Skip to content

[release-v1.17][gomod]: Bump the minor group across 1 directory with 19 updates#1882

Open
dependabot[bot] wants to merge 1 commit intorelease-v1.17from
dependabot/go_modules/release-v1.17/minor-81068836df
Open

[release-v1.17][gomod]: Bump the minor group across 1 directory with 19 updates#1882
dependabot[bot] wants to merge 1 commit intorelease-v1.17from
dependabot/go_modules/release-v1.17/minor-81068836df

Conversation

@dependabot
Copy link
Copy Markdown

@dependabot dependabot Bot commented on behalf of github May 4, 2026

Bumps the minor group with 8 updates in the / directory:

Package From To
github.com/cert-manager/cert-manager 1.16.3 1.20.2
github.com/cloudevents/sdk-go/sql/v2 2.0.0-20240712172937-3ce6b2f1f011 2.16.2
github.com/coreos/go-oidc/v3 3.9.0 3.18.0
github.com/eclipse/paho.golang 0.12.0 0.23.0
github.com/pelletier/go-toml/v2 2.2.4 2.3.1
github.com/rickb777/date 1.13.0 1.22.0
go.uber.org/atomic 1.10.0 1.11.0
go.uber.org/zap 1.27.1 1.28.0

Updates github.com/cert-manager/cert-manager from 1.16.3 to 1.20.2

Release notes

Sourced from github.com/cert-manager/cert-manager's releases.

v1.20.2

cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters.

v1.20.2 fixes invalid YAML generated in the Helm chart when both webhook.config and webhook.volumes are defined, and bumps Go to 1.26.2 along with dependencies to address reported vulnerabilities.

Changes by Kind

Bug or Regression

Other (Cleanup or Flake)

v1.20.1

cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters.

v1.20.1 fixes an issue for OpenShift users that has to do with the finalizer RBAC, bumps gRPC to address a reported non-affecting vulnerability, and fixes a duplicate parentRef bug when both issuer config and annotations are present (Gateway API).

Bug or Regression

  • Fixed duplicate parentRef bug when both issuer config and annotations are present. (#8658, @​hjoshi123)
  • Add missing issuer finalizer RBAC to the order controller to support owner references. This was preventing OpenShift users from being able to upgrade to v1.20.0. (#8655, @​erikgb)
  • Bump google.golang.org/grpc to fix vulnerability reported by scanners. This isn't a vulnerability that affects cert-manager, but we are bumping it because it is reported by scanners. (#8657, @​erikgb)

v1.20.0

cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters.

v1.20.0 adds alpha support for the new ListenerSet resource, adds support for Azure Private DNS; parentRefs are no longer required when using ACME with Gateway API, and OtherNames was promoted to Beta.

Changes by Kind

Feature

  • Added a set of flags to permit setting NetworkPolicy across all deployed containers. Remove redundant global IP ranges from example policies. (#8370, @​jcpunk)
  • Added selectable fields to custom resource definitions for .spec.issuerRef.{group, kind, name} (#8256, @​tareksha)
  • Added support for specifying imagePullSecrets in the startupapicheck-job Helm template to enable pulling images from private registries. (#8186, @​mathieu-clnk)
  • Added 'extraContainers' helm chart value, allowing the deployment of arbitrary sidecar containers within the cert-manager operator pod. This can be used to support, for e.g., AWS IAM Roles Anywhere for Route53 DNS01 verification. (#8355, @​dancmeyers)
  • Added parentRef override annotations on the Certificate resource. (#8518, @​hjoshi123)
  • Added support for azure private zones for dns01 issuer. (#8494, @​hjoshi123)
  • Added support for configuring PEM decoding size limits, allowing operators to handle larger certificates and keys. (#7642, @​robertlestak)
  • Added support for unhealthyPodEvictionPolicy in PodDisruptionBudget (#7728, @​jcpunk)
  • For Venafi provider, read venafi.cert-manager.io/custom-fields annotation on Issuer/ClusterIssuer and use it as base with override/append capabilities on Certificate level. (#8301, @​k0da)
  • Improve error message when CA issuers are misconfigured to use a clashing secret name (#8374, @​majiayu000)
  • Introduce a new Ingress annotation acme.cert-manager.io/http01-ingress-ingressclassname to override http01.ingress.ingressClassName field in HTTP-01 challenge solvers. (#8244, @​lunarwhite)
  • Update global.nodeSelector to helm chart to perform a merge and allow for a single nodeSelector to be set across all services. (#8195, @​StingRayZA)

... (truncated)

Commits
  • e5b7b18 Merge pull request #8704 from erikgb/1-20-fix-vuln-go-deps
  • e7ec855 Merge pull request #8703 from erikgb/1-20-bump-go-base-images
  • cd96b95 [release-1.20] Bump go dependencies with reported vulnerabilities
  • a1b6f11 [release-1.20] Bump go to 1.26.2 and bump base images
  • 6dee676 Merge pull request #8665 from cert-manager-bot/cherry-pick-8664-to-release-1.20
  • 9ccf555 Fix indentation in webhook-deployment when both webhook.volumes and webhook.c...
  • dc96863 Merge pull request #8658 from cert-manager-bot/cherry-pick-8619-to-release-1.20
  • 7e66079 removing duplicate parentRefs
  • 75f90e4 Merge pull request #8657 from erikgb/fix-grpc-vuln
  • f27364c Update module google.golang.org/grpc to v1.79.3 [security] (release-1.20)
  • Additional commits viewable in compare view

Updates github.com/cloudevents/sdk-go/sql/v2 from 2.0.0-20240712172937-3ce6b2f1f011 to 2.16.2

Release notes

Sourced from github.com/cloudevents/sdk-go/sql/v2's releases.

Release v2.16.2

No release notes provided.

Release v2.16.1

CloudEvents SDK Go v2.16.1

🐛 Bug Fixes and Improvements

  • ⚡ NATS JetStream Enhancement: Made send subject optional via context by @​kmpm in cloudevents/sdk-go#1143

    • Added WithSubject function to override the default subject when sending messages
    • Added comprehensive tests and updated samples
    • Non-breaking enhancement that adds flexibility for NATS users

  • 📝 CloudEvents JSON Handling Fixes by @​alank-ps:

    • WriteJson Fix in cloudevents/sdk-go#1162: Fixed WriteJson to properly handle data as JSON when dataContentType is application/cloudevents+json or batch
    • ConsumeData Fix in cloudevents/sdk-go#1164: Fixed consumeData functions to properly recognize structured mode JSON content types
    • Improves compatibility with the CloudEvents specification

  • 🔧 CI/Test Improvements: Fix failing CI tests by @​embano1 in cloudevents/sdk-go#1156

🔄 Maintenance and Dependency Updates

  • 🛠️ Dependency Management Overhaul by @​embano1 in cloudevents/sdk-go#1145
    • Added script (hack/update-deps.sh) to update Go dependencies across all modules
    • Replaced Dependabot with custom script for better dependency management
    • Removed stale and broken OpenTelemetry samples

📦 Key Dependency Updates:

  • github.com/google/go-cmp: v0.6.0 → v0.7.0
  • golang.org/x/sync: v0.12.0 → v0.13.0
  • github.com/nats-io/nats.go: v1.37.0 → v1.41.2
  • github.com/IBM/sarama: v1.40.1 → v1.45.1
  • github.com/docker/docker: v20.10.17 → v27.1.1
  • go.opentelemetry.io/otel: v1.18.0 → v1.35.0
  • 🐹 Go version: Updated from 1.22 to 1.23.0 (toolchain 1.23.8)

🚨 Breaking Changes

None. All updates are either backward-compatible improvements, bug fixes, or internal refactors.

👥 New Contributors

📋 What's Changed

... (truncated)

Commits

Updates github.com/coreos/go-oidc/v3 from 3.9.0 to 3.18.0

Release notes

Sourced from github.com/coreos/go-oidc/v3's releases.

v3.18.0

What's Changed

Full Changelog: coreos/go-oidc@v3.17.0...v3.18.0

v3.17.0

What's Changed

Full Changelog: coreos/go-oidc@v3.16.0...v3.17.0

v3.16.0

What's Changed

New Contributors

Full Changelog: coreos/go-oidc@v3.15.0...v3.16.0

v3.15.0

What's Changed

Full Changelog: coreos/go-oidc@v3.14.1...v3.15.0

v3.14.1

What's Changed

Full Changelog: coreos/go-oidc@v3.14.0...v3.14.1

v3.14.0

What's Changed

Full Changelog: coreos/go-oidc@v3.13.0...v3.14.0

v3.13.0

What's Changed

... (truncated)

Commits
  • da6b3bf build(deps): bump github.com/go-jose/go-jose/v4 from 4.1.3 to 4.1.4
  • 7f80694 build(deps): bump golang.org/x/oauth2 from 0.28.0 to 0.36.0
  • 7271de5 .github: update go versions in CI
  • 3ccf20f .github: configure dependabot
  • 35b8e03 oidc: improve error message for mismatched issuer URLs
  • e958473 bump go to 1.24, remove 1.23 support, bump go-jose dependency, remove x/net d...
  • 69b1670 refactor: Remove unused time injection from RemoteKeySet
  • 8d1e57e oidc: verify the ID Token's signature before processing claims
  • a7c457e oidctest: fix import
  • aba1ce2 oidc/oidctest: add new package
  • Additional commits viewable in compare view

Updates github.com/eclipse/paho.golang from 0.12.0 to 0.23.0

Release notes

Sourced from github.com/eclipse/paho.golang's releases.

0.23

The is a minor release that incorporates fixes/improvements made over the last 10 months. Dependencies have been updated, and Go version 1.24 is now required (matching the "Go release policy").

I don't believe there are any breaking changes. Keepalive behaviour has been changed so that a PING is sent unless a packet has been sent AND received within the keepalive period (to address potential issues where a client is sending constantly, but never receives anything).

Note that one of the fixes addresses a potential security issue where data from one field (e.g. topic, properties) may leak into another (e.g. message body). This issue was raised against paho.mqtt.golang (issue 730) but the same code existed in this library. Thanks to Paul Gerste (Sonar) for reporting the original issue.

Thanks to those who have provided fixes/enhancements included in this release!.

What's Changed

New Contributors

Full Changelog: eclipse-paho/paho.golang@v0.22.0...v0.23.0

0.22

The is a minor release that incorporates fixes/improvements made over the last 9 months.

There is one breaking change, autopaho.ConnectPacketBuilder may now return an error (this is useful when the packet cannot be built, for example when auth details are temporarily unavailable).

Thanks to those who have provided fixes/enhanceents included in this release!.

What's Changed

... (truncated)

Commits
  • 1aa0396 Dependency and go version update.
  • b45d25d DISCONNECT packet with missing property length prevented OnServerDisconnect call
  • 38d3585 Fix AuthResponse success value being set to true on error
  • 6f75464 Fix AuthResponse success value being set to true on error
  • 022e144 Fix OnServerDisconnect not being called when packet has no properties
  • ab72a18 Simplify Directory creation
  • ec5d947 drop redundant stat before MkdirAll
  • 16106c7 Filestore should attempt to create folder if it does not exist
  • 3b79283 autopaho file queue - fix folder creation
  • 9135b2a fix folder existence check in autopaho file queue
  • Additional commits viewable in compare view

Updates github.com/gorilla/websocket from 1.5.3 to 1.5.4-0.20250319132907-e064f32e3674

Commits

Updates github.com/pelletier/go-toml/v2 from 2.2.4 to 2.3.1

Release notes

Sourced from github.com/pelletier/go-toml/v2's releases.

v2.3.1

What's Changed

Fixed bugs

Other changes

New Contributors

Full Changelog: pelletier/go-toml@v2.3.0...v2.3.1

v2.3.0

This is the first release built largely with the help of AI coding agents. Highlights include the complete removal of the unsafe package. go-toml is now fully safe Go code, with a geomean overhead of only ~1.4% vs v2.2.4 and zero additional allocations on benchmarks. This release also adds omitzero struct tag support, improves UnmarshalText/Unmarshaler handling for tables and array tables, and fixes several bugs including nil pointer marshaling, leap second handling, and datetime unmarshaling panics.

What's Changed

What's new

Fixed bugs

Documentation

Other changes

New Contributors

... (truncated)

Commits
  • f85c4e8 README.md: remove reference to old go versions and modules (#1048)
  • 45d4fb4 fix: change DisallowUnknownFields error from "missing field" to "unknown fiel...
  • c171216 Fix incorrect error positions in unstable parser Range() (#1047) (#1056)
  • f36a3ec Reduce marshal and unmarshal overhead (#1044)
  • 77f3862 Fix benchmark script replacing internal package imports (#1042)
  • 16b1ef5 Fix parser error pointing to wrong line when last line has no trailing newlin...
  • e14bde7 build(deps): bump docker/login-action from 3 to 4 (#1039)
  • 4b1ff01 build(deps): bump docker/setup-buildx-action from 3 to 4 (#1040)
  • 048a25f Go 1.26 (#1030)
  • b357558 build(deps): bump goreleaser/goreleaser-action from 6 to 7 (#1035)
  • Additional commits viewable in compare view

Updates github.com/rickb777/date from 1.13.0 to 1.22.0

Release notes

Sourced from github.com/rickb777/date's releases.

v1.22.0

No release notes provided.

v1 ParseISO tweaked

ParseISO now accepts date-time inputs, ignoring the time field.

period.AddTo revised to reduce the impact of subtle behaviours of time.AddDate

Minor bugfix

  • resolves issue #19
  • updates dependencies

v1.20.2 updated dependencies

No release notes provided.

v1.20.0

No release notes provided.

v1.19.1

No release notes provided.

Bufix: MarshalJSON

Date.MarshalJSON incorrectly wrote the zero value as a blank string, which might raise difficulties at the receiver.

Code that relied on this incorrect behaviour might see this as a breaking change.

v1.18

No release notes provided.

updated dependencies

No release notes provided.

Bug fixed: integer overflow on 32bit architecture

No release notes provided.

v1.14.1

No release notes provided.

Period revised

Improvements to Period, including new methods and improved tests.

Commits
  • cedbf7d v1 is now marked as deprecated; updated dependencies
  • 57313ad updated dependencies (v1 branch)
  • b7388c8 Minor test correction
  • db08fef Date ParseISO & AutoParse now accept a date-time input (time is ignored)
  • 9a7458e updated dependencies
  • 02b87e1 another parse test case
  • ff580cf more tests added to period.Between
  • b6690e4 period.AddTo revised to reduce the impact of subtle behaviours of time.AddDate
  • ad3aa70 Dependencies updated
  • a792460 Bugfix: this resolves issue #19 fraction designator parsing bug
  • Additional commits viewable in compare view

Updates go.opentelemetry.io/otel from 1.38.0 to 1.43.0

Changelog

Sourced from go.opentelemetry.io/otel's changelog.

[1.43.0/0.65.0/0.19.0] 2026-04-02

Added

  • Add IsRandom and WithRandom on TraceFlags, and IsRandom on SpanContext in go.opentelemetry.io/otel/trace for W3C Trace Context Level 2 Random Trace ID Flag support. (#8012)
  • Add service detection with WithService in go.opentelemetry.io/otel/sdk/resource. (#7642)
  • Add DefaultWithContext and EnvironmentWithContext in go.opentelemetry.io/otel/sdk/resource to support plumbing context.Context through default and environment detectors. (#8051)
  • Support attributes with empty value (attribute.EMPTY) in go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc. (#8038)
  • Support attributes with empty value (attribute.EMPTY) in go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc. (#8038)
  • Support attributes with empty value (attribute.EMPTY) in go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc. (#8038)
  • Support attributes with empty value (attribute.EMPTY) in go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp. (#8038)
  • Support attributes with empty value (attribute.EMPTY) in go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp. (#8038)
  • Support attributes with empty value (attribute.EMPTY) in go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp. (#8038)
  • Support attributes with empty value (attribute.EMPTY) in go.opentelemetry.io/otel/sdk/metric/metricdata/metricdatatest. (#8038)
  • Add support for per-series start time tracking for cumulative metrics in go.opentelemetry.io/otel/sdk/metric. Set OTEL_GO_X_PER_SERIES_START_TIMESTAMPS=true to enable. (#8060)
  • Add WithCardinalityLimitSelector for metric reader for configuring cardinality limits specific to the instrument kind. (#7855)

Changed

  • Introduce the EMPTY Type in go.opentelemetry.io/otel/attribute to reflect that an empty value is now a valid value, with INVALID remaining as a deprecated alias of EMPTY. (#8038)
  • Improve slice handling in go.opentelemetry.io/otel/attribute to optimize short slice values with fixed-size fast paths. (#8039)
  • Improve performance of span metric recording in go.opentelemetry.io/otel/sdk/trace by returning early if self-observability is not enabled. (#8067)
  • Improve formatting of metric data diffs in go.opentelemetry.io/otel/sdk/metric/metricdata/metricdatatest. (#8073)

Deprecated

  • Deprecate INVALID in go.opentelemetry.io/otel/attribute. Use EMPTY instead. (#8038)

Fixed

  • Return spec-compliant TraceIdRatioBased description. This is a breaking behavioral change, but it is necessary to make the implementation spec-compliant. (#8027)
  • Fix a race condition in go.opentelemetry.io/otel/sdk/metric where the lastvalue aggregation could collect the value 0 even when no zero-value measurements were recorded. (#8056)
  • Limit HTTP response body to 4 MiB in go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp to mitigate excessive memory usage caused by a misconfigured or malicious server. Responses exceeding the limit are treated as non-retryable errors. (#8108)
  • Limit HTTP response body to 4 MiB in go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp to mitigate excessive memory usage caused by a misconfigured or malicious server. Responses exceeding the limit are treated as non-retryable errors. (#8108)
  • Limit HTTP response body to 4 MiB in go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp to mitigate excessive memory usage caused by a misconfigured or malicious server. Responses exceeding the limit are treated as non-retryable errors. (#8108)
  • WithHostID detector in go.opentelemetry.io/otel/sdk/resource to use full path for kenv command on BSD. (#8113)
  • Fix missing request.GetBody in go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp to correctly handle HTTP2 GOAWAY frame. (#8096)

[1.42.0/0.64.0/0.18.0/0.0.16] 2026-03-06

Added

  • Add go.opentelemetry.io/otel/semconv/v1.40.0 package. The package contains semantic conventions from the v1.40.0 version of the OpenTelemetry Semantic Conventions. See the migration documentation for information on how to upgrade from go.opentelemetry.io/otel/semconv/v1.39.0. (#7985)

... (truncated)

Commits
  • 9276201 Release v1.43.0 / v0.65.0 / v0.19.0 (#8128)
  • 61b8c94 chore(deps): update module github.com/mattn/go-runewidth to v0.0.22 (#8131)
  • 97a086e chore(deps): update github.com/golangci/dupl digest to c99c5cf (#8122)
  • 5e363de limit response body size for OTLP HTTP exporters (#8108)
  • 35214b6 Use an absolute path when calling bsd kenv (#8113)
  • 290024c fix(deps): update module google.golang.org/grpc to v1.80.0 (#8121)
  • e70658e fix: support getBody in otelploghttp (#8096)
  • 4afe468 fix(deps): update googleapis to 9d38bb4 (#8117)
  • b9ca729 chore(deps): update module github.com/go-git/go-git/v5 to v5.17.2 (#8115)
  • 69472ec chore(deps): update fossas/fossa-action action to v1.9.0 (#8118)
  • Additional commits viewable in compare view

Updates go.opentelemetry.io/otel/trace from 1.38.0 to 1.43.0

Changelog

Sourced from go.opentelemetry.io/otel/trace's changelog.

[1.43.0/0.65.0/0.19.0] 2026-04-02

Added

  • Add IsRandom and WithRandom on TraceFlags, and IsRandom on SpanContext in go.opentelemetry.io/otel/trace for W3C Trace Context Level 2 Random Trace ID Flag support. (#8012)
  • Add service detection with WithService in go.opentelemetry.io/otel/sdk/resource. (#7642)
  • Add DefaultWithContext and EnvironmentWithContext in go.opentelemetry.io/otel/sdk/resource to support plumbing context.Context through default and environment detectors. (#8051)
  • Support attributes with empty value (attribute.EMPTY) in go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc. (#8038)
  • Support attributes with empty value (attribute.EMPTY) in go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc. (#8038)
  • Support attributes with empty value (attribute.EMPTY) in go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc. (#8038)
  • Support attributes with empty value (attribute.EMPTY) in go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp. (#8038)
  • Support attributes with empty value (attribute.EMPTY) in go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp. (#8038)
  • Support attributes with empty value (attribute.EMPTY) in go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp. (#8038)
  • Support attributes with empty value (attribute.EMPTY) in go.opentelemetry.io/otel/sdk/metric/metricdata/metricdatatest. (#8038)
  • Add support for per-series start time tracking for cumulative metrics in go.opentelemetry.io/otel/sdk/metric. Set OTEL_GO_X_PER_SERIES_START_TIMESTAMPS=true to enable. (#8060)
  • Add WithCardinalityLimitSelector for metric reader for configuring cardinality limits specific to the instrument kind. (#7855)

Changed

  • Introduce the EMPTY Type in go.opentelemetry.io/otel/attribute to reflect that an empty value is now a valid value, with INVALID remaining as a deprecated alias of EMPTY. (#8038)
  • Improve slice handling in go.opentelemetry.io/otel/attribute to optimize short slice values with fixed-size fast paths. (#8039)
  • Improve performance of span metric recording in go.opentelemetry.io/otel/sdk/trace by returning early if self-observability is not enabled. (#8067)
  • Improve formatting of metric data diffs in go.opentelemetry.io/otel/sdk/metric/metricdata/metricdatatest. (#8073)

Deprecated

  • Deprecate INVALID in go.opentelemetry.io/otel/attribute. Use EMPTY instead. (#8038)

Fixed

  • Return spec-compliant TraceIdRatioBased description. This is a breaking behavioral change, but it is necessary to make the implementation spec-compliant. (#8027)
  • Fix a race condition in go.opentelemetry.io/otel/sdk/metric where the lastvalue aggregation could collect the value 0 even when no zero-value measurements were recorded. (#8056)
  • Limit HTTP response body to 4 MiB in go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp to mitigate excessive memory usage caused by a misconfigured or malicious server. Responses exceeding the limit are treated as non-retryable errors. (#8108)
  • Limit HTTP response body to 4 MiB in go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp to mitigate excessive memory usage caused by a misconfigured or malicious server. Responses exceeding the limit are treated as non-retryable errors. (#8108)
  • Limit HTTP response body to 4 MiB in go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp to mitigate excessive memory usage caused by a misconfigured or malicious server. Responses exceeding the limit are treated as non-retryable errors. (#8108)
  • WithHostID detector in go.opentelemetry.io/otel/sdk/resource to use full path for kenv command on BSD. (#8113)
  • Fix missing request.GetBody in go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp to correctly handle HTTP2 GOAWAY frame. (#8096)

[1.42.0/0.64.0/0.18.0/0.0.16] 2026-03-06

Added

  • Add go.opentelemetry.io/otel/semconv/v1.40.0 package. The package contains semantic conventions from the v1.40.0 version of the OpenTelemetry Semantic Conventions. See the migration documentation for information on how to upgrade from go.opentelemetry.io/otel/semconv/v1.39.0. (#7985)

... (truncated)

Commits
  • 9276201 Release v1.43.0 / v0.65.0 / v0.19.0 (#8128)
  • 61b8c94 chore(deps): update module github.com/mattn/go-runewidth to v0.0.22 (#8131)
  • 97a086e chore(deps): update github.com/golangci/dupl digest to c99c5cf (#8122)
  • 5e363de limit response body size for OTLP HTTP exporters (#8108)

@dependabot
[release-v1.17][gomod]: Bump the minor group across 1 directory with …
34d7eff 
…19 updates

Bumps the minor group with 8 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [github.com/cert-manager/cert-manager](https://github.com/cert-manager/cert-manager) | `1.16.3` | `1.20.2` |
| [github.com/cloudevents/sdk-go/sql/v2](https://github.com/cloudevents/sdk-go) | `2.0.0-20240712172937-3ce6b2f1f011` | `2.16.2` |
| [github.com/coreos/go-oidc/v3](https://github.com/coreos/go-oidc) | `3.9.0` | `3.18.0` |
| [github.com/eclipse/paho.golang](https://github.com/eclipse/paho.golang) | `0.12.0` | `0.23.0` |
| [github.com/pelletier/go-toml/v2](https://github.com/pelletier/go-toml) | `2.2.4` | `2.3.1` |
| [github.com/rickb777/date](https://github.com/rickb777/date) | `1.13.0` | `1.22.0` |
| [go.uber.org/atomic](https://github.com/uber-go/atomic) | `1.10.0` | `1.11.0` |
| [go.uber.org/zap](https://github.com/uber-go/zap) | `1.27.1` | `1.28.0` |



Updates `github.com/cert-manager/cert-manager` from 1.16.3 to 1.20.2
- [Release notes](https://github.com/cert-manager/cert-manager/releases)
- [Changelog](https://github.com/cert-manager/cert-manager/blob/master/RELEASE.md)
- [Commits](cert-manager/cert-manager@v1.16.3...v1.20.2)

Updates `github.com/cloudevents/sdk-go/sql/v2` from 2.0.0-20240712172937-3ce6b2f1f011 to 2.16.2
- [Release notes](https://github.com/cloudevents/sdk-go/releases)
- [Commits](https://github.com/cloudevents/sdk-go/commits/v2.16.2)

Updates `github.com/coreos/go-oidc/v3` from 3.9.0 to 3.18.0
- [Release notes](https://github.com/coreos/go-oidc/releases)
- [Commits](coreos/go-oidc@v3.9.0...v3.18.0)

Updates `github.com/eclipse/paho.golang` from 0.12.0 to 0.23.0
- [Release notes](https://github.com/eclipse/paho.golang/releases)
- [Commits](eclipse-paho/paho.golang@v0.12.0...v0.23.0)

Updates `github.com/gorilla/websocket` from 1.5.3 to 1.5.4-0.20250319132907-e064f32e3674
- [Release notes](https://github.com/gorilla/websocket/releases)
- [Commits](https://github.com/gorilla/websocket/commits)

Updates `github.com/pelletier/go-toml/v2` from 2.2.4 to 2.3.1
- [Release notes](https://github.com/pelletier/go-toml/releases)
- [Commits](pelletier/go-toml@v2.2.4...v2.3.1)

Updates `github.com/rickb777/date` from 1.13.0 to 1.22.0
- [Release notes](https://github.com/rickb777/date/releases)
- [Commits](rickb777/date@v1.13.0...v1.22.0)

Updates `go.opentelemetry.io/otel` from 1.38.0 to 1.43.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](open-telemetry/opentelemetry-go@v1.38.0...v1.43.0)

Updates `go.opentelemetry.io/otel/trace` from 1.38.0 to 1.43.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](open-telemetry/opentelemetry-go@v1.38.0...v1.43.0)

Updates `go.uber.org/atomic` from 1.10.0 to 1.11.0
- [Release notes](https://github.com/uber-go/atomic/releases)
- [Changelog](https://github.com/uber-go/atomic/blob/master/CHANGELOG.md)
- [Commits](uber-go/atomic@v1.10.0...v1.11.0)

Updates `go.uber.org/zap` from 1.27.1 to 1.28.0
- [Release notes](https://github.com/uber-go/zap/releases)
- [Changelog](https://github.com/uber-go/zap/blob/master/CHANGELOG.md)
- [Commits](uber-go/zap@v1.27.1...v1.28.0)

Updates `golang.org/x/net` from 0.38.0 to 0.52.0
- [Commits](golang/net@v0.38.0...v0.52.0)

Updates `golang.org/x/sync` from 0.16.0 to 0.20.0
- [Commits](golang/sync@v0.16.0...v0.20.0)

Updates `k8s.io/api` from 0.31.12 to 0.35.2
- [Commits](kubernetes/api@v0.31.12...v0.35.2)

Updates `k8s.io/apiextensions-apiserver` from 0.31.12 to 0.35.2
- [Release notes](https://github.com/kubernetes/apiextensions-apiserver/releases)
- [Commits](kubernetes/apiextensions-apiserver@v0.31.12...v0.35.2)

Updates `k8s.io/apimachinery` from 0.31.12 to 0.35.2
- [Commits](kubernetes/apimachinery@v0.31.12...v0.35.2)

Updates `k8s.io/apiserver` from 0.31.12 to 0.35.2
- [Commits](kubernetes/apiserver@v0.31.12...v0.35.2)

Updates `k8s.io/client-go` from 0.31.12 to 0.35.2
- [Changelog](https://github.com/kubernetes/client-go/blob/master/CHANGELOG.md)
- [Commits](kubernetes/client-go@v0.31.12...v0.35.2)

Updates `k8s.io/utils` from 0.0.0-20240921022957-49e7df575cb6 to 0.0.0-20260210185600-b8788abfbbc2
- [Commits](https://github.com/kubernetes/utils/commits)

---
updated-dependencies:
- dependency-name: github.com/cert-manager/cert-manager
  dependency-version: 1.20.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor
- dependency-name: github.com/cloudevents/sdk-go/sql/v2
  dependency-version: 2.16.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor
- dependency-name: github.com/coreos/go-oidc/v3
  dependency-version: 3.18.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor
- dependency-name: github.com/eclipse/paho.golang
  dependency-version: 0.23.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor
- dependency-name: github.com/gorilla/websocket
  dependency-version: 1.5.4-0.20250319132907-e064f32e3674
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor
- dependency-name: github.com/pelletier/go-toml/v2
  dependency-version: 2.3.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor
- dependency-name: github.com/rickb777/date
  dependency-version: 1.22.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor
- dependency-name: go.opentelemetry.io/otel
  dependency-version: 1.43.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor
- dependency-name: go.opentelemetry.io/otel/trace
  dependency-version: 1.43.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor
- dependency-name: go.uber.org/atomic
  dependency-version: 1.11.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor
- dependency-name: go.uber.org/zap
  dependency-version: 1.28.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor
- dependency-name: golang.org/x/net
  dependency-version: 0.52.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor
- dependency-name: golang.org/x/sync
  dependency-version: 0.20.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor
- dependency-name: k8s.io/api
  dependency-version: 0.35.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor
- dependency-name: k8s.io/apiextensions-apiserver
  dependency-version: 0.35.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor
- dependency-name: k8s.io/apimachinery
  dependency-version: 0.35.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor
- dependency-name: k8s.io/apiserver
  dependency-version: 0.35.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor
- dependency-name: k8s.io/client-go
  dependency-version: 0.35.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor
- dependency-name: k8s.io/utils
  dependency-version: 0.0.0-20260210185600-b8788abfbbc2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update go code labels May 4, 2026
@openshift-ci
Copy link
Copy Markdown

openshift-ci Bot commented May 4, 2026

Hi @dependabot[bot]. Thanks for your PR.

I'm waiting for a openshift-knative member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work.

Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@openshift-ci openshift-ci Bot requested review from aliok and lberk May 4, 2026 14:11
@openshift-ci
Copy link
Copy Markdown

openshift-ci Bot commented May 4, 2026

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: dependabot[bot]
Once this PR has been reviewed and has the lgtm label, please assign creydr for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@aliok aliok Awaiting requested review from aliok

@lberk lberk Awaiting requested review from lberk

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file go Pull requests that update go code needs-ok-to-test

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants