Update all non-major dependencies

[renovate]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Type	Update	Change	OpenSSF	Age	Confidence
delve		minor	1.24.1 → 1.26.1
github.com/aquasecurity/trivy	require	minor	v0.61.1 → v0.70.0
github.com/containerd/containerd	require	patch	v1.7.27 → v1.7.31
github.com/docker/go-connections	require	minor	v0.5.0 → v0.7.0
github.com/google/go-containerregistry	require	minor	v0.20.3 → v0.21.5
github.com/samber/lo	require	minor	v1.49.1 → v1.53.0
github.com/sirupsen/logrus	require	patch	v1.9.3 → v1.9.4
github.com/stretchr/testify	require	minor	v1.10.0 → v1.11.1
go (source)	toolchain	minor	1.24.2 → 1.26.3
go		minor	1.24.0 → 1.26.2
golang.org/x/sync	require	minor	v0.13.0 → v0.20.0
gopls (source)		minor	0.18.1 → 0.21.1

---

Release Notes

go-delve/delve (delve)

v1.26.1

Added

• Support for debugging stripped non-Go binaries (#​4263, @​derekparker)
• Package for detecting debugger attachment (#​4258, @​derekparker)
• Starlark append_file built-in function (#​4252, @​sding3)
• DAP: Hit conditional breakpoint capability (#​4230, @​DrSergei)
• Detection and warning about trimpath (#​4241, @​aarzilli)

Fixed

• Fix debuginfod download progress (#​4270, @​aarzilli)
• Fix sigpanics in swiss map iterator (#​4261, @​derekparker)
• Fix finding moduledata in Go 1.26+ (#​4228, @​derekparker)
• Fix goroutine leak and shutdown sequence for eBPF backend (#​4231, @​derekparker)
• Fix eBPF uprobe placement to skip function prologue (#​4249, @​derekparker)
• Fix ProducerAfterOrEqual comparison for devel builds (#​4234, @​typesanitizer)
• DAP: Better error messages when debugger can't be launched (#​4264, @​aarzilli)
• DAP: Reject most requests before launch/attach (#​4240, @​aarzilli)
• Propagate short type option when printing structs (#​4235, @​igadmg)
• Better error if process is already being debugged (#​4242, @​aarzilli)
• Print error when request body can't be decoded (#​4247, @​aarzilli)
• Parse rc version with trailing suffix (#​4255, @​alexsaezm)

Changed

• Migrate from gopkg.in/yaml.v3 to go.yaml.in/yaml/v3 (#​4257, @​scop)
• Update waitReason switch for Go 1.27 (#​4244, @​typesanitizer)
• Downgrade riscv64 support (#​4232, @​derekparker)
• Miscellaneous code quality improvements (#​4221, #​4226, #​4259, #​4262, #​4224, @​derekparker, @​aarzilli)
• Miscellaneous improvements to tests, documentation, and build configuration (#​4250, #​4254, #​4248, #​4265, @​derekparker, @​aarzilli, @​stack1ng)

v1.26.0

Added

• Go 1.26 support (#​4211, #​4205, #​4212, #​4217, @​aarzilli)
• Savestate command for terminal (#​4045, @​alexsaezm)
• DAP: Target command and follow-exec support (#​4078, @​Lslightly)
• DAP: Read memory request handler (#​4083, @​MistaTwista)
• DAP: Input/output redirection (#​4178, @​aarzilli)
• DAP: Suspended breakpoints support (#​4075, @​firelizzard18)
• DAP: Use exception breakpoints for predefined breakpoints (#​4169, @​aarzilli)
• Custom starlark commands can be used with on prefix (#​4170, @​derekparker)
• Shortcut syntax to access target variables in starlark (#​4134, @​aarzilli)
• Support for tracing defer function calls with follow option (#​3978, @​archanaravindar)
• Flag to retain trace directory after detach (#​4091, @​archanaravindar)
• Ability to cancel debuginfod downloads (#​4123, @​aarzilli)
• Process spawned event (#​4171, @​firelizzard18)
• Materialized breakpoint event for follow-exec mode (#​4161, @​aarzilli)
• Way to disable stop-on-error for breakpoint conditions (#​4191, @​aarzilli)
• Function call support on loong64 (#​4114, @​yelvens)
• Build argument logging (#​4185, @​pedia)
• Capslock check (#​4106, @​derekparker)

Fixed

• DAP: Restart handling when compilation fails (#​4215, @​aarzilli)
• DAP: Disable string() field for address-less variables (#​4214, @​aarzilli)
• DAP: Race condition in tests (#​4121, @​derekparker)
• Gdbserial: Do not set detached if we kill the process (#​4216, @​aarzilli)
• Prevent trace killing attached process (#​4164, @​alex-emery)
• Trace /regexp/ should set ret breakpoints correctly (#​4130, @​aarzilli)
• Replay subcommand must keep trace directory (#​4184, @​lwintermelon)
• Nil pointer dereference when calling extra on a nil func (#​4174, @​aarzilli)
• Check that breakpoint exists in ClearBreakpoint (#​4141, @​aarzilli)
• Use address in ClearBreakpoint only when ID is 0 (#​4168, @​aarzilli)
• Return error when calling a non-ptr receiver method on a nil ptr (#​4139, @​aarzilli)
• Additional checks parsing g structs (#​4140, @​aarzilli)
• Remember that we attached in WaitFor attach mode (#​4120, @​aarzilli)
• Guard register logging from nil pointer dereferences (#​4188, @​aarzilli)
• Do not insist stmt is same line as entry in DWARF (#​4186, @​derekparker)
• Fix wait reason string table (#​4182, @​aarzilli)
• Workaround for non-unicode strings in Variables (#​4082, @​aarzilli)
• Fix ppc64le clause in support_sentinel_linux.go (#​4129, @​tshah14)
• Improve frame unwind context handling on loong64 (#​4133, @​yelvens)

Changed

• Replace hashicorp/golang-lru with custom lru cache (#​4196, @​qmuntal)
• Update riscv64 support and add to test matrix (#​4190, @​lrzlin)
• Update riscv64 capslock file (#​4210, @​derekparker)
• Move things that use x/tools/go/packages to new repo (#​3990, @​aarzilli)
• Remove experimental build tags for Windows ARM64 (#​4176, @​gdams)
• Add Windows ARM64 workflow to CI (#​4175, @​gdams)
• Add linux/loong64 to TeamCity configuration (#​4154, @​yelvens)
• Set CI=true on a project level (#​4156, @​vietage)
• Hierarchical search for structMember or method (#​4118, @​wenxuan70)
• Update trie to v3.2.0 (#​4131, @​derekparker)
• Parallelize tests where possible (#​4115, @​derekparker)
• Modernize codebase with newer syntax and helpers (#​4110, @​derekparker)
• Miscellaneous improvements to tests and build configuration (#​4096, #​4135, #​4145, #​4157, #​4163, #​4198, #​4202, #​4111, #​4122, #​4124, #​4209, @​derekparker, @​aarzilli)
• Miscellaneous code refactoring (#​4159, #​4173, #​4201, @​aarzilli)

v1.25.2

Added

• Added notifications for debuginfod downloads (#​3980, @​aarzilli)

Fixed

• Fixed restart behavior of DAP server (#​4068, @​derekparker)
• Various fixes for loong64 backend (#​4095, #​4100, @​yelvens)
• Miscellaneous minor bug fixes (#​4067, #​4090, #​4089, @​aarzilli)

Changed

• Miscellaneous code quality improvements (#​4088, @​cui)

v1.25.1

Added

• Implement restart request for DAP (#​4057, @​derekparker)

Fixed

• Fixed panic when trying to stacktrace an unreadable goroutine in DAP (#​4056, @​aarzilli)
• Fixed panic when trying to access value of unreadable string variables in DAP (#​4055, @​aarzilli)
• Fixed type cast between slices with the same element type (#​4048, @​aarzilli)
• Fixed closure captured variables visibility on closure's first line (#​4049, @​aarzilli)
• Fixed unknown DWARF opcodes causing panics (#​4037, @​aarzilli)
• Added missing response body close in DAP test (#​4039, @​alexandear)
• Fix panic in switchToGoroutineStacktrace (#​4043, @​derekparker)

Changed

• Handle moving of direct interface flag in Go 1.26 (#​4032, @​randall77)
• Simplified tests using slices.Contains (#​4040, @​alexandear)
• Updated Go max support minor version and update golang.org/x/tools (#​4046, @​derekparker)

v1.25.0

Added

• Go 1.25 support (#​4014, @​aarzilli) (more work went into the 1.24.2 and earlier releases)

Fixed

• Fixed several panics found via telemetry (#​4026, #​4018, #​4017, #​4015 @​aarzilli)
• Fixed git hash in version output (#​3987, @​codeaucafe)
• Fix development version parsing (#​3999, @​aarzilli)
• Fix call injection in newer macOS versions (#​3988, @​aarzilli)
• Fix typo in goroutines help output (#​4024, @​jersey1dev)

Changed

• Internal breakpoints (panic, throw) are excluded from DAP response (#​4027, @​ConradIrwin)

v1.24.2

Added

• Support for struct literals in expression evaluator (#​3935, #​3953, @​aarzilli)
• Check to reject DWARFv5 executables if delve itself isn't built with 1.25 or later due to bugs in Go's standard library prior to 1.25 (#​3943, #​3961, @​aarzilli)

Fixed

• Support for macOS Sequoia 15.4 (#​3966, @​aarzilli)
• Race conditions with rr backend (#​3971, #​3973, #​3963, @​BronzeDeer, @​aarzilli)
• Goroutine load with corrupted label maps (#​3968, #​3962, @​hongyuh-hh)
• Breakpoint conditions on suspended breakpoints (#​3938, @​Lslightly)

Changed

• Miscellaneous test and documentation fixes (#​3979, #​3952, #​3954, #​3955, #​3951, @​alexandear, @​codesoap, @​derekparker)

aquasecurity/trivy (github.com/aquasecurity/trivy)

v0.70.0

⚡ Highlights ⚡

👉 https://redirect.github.com/aquasecurity/trivy/discussions/10546

Changelog

https://github.com/aquasecurity/trivy/blob/main/CHANGELOG.md#0700-2026-04-16

v0.69.3

Compare Source

Changelog

• 6fb20c8 release: v0.69.3 [release/v0.69] (#​10293)
• dabefec fix(deps): bump github.com/go-git/go-git/v5 from 5.16.4 to 5.16.5 [backport: release/v0.69] (#​10291)

v0.69.2

Compare Source

Changelog

• cfa322e release: v0.69.2 [release/v0.69] (#​10266)
• 86debce fix(deps): bump go.opentelemetry.io/otel/sdk from 1.39.0 to 1.40.0 [backport: release/v0.69] (#​10267)
• cf3d4cd fix(deps): bump github.com/cloudflare/circl from 1.6.1 to 1.6.3 [backport: release/v0.69] (#​10264)
• 6dfd3b0 ci: remove apidiff workflow

v0.69.1

Compare Source

Changelog

• 123888b release: v0.69.1 [release/v0.69] (#​10145)
• 29d3b06 ci: add composite action for Go setup [backport: release/v0.69] (#​10150)
• 3b30cc7 fix(misconf): apply check aliases when filtering results via .trivyignore [backport: release/v0.69] (#​10143)
• a8e279b chore(deps): bump to alpine:3.23.3 and go-1.25.6 to fix CVEs [backport: release/v0.69] (#​10135)

v0.69.0

Compare Source

👉 Trivy v0.69.0 release notes (click here)

⬇️ Download Trivy

• MacOS Apple Silicon
• MacOS Intel
• Linux Intel
• Linux ARM
• Windows Intel

🐳 New Docker Install option

• docker pull get.trivy.dev/image/trivy:0.69.0

Changelog

https://github.com/aquasecurity/trivy/blob/main/CHANGELOG.md#0690-2026-01-30

v0.68.2

Compare Source

Changelog

• 0c40a8d release: v0.68.2 [release/v0.68] (#​9950)
• db28945 fix(deps): bump alpine from 3.22.1 to 3.23.0 [backport: release/v0.68] (#​9949)

v0.68.1

Compare Source

👉 Trivy v0.68.1 release notes (click here)

[!NOTE]
v0.68.0 was skipped due to issues with the release.

⬇️ Download Trivy

• MacOS Apple Silicon
• MacOS Intel
• Linux Intel
• Linux ARM
• Windows Intel

🐳 Docker Install

• docker pull get.trivy.dev/image/trivy:0.68.1

Changelog

https://github.com/aquasecurity/trivy/blob/main/CHANGELOG.md#0680-2025-12-02

v0.68.0

Compare Source

v0.67.2

Compare Source

Changelog

• 60c57ad release: v0.67.2 [release/v0.67] (#​9639)
• f3ee80c fix: Use fetch-level: 1 to check out trivy-repo in the release workflow [backport: release/v0.67] (#​9638)

v0.67.1

Compare Source

Changelog

• cbed239 release: v0.67.1 [release/v0.67] (#​9614)
• 1a84093 fix: restore compatibility for google.protobuf.Value [backport: release/v0.67] (#​9631)
• 3bc1490 fix: using SrcVersion instead of Version for echo detector [backport: release/v0.67] (#​9629)
• 542eee7 fix: add buildInfo for BlobInfo in rpc package [backport: release/v0.67] (#​9615)
• f65dd05 fix(vex): don't use reused BOM [backport: release/v0.67] (#​9612)

v0.67.0

Compare Source

👉 Trivy v0.67.0 release notes (click here)

⬇️ Download Trivy

• MacOS Apple Silicon
• MacOS Intel
• Linux Intel
• Linux ARM
• Windows Intel

🐳 New Docker Install option

• docker pull get.trivy.dev/image/trivy:0.67.0

Changelog

https://github.com/aquasecurity/trivy/blob/main/CHANGELOG.md#0670-2025-09-30

v0.66.0

Compare Source

👉 Trivy v.66.0 release notes (click here)

⬇️ Download Trivy

• MacOS Apple Silicon
• MacOS Intel
• Linux Intel
• Linux ARM
• Windows Intel

Full changelog

v0.65.0

Compare Source

👉 Trivy v.65.0 release notes (click here)

⬇️ Download Trivy

• MacOS Apple Silicon
• MacOS Intel
• Linux Intel
• Linux ARM
• Windows Intel

Full changelog

v0.64.1

Compare Source

Changelog

• 86ee3c1 release: v0.64.1 [release/v0.64] (#​9122)
• 4e12722 fix(misconf): skip rewriting expr if attr is nil [backport: release/v0.64] (#​9127)
• 9a7d384 fix(cli): Add more non-sensitive flags to telemetry [backport: release/v0.64] (#​9124)
• 53adfba fix(rootio): check full version to detect root.io packages [backport: release/v0.64] (#​9120)
• 8cf1bf9 fix(alma): parse epochs from rpmqa file [backport: release/v0.64] (#​9119)

v0.64.0

Compare Source

👉 Trivy v.64.0 release notes (click here)

⬇️ Download Trivy

• MacOS Apple Silicon
• MacOS Intel
• Linux Intel
• Linux ARM
• Windows Intel

Full changelog

v0.63.0

Compare Source

👉 Trivy v.63.0 release notes (click here)

⬇️ Download Trivy

• MacOS Apple Silicon
• MacOS Intel
• Linux Intel
• Linux ARM
• Windows Intel

Full changelog

v0.62.1

Compare Source

Changelog

• c75ed21 release: v0.62.1 [release/v0.62] (#​8825)
• aafebeb chore(deps): bump the common group across 1 directory with 10 updates [backport: release/v0.62] (#​8831)
• 99485cf fix(misconf): check if for-each is known when expanding dyn block [backport: release/v0.62] (#​8826)
• b4fc9e8 fix(redhat): trim invalid suffix from content_sets in manifest parsing [backport: release/v0.62] (#​8824)

v0.62.0

Compare Source

⚡Release highlights and summary⚡

👉 https://redirect.github.com/aquasecurity/trivy/discussions/8801

Changelog

https://github.com/aquasecurity/trivy/blob/main/CHANGELOG.md#0620-2025-04-30

containerd/containerd (github.com/containerd/containerd)

v1.7.31: containerd 1.7.31

Compare Source

Welcome to the v1.7.31 release of containerd!

The thirty-first patch release for containerd 1.7 contains various fixes
and updates including a security patch.

Security Updates

• spdystream
  • CVE-2026-35469

Highlights

Container Runtime Interface (CRI)

• Fix CNI issue where DEL is never executed after a restart (#​12931)
• Sanitize error before gRPC return to prevent possible credential leak in pod events (#​12805)
• Improve error message and add warning when concurrent container creation is detected (#​12744)

Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.

Contributors

• Samuel Karp
• Maksym Pavlenko
• Akhil Mohan
• Phil Estes
• Sebastiaan van Stijn
• Wei Fu
• Akihiro Suda
• Alex Chernyakhovsky
• Chris Henzie
• Michael Zappa
• Ricardo Branco
• Shachar Tal
• ningmingxiao
• yashsingh74

Changes

37 commits

• Prepare release notes for v1.7.31 (#​13221)
  • 7d2662653 Prepare release notes for v1.7.31
• update github.com/moby/spdystream v0.5.1 (#​13220)
  • 3f795c02a update github.com/moby/spdystream v0.5.1
• update to Go 1.25.9, 1.26.2 (#​13200)
  • 7b1e1b17b update to Go 1.25.9, 1.26.2
  • b673f2d42 update golangci-lint to v2.9.0 with go1.26 support
  • d88d8513a remove windows/arm from cross build
  • a763407b5 Ignore warnings for golangci-lint bump
  • 03dcd8360 ci: bump golangci from 6.5.2 to 7.0.0
• Update github.com/moby/spdystream v0.2.0->v0.5.0 (#​13176)
  • c08711218 Update github.com/moby/spdystream v0.2.0->v0.5.0
• Skip TestExportAndImportMultiLayer on s390x (#​13152)
  • 043548f6d Skip TestExportAndImportMultiLayer on s390x
• update runc binary to v1.3.5 (#​13059)
  • e99bd6050 [release/1.7] update runc binary to v1.3.5
• CODEOWNERS: mark Sam and Chris as owners for 1.7 (#​13069)
  • 3a3103aaf CODEOWNERS: mark Sam and Chris as owners for 1.7
• Fix vagrant on CI (#​13064)
  • 9b4cfa271 Ignore NOCHANGE error
• ci: modprobe xt_comment on almalinux (#​12959)
  • 53e9e73f0 ci: modprobe xt_comment on almalinux
• Fix TOCTOU race bug in tar extraction (#​12970)
  • 61c2733fd Fix TOCTOU race bug in tar extraction
• Fix CNI issue where CNI DEL is never executed (#​12931)
  • f854c1890 fix issue where cni del is never executed
• apparmor: explicitly set abi/3.0 (#​12899)
  • 5c091d92e apparmor: explicitly set abi/3.0
• backport: integration: Fix TestImageLoad() failure on CI (#​12908)
  • 177ac10fe integration: Fix TestImageLoad() failure on CI
• update to go1.24.13, go1.25.7 (#​12873)
  • 56da43d0f update to go1.24.13, go1.25.7
  • 5cb3cb9ba ci: bump go 1.24.12, 1.25.6
• fix: sanitize error before gRPC return to prevent credential leak in pod events (#​12805)
  • b1fa03843 fix: sanitize error before gRPC return to prevent credential leak in pod events
• cri: emit warning for concurrent CreateContainer (#​12744)
  • e2c93a42c cri: emit warning for concurrent CreateContainer

Dependency Changes

• github.com/moby/spdystream v0.2.0 -> v0.5.1

Previous release can be found at v1.7.30

v1.7.30: containerd 1.7.30

Compare Source

Welcome to the v1.7.30 release of containerd!

The thirtieth patch release for containerd 1.7 contains various fixes
and updates.

Highlights

Container Runtime Interface (CRI)

• Fix NRI dropping requested CDI devices silently (#​12650)
• Redact all query parameters in CRI error logs (#​12551)

Runtime

• Update runc binary to v1.3.4 (#​12619)

Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.

Contributors

• Derek McGowan
• Akihiro Suda
• Austin Vazquez
• Mike Brown
• Wei Fu
• Andrey Noskov
• CrazyMax
• Davanum Srinivas
• Jin Dong
• Krisztian Litkey
• Maksym Pavlenko
• Paweł Gronowski
• Phil Estes
• Samuel Karp

Changes

26 commits

• Prepare release notes for v1.7.30 (#​12652)
  • 3d0ca6d2e Prepare release notes for v1.7.30
• Fix NRI dropping requested CDI devices silently (#​12650)
  • 0bc74f47e cri,nri: don't drop requested CDI devices silently.
• script/setup/install-cni: install CNI plugins v1.9.0 (#​12660)
  • 7db16b562 script/setup/install-cni: install CNI plugins v1.9.0
• go.mod: golang.org/x/crypto v0.45.0 (drop support for Go 1.23) (#​12640)
  • bca897b47 go.mod: golang.org/x/crypto v0.45.0
  • 37cbd2224 CI: drop Go 1.23
  • ee49d1747 Update Go requirements in BUILDING
• ci: bump Go 1.24.11, 1.25.5 (#​12627)
  • 145978224 ci: bump Go 1.24.11, 1.25.5
  • 3dbadfaa1 ci: bump Go 1.24.10, 1.25.4
  • 2bac971f0 ci(release): set GO_VERSION in Dockerfile
• Update runc binary to v1.3.4 (#​12619)
  • 34b89a574 runc: Update runc binary to v1.3.4
• ci: update CIFuzz actions to support Ubuntu 24.04 (#​12635)
  • 6e0dd8956 ci: update CIFuzz actions to support Ubuntu 24.04
• build(deps): bump github.com/opencontainers/selinux (#​12591)
  • 3eea2a4af build(deps): bump github.com/opencontainers/selinux
• remove sha256-simd (#​12576)
  • 1194f5128 remove sha256-simd
• .github: skip 5 critest cases for window-2022 (#​12586)
  • ce2d3a67f .github: skip 5 critest cases in window CI pipeline
• Redact all query parameters in CRI error logs (#​12551)
  • 65271ea89 fix: redact all query parameters in CRI error

✂ Note

PR body was truncated to here.

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • Between 12:00 AM and 03:59 AM, only on Monday (* 0-3 * * 1)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[renovate]

ℹ Artifact update notice

File name: go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

• 128 additional dependencies were updated

Details:

Package	Change
github.com/docker/docker	v27.5.1+incompatible -> v28.5.2+incompatible
github.com/sirupsen/logrus	v1.9.3 -> v1.9.4-0.20230606125235-dd1b4c2e81af
cel.dev/expr	v0.19.0 -> v0.24.0
cloud.google.com/go	v0.116.0 -> v0.121.6
cloud.google.com/go/auth	v0.14.0 -> v0.17.0
cloud.google.com/go/auth/oauth2adapt	v0.2.7 -> v0.2.8
cloud.google.com/go/compute/metadata	v0.6.0 -> v0.9.0
cloud.google.com/go/iam	v1.2.2 -> v1.5.3
cloud.google.com/go/monitoring	v1.21.2 -> v1.24.2
cloud.google.com/go/storage	v1.49.0 -> v1.56.0
dario.cat/mergo	v1.0.1 -> v1.0.2
github.com/Azure/azure-sdk-for-go/sdk/azcore	v1.17.0 -> v1.20.0
github.com/Azure/azure-sdk-for-go/sdk/azidentity	v1.8.2 -> v1.13.1
github.com/Azure/azure-sdk-for-go/sdk/internal	v1.10.0 -> v1.11.2
github.com/Azure/go-ansiterm	v0.0.0-20230124172434-306776ec8161 -> v0.0.0-20250102033503-faa5f7b0171c
github.com/AzureAD/microsoft-authentication-library-for-go	v1.3.3 -> v1.6.0
github.com/BurntSushi/toml	v1.4.0 -> v1.5.0
github.com/CycloneDX/cyclonedx-go	v0.9.2 -> v0.9.3
github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp	v1.25.0 -> v1.29.0
github.com/GoogleCloudPlatform/opentelemetry-operations-go/exporter/metric	v0.48.1 -> v0.53.0
github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/resourcemapping	v0.48.1 -> v0.53.0
github.com/Masterminds/semver/v3	v3.3.0 -> v3.4.0
github.com/Microsoft/hcsshim	v0.12.9 -> v0.14.0-rc.1
github.com/ProtonMail/go-crypto	v1.1.5 -> v1.3.0
github.com/aquasecurity/go-npm-version	v0.0.1 -> v0.0.2
github.com/aquasecurity/trivy-checks	v1.8.1 -> v1.11.3-0.20250604022615-9a7efa7c9169
github.com/aquasecurity/trivy-db	v0.0.0-20250227071930-8bd8a9b89e2d -> v0.0.0-20250929072116-eba1ced2340a
github.com/aws/aws-sdk-go-v2	v1.36.3 -> v1.40.0
github.com/aws/aws-sdk-go-v2/config	v1.29.9 -> v1.32.0
github.com/aws/aws-sdk-go-v2/credentials	v1.17.62 -> v1.19.0
github.com/aws/aws-sdk-go-v2/feature/ec2/imds	v1.16.30 -> v1.18.14
github.com/aws/aws-sdk-go-v2/internal/configsources	v1.3.34 -> v1.4.14
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2	v2.6.34 -> v2.7.14
github.com/aws/aws-sdk-go-v2/internal/ini	v1.8.3 -> v1.8.4
github.com/aws/aws-sdk-go-v2/service/ecr	v1.42.1 -> v1.53.1
github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding	v1.12.3 -> v1.13.3
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url	v1.12.15 -> v1.13.14
github.com/aws/aws-sdk-go-v2/service/s3	v1.78.1 -> v1.92.0
github.com/bmatcuk/doublestar/v4	v4.8.1 -> v4.9.1
github.com/cloudflare/circl	v1.6.0 -> v1.6.1
github.com/cncf/xds/go	v0.0.0-20240905190251-b4127c9b8d78 -> v0.0.0-20250501225837-2ac532fd4443
github.com/containerd/cgroups/v3	v3.0.3 -> v3.1.0
github.com/containerd/containerd/api	v1.8.0 -> v1.10.0
github.com/containerd/containerd/v2	v2.0.4 -> v2.2.0
github.com/containerd/platforms	v1.0.0-rc.1 -> v1.0.0-rc.2
github.com/containerd/stargz-snapshotter/estargz	v0.16.3 -> v0.18.1
github.com/cyphar/filepath-securejoin	v0.4.1 -> v0.6.0
github.com/dlclark/regexp2	v1.4.0 -> v1.11.0
github.com/docker/cli	v27.5.0+incompatible -> v29.0.3+incompatible
github.com/docker/docker-credential-helpers	v0.8.2 -> v0.9.3
github.com/emicklei/go-restful/v3	v3.11.0 -> v3.13.0
github.com/envoyproxy/go-control-plane	v0.13.1 -> v0.13.4
github.com/envoyproxy/protoc-gen-validate	v1.1.0 -> v1.2.1
github.com/evanphx/json-patch	v5.9.0+incompatible -> v5.9.11+incompatible
github.com/fxamacker/cbor/v2	v2.7.0 -> v2.9.0
github.com/go-git/go-git/v5	v5.14.0 -> v5.16.3
github.com/go-logr/logr	v1.4.2 -> v1.4.3
github.com/go-openapi/jsonpointer	v0.21.0 -> v0.22.1
github.com/go-openapi/jsonreference	v0.21.0 -> v0.21.3
github.com/go-openapi/swag	v0.23.0 -> v0.25.1
github.com/golang-jwt/jwt/v5	v5.2.2 -> v5.3.0
github.com/google/btree	v1.1.2 -> v1.1.3
github.com/google/gnostic-models	v0.6.9-0.20230804172637-c7be7c783f49 -> v0.7.0
github.com/googleapis/enterprise-certificate-proxy	v0.3.4 -> v0.3.6
github.com/googleapis/gax-go/v2	v2.14.1 -> v2.15.0
github.com/gorilla/websocket	v1.5.0 -> v1.5.4-0.20250319132907-e064f32e3674
github.com/hashicorp/go-getter	v1.7.8 -> v1.8.3
github.com/hashicorp/hcl/v2	v2.23.0 -> v2.24.0
github.com/klauspost/compress	v1.17.11 -> v1.18.1
github.com/moby/buildkit	v0.18.2 -> v0.26.2
github.com/moby/sys/user	v0.3.0 -> v0.4.0
github.com/moby/term	v0.5.0 -> v0.5.2
github.com/modern-go/reflect2	v1.0.2 -> v1.0.3-0.20250322232337-35a7c28c31ee
github.com/oklog/ulid/v2	v2.1.0 -> v2.1.1
github.com/open-policy-agent/opa	v1.2.0 -> v1.10.1
github.com/opencontainers/runtime-spec	v1.2.0 -> v1.2.1
github.com/opencontainers/selinux	v1.11.1 -> v1.13.0
github.com/prometheus/client_golang	v1.21.0 -> v1.23.2
github.com/prometheus/client_model	v0.6.1 -> v0.6.2
github.com/prometheus/common	v0.62.0 -> v0.66.1
github.com/prometheus/procfs	v0.15.1 -> v0.17.0
github.com/rcrowley/go-metrics	v0.0.0-20201227073835-cf1acfcdf475 -> v0.0.0-20250401214520-65e299d6c5c9
github.com/rubenv/sql-migrate	v1.7.1 -> v1.8.0
github.com/samber/oops	v1.15.0 -> v1.18.1
github.com/secure-systems-lab/go-securesystemslib	v0.9.0 -> v0.9.1
github.com/sergi/go-diff	v1.3.2-0.20230802210424-5b0b94c5c0d3 -> v1.4.0
github.com/spf13/cast	v1.7.1 -> v1.10.0
github.com/spf13/cobra	v1.9.1 -> v1.10.1
github.com/spf13/pflag	v1.0.6 -> v1.0.10
github.com/tchap/go-patricia/v2	v2.3.2 -> v2.3.3
github.com/tonistiigi/go-csvvalue	v0.0.0-20240710180619-ddb21b71c0b4 -> v0.0.0-20240814133006-030d3b2625d0
github.com/ulikunitz/xz	v0.5.12 -> v0.5.15
github.com/zclconf/go-cty	v1.16.2 -> v1.17.0
go.etcd.io/bbolt	v1.4.0 -> v1.4.3
go.opentelemetry.io/auto/sdk	v1.1.0 -> v1.2.1
go.opentelemetry.io/contrib/detectors/gcp	v1.32.0 -> v1.36.0
go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc	v0.56.0 -> v0.61.0
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp	v0.59.0 -> v0.63.0
go.opentelemetry.io/otel	v1.34.0 -> v1.38.0
go.opentelemetry.io/otel/metric	v1.34.0 -> v1.38.0
golang.org/x/crypto	v0.36.0 -> v0.45.0
golang.org/x/mod	v0.24.0 -> v0.30.0
golang.org/x/net	v0.37.0 -> v0.47.0
golang.org/x/oauth2	v0.26.0 -> v0.33.0
golang.org/x/sys	v0.31.0 -> v0.38.0
golang.org/x/term	v0.30.0 -> v0.37.0
golang.org/x/text	v0.23.0 -> v0.31.0
google.golang.org/api	v0.218.0 -> v0.254.0
google.golang.org/genproto	v0.0.0-20241118233622-e639e219e697 -> v0.0.0-20250603155806-513f23925822
google.golang.org/genproto/googleapis/api	v0.0.0-20250115164207-1a7da9e5054f -> v0.0.0-20250825161204-c5933d9347a5
google.golang.org/genproto/googleapis/rpc	v0.0.0-20250115164207-1a7da9e5054f -> v0.0.0-20251022142026-3a174f9686a8
google.golang.org/grpc	v1.70.0 -> v1.76.0
google.golang.org/protobuf	v1.36.5 -> v1.36.10
gotest.tools/v3	v3.5.0 -> v3.5.2
helm.sh/helm/v3	v3.17.2 -> v3.19.2
k8s.io/api	v0.32.3 -> v0.34.2
k8s.io/apiextensions-apiserver	v0.32.2 -> v0.34.0
k8s.io/apimachinery	v0.32.3 -> v0.34.2
k8s.io/apiserver	v0.32.2 -> v0.34.0
k8s.io/cli-runtime	v0.32.3 -> v0.34.0
k8s.io/client-go	v0.32.3 -> v0.34.1
k8s.io/component-base	v0.32.3 -> v0.34.0
k8s.io/kube-openapi	v0.0.0-20241105132330-32ad38e42d3f -> v0.0.0-20250710124328-f3f2b991d03b
k8s.io/kubectl	v0.32.3 -> v0.34.0
k8s.io/utils	v0.0.0-20241104100929-3ea5e8cea738 -> v0.0.0-20250604170112-4c0f3b243397
sigs.k8s.io/json	v0.0.0-20241010143419-9aa6b5e7a4b3 -> v0.0.0-20241014173422-cfa47c3a1cc8
sigs.k8s.io/kustomize/api	v0.18.0 -> v0.20.1
sigs.k8s.io/yaml	v1.4.0 -> v1.6.0

[renovate]

ℹ️ Artifact update notice

File name: go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

• 142 additional dependencies were updated

Details:

Package	Change
github.com/docker/docker	v27.5.1+incompatible -> v28.5.2+incompatible
cel.dev/expr	v0.19.0 -> v0.25.1
cloud.google.com/go	v0.116.0 -> v0.123.0
cloud.google.com/go/auth	v0.14.0 -> v0.18.2
cloud.google.com/go/auth/oauth2adapt	v0.2.7 -> v0.2.8
cloud.google.com/go/compute/metadata	v0.6.0 -> v0.9.0
cloud.google.com/go/iam	v1.2.2 -> v1.5.3
cloud.google.com/go/monitoring	v1.21.2 -> v1.24.3
cloud.google.com/go/storage	v1.49.0 -> v1.61.3
dario.cat/mergo	v1.0.1 -> v1.0.2
github.com/Azure/azure-sdk-for-go/sdk/azcore	v1.17.0 -> v1.21.0
github.com/Azure/azure-sdk-for-go/sdk/azidentity	v1.8.2 -> v1.13.1
github.com/Azure/azure-sdk-for-go/sdk/internal	v1.10.0 -> v1.11.2
github.com/Azure/go-ansiterm	v0.0.0-20230124172434-306776ec8161 -> v0.0.0-20250102033503-faa5f7b0171c
github.com/AzureAD/microsoft-authentication-library-for-go	v1.3.3 -> v1.6.0
github.com/BurntSushi/toml	v1.4.0 -> v1.6.0
github.com/CycloneDX/cyclonedx-go	v0.9.2 -> v0.10.0
github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp	v1.25.0 -> v1.30.0
github.com/GoogleCloudPlatform/opentelemetry-operations-go/exporter/metric	v0.48.1 -> v0.55.0
github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/resourcemapping	v0.48.1 -> v0.55.0
github.com/Masterminds/semver/v3	v3.3.0 -> v3.4.0
github.com/Microsoft/hcsshim	v0.12.9 -> v0.14.0-rc.1
github.com/ProtonMail/go-crypto	v1.1.5 -> v1.3.0
github.com/anchore/go-struct-converter	v0.0.0-20221118182256-c68fdcfa2092 -> v0.1.0
github.com/aquasecurity/go-npm-version	v0.0.1 -> v0.0.2
github.com/aquasecurity/trivy-checks	v1.8.1 -> v1.12.2-0.20251219190323-79d27547baf5
github.com/aquasecurity/trivy-db	v0.0.0-20250227071930-8bd8a9b89e2d -> v0.0.0-20251222105351-a833f47f8f0d
github.com/aws/aws-sdk-go-v2	v1.36.3 -> v1.41.5
github.com/aws/aws-sdk-go-v2/config	v1.29.9 -> v1.32.12
github.com/aws/aws-sdk-go-v2/credentials	v1.17.62 -> v1.19.12
github.com/aws/aws-sdk-go-v2/feature/ec2/imds	v1.16.30 -> v1.18.20
github.com/aws/aws-sdk-go-v2/internal/configsources	v1.3.34 -> v1.4.21
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2	v2.6.34 -> v2.7.21
github.com/aws/aws-sdk-go-v2/internal/ini	v1.8.3 -> v1.8.6
github.com/aws/aws-sdk-go-v2/service/ecr	v1.42.1 -> v1.55.2
github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding	v1.12.3 -> v1.13.7
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url	v1.12.15 -> v1.13.21
github.com/aws/aws-sdk-go-v2/service/s3	v1.78.1 -> v1.97.3
github.com/bmatcuk/doublestar/v4	v4.8.1 -> v4.10.0
github.com/cloudflare/circl	v1.6.0 -> v1.6.3
github.com/cncf/xds/go	v0.0.0-20240905190251-b4127c9b8d78 -> v0.0.0-20251210132809-ee656c7534f5
github.com/containerd/cgroups/v3	v3.0.3 -> v3.1.3
github.com/containerd/containerd/api	v1.8.0 -> v1.10.0
github.com/containerd/containerd/v2	v2.0.4 -> v2.2.2
github.com/containerd/platforms	v1.0.0-rc.1 -> v1.0.0-rc.4
github.com/containerd/stargz-snapshotter/estargz	v0.16.3 -> v0.18.2
github.com/containerd/ttrpc	v1.2.7 -> v1.2.8
github.com/cyphar/filepath-securejoin	v0.4.1 -> v0.6.1
github.com/dlclark/regexp2	v1.4.0 -> v1.11.0
github.com/docker/cli	v27.5.0+incompatible -> v29.4.0+incompatible
github.com/docker/docker-credential-helpers	v0.8.2 -> v0.9.5
github.com/docker/go-events	v0.0.0-20190806004212-e31b211e4f1c -> v0.0.0-20250808211157-605354379745
github.com/emicklei/go-restful/v3	v3.11.0 -> v3.13.0
github.com/envoyproxy/go-control-plane	v0.13.1 -> v0.14.0
github.com/envoyproxy/protoc-gen-validate	v1.1.0 -> v1.3.0
github.com/evanphx/json-patch	v5.9.0+incompatible -> v5.9.11+incompatible
github.com/fatih/color	v1.18.0 -> v1.19.0
github.com/fxamacker/cbor/v2	v2.7.0 -> v2.9.0
github.com/go-git/go-billy/v5	v5.6.2 -> v5.8.0
github.com/go-git/go-git/v5	v5.14.0 -> v5.17.2
github.com/go-logr/logr	v1.4.2 -> v1.4.3
github.com/go-openapi/jsonpointer	v0.21.0 -> v0.22.5
github.com/go-openapi/jsonreference	v0.21.0 -> v0.21.5
github.com/go-openapi/swag	v0.23.0 -> v0.25.5
github.com/golang-jwt/jwt/v5	v5.2.2 -> v5.3.1
github.com/google/btree	v1.1.2 -> v1.1.3
github.com/google/gnostic-models	v0.6.9-0.20230804172637-c7be7c783f49 -> v0.7.0
github.com/googleapis/enterprise-certificate-proxy	v0.3.4 -> v0.3.14
github.com/googleapis/gax-go/v2	v2.14.1 -> v2.19.0
github.com/gorilla/websocket	v1.5.0 -> v1.5.4-0.20250319132907-e064f32e3674
github.com/hashicorp/go-getter	v1.7.8 -> v1.8.6
github.com/hashicorp/go-version	v1.7.0 -> v1.9.0
github.com/hashicorp/hcl/v2	v2.23.0 -> v2.24.0
github.com/in-toto/in-toto-golang	v0.9.0 -> v0.10.0
github.com/klauspost/compress	v1.17.11 -> v1.18.5
github.com/mailru/easyjson	v0.7.7 -> v0.9.0
github.com/mitchellh/mapstructure	v1.5.0 -> v1.5.1-0.20231216201459-8508981c8b6c
github.com/moby/buildkit	v0.18.2 -> v0.29.0
github.com/moby/sys/user	v0.3.0 -> v0.4.0
github.com/moby/term	v0.5.0 -> v0.5.2
github.com/modern-go/reflect2	v1.0.2 -> v1.0.3-0.20250322232337-35a7c28c31ee
github.com/oklog/ulid/v2	v2.1.0 -> v2.1.1
github.com/open-policy-agent/opa	v1.2.0 -> v1.15.2
github.com/opencontainers/runtime-spec	v1.2.0 -> v1.3.0
github.com/opencontainers/selinux	v1.11.1 -> v1.13.1
github.com/owenrumney/squealer	v1.2.11 -> v1.2.12
github.com/package-url/packageurl-go	v0.1.3 -> v0.1.5
github.com/prometheus/client_golang	v1.21.0 -> v1.23.2
github.com/prometheus/client_model	v0.6.1 -> v0.6.2
github.com/prometheus/common	v0.62.0 -> v0.66.1
github.com/prometheus/procfs	v0.15.1 -> v0.17.0
github.com/rcrowley/go-metrics	v0.0.0-20201227073835-cf1acfcdf475 -> v0.0.0-20250401214520-65e299d6c5c9
github.com/rubenv/sql-migrate	v1.7.1 -> v1.8.1
github.com/samber/oops	v1.15.0 -> v1.18.1
github.com/secure-systems-lab/go-securesystemslib	v0.9.0 -> v0.10.0
github.com/sergi/go-diff	v1.3.2-0.20230802210424-5b0b94c5c0d3 -> v1.4.0
github.com/spdx/tools-golang	v0.5.5 -> v0.5.7
github.com/spf13/cast	v1.7.1 -> v1.10.0
github.com/spf13/cobra	v1.9.1 -> v1.10.2
github.com/spf13/pflag	v1.0.6 -> v1.0.10
github.com/stretchr/objx	v0.5.2 -> v0.5.3
github.com/tchap/go-patricia/v2	v2.3.2 -> v2.3.3
github.com/tonistiigi/go-csvvalue	v0.0.0-20240710180619-ddb21b71c0b4 -> v0.0.0-20240814133006-030d3b2625d0
github.com/zclconf/go-cty	v1.16.2 -> v1.18.0
github.com/zclconf/go-cty-yaml	v1.1.0 -> v1.2.0
go.etcd.io/bbolt	v1.4.0 -> v1.4.3
go.opentelemetry.io/auto/sdk	v1.1.0 -> v1.2.1
go.opentelemetry.io/contrib/detectors/gcp	v1.32.0 -> v1.39.0
go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc	v0.56.0 -> v0.63.0
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp	v0.59.0 -> v0.65.0
go.opentelemetry.io/otel	v1.34.0 -> v1.43.0
go.opentelemetry.io/otel/metric	v1.34.0 -> v1.43.0
go.uber.org/zap	v1.27.0 -> v1.27.1
golang.org/x/crypto	v0.36.0 -> v0.50.0
golang.org/x/mod	v0.24.0 -> v0.35.0
golang.org/x/net	v0.37.0 -> v0.53.0
golang.org/x/oauth2	v0.26.0 -> v0.36.0
golang.org/x/sys	v0.31.0 -> v0.43.0
golang.org/x/term	v0.30.0 -> v0.42.0
google.golang.org/api	v0.218.0 -> v0.272.0
google.golang.org/genproto	v0.0.0-20241118233622-e639e219e697 -> v0.0.0-20260316180232-0b37fe3546d5
google.golang.org/genproto/googleapis/api	v0.0.0-20250115164207-1a7da9e5054f -> v0.0.0-20260316180232-0b37fe3546d5
google.golang.org/genproto/googleapis/rpc	v0.0.0-20250115164207-1a7da9e5054f -> v0.0.0-20260316180232-0b37fe3546d5
google.golang.org/grpc	v1.70.0 -> v1.79.3
google.golang.org/protobuf	v1.36.5 -> v1.36.11
gopkg.in/evanphx/json-patch.v4	v4.12.0 -> v4.13.0
gotest.tools/v3	v3.5.0 -> v3.5.2
helm.sh/helm/v3	v3.17.2 -> v3.20.2
k8s.io/api	v0.32.3 -> v0.35.3
k8s.io/apiextensions-apiserver	v0.32.2 -> v0.35.1
k8s.io/apimachinery	v0.32.3 -> v0.35.3
k8s.io/apiserver	v0.32.2 -> v0.35.1
k8s.io/cli-runtime	v0.32.3 -> v0.35.1
k8s.io/client-go	v0.32.3 -> v0.35.1
k8s.io/component-base	v0.32.3 -> v0.35.1
k8s.io/kube-openapi	v0.0.0-20241105132330-32ad38e42d3f -> v0.0.0-20250910181357-589584f1c912
k8s.io/kubectl	v0.32.3 -> v0.35.1
k8s.io/utils	v0.0.0-20241104100929-3ea5e8cea738 -> v0.0.0-20251002143259-bc988d571ff4
mvdan.cc/sh/v3	v3.11.0 -> v3.12.0
sigs.k8s.io/json	v0.0.0-20241010143419-9aa6b5e7a4b3 -> v0.0.0-20250730193827-2d320260d730
sigs.k8s.io/kustomize/api	v0.18.0 -> v0.20.1
sigs.k8s.io/yaml	v1.4.0 -> v1.6.0