build(deps): bump the e2e group across 1 directory with 6 updates

[dependabot]

Bumps the e2e group with 6 updates in the /e2e directory:

Package	From	To
github.com/fsouza/fake-gcs-server	1.52.3	1.54.0
github.com/go-git/go-git/v5	5.16.4	5.16.5
github.com/open-policy-agent/opa	1.12.3	1.13.2
github.com/redpanda-data/benthos/v4	4.63.1	4.65.0
github.com/redpanda-data/connect/v4	4.78.0	4.81.0
github.com/twmb/franz-go	1.20.6	1.20.7

Updates github.com/fsouza/fake-gcs-server from 1.52.3 to 1.54.0

Release notes

Sourced from github.com/fsouza/fake-gcs-server's releases.

v1.54.0

What's Changed

• Added support from gcloud cli resumable uploads by @​danieldanieltata in fsouza/fake-gcs-server#1976
• build(deps): bump google.golang.org/api from 0.264.0 to 0.265.0 by @​dependabot[bot] in fsouza/fake-gcs-server#2134
• build(deps): bump cloud.google.com/go/pubsub/v2 from 2.3.0 to 2.4.0 by @​dependabot[bot] in fsouza/fake-gcs-server#2138
• build(deps): bump @​google-cloud/storage from 7.18.0 to 7.19.0 in /examples/node by @​dependabot[bot] in fsouza/fake-gcs-server#2137
• build(deps): bump golang.org/x/oauth2 from 0.34.0 to 0.35.0 by @​dependabot[bot] in fsouza/fake-gcs-server#2139
• build(deps): bump cloud.google.com/go/storage from 1.59.2 to 1.60.0 by @​dependabot[bot] in fsouza/fake-gcs-server#2140
• build(deps): bump docker/build-push-action from 6.18.0 to 6.19.1 by @​dependabot[bot] in fsouza/fake-gcs-server#2141
• build(deps): bump golang from 1.25 to 1.26 by @​dependabot[bot] in fsouza/fake-gcs-server#2143
• build(deps): bump google.golang.org/api from 0.265.0 to 0.266.0 by @​dependabot[bot] in fsouza/fake-gcs-server#2142
• build(deps): bump google.golang.org/grpc from 1.78.0 to 1.79.0 by @​dependabot[bot] in fsouza/fake-gcs-server#2145
• build(deps): bump docker/build-push-action from 6.19.1 to 6.19.2 by @​dependabot[bot] in fsouza/fake-gcs-server#2144
• Go 1.26 is out, drop 1.24 by @​fsouza in fsouza/fake-gcs-server#2146
• build(deps): bump google.golang.org/grpc from 1.79.0 to 1.79.1 by @​dependabot[bot] in fsouza/fake-gcs-server#2147
• Add environment variable support for all configuration options by @​ota2000 in fsouza/fake-gcs-server#1925
• Fix metadata headers not being preserved during upload and retrieval by @​louisnow in fsouza/fake-gcs-server#2103

New Contributors

• @​danieldanieltata made their first contribution in fsouza/fake-gcs-server#1976
• @​ota2000 made their first contribution in fsouza/fake-gcs-server#1925
• @​louisnow made their first contribution in fsouza/fake-gcs-server#2103

Full Changelog: fsouza/fake-gcs-server@v1.53.1...v1.54.0

v1.53.1

What's Changed

• build(deps): bump google-cloud-storage from 3.8.0 to 3.9.0 in /examples/python by @​dependabot[bot] in fsouza/fake-gcs-server#2132
• internal/urlhelper: fix getScheme on https by @​fsouza in fsouza/fake-gcs-server#2133

Full Changelog: fsouza/fake-gcs-server@v1.53.0...v1.53.1

v1.53.0

What's Changed

• Add SelfLink to bucketResponse by @​mdedetrich in fsouza/fake-gcs-server#1944
• build(deps): bump github.com/go-jose/go-jose/v4 from 4.0.4 to 4.0.5 by @​dependabot[bot] in fsouza/fake-gcs-server#2007
• build(deps): bump github.com/stretchr/testify from 1.10.0 to 1.11.0 by @​dependabot[bot] in fsouza/fake-gcs-server#2008
• build(deps): bump google.golang.org/protobuf from 1.36.6 to 1.36.8 by @​dependabot[bot] in fsouza/fake-gcs-server#2013
• build(deps): bump github.com/fsouza/slognil from 0.4.2 to 0.4.3 by @​dependabot[bot] in fsouza/fake-gcs-server#2014
• build(deps): bump github.com/minio/minio-go/v7 from 7.0.92 to 7.0.95 by @​dependabot[bot] in fsouza/fake-gcs-server#2012
• build(deps): bump google.golang.org/grpc from 1.72.0 to 1.75.0 by @​dependabot[bot] in fsouza/fake-gcs-server#2011
• build(deps): bump github.com/pkg/xattr from 0.4.10 to 0.4.12 by @​dependabot[bot] in fsouza/fake-gcs-server#2010
• build(deps): bump cloud.google.com/go/storage from 1.53.0 to 1.56.1 by @​dependabot[bot] in fsouza/fake-gcs-server#2009

... (truncated)

Commits

• 024d541 internal/config: remove usage of test := test
• ec92f99 Fix metadata headers not being preserved during upload and retrieval (#2103)
• 0ec5cfa Add environment variable support for all configuration options (#1925)
• eef285f build(deps): bump google.golang.org/grpc from 1.79.0 to 1.79.1 (#2147)
• 524ba69 Stop using the test := test hack
• 6a268d6 github/workflows/main: use Go 1.26 for linting
• 1d90985 examples/go: Go 1.26.0
• 6492478 Go 1.26 is out, drop 1.24
• 4f31450 build(deps): bump docker/build-push-action from 6.19.1 to 6.19.2 (#2144)
• 2a2a79f build(deps): bump google.golang.org/grpc from 1.78.0 to 1.79.0 (#2145)
• Additional commits viewable in compare view

Updates github.com/go-git/go-git/v5 from 5.16.4 to 5.16.5

Release notes

Sourced from github.com/go-git/go-git/v5's releases.

v5.16.5

What's Changed

• build: Update module golang.org/x/crypto to v0.45.0 [SECURITY] (releases/v5.x) by @​go-git-renovate[bot] in go-git/go-git#1744
• build: Bump Go test versions to 1.23-1.25 (v5) by @​pjbgf in go-git/go-git#1746
• [v5] git: worktree, Don't delete local untracked files when resetting worktree by @​Ch00k in go-git/go-git#1800
• Expand packfile checks by @​pjbgf in go-git/go-git#1836

Full Changelog: go-git/go-git@v5.16.4...v5.16.5

Commits

• 48a1ae0 Merge pull request #1836 from go-git/check-v5
• 42bdf1f storage: filesystem, Verify idx matches pack file
• 4146a56 plumbing: format/idxfile, Verify idxfile's checksum
• 63d78ec plumbing: format/packfile, Add new ErrMalformedPackFile
• 25f1624 Merge pull request #1800 from Ch00k/no-delete-untracked-v5
• 600fb13 git: worktree, Don't delete local untracked files when resetting worktree
• 390a569 Merge pull request #1746 from pjbgf/bump-go
• 61c8b85 build: Bump Go test versions to 1.23-1.25 (v5)
• e5a05ec Merge pull request #1744 from go-git/renovate/releases/v5.x-go-golang.org-x-c...
• 1495930 plumbing: Remove use of non-constant format strings
• Additional commits viewable in compare view

Updates github.com/open-policy-agent/opa from 1.12.3 to 1.13.2

Release notes

Sourced from github.com/open-policy-agent/opa's releases.

v1.13.2

This release updates the version of Go used to build the OPA binaries and images to 1.25.7. That version of the Go standard library contains a fix for GO-2026-4337.

Full Changelog: open-policy-agent/opa@v1.13.1...v1.13.2

v1.13.1

This bug fix release addresses an issue found in the new array.flatten built-in function

• Fix issue in array.flatten handling of single item arrays (#8273) (#8272) authored by @​anderseknert

v1.13.0

This release contains a mix of new features, performance improvements, and bugfixes. Notably:

• A new immediate upload trigger mode in the Decision Logger
• A new array.flatten built-in function
• Numerous performance improvements

Immediate Upload Trigger Mode in Decision Logger (#8110)

An immediate trigger mode has been added to the Decision Logger; enabled by setting the decision_logs.reporting.trigger configuration option to immediate. When enabled, log events are pushed to the log service as soon as the configured upload chunk size criteria is met; or, at latest, when the configured upload delay is reached.

Authored by @​sspaink

Runtime, SDK, Tooling

• cmd/fmt: Do not overwrite file on fmt without changes (#8222) authored by @​Loic-R
• cmd/test: Enable sorting JSON test results by duration (#7444) authored by @​sspaink
• profiler: nil *Profiler should not report Enabled() (#8256) authored by @​anderseknert
• rego: Add Data function to simplify adding data from map (#5961) authored by @​majiayu000 reported by @​anderseknert
• runtime: Correct naming & docs for version checking (#8191) authored by @​charlieegan3

Compiler, Topdown and Rego

• ast: Body.String() doesn't panic on empty body (#8244) authored by @​srenatus
• ast: Improve type error message when referencing functions (#6840) authored by @​sspaink
• ast: Type Checker recognizes when a variable has multiple assignments but is an undefined function (#7463) authored by @​sspaink reported by @​anderseknert
• ast/parser: Avoid duplicate loc copies (#8142) authored by @​srenatus
• topdown: Add array.flatten built-in function (#8226) authored by @​anderseknert
• topdown: Fix issue where numbers.range_step built-in could erroneously return undefined value (#8194) authored by @​thevilledev
• topdown: Remove hard-coded missing key error in strings.render_template built-in (#7931) authored by @​colinjlacy reported by @​anderseknert
• topdown: Re-introduce cancellation-awareness for regex.replace built-in (#8179) authored by @​srenatus
  from having been reverted in v1.12.1
• topdown: Support arrays as input for json.match_schema (#6615) authored by @​sspaink reported by @​mscudlik

Performance

... (truncated)

Changelog

Sourced from github.com/open-policy-agent/opa's changelog.

1.13.2

This release updates the version of Go used to build the OPA binaries and images to 1.25.7. That version of the Go standard library contains a fix for GO-2026-4337.

1.13.1

This bug fix release addresses an issue found in the new array.flatten built-in function

• Fix issue in array.flatten handling of single item arrays ( #8273) (#8272) authored by @​anderseknert

1.13.0

This release contains a mix of new features, performance improvements, and bugfixes. Notably:

• A new immediate upload trigger mode
• A new array.flatten built-in function
• Numerous performance improvements

Immediate Upload Trigger Mode in Decision Logger (#8110)

An immediate trigger mode has been added to the Decision Logger; enabled by setting the decision_logs.reporting.trigger configuration option to immediate. When enabled, log events are pushed to the log service as soon as the configured upload chunk size criteria is met; or, at latest, when the configured upload delay is reached.

Authored by @​sspaink

Runtime, SDK, Tooling

• cmd/fmt: Do not overwrite file on fmt without changes (#8222) authored by @​Loic-R
• cmd/test: Enable sorting JSON test results by duration (#7444) authored by @​sspaink
• profiler: nil *Profiler should not report Enabled() (#8256) authored by @​anderseknert
• rego: Add Data function to simplify adding data from map (#5961) authored by @​majiayu000 reported by @​anderseknert
• runtime: Correct naming & docs for version checking (#8191) authored by @​charlieegan3

Compiler, Topdown and Rego

• ast: Body.String() doesn't panic on empty body (#8244) authored by @​srenatus
• ast: Improve type error message when referencing functions (#6840) authored by @​sspaink
• ast: Type Checker recognizes when a variable has multiple assignments but is an undefined function (#7463) authored by @​sspaink reported by @​anderseknert
• ast/parser: Avoid duplicate loc copies (#8142) authored by @​srenatus
• topdown: Add array.flatten built-in function (#8226) authored by @​anderseknert
• topdown: Fix issue where numbers.range_step built-in could erroneously return undefined value (#8194) authored by @​thevilledev
• topdown: Remove hard-coded missing key error in strings.render_template built-in (#7931) authored by @​colinjlacy reported by @​anderseknert
• topdown: Re-introduce cancellation-awareness for regex.replace built-in (#8179) authored by @​srenatus
  from having been reverted in v1.12.1
• topdown: Support arrays as input for json.match_schema (#6615) authored by @​sspaink reported by @​mscudlik

Performance

... (truncated)

Commits

• fd4fdf7 Release 1.13.2
• 4d69427 build: bump go 1.25.6 -> 1.25.7
• 9c3bb90 capabilities file
• 92637c5 Prepare v1.13.1 release
• 5442885 Fix issue in array.flatten handling of single item arrays (#8273)
• a232916 Prepare v1.13.0 release (#8268)
• e2acece website: Display 2025 survey results on the website (#8258)
• 0fed5e8 ast: Improve type error message when referencing functions (#8253)
• a87219e Enable sorting JSON test results by duration (#8260)
• 262c4f1 Add redirect section for immutable referrers (#8265)
• Additional commits viewable in compare view

Updates github.com/redpanda-data/benthos/v4 from 4.63.1 to 4.65.0

Changelog

Sourced from github.com/redpanda-data/benthos/v4's changelog.

4.65.0 - 2026-02-18

Added

• Go API: Schema caching and fingerprinting support added to avoid redundant format conversions. (@​Jeffail)
• Bloblang method split now supports converting empty substrings to null directly. (@​rockwotj)

4.64.0 - 2026-01-30

Added

• Go API: New ConfigQuerier API added for extracting parsed configs. (@​Jeffail)
• Go API: The Resources type now supports executing connection tests across all resources. (@​Jeffail)

Commits

• c0ce014 blobl: split with empty_as_null parameter (#367)
• 0dddf5b chore: bump to Go 1.26 and golangci-lint (#366)
• a4a2b6a build(deps): bump the production-dependencies group across 1 directory with 6...
• 732f379 chore: bump to Go 1.25.7 to address CVE https://www.cve.org/CVERecord?id=CVE-...
• c7f4c53 Add fingerprinting and conversion cache to schemas (#360)
• 480745b gh: remove govulncheck as we now have better tooling in connect
• c3be912 tracing: set status of HTTP requests
• ef0eac6 tracing: add support for SetStatus
• 6fd8d9e Add config query API (#354)
• c17a056 build(deps): bump the production-dependencies group across 1 directory with 1...
• Additional commits viewable in compare view

Updates github.com/redpanda-data/connect/v4 from 4.78.0 to 4.81.0

Release notes

Sourced from github.com/redpanda-data/connect/v4's releases.

v4.81.0

For installation instructions check out the getting started guide.

Added

• The mysql_cdc input now adds schema metadata to consumed messages, this can be used for automatic schema conversion in processors such as schema_registry_encode. (@​Jeffail)
• (Benthos) Bloblang method split now supports converting empty substrings to null directly. (@​rockwotj)
• Go API: New DiscoverAndRegisterPlugins mechanism added to the public/plugins/go/rpcnloader package. (@​prakhargarg105)
• (aws_sns): support for message Subject in aws_sns (@​biagiopietro)

The full change log can be found here.

v4.80.1

For installation instructions check out the getting started guide.

Changed

• chroot: existing directories are now allowed. (@​birdayz)

The full change log can be found here.

v4.80.0

For installation instructions check out the getting started guide.

Added

• otlp_grpc: add authorization support with JWT validation. (@​mmatczuk)
• redpanda/migrator: add max_parallel_http_requests field for concurrent schema migration. (@​mmatczuk)
• redpanda/migrator: implement DFS traversal for schema dependencies. (@​mmatczuk)
• redpanda/migrator: stream schemas instead of loading all into memory. (@​mmatczuk)
• redpanda/migrator: add progress logs to schema migration worker. (@​mmatczuk)

Fixed

• protobuf: remove hyperpb to fix memory leak. (@​rockwotj)

The full change log can be found here.

v4.79.0

For installation instructions check out the getting started guide.

Added

• redis_pubsub: redis_pubsub_channel and redis_pubsub_pattern metadata fields added to input component. (@​g-hurst)
• snowflake_streaming: new message_format and timestamp_format advanced properties introduced. (@​rockwotj)
• New dry-run subcommand for testing the connections of provided configs. (@​Jeffail)

Fixed

... (truncated)

Changelog

Sourced from github.com/redpanda-data/connect/v4's changelog.

4.81.0 - 2026-02-18

Added

• The mysql_cdc input now adds schema metadata to consumed messages, this can be used for automatic schema conversion in processors such as schema_registry_encode. (@​Jeffail)
• (Benthos) Bloblang method split now supports converting empty substrings to null directly. (@​rockwotj)
• Go API: New DiscoverAndRegisterPlugins mechanism added to the public/plugins/go/rpcnloader package. (@​prakhargarg105)

4.80.1 - 2026-02-05

Changed

• chroot: existing directories are now allowed. (@​birdayz)

4.80.0 - 2026-02-04

Added

• otlp_grpc: add authorization support with JWT validation. (@​mmatczuk)
• redpanda/migrator: add max_parallel_http_requests field for concurrent schema migration. (@​mmatczuk)
• redpanda/migrator: implement DFS traversal for schema dependencies. (@​mmatczuk)
• redpanda/migrator: stream schemas instead of loading all into memory. (@​mmatczuk)
• redpanda/migrator: add progress logs to schema migration worker. (@​mmatczuk)

Fixed

• protobuf: remove hyperpb to fix memory leak. (@​rockwotj)

4.79.0 - 2026-01-30

Added

• redis_pubsub: redis_pubsub_channel and redis_pubsub_pattern metadata fields added to input component. (@​g-hurst)
• snowflake_streaming: new message_format and timestamp_format advanced properties introduced. (@​rockwotj)
• New dry-run subcommand for testing the connections of provided configs. (@​Jeffail)

Fixed

• Setting the logging level to TRACE, ALL, OFF and NONE no longer emits an error. (@​mihaitodor)

Commits

• 1d9882a Update benthos and CL (#3993)
• 4901ab4 exposed rpcn plugin in public/ (#3992)
• 6f6888c claude: add attention area to review
• 716c7c4 claude: add support for Bash(gh:*)
• db8d403 claude: add commit policy to review
• c91f8d0 gh: enable claude reviews
• 00b75a1 Auto schema for mysql cdc (#3965)
• 39819ae Bump to Go 1.26 and update golangci-lint to support it (#3989)
• 278f117 Security dep bumps (#3983)
• 251ab69 feat(aws_sns): support for message Subject in aws_sns (#3960)
• Additional commits viewable in compare view

Updates github.com/twmb/franz-go from 1.20.6 to 1.20.7

Changelog

Sourced from github.com/twmb/franz-go's changelog.

v1.20.7

This patch release fixes numerous niche bugs - some user reported, some found while investigating other things - contains a few behavior improvements, extensive kfake additions, and many test additions / improvements.

There have been extensive additions to kfake over the course of the past month; kfake now supports transactions, the next generation consumer group protocol, and more Kafka APIs. franz-go integration tests now run and pass against kfake in CI.

Testing has further been extensively improved: integration tests now run against the latest patch version of Kafka for all major Kafka versions going back to 0.11.0. The existing test suite has been extended to run while opting into the next generation consumer group. An integration test against Kerberos has been added. For ~roughly the past year (maybe half year), all bugs found have had regression tests added in kfake. This release massively extends the kfake test suite -- both with behavior tests that were ported via Claude directly to franz-go (with license attribution!) and with behavior tests that Claude generated specifically for kfake.

The "next generation" (KIP-848) consumer group code in franz-go itself has some improvements. These improvements were found after adding 848 code to kfake, which allowed for much faster integration test looping. This looping was still very slow for what it's worth; towards the end, integration tests would pass ~40+ times with race mode over the course of two hours before failing once. Claude was instrumental with adding appropriate log lines and tracing logs for diagnosing extremely niche failures; things also got slower when a few specific log lines that would've helped weren't added the first time...

Anyway,

Bug fixes

• Returns from PollRecords / PollFetches that contained ONLY an error (context cancellation or something) previously did not block rebalances, even if you opted into BlockRebalanceOnPoll.

• If, while idempotently producing, the client encountered TIMED_OUT while producing (retryable), the client considered this a "we definitively did not produce" state, and allowed you to cancel the records. Well, maybe the records actually did get produced broker side eventually, and now you re-produce new records - the NEW records could be "deduplicated" due to how idempotency works. This one is a bit niche, if you're interested, you should read #1217 and the two PRs that address it.

• My original implementation of how Kerberos handled authentication was correct... for the time. I missed how it should have been touched up years ago and now 4.0 hard deprecates the old auth flow. So, that's been found,

... (truncated)

Commits

• ae75cac Merge pull request #1258 from twmb/cl
• fd4189c Merge pull request #1259 from twmb/kfake_again
• 1dc1b71 kfake: bump group epoch on topic change to ensure assignment resend
• 60adeb2 changelog: note incoming v1.20.7
• 175c77f Merge pull request #1257 from twmb/examples
• 84bc833 examples: add testing with kfake example
• 6999fb8 Merge pull request #1236 from twmb/1195
• dba723b Merge pull request #1256 from twmb/kfake
• 764eb29 kgo: unlinger partitions in ProduceSync to avoid linger delay
• 4f75931 kfake: fix KIP-848 topic change notification race
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Dependabot tried to update this pull request, but something went wrong. We're looking into it, but in the meantime you can retry the update by commenting @dependabot recreate.

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.