Skip to content

build(deps): bump the go-dependencies group across 1 directory with 26 updates#3304

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/go_modules/go-dependencies-bdf90d481a
Closed

build(deps): bump the go-dependencies group across 1 directory with 26 updates#3304
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/go_modules/go-dependencies-bdf90d481a

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 30, 2026

Copy link
Copy Markdown
Contributor

Bumps the go-dependencies group with 23 updates in the / directory:

Package From To
github.com/Azure/azure-sdk-for-go/sdk/azidentity 1.13.1 1.14.0
github.com/flanksource/kopper 1.0.22 1.0.23
github.com/labstack/echo/v4 4.15.2 4.15.4
github.com/onsi/ginkgo/v2 2.29.0 2.32.0
github.com/onsi/gomega 1.40.0 1.42.1
github.com/ory/client-go 1.22.39 1.22.58
gorm.io/gorm 1.31.1 1.31.2
k8s.io/apimachinery 0.36.1 0.36.2
k8s.io/client-go 0.36.1 0.36.2
github.com/aws/aws-sdk-go-v2/config 1.32.25 1.32.26
github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs 1.75.2 1.78.1
github.com/firebase/genkit/go 1.9.0 1.10.0
github.com/flanksource/clicky 1.21.18 1.21.33
github.com/fluxcd/pkg/gittestserver 0.28.0 0.29.0
github.com/jenkins-x/go-scm 1.15.22 1.15.31
github.com/mark3labs/mcp-go 0.53.0 0.55.1
github.com/prometheus/common 0.68.1 0.69.0
github.com/redis/go-redis/v9 9.19.0 9.21.0
github.com/slack-go/slack 0.23.1 0.27.0
github.com/tg123/go-htpasswd 1.2.4 1.2.5
github.com/xavidop/genkit-aws-bedrock-go 1.14.0 1.20.0
go.opentelemetry.io/contrib/instrumentation/github.com/labstack/echo/otelecho 0.68.0 0.69.0
google.golang.org/api 0.283.0 0.286.0

Updates github.com/Azure/azure-sdk-for-go/sdk/azidentity from 1.13.1 to 1.14.0

Release notes

Sourced from github.com/Azure/azure-sdk-for-go/sdk/azidentity's releases.

sdk/azidentity/v1.14.0

1.14.0 (2026-06-15)

Breaking Changes

These changes affect only code written against a beta version such as v1.14.0-beta.3

  • Removed WorkloadIdentityCredentialOptions.EnableAzureProxy. It will return in v1.15.0-beta.1

Bugs Fixed

  • AzureDeveloperCLICredential improved reporting of error messages returned from azd

Other Changes

  • Returned azidentity errors include links to the troubleshooting guide when appropriate
  • This module now requires a minimum Go version of 1.25
  • Upgraded dependencies
Commits

Updates github.com/flanksource/kopper from 1.0.22 to 1.0.23

Release notes

Sourced from github.com/flanksource/kopper's releases.

v1.0.23

1.0.23 (2026-06-25)

Bug Fixes

  • Replace codfish/semantic-release-action with flanksource/action-workflows (#36) (c3a4987)
Commits
  • c3a4987 fix: Replace codfish/semantic-release-action with flanksource/action-workflow...
  • See full diff in compare view

Updates github.com/labstack/echo/v4 from 4.15.2 to 4.15.4

Release notes

Sourced from github.com/labstack/echo/v4's releases.

v4.15.4

Security

Fixes GHSA-vfp3-v2gw-7wfq: an encoded path separator (%2F or %5C) in a static file URL could bypass route-level middleware (e.g. authentication on a sibling route) and disclose static files. Both StaticDirectoryHandler (used by Static/StaticFS) and the Static middleware are affected. Backport of the v5 fix (#3016, released in v5.2.1). Thanks to @​a-tt-om and @​oran-gugu for reporting.


Make serving static file releated methods and middleware not unescape path by default - so how the way Router interprets paths and Static methods/middleware is consistent.

Given following situation:

// 0.
// given folder structure:
// private.txt
// public/
// public/index.html
// public/text.txt
// public/admin/private.txt
// 1. share public/ folder contents from the server root. This folder actually contains subfolder admin which
// contents we want to forbid from downloading
e.Static("/", "public")
// 2. naively assume that everything under /admin folder is now forbidden
e.GET("/admin/*", func(c *Context) error {
return ErrForbidden
})

Then requests to /admin%2fprivate.txt would not be matched to GET /admin/* route (routing does not look unescaped path) and static file serving will use unescaped path to serve the file.

Note: this way of "guarding" subfolders will never work for for paths like /assets/../admin%2fprivate.txt which will path.Clean("/assets/../admin%2fprivate.txt") to /admin/private.txt and are servable if static file serving is configured to unescape paths.

If you want to guard routes - use middlewares on Static* methods and before Static middleware.

Breaking change / migration: If you serve files whose names contain URL-encoded characters (e.g., /hello%20world.txthello world.txt), you must now opt in:

	e := echo.New()
	e.EnablePathUnescapingStaticFiles = true  // <-- enable old behavior
	e.Static("/", "public")

for static middleware

	e.Use(middleware.StaticWithConfig(middleware.StaticConfig{
		EnablePathUnescaping: true, // <-- enable old behavior
	}))

... (truncated)

Changelog

Sourced from github.com/labstack/echo/v4's changelog.

v4.15.4 - 2026-06-15

Security

Fixes GHSA-vfp3-v2gw-7wfq

Make serving static file releated methods and middleware not unescape path by default - so how the way Router interprets paths and Static methods/middleware is consistent.

Given following situation:

// 0.
// given folder structure:
// private.txt
// public/
// public/index.html
// public/text.txt
// public/admin/private.txt
// 1. share public/ folder contents from the server root. This folder actually contains subfolder admin which
// contents we want to forbid from downloading
e.Static("/", "public")
// 2. naively assume that everything under /admin folder is now forbidden
e.GET("/admin/*", func(c *Context) error {
return ErrForbidden
})

Then requests to /admin%2fprivate.txt would not be matched to GET /admin/* route (routing does not look unescaped path) and static file serving will use unescaped path to serve the file.

Note: this way of "guarding" subfolders will never work for for paths like /assets/../admin%2fprivate.txt which will path.Clean("/assets/../admin%2fprivate.txt") to /admin/private.txt and are servable if static file serving is configured to unescape paths.

If you want to guard routes - use middlewares on Static* methods and before Static middleware.

Breaking change / migration: If you serve files whose names contain URL-encoded characters (e.g., /hello%20world.txthello world.txt), you must now opt in:

	e := echo.New()
	e.EnablePathUnescapingStaticFiles = true  // <-- enable old behavior
	e.Static("/", "public")

for static middleware

	e.Use(middleware.StaticWithConfig(middleware.StaticConfig{
		EnablePathUnescaping: true, // <-- enable old behavior
	}))

v4.15.3 - 2026-06-14

... (truncated)

Commits
  • ec79b58 Merge pull request #3020 from aldas/v4_v4-15-4_changelog
  • 2714c07 Changelog for v4.15.4 - security fix
  • 13f0ed1 Merge pull request #3019 from aldas/v4_backport_3016
  • d16a4ec backport PR 3016 from v4
  • 8f167b9 Merge pull request #3018 from aldas/v4_remove_v5_dep
  • 9afa4ba remove dependency on labstack/echo v5 introduced in go.mod and go.sum
  • 1e05f63 Merge pull request #3017 from aldas/v4_ci_updates
  • 11a3cc4 Update dependencies and add ignore for linting
  • 26bd016 Update CI action versions
  • aa52f6a ci: run workflows on the v4 branch, not just master (#3013)
  • Additional commits viewable in compare view

Updates github.com/onsi/ginkgo/v2 from 2.29.0 to 2.32.0

Release notes

Sourced from github.com/onsi/ginkgo/v2's releases.

v2.32.0

2.32.0

-fd generate RSpec-style documentation output. Thank @​woodie ! --sleep-on-failure pauses a failed spec before teardown. Thanks @​qinqon !

v2.31.0

2.31.0

Add a bunch of Claude Skills via the marketplace:

/plugin marketplace add onsi/ginkgo
/plugin install ginkgo@ginkgo

v2.30.0

2.30.0

Features

Ginkgo now allows extentions/global.Reset to support running multiple suites from within a single process. This may take some massaging on your part (see 1672) but can dramatically speed up codebases with O(hundreds) of test suites.

Thanks @​lawrencejones !

Fixes

  • Fix nested --github-output group for progress report nested inside timeline [4f62d7a]
Changelog

Sourced from github.com/onsi/ginkgo/v2's changelog.

2.32.0

-fd generate RSpec-style documentation output. Thank @​woodie ! --sleep-on-failure pauses a failed spec before teardown. Thanks @​qinqon !

2.31.0

Add a bunch of Claude Skills via the marketplace:

/plugin marketplace add onsi/ginkgo
/plugin install ginkgo@ginkgo

2.30.0

Features

Ginkgo now allows extentions/global.Reset to support running multiple suites from within a single process. This may take some massaging on your part (see 1672) but can dramatically speed up codebases with O(hundreds) of test suites.

Thanks @​lawrencejones !

Fixes

  • Fix nested --github-output group for progress report nested inside timeline [4f62d7a]
Commits
  • 9ff1646 v2.32.0
  • 0491f2a Make -fd exclusive of -p/-procs and -randomize-all
  • 334f74a respect SilenceSkips in fd mode, add test
  • 21047ce No need for a new method.
  • 7d281e1 Break out to two methods.
  • 5313727 More integration, fewer changes.
  • b83f524 Fewer new methods.
  • 73c59df feat: add -fd flag for RSpec-style documentation output
  • 76a2074 feat: add --sleep-on-failure to pause a failed spec before teardown
  • 3c7bde4 v2.31.0
  • Additional commits viewable in compare view

Updates github.com/onsi/gomega from 1.40.0 to 1.42.1

Release notes

Sourced from github.com/onsi/gomega's releases.

v1.42.1

1.42.1

Bump Dependencies

v1.42.0

1.42.0

Add a set of Claude skill as a marketplace plugin

v1.41.0

No release notes provided.

Changelog

Sourced from github.com/onsi/gomega's changelog.

1.42.1

Bump Dependencies

1.42.0

Add a set of Claude skill as a marketplace plugin

1.41.0

Features

Add BeASlice and BeAnArray matchers

Fixes

Object formatting now detects pointer cycles to avoid runaway formatting output.

Commits

Updates github.com/ory/client-go from 1.22.39 to 1.22.58

Commits
  • 2dc8874 autogen: regenerate OpenAPI client for v1.22.58
  • 59bb686 autogen: regenerate OpenAPI client for v1.22.57
  • 7e19e86 autogen: regenerate OpenAPI client for v1.22.56
  • 5b9c92c autogen: regenerate OpenAPI client for v1.22.55
  • 44f1c18 autogen: regenerate OpenAPI client for v1.22.54
  • 2a28c24 autogen: regenerate OpenAPI client for v1.22.53
  • b8d3d47 autogen: regenerate OpenAPI client for v1.22.52
  • ece3542 autogen: regenerate OpenAPI client for v1.22.51
  • 67d8f58 autogen: regenerate OpenAPI client for v1.22.50
  • bb95743 autogen: regenerate OpenAPI client for v1.22.49
  • Additional commits viewable in compare view

Updates gorm.io/gorm from 1.31.1 to 1.31.2

Release notes

Sourced from gorm.io/gorm's releases.

Release v1.31.2

Changes

Commits
  • 1d6ce99 Fix potential rows leak on panic by deferring rows.Close() (#7798)
  • f648834 perf: replace fmt.Sprintf with strconv in ExplainSQL numeric formatting (#7796)
  • 49cd6b8 Document NowFunc timezone behavior (#7799)
  • d0ee5e2 correct typo and rename fileType to fieldType in AlterColumn (#7748)
  • 2a22022 fix: panic when using clause.Returning with CreateInBatches (#7768)
  • 3322929 fix(migrator): add nil guards to ColumnType methods to prevent panic (#7767)
  • 40cd2af ci: switch tests Go matrix to stable/oldstable and update setup-go (#7726)
  • ba38501 chore(ci): bump actions/stale to v9 (#7696)
  • c1f742d fix: don't override alterColumn when defaults match (#7728)
  • c14d3ac update github ci golang version
  • Additional commits viewable in compare view

Updates k8s.io/apimachinery from 0.36.1 to 0.36.2

Commits

Updates k8s.io/client-go from 0.36.1 to 0.36.2

Commits

Updates github.com/aws/aws-sdk-go-v2/config from 1.32.25 to 1.32.26

Commits
  • 26060c5 Release 2026-06-29
  • 24e918a Regenerated Clients
  • 334471f Update API model
  • 96d81dc Deprecate iotevents, ioteventsdata, panorama and simspaceweaver (#3458)
  • 30502cb feat: mark common plugins and fix per-op ordering for invokeOperation refacto...
  • 8881653 Revert "feat: mark common plugins and fix per-op ordering for invokeOperation...
  • eba2f01 feat: mark common plugins and fix per-op ordering for invokeOperation… (#3443)
  • 2c5e1db Release 2026-06-23
  • d09eeb5 Regenerated Clients
  • 2f5f5f9 Update API model
  • Additional commits viewable in compare view

Updates github.com/aws/aws-sdk-go-v2/credentials from 1.19.24 to 1.19.25

Commits
  • 26060c5 Release 2026-06-29
  • 24e918a Regenerated Clients
  • 334471f Update API model
  • 96d81dc Deprecate iotevents, ioteventsdata, panorama and simspaceweaver (#3458)
  • 30502cb feat: mark common plugins and fix per-op ordering for invokeOperation refacto...
  • 8881653 Revert "feat: mark common plugins and fix per-op ordering for invokeOperation...
  • eba2f01 feat: mark common plugins and fix per-op ordering for invokeOperation… (#3443)
  • 2c5e1db Release 2026-06-23
  • d09eeb5 Regenerated Clients
  • 2f5f5f9 Update API model
  • Additional commits viewable in compare view

Updates github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs from 1.75.2 to 1.78.1

Commits

Updates github.com/aws/aws-sdk-go-v2/service/sts from 1.43.3 to 1.43.4

Commits

Updates github.com/firebase/genkit/go from 1.9.0 to 1.10.0

Release notes

Sourced from github.com/firebase/genkit/go's releases.

Genkit JS 1.10.0

What's Changed

Dev UI changes:

Full Changelog: https://github.com/firebase/genkit/compare/genkit@1.9.0...genkit@1.10.0

Commits
  • 2b555af feat(go): realtime telemetry for live agents and the basic-agents sample (#5637)
  • f37effb chore: JS version bump
  • 54c60aa chore: CLI version bump
  • a21d43d feat(go/ai/exp/localstore): add per-session pointer files for faster snapshot...
  • fcf87c4 chore(py/samples): drop redundant uvloop dependency (#5595)
  • aacfdee chore(js): add missing license headers to vercel-ai-elements configs (#5623)
  • dc67fba feat(js/ai/session-stores): add per-session pointer files for faster snapshot...
  • 2fed8df feat(go/genkit): gate genkit/exp behind WithExperimental() init option (#5620)
  • 4f78d0d fix(go/ai/exp/localstore): default FileSessionStore snapshots to a "global" s...
  • b477126 feat(go): experimental agent middleware for sub-agent delegation and artifact...
  • Additional commits viewable in compare view

Updates github.com/flanksource/clicky from 1.21.18 to 1.21.33

Release notes

Sourced from github.com/flanksource/clicky's releases.

v1.21.33

1.21.33 (2026-06-28)

⚠ BREAKING CHANGES

  • prompt: PromptSelect, PromptMultiSelect, and PromptText now delegate to context-aware internal functions; behavior is unchanged for callers without a Scope.

✨ Features

  • exec: add bidirectional stdio pipes for long-lived processes (e93b8ca)
  • prompt: add context-aware prompt routing and interactive sink support (07e5ab6)

🐛 Bug Fixes

  • ci,prompt,exec: tidy go.mod and address review findings (c1a9660)
  • ci: tidy example submodule go.mod files (fa5980c)

🔧 Maintenance

  • release: pin sub-modules to v1.21.32 [skip ci] (216e838)

v1.21.32

1.21.32 (2026-06-26)

👷 CI/CD

  • release: check out branch tip for GoReleaser and decouple submodule tags (7cb946d)

v1.21.31

1.21.31 (2026-06-26)

👷 CI/CD

  • release: rename goreleaser folder field to directory (29bb8d6)

v1.21.30

1.21.30 (2026-06-26)

🐛 Bug Fixes

  • aichat: pin clicky require to v1.21.29 so go get works (95378c7)

v1.21.29

1.21.29 (2026-06-26)

... (truncated)

Changelog

Sourced from github.com/flanksource/clicky's changelog.

1.21.33 (2026-06-28)

⚠ BREAKING CHANGES

  • prompt: PromptSelect, PromptMultiSelect, and PromptText now delegate to context-aware internal functions; behavior is unchanged for callers without a Scope.

✨ Features

  • exec: add bidirectional stdio pipes for long-lived processes (e93b8ca)
  • prompt: add context-aware prompt routing and interactive sink support (07e5ab6)

🐛 Bug Fixes

  • ci,prompt,exec: tidy go.mod and address review findings (c1a9660)
  • ci: tidy example submodule go.mod files (fa5980c)

🔧 Maintenance

  • release: pin sub-modules to v1.21.32 [skip ci] (216e838)

1.21.32 (2026-06-26)

👷 CI/CD

  • release: check out branch tip for GoReleaser and decouple submodule tags (7cb946d)

1.21.31 (2026-06-26)

👷 CI/CD

  • release: rename goreleaser folder field to directory (29bb8d6)

1.21.30 (2026-06-26)

🐛 Bug Fixes

  • aichat: pin clicky require to v1.21.29 so go get works (95378c7)

1.21.29 (2026-06-26)

⚠ BREAKING CHANGES

  • cli: Removed SourceMarkdown field from markdown Node and Document structures; removed PreserveSource option from markdown parser. Parser provenance fields are no longer included in clicky-json output.

... (truncated)

Commits
  • 27d907d chore(release): 1.21.33 [skip ci]
  • fa5980c fix(ci): tidy example submodule go.mod files
  • c1a9660 fix(ci,prompt,exec): tidy go.mod and address review findings
  • 07e5ab6 feat(prompt): add context-aware prompt routing and interactive sink support
  • e93b8ca feat(exec): add bidirectional stdio pipes for long-lived processes
  • 216e838 chore(release): pin sub-modules to v1.21.32 [skip ci]
  • 4c7b29c chore(release): 1.21.32 [skip ci]
  • 7cb946d ci(release): check out branch tip for GoReleaser and decouple submodule tags
  • b4f0402 chore(release): 1.21.31 [skip ci]
  • 29bb8d6 ci(release): rename goreleaser folder field to directory
  • Additional commits viewable in compare view

Updates github.com/fluxcd/pkg/gittestserver from 0.28.0 to 0.29.0

Commits
  • 3ba849f Merge pull request #919 from fluxcd/auth-valid-registry
  • d89e633 [RFC-0010] Validate artifact repository for all auth providers
  • 1985bd8 Merge pull request #918 from fluxcd/gogit-agnostic
  • 5b6454a Package git/gogit should be agnostic of providers
  • See full diff in compare view

Updates github.com/jenkins-x/go-scm from 1.15.22 to 1.15.31

Release notes

Sourced from github.com/jenkins-x/go-scm's releases.

1.15.31

Changes in version 1.15.31

Bug Fixes

  • Bitbucket: updated URL for retrieving a list of workspaces (Nathan Hale)

Chores

  • release 1.15.31 (jenkins-x-bot)
  • add variables (jenkins-x-bot)

1.15.30

Changes in version 1.15.30

Chores

  • release 1.15.30 (jenkins-x-bot)
  • add variables (jenkins-x-bot)
  • deps: bump k8s.io/apimachinery from 0.36.1 to 0.36.2 (dependabot[bot])

1.15.29

Changes in version 1.15.29

Chores

  • release 1.15.29 (jenkins-x-bot)
  • add variables (jenkins-x-bot)
  • deps: bump github.com/sirupsen/logrus from 1.9.3 to 1.9.4 (dependabot[bot])

1.15.28

Changes in version 1.15.28

Chores

  • release 1.15.28 (jenkins-x-bot)
  • add variables (jenkins-x-bot)
  • deps: bump code.gitea.io/sdk/gitea from 0.14.0 to 0.22.1 (dependabot[bot])

1.15.27

Changes in version 1.15.27

Chores

  • release 1.15.27 (jenkins-x-bot)
  • add variables (jenkins-x-bot)
  • use stdlib (Mårten Svantesson)
  • deps: bump k8s.io/apimachinery from 0.34.1 to 0.36.1 (dependabot[bot])

1.15.26

... (truncated)

Commits
  • b2cac59 chore: release 1.15.31
  • 9853dcc chore: add variables
  • a062408 Merge pull request #541 from NrdyN8/main
  • e4953cf fix(Bitbucket): updated URL for retrieving a list of workspaces
  • c03f672 Merge pull request #539 from jenkins-x/dependabot/go_modules/k8s.io/apimachin...
  • e921d4f chore(deps): bump k8s.io/apimachinery from 0.36.1 to 0.36.2
  • 690a83a Merge pull request #538 from jenkins-x/dependabot/go_modules/github.com/sirup...
  • 1ff58a3 chore(deps): bump github.com/sirupsen/logrus from 1.9.3 to 1.9.4
  • 66929c8 Merge pull request #527 from vdemeester/dependabot/go_modules/code.gitea.io/s...
  • cb1f5b9 chore(deps): bump code.gitea.io/sdk/gitea from 0.14.0 to 0.22.1
  • Additional commits viewable in compare view

Updates github.com/mark3labs/mcp-go from 0.53.0 to 0.55.1

Release notes

Sourced from github.com/mark3labs/mcp-go's releases.

Release v0.55.1

No release notes provided.

Release v0.55.0

No release notes provided.

Release v0.54.1

No release notes provided.

Release v0.54.0

What's Changed

New Contributors

Full Changelog: mark3labs/mcp-go@v0.53.0...v0.54.0

Commits
  • b6e6224 fix(client): avoid forwarding inbound request headers (#909)
  • 6d28e6d fix: avoid full filter scans on call hot paths (#908)
  • 43c2ca0 oauth: return error instead of (nil, nil) from getServerMetadata (#903) (#904)
  • 3b66aa7 mcptest: add SetSamplingHandler and SetElicitationHandler (#902)
  • 42bc0b2 feat(otel): WithServerLogging — OTEL slog bridge for server structured logs (...
  • d972f3f docs(prompts): add review-pr kit prompt for Go PRs
  • d5c0727 feat(server): WithLogger consolidates structured logging onto *slog.Logger (#...
  • 3f1c760 feat(tracing): add MetaPropagator for W3C trace context via MCP _meta (SEP-41...
  • 2cacbe7 fix: enforce tool/prompt filters at call time, not just list time (#898)
  • 481f056 fix(tools): print errors to stderr for invalid jsonschema tags (#894)
  • Additional commits viewable in

…6 updates

Bumps the go-dependencies group with 23 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [github.com/Azure/azure-sdk-for-go/sdk/azidentity](https://github.com/Azure/azure-sdk-for-go) | `1.13.1` | `1.14.0` |
| [github.com/flanksource/kopper](https://github.com/flanksource/kopper) | `1.0.22` | `1.0.23` |
| [github.com/labstack/echo/v4](https://github.com/labstack/echo) | `4.15.2` | `4.15.4` |
| [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo) | `2.29.0` | `2.32.0` |
| [github.com/onsi/gomega](https://github.com/onsi/gomega) | `1.40.0` | `1.42.1` |
| [github.com/ory/client-go](https://github.com/ory/client-go) | `1.22.39` | `1.22.58` |
| [gorm.io/gorm](https://github.com/go-gorm/gorm) | `1.31.1` | `1.31.2` |
| [k8s.io/apimachinery](https://github.com/kubernetes/apimachinery) | `0.36.1` | `0.36.2` |
| [k8s.io/client-go](https://github.com/kubernetes/client-go) | `0.36.1` | `0.36.2` |
| [github.com/aws/aws-sdk-go-v2/config](https://github.com/aws/aws-sdk-go-v2) | `1.32.25` | `1.32.26` |
| [github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs](https://github.com/aws/aws-sdk-go-v2) | `1.75.2` | `1.78.1` |
| [github.com/firebase/genkit/go](https://github.com/firebase/genkit) | `1.9.0` | `1.10.0` |
| [github.com/flanksource/clicky](https://github.com/flanksource/clicky) | `1.21.18` | `1.21.33` |
| [github.com/fluxcd/pkg/gittestserver](https://github.com/fluxcd/pkg) | `0.28.0` | `0.29.0` |
| [github.com/jenkins-x/go-scm](https://github.com/jenkins-x/go-scm) | `1.15.22` | `1.15.31` |
| [github.com/mark3labs/mcp-go](https://github.com/mark3labs/mcp-go) | `0.53.0` | `0.55.1` |
| [github.com/prometheus/common](https://github.com/prometheus/common) | `0.68.1` | `0.69.0` |
| [github.com/redis/go-redis/v9](https://github.com/redis/go-redis) | `9.19.0` | `9.21.0` |
| [github.com/slack-go/slack](https://github.com/slack-go/slack) | `0.23.1` | `0.27.0` |
| [github.com/tg123/go-htpasswd](https://github.com/tg123/go-htpasswd) | `1.2.4` | `1.2.5` |
| [github.com/xavidop/genkit-aws-bedrock-go](https://github.com/xavidop/genkit-aws-bedrock-go) | `1.14.0` | `1.20.0` |
| [go.opentelemetry.io/contrib/instrumentation/github.com/labstack/echo/otelecho](https://github.com/open-telemetry/opentelemetry-go-contrib) | `0.68.0` | `0.69.0` |
| [google.golang.org/api](https://github.com/googleapis/google-api-go-client) | `0.283.0` | `0.286.0` |



Updates `github.com/Azure/azure-sdk-for-go/sdk/azidentity` from 1.13.1 to 1.14.0
- [Release notes](https://github.com/Azure/azure-sdk-for-go/releases)
- [Commits](Azure/azure-sdk-for-go@sdk/azidentity/v1.13.1...sdk/azcore/v1.14.0)

Updates `github.com/flanksource/kopper` from 1.0.22 to 1.0.23
- [Release notes](https://github.com/flanksource/kopper/releases)
- [Commits](flanksource/kopper@v1.0.22...v1.0.23)

Updates `github.com/labstack/echo/v4` from 4.15.2 to 4.15.4
- [Release notes](https://github.com/labstack/echo/releases)
- [Changelog](https://github.com/labstack/echo/blob/v4.15.4/CHANGELOG.md)
- [Commits](labstack/echo@v4.15.2...v4.15.4)

Updates `github.com/onsi/ginkgo/v2` from 2.29.0 to 2.32.0
- [Release notes](https://github.com/onsi/ginkgo/releases)
- [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md)
- [Commits](onsi/ginkgo@v2.29.0...v2.32.0)

Updates `github.com/onsi/gomega` from 1.40.0 to 1.42.1
- [Release notes](https://github.com/onsi/gomega/releases)
- [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md)
- [Commits](onsi/gomega@v1.40.0...v1.42.1)

Updates `github.com/ory/client-go` from 1.22.39 to 1.22.58
- [Commits](ory/client-go@v1.22.39...v1.22.58)

Updates `gorm.io/gorm` from 1.31.1 to 1.31.2
- [Release notes](https://github.com/go-gorm/gorm/releases)
- [Commits](go-gorm/gorm@v1.31.1...v1.31.2)

Updates `k8s.io/apimachinery` from 0.36.1 to 0.36.2
- [Commits](kubernetes/apimachinery@v0.36.1...v0.36.2)

Updates `k8s.io/client-go` from 0.36.1 to 0.36.2
- [Changelog](https://github.com/kubernetes/client-go/blob/master/CHANGELOG.md)
- [Commits](kubernetes/client-go@v0.36.1...v0.36.2)

Updates `github.com/aws/aws-sdk-go-v2/config` from 1.32.25 to 1.32.26
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](aws/aws-sdk-go-v2@config/v1.32.25...config/v1.32.26)

Updates `github.com/aws/aws-sdk-go-v2/credentials` from 1.19.24 to 1.19.25
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](aws/aws-sdk-go-v2@credentials/v1.19.24...credentials/v1.19.25)

Updates `github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs` from 1.75.2 to 1.78.1
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](aws/aws-sdk-go-v2@service/s3/v1.75.2...service/s3/v1.78.1)

Updates `github.com/aws/aws-sdk-go-v2/service/sts` from 1.43.3 to 1.43.4
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](aws/aws-sdk-go-v2@service/amp/v1.43.3...service/amp/v1.43.4)

Updates `github.com/firebase/genkit/go` from 1.9.0 to 1.10.0
- [Release notes](https://github.com/firebase/genkit/releases)
- [Commits](genkit-ai/genkit@go/v1.9.0...go/v1.10.0)

Updates `github.com/flanksource/clicky` from 1.21.18 to 1.21.33
- [Release notes](https://github.com/flanksource/clicky/releases)
- [Changelog](https://github.com/flanksource/clicky/blob/main/CHANGELOG.md)
- [Commits](flanksource/clicky@v1.21.18...v1.21.33)

Updates `github.com/fluxcd/pkg/gittestserver` from 0.28.0 to 0.29.0
- [Commits](fluxcd/pkg@git/v0.28.0...git/v0.29.0)

Updates `github.com/jenkins-x/go-scm` from 1.15.22 to 1.15.31
- [Release notes](https://github.com/jenkins-x/go-scm/releases)
- [Changelog](https://github.com/jenkins-x/go-scm/blob/main/CHANGELOG.md)
- [Commits](jenkins-x/go-scm@v1.15.22...v1.15.31)

Updates `github.com/mark3labs/mcp-go` from 0.53.0 to 0.55.1
- [Release notes](https://github.com/mark3labs/mcp-go/releases)
- [Commits](mark3labs/mcp-go@v0.53.0...v0.55.1)

Updates `github.com/prometheus/common` from 0.68.1 to 0.69.0
- [Release notes](https://github.com/prometheus/common/releases)
- [Changelog](https://github.com/prometheus/common/blob/main/CHANGELOG.md)
- [Commits](prometheus/common@v0.68.1...v0.69.0)

Updates `github.com/redis/go-redis/v9` from 9.19.0 to 9.21.0
- [Release notes](https://github.com/redis/go-redis/releases)
- [Changelog](https://github.com/redis/go-redis/blob/master/RELEASE-NOTES.md)
- [Commits](redis/go-redis@v9.19.0...v9.21.0)

Updates `github.com/slack-go/slack` from 0.23.1 to 0.27.0
- [Release notes](https://github.com/slack-go/slack/releases)
- [Changelog](https://github.com/slack-go/slack/blob/master/CHANGELOG.md)
- [Commits](slack-go/slack@v0.23.1...v0.27.0)

Updates `github.com/tg123/go-htpasswd` from 1.2.4 to 1.2.5
- [Release notes](https://github.com/tg123/go-htpasswd/releases)
- [Commits](tg123/go-htpasswd@v1.2.4...v1.2.5)

Updates `github.com/xavidop/genkit-aws-bedrock-go` from 1.14.0 to 1.20.0
- [Release notes](https://github.com/xavidop/genkit-aws-bedrock-go/releases)
- [Changelog](https://github.com/genkit-ai/aws-bedrock-go-plugin/blob/main/CHANGELOG.md)
- [Commits](genkit-ai/aws-bedrock-go-plugin@v1.14.0...v1.20.0)

Updates `go.opentelemetry.io/contrib/instrumentation/github.com/labstack/echo/otelecho` from 0.68.0 to 0.69.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go-contrib/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go-contrib/blob/main/CHANGELOG.md)
- [Commits](open-telemetry/opentelemetry-go-contrib@zpages/v0.68.0...zpages/v0.69.0)

Updates `k8s.io/api` from 0.36.1 to 0.36.2
- [Commits](kubernetes/api@v0.36.1...v0.36.2)

Updates `google.golang.org/api` from 0.283.0 to 0.286.0
- [Release notes](https://github.com/googleapis/google-api-go-client/releases)
- [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md)
- [Commits](googleapis/google-api-go-client@v0.283.0...v0.286.0)

---
updated-dependencies:
- dependency-name: github.com/Azure/azure-sdk-for-go/sdk/azidentity
  dependency-version: 1.14.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-dependencies
- dependency-name: github.com/flanksource/kopper
  dependency-version: 1.0.23
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go-dependencies
- dependency-name: github.com/labstack/echo/v4
  dependency-version: 4.15.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go-dependencies
- dependency-name: github.com/onsi/ginkgo/v2
  dependency-version: 2.32.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-dependencies
- dependency-name: github.com/onsi/gomega
  dependency-version: 1.42.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-dependencies
- dependency-name: github.com/ory/client-go
  dependency-version: 1.22.58
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go-dependencies
- dependency-name: gorm.io/gorm
  dependency-version: 1.31.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go-dependencies
- dependency-name: k8s.io/apimachinery
  dependency-version: 0.36.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go-dependencies
- dependency-name: k8s.io/client-go
  dependency-version: 0.36.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go-dependencies
- dependency-name: github.com/aws/aws-sdk-go-v2/config
  dependency-version: 1.32.26
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go-dependencies
- dependency-name: github.com/aws/aws-sdk-go-v2/credentials
  dependency-version: 1.19.25
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go-dependencies
- dependency-name: github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs
  dependency-version: 1.78.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-dependencies
- dependency-name: github.com/aws/aws-sdk-go-v2/service/sts
  dependency-version: 1.43.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go-dependencies
- dependency-name: github.com/firebase/genkit/go
  dependency-version: 1.10.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-dependencies
- dependency-name: github.com/flanksource/clicky
  dependency-version: 1.21.33
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go-dependencies
- dependency-name: github.com/fluxcd/pkg/gittestserver
  dependency-version: 0.29.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-dependencies
- dependency-name: github.com/jenkins-x/go-scm
  dependency-version: 1.15.31
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go-dependencies
- dependency-name: github.com/mark3labs/mcp-go
  dependency-version: 0.55.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-dependencies
- dependency-name: github.com/prometheus/common
  dependency-version: 0.69.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-dependencies
- dependency-name: github.com/redis/go-redis/v9
  dependency-version: 9.21.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-dependencies
- dependency-name: github.com/slack-go/slack
  dependency-version: 0.27.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-dependencies
- dependency-name: github.com/tg123/go-htpasswd
  dependency-version: 1.2.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go-dependencies
- dependency-name: github.com/xavidop/genkit-aws-bedrock-go
  dependency-version: 1.20.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-dependencies
- dependency-name: go.opentelemetry.io/contrib/instrumentation/github.com/labstack/echo/otelecho
  dependency-version: 0.69.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-dependencies
- dependency-name: k8s.io/api
  dependency-version: 0.36.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go-dependencies
- dependency-name: google.golang.org/api
  dependency-version: 0.286.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Jun 30, 2026
@socket-security

Copy link
Copy Markdown

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security
Vulnerability Quality Maintenance License
Addedgolang/​github.com/​onsi/​gomega@​v1.42.171100100100100
Updatedgolang/​github.com/​labstack/​echo/​v4@​v4.15.2 ⏵ v4.15.472 +1100100100100
Updatedgolang/​github.com/​slack-go/​slack@​v0.23.1 ⏵ v0.27.073 +1100100100100
Updatedgolang/​github.com/​mark3labs/​mcp-go@​v0.53.0 ⏵ v0.55.173 +1100100100100
Updatedgolang/​github.com/​jenkins-x/​go-scm@​v1.15.22 ⏵ v1.15.3174 +1100100100100
Updatedgolang/​github.com/​flanksource/​clicky@​v1.21.18 ⏵ v1.21.3374 +1100100100100
Updatedgolang/​github.com/​firebase/​genkit/​go@​v1.9.0 ⏵ v1.10.074 +1100100100100
Updatedgolang/​github.com/​redis/​go-redis/​v9@​v9.19.0 ⏵ v9.21.074 +1100100100100
Updatedgolang/​k8s.io/​apimachinery@​v0.36.1 ⏵ v0.36.274100100100100
Updatedgolang/​k8s.io/​client-go@​v0.36.1 ⏵ v0.36.27510010075100
Updatedgolang/​k8s.io/​api@​v0.36.1 ⏵ v0.36.276100100100100
Updatedgolang/​google.golang.org/​api@​v0.283.0 ⏵ v0.286.079 +1100100100100
Updatedgolang/​github.com/​prometheus/​common@​v0.68.1 ⏵ v0.69.09210010010080
Updatedgolang/​gorm.io/​gorm@​v1.31.1 ⏵ v1.31.282 +1100100100100
Updatedgolang/​github.com/​Azure/​azure-sdk-for-go/​sdk/​azidentity@​v1.13.1 ⏵ v1.14.082 -3100100100100
Updatedgolang/​github.com/​onsi/​ginkgo/​v2@​v2.29.0 ⏵ v2.32.084 +1100100100100
Updatedgolang/​github.com/​ory/​client-go@​v1.22.39 ⏵ v1.22.5887 -2100100100100
Updatedgolang/​github.com/​aws/​aws-sdk-go-v2/​config@​v1.32.25 ⏵ v1.32.2688100100100100
Updatedgolang/​go.opentelemetry.io/​contrib/​instrumentation/​github.com/​labstack/​echo/​otelecho@​v0.68.0 ⏵ v0.69.098100100100100
Updatedgolang/​github.com/​aws/​aws-sdk-go-v2/​credentials@​v1.19.24 ⏵ v1.19.2598100100100100
Updatedgolang/​github.com/​aws/​aws-sdk-go-v2/​service/​sts@​v1.43.3 ⏵ v1.43.498100100100100
Updatedgolang/​github.com/​aws/​aws-sdk-go-v2/​service/​cloudwatchlogs@​v1.75.2 ⏵ v1.78.199100100100100
Updatedgolang/​github.com/​tg123/​go-htpasswd@​v1.2.4 ⏵ v1.2.5100 +1100100100100
Updatedgolang/​github.com/​fluxcd/​pkg/​gittestserver@​v0.28.0 ⏵ v0.29.0100100100100100
Updatedgolang/​github.com/​xavidop/​genkit-aws-bedrock-go@​v1.14.0 ⏵ v1.20.0100100100100100
Updatedgolang/​github.com/​flanksource/​kopper@​v1.0.22 ⏵ v1.0.23100100100100100

View full report

@socket-security

Copy link
Copy Markdown

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action Severity Alert  (click "▶" to expand/collapse)
Warn High
Obfuscated code: golang k8s.io/client-go is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: go.modgolang/k8s.io/client-go@v0.36.2

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore golang/k8s.io/client-go@v0.36.2. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

@dependabot @github

dependabot Bot commented on behalf of github Jul 1, 2026

Copy link
Copy Markdown
Contributor Author

Looks like these dependencies are updatable in another way, so this is no longer needed.

@dependabot dependabot Bot closed this Jul 1, 2026
@dependabot dependabot Bot deleted the dependabot/go_modules/go-dependencies-bdf90d481a branch July 1, 2026 05:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file go Pull requests that update Go code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants