Skip to content

Bump the go group across 1 directory with 8 updates#143

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/go_modules/go-8d16e4912d
Open

Bump the go group across 1 directory with 8 updates#143
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/go_modules/go-8d16e4912d

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Nov 24, 2025
edited
Loading

Copy link
Copy Markdown
Contributor

Bumps the go group with 7 updates in the / directory:

Package From To
github.com/coreos/go-oidc/v3 3.10.0 3.17.0
github.com/go-test/deep 1.1.0 1.1.1
github.com/gorilla/schema 1.3.0 1.4.1
github.com/spf13/afero 1.11.0 1.15.0
go.uber.org/zap 1.27.0 1.27.1
k8s.io/api 0.30.1 0.34.2
k8s.io/client-go 0.30.1 0.34.2

Updates github.com/coreos/go-oidc/v3 from 3.10.0 to 3.17.0

Release notes

Sourced from github.com/coreos/go-oidc/v3's releases.

v3.17.0

What's Changed

Full Changelog: coreos/go-oidc@v3.16.0...v3.17.0

v3.16.0

What's Changed

New Contributors

Full Changelog: coreos/go-oidc@v3.15.0...v3.16.0

v3.15.0

What's Changed

Full Changelog: coreos/go-oidc@v3.14.1...v3.15.0

v3.14.1

What's Changed

Full Changelog: coreos/go-oidc@v3.14.0...v3.14.1

v3.14.0

What's Changed

Full Changelog: coreos/go-oidc@v3.13.0...v3.14.0

v3.13.0

What's Changed

Full Changelog: coreos/go-oidc@v3.12.0...v3.13.0

v3.12.0

What's Changed

... (truncated)

Commits
  • 35b8e03 oidc: improve error message for mismatched issuer URLs
  • e958473 bump go to 1.24, remove 1.23 support, bump go-jose dependency, remove x/net d...
  • 69b1670 refactor: Remove unused time injection from RemoteKeySet
  • 8d1e57e oidc: verify the ID Token's signature before processing claims
  • a7c457e oidctest: fix import
  • aba1ce2 oidc/oidctest: add new package
  • 60d436e *: bump dependency versions
  • 4b5f82d oidc: add JSON tags to ProviderConfig
  • 0fe9887 oidc: ignore cancellation of remote key set context
  • 308e778 chore(deps): bump dependencies to address security issues
  • Additional commits viewable in compare view

Updates github.com/go-test/deep from 1.1.0 to 1.1.1

Release notes

Sourced from github.com/go-test/deep's releases.

v1.1.1

What's Changed

New Contributors

Full Changelog: go-test/deep@v1.1.0...v1.1.1

Changelog

Sourced from github.com/go-test/deep's changelog.

v1.1.1 released 2024-06-23

  • Added NilPointersAreZero option: causes a nil pointer to be equal to a zero value (PR #61) (@​seveas)
  • Updated test matrix to go1.22, go1.21, and go1.20
Commits
  • 9e863ff Release v1.1.1
  • dc5b2f6 Update SECURITY.md
  • 185886d Restore 100% test coverage (NilPointersAreZero case)
  • 47ae1b8 Merge pull request #61 from seveas/nil-pointers-are-zero
  • 93c35ac Merge branch 'master' into nil-pointers-are-zero
  • 2982c5c Update test matrix to latest 3 Go versions
  • 2b8252e Add an option to consider nil pointers to be equivalent to zero values
  • 95fb3b1 Merge pull request #58 from bartleyg/patch-1
  • 1127c84 fix copy pasta test
  • 7ff4e92 Update changelog for v1.1.0
  • See full diff in compare view

Updates github.com/gorilla/schema from 1.3.0 to 1.4.1

Release notes

Sourced from github.com/gorilla/schema's releases.

v1.4.1

Security Release

Fixes an issue where sparse slice deserialization can cause memory exhaustion CVE-2024-37298

Thanks to @​AlexVasiluta for the report and following responsible disclosure.

Full Changelog: gorilla/schema@v1.4.0...v1.4.1

v1.4.0

What's Changed

New Contributors

Full Changelog: gorilla/schema@v1.3.0...v1.3.1

Commits

Updates github.com/spf13/afero from 1.11.0 to 1.15.0

Release notes

Sourced from github.com/spf13/afero's releases.

v1.15.0

What's Changed

New Contributors

Full Changelog: spf13/afero@v1.14.0...v1.15.0

v1.14.0

What's Changed

Full Changelog: spf13/afero@v1.13.0...v1.14.0

v1.13.0

What's Changed

... (truncated)

Commits
  • 399bb34 Merge pull request #523 from MarkRosemaker/fix-spelling
  • 9b67716 Merge pull request #538 from spf13/deps
  • f5f4f7b chore: update deps
  • c245c4f ci: update ci
  • 85c4956 Merge pull request #527 from spf13/dependabot/github_actions/actions/checkout...
  • 41206fd build(deps): bump actions/checkout from 4.2.2 to 5.0.0
  • a583fad Merge pull request #533 from spf13/dependabot/github_actions/actions/dependen...
  • 673c03e Merge pull request #536 from spf13/dependabot/github_actions/actions/setup-go...
  • ac849f6 Merge pull request #537 from spf13/dependabot/github_actions/github/codeql-ac...
  • 9596fe8 build(deps): bump github/codeql-action from 3.29.7 to 3.30.1
  • Additional commits viewable in compare view

Updates go.uber.org/zap from 1.27.0 to 1.27.1

Release notes

Sourced from go.uber.org/zap's releases.

v1.27.1

Enhancements:

  • #1501[]: prevent Object from panicking on nils
  • #1511[]: Fix a race condition in WithLazy.

Thanks to @​rabbbit, @​alshopov, @​jquirke, @​arukiidou for their contributions to this release.

#1501: uber-go/zap#1501 #1511: uber-go/zap#1511

Changelog

Sourced from go.uber.org/zap's changelog.

1.27.1 (19 Nov 2025)

Enhancements:

  • #1501[]: prevent Object from panicking on nils
  • #1511[]: Fix a race condition in WithLazy.

Thanks to @​rabbbit, @​alshopov, @​jquirke, @​arukiidou for their contributions to this release.

#1501: uber-go/zap#1501 #1511: uber-go/zap#1511

Commits

Updates golang.org/x/oauth2 from 0.21.0 to 0.28.0

Commits
  • 0042180 oauth2: Deep copy context client in NewClient
  • ce350bf oauth2: remove unneeded TokenSource implementation in transport test
  • 44967ab google: fix typos
  • 9c82a8c oauth2.go: use a more straightforward return value
  • 681b4d8 jws: split token into fixed number of parts
  • 3f78298 all: upgrade go directive to at least 1.23.0 [generated]
  • 109dabf endpoints: add links/provider for Discord
  • ac571fa oauth2: fix docs for Config.DeviceAuth
  • 314ee5b endpoints: add patreon endpoint
  • b9c813b google: add warning about externally-provided credentials
  • Additional commits viewable in compare view

Updates k8s.io/api from 0.30.1 to 0.34.2

Commits
  • e28454b Update dependencies to v0.34.2 tag
  • 133a39c Merge remote-tracking branch 'origin/master' into release-1.34
  • fd087be clarify that staging repos are automatically published
  • ff163ef add pointer to CONTRIBUTING.md for more details on contributing, clarify read...
  • 5ec86fc link to what a staging repository is
  • 08c5dee docs: clarify that this is a staging repository and not for direct contributions
  • ba64d0b Update prerelease lifecycle to v1.34
  • 25f849c Merge pull request #132522 from sunya-ch/KEP-5075-PR
  • baa1eb1 KEP-5075: generated codes from make update
  • 740b2c9 KEP-5075: API updates
  • Additional commits viewable in compare view

Updates k8s.io/client-go from 0.30.1 to 0.34.2

Commits
  • 54601aa Update dependencies to v0.34.2 tag
  • 1bb1ad2 Merge pull request #134589liggitt/automated-cherry-pick-of-#134588
  • 2505205 Remove invalid SAN certificate construction
  • 7ffba0f Merge pull request #134004DerekFrank/automated-cherry-pick-of-#133573
  • 145cb8f gofmt and review feedback
  • ddcdc12 fix: Update unit test to catch actual nil Labels case and fix functionality t...
  • 97396af Merge remote-tracking branch 'origin/master' into release-1.34
  • 5f737f3 clarify that staging repos are automatically published
  • 0b8655b add pointer to CONTRIBUTING.md for more details on contributing, clarify read...
  • c00384c link to what a staging repository is
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Bump the go group across 1 directory with 8 updates
d213e9c 
Bumps the go group with 7 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [github.com/coreos/go-oidc/v3](https://github.com/coreos/go-oidc) | `3.10.0` | `3.17.0` |
| [github.com/go-test/deep](https://github.com/go-test/deep) | `1.1.0` | `1.1.1` |
| [github.com/gorilla/schema](https://github.com/gorilla/schema) | `1.3.0` | `1.4.1` |
| [github.com/spf13/afero](https://github.com/spf13/afero) | `1.11.0` | `1.15.0` |
| [go.uber.org/zap](https://github.com/uber-go/zap) | `1.27.0` | `1.27.1` |
| [k8s.io/api](https://github.com/kubernetes/api) | `0.30.1` | `0.34.2` |
| [k8s.io/client-go](https://github.com/kubernetes/client-go) | `0.30.1` | `0.34.2` |



Updates `github.com/coreos/go-oidc/v3` from 3.10.0 to 3.17.0
- [Release notes](https://github.com/coreos/go-oidc/releases)
- [Commits](coreos/go-oidc@v3.10.0...v3.17.0)

Updates `github.com/go-test/deep` from 1.1.0 to 1.1.1
- [Release notes](https://github.com/go-test/deep/releases)
- [Changelog](https://github.com/go-test/deep/blob/master/CHANGES.md)
- [Commits](go-test/deep@v1.1.0...v1.1.1)

Updates `github.com/gorilla/schema` from 1.3.0 to 1.4.1
- [Release notes](https://github.com/gorilla/schema/releases)
- [Commits](gorilla/schema@v1.3.0...v1.4.1)

Updates `github.com/spf13/afero` from 1.11.0 to 1.15.0
- [Release notes](https://github.com/spf13/afero/releases)
- [Commits](spf13/afero@v1.11.0...v1.15.0)

Updates `go.uber.org/zap` from 1.27.0 to 1.27.1
- [Release notes](https://github.com/uber-go/zap/releases)
- [Changelog](https://github.com/uber-go/zap/blob/master/CHANGELOG.md)
- [Commits](uber-go/zap@v1.27.0...v1.27.1)

Updates `golang.org/x/oauth2` from 0.21.0 to 0.28.0
- [Commits](golang/oauth2@v0.21.0...v0.28.0)

Updates `k8s.io/api` from 0.30.1 to 0.34.2
- [Commits](kubernetes/api@v0.30.1...v0.34.2)

Updates `k8s.io/client-go` from 0.30.1 to 0.34.2
- [Changelog](https://github.com/kubernetes/client-go/blob/master/CHANGELOG.md)
- [Commits](kubernetes/client-go@v0.30.1...v0.34.2)

---
updated-dependencies:
- dependency-name: github.com/coreos/go-oidc/v3
  dependency-version: 3.17.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: github.com/go-test/deep
  dependency-version: 1.1.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go
- dependency-name: github.com/gorilla/schema
  dependency-version: 1.4.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: github.com/spf13/afero
  dependency-version: 1.15.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: go.uber.org/zap
  dependency-version: 1.27.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go
- dependency-name: golang.org/x/oauth2
  dependency-version: 0.28.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: k8s.io/api
  dependency-version: 0.34.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: k8s.io/client-go
  dependency-version: 0.34.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Nov 24, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file go Pull requests that update Go code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants