[release-v1.21][gomod]: Bump the minor group across 1 directory with 5 updates

[dependabot]

Bumps the minor group with 5 updates in the / directory:

Package	From	To
github.com/getkin/kin-openapi	0.128.0	0.137.0
github.com/oapi-codegen/nethttp-middleware	1.0.2	1.1.2
github.com/oapi-codegen/oapi-codegen/v2	2.4.1	2.7.0
github.com/oapi-codegen/runtime	1.1.1	1.4.0
go.uber.org/zap	1.27.1	1.28.0

Updates github.com/getkin/kin-openapi from 0.128.0 to 0.137.0

Release notes

Sourced from github.com/getkin/kin-openapi's releases.

v0.137.0

What's Changed

• revert to go 1.25 and revert cc4f8d99 by @​fenollp in getkin/kin-openapi#1161

Full Changelog: getkin/kin-openapi@v0.136.0...v0.137.0

v0.136.0

What's Changed

• openapi3: stop injecting contentless default in NewResponses() by @​0-don in getkin/kin-openapi#1148
• openapi3: standardize Origin json tag to "-" across all types by @​reuvenharrison in getkin/kin-openapi#1149
• Update usage message in cmd/validate by @​fenollp in getkin/kin-openapi#1150
• openapi3: fix determinism when handling discriminator mappings by @​fenollp in getkin/kin-openapi#1151
• feat: bump Go to 1.26 by @​fenollp in getkin/kin-openapi#1152
• openapi3: use componentNames for deterministic visitings by @​fenollp in getkin/kin-openapi#1153
• feat: add OpenAPI 3.1 support by @​reuvenharrison in getkin/kin-openapi#1125
• openapi3: add JoinFunc for custom $ref path resolution by @​reuvenharrison in getkin/kin-openapi#1154
• Add many many tests from ApisGuruOpenapiDirectory by @​fenollp in getkin/kin-openapi#1155
• openapi3: remove map-iteration order leaks causing flaky tests by @​cloudnativeninja in getkin/kin-openapi#1158
• openapi2conv: nil-guard components lookup in FromV3SchemaRef by @​SAY-5 in getkin/kin-openapi#1156
• Address various lint errors by @​fenollp in getkin/kin-openapi#1157

New Contributors

• @​0-don made their first contribution in getkin/kin-openapi#1148
• @​cloudnativeninja made their first contribution in getkin/kin-openapi#1158
• @​SAY-5 made their first contribution in getkin/kin-openapi#1156

Full Changelog: getkin/kin-openapi@v0.135.0...v0.136.0

v0.135.0

What's Changed

• openapi3: strip origin from Encodings and ServerVariables maps by @​reuvenharrison in getkin/kin-openapi#1132
• fix: update yaml3 to prevent panic on empty mapping node in sequence by @​reuvenharrison in getkin/kin-openapi#1133
• openapi3: strip origin from extension values to prevent spurious diffs by @​reuvenharrison in getkin/kin-openapi#1137
• openapi3: strip origin from slices in example values by @​reuvenharrison in getkin/kin-openapi#1138
• fix: bump yaml and yaml3 to v0.0.4 by @​reuvenharrison in getkin/kin-openapi#1136
• openapi3: OriginTree approach for origin tracking — separate pass, no inline stripping by @​reuvenharrison in getkin/kin-openapi#1142
• README: drop go-openapi/spec3 by @​zonescape in getkin/kin-openapi#1143
• fix: bump yaml3+yaml to v0.0.9 to fix -root schema origin by @​reuvenharrison in getkin/kin-openapi#1144
• openapi3: call ReadFromURIFunc before checking IsExternalRefsAllowed by @​reuvenharrison in getkin/kin-openapi#1146
• fix: use location.String() instead of location.Path for origin file tracking by @​reuvenharrison in getkin/kin-openapi#1145
• refactor: Replace sort usage with slices package by @​jedevc in getkin/kin-openapi#1147

New Contributors

• @​zonescape made their first contribution in getkin/kin-openapi#1143
• @​jedevc made their first contribution in getkin/kin-openapi#1147

Full Changelog: getkin/kin-openapi@v0.134.0...v0.135.0

v0.134.0

... (truncated)

Commits

• b641244 revert to go 1.25 and revert cc4f8d99
• ff4bce7 fix and upgrade goimports-reviser
• 028df2a refacto(tests): use t.Context instead of context.Background
• cc4f8d9 refacto: replace openapi3.*Ptr(..) funcs with new(..)
• df95b87 address various lint errors
• 3556929 openapi2conv: nil-guard components lookup in FromV3SchemaRef (#1156)
• 5a0a337 openapi3: remove map-iteration order leaks causing flaky tests (#1158)
• 3489553 openapi3: skip v3.1 load/validation flaky tests
• 3aa08cd openapi3: record v3.1 load/validation test failures
• 3179775 openapi3: enable testing for 3.1 documents
• Additional commits viewable in compare view

Updates github.com/oapi-codegen/nethttp-middleware from 1.0.2 to 1.1.2

Release notes

Sourced from github.com/oapi-codegen/nethttp-middleware's releases.

v1.1.1: fix an incorrect HTTP status code (in an unlikely failure case)

🐛 Bug fixes

• fix: correct error code (#44) @​jamietanna

📦 Dependency updates

• chore(deps): update module github.com/golangci/golangci-lint to v2.1.5 (#39) @renovate[bot]

Sponsors

We would like to thank our sponsors for their support during this release.

... (truncated)

Commits

• a4be325 fix(deps)!: update module github.com/getkin/kin-openapi to v0.132.0
• 02b3b1c build: indicate which versions of Go are supported vs "supported"
• d05a186 build: build against Go 1.23 and 1.24
• 0a8001d fix: correct error code
• 9b5d19d chore(deps): update module github.com/golangci/golangci-lint to v2.1.5
• be28747 refactor: migrate error to a method parameter, not part of ErrorHandlerOpts
• 124a344 feat: add error handler with more configuration
• 750f72e refactor: return early if no options
• 83a8756 refactor: flip error checking to remove nested conditionals
• 0cb46bb chore(deps): update module github.com/golangci/golangci-lint to v2.1.4
• Additional commits viewable in compare view

Updates github.com/oapi-codegen/oapi-codegen/v2 from 2.4.1 to 2.7.0

Release notes

Sourced from github.com/oapi-codegen/oapi-codegen/v2's releases.

v2.7.0: Squashing bugs, many bugs (and adding some features)

Many improvements and even more bug fixes

This v2.7.0 release of oapi-codegen contains quite a bit of internal refactoring, focused on our most historically fragile code paths, which relate to the aggregate types (allOf/anyOf/oneOf), $ref to external specs, enums, and the spec traversal logic missing quite a few leaf nodes where models should have been generated, but were skipped.

The biggest changes are explicitly described in the sections below, and the full list of commits is at the bottom.

Thank you to all contributors, we've been going through all past PR's and updating them and merging where we can, and thanks to all our users for reporting issues that you hit.

I've (@​mromaszewicz) used a lot of LLM help here to scrub through old issues and do some deep internal refactoring to address common problem areas. I intend to continue doing this, since the conditional generation logic is getting quite complicated. When I originally released oapi-codegen, the use case was much simpler, all the models were under #/components/schemas, and all the references to them were in the requests, responses, etc. I never imagine how many things would be external references or unions, and how many complex OpenAPI specifications people would be generating code for. The initial design was never flexible enough to handle that, so ongoing bug fixes are getting increasingly complex due to edge cases. This version has a lot of internal changes you won't see as a user, but the way we handle type generation internally is unifying lots of copy/paste re-implementations into reusable code for consistency. Most of these changes can be done transparently, but some can't, so, onto the changes:

Code generation changes which might require some changes on your end

This release contains three changes, all very narrow in scope, which will require some manual adjustment of your own code. We've decided that these are small enough and uncommon enough not to require opt-in, which causes internal complexity. It's always a judgment call with these. If we got it wrong, we're happy to revisit it in a maintenance release.

Strict-server external response refs require strict-server generation in both packages (#2357)

If your strict-server spec uses an external $ref to a components/responses/... defined in another spec, that other spec must also be generated with strict-server: true. Add it to the source spec's config and regenerate:

# config for the spec being $ref'd
generate:
  models: true
  strict-server: true   # now required when imported by a strict-server spec

This restores the v2.0.0 behavior that lets you cast response models across package boundaries — the standard pattern for sharing error models (e.g. a common 400) across services. PR #1387 had silently changed the embedded type from N400JSONResponse to the bare externalRef0.N400, so the local and external response structs no longer had matching types and casts stopped compiling.

Many more anonymous inner schemas are now hoisted into top level schemas

Inline oneOf, anyOf, and additionalProperties schemas embedded directly under an operation's request or response body now flow through the same boilerplate-emission pipeline as components/schemas, so they get the As* / From* / Merge* accessor methods they were previously missing. As part of that change, two older naming patterns are replaced with one pattern, shared with all components:

GetPets_200_Data_Item             →  GetPets200JSONResponseBody_Data_Item
GetPets200JSONResponse_Data_Item  →  GetPets200JSONResponseBody_Data_Item

In practice, we think this shouldn't break anyone, because this change addresses a bug which produced pointless types with no benefit, and you never interact with these directly, but rather you'd call an accessor on a field of a model.

Strict middleware typedefs are now inlined (#2271)

StrictHandlerFunc and StrictMiddlewareFunc in generated strict-server code are now inline type definitions instead of aliases to github.com/oapi-codegen/runtime/strictmiddleware/<framework>. Generated servers no longer import that package.

... (truncated)

Commits

• b363ca5 refactor(codegen): better Swagger compression, modern naming (#1909)
• 08b3018 Route server enums through general enums codegen (#2358)
• fbc8e0d revert external-ref carve-out in strict-server response embedding (#2010) (#2...
• 7517e09 respect output file path on gofmt failure (#2356)
• 9643421 fix example codegen (#2354)
• 036a54b per-operation middleware in Echo (#2353)
• 3338f93 Strict server: gate no-content response headers on nullable/optional (#2351)
• 218effe Synchronize strict servers (#2350)
• 81b9d95 Overhaul anonymous schema hoisting (#2348)
• eff4a2b fix: allow x-go-type and x-go-type-skip-optional-pointer for allOf (#1610)
• Additional commits viewable in compare view

Updates github.com/oapi-codegen/runtime from 1.1.1 to 1.4.0

Release notes

Sourced from github.com/oapi-codegen/runtime's releases.

Parameter handling improvements and fixes

This release fixes some missing edge cases in parameter binding and styling. We now handle all the permutations of style and explode, for the first time. Lots of tests have been added to catch regressions.

🚀 New features and improvements

• Improve deepobject unmarshalling to support nullable.Nullable and encode.TextUnmarshaler (#45) @​j-waters
• feat: support spaceDelimited and pipeDelimited query parameter binding (#117) @​mromaszewicz

🐛 Bug fixes

• Fix form/explode=false incorrectly splitting primitive string values on commas (#119) @​f-kanari

📦 Dependency updates

• fix(deps): update module github.com/labstack/echo/v4 to v4.15.1 (#105) @renovate[bot]
• fix(deps): update module github.com/labstack/echo/v5 to v5.1.0 (#120) @renovate[bot]
• chore(deps): update release-drafter/release-drafter action to v7 (#113) @renovate[bot]

Sponsors

We would like to thank our sponsors for their support during this release.

Fix a parameter binding regression

v1.3.0 introduced a regression around binding styled parameters into primitive type destinations. This regression was due to a fix in binding matrix and label parameters. Sorry about that.

🐛 Bug fixes

• Fix regression in binding simple parameters (#115) @​mromaszewicz

Sponsors

We would like to thank our sponsors for their support during this release.

... (truncated)

Commits

• 247b459 fix(deps): update module github.com/labstack/echo/v4 to v4.15.1 (#105)
• 1d38dfa fix(deps): update module github.com/labstack/echo/v5 to v5.1.0 (#120)
• be9ed17 chore(deps): update release-drafter/release-drafter action to v7 (#113)
• 77570f9 Fix form/explode=false incorrectly splitting primitive string values on comma...
• dfe6f3b feat: support spaceDelimited and pipeDelimited query parameter binding (#117)
• 5ea8c65 Improve deepobject unmarshalling to support nullable.Nullable and encode.Text...
• 00e51fe Fix regression in binding simple parameters (#115)
• ee2e591 chore: Update to go 1.24 (#111)
• fd63554 Fix: Query param deepObject return without assign on !required (#68)
• c9909ff fix: strip style prefix for label/matrix primitive parameters (#99) (#100)
• Additional commits viewable in compare view

Updates go.uber.org/zap from 1.27.1 to 1.28.0

Release notes

Sourced from go.uber.org/zap's releases.

v1.28.0

Enhancements:

• #1534[]: Add zapcore.CheckPreWriteHook and CheckedEntry.Before method for transforming entries before they are written to any Cores.

#1534: uber-go/zap#1534

Changelog

Sourced from go.uber.org/zap's changelog.

1.28.0 (27 Apr 2026)

Enhancements:

• #1534[]: Add zapcore.CheckPreWriteHook and CheckedEntry.Before method for transforming entries before they are written to any Cores.

Commits

• 5b81b37 release v1.28.0 (#1547)
• 0ab0d5a zapcore: Add PreWriteHook for transforming entries before write (#1534)
• d278c59 [chore] CI: test on Go 1.26 (#1535)
• 16fb16b chore(dep): replace archived gopkg.in/yaml.v3 with officially maintained go.y...
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: dependabot[bot]
Once this PR has been reviewed and has the lgtm label, please assign aliok for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[openshift-ci]

Hi @dependabot[bot]. Thanks for your PR.

I'm waiting for a openshift-knative member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work.

Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.