fix(deps): update go deps

[renovate]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Type	Update	Change	Age	Confidence
github.com/canonical/identity-platform-api	require	digest	4e11f02 → fe6c404
github.com/canonical/rebac-admin-ui-handlers	require	minor	v0.1.2 → v0.2.1
github.com/coreos/go-oidc/v3	require	minor	v3.14.1 → v3.19.0
github.com/exaring/otelpgx	require	minor	v0.9.4 → v0.11.1
github.com/go-chi/chi/v5	require	minor	v5.2.5 → v5.3.0
github.com/go-playground/validator/v10	require	minor	v10.22.1 → v10.30.3
github.com/grpc-ecosystem/grpc-gateway/v2	require	minor	v2.28.0 → v2.29.0
github.com/jackc/pgx/v5	require	minor	v5.9.2 → v5.10.0
github.com/ory/hydra-client-go/v2	require	minor	v2.1.1 → v2.2.1
github.com/ory/kratos-client-go	require	minor	v1.1.0 → v1.3.8
github.com/pressly/goose/v3	require	minor	v3.24.3 → v3.27.1
github.com/prometheus/client_golang	require	minor	v1.17.0 → v1.23.2
github.com/spf13/cobra	require	minor	v1.8.1 → v1.10.2
github.com/tomnomnom/linkheader	require	digest	02ca582 → e5fe3b5
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp	require	minor	v0.49.0 → v0.69.0
go.opentelemetry.io/contrib/propagators/jaeger	require	minor	v1.20.0 → v1.44.0
go.opentelemetry.io/otel	require	minor	v1.43.0 → v1.44.0
go.opentelemetry.io/otel/exporters/otlp/otlptrace	require	minor	v1.43.0 → v1.44.0
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc	require	minor	v1.19.0 → v1.44.0
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp	require	minor	v1.43.0 → v1.44.0
go.opentelemetry.io/otel/exporters/stdout/stdouttrace	require	minor	v1.19.0 → v1.44.0
go.opentelemetry.io/otel/sdk	require	minor	v1.43.0 → v1.44.0
go.opentelemetry.io/otel/trace	require	minor	v1.43.0 → v1.44.0
go.uber.org/mock	require	minor	v0.4.0 → v0.6.0
go.uber.org/zap	require	minor	v1.27.1 → v1.28.0
golang.org/x/oauth2	require	minor	v0.35.0 → v0.36.0
google.golang.org/genproto/googleapis/rpc	require	digest	9d38bb4 → b703f56
google.golang.org/grpc	require	minor	v1.80.0 → v1.81.1
k8s.io/api	require	minor	v0.28.15 → v0.36.2
k8s.io/apimachinery	require	minor	v0.28.15 → v0.36.2
k8s.io/client-go	require	minor	v0.28.15 → v0.36.2

---

Warning

Some dependencies could not be looked up. Check the warning logs for more information.

---

Release Notes

canonical/rebac-admin-ui-handlers (github.com/canonical/rebac-admin-ui-handlers)

v0.2.1

Compare Source

Bug Fixes

• govulncheck: fix GO-2025-3533 (be99847)

v0.2.0

Compare Source

Features

• error-response-mapper: update MapError to use the context (1fe817e)

Bug Fixes

• test: use latest version of upload-artifact (b55d122)

coreos/go-oidc (github.com/coreos/go-oidc/v3)

v3.19.0

Compare Source

What's Changed

• fix: Key refresh should set no-cache to get most up to date keys by @​Yanni8 in #​485
• oidc: add support for validating back-channel logout tokens by @​ericchiang in #​486

New Contributors

• @​Yanni8 made their first contribution in #​485

Full Changelog: coreos/go-oidc@v3.18.0...v3.19.0

v3.18.0

Compare Source

What's Changed

• .github: configure dependabot by @​ericchiang in #​477
• .github: update go versions in CI by @​ericchiang in #​480
• build(deps): bump golang.org/x/oauth2 from 0.28.0 to 0.36.0 by @​dependabot[bot] in #​478
• build(deps): bump github.com/go-jose/go-jose/v4 from 4.1.3 to 4.1.4 by @​dependabot[bot] in #​479

Full Changelog: coreos/go-oidc@v3.17.0...v3.18.0

v3.17.0

Compare Source

What's Changed

• oidc: improve error message for mismatched issuer URLs by @​ericchiang in #​469

Full Changelog: coreos/go-oidc@v3.16.0...v3.17.0

v3.16.0

Compare Source

What's Changed

• refactor: Remove unused time injection from RemoteKeySet by @​ponimas in #​466
• bump go to 1.24, remove 1.23 support, bump go-jose dependency, remove x/net dependency by @​wardviaene in #​467

New Contributors

• @​wardviaene made their first contribution in #​467

Full Changelog: coreos/go-oidc@v3.15.0...v3.16.0

v3.15.0

Compare Source

What's Changed

• oidc: verify the ID Token's signature before processing claims by @​ericchiang in #​464

Full Changelog: coreos/go-oidc@v3.14.1...v3.15.0

exaring/otelpgx (github.com/exaring/otelpgx)

v0.11.1

Compare Source

What's Changed

• fix: Tracer.logConnectionDetails defaults to true by @​trygve-baerland in #​80

New Contributors

• @​trygve-baerland made their first contribution in #​80

Full Changelog: exaring/otelpgx@v0.11.0...v0.11.1

v0.11.0

Compare Source

What's Changed

• chore(deps): upgrade Go version to 1.25 + use latest stable otel semconv by @​ValentinLvr in #​74
• feat: add option to disable the AcquireTracer by @​joshua-tianci in #​73
• fix(stats): allow WithStatsAttributes to override library defaults by @​obitech in #​78
• chore: spring cleaning — Go matrix, pgx, testify, golangci-lint by @​obitech in #​79

New Contributors

• @​ValentinLvr made their first contribution in #​74
• @​joshua-tianci made their first contribution in #​73

Full Changelog: exaring/otelpgx@v0.10.0...v0.11.0

v0.10.0

Compare Source

What's Changed

• feat: add option to disable tracing by @​errcheckenjoyer in #​60
• feat: allow access to context in SpanName function by @​robsonpeixoto in #​67

New Contributors

• @​errcheckenjoyer made their first contribution in #​60
• @​robsonpeixoto made their first contribution in #​67

Full Changelog: exaring/otelpgx@v0.9.4...v0.10.0

go-chi/chi (github.com/go-chi/chi/v5)

v5.3.0

Compare Source

What's Changed

• Use strings.ReplaceAll where applicable by @​JRaspass in #​1046
• Propagate inline middlewares across mounted subrouters by @​LukasJenicek in #​1049
• add go 1.26 to ci by @​pkieltyka in #​1052
• Remove last uses of io/ioutil by @​JRaspass in #​1054
• Simplify chi.walk with slices.Concat by @​JRaspass in #​1053
• Apply the stringscutprefix modernizer by @​JRaspass in #​1051
• Bump minimum Go to 1.23, always use request.Pattern by @​JRaspass in #​1048
• middleware: fix httpFancyWriter.ReadFrom double-counting bytes with Tee by @​alliasgher in #​1085
• Fix typo in Route doc comment by @​gouwazi in #​1073
• fix: set Request.Pattern from RoutePattern() by @​leno23 in #​1097
• feat: middleware.ClientIP, a replacement for middleware.RealIP by @​VojtechVitek in #​967

New Contributors

• @​LukasJenicek made their first contribution in #​1049
• @​alliasgher made their first contribution in #​1085
• @​gouwazi made their first contribution in #​1073
• @​leno23 made their first contribution in #​1097

SECURITY: middleware.ClientIP, a replacement for middleware.RealIP

PR #​967 introduced middleware.ClientIP, a replacement for middleware.RealIP that closes the three open spoofing advisories:

• GHSA-9g5q-2w5x-hmxf — IP spoofing via XFF in RemoteAddr resolution (convto)
• GHSA-rjr7-jggh-pgcp — RealIP allows IP spoofing via unvalidated XFF (rezmoss)
• GHSA-3fxj-6jh8-hvhx — IP spoofing in middleware.RealIP (Saku0512, Critical / 9.3)

It also addresses issues outlined at:

• #​708
• https://adam-p.ca/blog/2022/03/x-forwarded-for/
• #​711
• #​453
• #​908

middleware.RealIP is deprecated in this PR with pointers to the new API.

The deprecation only adds a // Deprecated: doc comment; the function keeps working for backward compatibility.

Why a new middleware (not "fix RealIP in place")

RealIP has two unfixable design choices: it mutates r.RemoteAddr, and it tries to be a one-size-fits-all default by walking a hard-coded list of headers any client can supply. Per adam-p's "The perils of the 'real' client IP" (which calls chi out by name on this), there is no safe default — the user must pick their trust source explicitly.

The new API

Four middlewares, two accessors. Pick exactly one middleware based on your
infrastructure, read the result with one of the two accessors:

// One of the four. There is no safe default — pick exactly one.
func ClientIPFromHeader(trustedHeader string) func(http.Handler) http.Handler
func ClientIPFromXFF(trustedIPPrefixes ...string) func(http.Handler) http.Handler
func ClientIPFromXFFTrustedProxies(numTrustedProxies int) func(http.Handler) http.Handler
func ClientIPFromRemoteAddr(h http.Handler) http.Handler

// Read the result.
func GetClientIP(ctx context.Context) string         // for logs, rate-limit keys
func GetClientIPAddr(ctx context.Context) netip.Addr // for typed work

Example usage:

// Pick a single ClientIP middleware based on your deployment
  
// Cloudflare.
r.Use(middleware.ClientIPFromHeader("CF-Connecting-IP"))

// Nginx with ngx_http_realip_module.
r.Use(middleware.ClientIPFromHeader("X-Real-IP"))

// Apache with mod_remoteip.
r.Use(middleware.ClientIPFromHeader("X-Client-IP"))

// AWS CloudFront, or any proxy fleet with known CIDRs.
r.Use(middleware.ClientIPFromXFF(
    "13.32.0.0/15",   // CloudFront IPv4
    "52.46.0.0/18",   // CloudFront IPv4
    "2600:9000::/28", // CloudFront IPv6
))

// Behind exactly 2 trusted proxies with dynamic IPs (autoscaling pools,
// ephemeral containers, dynamic CDN edges).
r.Use(middleware.ClientIPFromXFFTrustedProxies(2))

// Server directly on the public internet, no proxy in front.
r.Use(middleware.ClientIPFromRemoteAddr)

And in your handler or downstream middleware:

clientIP := middleware.GetClientIP(r.Context())
// log it, use it as a rate-limit key, etc.

---

Thanks to @​adam-p, @​c2h5oh, @​rezmoss, @​Saku0512, @​convto, @​Dirbaio, @​jawnsy, @​lrstanley, @​mfridman, @​n33pm, @​pkieltyka for the prior discussions, detailed reviews, advisory reports, and test contributions that shaped this PR.

Full Changelog: go-chi/chi@v5.2.5...v5.3.0

go-playground/validator (github.com/go-playground/validator/v10)

v10.30.3

Compare Source

What's Changed

• Fix/issue 1550 UUID case insensitive by @​leo-jp-edwards in #​1551
• Feat: Add NoneOf Validation by @​Carmen-Shannon in #​1554
• Add bcp47_strict_language_tag validator by @​bfabio in #​1489
• chore(deps): bump golang.org/x/text from 0.35.0 to 0.36.0 by @​dependabot[bot] in #​1558
• chore(deps): bump golang.org/x/crypto from 0.49.0 to 0.50.0 by @​dependabot[bot] in #​1559
• Add CLAUDE.md with repo guidance for Claude Code by @​deankarn in #​1564
• Reduce build size with dead code elimination by @​zemzale in #​1542
• Refactored out detectFileMIMEType, matchesMIMEType logic for reuse. Added standalone isMIMEType validator for flexibility by @​dapzthelegend in #​1544
• feat(translations): add timezone support for en and ja locales by @​dedyf5 in #​1566
• docs: use errors.As in README and translations example by @​eyupcanakman in #​1563
• docs: fix typos by @​rymiyamoto in #​1568
• feat: add origin validator for web origin URLs by @​ahmedkamalio in #​1565
• fix: reject hostnames with trailing hyphen in RFC 952 validator by @​ahmedkamalio in #​1569
• fix(lint): correctly disable govet inline analyzer & deprecated gomodguard by @​nodivbyzero in #​1574
• chore(deps): bump golang.org/x/text from 0.36.0 to 0.37.0 by @​dependabot[bot] in #​1572
• chore(deps): bump golang.org/x/crypto from 0.50.0 to 0.51.0 by @​dependabot[bot] in #​1571
• fix(cron): anchor regex and accept full cron syntax by @​ahmedkamalio in #​1577
• chore(deps): bump golang.org/x/crypto from 0.51.0 to 0.52.0 by @​dependabot[bot] in #​1580
• feat: omit blank tag names from namespace by @​abemedia in #​1567
• fix(docs): correct ripemd160 tag name in README validation table by @​napoleonbot in #​1582

New Contributors

• @​leo-jp-edwards made their first contribution in #​1551
• @​Carmen-Shannon made their first contribution in #​1554
• @​dapzthelegend made their first contribution in #​1544
• @​dedyf5 made their first contribution in #​1566
• @​eyupcanakman made their first contribution in #​1563
• @​rymiyamoto made their first contribution in #​1568
• @​abemedia made their first contribution in #​1567
• @​napoleonbot made their first contribution in #​1582

Full Changelog: go-playground/validator@v10.30.2...v10.30.3

v10.30.2

Compare Source

What's Changed

• chore(deps): bump golang.org/x/crypto from 0.46.0 to 0.47.0 by @​dependabot[bot] in #​1523
• feat: add translations for alphaspace and alphanumspace tags in indonesian by @​savioruz in #​1522
• chore(deps): bump github.com/gabriel-vasile/mimetype from 1.4.12 to 1.4.13 by @​dependabot[bot] in #​1526
• feat: add cmyk(color) to validator by @​thenicolau in #​1528
• chore(deps): bump golang.org/x/text from 0.33.0 to 0.34.0 by @​dependabot[bot] in #​1534
• chore(deps): bump golang.org/x/crypto from 0.47.0 to 0.48.0 by @​dependabot[bot] in #​1533
• Go 1.26 support by @​nodivbyzero in #​1535
• fix: prevent panic in unique validation with nil pointer elements by @​nodivbyzero in #​1532
• docs: fix typos by @​alexandear in #​1527
• feat: implement ValidatorValuer interface feature by @​thommeo in #​1416
• docs: add Valuer interface documentation and example by @​wofiporia in #​1540
• chore(deps): bump golang.org/x/text from 0.34.0 to 0.35.0 by @​dependabot[bot] in #​1545
• chore(deps): bump golang.org/x/crypto from 0.48.0 to 0.49.0 by @​dependabot[bot] in #​1546
• feat: add postcode patterns for Colombia (CO) and British Virgin Islands (VG) by @​j-ibarra in #​1547
• fix(fqdn): allow hyphens in last domain label by @​alihasan070707 in #​1548

New Contributors

• @​savioruz made their first contribution in #​1522
• @​thenicolau made their first contribution in #​1528
• @​thommeo made their first contribution in #​1416
• @​wofiporia made their first contribution in #​1540
• @​j-ibarra made their first contribution in #​1547
• @​alihasan070707 made their first contribution in #​1548

Full Changelog: go-playground/validator@v10.30.1...v10.30.2

v10.30.1: Release 10.30.1

Compare Source

What's Changed

• Feat: uds_exists validator by @​barash-asenov in #​1482
• fix: Revert min limit of e164 regex by @​zemzale in #​1516
• Fix 1513 update ISO 3166-2 codes by @​xyz27900 in #​1514

New Contributors

• @​barash-asenov made their first contribution in #​1482
• @​xyz27900 made their first contribution in #​1514

Full Changelog: go-playground/validator@v10.30.0...v10.30.1

v10.30.0: Release 10.30.0

Compare Source

What's Changed

• Bump golang.org/x/crypto from 0.45.0 to 0.46.0 by @​dependabot[bot] in #​1504
• Bump github.com/gabriel-vasile/mimetype from 1.4.11 to 1.4.12 by @​dependabot[bot] in #​1505
• docs: document omitzero by @​minoritea in #​1509
• fix: add missing translations for alpha validators by @​shindonghwi in #​1510
• fix: resolve panic when using aliases with OR operator by @​shindonghwi in #​1507
• fix: resolve panic when using cross-field validators with ValidateMap by @​shindonghwi in #​1508

New Contributors

• @​minoritea made their first contribution in #​1509
• @​shindonghwi made their first contribution in #​1510

Full Changelog: go-playground/validator@v10.29.0...v10.30.0

v10.29.0

Compare Source

What's Changed

• fix: minor spelling fix in docs by @​Perfect5th in #​1472
• Bump golang.org/x/text from 0.29.0 to 0.30.0 by @​dependabot[bot] in #​1473
• Bump golang.org/x/crypto from 0.42.0 to 0.43.0 by @​dependabot[bot] in #​1474
• Fix integer overflows in test when run on 32bit systems by @​gibmat in #​1479
• fix: exclude modernize linter by @​nodivbyzero in #​1487
• Bump golangci/golangci-lint-action from 8 to 9 by @​dependabot[bot] in #​1490
• Bump github.com/gabriel-vasile/mimetype from 1.4.10 to 1.4.11 by @​dependabot[bot] in #​1485
• Support for ISO 9362:2022 BIC (SWIFT) codes by @​fira42073 in #​1478
• Bump golang.org/x/crypto from 0.43.0 to 0.44.0 by @​dependabot[bot] in #​1492
• Fix: validation now rejects phone codes starting with +0 by @​nodivbyzero in #​1476
• Bump golang.org/x/crypto from 0.44.0 to 0.45.0 by @​dependabot[bot] in #​1495
• Bump actions/checkout from 5 to 6 by @​dependabot[bot] in #​1497
• fix/1500:Update Sierra Leone currency code from SLL to SLE by @​princekm096 in #​1501
• Fix/1481 skip invalid type validations by @​KaranLathiya in #​1498
• Fix 1502 update ccy codes by @​princekm096 in #​1503
• Added alphanumspace string validator by @​haribabuk113 in #​1484
• excluded_unless bug fix by @​chargraves85 in #​1307

New Contributors

• @​Perfect5th made their first contribution in #​1472
• @​gibmat made their first contribution in #​1479
• @​fira42073 made their first contribution in #​1478
• @​princekm096 made their first contribution in #​1501
• @​KaranLathiya made their first contribution in #​1498
• @​haribabuk113 made their first contribution in #​1484
• @​chargraves85 made their first contribution in #​1307

Full Changelog: go-playground/validator@v10.28.0...v10.29.0

v10.28.0: Release 10.28.0

Compare Source

What's Changed

• Update workflow.yml to support 2 most recent major versions by @​nodivbyzero in #​1417
• Bump actions/checkout from 4 to 5 by @​dependabot[bot] in #​1456
• Go 1.25 support by @​nodivbyzero in #​1459
• Bump github.com/gabriel-vasile/mimetype from 1.4.8 to 1.4.10 by @​dependabot[bot] in #​1463
• Bump golang.org/x/text from 0.22.0 to 0.29.0 by @​dependabot[bot] in #​1464
• Bump actions/setup-go from 5 to 6 by @​dependabot[bot] in #​1465
• Bump golang.org/x/crypto from 0.33.0 to 0.42.0 by @​dependabot[bot] in #​1467
• fix: should panic when define duplicate field param in required_if by @​duyquang6 in #​1468
• Fixed missing keys from returned errors in map validation by @​gelozr in #​1284
• Added https_url tag by @​ahmedkamalio in #​1461
• docs: add description for 'port' validator by @​nodivbyzero in #​1435
• Add alphaspace validator by @​takaaa220 in #​1343

New Contributors

• @​duyquang6 made their first contribution in #​1468
• @​gelozr made their first contribution in #​1284
• @​ahmedkamalio made their first contribution in #​1461
• @​takaaa220 made their first contribution in #​1343

Full Changelog: go-playground/validator@v10.27.0...v10.28.0

v10.27.0: Release 10.27.0

Compare Source

What's Changed

• Fix Release version badge on README page by @​nodivbyzero in #​1406
• fix russian E.164 error message by @​prigornitskiy in #​1349
• chore: remove unnecessary statement by @​qshuai in #​1200
• Re-enable several linters by @​nodivbyzero in #​1412
• add support to tag validateFn by @​peczenyj in #​1363
• Bump golang.org/x/crypto from 0.33.0 to 0.35.0 in /_examples/validate_fn by @​dependabot in #​1418
• Bump golang.org/x/net from 0.34.0 to 0.38.0 in /_examples/validate_fn by @​dependabot in #​1419
• Align required_without with the contract stated in the documentation by @​jmfrees in #​1422
• Add translation example by @​cxlblm in #​1394
• doc(errors): mention RegisterTagNameFunc for FieldError.Field by @​khan-ajamal in #​1358
• Bump golangci/golangci-lint-action from 7 to 8 by @​dependabot in #​1425
• feat(translation): add en translation for urn_rfc2141 by @​ryanmalesic in #​1431
• fix: panics when private field is validated by @​ykalchevskiy in #​1423
• Fix: support validation for map values with struct types by @​JunaidIslam2105 in #​1433
• Omitzero does not work with slice and map bug by @​JunaidIslam2105 in #​1436
• Fix: Validator panics when 'nil' is used along with required if for slices and maps by @​JunaidIslam2105 in #​1442
• docs: typos by @​eqsdxr in #​1440
• fix: make "file://" fail url validation by @​bfabio in #​1444
• disable way too aggressive and disagreeable linters by @​deankarn in #​1445
• use golangci lint file for disables by @​deankarn in #​1447

New Contributors

• @​prigornitskiy made their first contribution in #​1349
• @​qshuai made their first contribution in #​1200
• @​peczenyj made their first contribution in #​1363
• @​jmfrees made their first contribution in #​1422
• @​cxlblm made their first contribution in #​1394
• @​khan-ajamal made their first contribution in #​1358
• @​ryanmalesic made their first contribution in #​1431
• @​ykalchevskiy made their first contribution in #​1423
• @​JunaidIslam2105 made their first contribution in #​1433
• @​eqsdxr made their first contribution in #​1440
• @​bfabio made their first contribution in #​1444

Full Changelog: go-playground/validator@v10.26.0...v10.27.0

v10.26.0

Compare Source

What's Changed

• Use correct pointer in errors.As(). Fix "panic: errors: *target must be interface or implement error" in examples. by @​antonsoroko in #​1378
• Create dependabot by @​nodivbyzero in #​1373
• Bump golangci/golangci-lint-action from 4 to 6 by @​dependabot in #​1381
• Bump golang.org/x/text from 0.21.0 to 0.22.0 by @​dependabot in #​1383
• Bump golang.org/x/crypto from 0.32.0 to 0.33.0 by @​dependabot in #​1382
• feat(translations): improve Indonesian translations and add tests by @​fathiraz in #​1376
• Fix time.Duration translation error b

✂ Note

PR body was truncated to here.

---

Configuration

📅 Schedule: (in timezone Europe/London)

• Branch creation
  • Only on Monday, Wednesday, and Saturday (* * * * 1,3,6)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[renovate]

ℹ Artifact update notice

File name: go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

• 24 additional dependencies were updated

Details:

Package	Change
github.com/emicklei/go-restful/v3	v3.9.0 -> v3.12.2
github.com/gabriel-vasile/mimetype	v1.4.3 -> v1.4.10
github.com/go-jose/go-jose/v4	v4.0.5 -> v4.1.3
github.com/go-logr/logr	v1.4.2 -> v1.4.3
github.com/google/gnostic-models	v0.6.8 -> v0.7.0
github.com/modern-go/reflect2	v1.0.2 -> v1.0.3-0.20250322232337-35a7c28c31ee
github.com/prometheus/client_model	v0.4.1-0.20230718164431-9a2bf3000d16 -> v0.6.2
github.com/prometheus/common	v0.44.0 -> v0.66.1
github.com/spf13/pflag	v1.0.5 -> v1.0.9
go.opentelemetry.io/auto/sdk	v1.1.0 -> v1.2.1
go.opentelemetry.io/otel/metric	v1.35.0 -> v1.39.0
go.opentelemetry.io/proto/otlp	v1.0.0 -> v1.9.0
golang.org/x/crypto	v0.38.0 -> v0.44.0
golang.org/x/exp	v0.0.0-20250506013437-ce4c2cf36ca6 -> v0.0.0-20250620022241-b7579e27df2b
golang.org/x/net	v0.40.0 -> v0.47.0
golang.org/x/sync	v0.17.0 -> v0.18.0
golang.org/x/sys	v0.33.0 -> v0.39.0
golang.org/x/term	v0.32.0 -> v0.37.0
golang.org/x/text	v0.29.0 -> v0.31.0
k8s.io/klog/v2	v2.100.1 -> v2.130.1
k8s.io/kube-openapi	v0.0.0-20230717233707-2695361300d9 -> v0.0.0-20250710124328-f3f2b991d03b
k8s.io/utils	v0.0.0-20230406110748-d93618cff8a2 -> v0.0.0-20250604170112-4c0f3b243397
sigs.k8s.io/json	v0.0.0-20221116044647-bc3834ca7abd -> v0.0.0-20241014173422-cfa47c3a1cc8
sigs.k8s.io/yaml	v1.3.0 -> v1.6.0