fix(deps): update all go dependencies master (minor)

[renovate]

Note

Mend has cancelled the proposed renaming of the Renovate GitHub app being renamed to mend[bot].

This notice will be removed on 2025-10-07.

---

This PR contains the following updates:

Package	Change	Age	Confidence
github.com/cilium/ebpf	v0.18.0 -> v0.19.0
github.com/docker/docker	v28.0.0+incompatible -> v28.4.0+incompatible
github.com/gopacket/gopacket	v1.3.1 -> v1.4.0
github.com/mdlayher/netlink	v1.7.2 -> v1.8.0
github.com/spf13/cobra	v1.9.1 -> v1.10.1
github.com/stretchr/testify	v1.10.0 -> v1.11.1
golang.org/x/arch	v0.18.0 -> v0.21.0
golang.org/x/sys	v0.33.0 -> v0.36.0
k8s.io/cri-api	v0.33.2 -> v0.34.1
k8s.io/cri-client	v0.33.2 -> v0.34.1

---

Release Notes

cilium/ebpf (github.com/cilium/ebpf)

v0.19.0

Compare Source

Major Performance Improvements

This release includes significant performance optimizations across multiple areas:

• Lazy BTF Decoding: BTF types are now decoded on-demand rather than all upfront, dramatically reducing memory usage and load times
• Faster Object Opening: Opening Maps and Programs from fd/id/pin is significantly faster through minimal info retrieval
• Improved Statistics Access: New Program.Stats() method allows querying runtime statistics without fetching full ProgramInfo

CO-RE Improvements

• Full Kernel Module Support: CO-RE relocations now work against all kernel modules, not just vmlinux

Build System and Toolchain Updates

• LLVM Toolchain: Updated to support LLVM 14, 17, and 20 (dropped LLVM 11 support)

Enhanced Map Support

• BTF Declaration Tags: Added MapSpec.Tags field for reading btf_decl_tag attributes set on maps
• Better Error Handling: Improved BPF_F_NO_PREALLOC hints and warnings for map types that require this flag

Assembly and Instruction Handling

• Atomic Operations: Complete support for all atomic operations beyond just atomic add

Memory and Variable Access

• New Accessors: Added accessor methods for values represented by Variable and Memory types

Windows Support Improvements

• Path Canonicalization: Fixed pin path handling to work with eBPF for Windows path canonicalization rules

Bug Fixes

• Map Batch Operations: Fixed value unmarshaling for partial batch operations in BatchLookup and BatchLookupDelete (#​1741)
• Assembly Validation: Return InvalidOpCode for StoreImm with DWord size (#​1767)
• Builtin Function Calls: Allow negative constants for builtin function calls (#​1797)
• CO-RE Module Types: Perform CO-RE against all kernel module types (#​1511)
• Pin API: Made WalkDir harder to misuse and added Windows support (#​1652)
• Struct Layout: Emit structs.HostLayout in GoFormatter (#​1686)

Compatibility Notes

• Minimum eBPF for Windows: Now requires eBPF for Windows 0.21.0 or later
• LLVM 11 Dropped: No longer supports LLVM 11 (required for declaration tag support)

What's Changed

• perf,ringbuf: switch Go build tag by @​florianl in #​1752
• pin: make WalkDir harder to misuse and add Windows support by @​lmb in #​1736
• examples: remove unnecessary -type flags to bpf2go invocations by @​ti-mo in #​1754
• map: unmarshal values for partial batch by @​aibor in #​1742
• build(deps): bump golang.org/x/net from 0.36.0 to 0.38.0 by @​dependabot in #​1756
• all: require eFW 0.21.0 by @​lmb in #​1759
• all: use binary.Append where appropriate by @​lmb in #​1760
• btf: use append-style encoding when marshaling by @​lmb in #​1761
• ci: ensure build works with GOARCH=wasm by @​ti-mo in #​1757
• CI: test on latest ubuntu arm64 by @​lmb in #​1766
• asm: Add handling for atomic operations by @​dylandreimerink in #​1751
• CI: run tests with -race enabled by @​lmb in #​1770
• btf: lazy decoding by @​lmb in #​1763
• btf: lazy decoding of string table by @​lmb in #​1772
• Typo: BenchmarkInspectorGadget -> BenchmarkInspektorGadget by @​burak-ok in #​1773
• build(deps): bump the docs group in /docs with 3 updates by @​dependabot in #​1771
• variable: return native Go pointers to bpf map memory by @​ti-mo in #​1607
• map: reduce false positives of BPF_F_NO_PREALLOC hint on EINVAL by @​ti-mo in #​1776
• ci: fix efW installation by @​lmb in #​1777
• bpf2go, btf: emit structs.HostLayout in GoFormatter by @​lmb in #​1769
• btf: fix Spec.Copy() for split BTF by @​lmb in #​1775
• fix: return InvalidOpCode for StoreImm with DWord size by @​Ghostbaby in #​1768
• info: add memlock field to ProgramInfo by @​haozhangami in #​1764
• ci: use real staticcheck by @​lmb in #​1779
• refactor: use the built-in max/min by @​cuishuang in #​1780
• refactor: replace HasPrefix+TrimPrefix with CutPrefix by @​carrychair in #​1784
• kfunc: poison all weak kfunc calls if the kernel lacks BTF by @​bogushevich in #​1774
• btf: fix TestLoadKernelModuleSpec by @​lmb in #​1787
• collection: share kernel BTF when loading a collection by @​lmb in #​1778
• build(deps): bump the docs group in /docs with 2 updates by @​dependabot in #​1790
• build(deps): bump golangci/golangci-lint-action from 7.0.0 to 8.0.0 by @​dependabot in #​1789
• kallsyms: optimize things a bit by @​lmb in #​1785
• ci: fetch efW binaries from completed workflows by @​lmb in #​1793
• Optimize New{Map,Program}From{ID,FD} and LoadPinned{Map,Program} by @​ti-mo in #​1791
• cmd/bpf2go: Use BPF2GO_CFLAGS instead of BPF2GO_FLAGS by @​jrife in #​1796
• bpf2go: import package structs when all structs are typedefs by @​RonFed in #​1798
• build(deps): bump requests from 2.32.3 to 2.32.4 in /docs by @​dependabot in #​1799
• ci: upgrade LLVM to 20.1, drop LLVM 11 by @​ti-mo in #​1800
• map: add MapSpec.Tags field for reading btf_decl_tag attributes set on maps by @​ti-mo in #​1801
• build(deps): bump urllib3 from 2.4.0 to 2.5.0 in /docs by @​dependabot in #​1805
• elf_reader: do not panic in loadMapsif ELF file has no BTF by @​paulcacheux in #​1807
• program: perform CO-RE against all kmod by @​lmb in #​1794
• asm: allow negative constants for builtin function calls by @​lmb in #​1806
• btf: introduce caching string table to speed up ext info loading by @​paulcacheux in #​1809
• linker: do not error out when there is nothing in /sys/kernel/btf by @​paulcacheux in #​1813

New Contributors

• @​burak-ok made their first contribution in #​1773
• @​haozhangami made their first contribution in #​1764
• @​carrychair made their first contribution in #​1784
• @​bogushevich made their first contribution in #​1774
• @​jrife made their first contribution in #​1796

Full Changelog: cilium/ebpf@v0.18.0...v0.19.0

docker/docker (github.com/docker/docker)

v28.4.0+incompatible

Compare Source

v28.3.3+incompatible

Compare Source

v28.3.2+incompatible

Compare Source

v28.3.1+incompatible

Compare Source

v28.3.0+incompatible

Compare Source

v28.2.2+incompatible

Compare Source

v28.2.1+incompatible

Compare Source

v28.2.0+incompatible

Compare Source

v28.1.1+incompatible

Compare Source

v28.1.0+incompatible

Compare Source

v28.0.4+incompatible

Compare Source

v28.0.3+incompatible

Compare Source

v28.0.2+incompatible

Compare Source

v28.0.1+incompatible

Compare Source

gopacket/gopacket (github.com/gopacket/gopacket)

v1.4.0

Compare Source

What's Changed

• Make pcapgo EthernetHandle use runtime poller by @​WGH- in #​99
• avoid panic in case of a root zone SignerName by @​esara in #​101
• pcapng: support read and write Enhanced Packet Block (EPB) options by @​mozillazg in #​58
• Cleanup endian conversion helpers by @​mejedi in #​108
• fix time resolution of pcap/pcapgo by @​zhouyan in #​102
• feat: support icmp6 option RecursiveDNSServer by @​ruokeqx in #​105
• endian: fix big endian detection by @​mejedi in #​110
• Bump golang.org/x/net from 0.35.0 to 0.36.0 by @​dependabot[bot] in #​114
• Making SIP parsing a bit more strict by @​thorsager in #​109
• geneve: implement DecodingLayer by @​kaworu in #​115
• Enable decoding/encoding additional RadioTap namespaces and Vendor namespaces by @​robertkleffner in #​116
• gtpv1u: check message type when decoding payload by @​mejedi in #​112
• Potential fix for code scanning alert no. 5: Workflow does not contain permissions by @​mosajjal in #​118
• add ability to handle pointers in layerString by @​wardviaene in #​121
• fix wrong return when parse ip options by @​mozillazg in #​120
• ipsec: implement DecodingLayer by @​smagnani96 in #​117
• Feature/add serialize to ipv6 routing by @​sat0ken in #​111

New Contributors

• @​WGH- made their first contribution in #​99
• @​esara made their first contribution in #​101
• @​mozillazg made their first contribution in #​58
• @​zhouyan made their first contribution in #​102
• @​ruokeqx made their first contribution in #​105
• @​kaworu made their first contribution in #​115
• @​robertkleffner made their first contribution in #​116
• @​smagnani96 made their first contribution in #​117
• @​sat0ken made their first contribution in #​111

Full Changelog: gopacket/gopacket@v1.3.1...v.1.3.1

mdlayher/netlink (github.com/mdlayher/netlink)

v1.8.0

Compare Source

See https://github.com/mdlayher/netlink/blob/main/CHANGELOG.md#v180.

spf13/cobra (github.com/spf13/cobra)

v1.10.1

Compare Source

🐛 Fix

• chore: upgrade pflags v1.0.9 by @​jpmcb in #​2305

v1.0.9 of pflags brought back ParseErrorsWhitelist and marked it as deprecated

Full Changelog: spf13/cobra@v1.10.0...v1.10.1

v1.10.0

Compare Source

What's Changed

🚨 Attention!

• Bump pflag to 1.0.8 by @​tomasaschan in #​2303

This version of pflag carried a breaking change: it renamed ParseErrorsWhitelist to ParseErrorsAllowlist which can break builds if both pflag and cobra are dependencies in your project.

• If you use both pflag and cobra, upgrade pflagto 1.0.8 andcobrato1.10.0`
• or use the newer, fixed version of pflag v1.0.9 which keeps the deprecated ParseErrorsWhitelist

More details can be found here: #​2303 (comment)

✨ Features

• Flow context to command in SetHelpFunc by @​Frassle in #​2241
• The default ShellCompDirective can be customized for a command and its subcommands by @​albers in #​2238

🐛 Fix

• Upgrade golangci-lint to v2, address findings by @​scop in #​2279

🪠 Testing

• Test with Go 1.24 by @​harryzcy in #​2236
• chore: Rm GitHub Action PR size labeler by @​jpmcb in #​2256

📝 Docs

• Remove traling curlybrace by @​yedayak in #​2237
• Update command.go by @​styee in #​2248
• feat: Add security policy by @​jpmcb in #​2253
• Update Readme (Warp) by @​ericdachen in #​2267
• Add Periscope to the list of projects using Cobra by @​anishathalye in #​2299

New Contributors

• @​harryzcy made their first contribution in #​2236
• @​yedayak made their first contribution in #​2237
• @​Frassle made their first contribution in #​2241
• @​styee made their first contribution in #​2248
• @​ericdachen made their first contribution in #​2267
• @​albers made their first contribution in #​2238
• @​anishathalye made their first contribution in #​2299
• @​tomasaschan made their first contribution in #​2303

Full Changelog: spf13/cobra@v1.9.1...v1.9.2

stretchr/testify (github.com/stretchr/testify)

v1.11.1

Compare Source

This release fixes #​1785 introduced in v1.11.0 where expected argument values implementing the stringer interface (String() string) with a method which mutates their value, when passed to mock.Mock.On (m.On("Method", <expected>).Return()) or actual argument values passed to mock.Mock.Called may no longer match one another where they previously did match. The behaviour prior to v1.11.0 where the stringer is always called is restored. Future testify releases may not call the stringer method at all in this case.

What's Changed

• Backport #​1786 to release/1.11: mock: revert to pre-v1.11.0 argument matching behavior for mutating stringers by @​brackendawson in #​1788

Full Changelog: stretchr/testify@v1.11.0...v1.11.1

v1.11.0

Compare Source

What's Changed

Functional Changes

v1.11.0 Includes a number of performance improvements.

• Call stack perf change for CallerInfo by @​mikeauclair in #​1614
• Lazily render mock diff output on successful match by @​mikeauclair in #​1615
• assert: check early in Eventually, EventuallyWithT, and Never by @​cszczepaniak in #​1427
• assert: add IsNotType by @​bartventer in #​1730
• assert.JSONEq: shortcut if same strings by @​dolmen in #​1754
• assert.YAMLEq: shortcut if same strings by @​dolmen in #​1755
• assert: faster and simpler isEmpty using reflect.Value.IsZero by @​dolmen in #​1761
• suite: faster methods filtering (internal refactor) by @​dolmen in #​1758

Fixes

• assert.ErrorAs: log target type by @​craig65535 in #​1345
• Fix failure message formatting for Positive and Negative asserts in #​1062
• Improve ErrorIs message when error is nil but an error was expected by @​tsioftas in #​1681
• fix Subset/NotSubset when calling with mixed input types by @​siliconbrain in #​1729
• Improve ErrorAs failure message when error is nil by @​ccoVeille in #​1734
• mock.AssertNumberOfCalls: improve error msg by @​3scalation in #​1743

Documentation, Build & CI

• docs: Fix typo in README by @​alexandear in #​1688
• Replace deprecated io/ioutil with io and os by @​alexandear in #​1684
• Document consequences of calling t.FailNow() by @​greg0ire in #​1710
• chore: update docs for Unset #​1621 by @​techfg in #​1709
• README: apply gofmt to examples by @​alexandear in #​1687
• refactor: use %q and %T to simplify fmt.Sprintf by @​alexandear in #​1674
• Propose Christophe Colombier (ccoVeille) as approver by @​brackendawson in #​1716
• Update documentation for the Error function in assert or require package by @​architagr in #​1675
• assert: remove deprecated build constraints by @​alexandear in #​1671
• assert: apply gofumpt to internal test suite by @​ccoVeille in #​1739
• CI: fix shebang in .ci.*.sh scripts by @​dolmen in #​1746
• assert,require: enable parallel testing on (almost) all top tests by @​dolmen in #​1747
• suite.Passed: add one more status test report by @​Ararsa-Derese in #​1706
• Add Helper() method in internal mocks and assert.CollectT by @​dolmen in #​1423
• assert.Same/NotSame: improve usage of Sprintf by @​ccoVeille in #​1742
• mock: enable parallel testing on internal testsuite by @​dolmen in #​1756
• suite: cleanup use of 'testing' internals at runtime by @​dolmen in #​1751
• assert: check test failure message for Empty and NotEmpty by @​ccoVeille in #​1745
• deps: fix dependency cycle with objx (again) by @​dolmen in #​1567
• assert.Empty: comprehensive doc of "Empty"-ness rules by @​dolmen in #​1753
• doc: improve godoc of top level 'testify' package by @​dolmen in #​1760
• assert.ErrorAs: simplify retrieving the type name by @​ccoVeille in #​1740
• assert.EqualValues: improve test coverage to 100% by @​dolmen in #​1763
• suite.Run: simplify running of Setup/TeardownSuite by @​renzoarreaza in #​1769
• assert.CallerInfo: micro optimization by using LastIndexByte by @​dolmen in #​1767
• assert.CallerInfo: micro cleanup by @​dolmen in #​1768
• assert: refactor TestFileExists and TestDirExists tests to enable parallel testing by @​dolmen in #​1766
• suite.Run: refactor handling of stats for improved readability by @​dolmen in #​1764
• tests: improve captureTestingT helper by @​ccoVeille in #​1741
• build(deps): bump actions/checkout from 4 to 5 by @​dependabot[bot] in #​1778

New Contributors

• @​greg0ire made their first contribution in #​1710
• @​techfg made their first contribution in #​1709
• @​mikeauclair made their first contribution in #​1614
• @​cszczepaniak made their first contribution in #​1427
• @​architagr made their first contribution in #​1675
• @​tsioftas made their first contribution in #​1681
• @​siliconbrain made their first contribution in #​1729
• @​bartventer made their first contribution in #​1730
• @​Ararsa-Derese made their first contribution in #​1706
• @​renzoarreaza made their first contribution in #​1769
• @​3scalation made their first contribution in #​1743

Full Changelog: stretchr/testify@v1.10.0...v1.11.0

kubernetes/cri-api (k8s.io/cri-api)

v0.34.1

Compare Source

v0.34.0

Compare Source

v0.33.5

Compare Source

v0.33.4

Compare Source

v0.33.3

Compare Source

kubernetes/cri-client (k8s.io/cri-client)

v0.34.1

Compare Source

v0.34.0

Compare Source

v0.33.5

Compare Source

v0.33.4

Compare Source

v0.33.3

Compare Source

---

Configuration

📅 Schedule: Branch creation - Between 12:00 AM and 03:59 AM, only on Monday ( * 0-3 * * 1 ) (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Never, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[coderabbitai]

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[renovate]

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: go.sum

Command failed: go get -t ./...
go: module golang.org/x/[email protected] requires go >= 1.24.0; switching to go1.24.7
go: downloading go1.24.7 (linux/amd64)
go: download go1.24.7: golang.org/[email protected]: verifying module: checksum database disabled by GOSUMDB=off