[release-1.15][gomod]: Bump the minor group across 1 directory with 7 updates

[dependabot]

Bumps the minor group with 5 updates in the / directory:

Package	From	To
github.com/cloudevents/sdk-go/v2	2.15.2	2.16.2
github.com/google/go-containerregistry	0.19.1	0.21.5
github.com/wavesoftware/go-commandline	1.0.0	1.3.0
go.uber.org/zap	1.27.0	1.28.0
sigs.k8s.io/yaml	1.4.0	1.6.0

Updates github.com/cloudevents/sdk-go/v2 from 2.15.2 to 2.16.2

Release notes

Sourced from github.com/cloudevents/sdk-go/v2's releases.

Release v2.16.2

No release notes provided.

Release v2.16.1

CloudEvents SDK Go v2.16.1

🐛 Bug Fixes and Improvements

• ⚡ NATS JetStream Enhancement: Made send subject optional via context by @​kmpm in cloudevents/sdk-go#1143

  • Added WithSubject function to override the default subject when sending messages
  • Added comprehensive tests and updated samples
  • Non-breaking enhancement that adds flexibility for NATS users

• 📝 CloudEvents JSON Handling Fixes by @​alank-ps:

  • WriteJson Fix in cloudevents/sdk-go#1162: Fixed WriteJson to properly handle data as JSON when dataContentType is application/cloudevents+json or batch
  • ConsumeData Fix in cloudevents/sdk-go#1164: Fixed consumeData functions to properly recognize structured mode JSON content types
  • Improves compatibility with the CloudEvents specification

• 🔧 CI/Test Improvements: Fix failing CI tests by @​embano1 in cloudevents/sdk-go#1156

🔄 Maintenance and Dependency Updates

• 🛠️ Dependency Management Overhaul by @​embano1 in cloudevents/sdk-go#1145
  • Added script (hack/update-deps.sh) to update Go dependencies across all modules
  • Replaced Dependabot with custom script for better dependency management
  • Removed stale and broken OpenTelemetry samples

📦 Key Dependency Updates:

• github.com/google/go-cmp: v0.6.0 → v0.7.0
• golang.org/x/sync: v0.12.0 → v0.13.0
• github.com/nats-io/nats.go: v1.37.0 → v1.41.2
• github.com/IBM/sarama: v1.40.1 → v1.45.1
• github.com/docker/docker: v20.10.17 → v27.1.1
• go.opentelemetry.io/otel: v1.18.0 → v1.35.0
• 🐹 Go version: Updated from 1.22 to 1.23.0 (toolchain 1.23.8)

🚨 Breaking Changes

None. All updates are either backward-compatible improvements, bug fixes, or internal refactors.

👥 New Contributors

• @​github-actions made their first contribution in cloudevents/sdk-go#1147
• @​kmpm made their first contribution in cloudevents/sdk-go#1143
• @​alank-ps made their first contribution in cloudevents/sdk-go#1162

📋 What's Changed

• Dependency Management Improvements by @​embano1 in cloudevents/sdk-go#1145
• chore(deps): Bump the go_modules group across 2 directories with 2 updates by @​dependabot in cloudevents/sdk-go#1146
• chore: update dependencies by @​github-actions in cloudevents/sdk-go#1147
• chore: update dependencies by @​github-actions in cloudevents/sdk-go#1148
• chore: update dependencies by @​github-actions in cloudevents/sdk-go#1149

... (truncated)

Commits

• af3e859 Merge pull request #1184 from cloudevents/dependabot/github_actions/actions/s...
• bf5b8a6 chore(deps): Bump actions/setup-go from 5.5.0 to 6.0.0
• 945d930 Merge pull request #1180 from philicious/refactor-pubsubv2
• 35623f2 chore: Replace deprecated grpc.Dial calls
• f0bd406 fix: Properly test that supplied ReceiveSettings are being used
• ae89eba Refactor pubsub protocol to use new upstream v2 library
• 34f7f6f Merge pull request #1183 from embano1/go-version
• cafbb12 chore: update go version in workflows
• 0a1147c Merge pull request #1182 from cloudevents/automated-dependency-updates
• 835c486 chore: update dependencies
• Additional commits viewable in compare view

Updates github.com/google/go-containerregistry from 0.19.1 to 0.21.5

Release notes

Sourced from github.com/google/go-containerregistry's releases.

v0.21.5

What's Changed

• Bump docker/cli v29.4.0, moby/api v1.54.1, moby/client v0.4.0 by @​thaJeztah in google/go-containerregistry#2254
• update to Go 1.26.2 by @​thaJeztah in google/go-containerregistry#2255
• Bump aws-actions/configure-aws-credentials from 6.0.0 to 6.1.0 in the actions group across 1 directory by @​dependabot[bot] in google/go-containerregistry#2257
• build(deps): bump golang.org/x/tools from 0.43.0 to 0.44.0 in the go-deps group across 1 directory by @​dependabot[bot] in google/go-containerregistry#2260

Full Changelog: google/go-containerregistry@v0.21.4...v0.21.5

v0.21.4

What's Changed

• go.mod: do not make a viral minimum go version by @​howardjohn in google/go-containerregistry#2237
• Avoid pruning absolute links from extracted and flattened images by @​Subserial in google/go-containerregistry#2241
• Bump the go-deps group across 3 directories with 5 updates by @​dependabot[bot] in google/go-containerregistry#2245
• fix: update to go1.25.8, and use separate .go-version file by @​thaJeztah in google/go-containerregistry#2246
• Bump CI go version to 1.26.1 by @​Subserial in google/go-containerregistry#2242
• Bump codecov/codecov-action from 5.5.2 to 5.5.3 in the actions group by @​dependabot[bot] in google/go-containerregistry#2240
• fork distribution client v3 auth-challenge as an internal package (squashed) by @​thaJeztah in google/go-containerregistry#2248
• transport: validate Bearer realm URL to prevent SSRF by @​evilgensec in google/go-containerregistry#2243
• revert path traversal and symlink escape from #2227 by @​Subserial in google/go-containerregistry#2250
• Fix pkg/v1/google/auth tests for arm64 by @​Subserial in google/go-containerregistry#2085
• goreleaser: Update goreleaser config and GH action by @​Subserial in google/go-containerregistry#2253

New Contributors

• @​evilgensec made their first contribution in google/go-containerregistry#2243

Full Changelog: google/go-containerregistry@v0.21.3...v0.21.4

v0.21.3

What's Changed

• Adds local file support to the crane index subcommand by @​edwardthiele in google/go-containerregistry#2223
• migrate to github.com/moby/moby modules by @​thaJeztah in google/go-containerregistry#2228
• Bump the go-deps group across 4 directories with 7 updates by @​dependabot[bot] in google/go-containerregistry#2233
• Bump goreleaser/goreleaser-action from 6.4.0 to 7.0.0 in the actions group by @​dependabot[bot] in google/go-containerregistry#2220
• mutate: reject path traversal and symlink escape in Extract by @​KevinZhao in google/go-containerregistry#2227
• tarball: detect symlink cycles in extractFileFromTar by @​vnykmshr in google/go-containerregistry#2232
• bump golang to 1.25.7 by @​Subserial in google/go-containerregistry#2236

New Contributors

• @​edwardthiele made their first contribution in google/go-containerregistry#2223
• @​thaJeztah made their first contribution in google/go-containerregistry#2228
• @​KevinZhao made their first contribution in google/go-containerregistry#2227
• @​vnykmshr made their first contribution in google/go-containerregistry#2232

Full Changelog: google/go-containerregistry@v0.21.2...v0.21.3

v0.21.2

What's Changed

• Better handle redirects to https in ping by @​jonjohnsonjr in google/go-containerregistry#2225

... (truncated)

Commits

• 5b80281 build(deps): bump golang.org/x/tools from 0.43.0 to 0.44.0 in the go-deps gro...
• b99bca2 build(deps): bump aws-actions/configure-aws-credentials (#2257)
• f8be1d4 update to Go 1.26.2 (#2255)
• 87ad88b Bump docker/cli v29.4.0, moby/api v1.54.1, moby/client v0.4.0 (#2254)
• e8813dd goreleaser: Update goreleaser config and GH action for releases (#2253)
• e90447d replace gcloud in binary calls in pkg/v1/google tests (#2085)
• 0d0368c revert path traversal and symlink escape changes (#2250)
• a2f47d4 transport: validate Bearer realm URL to prevent SSRF (#2243)
• 19a36cd fork distribution client v3 auth-challenge as an internal package (squashed) ...
• c612a9b Bump codecov/codecov-action from 5.5.2 to 5.5.3 in the actions group (#2240)
• Additional commits viewable in compare view

Updates github.com/spf13/cobra from 1.8.0 to 1.10.2

Release notes

Sourced from github.com/spf13/cobra's releases.

v1.10.2

🔧 Dependencies

• chore: Migrate from gopkg.in/yaml.v3 to go.yaml.in/yaml/v3 by @​dims in spf13/cobra#2336 - the gopkg.in/yaml.v3 package has been deprecated for some time: this should significantly cleanup dependency/supply-chains for consumers of spf13/cobra

📈 CI/CD

• Fix linter and allow CI to pass by @​marckhouzam in spf13/cobra#2327
• fix: actions/setup-go v6 by @​jpmcb in spf13/cobra#2337

🔥✍🏼 Docs

• Add documentation for repeated flags functionality by @​rvergis in spf13/cobra#2316

🍂 Refactors

• refactor: replace several vars with consts by @​htoyoda18 in spf13/cobra#2328
• refactor: change minUsagePadding from var to const by @​ssam18 in spf13/cobra#2325

🤗 New Contributors

• @​rvergis made their first contribution in spf13/cobra#2316
• @​htoyoda18 made their first contribution in spf13/cobra#2328
• @​ssam18 made their first contribution in spf13/cobra#2325
• @​dims made their first contribution in spf13/cobra#2336

Full Changelog: spf13/cobra@v1.10.1...v1.10.2

Thank you to our amazing contributors!!!!! 🐍 🚀

v1.10.1

🐛 Fix

• chore: upgrade pflags v1.0.9 by @​jpmcb in spf13/cobra#2305

v1.0.9 of pflags brought back ParseErrorsWhitelist and marked it as deprecated

Full Changelog: spf13/cobra@v1.10.0...v1.10.1

v1.10.0

What's Changed

🚨 Attention!

• Bump pflag to 1.0.8 by @​tomasaschan in spf13/cobra#2303

This version of pflag carried a breaking change: it renamed ParseErrorsWhitelist to ParseErrorsAllowlist which can break builds if both pflag and cobra are dependencies in your project.

• If you use both pflag and cobra, upgrade pflagto 1.0.8 andcobrato1.10.0`
• or use the newer, fixed version of pflag v1.0.9 which keeps the deprecated ParseErrorsWhitelist

... (truncated)

Commits

• 88b30ab chore: Migrate from gopkg.in/yaml.v3 to go.yaml.in/yaml/v3 (#2336)
• 346d408 fix: actions/setup-go v6 (#2337)
• fc81d20 refactor: change minUsagePadding from var to const (#2325)
• 117698a refactor: replace several vars with consts (#2328)
• e2dd29d Add documentation for repeated flags functionality (#2316)
• 0629892 Fix linter (#2327)
• 7da941c chore: Bump pflag to v1.0.9 (#2305)
• 51d6751 Bump pflag to 1.0.8 (#2303)
• 3f3b818 Update README.md with new logo
• dcaf42e Add Periscope to the list of projects using Cobra (#2299)
• Additional commits viewable in compare view

Updates github.com/stretchr/testify from 1.9.0 to 1.11.0

Release notes

Sourced from github.com/stretchr/testify's releases.

v1.11.0

What's Changed

Functional Changes

v1.11.0 Includes a number of performance improvements.

• Call stack perf change for CallerInfo by @​mikeauclair in stretchr/testify#1614
• Lazily render mock diff output on successful match by @​mikeauclair in stretchr/testify#1615
• assert: check early in Eventually, EventuallyWithT, and Never by @​cszczepaniak in stretchr/testify#1427
• assert: add IsNotType by @​bartventer in stretchr/testify#1730
• assert.JSONEq: shortcut if same strings by @​dolmen in stretchr/testify#1754
• assert.YAMLEq: shortcut if same strings by @​dolmen in stretchr/testify#1755
• assert: faster and simpler isEmpty using reflect.Value.IsZero by @​dolmen in stretchr/testify#1761
• suite: faster methods filtering (internal refactor) by @​dolmen in stretchr/testify#1758

Fixes

• assert.ErrorAs: log target type by @​craig65535 in stretchr/testify#1345
• Fix failure message formatting for Positive and Negative asserts in stretchr/testify#1062
• Improve ErrorIs message when error is nil but an error was expected by @​tsioftas in stretchr/testify#1681
• fix Subset/NotSubset when calling with mixed input types by @​siliconbrain in stretchr/testify#1729
• Improve ErrorAs failure message when error is nil by @​ccoVeille in stretchr/testify#1734
• mock.AssertNumberOfCalls: improve error msg by @​3scalation in stretchr/testify#1743

Documentation, Build & CI

• docs: Fix typo in README by @​alexandear in stretchr/testify#1688
• Replace deprecated io/ioutil with io and os by @​alexandear in stretchr/testify#1684
• Document consequences of calling t.FailNow() by @​greg0ire in stretchr/testify#1710
• chore: update docs for Unset #1621 by @​techfg in stretchr/testify#1709
• README: apply gofmt to examples by @​alexandear in stretchr/testify#1687
• refactor: use %q and %T to simplify fmt.Sprintf by @​alexandear in stretchr/testify#1674
• Propose Christophe Colombier (ccoVeille) as approver by @​brackendawson in stretchr/testify#1716
• Update documentation for the Error function in assert or require package by @​architagr in stretchr/testify#1675
• assert: remove deprecated build constraints by @​alexandear in stretchr/testify#1671
• assert: apply gofumpt to internal test suite by @​ccoVeille in stretchr/testify#1739
• CI: fix shebang in .ci.*.sh scripts by @​dolmen in stretchr/testify#1746
• assert,require: enable parallel testing on (almost) all top tests by @​dolmen in stretchr/testify#1747
• suite.Passed: add one more status test report by @​Ararsa-Derese in stretchr/testify#1706
• Add Helper() method in internal mocks and assert.CollectT by @​dolmen in stretchr/testify#1423
• assert.Same/NotSame: improve usage of Sprintf by @​ccoVeille in stretchr/testify#1742
• mock: enable parallel testing on internal testsuite by @​dolmen in stretchr/testify#1756
• suite: cleanup use of 'testing' internals at runtime by @​dolmen in stretchr/testify#1751
• assert: check test failure message for Empty and NotEmpty by @​ccoVeille in stretchr/testify#1745
• deps: fix dependency cycle with objx (again) by @​dolmen in stretchr/testify#1567
• assert.Empty: comprehensive doc of "Empty"-ness rules by @​dolmen in stretchr/testify#1753
• doc: improve godoc of top level 'testify' package by @​dolmen in stretchr/testify#1760
• assert.ErrorAs: simplify retrieving the type name by @​ccoVeille in stretchr/testify#1740
• assert.EqualValues: improve test coverage to 100% by @​dolmen in stretchr/testify#1763
• suite.Run: simplify running of Setup/TeardownSuite by @​renzoarreaza in stretchr/testify#1769
• assert.CallerInfo: micro optimization by using LastIndexByte by @​dolmen in stretchr/testify#1767
• assert.CallerInfo: micro cleanup by @​dolmen in stretchr/testify#1768
• assert: refactor TestFileExists and TestDirExists tests to enable parallel testing by @​dolmen in stretchr/testify#1766

... (truncated)

Commits

• b7801fb Merge pull request #1778 from stretchr/dependabot/github_actions/actions/chec...
• 69831f3 build(deps): bump actions/checkout from 4 to 5
• a53be35 Improve captureTestingT helper
• aafb604 mock: improve formatting of error message
• 7218e03 improve error msg
• 929a212 Merge pull request #1758 from stretchr/dolmen/suite-faster-method-filtering
• bc7459e suite: faster filtering of methods (-testify.m)
• 7d37b5c suite: refactor methodFilter
• c58bc90 Merge pull request #1764 from stretchr/dolmen/suite-refactor-stats-for-readab...
• 87101a6 suite.Run: refactor handling of stats
• Additional commits viewable in compare view

Updates github.com/wavesoftware/go-commandline from 1.0.0 to 1.3.0

Release notes

Sourced from github.com/wavesoftware/go-commandline's releases.

v1.3.0

What's Changed

• 💝 Allow error handlers to access the Cobra' command object by @​cardil in wavesoftware/go-commandline#4

Full Changelog: wavesoftware/go-commandline@v1.2.0...v1.3.0

v1.2.0

What's Changed

• 🎁 Custom error handler by @​cardil in wavesoftware/go-commandline#3

Full Changelog: wavesoftware/go-commandline@v1.1.0...v1.2.0

v1.1.0

What's Changed

• 💝 A general purpose WithCommand option. by @​cardil in wavesoftware/go-commandline#2

Full Changelog: wavesoftware/go-commandline@v1.0.0...v1.1.0

Commits

• b448e1c 💝 Allow error handlers to access the Cobra' command object (#4)
• b266316 🎁 Custom error handler (#3)
• 24d49d4 💝 A general purpose WithCommand option. (#2)
• See full diff in compare view

Updates go.uber.org/zap from 1.27.0 to 1.28.0

Release notes

Sourced from go.uber.org/zap's releases.

v1.28.0

Enhancements:

• #1534[]: Add zapcore.CheckPreWriteHook and CheckedEntry.Before method for transforming entries before they are written to any Cores.

#1534: uber-go/zap#1534

v1.27.1

Enhancements:

• #1501[]: prevent Object from panicking on nils
• #1511[]: Fix a race condition in WithLazy.

Thanks to @​rabbbit, @​alshopov, @​jquirke, @​arukiidou for their contributions to this release.

#1501: uber-go/zap#1501 #1511: uber-go/zap#1511

Changelog

Sourced from go.uber.org/zap's changelog.

1.28.0 (27 Apr 2026)

Enhancements:

• #1534[]: Add zapcore.CheckPreWriteHook and CheckedEntry.Before method for transforming entries before they are written to any Cores.

1.27.1 (19 Nov 2025)

Enhancements:

• #1501[]: prevent Object from panicking on nils
• #1511[]: Fix a race condition in WithLazy.

Thanks to @​rabbbit, @​alshopov, @​jquirke, @​arukiidou for their contributions to this release.

#1501: uber-go/zap#1501 #1511: uber-go/zap#1511

Commits

• 5b81b37 release v1.28.0 (#1547)
• 0ab0d5a zapcore: Add PreWriteHook for transforming entries before write (#1534)
• d278c59 [chore] CI: test on Go 1.26 (#1535)
• 16fb16b chore(dep): replace archived gopkg.in/yaml.v3 with officially maintained go.y...
• 7b755a3 release 1.27.1 (#1521)
• d6b395b Update lazy logger not to materialize unless it's being written to (#1519)
• 4b9cea0 ci: Test with Go 1.24, Go 1.25 (#1508)
• 7c80d7b Fix race condition in WithLazy implementation (#1426) (#1511)
• 07077a6 Prevent zap.Object from panicing on nils (#1501)
• a6afd05 Fix lint check name (#1502)
• Additional commits viewable in compare view

Updates sigs.k8s.io/yaml from 1.4.0 to 1.6.0

Release notes

Sourced from sigs.k8s.io/yaml's releases.

v1.6.0

What's Changed

• Add "kyaml" support and yamlfmt by @​thockin in kubernetes-sigs/yaml#132

v1.5.0

• Bugfix: Handle unhashable keys during merge (kubernetes-sigs/yaml#122)
• Improvement: wrap errors returned by JSON unmarshal (kubernetes-sigs/yaml#106)
• Deprecation: Deprecate code in goyaml.v2 and goyaml.v3 directories, and redirect to equivalents in go.yaml.in/yaml/v2 and go.yaml.in/yaml/v3 (kubernetes-sigs/yaml#133)

Full Changelog: kubernetes-sigs/yaml@v1.4.0...v1.5.0

Commits

• 048d724 Merge pull request #132 from thockin/master
• 23c836c Bolster tests, mostly in error-handling
• 2e3340b Add compact output tests
• 4a4f539 Add test case for tabs in multi-line strings
• 13509ad Change which methods get a newline and fix tests
• 59c2c43 Add compact mode so KYAML can be used in more places
• abc1add kyaml: Implement escaping closer to YAML spec
• 7749171 Add a yamlfmt cmd
• a932007 Add KYAML support
• 0f318dc Merge pull request #134 from kubernetes-sigs/forgot-to-add-redirects-for-cons...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: dependabot[bot]
Once this PR has been reviewed and has the lgtm label, please assign maschmid for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[openshift-ci]

Hi @dependabot[bot]. Thanks for your PR.

I'm waiting for a openshift-knative member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work.

Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.