aws/aws-sdk-go-v2/service/sts`	`v1.33.19` -> `v1.38.6`
`github.com/aws/smithy-go`	`v1.22.3` -> `v1.23.0`
`github.com/cloudflare/circl`	`v1.6.0` -> `v1.6.1`
`github.com/cncf/xds/go`	`v0.0.0-20250326154945-ae57f3c0d45f` -> `v0.0.0-20250501225837-2ac532fd4443`
`github.com/cpuguy83/go-md2man/v2`	`v2.0.6` -> `v2.0.7`
`github.com/fluxcd/pkg/apis/meta`	`v1.21.0` -> `v1.23.0`
`github.com/go-jose/go-jose/v4`	`v4.0.5` -> `v4.1.1`
`github.com/golang-jwt/jwt/v5`	`v5.2.2` -> `v5.3.0`
`github.com/googleapis/gax-go/v2`	`v2.14.1` -> `v2.15.0`
`github.com/hashicorp/hcl`	`v1.0.0` -> `v1.0.1-vault-7`
`github.com/hashicorp/vault/api`	`v1.16.0` -> `v1.21.0`
`github.com/urfave/cli`	`v1.22.16` -> `v1.22.17`
`go.opentelemetry.io/contrib/detectors/gcp`	`v1.35.0` -> `v1.36.0`
`go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc`	`v0.60.0` -> `v0.61.0`
`go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp`	`v0.60.0` -> `v0.61.0`
`go.opentelemetry.io/otel`	`v1.35.0` -> `v1.37.0`
`go.opentelemetry.io/otel/metric`	`v1.35.0` -> `v1.37.0`
`go.opentelemetry.io/otel/sdk`	`v1.35.0` -> `v1.37.0`
`go.opentelemetry.io/otel/sdk/metric`	`v1.35.0` -> `v1.37.0`
`go.opentelemetry.io/otel/trace`	`v1.35.0` -> `v1.37.0`
`golang.org/x/crypto`	`v0.41.0` -> `v0.44.0`
`golang.org/x/mod`	`v0.27.0` -> `v0.29.0`
`golang.org/x/net`	`v0.43.0` -> `v0.47.0`
`golang.org/x/oauth2`	`v0.30.0` -> `v0.31.0`
`golang.org/x/sync`	`v0.16.0` -> `v0.18.0`
`golang.org/x/sys`	`v0.35.0` -> `v0.38.0`
`golang.org/x/term`	`v0.34.0` -> `v0.37.0`
`golang.org/x/text`	`v0.28.0` -> `v0.31.0`
`golang.org/x/time`	`v0.12.0` -> `v0.13.0`
`golang.org/x/tools`	`v0.36.0` -> `v0.38.0`
`google.golang.org/api`	`v0.228.0` -> `v0.250.0`
`google.golang.org/genproto`	`v0.0.0-20250324211829-b45e905df463` -> `v0.0.0-20250603155806-513f23925822`
`google.golang.org/genproto/googleapis/api`	`v0.0.0-20250324211829-b45e905df463` -> `v0.0.0-20250818200422-3122310a409c`
`google.golang.org/genproto/googleapis/rpc`	`v0.0.0-20250324211829-b45e905df463` -> `v0.0.0-20250908214217-97024824d090`
`google.golang.org/grpc`	`v1.72.1` -> `v1.75.1`
`google.golang.org/protobuf`	`v1.36.8` -> `v1.36.9`
`k8s.io/api`	`v0.34.1` -> `v0.34.2`

renovate · 2025-12-15T17:12:19Z

ℹ️ Artifact update notice

File name: go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

78 additional dependencies were updated

Details:

Package	Change
`cloud.google.com/go`	`v0.120.0` -> `v0.121.6`
`cloud.google.com/go/auth`	`v0.15.0` -> `v0.16.5`
`cloud.google.com/go/compute/metadata`	`v0.6.0` -> `v0.8.4`
`cloud.google.com/go/iam`	`v1.4.2` -> `v1.5.2`
`cloud.google.com/go/kms`	`v1.21.1` -> `v1.23.0`
`cloud.google.com/go/longrunning`	`v0.6.6` -> `v0.6.7`
`cloud.google.com/go/monitoring`	`v1.24.1` -> `v1.24.2`
`cloud.google.com/go/storage`	`v1.51.0` -> `v1.57.0`
`github.com/Azure/azure-sdk-for-go/sdk/azcore`	`v1.18.0` -> `v1.19.1`
`github.com/Azure/azure-sdk-for-go/sdk/azidentity`	`v1.9.0` -> `v1.12.0`
`github.com/Azure/azure-sdk-for-go/sdk/internal`	`v1.11.1` -> `v1.11.2`
`github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azkeys`	`v1.3.1` -> `v1.4.0`
`github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/internal`	`v1.1.1` -> `v1.2.0`
`github.com/AzureAD/microsoft-authentication-library-for-go`	`v1.4.2` -> `v1.5.0`
`github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp`	`v1.27.0` -> `v1.29.0`
`github.com/GoogleCloudPlatform/opentelemetry-operations-go/exporter/metric`	`v0.51.0` -> `v0.53.0`
`github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/resourcemapping`	`v0.51.0` -> `v0.53.0`
`github.com/ProtonMail/go-crypto`	`v1.2.0` -> `v1.3.0`
`github.com/aws/aws-sdk-go-v2`	`v1.36.3` -> `v1.39.2`
`github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream`	`v1.6.10` -> `v1.7.1`
`github.com/aws/aws-sdk-go-v2/config`	`v1.29.14` -> `v1.31.11`
`github.com/aws/aws-sdk-go-v2/credentials`	`v1.17.67` -> `v1.18.15`
`github.com/aws/aws-sdk-go-v2/feature/ec2/imds`	`v1.16.30` -> `v1.18.9`
`github.com/aws/aws-sdk-go-v2/feature/s3/manager`	`v1.17.72` -> `v1.19.9`
`github.com/aws/aws-sdk-go-v2/internal/configsources`	`v1.3.34` -> `v1.4.9`
`github.com/aws/aws-sdk-go-v2/internal/endpoints/v2`	`v2.6.34` -> `v2.7.9`
`github.com/aws/aws-sdk-go-v2/internal/v4a`	`v1.3.34` -> `v1.4.9`
`github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding`	`v1.12.3` -> `v1.13.1`
`github.com/aws/aws-sdk-go-v2/service/internal/checksum`	`v1.7.0` -> `v1.8.9`
`github.com/aws/aws-sdk-go-v2/service/internal/presigned-url`	`v1.12.15` -> `v1.13.9`
`github.com/aws/aws-sdk-go-v2/service/internal/s3shared`	`v1.18.15` -> `v1.19.9`
`github.com/aws/aws-sdk-go-v2/service/kms`	`v1.38.3` -> `v1.45.6`
`github.com/aws/aws-sdk-go-v2/service/s3`	`v1.79.2` -> `v1.88.3`
`github.com/aws/aws-sdk-go-v2/service/sso`	`v1.25.3` -> `v1.29.5`
`github.com/aws/aws-sdk-go-v2/service/ssooidc`	`v1.30.1` -> `v1.35.1`
`github.com/aws/aws-sdk-go-v2/service/sts`	`v1.33.19` -> `v1.38.6`
`github.com/aws/smithy-go`	`v1.22.3` -> `v1.23.0`
`github.com/cloudflare/circl`	`v1.6.0` -> `v1.6.1`
`github.com/cncf/xds/go`	`v0.0.0-20250326154945-ae57f3c0d45f` -> `v0.0.0-20250501225837-2ac532fd4443`
`github.com/cpuguy83/go-md2man/v2`	`v2.0.6` -> `v2.0.7`
`github.com/fluxcd/pkg/apis/meta`	`v1.21.0` -> `v1.24.0`
`github.com/go-jose/go-jose/v4`	`v4.0.5` -> `v4.1.1`
`github.com/golang-jwt/jwt/v5`	`v5.2.2` -> `v5.3.0`
`github.com/googleapis/gax-go/v2`	`v2.14.1` -> `v2.15.0`
`github.com/hashicorp/hcl`	`v1.0.0` -> `v1.0.1-vault-7`
`github.com/hashicorp/vault/api`	`v1.16.0` -> `v1.21.0`
`github.com/urfave/cli`	`v1.22.16` -> `v1.22.17`
`go.opentelemetry.io/contrib/detectors/gcp`	`v1.35.0` -> `v1.36.0`
`go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc`	`v0.60.0` -> `v0.61.0`
`go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp`	`v0.60.0` -> `v0.61.0`
`go.opentelemetry.io/otel`	`v1.35.0` -> `v1.37.0`
`go.opentelemetry.io/otel/metric`	`v1.35.0` -> `v1.37.0`
`go.opentelemetry.io/otel/sdk`	`v1.35.0` -> `v1.37.0`
`go.opentelemetry.io/otel/sdk/metric`	`v1.35.0` -> `v1.37.0`
`go.opentelemetry.io/otel/trace`	`v1.35.0` -> `v1.37.0`
`go.yaml.in/yaml/v2`	`v2.4.2` -> `v2.4.3`
`golang.org/x/crypto`	`v0.41.0` -> `v0.46.0`
`golang.org/x/mod`	`v0.27.0` -> `v0.31.0`
`golang.org/x/net`	`v0.43.0` -> `v0.48.0`
`golang.org/x/oauth2`	`v0.30.0` -> `v0.31.0`
`golang.org/x/sync`	`v0.16.0` -> `v0.19.0`
`golang.org/x/sys`	`v0.35.0` -> `v0.39.0`
`golang.org/x/term`	`v0.34.0` -> `v0.38.0`
`golang.org/x/text`	`v0.28.0` -> `v0.32.0`
`golang.org/x/time`	`v0.12.0` -> `v0.13.0`
`golang.org/x/tools`	`v0.36.0` -> `v0.40.0`
`google.golang.org/api`	`v0.228.0` -> `v0.250.0`
`google.golang.org/genproto`	`v0.0.0-20250324211829-b45e905df463` -> `v0.0.0-20250603155806-513f23925822`
`google.golang.org/genproto/googleapis/api`	`v0.0.0-20250324211829-b45e905df463` -> `v0.0.0-20250818200422-3122310a409c`
`google.golang.org/genproto/googleapis/rpc`	`v0.0.0-20250324211829-b45e905df463` -> `v0.0.0-20250908214217-97024824d090`
`google.golang.org/grpc`	`v1.72.1` -> `v1.75.1`
`google.golang.org/protobuf`	`v1.36.8` -> `v1.36.9`
`gopkg.in/evanphx/json-patch.v4`	`v4.12.0` -> `v4.13.0`
`k8s.io/api`	`v0.34.2` -> `v0.35.0`
`k8s.io/gengo/v2`	`v2.0.0-20250604051438-85fd79dbfd9f` -> `v2.0.0-20250922181213-ec3ebc5fd46b`
`k8s.io/kube-openapi`	`v0.0.0-20250710124328-f3f2b991d03b` -> `v0.0.0-20250910181357-589584f1c912`
`k8s.io/utils`	`v0.0.0-20250604170112-4c0f3b243397` -> `v0.0.0-20251002143259-bc988d571ff4`
`sigs.k8s.io/json`	`v0.0.0-20241014173422-cfa47c3a1cc8` -> `v0.0.0-20250730193827-2d320260d730`

renovate bot added dependencies Pull requests that update a dependency file sap-cs-devops labels Sep 13, 2025

renovate bot force-pushed the renovate/minor-deps-golang branch 2 times, most recently from efdd0fe to 9e6f75e Compare September 15, 2025 22:54

renovate bot changed the title ~~fix(go.mod/go.sum): update module github.com/fluxcd/pkg/runtime to v0.85.0~~ fix(go.mod/go.sum): update minor dependencies (golang) Sep 15, 2025

renovate bot force-pushed the renovate/minor-deps-golang branch from 9e6f75e to 98f42b7 Compare September 17, 2025 10:11

renovate bot force-pushed the renovate/minor-deps-golang branch from 98f42b7 to 266c843 Compare September 28, 2025 22:03

renovate bot force-pushed the renovate/minor-deps-golang branch 7 times, most recently from f16b701 to 59e4bf6 Compare October 13, 2025 07:20

renovate bot force-pushed the renovate/minor-deps-golang branch from 59e4bf6 to 0449bea Compare October 28, 2025 11:59

renovate bot force-pushed the renovate/minor-deps-golang branch from 0449bea to 408918f Compare November 4, 2025 17:54

renovate bot force-pushed the renovate/minor-deps-golang branch 3 times, most recently from 7105dd2 to ab1da6d Compare November 19, 2025 17:34

renovate bot force-pushed the renovate/minor-deps-golang branch from ab1da6d to 888bc18 Compare December 8, 2025 12:42

renovate bot force-pushed the renovate/minor-deps-golang branch 2 times, most recently from 74eedb9 to 4c4ccbd Compare December 18, 2025 14:41

renovate bot force-pushed the renovate/minor-deps-golang branch 2 times, most recently from 5614ff9 to 493f710 Compare December 28, 2025 13:10

renovate bot force-pushed the renovate/minor-deps-golang branch 4 times, most recently from 4374b36 to d4742dd Compare January 6, 2026 21:46

fix(go.mod/go.sum): update minor dependencies (golang)

c6b56c4

renovate bot force-pushed the renovate/minor-deps-golang branch from d4742dd to c6b56c4 Compare January 6, 2026 22:03

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

fix(go.mod/go.sum): update minor dependencies (golang) #60

fix(go.mod/go.sum): update minor dependencies (golang) #60

Uh oh!

renovate bot commented Sep 13, 2025 •

edited

Loading

Uh oh!

renovate bot commented Sep 28, 2025 •

edited

Loading

Uh oh!

renovate bot commented Dec 15, 2025 •

edited

Loading

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

fix(go.mod/go.sum): update minor dependencies (golang) #60

Are you sure you want to change the base?

fix(go.mod/go.sum): update minor dependencies (golang) #60

Uh oh!

Conversation

renovate bot commented Sep 13, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Release Notes

v1.3.0: age v1.3.0: post-quantum (and more)!

Post-quantum recipients

New I/O APIs

age-inspect

Built-in recipients compatible with hardware plugins

Non-interactive passphrase input

Go framework for implementing plugins

Armor fixes

Detached headers

Usability improvements

Changelog

Container images

Changelog

Container images

Changelog

Container images

Changelog

Container images

Changelog

Container images

Installation

Verify checksums file signature

Verify binary integrity

Verify artifact provenance

Container Images

GitHub Container Registry

Quay.io

Verify container image signature

Verify container image provenance

Software Bill of Materials

What's Changed

New Contributors

What's Changed

Misc

envtest

Dependency bumps

New Contributors

Configuration

Uh oh!

renovate bot commented Sep 28, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

ℹ Artifact update notice

File name: go.mod

Uh oh!

renovate bot commented Dec 15, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

ℹ️ Artifact update notice

File name: go.mod

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

renovate bot commented Sep 13, 2025 •

edited

Loading

`v1.3.0`: age v1.3.0: post-quantum (and more)!

renovate bot commented Sep 28, 2025 •

edited

Loading

renovate bot commented Dec 15, 2025 •

edited

Loading