🌱 Bump github.com/IBM/sarama from 1.46.3 to 1.47.0

[dependabot]

Bumps github.com/IBM/sarama from 1.46.3 to 1.47.0.

Release notes

Sourced from github.com/IBM/sarama's releases.

Version 1.47.0 (2026-02-27)

What's Changed

🎉 New Features / Improvements

• perf(admin): modernize DescribeCluster RPC handling by @​DCjanus in IBM/sarama#3390
• test: expand Java interop tests to cover all compression codecs by @​dnwe in IBM/sarama#3423

🐛 Fixes

• fix(client): add nilguards to updateBroker by @​dnwe in IBM/sarama#3393
• fix(broker): auto-close broken connections by @​DCjanus in IBM/sarama#3412
• fix: set version from IBM/sarama, not main app by @​adamdecaf in IBM/sarama#3415

🔧 Maintenance

• chore: finish up the move to atomic types by @​puellanivis in IBM/sarama#3399
• chore: tear down zk in functional tests by @​edoardocomar in IBM/sarama#3420
• chore: migrate from eapache/go-xerial-snappy to klauspost/compress/sn… by @​edoardocomar in IBM/sarama#3421
• fix(test): resolve FVT issues in Kafka v2.x interop tests by @​edoardocomar in IBM/sarama#3424
• feat: add kafka 4.1.1 constants and use in FVT by @​dnwe in IBM/sarama#3437
• chore: add Kafka 4.0.1 and replace 4.0.0 in FVT by @​edoardocomar in IBM/sarama#3439
• ci(lint): unblock Go 1.26 lint and handle gosec noise by @​DCjanus in IBM/sarama#3454

📦 Dependency updates

• chore(deps): update module golang.org/x/crypto to v0.45.0 [security] → v0.48.0 by @​renovate[bot] in #3383, #3425
• chore(deps): bump golang.org/x/crypto from 0.42.0 to 0.45.0 across /examples (consumergroup, exactly_once, sasl_scram_client, http_server, txn_producer, interceptors) by @​dependabot[bot] in #3382, #3381, #3380, #3379, #3378, #3377
• fix(deps): update module golang.org/x/sync to v0.18.0 by @​renovate[bot] in #3385
• fix(deps): update module golang.org/x/net to v0.49.0 → v0.51.0 by @​renovate[bot] and @​dependabot[bot] in #3426, #3427, #3453
• chore(deps): update golangci/golangci-lint-action action to v9 → v9.2.0 by @​renovate[bot] in #3370, #3400
• chore(deps): update dependency golangci/golangci-lint to v2.6.2 → v2.8.0 by @​renovate[bot] in #3366, #3401
• chore(deps): update docker/bake-action action to v6.10.0 by @​renovate[bot] in #3392
• chore(deps): update docker/setup-buildx-action action to v3.12.0 by @​renovate[bot] in #3416
• chore(deps): bump github.com/klauspost/compress from 1.18.1 to 1.18.4 by @​dependabot[bot] in #3397, #3430, #3442
• chore(deps): bump github.com/pierrec/lz4/v4 from 4.1.22 to 4.1.25 by @​dependabot[bot] in #3411, #3432
• chore(deps): bump the golang-x group across 1 directory with 2 updates by @​dependabot[bot] in #3405
• chore(deps): bump github.com/xdg-go/scram from 1.1.2 to 1.2.0 in /examples/sasl_scram_client by @​dependabot[bot] in #3394
• chore(deps): update dependency dominikh/go-tools to v2026 by @​renovate[bot] in #3446

New Contributors

• @​DCjanus made their first contribution in IBM/sarama#3390
• @​edoardocomar made their first contribution in IBM/sarama#3420
• @​adamdecaf made their first contribution in IBM/sarama#3415

Full Changelog: IBM/sarama@v1.46.3...v1.47.0

Commits

• c6a7ea0 chore(deps): bump github.com/klauspost/compress from 1.18.3 to 1.18.4 (#3442)
• 66eabe8 chore(deps): update dependency dominikh/go-tools to v2026 (#3446)
• e46c213 ci(gosec): suppress G117 and G704 false positives
• 7f0e26c ci(workflows): bump golangci-lint to v2.10.1
• 7a33045 chore(ci): Update registry.access.redhat.com/ubi9/ubi-minimal:9.7 Docker dige...
• 34acfaa chore(ci): bump the actions group with 2 updates (#3450)
• 4df4d82 chore(ci): bump github/codeql-action from 4.31.10 to 4.32.4 (#3451)
• d4862ce chore(deps): bump golang.org/x/net from 0.50.0 to 0.51.0 in the golang-x grou...
• c1bf7ec chore: add ai-assistance guidelines to CONTRIBUTING.md (#3452)
• 0a3b6e3 chore(ci): Update registry.access.redhat.com/ubi9/ubi-minimal:9.7 Docker dige...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: dependabot[bot]
Once this PR has been reviewed and has the lgtm label, please assign nirrozenbaum for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[openshift-ci]

Hi @dependabot[bot]. Thanks for your PR.

I'm waiting for a stolostron member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work.

Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[openshift-ci]

@dependabot[bot]: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/test-e2e	b57565c	link	true	/test test-e2e

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.