chore(deps): bump the gomod group with 9 updates by dependabot[bot] · Pull Request #1712 · stolostron/config-policy-controller

dependabot · 2026-04-10T17:33:41Z

Bumps the gomod group with 9 updates:

Package	From	To
golang.org/x/mod	`0.34.0`	`0.35.0`
github.com/google/cel-go	`0.27.0`	`0.28.0`
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp	`0.67.0`	`0.68.0`
golang.org/x/crypto	`0.49.0`	`0.50.0`
golang.org/x/net	`0.52.0`	`0.53.0`
golang.org/x/sys	`0.42.0`	`0.43.0`
golang.org/x/term	`0.41.0`	`0.42.0`
golang.org/x/text	`0.35.0`	`0.36.0`
golang.org/x/tools	`0.43.0`	`0.44.0`

Updates golang.org/x/mod from 0.34.0 to 0.35.0

Commits

03901d3 go.mod: update golang.org/x dependencies
See full diff in compare view

Updates github.com/google/cel-go from 0.27.0 to 0.28.0

Release notes

Sourced from github.com/google/cel-go's releases.

Release v0.28.0

High-Level Changes

Enhanced JSON Interoperability: New support for JSON names across the checker, AST, and runtime allows for more seamless data handling when working with JSON-native structures.

Improved Developer Tooling: Integration is now smoother thanks to new utilities for converting Go errors into cel.Issues and more descriptive, context-aware error messages.

Greater Environment Flexibility: You can now redeclare variables as constants and export parse limit options, providing finer control over how CEL environments are configured and constrained.

Native Struct Improvements: Support for mixing CEL and native values within native structs simplifies the handling of complex, hybrid data types.

🚀 Features

Add helper method to check whether a function has a singleton binding in google/cel-go#1266

Helper utility for converting a Go error into cel.Issues in google/cel-go#1267

Policy API improvements in google/cel-go#1268

CEL Test usability requirements in google/cel-go#1269

Better context-related error messages in google/cel-go#1271

Sort env.Config values where reasonable in google/cel-go#1273

Support redeclaring variables as constants in NewEnv in google/cel-go#1275

Add support for exporting parse limit options in google/cel-go#1277

Support mixing CEL values and native values in native structs in google/cel-go#1270

Add checker, AST, and type-provider support for JSON names in google/cel-go#1283

JSON field names runtime support in google/cel-go#1286

Optionally include reachable fieldpaths in prompt in google/cel-go#1285

REPL -- cel-spec pb2 and json name support google/cel-go#1294

🐞 Bug Fixes

Fix support for config-based type references in google/cel-go#1265

Check arg kinds in optional.or and .orValue impl in google/cel-go#1276

Bazel fixes for import in google/cel-go#1278

Support zero-value literals in presence test inlining google/cel-go#1280

Cache concatList.Size() to prevent O(N^2) evaluation time google/cel-go#1291

Preserve runtime error node IDs from Resolve google/cel-go#1290

Default enable identifier escaping with backticks google/cel-go#1295

Cap format string precision to prevent memory exhaustion google/cel-go#1292

🛠️ Maintenance & Internal

chore: Migrate gsutil usage to gcloud storage in google/cel-go#1274

Lint fixes for exported function/type comments in google/cel-go#1279

Lint fixes for import in google/cel-go#1287

Full Changelog: https://github.com/google/cel-go/compare/v0.27.0...v0.28.0-alpha

Release v0.28.0-alpha

High-Level Changes

... (truncated)

Commits

6b8f6d6 fix: cap format string precision to prevent memory exhaustion (#1292)
d942970 Default enable identifier escaping with backticks (#1295)
7114ed2 Preserve runtime error node IDs from Resolve (#1290)
d91350b fix: cache concatList.Size() to prevent O(N^2) evaluation time (#1291)
68bdd8c REPL -- cel-spec pb2 and json name support (#1294)
d19e782 Support zero-value literals in presence test inlining and fix shadowing bugs ...
7c461fc Lint fixes for import (#1287)
09e3119 Optionally include reachable fieldpaths in prompt (#1285)
ae49cd0 Json field names runtime support (#1286)
3624b64 Add checker, ast, and type-provider support for JSON names (#1283)
Additional commits viewable in compare view

Updates go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp from 0.67.0 to 0.68.0

Release notes

Sourced from go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp's releases.

Release v1.43.0/v2.5.0/v0.68.0/v0.37.0/v0.23.0/v0.18.0/v0.16.0/v0.15.0

Added

Add Resource method to SDK in go.opentelemetry.io/contrib/otelconf/v0.3.0 to expose the resolved SDK resource from declarative configuration. (#8660)

Add support to set the configuration file via OTEL_CONFIG_FILE in go.opentelemetry.io/contrib/otelconf. (#8639)

Add support for service resource detector in go.opentelemetry.io/contrib/otelconf. (#8674)

Add support for attribute_count_limit and attribute_value_length_limit in tracer provider configuration in go.opentelemetry.io/contrib/otelconf. (#8687)

Add support for attribute_count_limit and attribute_value_length_limit in logger provider configuration in go.opentelemetry.io/contrib/otelconf. (#8686)

Add support for server.address and server.port attributes in go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc. (#8723)

Add support for OTEL_SEMCONV_STABILITY_OPT_IN in go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc. Supported values are rpc (default), rpc/dup and rpc/old. (#8726)

Add the http.route metric attribute to go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp. (#8632)

Changed

Prepend _ to the normalized environment variable name when the key starts with a digit in go.opentelemetry.io/contrib/propagators/envcar, ensuring POSIX compliance. (#8678)

Move experimental types from go.opentelemetry.io/contrib/otelconf to go.opentelemetry.io/contrib/otelconf/x. (#8529)

Normalize cached environment variable names in go.opentelemetry.io/contrib/propagators/envcar, aligning Carrier.Keys output with the carrier's normalized key format. (#8761)

Fixed

Fix go.opentelemetry.io/contrib/otelconf Prometheus reader converting OTel dot-style label names (e.g. service.name) to underscore-style (service_name) in target_info when both without_type_suffix and without_units are set. Use NoTranslation instead of UnderscoreEscapingWithoutSuffixes to preserve dot-style label names while still suppressing metric name suffixes. (#8763)

Limit the request body size at 1MB in go.opentelemetry.io/contrib/zpages. (#8656)

Fix server spans using the client's address and port for server.address and server.port attributes in go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc. (#8723)

Removed

Host ID resource detector has been removed when configuring the host resource detector in go.opentelemetry.io/contrib/otelconf. (#8581)

Deprecated

Deprecate OTEL_EXPERIMENTAL_CONFIG_FILE in favour of OTEL_CONFIG_FILE in go.opentelemetry.io/contrib/otelconf. (#8639)

What's Changed

chore(deps): update module github.com/jgautheron/goconst to v1.9.0 by @renovate[bot] in open-telemetry/opentelemetry-go-contrib#8651

chore(deps): update module go.yaml.in/yaml/v2 to v2.4.4 by @renovate[bot] in open-telemetry/opentelemetry-go-contrib#8652

chore(deps): update golang.org/x/telemetry digest to e526e8a by @renovate[bot] in open-telemetry/opentelemetry-go-contrib#8647

chore(deps): update module k8s.io/klog/v2 to v2.140.0 by @renovate[bot] in open-telemetry/opentelemetry-go-contrib#8650

chore(deps): update module github.com/mgechev/revive to v1.14.0 by @mmorel-35 in open-telemetry/opentelemetry-go-contrib#8646

chore(deps): update module github.com/mgechev/revive to v1.15.0 by @renovate[bot] in open-telemetry/opentelemetry-go-contrib#8539

chore: fix noctx issues by @mmorel-35 in open-telemetry/opentelemetry-go-contrib#8645

chore(deps): update golang.org/x by @renovate[bot] in open-telemetry/opentelemetry-go-contrib#8655

chore(deps): update module codeberg.org/chavacava/garif to v0.2.1 by @renovate[bot] in open-telemetry/opentelemetry-go-contrib#8654

chore(deps): update module github.com/mattn/go-runewidth to v0.0.21 by @renovate[bot] in open-telemetry/opentelemetry-go-contrib#8653

fix(deps): update module go.opentelemetry.io/proto/otlp to v1.10.0 by @renovate[bot] in open-telemetry/opentelemetry-go-contrib#8657

Limit the number of bytes read from the zpages body by @dmathieu in open-telemetry/opentelemetry-go-contrib#8656

fix(deps): update module github.com/golangci/golangci-lint/v2 to v2.11.2 by @renovate[bot] in open-telemetry/opentelemetry-go-contrib#8648

fix(deps): update module github.com/golangci/golangci-lint/v2 to v2.11.3 by @renovate[bot] in open-telemetry/opentelemetry-go-contrib#8661

chore(deps): update github.com/securego/gosec/v2 digest to 8895462 by @renovate[bot] in open-telemetry/opentelemetry-go-contrib#8663

otelconf: support OTEL_CONFIG_FILE as it is no longer experimental by @codeboten in open-telemetry/opentelemetry-go-contrib#8639

chore(deps): update module github.com/sonatard/noctx to v0.5.1 by @renovate[bot] in open-telemetry/opentelemetry-go-contrib#8664

... (truncated)

Changelog

Sourced from go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp's changelog.

[1.43.0/2.5.0/0.68.0/0.37.0/0.23.0/0.18.0/0.16.0/0.15.0] - 2026-04-03

Added

Add Resource method to SDK in go.opentelemetry.io/contrib/otelconf/v0.3.0 to expose the resolved SDK resource from declarative configuration. (#8660)

Add support to set the configuration file via OTEL_CONFIG_FILE in go.opentelemetry.io/contrib/otelconf. (#8639)

Add support for service resource detector in go.opentelemetry.io/contrib/otelconf. (#8674)

Add support for attribute_count_limit and attribute_value_length_limit in tracer provider configuration in go.opentelemetry.io/contrib/otelconf. (#8687)

Add support for attribute_count_limit and attribute_value_length_limit in logger provider configuration in go.opentelemetry.io/contrib/otelconf. (#8686)

Add support for server.address and server.port attributes in go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc. (#8723)

Add support for OTEL_SEMCONV_STABILITY_OPT_IN in go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc. Supported values are rpc (default), rpc/dup and rpc/old. (#8726)

Add the http.route metric attribute to go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp. (#8632)

Changed

Prepend _ to the normalized environment variable name when the key starts with a digit in go.opentelemetry.io/contrib/propagators/envcar, ensuring POSIX compliance. (#8678)

Move experimental types from go.opentelemetry.io/contrib/otelconf to go.opentelemetry.io/contrib/otelconf/x. (#8529)

Normalize cached environment variable names in go.opentelemetry.io/contrib/propagators/envcar, aligning Carrier.Keys output with the carrier's normalized key format. (#8761)

Fixed

Fix go.opentelemetry.io/contrib/otelconf Prometheus reader converting OTel dot-style label names (e.g. service.name) to underscore-style (service_name) in target_info when both without_type_suffix and without_units are set. Use NoTranslation instead of UnderscoreEscapingWithoutSuffixes to preserve dot-style label names while still suppressing metric name suffixes. (#8763)

Limit the request body size at 1MB in go.opentelemetry.io/contrib/zpages. (#8656)

Fix server spans using the client's address and port for server.address and server.port attributes in go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc. (#8723)

Removed

Host ID resource detector has been removed when configuring the host resource detector in go.opentelemetry.io/contrib/otelconf. (#8581)

Deprecated

Deprecate OTEL_EXPERIMENTAL_CONFIG_FILE in favour of OTEL_CONFIG_FILE in go.opentelemetry.io/contrib/otelconf. (#8639)

Commits

45977a4 Release v1.43.0/v2.5.0/v0.68.0/v0.37.0/v0.23.0/v0.18.0/v0.16.0/v0.15.0 (#8769)
0fcc152 fix(deps): update module github.com/googlecloudplatform/opentelemetry-operati...
eaba3cd chore(deps): update googleapis to 6f92a3b (#8776)
6df430c chore(deps): update module github.com/jgautheron/goconst to v1.10.0 (#8771)
ae90e32 Fix otelconf prometheus label escaping (#8763)
f202c3f otelconf: move experimental types to otelconf/x (#8529)
8ddaece fix(deps): update aws-sdk-go-v2 monorepo (#8764)
c7c03a4 chore(deps): update module github.com/mattn/go-runewidth to v0.0.22 (#8766)
717a85a envcar: normalize cached environment variable names (#8761)
ad990b6 fix(deps): update module github.com/aws/smithy-go to v1.24.3 (#8765)
Additional commits viewable in compare view

Updates golang.org/x/crypto from 0.49.0 to 0.50.0

Commits

03ca0dc go.mod: update golang.org/x dependencies
8400f4a ssh: respect signer's algorithm preference in pickSignatureAlgorithm
81c6cb3 ssh: swap cbcMinPaddingSize to cbcMinPacketSize to get encLength
See full diff in compare view

Updates golang.org/x/net from 0.52.0 to 0.53.0

Commits

a8d1fc1 go.mod: update golang.org/x dependencies
056ac74 quic: avoid depending on golang.org/x/sys/unix
c85f611 http3: add http3 package for testing in std
805fc81 http2: add transport API tests
e63b894 http2: support testing via net/http.Transport.RoundTrip
9ee1e48 http2/hpack: prevent HeaderField from escaping during encoding
1e71bd8 http2: prevent hanging Transport due to bad SETTINGS frame
7bca150 internal/http3: respect net/http Server Shutdown context when shutting down
44c41be internal/http3: prevent server from holding mutex when sleeping during shutdown
228a67a internal/http3: add CloseIdleConnections support in transport
Additional commits viewable in compare view

Updates golang.org/x/sys from 0.42.0 to 0.43.0

Commits

f33a730 windows: support nil security descriptor on GetNamedSecurityInfo
493d172 cpu: add runtime import in cpu_darwin_arm64_other.go
2c2be75 windows: use syscall.SyscallN in Proc.Call
a76ec62 cpu: roll back "use IsProcessorFeaturePresent to calculate ARM64 on windows"
See full diff in compare view

Updates golang.org/x/term from 0.41.0 to 0.42.0

Commits

52b71d3 go.mod: update golang.org/x dependencies
See full diff in compare view

Updates golang.org/x/text from 0.35.0 to 0.36.0

Commits

8577a70 go.mod: update golang.org/x dependencies
See full diff in compare view

Updates golang.org/x/tools from 0.43.0 to 0.44.0

Commits

3dd188d go.mod: update golang.org/x dependencies
aebd870 gopls: improve doc link matching to support links followed by a colon
5357b43 go/analysis/passes/modernize: rangeint: handle type parameter constraints
bf04c61 go/types/internal/play: show normal terms of selected type
0ae2de0 gopls/internal/filecache: cache decoded objects in memCache
8e51a5f go/ssa: support direct references to embedded fields in struct lit
5005b9e internal/gcimporter: rename ureader_yes.go to ureader.go
5ca865b go/types/objectpath: add debugging command
f6476fb internal/gcimporter: consume generic methods in gcimporter
b36d1d1 internal/pkgbits: sync version.go with goroot
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the gomod group with 9 updates: | Package | From | To | | --- | --- | --- | | [golang.org/x/mod](https://github.com/golang/mod) | `0.34.0` | `0.35.0` | | [github.com/google/cel-go](https://github.com/google/cel-go) | `0.27.0` | `0.28.0` | | [go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp](https://github.com/open-telemetry/opentelemetry-go-contrib) | `0.67.0` | `0.68.0` | | [golang.org/x/crypto](https://github.com/golang/crypto) | `0.49.0` | `0.50.0` | | [golang.org/x/net](https://github.com/golang/net) | `0.52.0` | `0.53.0` | | [golang.org/x/sys](https://github.com/golang/sys) | `0.42.0` | `0.43.0` | | [golang.org/x/term](https://github.com/golang/term) | `0.41.0` | `0.42.0` | | [golang.org/x/text](https://github.com/golang/text) | `0.35.0` | `0.36.0` | | [golang.org/x/tools](https://github.com/golang/tools) | `0.43.0` | `0.44.0` | Updates `golang.org/x/mod` from 0.34.0 to 0.35.0 - [Commits](golang/mod@v0.34.0...v0.35.0) Updates `github.com/google/cel-go` from 0.27.0 to 0.28.0 - [Release notes](https://github.com/google/cel-go/releases) - [Commits](google/cel-go@v0.27.0...v0.28.0) Updates `go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp` from 0.67.0 to 0.68.0 - [Release notes](https://github.com/open-telemetry/opentelemetry-go-contrib/releases) - [Changelog](https://github.com/open-telemetry/opentelemetry-go-contrib/blob/main/CHANGELOG.md) - [Commits](open-telemetry/opentelemetry-go-contrib@zpages/v0.67.0...zpages/v0.68.0) Updates `golang.org/x/crypto` from 0.49.0 to 0.50.0 - [Commits](golang/crypto@v0.49.0...v0.50.0) Updates `golang.org/x/net` from 0.52.0 to 0.53.0 - [Commits](golang/net@v0.52.0...v0.53.0) Updates `golang.org/x/sys` from 0.42.0 to 0.43.0 - [Commits](golang/sys@v0.42.0...v0.43.0) Updates `golang.org/x/term` from 0.41.0 to 0.42.0 - [Commits](golang/term@v0.41.0...v0.42.0) Updates `golang.org/x/text` from 0.35.0 to 0.36.0 - [Release notes](https://github.com/golang/text/releases) - [Commits](golang/text@v0.35.0...v0.36.0) Updates `golang.org/x/tools` from 0.43.0 to 0.44.0 - [Release notes](https://github.com/golang/tools/releases) - [Commits](golang/tools@v0.43.0...v0.44.0) --- updated-dependencies: - dependency-name: golang.org/x/mod dependency-version: 0.35.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: gomod - dependency-name: github.com/google/cel-go dependency-version: 0.28.0 dependency-type: indirect update-type: version-update:semver-minor dependency-group: gomod - dependency-name: go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp dependency-version: 0.68.0 dependency-type: indirect update-type: version-update:semver-minor dependency-group: gomod - dependency-name: golang.org/x/crypto dependency-version: 0.50.0 dependency-type: indirect update-type: version-update:semver-minor dependency-group: gomod - dependency-name: golang.org/x/net dependency-version: 0.53.0 dependency-type: indirect update-type: version-update:semver-minor dependency-group: gomod - dependency-name: golang.org/x/sys dependency-version: 0.43.0 dependency-type: indirect update-type: version-update:semver-minor dependency-group: gomod - dependency-name: golang.org/x/term dependency-version: 0.42.0 dependency-type: indirect update-type: version-update:semver-minor dependency-group: gomod - dependency-name: golang.org/x/text dependency-version: 0.36.0 dependency-type: indirect update-type: version-update:semver-minor dependency-group: gomod - dependency-name: golang.org/x/tools dependency-version: 0.44.0 dependency-type: indirect update-type: version-update:semver-minor dependency-group: gomod ... Signed-off-by: dependabot[bot] <support@github.com>

openshift-ci · 2026-04-10T17:33:50Z

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: dependabot[bot]
Once this PR has been reviewed and has the lgtm label, please assign dhaiducek for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

dependabot · 2026-04-10T18:28:51Z

Looks like these dependencies are no longer updatable, so this is no longer needed.

dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update go code labels Apr 10, 2026

openshift-ci bot added the dco-signoff: yes label Apr 10, 2026

dependabot bot closed this Apr 10, 2026

dependabot bot deleted the dependabot/go_modules/gomod-29dc0be476 branch April 10, 2026 18:28

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): bump the gomod group with 9 updates#1712

chore(deps): bump the gomod group with 9 updates#1712
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/go_modules/gomod-29dc0be476

dependabot bot commented on behalf of github Apr 10, 2026 •

edited

Loading

Uh oh!

openshift-ci bot commented Apr 10, 2026

Uh oh!

dependabot bot commented on behalf of github Apr 10, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot bot commented on behalf of github Apr 10, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Release v0.28.0

High-Level Changes

🚀 Features

🐞 Bug Fixes

🛠️ Maintenance & Internal

Release v0.28.0-alpha

High-Level Changes

Release v1.43.0/v2.5.0/v0.68.0/v0.37.0/v0.23.0/v0.18.0/v0.16.0/v0.15.0

Added

Changed

Fixed

Removed

Deprecated

What's Changed

[1.43.0/2.5.0/0.68.0/0.37.0/0.23.0/0.18.0/0.16.0/0.15.0] - 2026-04-03

Added

Changed

Fixed

Removed

Deprecated

Uh oh!

openshift-ci bot commented Apr 10, 2026

Uh oh!

dependabot bot commented on behalf of github Apr 10, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

dependabot bot commented on behalf of github Apr 10, 2026 •

edited

Loading