Update all non-major dependencies

[renovate]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Type	Update	Change	OpenSSF	Age	Confidence
delve		minor	1.24.1 → 1.26.3
github.com/aquasecurity/trivy	require	minor	v0.61.1 → v0.71.2
github.com/containerd/containerd	require	patch	v1.7.27 → v1.7.33
github.com/docker/go-connections	require	minor	v0.5.0 → v0.7.0
github.com/google/go-containerregistry	require	minor	v0.20.3 → v0.21.7
github.com/samber/lo	require	minor	v1.49.1 → v1.53.0
github.com/sirupsen/logrus	require	patch	v1.9.3 → v1.9.4
github.com/stretchr/testify	require	minor	v1.10.0 → v1.11.1
go (source)	toolchain	minor	1.24.2 → 1.26.4
go		minor	1.24.0 → 1.26.3
golang.org/x/sync	require	minor	v0.13.0 → v0.21.0
gopls (source)		minor	0.18.1 → 0.22.0

---

Release Notes

go-delve/delve (delve)

v1.26.3

Added

• Print function arguments when using eBPF for tracing (#​4305, @​archanaravindar)

Fixed

• Fix regression debugging DWARFv5 executables that use debug_line_str section on macOS (#​4315, @​aarzilli)
• Fix printing wait reason of channels (#​4307, @​croepha)

Changed

• Miscellaneous documentation and test improvements (#​4316, #​4306, @​purelualight, @​typesanitizer)

v1.26.1

Added

• Support for debugging stripped non-Go binaries (#​4263, @​derekparker)
• Package for detecting debugger attachment (#​4258, @​derekparker)
• Starlark append_file built-in function (#​4252, @​sding3)
• DAP: Hit conditional breakpoint capability (#​4230, @​DrSergei)
• Detection and warning about trimpath (#​4241, @​aarzilli)

Fixed

• Fix debuginfod download progress (#​4270, @​aarzilli)
• Fix sigpanics in swiss map iterator (#​4261, @​derekparker)
• Fix finding moduledata in Go 1.26+ (#​4228, @​derekparker)
• Fix goroutine leak and shutdown sequence for eBPF backend (#​4231, @​derekparker)
• Fix eBPF uprobe placement to skip function prologue (#​4249, @​derekparker)
• Fix ProducerAfterOrEqual comparison for devel builds (#​4234, @​typesanitizer)
• DAP: Better error messages when debugger can't be launched (#​4264, @​aarzilli)
• DAP: Reject most requests before launch/attach (#​4240, @​aarzilli)
• Propagate short type option when printing structs (#​4235, @​igadmg)
• Better error if process is already being debugged (#​4242, @​aarzilli)
• Print error when request body can't be decoded (#​4247, @​aarzilli)
• Parse rc version with trailing suffix (#​4255, @​alexsaezm)

Changed

• Migrate from gopkg.in/yaml.v3 to go.yaml.in/yaml/v3 (#​4257, @​scop)
• Update waitReason switch for Go 1.27 (#​4244, @​typesanitizer)
• Downgrade riscv64 support (#​4232, @​derekparker)
• Miscellaneous code quality improvements (#​4221, #​4226, #​4259, #​4262, #​4224, @​derekparker, @​aarzilli)
• Miscellaneous improvements to tests, documentation, and build configuration (#​4250, #​4254, #​4248, #​4265, @​derekparker, @​aarzilli, @​stack1ng)

v1.26.0

Added

• Go 1.26 support (#​4211, #​4205, #​4212, #​4217, @​aarzilli)
• Savestate command for terminal (#​4045, @​alexsaezm)
• DAP: Target command and follow-exec support (#​4078, @​Lslightly)
• DAP: Read memory request handler (#​4083, @​MistaTwista)
• DAP: Input/output redirection (#​4178, @​aarzilli)
• DAP: Suspended breakpoints support (#​4075, @​firelizzard18)
• DAP: Use exception breakpoints for predefined breakpoints (#​4169, @​aarzilli)
• Custom starlark commands can be used with on prefix (#​4170, @​derekparker)
• Shortcut syntax to access target variables in starlark (#​4134, @​aarzilli)
• Support for tracing defer function calls with follow option (#​3978, @​archanaravindar)
• Flag to retain trace directory after detach (#​4091, @​archanaravindar)
• Ability to cancel debuginfod downloads (#​4123, @​aarzilli)
• Process spawned event (#​4171, @​firelizzard18)
• Materialized breakpoint event for follow-exec mode (#​4161, @​aarzilli)
• Way to disable stop-on-error for breakpoint conditions (#​4191, @​aarzilli)
• Function call support on loong64 (#​4114, @​yelvens)
• Build argument logging (#​4185, @​pedia)
• Capslock check (#​4106, @​derekparker)

Fixed

• DAP: Restart handling when compilation fails (#​4215, @​aarzilli)
• DAP: Disable string() field for address-less variables (#​4214, @​aarzilli)
• DAP: Race condition in tests (#​4121, @​derekparker)
• Gdbserial: Do not set detached if we kill the process (#​4216, @​aarzilli)
• Prevent trace killing attached process (#​4164, @​alex-emery)
• Trace /regexp/ should set ret breakpoints correctly (#​4130, @​aarzilli)
• Replay subcommand must keep trace directory (#​4184, @​lwintermelon)
• Nil pointer dereference when calling extra on a nil func (#​4174, @​aarzilli)
• Check that breakpoint exists in ClearBreakpoint (#​4141, @​aarzilli)
• Use address in ClearBreakpoint only when ID is 0 (#​4168, @​aarzilli)
• Return error when calling a non-ptr receiver method on a nil ptr (#​4139, @​aarzilli)
• Additional checks parsing g structs (#​4140, @​aarzilli)
• Remember that we attached in WaitFor attach mode (#​4120, @​aarzilli)
• Guard register logging from nil pointer dereferences (#​4188, @​aarzilli)
• Do not insist stmt is same line as entry in DWARF (#​4186, @​derekparker)
• Fix wait reason string table (#​4182, @​aarzilli)
• Workaround for non-unicode strings in Variables (#​4082, @​aarzilli)
• Fix ppc64le clause in support_sentinel_linux.go (#​4129, @​tshah14)
• Improve frame unwind context handling on loong64 (#​4133, @​yelvens)

Changed

• Replace hashicorp/golang-lru with custom lru cache (#​4196, @​qmuntal)
• Update riscv64 support and add to test matrix (#​4190, @​lrzlin)
• Update riscv64 capslock file (#​4210, @​derekparker)
• Move things that use x/tools/go/packages to new repo (#​3990, @​aarzilli)
• Remove experimental build tags for Windows ARM64 (#​4176, @​gdams)
• Add Windows ARM64 workflow to CI (#​4175, @​gdams)
• Add linux/loong64 to TeamCity configuration (#​4154, @​yelvens)
• Set CI=true on a project level (#​4156, @​vietage)
• Hierarchical search for structMember or method (#​4118, @​wenxuan70)
• Update trie to v3.2.0 (#​4131, @​derekparker)
• Parallelize tests where possible (#​4115, @​derekparker)
• Modernize codebase with newer syntax and helpers (#​4110, @​derekparker)
• Miscellaneous improvements to tests and build configuration (#​4096, #​4135, #​4145, #​4157, #​4163, #​4198, #​4202, #​4111, #​4122, #​4124, #​4209, @​derekparker, @​aarzilli)
• Miscellaneous code refactoring (#​4159, #​4173, #​4201, @​aarzilli)

v1.25.2

Added

• Added notifications for debuginfod downloads (#​3980, @​aarzilli)

Fixed

• Fixed restart behavior of DAP server (#​4068, @​derekparker)
• Various fixes for loong64 backend (#​4095, #​4100, @​yelvens)
• Miscellaneous minor bug fixes (#​4067, #​4090, #​4089, @​aarzilli)

Changed

• Miscellaneous code quality improvements (#​4088, @​cui)

v1.25.1

Added

• Implement restart request for DAP (#​4057, @​derekparker)

Fixed

• Fixed panic when trying to stacktrace an unreadable goroutine in DAP (#​4056, @​aarzilli)
• Fixed panic when trying to access value of unreadable string variables in DAP (#​4055, @​aarzilli)
• Fixed type cast between slices with the same element type (#​4048, @​aarzilli)
• Fixed closure captured variables visibility on closure's first line (#​4049, @​aarzilli)
• Fixed unknown DWARF opcodes causing panics (#​4037, @​aarzilli)
• Added missing response body close in DAP test (#​4039, @​alexandear)
• Fix panic in switchToGoroutineStacktrace (#​4043, @​derekparker)

Changed

• Handle moving of direct interface flag in Go 1.26 (#​4032, @​randall77)
• Simplified tests using slices.Contains (#​4040, @​alexandear)
• Updated Go max support minor version and update golang.org/x/tools (#​4046, @​derekparker)

v1.25.0

Added

• Go 1.25 support (#​4014, @​aarzilli) (more work went into the 1.24.2 and earlier releases)

Fixed

• Fixed several panics found via telemetry (#​4026, #​4018, #​4017, #​4015 @​aarzilli)
• Fixed git hash in version output (#​3987, @​codeaucafe)
• Fix development version parsing (#​3999, @​aarzilli)
• Fix call injection in newer macOS versions (#​3988, @​aarzilli)
• Fix typo in goroutines help output (#​4024, @​jersey1dev)

Changed

• Internal breakpoints (panic, throw) are excluded from DAP response (#​4027, @​ConradIrwin)

v1.24.2

Added

• Support for struct literals in expression evaluator (#​3935, #​3953, @​aarzilli)
• Check to reject DWARFv5 executables if delve itself isn't built with 1.25 or later due to bugs in Go's standard library prior to 1.25 (#​3943, #​3961, @​aarzilli)

Fixed

• Support for macOS Sequoia 15.4 (#​3966, @​aarzilli)
• Race conditions with rr backend (#​3971, #​3973, #​3963, @​BronzeDeer, @​aarzilli)
• Goroutine load with corrupted label maps (#​3968, #​3962, @​hongyuh-hh)
• Breakpoint conditions on suspended breakpoints (#​3938, @​Lslightly)

Changed

• Miscellaneous test and documentation fixes (#​3979, #​3952, #​3954, #​3955, #​3951, @​alexandear, @​codesoap, @​derekparker)

aquasecurity/trivy (github.com/aquasecurity/trivy)

v0.71.2

Compare Source

Changelog

• 055a5c8 release: v0.71.2 [release/v0.71] (#​10871)
• 875328a fix(deps): bump alpine to 3.24.1 [backport: release/v0.71] (#​10870)
• 998f7b3 chore(deps): bump the common group with 4 updates [backport: release/v0.71] (#​10867)

v0.71.1

Compare Source

v0.71.0

Compare Source

⚡ Highlights ⚡

👉 https://redirect.github.com/aquasecurity/trivy/discussions/10767

Changelog

https://github.com/aquasecurity/trivy/blob/main/CHANGELOG.md#0710-2026-06-01

v0.70.0

⚡ Highlights ⚡

👉 https://redirect.github.com/aquasecurity/trivy/discussions/10546

Changelog

https://github.com/aquasecurity/trivy/blob/main/CHANGELOG.md#0700-2026-04-16

v0.69.3

Compare Source

Changelog

• 6fb20c8 release: v0.69.3 [release/v0.69] (#​10293)
• dabefec fix(deps): bump github.com/go-git/go-git/v5 from 5.16.4 to 5.16.5 [backport: release/v0.69] (#​10291)

v0.69.2

Compare Source

Changelog

• cfa322e release: v0.69.2 [release/v0.69] (#​10266)
• 86debce fix(deps): bump go.opentelemetry.io/otel/sdk from 1.39.0 to 1.40.0 [backport: release/v0.69] (#​10267)
• cf3d4cd fix(deps): bump github.com/cloudflare/circl from 1.6.1 to 1.6.3 [backport: release/v0.69] (#​10264)
• 6dfd3b0 ci: remove apidiff workflow

v0.69.1

Compare Source

v0.69.0

Compare Source

v0.68.2

Compare Source

v0.68.1

Compare Source

v0.68.0

Compare Source

v0.67.2

Compare Source

Changelog

• 60c57ad release: v0.67.2 [release/v0.67] (#​9639)
• f3ee80c fix: Use fetch-level: 1 to check out trivy-repo in the release workflow [backport: release/v0.67] (#​9638)

v0.67.1

Compare Source

Changelog

• cbed239 release: v0.67.1 [release/v0.67] (#​9614)
• 1a84093 fix: restore compatibility for google.protobuf.Value [backport: release/v0.67] (#​9631)
• 3bc1490 fix: using SrcVersion instead of Version for echo detector [backport: release/v0.67] (#​9629)
• 542eee7 fix: add buildInfo for BlobInfo in rpc package [backport: release/v0.67] (#​9615)
• f65dd05 fix(vex): don't use reused BOM [backport: release/v0.67] (#​9612)

v0.67.0

Compare Source

👉 Trivy v0.67.0 release notes (click here)

⬇️ Download Trivy

• MacOS Apple Silicon
• MacOS Intel
• Linux Intel
• Linux ARM
• Windows Intel

🐳 New Docker Install option

• docker pull get.trivy.dev/image/trivy:0.67.0

Changelog

https://github.com/aquasecurity/trivy/blob/main/CHANGELOG.md#0670-2025-09-30

v0.66.0

Compare Source

👉 Trivy v.66.0 release notes (click here)

⬇️ Download Trivy

• MacOS Apple Silicon
• MacOS Intel
• Linux Intel
• Linux ARM
• Windows Intel

Full changelog

v0.65.0

Compare Source

👉 Trivy v.65.0 release notes (click here)

⬇️ Download Trivy

• MacOS Apple Silicon
• MacOS Intel
• Linux Intel
• Linux ARM
• Windows Intel

Full changelog

v0.64.1

Compare Source

Changelog

• 86ee3c1 release: v0.64.1 [release/v0.64] (#​9122)
• 4e12722 fix(misconf): skip rewriting expr if attr is nil [backport: release/v0.64] (#​9127)
• 9a7d384 fix(cli): Add more non-sensitive flags to telemetry [backport: release/v0.64] (#​9124)
• 53adfba fix(rootio): check full version to detect root.io packages [backport: release/v0.64] (#​9120)
• 8cf1bf9 fix(alma): parse epochs from rpmqa file [backport: release/v0.64] (#​9119)

v0.64.0

Compare Source

👉 Trivy v.64.0 release notes (click here)

⬇️ Download Trivy

• MacOS Apple Silicon
• MacOS Intel
• Linux Intel
• Linux ARM
• Windows Intel

Full changelog

v0.63.0

Compare Source

👉 Trivy v.63.0 release notes (click here)

⬇️ Download Trivy

• MacOS Apple Silicon
• MacOS Intel
• Linux Intel
• Linux ARM
• Windows Intel

Full changelog

v0.62.1

Compare Source

Changelog

• c75ed21 release: v0.62.1 [release/v0.62] (#​8825)
• aafebeb chore(deps): bump the common group across 1 directory with 10 updates [backport: release/v0.62] (#​8831)
• 99485cf fix(misconf): check if for-each is known when expanding dyn block [backport: release/v0.62] (#​8826)
• b4fc9e8 fix(redhat): trim invalid suffix from content_sets in manifest parsing [backport: release/v0.62] (#​8824)

v0.62.0

Compare Source

⚡Release highlights and summary⚡

👉 https://redirect.github.com/aquasecurity/trivy/discussions/8801

Changelog

https://github.com/aquasecurity/trivy/blob/main/CHANGELOG.md#0620-2025-04-30

containerd/containerd (github.com/containerd/containerd)

v1.7.33: containerd 1.7.33

Compare Source

Welcome to the v1.7.33 release of containerd!

The thirty-third patch release for containerd 1.7 contains various fixes
and updates including security patches.

Security Updates

• containerd

  • CVE-2026-53488
  • CVE-2026-47262

• go-jose

  • CVE-2026-34986

Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.

Contributors

• Samuel Karp
• Chris Henzie
• Akihiro Suda
• Akhil Mohan
• Ben Cressey
• Davanum Srinivas
• Sopho Merkviladze

Changes

17 commits

• Prepare release notes for v1.7.33 (#​13631)
  • 7517e6737 Prepare release notes for v1.7.33
  • ab306518a Merge commit from fork
  • d34cdafda Merge commit from fork
  • 9ab2b7a89 Bound user-database file reads in openBoundedUserFile
  • 1e9806f90 Merge commit from fork
  • 4d8ba4d23 Do not propagate reserved labels from image configs
• update runc binary to v1.3.6 (#​13615)
  • 74c728c13 update runc binary to v1.3.6
• update go to 1.26.4/1.25.11 (#​13579)
  • 947caa4b7 update go to 1.26.4/1.25.11
• Configure udevd children-max for root-test (#​13564)
  • e884e964e Configure udevd children-max for root-test
• Clean up disk space in node e2e workflow (#​13552)
  • b9e756888 Clean up disk space in node e2e workflow
• Bump go-jose/go-jose/v3 to v3.0.5 to fix GHSA-78h2-9frx-2jm8 (#​13467)
  • 4dfc1844e Bump go-jose to v3.0.5 to address CVE-2026-34986

Dependency Changes

• github.com/go-jose/go-jose/v3 v3.0.4 -> v3.0.5

Previous release can be found at v1.7.32

v1.7.32: containerd 1.7.32

Compare Source

Welcome to the v1.7.32 release of containerd!

The thirty-second patch release for containerd 1.7 contains various fixes
and updates including a security patch.

• containerd

  • CVE-2026-46680

• Allow hosts.toml to contain only root-level fields without an explicit [host] section (#​10028)

• Fix handling of out-of-range USER values in OCI spec to avoid unexpected username/group lookups (#​13450)

• Apply hardening to block AF_ALG in default socket policy (#​13406)

• Support both "volatile" and "fsync=volatile" mount options for volatile snapshotter (#​13299)

• Set AppArmor abi conditionally to support versions < 3.0 (#​13273)

Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.

• Maksym Pavlenko
• Chris Henzie
• Derek McGowan
• Paweł Gronowski
• Samuel Karp
• Wei Fu
• Brad Davidson
• Brian Goff
• LEI WANG
• Phil Estes

17 commits

• bc87d865c Prepare release notes for v1.7.32
• oci: return explicit error for out-of-range USER values (#​13450)
  • 503f47946 oci: return explicit error for out-of-range USER values
• seccomp: Block AF_ALG in default socket policy (#​13406)
  • e55b747d3 seccomp: Block AF_ALG in default socket policy
  • 4627a65f8 seccomp: Document socket rule scope and socketcall limitation
• Fix issue with empty host tree in hosts.toml (#​10028)
  • 24007441d Fix error parsing hosts.toml without any host tree
• Support both styles of volatile mount option (#​13299)
  • 940733149 Support both styles of volatile mount option
• apparmor: Set abi conditionally (#​13273)
  • 2b732c892 apparmor: Set abi conditionally
• Add GitHub Action for k8s node e2e tests (#​13258)
  • 0db1e143a Add GitHub Action for k8s node e2e tests
• Update release process after 1.7 (#​13236)
  • 3223a75c2 Update for latest updates to release tool
  • 1b30082eb Update release process after 1.7

This release has no dependency changes

Previous release can be found at v1.7.31

v1.7.31: containerd 1.7.31

Compare Source

Welcome to the v1.7.31 release of containerd!

The thirty-first patch release for containerd 1.7 contains various fixes
and updates including a security patch.

Security Updates

• spdystream
  • CVE-2026-35469

Highlights

Container Runtime Interface (CRI)

• Fix CNI issue where DEL is never executed after a restart (#​12931)
• Sanitize error before gRPC return to prevent possible credential leak in pod events (#​12805)
• Improve error message and add warning when concurrent container creation is detected (#​12744)

Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.

Contributors

• Samuel Karp
• Maksym Pavlenko
• Akhil Mohan
• Phil Estes
• Sebastiaan van Stijn
• Wei Fu
• Akihiro Suda
• Alex Chernyakhovsky
• Chris Henzie
• Michael Zappa
• Ricardo Branco
• Shachar Tal
• ningmingxiao
• yashsingh74

Changes

37 commits

• Prepare release notes for v1.7.31 (#​13221)
  • 7d2662653 Prepare release notes for v1.7.31
• update github.com/moby/spdystream v0.5.1 (#​13220)
  • 3f795c02a update github.com/moby/spdystream v0.5.1
• update to Go 1.25.9, 1.26.2 (#​13200)
  • 7b1e1b17b update to Go 1.25.9, 1.26.2
  • b673f2d42 update golangci-lint to v2.9.0 with go1.26 support
  • d88d8513a remove windows/arm from cross build
  • a763407b5 Ignore warnings for golangci-lint bump
  • 03dcd8360 ci: bump golangci from 6.5.2 to 7.0.0
• Update github.com/moby/spdystream v0.2.0->v0.5.0 (#​13176)
  • c08711218 Update github.com/moby/spdystream v0.2.0->v0.5.0
• Skip TestExportAndImportMultiLayer on s390x (#​13152)
  • 043548f6d Skip TestExportAndImportMultiLayer on s390x
• update runc binary to v1.3.5 (#​13059)
  • e99bd6050 [release/1.7] update runc binary to v1.3.5
• CODEOWNERS: mark Sam and Chris as owners for 1.7 (#​13069)
  • 3a3103aaf CODEOWNERS: mark Sam and Chris as owners for 1.7
• Fix vagrant on CI (#​13064)
  • 9b4cfa271 Ignore NOCHANGE error
• ci: modprobe xt_comment on almalinux (#​12959)
  • 53e9e73f0 ci: modprobe xt_comment on almalinux
• Fix

✂ Note

PR body was truncated to here.

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • Between 12:00 AM and 03:59 AM, only on Monday (* 0-3 * * 1)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[renovate]

ℹ Artifact update notice

File name: go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

• 128 additional dependencies were updated

Details:

Package	Change
github.com/docker/docker	v27.5.1+incompatible -> v28.5.2+incompatible
github.com/sirupsen/logrus	v1.9.3 -> v1.9.4-0.20230606125235-dd1b4c2e81af
cel.dev/expr	v0.19.0 -> v0.24.0
cloud.google.com/go	v0.116.0 -> v0.121.6
cloud.google.com/go/auth	v0.14.0 -> v0.17.0
cloud.google.com/go/auth/oauth2adapt	v0.2.7 -> v0.2.8
cloud.google.com/go/compute/metadata	v0.6.0 -> v0.9.0
cloud.google.com/go/iam	v1.2.2 -> v1.5.3
cloud.google.com/go/monitoring	v1.21.2 -> v1.24.2
cloud.google.com/go/storage	v1.49.0 -> v1.56.0
dario.cat/mergo	v1.0.1 -> v1.0.2
github.com/Azure/azure-sdk-for-go/sdk/azcore	v1.17.0 -> v1.20.0
github.com/Azure/azure-sdk-for-go/sdk/azidentity	v1.8.2 -> v1.13.1
github.com/Azure/azure-sdk-for-go/sdk/internal	v1.10.0 -> v1.11.2
github.com/Azure/go-ansiterm	v0.0.0-20230124172434-306776ec8161 -> v0.0.0-20250102033503-faa5f7b0171c
github.com/AzureAD/microsoft-authentication-library-for-go	v1.3.3 -> v1.6.0
github.com/BurntSushi/toml	v1.4.0 -> v1.5.0
github.com/CycloneDX/cyclonedx-go	v0.9.2 -> v0.9.3
github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp	v1.25.0 -> v1.29.0
github.com/GoogleCloudPlatform/opentelemetry-operations-go/exporter/metric	v0.48.1 -> v0.53.0
github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/resourcemapping	v0.48.1 -> v0.53.0
github.com/Masterminds/semver/v3	v3.3.0 -> v3.4.0
github.com/Microsoft/hcsshim	v0.12.9 -> v0.14.0-rc.1
github.com/ProtonMail/go-crypto	v1.1.5 -> v1.3.0
github.com/aquasecurity/go-npm-version	v0.0.1 -> v0.0.2
github.com/aquasecurity/trivy-checks	v1.8.1 -> v1.11.3-0.20250604022615-9a7efa7c9169
github.com/aquasecurity/trivy-db	v0.0.0-20250227071930-8bd8a9b89e2d -> v0.0.0-20250929072116-eba1ced2340a
github.com/aws/aws-sdk-go-v2	v1.36.3 -> v1.40.0
github.com/aws/aws-sdk-go-v2/config	v1.29.9 -> v1.32.0
github.com/aws/aws-sdk-go-v2/credentials	v1.17.62 -> v1.19.0
github.com/aws/aws-sdk-go-v2/feature/ec2/imds	v1.16.30 -> v1.18.14
github.com/aws/aws-sdk-go-v2/internal/configsources	v1.3.34 -> v1.4.14
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2	v2.6.34 -> v2.7.14
github.com/aws/aws-sdk-go-v2/internal/ini	v1.8.3 -> v1.8.4
github.com/aws/aws-sdk-go-v2/service/ecr	v1.42.1 -> v1.53.1
github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding	v1.12.3 -> v1.13.3
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url	v1.12.15 -> v1.13.14
github.com/aws/aws-sdk-go-v2/service/s3	v1.78.1 -> v1.92.0
github.com/bmatcuk/doublestar/v4	v4.8.1 -> v4.9.1
github.com/cloudflare/circl	v1.6.0 -> v1.6.1
github.com/cncf/xds/go	v0.0.0-20240905190251-b4127c9b8d78 -> v0.0.0-20250501225837-2ac532fd4443
github.com/containerd/cgroups/v3	v3.0.3 -> v3.1.0
github.com/containerd/containerd/api	v1.8.0 -> v1.10.0
github.com/containerd/containerd/v2	v2.0.4 -> v2.2.0
github.com/containerd/platforms	v1.0.0-rc.1 -> v1.0.0-rc.2
github.com/containerd/stargz-snapshotter/estargz	v0.16.3 -> v0.18.1
github.com/cyphar/filepath-securejoin	v0.4.1 -> v0.6.0
github.com/dlclark/regexp2	v1.4.0 -> v1.11.0
github.com/docker/cli	v27.5.0+incompatible -> v29.0.3+incompatible
github.com/docker/docker-credential-helpers	v0.8.2 -> v0.9.3
github.com/emicklei/go-restful/v3	v3.11.0 -> v3.13.0
github.com/envoyproxy/go-control-plane	v0.13.1 -> v0.13.4
github.com/envoyproxy/protoc-gen-validate	v1.1.0 -> v1.2.1
github.com/evanphx/json-patch	v5.9.0+incompatible -> v5.9.11+incompatible
github.com/fxamacker/cbor/v2	v2.7.0 -> v2.9.0
github.com/go-git/go-git/v5	v5.14.0 -> v5.16.3
github.com/go-logr/logr	v1.4.2 -> v1.4.3
github.com/go-openapi/jsonpointer	v0.21.0 -> v0.22.1
github.com/go-openapi/jsonreference	v0.21.0 -> v0.21.3
github.com/go-openapi/swag	v0.23.0 -> v0.25.1
github.com/golang-jwt/jwt/v5	v5.2.2 -> v5.3.0
github.com/google/btree	v1.1.2 -> v1.1.3
github.com/google/gnostic-models	v0.6.9-0.20230804172637-c7be7c783f49 -> v0.7.0
github.com/googleapis/enterprise-certificate-proxy	v0.3.4 -> v0.3.6
github.com/googleapis/gax-go/v2	v2.14.1 -> v2.15.0
github.com/gorilla/websocket	v1.5.0 -> v1.5.4-0.20250319132907-e064f32e3674
github.com/hashicorp/go-getter	v1.7.8 -> v1.8.3
github.com/hashicorp/hcl/v2	v2.23.0 -> v2.24.0
github.com/klauspost/compress	v1.17.11 -> v1.18.1
github.com/moby/buildkit	v0.18.2 -> v0.26.2
github.com/moby/sys/user	v0.3.0 -> v0.4.0
github.com/moby/term	v0.5.0 -> v0.5.2
github.com/modern-go/reflect2	v1.0.2 -> v1.0.3-0.20250322232337-35a7c28c31ee
github.com/oklog/ulid/v2	v2.1.0 -> v2.1.1
github.com/open-policy-agent/opa	v1.2.0 -> v1.10.1
github.com/opencontainers/runtime-spec	v1.2.0 -> v1.2.1
github.com/opencontainers/selinux	v1.11.1 -> v1.13.0
github.com/prometheus/client_golang	v1.21.0 -> v1.23.2
github.com/prometheus/client_model	v0.6.1 -> v0.6.2
github.com/prometheus/common	v0.62.0 -> v0.66.1
github.com/prometheus/procfs	v0.15.1 -> v0.17.0
github.com/rcrowley/go-metrics	v0.0.0-20201227073835-cf1acfcdf475 -> v0.0.0-20250401214520-65e299d6c5c9
github.com/rubenv/sql-migrate	v1.7.1 -> v1.8.0
github.com/samber/oops	v1.15.0 -> v1.18.1
github.com/secure-systems-lab/go-securesystemslib	v0.9.0 -> v0.9.1
github.com/sergi/go-diff	v1.3.2-0.20230802210424-5b0b94c5c0d3 -> v1.4.0
github.com/spf13/cast	v1.7.1 -> v1.10.0
github.com/spf13/cobra	v1.9.1 -> v1.10.1
github.com/spf13/pflag	v1.0.6 -> v1.0.10
github.com/tchap/go-patricia/v2	v2.3.2 -> v2.3.3
github.com/tonistiigi/go-csvvalue	v0.0.0-20240710180619-ddb21b71c0b4 -> v0.0.0-20240814133006-030d3b2625d0
github.com/ulikunitz/xz	v0.5.12 -> v0.5.15
github.com/zclconf/go-cty	v1.16.2 -> v1.17.0
go.etcd.io/bbolt	v1.4.0 -> v1.4.3
go.opentelemetry.io/auto/sdk	v1.1.0 -> v1.2.1
go.opentelemetry.io/contrib/detectors/gcp	v1.32.0 -> v1.36.0
go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc	v0.56.0 -> v0.61.0
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp	v0.59.0 -> v0.63.0
go.opentelemetry.io/otel	v1.34.0 -> v1.38.0
go.opentelemetry.io/otel/metric	v1.34.0 -> v1.38.0
golang.org/x/crypto	v0.36.0 -> v0.45.0
golang.org/x/mod	v0.24.0 -> v0.30.0
golang.org/x/net	v0.37.0 -> v0.47.0
golang.org/x/oauth2	v0.26.0 -> v0.33.0
golang.org/x/sys	v0.31.0 -> v0.38.0
golang.org/x/term	v0.30.0 -> v0.37.0
golang.org/x/text	v0.23.0 -> v0.31.0
google.golang.org/api	v0.218.0 -> v0.254.0
google.golang.org/genproto	v0.0.0-20241118233622-e639e219e697 -> v0.0.0-20250603155806-513f23925822
google.golang.org/genproto/googleapis/api	v0.0.0-20250115164207-1a7da9e5054f -> v0.0.0-20250825161204-c5933d9347a5
google.golang.org/genproto/googleapis/rpc	v0.0.0-20250115164207-1a7da9e5054f -> v0.0.0-20251022142026-3a174f9686a8
google.golang.org/grpc	v1.70.0 -> v1.76.0
google.golang.org/protobuf	v1.36.5 -> v1.36.10
gotest.tools/v3	v3.5.0 -> v3.5.2
helm.sh/helm/v3	v3.17.2 -> v3.19.2
k8s.io/api	v0.32.3 -> v0.34.2
k8s.io/apiextensions-apiserver	v0.32.2 -> v0.34.0
k8s.io/apimachinery	v0.32.3 -> v0.34.2
k8s.io/apiserver	v0.32.2 -> v0.34.0
k8s.io/cli-runtime	v0.32.3 -> v0.34.0
k8s.io/client-go	v0.32.3 -> v0.34.1
k8s.io/component-base	v0.32.3 -> v0.34.0
k8s.io/kube-openapi	v0.0.0-20241105132330-32ad38e42d3f -> v0.0.0-20250710124328-f3f2b991d03b
k8s.io/kubectl	v0.32.3 -> v0.34.0
k8s.io/utils	v0.0.0-20241104100929-3ea5e8cea738 -> v0.0.0-20250604170112-4c0f3b243397
sigs.k8s.io/json	v0.0.0-20241010143419-9aa6b5e7a4b3 -> v0.0.0-20241014173422-cfa47c3a1cc8
sigs.k8s.io/kustomize/api	v0.18.0 -> v0.20.1
sigs.k8s.io/yaml	v1.4.0 -> v1.6.0

[renovate]

ℹ️ Artifact update notice

File name: go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

• 149 additional dependencies were updated

Details:

Package	Change
github.com/docker/docker	v27.5.1+incompatible -> v28.5.2+incompatible
cel.dev/expr	v0.19.0 -> v0.25.1
cloud.google.com/go	v0.116.0 -> v0.123.0
cloud.google.com/go/auth	v0.14.0 -> v0.19.0
cloud.google.com/go/auth/oauth2adapt	v0.2.7 -> v0.2.8
cloud.google.com/go/compute/metadata	v0.6.0 -> v0.9.0
cloud.google.com/go/iam	v1.2.2 -> v1.7.0
cloud.google.com/go/monitoring	v1.21.2 -> v1.24.3
cloud.google.com/go/storage	v1.49.0 -> v1.62.0
dario.cat/mergo	v1.0.1 -> v1.0.2
github.com/Azure/azure-sdk-for-go/sdk/azcore	v1.17.0 -> v1.21.1
github.com/Azure/azure-sdk-for-go/sdk/azidentity	v1.8.2 -> v1.13.1
github.com/Azure/azure-sdk-for-go/sdk/internal	v1.10.0 -> v1.12.0
github.com/Azure/go-ansiterm	v0.0.0-20230124172434-306776ec8161 -> v0.0.0-20250102033503-faa5f7b0171c
github.com/AzureAD/microsoft-authentication-library-for-go	v1.3.3 -> v1.6.0
github.com/BurntSushi/toml	v1.4.0 -> v1.6.0
github.com/CycloneDX/cyclonedx-go	v0.9.2 -> v0.11.0
github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp	v1.25.0 -> v1.31.0
github.com/GoogleCloudPlatform/opentelemetry-operations-go/exporter/metric	v0.48.1 -> v0.55.0
github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/resourcemapping	v0.48.1 -> v0.55.0
github.com/Masterminds/semver/v3	v3.3.0 -> v3.5.0
github.com/Microsoft/go-winio	v0.6.2 -> v0.6.3-0.20251027160822-ad3df93bed29
github.com/Microsoft/hcsshim	v0.12.9 -> v0.15.0-rc.1
github.com/ProtonMail/go-crypto	v1.1.5 -> v1.4.1
github.com/anchore/go-struct-converter	v0.0.0-20221118182256-c68fdcfa2092 -> v0.1.0
github.com/apparentlymart/go-cidr	v1.1.0 -> v1.1.1
github.com/aquasecurity/go-npm-version	v0.0.1 -> v0.0.2
github.com/aquasecurity/go-pep440-version	v0.0.1 -> v0.0.2-0.20260224065243-f9bba28c51a4
github.com/aquasecurity/trivy-checks	v1.8.1 -> v1.12.2-0.20251219190323-79d27547baf5
github.com/aquasecurity/trivy-db	v0.0.0-20250227071930-8bd8a9b89e2d -> v0.0.0-20251222105351-a833f47f8f0d
github.com/aws/aws-sdk-go-v2	v1.36.3 -> v1.41.7
github.com/aws/aws-sdk-go-v2/config	v1.29.9 -> v1.32.17
github.com/aws/aws-sdk-go-v2/credentials	v1.17.62 -> v1.19.16
github.com/aws/aws-sdk-go-v2/feature/ec2/imds	v1.16.30 -> v1.18.23
github.com/aws/aws-sdk-go-v2/internal/configsources	v1.3.34 -> v1.4.23
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2	v2.6.34 -> v2.7.23
github.com/aws/aws-sdk-go-v2/internal/ini	v1.8.3 -> v1.8.6
github.com/aws/aws-sdk-go-v2/service/ecr	v1.42.1 -> v1.57.2
github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding	v1.12.3 -> v1.13.9
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url	v1.12.15 -> v1.13.23
github.com/aws/aws-sdk-go-v2/service/s3	v1.78.1 -> v1.101.0
github.com/bmatcuk/doublestar/v4	v4.8.1 -> v4.10.0
github.com/cloudflare/circl	v1.6.0 -> v1.6.3
github.com/cncf/xds/go	v0.0.0-20240905190251-b4127c9b8d78 -> v0.0.0-20260202195803-dba9d589def2
github.com/containerd/cgroups/v3	v3.0.3 -> v3.1.3
github.com/containerd/containerd/api	v1.8.0 -> v1.11.1
github.com/containerd/containerd/v2	v2.0.4 -> v2.3.1
github.com/containerd/continuity	v0.4.5 -> v0.5.0
github.com/containerd/platforms	v1.0.0-rc.1 -> v1.0.0-rc.4
github.com/containerd/plugin	v1.0.0 -> v1.1.0
github.com/containerd/stargz-snapshotter/estargz	v0.16.3 -> v0.18.2
github.com/containerd/ttrpc	v1.2.7 -> v1.2.8
github.com/cyphar/filepath-securejoin	v0.4.1 -> v0.6.1
github.com/dlclark/regexp2	v1.4.0 -> v1.11.0
github.com/docker/cli	v27.5.0+incompatible -> v29.5.3+incompatible
github.com/docker/docker-credential-helpers	v0.8.2 -> v0.9.5
github.com/docker/go-events	v0.0.0-20190806004212-e31b211e4f1c -> v0.0.0-20250808211157-605354379745
github.com/envoyproxy/go-control-plane	v0.13.1 -> v0.14.0
github.com/envoyproxy/protoc-gen-validate	v1.1.0 -> v1.3.3
github.com/fatih/color	v1.18.0 -> v1.19.0
github.com/go-git/go-billy/v5	v5.6.2 -> v5.9.0
github.com/go-git/go-git/v5	v5.14.0 -> v5.19.1
github.com/go-logr/logr	v1.4.2 -> v1.4.3
github.com/go-openapi/jsonpointer	v0.21.0 -> v0.22.5
github.com/go-openapi/jsonreference	v0.21.0 -> v0.21.5
github.com/go-openapi/swag	v0.23.0 -> v0.26.0
github.com/golang-jwt/jwt/v5	v5.2.2 -> v5.3.1
github.com/google/btree	v1.1.2 -> v1.1.3
github.com/google/gnostic-models	v0.6.9-0.20230804172637-c7be7c783f49 -> v0.7.0
github.com/googleapis/enterprise-certificate-proxy	v0.3.4 -> v0.3.14
github.com/googleapis/gax-go/v2	v2.14.1 -> v2.22.0
github.com/gorilla/websocket	v1.5.0 -> v1.5.4-0.20250319132907-e064f32e3674
github.com/hashicorp/go-getter	v1.7.8 -> v1.8.6
github.com/hashicorp/go-version	v1.7.0 -> v1.9.0
github.com/hashicorp/hcl/v2	v2.23.0 -> v2.24.0
github.com/klauspost/compress	v1.17.11 -> v1.18.6
github.com/lib/pq	v1.10.9 -> v1.12.3
github.com/mailru/easyjson	v0.7.7 -> v0.9.0
github.com/masahiro331/go-disk	v0.0.0-20240625071113-56c933208fee -> v0.0.0-20260423015231-f7a470ebd472
github.com/masahiro331/go-ext4-filesystem	v0.0.0-20240620024024-ca14e6327bbd -> v0.0.0-20260423010602-fe51f5b5e52b
github.com/masahiro331/go-mvn-version	v0.0.0-20250131095131-f4974fa13b8a -> v0.0.0-20260119054159-d21fcd2e7de1
github.com/masahiro331/go-xfs-filesystem	v0.0.0-20231205045356-1b22259a6c44 -> v0.0.0-20260422061116-d21e5e4481bb
github.com/mattn/go-runewidth	v0.0.16 -> v0.0.19
github.com/mattn/go-shellwords	v1.0.12 -> v1.0.13
github.com/mitchellh/mapstructure	v1.5.0 -> v1.5.1-0.20231216201459-8508981c8b6c
github.com/moby/buildkit	v0.18.2 -> v0.30.0
github.com/moby/sys/user	v0.3.0 -> v0.4.0
github.com/moby/term	v0.5.0 -> v0.5.2
github.com/modern-go/reflect2	v1.0.2 -> v1.0.3-0.20250322232337-35a7c28c31ee
github.com/oklog/ulid/v2	v2.1.0 -> v2.1.1
github.com/open-policy-agent/opa	v1.2.0 -> v1.17.0
github.com/opencontainers/runtime-spec	v1.2.0 -> v1.3.0
github.com/opencontainers/selinux	v1.11.1 -> v1.13.1
github.com/owenrumney/squealer	v1.2.11 -> v1.2.12
github.com/package-url/packageurl-go	v0.1.3 -> v0.1.6
github.com/pjbgf/sha1cd	v0.3.2 -> v0.6.0
github.com/prometheus/client_golang	v1.21.0 -> v1.23.2
github.com/prometheus/client_model	v0.6.1 -> v0.6.2
github.com/prometheus/common	v0.62.0 -> v0.67.5
github.com/prometheus/procfs	v0.15.1 -> v0.20.1
github.com/rcrowley/go-metrics	v0.0.0-20201227073835-cf1acfcdf475 -> v0.0.0-20250401214520-65e299d6c5c9
github.com/rubenv/sql-migrate	v1.7.1 -> v1.8.1
github.com/samber/oops	v1.15.0 -> v1.18.1
github.com/secure-systems-lab/go-securesystemslib	v0.9.0 -> v0.11.0
github.com/sergi/go-diff	v1.3.2-0.20230802210424-5b0b94c5c0d3 -> v1.4.0
github.com/spdx/tools-golang	v0.5.5 -> v0.5.7
github.com/spf13/cast	v1.7.1 -> v1.10.0
github.com/spf13/cobra	v1.9.1 -> v1.10.2
github.com/spf13/pflag	v1.0.6 -> v1.0.10
github.com/stretchr/objx	v0.5.2 -> v0.5.3
github.com/tchap/go-patricia/v2	v2.3.2 -> v2.3.3
github.com/zclconf/go-cty	v1.16.2 -> v1.18.1
github.com/zclconf/go-cty-yaml	v1.1.0 -> v1.2.0
go.etcd.io/bbolt	v1.4.0 -> v1.4.3
go.opentelemetry.io/auto/sdk	v1.1.0 -> v1.2.1
go.opentelemetry.io/contrib/detectors/gcp	v1.32.0 -> v1.42.0
go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc	v0.56.0 -> v0.68.0
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp	v0.59.0 -> v0.68.0
go.opentelemetry.io/otel	v1.34.0 -> v1.43.0
go.opentelemetry.io/otel/metric	v1.34.0 -> v1.43.0
go.uber.org/zap	v1.27.0 -> v1.28.0
golang.org/x/crypto	v0.36.0 -> v0.53.0
golang.org/x/mod	v0.24.0 -> v0.37.0
golang.org/x/net	v0.37.0 -> v0.56.0
golang.org/x/oauth2	v0.26.0 -> v0.36.0
golang.org/x/sys	v0.31.0 -> v0.46.0
golang.org/x/term	v0.30.0 -> v0.44.0
google.golang.org/api	v0.218.0 -> v0.274.0
google.golang.org/genproto	v0.0.0-20241118233622-e639e219e697 -> v0.0.0-20260319201613-d00831a3d3e7
google.golang.org/genproto/googleapis/api	v0.0.0-20250115164207-1a7da9e5054f -> v0.0.0-20260406210006-6f92a3bedf2d
google.golang.org/genproto/googleapis/rpc	v0.0.0-20250115164207-1a7da9e5054f -> v0.0.0-20260406210006-6f92a3bedf2d
google.golang.org/grpc	v1.70.0 -> v1.81.0
google.golang.org/protobuf	v1.36.5 -> v1.36.12-0.20260120151049-f2248ac996af
gopkg.in/evanphx/json-patch.v4	v4.12.0 -> v4.13.0
gotest.tools/v3	v3.5.0 -> v3.5.2
k8s.io/api	v0.32.3 -> v0.36.1
k8s.io/apiextensions-apiserver	v0.32.2 -> v0.36.0
k8s.io/apimachinery	v0.32.3 -> v0.36.1
k8s.io/apiserver	v0.32.2 -> v0.36.0
k8s.io/cli-runtime	v0.32.3 -> v0.36.0
k8s.io/client-go	v0.32.3 -> v0.36.0
k8s.io/component-base	v0.32.3 -> v0.36.0
k8s.io/klog/v2	v2.130.1 -> v2.140.0
k8s.io/kube-openapi	v0.0.0-20241105132330-32ad38e42d3f -> v0.0.0-20260319004828-5883c5ee87b9
k8s.io/kubectl	v0.32.3 -> v0.36.0
k8s.io/utils	v0.0.0-20241104100929-3ea5e8cea738 -> v0.0.0-20260319190234-28399d86e0b5
mvdan.cc/sh/v3	v3.11.0 -> v3.12.0
sigs.k8s.io/json	v0.0.0-20241010143419-9aa6b5e7a4b3 -> v0.0.0-20250730193827-2d320260d730
sigs.k8s.io/yaml	v1.4.0 -> v1.6.0