Update go modules (main) (patch)

[renovate]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
cuelang.org/go	v0.15.3 → v0.15.4
github.com/conforma/crds/api	v0.1.7 → v0.1.8
github.com/cucumber/godog	v0.15.0 → v0.15.1
github.com/daixiang0/gci	v0.13.5 → v0.13.7
github.com/evanphx/json-patch	v5.9.0+incompatible → v5.9.11+incompatible
github.com/evanphx/json-patch/v5	v5.9.0 → v5.9.11
github.com/gkampitakis/go-snaps	v0.5.7 → v0.5.21
github.com/go-openapi/runtime	v0.29.2 → v0.29.3
github.com/google/go-containerregistry	v0.20.7 → v0.20.8
github.com/open-policy-agent/opa	v1.12.1 → v1.12.3
github.com/otiai10/copy	v1.14.0 → v1.14.1
github.com/package-url/packageurl-go	v0.1.3 → v0.1.5
github.com/sigstore/cosign/v3	v3.0.4 → v3.0.5
github.com/sigstore/rekor	v1.5.0 → v1.5.1
github.com/spdx/tools-golang	v0.5.5 → v0.5.7
github.com/tektoncd/chains	v0.22.2 → v0.22.3
github.com/tektoncd/cli	v0.38.0 → v0.38.2
github.com/tektoncd/cli	v0.37.1 → v0.37.4
github.com/testcontainers/testcontainers-go	v0.34.0 → v0.34.1
gotest.tools/gotestsum	v1.12.1 → v1.12.3
helm.sh/helm/v3	v3.18.5 → v3.18.6
k8s.io/api	v0.35.0 → v0.35.3
k8s.io/apiextensions-apiserver	v0.34.2 → v0.34.6
k8s.io/apimachinery	v0.35.0 → v0.35.3
k8s.io/client-go	v0.35.0 → v0.35.3
k8s.io/kubernetes	v1.34.2 → v1.34.6

---

Release Notes

cue-lang/cue (cuelang.org/go)

v0.15.4

Compare Source

Evaluator

Fix a panic which could occur when using the error built-in with cyclic references.

Fix a panic which could occur when loading @experiment(aliasv2) syntax with an invalid alias name.

cmd/cue

Relax the cue login --token validation to allow future Central Registry token types.

Encodings

Fix a bug in the TOML decoder where nested arrays were causing incorrect "duplicate key" errors.

Full list of changes since v0.15.3

• internal/cueversion: bump LanguageVersion for v0.15.4 by @​mvdan in 50c137c
• internal/ci: bump Go and goreleaser for v0.15.4 by @​mvdan in 8e3eaa9
• cmd/cue: relax login --token prefix validation by @​rustyx in d0bd478
• cue/ast/astutil: fix nil pointer dereference in postfix alias error by @​mvdan in c5df0af
• internal/core/debug: fix stack overflow in error formatting by @​mvdan in bf7a40d
• encoding/toml: correctly check for duplicate keys with arrays by @​mvdan in 4a5fd52

cucumber/godog (github.com/cucumber/godog)

v0.15.1

Compare Source

Added

• Step text is added to "step is undefined" error - (669 - vearutop)
• Localisation support by @​MegaGrindStone in #​665
• feat: support uint types by @​chengxilo in #​695

Changed

• Replace deprecated ::set-output - (681 - nodeg)

Fixed

• fix(errors): fix(errors): Fix expected Step argument count for steps with context.Context (679 - tigh-latte)
• fix(formatter): On concurrent execution, execute formatter at end of Scenario - (645 - tigh-latte)
• Pretty printing results now prints the line where the step is declared instead of the line where the handler is declared. (668 - spencerc)
• Update honnef.co/go/tools/cmd/staticcheck version in Makefile by @​RezaZareiii in #​670
• fix: verify dogT exists in the context before using it by @​cakoolen in #​692
• fix: change bang to being in README by @​nahomEagleLion in #​687
• Mark junit test cases as skipped if no pickle step results available by @​mrsheepuk in #​597
• Print step declaration line instead of handler declaration line by @​SpencerC in #​668

daixiang0/gci (github.com/daixiang0/gci)

v0.13.7

Compare Source

What's Changed

• fix: scrape all goos/goarch pair for stdlib by @​Zxilly in #​208
• chore: get module info from pass by @​ldez in #​221
• chore: remove analyzer by @​ldez in #​222
• feat: update standard list to go1.25 by @​ldez in #​233
• bump up version by @​daixiang0 in #​234

New Contributors

• @​Zxilly made their first contribution in #​208

Full Changelog: daixiang0/gci@v0.13.6...v0.13.7

v0.13.6

Compare Source

What's Changed

• fix: update standard list to go1.24 by @​ldez in #​227
• bump up version by @​daixiang0 in #​229

Full Changelog: daixiang0/gci@v0.13.5...v0.13.6

evanphx/json-patch (github.com/evanphx/json-patch)

v5.9.11+incompatible

Compare Source

v5.9.10+incompatible

Compare Source

gkampitakis/go-snaps (github.com/gkampitakis/go-snaps)

v0.5.21

Compare Source

What's Changed

• support nested arrays in json matchers by @​gkampitakis in #​145

Full Changelog: gkampitakis/go-snaps@v0.5.20...v0.5.21

v0.5.20

Compare Source

What's Changed

• feat: support setting serializer on config by @​gkampitakis in #​154

Full Changelog: gkampitakis/go-snaps@v0.5.19...v0.5.20

v0.5.19

Compare Source

What's Changed

• fix: use backticks for inline snaps when appropriate by @​gkampitakis in #​149

Full Changelog: gkampitakis/go-snaps@0.5.18...v0.5.19

v0.5.18

Compare Source

v0.5.17

Compare Source

v0.5.16

Compare Source

What's Changed

• fix: don't drop /r character when scanning by @​gkampitakis in #​139
• chore: replace vendored go-diff with upstream by @​gkampitakis in #​143
• chore: update golangci-lint to v2 by @​G-Rath in #​141
• fix: detect no_color support by @​gkampitakis in #​123
• experimenting with inline snapshot support by @​gkampitakis in #​70

Full Changelog: gkampitakis/go-snaps@v0.5.15...v0.5.16

v0.5.15

Compare Source

What's Changed

• test: explicitly return named variables by @​G-Rath in #​137
• ci: show diff after running linting by @​G-Rath in #​136
• fix: only update snapshots when actually allowed by @​G-Rath in #​135

Full Changelog: gkampitakis/go-snaps@v0.5.14...v0.5.15

v0.5.14

Compare Source

What's Changed

• feat: snaps.Clean now returns if snaps dirty and err by @​gkampitakis in #​131

Full Changelog: gkampitakis/go-snaps@v0.5.13...v0.5.14

v0.5.13

Compare Source

What's Changed

• feat: support MatchStandaloneYAML by @​gkampitakis in #​128
• chore: update go-yaml and gh-action deps by @​gkampitakis in #​129

Full Changelog: gkampitakis/go-snaps@v0.5.12...v0.5.13

v0.5.12

Compare Source

What's Changed

• feat: add UPDATE_SNAPS=always for updating and creating snaps on CI setup by @​gkampitakis in #​126

Full Changelog: gkampitakis/go-snaps@v0.5.11...v0.5.12

v0.5.11

Compare Source

What's Changed

• feat: add json format config by @​kitimark in #​121

New Contributors

• @​kitimark made their first contribution in #​121

Full Changelog: gkampitakis/go-snaps@v0.5.10...v0.5.11

v0.5.10

Compare Source

What's Changed

• fix: handle builds with trimpath enabled by @​gkampitakis in #​120

Full Changelog: gkampitakis/go-snaps@v0.5.9...v0.5.10

v0.5.9

Compare Source

What's Changed

• fix: snaps.Update should apply and on snapshot create by @​gkampitakis in #​119

Full Changelog: gkampitakis/go-snaps@v0.5.8...v0.5.9

Kudos to @​orloffv for this issue #​116

v0.5.8

Compare Source

What's Changed

• feat: implement matchYAML by @​gkampitakis in #​114
• feat: implement matchStandaloneJSON by @​gkampitakis in #​113

Full Changelog: gkampitakis/go-snaps@v0.5.7...v0.5.8

go-openapi/runtime (github.com/go-openapi/runtime)

v0.29.3

Compare Source

0.29.3 - 2026-03-08

Full Changelog: go-openapi/runtime@v0.29.2...v0.29.3

27 commits in this release.

---

Fixed bugs

• fix: Content-Type of 404 & 405 responses by @​maxatome in #​373 ...

Documentation

• docs: add FAQ from resolved GitHub issues by @​fredbi in #​403 ...
• doc: fixup README (pending CI update for a complete rendering) by @​fredbi ...
• doc: announced new discord channel by @​fredbi in #​390 ...
• Chore/attribute original code by @​fredbi in #​384 ...

Code quality

• chore: updated dependencies (removed mongodb indirect dependency) by @​fredbi in #​399 ...

Miscellaneous tasks

• chore: prepare release v0.29.3 by @​bot-go-openapi[bot] in #​404 ...
• ci: fixed dropped trivy release - updated shared workflow by @​fredbi ...
• chore(code quality): replace TODO comments with issue references by @​fredbi in #​388 ...
• chore(licensing): added correct code attribution for the denco middleware by @​fredbi ...
• chore: fixed code quality issues in shells used for preparing releases by @​fredbi in #​383 ...

Updates

• build(deps): bump the development-dependencies group across 2 directories with 7 updates by @​dependabot[bot] in #​402 ...
• build(deps): bump the other-dependencies group with 3 updates by @​dependabot[bot] in #​394 ...
• build(deps): bump the go-openapi-dependencies group with 6 updates by @​dependabot[bot] in #​398 ...
• build(deps): bump the go-openapi-dependencies group with 2 updates by @​dependabot[bot] in #​396 ...
• build(deps): bump the go-openapi-dependencies group with 2 updates by @​dependabot[bot] in #​395 ...
• build(deps): bump the go-openapi-dependencies group with 2 updates by @​dependabot[bot] in #​393 ...
• build(deps): bump the go-openapi-dependencies group with 2 updates by @​dependabot[bot] in #​392 ...
• build(deps): bump the go-openapi-dependencies group with 2 updates by @​dependabot[bot] in #​391 ...
• build(deps): bump github.com/go-openapi/analysis from 0.24.1 to 0.24.2 in the go-openapi-dependencies group by @​dependabot[bot] in #​389 ...
• build(deps): bump the other-dependencies group with 3 updates by @​dependabot[bot] in #​382 ...
• build(deps): bump golang.org/x/sync from 0.18.0 to 0.19.0 in the golang-org-dependencies group by @​dependabot[bot] in #​380 ...
• build(deps): bump the go-openapi-dependencies group with 2 updates by @​dependabot[bot] in #​381 ...
• build(deps): bump the go-openapi-dependencies group with 4 updates by @​dependabot[bot] in #​379 ...
• build(deps): bump the go-openapi-dependencies group with 4 updates by @​dependabot[bot] in #​377 ...
• build(deps): bump actions/checkout from 5 to 6 in the development-dependencies group by @​dependabot[bot] in #​378 ...
• build(deps): bump golangci/golangci-lint-action from 8 to 9 in the development-dependencies group by @​dependabot[bot] in #​374 ...

---

People who contributed to this release

• @​fredbi
• @​maxatome

---

New Contributors

• @​maxatome made their first contribution
  in #​373

---

runtime license terms

Per-module changes

---

client-middleware/opentracing (0.29.3)

Documentation

• Chore/attribute original code by @​fredbi in #​384 ...

Code quality

• chore: updated dependencies (removed mongodb indirect dependency) by @​fredbi in #​399 ...

Miscellaneous tasks

• chore: prepare release v0.29.3 by @​bot-go-openapi[bot] in #​404 ...

google/go-containerregistry (github.com/google/go-containerregistry)

v0.20.8

Compare Source

open-policy-agent/opa (github.com/open-policy-agent/opa)

v1.12.3

Compare Source

v1.12.3

This is a bug fix release addressing two issues:

Bundle polling is being misconfigured when discovery bundle is updated (#​8215)

This is an issue where the polling interval for discovery (discovery.polling.min_delay_seconds and discovery.polling.max_delay_seconds) were misinterpreted on reconfiguration, causing extremely long update intervals.

Reported by @​loganmiller-chime, authored by @​sspaink

Decision log size buffer buffer_size_limit_bytes misconfigured during reconfiguration (#​8213)

This is a regression in the decision log, where the decision_logs.reporting.buffer_size_limit_bytes was mistakenly assigned the value of decision_logs.reporting.upload_size_limit_bytes during reconfiguration.
This issue is only present when decision_logs.reporting.buffer_type is set to size, which is the default value.

Authored by @​sspaink

v1.12.2

Compare Source

This bug fix release address issues found in the new string interpolation feature

• Add (*TemplateString).Copy() method (#​8159) authored by @​anderseknert
• Fix template string not serialized with escaped { (#​8161)
  authored by @​anderseknert
• fix(ast): skip template string vars in ref safety (#​8174)
  authored by @​thevilledev
• fix(ast): use original var names in template error (#​8180)
  authored by @​thevilledev

otiai10/copy (github.com/otiai10/copy)

v1.14.1

Compare Source

package-url/packageurl-go (github.com/package-url/packageurl-go)

v0.1.5

Compare Source

What's Changed

• Remove version requirement for TypeSwift by @​Talgarr in #​90
• Handle non-canonical input purls a bit more gracefully by @​petergardfjall in #​89

New Contributors

• @​Talgarr made their first contribution in #​90

Full Changelog: package-url/packageurl-go@v0.1.4...v0.1.5

v0.1.4

Compare Source

What's Changed

• Fix golangci and update versions by @​shibumi in #​76
• Allow npm names to be case sensitive by @​PFCM in #​73
• add custom validation for pkg:cpan by @​petergardfjall in #​79
• move cpan to known types by @​nikpivkin in #​71
• Run tests using reference data from purl-spec by @​keshav-space in #​80
• update code to honor the canonical purl encoding by @​petergardfjall in #​83

New Contributors

• @​PFCM made their first contribution in #​73
• @​nikpivkin made their first contribution in #​71
• @​keshav-space made their first contribution in #​80

Full Changelog: package-url/packageurl-go@v0.1.3...v0.1.4

sigstore/cosign (github.com/sigstore/cosign/v3)

v3.0.5

Compare Source

Deprecations

• Deprecate rekor-entry-type flag (#​4691)
• Deprecate cosign triangulate (#​4676)
• Deprecate cosign copy (#​4681)

Features

• Automatically require signed timestamp with Rekor v2 entries (#​4666)
• Allow --local-image with --new-bundle-format for v2 and v3 signatures (#​4626)
• Add mTLS support for TSA client connections when signing with a signing config (#​4620)
• Enforce TSA requirement for Rekor v2, Fuclio signing (#​4683)

Bug Fixes

• Add empty predicate to cosign sign when payload type is application/vnd.in-toto+json (#​4635)
• fix: avoid panic on malformed attestation payload (#​4651)
• fix: avoid panic on malformed tlog entries (#​4649)
• fix: avoid panic on malformed replace payload (#​4653)
• Gracefully fail if bundle payload body is not a string (#​4648)
• Verify validity of chain rather than just certificate (#​4663)
• fix: avoid panic on malformed tlog entry body (#​4652)

Documentation

• docs(cosign): clarify RFC3161 revocation semantics (#​4642)
• Fix typo in CLI help (#​4701)

sigstore/rekor (github.com/sigstore/rekor)

v1.5.1

Compare Source

Changelog

• 2d46808 optimize memory for DSSE v0.0.1 processing (#​2766)
• 6de110d return correct errors in rare failure situations (#​2753)
• 7ff7c69 raise error if decoding hash fails during inclusion proof (#​2754)

Thanks for all contributors!

spdx/tools-golang (github.com/spdx/tools-golang)

v0.5.7

Compare Source

What's Changed

• Fail parsing if the required prefix isn't present for IDs by @​awyeth in #​275

New Contributors

• @​awyeth made their first contribution in #​275

Full Changelog: spdx/tools-golang@v0.5.6...v0.5.7

v0.5.6

Compare Source

What's Changed

• Change the colon and space separator to just a colon by @​warpkwd in #​254
• build(deps): Bump sigs.k8s.io/yaml to 1.6.0 by @​dependabot[bot] in #​259
• Resolve two issues related to ExternalDocumentRef by @​KAWAHARA-souta in #​269
• fix: Fix prefixDocumentId() to use correct prefix by @​KAWAHARA-souta in #​272

New Contributors

• @​warpkwd made their first contribution in #​254
• @​KAWAHARA-souta made their first contribution in #​269

Full Changelog: spdx/tools-golang@v0.5.5...v0.5.6

tektoncd/chains (github.com/tektoncd/chains)

v0.22.3: Tekton Chains release v0.22.3 "v0.22.3"

Compare Source

-Docs @​ v0.22.3
-Examples @​ v0.22.3

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/chains/previous/v0.22.3/release.yaml

Attestation

The Rekor UUID for this release is 108e9186e8c5677abc5f8010a0a21be4daa53325a217f4df92955848f73f226c6ed054c429fb9f82

Obtain the attestation:

REKOR_UUID=108e9186e8c5677abc5f8010a0a21be4daa53325a217f4df92955848f73f226c6ed054c429fb9f82
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/chains/previous/v0.22.3/release.yaml
REKOR_UUID=108e9186e8c5677abc5f8010a0a21be4daa53325a217f4df92955848f73f226c6ed054c429fb9f82

### Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.22.3@​sha256:" + .digest.sha256')

### Download the release file
curl "$RELEASE_FILE" > release.yaml

### For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Fixes

• 🐛 Fix nil-pointer references (#​1286 and #​1246)

Misc

• 🔨 Upgrade golang.org/x/crypto to 0.31.0 (#​1269)

Thanks

Thanks to these contributors who contributed to v0.22.3!

• ❤️ @​jkhelil
• ❤️ @​lcarva
• ❤️ @​savitaashture
• ❤️ @​tekton-robot

Extra shout-out for awesome release notes:

• 😍 @​jkhelil
• 😍 @​lcarva
• 😍 @​savitaashture
• 😍 @​tekton-robot

tektoncd/cli (github.com/tektoncd/cli)

v0.38.2

Compare Source

v0.38.2 Release 🎉

This is a bug fix release for CVEs GHSA-w32m-9786-jp63 on golang.org/x/net and GHSA-v778-237x-gjrc on golang.org/x/crypto.

ChangeLog 📋

Misc 🔨

• Bump golang.org/x/net from 0.30.0 to 0.33.0 #​2473
• Bump golang.org/x/crypto from 0.28.0 to 0.31.0 #​2447

v0.38.1

Compare Source

v0.38.1 Release 🎉

This is a bug fix release as tkn start was failing with tkn version v0.38.0 release and old(er) pipeline version. This release comes with Pipelines v0.62.3 and Triggers version v0.29.1

ChangeLog 📋

Misc 🔨

• Bump tektoncd/pipeline to v0.62.3 #​2392
• Bump github.com/tektoncd/triggers from 0.29.0 to 0.29.1 [#​2394](https://red

---

Configuration

📅 Schedule: Branch creation - Between 12:00 AM and 03:59 AM ( * 0-3 * * * ) (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[renovate]

ℹ️ Artifact update notice

File name: acceptance/go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

• 55 additional dependencies were updated
• The go directive was updated for compatibility reasons

Details:

Package	Change
go	1.25.3 -> 1.25.6
github.com/go-openapi/strfmt	v0.25.0 -> v0.26.0
github.com/in-toto/in-toto-golang	v0.9.0 -> v0.9.1-0.20240317085821-8e2966059a09
github.com/secure-systems-lab/go-securesystemslib	v0.9.1 -> v0.10.0
golang.org/x/exp	v0.0.0-20250620022241-b7579e27df2b -> v0.0.0-20251023183803-a4bb9ffd2546
cel.dev/expr	v0.24.0 -> v0.25.1
github.com/docker/docker	v28.3.3+incompatible -> v28.5.2+incompatible
github.com/gkampitakis/ciinfo	v0.3.0 -> v0.3.2
github.com/go-chi/chi/v5	v5.2.4 -> v5.2.5
github.com/go-openapi/analysis	v0.24.1 -> v0.24.3
github.com/go-openapi/errors	v0.22.6 -> v0.22.7
github.com/go-openapi/jsonpointer	v0.22.4 -> v0.22.5
github.com/go-openapi/jsonreference	v0.21.4 -> v0.21.5
github.com/go-openapi/loads	v0.23.2 -> v0.23.3
github.com/go-openapi/runtime	v0.29.2 -> v0.29.3
github.com/go-openapi/spec	v0.22.3 -> v0.22.4
github.com/go-openapi/swag	v0.25.4 -> v0.25.5
github.com/go-openapi/swag/cmdutils	v0.25.4 -> v0.25.5
github.com/go-openapi/swag/conv	v0.25.4 -> v0.25.5
github.com/go-openapi/swag/fileutils	v0.25.4 -> v0.25.5
github.com/go-openapi/swag/jsonname	v0.25.4 -> v0.25.5
github.com/go-openapi/swag/jsonutils	v0.25.4 -> v0.25.5
github.com/go-openapi/swag/loading	v0.25.4 -> v0.25.5
github.com/go-openapi/swag/mangling	v0.25.4 -> v0.25.5
github.com/go-openapi/swag/netutils	v0.25.4 -> v0.25.5
github.com/go-openapi/swag/stringutils	v0.25.4 -> v0.25.5
github.com/go-openapi/swag/typeutils	v0.25.4 -> v0.25.5
github.com/go-openapi/swag/yamlutils	v0.25.4 -> v0.25.5
github.com/go-openapi/validate	v0.25.1 -> v0.25.2
github.com/go-viper/mapstructure/v2	v2.4.0 -> v2.5.0
github.com/golang/snappy	v0.0.4 -> v1.0.0
github.com/google/cel-go	v0.26.0 -> v0.26.1
github.com/grpc-ecosystem/grpc-gateway/v2	v2.27.3 -> v2.27.5
github.com/prometheus/common	v0.67.4 -> v0.67.5
github.com/prometheus/procfs	v0.17.0 -> v0.19.2
github.com/sigstore/rekor-tiles/v2	v2.0.1 -> v2.2.0
github.com/sirupsen/logrus	v1.9.4-0.20230606125235-dd1b4c2e81af -> v1.9.4
github.com/stoewer/go-strcase	v1.3.0 -> v1.3.1
github.com/theupdateframework/go-tuf/v2	v2.3.0 -> v2.4.1
github.com/tidwall/gjson	v1.17.3 -> v1.18.0
go.opentelemetry.io/otel	v1.39.0 -> v1.41.0
go.opentelemetry.io/otel/metric	v1.39.0 -> v1.41.0
go.opentelemetry.io/otel/trace	v1.39.0 -> v1.41.0
golang.org/x/crypto	v0.46.0 -> v0.48.0
golang.org/x/mod	v0.31.0 -> v0.33.0
golang.org/x/net	v0.48.0 -> v0.50.0
golang.org/x/oauth2	v0.34.0 -> v0.35.0
golang.org/x/sys	v0.39.0 -> v0.41.0
golang.org/x/term	v0.38.0 -> v0.40.0
golang.org/x/text	v0.32.0 -> v0.34.0
gomodules.xyz/jsonpatch/v2	v2.4.0 -> v2.5.0
google.golang.org/api	v0.260.0 -> v0.269.0
google.golang.org/genproto/googleapis/api	v0.0.0-20251202230838-ff82c1b0f217 -> v0.0.0-20260128011058-8636f8732409
google.golang.org/genproto/googleapis/rpc	v0.0.0-20251222181119-0a764e51fe1b -> v0.0.0-20260217215200-42d3e9bedb6d
google.golang.org/grpc	v1.78.0 -> v1.79.2
knative.dev/pkg	v0.0.0-20250117084104-c43477f0052b -> v0.0.0-20250415155312-ed3e2158b883

File name: go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

• 78 additional dependencies were updated
• The go directive was updated for compatibility reasons

Details:

Package	Change
go	1.25.3 -> 1.25.5
github.com/go-openapi/strfmt	v0.25.0 -> v0.26.0
golang.org/x/exp	v0.0.0-20250911091902-df9299821621 -> v0.0.0-20251023183803-a4bb9ffd2546
golang.org/x/net	v0.49.0 -> v0.50.0
golang.org/x/text	v0.33.0 -> v0.34.0
cloud.google.com/go	v0.121.6 -> v0.123.0
cloud.google.com/go/auth	v0.18.0 -> v0.18.2
cloud.google.com/go/storage	v1.57.1 -> v1.59.1
github.com/anchore/go-struct-converter	v0.0.0-20230627203149-c72ef8859ca9 -> v0.1.0
github.com/aws/aws-sdk-go-v2	v1.41.0 -> v1.41.1
github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream	v1.7.1 -> v1.7.4
github.com/aws/aws-sdk-go-v2/config	v1.32.5 -> v1.32.7
github.com/aws/aws-sdk-go-v2/credentials	v1.19.5 -> v1.19.7
github.com/aws/aws-sdk-go-v2/feature/ec2/imds	v1.18.16 -> v1.18.17
github.com/aws/aws-sdk-go-v2/internal/configsources	v1.4.16 -> v1.4.17
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2	v2.7.16 -> v2.7.17
github.com/aws/aws-sdk-go-v2/internal/v4a	v1.4.9 -> v1.4.16
github.com/aws/aws-sdk-go-v2/service/internal/checksum	v1.8.9 -> v1.9.7
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url	v1.13.16 -> v1.13.17
github.com/aws/aws-sdk-go-v2/service/internal/s3shared	v1.19.9 -> v1.19.16
github.com/aws/aws-sdk-go-v2/service/s3	v1.88.3 -> v1.93.1
github.com/aws/aws-sdk-go-v2/service/signin	v1.0.4 -> v1.0.5
github.com/aws/aws-sdk-go-v2/service/sso	v1.30.7 -> v1.30.9
github.com/aws/aws-sdk-go-v2/service/ssooidc	v1.35.12 -> v1.35.13
github.com/aws/aws-sdk-go-v2/service/sts	v1.41.5 -> v1.41.6
github.com/cncf/xds/go	v0.0.0-20251022180443-0feb69152e9f -> v0.0.0-20251210132809-ee656c7534f5
github.com/envoyproxy/go-control-plane/envoy	v1.35.0 -> v1.36.0
github.com/envoyproxy/protoc-gen-validate	v1.2.1 -> v1.3.0
github.com/gkampitakis/ciinfo	v0.3.0 -> v0.3.2
github.com/go-chi/chi/v5	v5.2.4 -> v5.2.5
github.com/go-openapi/analysis	v0.24.1 -> v0.24.3
github.com/go-openapi/errors	v0.22.6 -> v0.22.7
github.com/go-openapi/jsonpointer	v0.22.4 -> v0.22.5
github.com/go-openapi/jsonreference	v0.21.4 -> v0.21.5
github.com/go-openapi/loads	v0.23.2 -> v0.23.3
github.com/go-openapi/spec	v0.22.3 -> v0.22.4
github.com/go-openapi/swag	v0.25.4 -> v0.25.5
github.com/go-openapi/swag/cmdutils	v0.25.4 -> v0.25.5
github.com/go-openapi/swag/conv	v0.25.4 -> v0.25.5
github.com/go-openapi/swag/fileutils	v0.25.4 -> v0.25.5
github.com/go-openapi/swag/jsonname	v0.25.4 -> v0.25.5
github.com/go-openapi/swag/jsonutils	v0.25.4 -> v0.25.5
github.com/go-openapi/swag/loading	v0.25.4 -> v0.25.5
github.com/go-openapi/swag/mangling	v0.25.4 -> v0.25.5
github.com/go-openapi/swag/netutils	v0.25.4 -> v0.25.5
github.com/go-openapi/swag/stringutils	v0.25.4 -> v0.25.5
github.com/go-openapi/swag/typeutils	v0.25.4 -> v0.25.5
github.com/go-openapi/swag/yamlutils	v0.25.4 -> v0.25.5
github.com/go-openapi/validate	v0.25.1 -> v0.25.2
github.com/go-viper/mapstructure/v2	v2.4.0 -> v2.5.0
github.com/google/cel-go	v0.26.1 -> v0.27.0
github.com/googleapis/enterprise-certificate-proxy	v0.3.9 -> v0.3.12
github.com/googleapis/gax-go/v2	v2.16.0 -> v2.17.0
github.com/grpc-ecosystem/grpc-gateway/v2	v2.27.3 -> v2.27.5
github.com/miekg/pkcs11	v1.1.1 -> v1.1.2
github.com/prometheus/common	v0.67.4 -> v0.67.5
github.com/prometheus/procfs	v0.17.0 -> v0.19.2
github.com/sigstore/fulcio	v1.8.4 -> v1.8.5
github.com/sigstore/rekor-tiles/v2	v2.0.1 -> v2.2.0
github.com/theupdateframework/go-tuf/v2	v2.3.0 -> v2.4.1
github.com/tidwall/gjson	v1.17.0 -> v1.18.0
gitlab.com/gitlab-org/api/client-go	v1.11.0 -> v1.25.0
go.opentelemetry.io/contrib/detectors/gcp	v1.38.0 -> v1.39.0
go.opentelemetry.io/otel	v1.39.0 -> v1.41.0
go.opentelemetry.io/otel/metric	v1.39.0 -> v1.41.0
go.opentelemetry.io/otel/sdk	v1.39.0 -> v1.41.0
go.opentelemetry.io/otel/sdk/metric	v1.39.0 -> v1.41.0
go.opentelemetry.io/otel/trace	v1.39.0 -> v1.41.0
golang.org/x/crypto	v0.47.0 -> v0.48.0
golang.org/x/mod	v0.31.0 -> v0.33.0
golang.org/x/oauth2	v0.34.0 -> v0.35.0
golang.org/x/sys	v0.40.0 -> v0.41.0
golang.org/x/term	v0.39.0 -> v0.40.0
golang.org/x/tools	v0.40.0 -> v0.41.0
google.golang.org/api	v0.260.0 -> v0.269.0
google.golang.org/genproto	v0.0.0-20251202230838-ff82c1b0f217 -> v0.0.0-20260128011058-8636f8732409
google.golang.org/genproto/googleapis/api	v0.0.0-20251202230838-ff82c1b0f217 -> v0.0.0-20260128011058-8636f8732409
google.golang.org/genproto/googleapis/rpc	v0.0.0-20260203192932-546029d2fa20 -> v0.0.0-20260217215200-42d3e9bedb6d
google.golang.org/grpc	v1.78.0 -> v1.79.2

File name: tools/go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

• 1 additional dependency was updated

Details:

Package	Change
github.com/tektoncd/triggers	v0.29.0 -> v0.29.1