chore(deps): bump the security group across 1 directory with 23 updates #1948

dependabot · 2025-12-15T23:04:28Z

Bumps the security group with 18 updates in the / directory:

Package	From	To
github.com/containerd/cgroups/v3	`3.1.1`	`3.1.2`
github.com/microsoft/go-mssqldb	`1.9.4`	`1.9.5`
github.com/miekg/dns	`1.1.68`	`1.1.69`
github.com/shirou/gopsutil/v4	`4.25.10`	`4.25.11`
github.com/spf13/cobra	`1.10.1`	`1.10.2`
go.opentelemetry.io/otel	`1.38.0`	`1.39.0`
go.opentelemetry.io/otel/sdk	`1.38.0`	`1.39.0`
golang.org/x/mod	`0.30.0`	`0.31.0`
golang.org/x/sync	`0.18.0`	`0.19.0`
k8s.io/api	`0.34.2`	`0.34.3`
k8s.io/apiextensions-apiserver	`0.34.2`	`0.34.3`
k8s.io/cli-runtime	`0.34.2`	`0.34.3`
k8s.io/kubernetes	`1.34.2`	`1.34.3`
github.com/hashicorp/go-version	`1.7.0`	`1.8.0`
golang.org/x/net	`0.47.0`	`0.48.0`
helm.sh/helm/v3	`3.19.0`	`3.19.4`
k8s.io/kubelet	`0.34.2`	`0.34.3`
k8s.io/metrics	`0.34.2`	`0.34.3`

Updates github.com/containerd/cgroups/v3 from 3.1.1 to 3.1.2

Release notes

Sourced from github.com/containerd/cgroups/v3's releases.

v3.1.2

What's Changed

hugetlb: correctly parse hugetlb..events files by @voidbar in containerd/cgroups#379

build(deps): bump actions/checkout from 5 to 6 by @dependabot[bot] in containerd/cgroups#381

ci: bump golangci-lint to v2.6.2 by @HeRaNO in containerd/cgroups#382

New Contributors

@voidbar made their first contribution in containerd/cgroups#379

Full Changelog: containerd/cgroups@v3.1.1...v3.1.2

Commits

8c81c66 Merge pull request #382 from HeRaNO/golangci-lint
ac36ca4 Merge pull request #381 from containerd/dependabot/github_actions/actions/che...
a302e56 ci: bump golangci-lint to v2.6.2
731cf7a ci: suppress errcheck
9bee663 utils: move Close() to defer block
9d7647c rdma: use strings.Cut in Go 1.18
109f063 memory_test: apply De Morgan's law
e6fcf3f memory_test: omit type from declaration
4e30098 build(deps): bump actions/checkout from 5 to 6
4fc9769 Merge pull request #379 from voidbar/hugetlb-fix
Additional commits viewable in compare view

Updates github.com/microsoft/go-mssqldb from 1.9.4 to 1.9.5

Commits

0bbbaf2 fix(sharedmemory): Restrict package to supported platforms (#299)
f1ed1e4 feat: Shopspring decimal support (#287)
See full diff in compare view

Updates github.com/miekg/dns from 1.1.68 to 1.1.69

Commits

49a9cee Release 1.1.69
66f2f27 fix EDNS0 flags and MBZ in String() output (#1693)
acb3aba optimized EDNS0_SUBNET pack, reducing make() calls (#1692)
74d2ba1 MsgInvalidFunc: Make DefaultMsgInvalidFunc a variable. (#1690)
b39ef96 Update deps (#1688)
a0f8faa fix(test): Increase RSA key length for sig0 (#1682)
f15b2dd feat(edns0): Add zoneversion option from RFC9660 (#1680)
f640e4b Bump the all group across 1 directory with 4 updates (#1679)
294d373 Added OwNS (NS for VPN users) (#1674)
d495d33 update readme some more
Additional commits viewable in compare view

Updates github.com/shirou/gopsutil/v4 from 4.25.10 to 4.25.11

Release notes

Sourced from github.com/shirou/gopsutil/v4's releases.

v4.25.11

What's Changed

cpu

chore: enable nilnesserr linter by @mmorel-35 in shirou/gopsutil#1893

disk

add context cancellation to disk windows by @StefanoBalzarottiNozomi in shirou/gopsutil#1943

process

Fix potential edge case on procfs and alike by @johnnybubonic in shirou/gopsutil#1934

fix(process): add missing CloseHandle to OpenFilesWithContext for Windows by @OverOrion in shirou/gopsutil#1955

Other Changes

fix: remove and add GitHub action runner images. by @shirou in shirou/gopsutil#1948

New Contributors

@johnnybubonic made their first contribution in shirou/gopsutil#1934

@OverOrion made their first contribution in shirou/gopsutil#1955

Full Changelog: shirou/gopsutil@v4.25.10...v4.25.11

Commits

93ca345 Merge pull request #1943 from StefanoBalzarottiNozomi/add-context-disk-windows
438f88e Merge pull request #1955 from OverOrion/fix/windows-file-handle-leaks
28dc11c fix(process): add missing CloseHandle to OpenFilesWithContext for Windows
b44cda7 use select ctx for context cancellation
82391ff Merge pull request #1934 from johnnybubonic/fix_pidparse_edge
1172d89 Merge pull request #1893 from mmorel-35/nilnesserr
678a63e Merge pull request #1948 from shirou/fix/update_github_action_runner_202511
2f83a2c fix: remove and add GitHub action runner images.
768bc18 Merge pull request #1947 from shirou/dependabot/go_modules/github.com/tklause...
3bb7cd5 chore(deps): bump github.com/tklauser/go-sysconf from 0.3.15 to 0.3.16
Additional commits viewable in compare view

Updates github.com/spf13/cobra from 1.10.1 to 1.10.2

Release notes

Sourced from github.com/spf13/cobra's releases.

v1.10.2

🔧 Dependencies

chore: Migrate from gopkg.in/yaml.v3 to go.yaml.in/yaml/v3 by @dims in spf13/cobra#2336 - the gopkg.in/yaml.v3 package has been deprecated for some time: this should significantly cleanup dependency/supply-chains for consumers of spf13/cobra

📈 CI/CD

Fix linter and allow CI to pass by @marckhouzam in spf13/cobra#2327

fix: actions/setup-go v6 by @jpmcb in spf13/cobra#2337

🔥✍🏼 Docs

Add documentation for repeated flags functionality by @rvergis in spf13/cobra#2316

🍂 Refactors

refactor: replace several vars with consts by @htoyoda18 in spf13/cobra#2328

refactor: change minUsagePadding from var to const by @ssam18 in spf13/cobra#2325

🤗 New Contributors

@rvergis made their first contribution in spf13/cobra#2316

@htoyoda18 made their first contribution in spf13/cobra#2328

@ssam18 made their first contribution in spf13/cobra#2325

@dims made their first contribution in spf13/cobra#2336

Full Changelog: spf13/cobra@v1.10.1...v1.10.2

Thank you to our amazing contributors!!!!! 🐍 🚀

Commits

88b30ab chore: Migrate from gopkg.in/yaml.v3 to go.yaml.in/yaml/v3 (#2336)
346d408 fix: actions/setup-go v6 (#2337)
fc81d20 refactor: change minUsagePadding from var to const (#2325)
117698a refactor: replace several vars with consts (#2328)
e2dd29d Add documentation for repeated flags functionality (#2316)
0629892 Fix linter (#2327)
See full diff in compare view

Updates go.opentelemetry.io/otel from 1.38.0 to 1.39.0

Changelog

Sourced from go.opentelemetry.io/otel's changelog.

[1.39.0/0.61.0/0.15.0/0.0.14] 2025-12-05

Added

Greatly reduce the cost of recording metrics in go.opentelemetry.io/otel/sdk/metric using hashing for map keys. (#7175)

Add WithInstrumentationAttributeSet option to go.opentelemetry.io/otel/log, go.opentelemetry.io/otel/metric, and go.opentelemetry.io/otel/trace packages. This provides a concurrent-safe and performant alternative to WithInstrumentationAttributes by accepting a pre-constructed attribute.Set. (#7287)

Add experimental observability for the Prometheus exporter in go.opentelemetry.io/otel/exporters/prometheus. Check the go.opentelemetry.io/otel/exporters/prometheus/internal/x package documentation for more information. (#7345)

Add experimental observability metrics in go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc. (#7353)

Add temporality selector functions DeltaTemporalitySelector, CumulativeTemporalitySelector, LowMemoryTemporalitySelector to go.opentelemetry.io/otel/sdk/metric. (#7434)

Add experimental observability metrics for simple log processor in go.opentelemetry.io/otel/sdk/log. (#7548)

Add experimental observability metrics in go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc. (#7459)

Add experimental observability metrics in go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp. (#7486)

Add experimental observability metrics for simple span processor in go.opentelemetry.io/otel/sdk/trace. (#7374)

Add experimental observability metrics in go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp. (#7512)

Add experimental observability metrics for manual reader in go.opentelemetry.io/otel/sdk/metric. (#7524)

Add experimental observability metrics for periodic reader in go.opentelemetry.io/otel/sdk/metric. (#7571)

Support OTEL_EXPORTER_OTLP_LOGS_INSECURE and OTEL_EXPORTER_OTLP_INSECURE environmental variables in go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp. (#7608)

Add Enabled method to the Processor interface in go.opentelemetry.io/otel/sdk/log. All Processor implementations now include an Enabled method. (#7639)

The go.opentelemetry.io/otel/semconv/v1.38.0 package. The package contains semantic conventions from the v1.38.0 version of the OpenTelemetry Semantic Conventions. See the migration documentation for information on how to upgrade from go.opentelemetry.io/otel/semconv/v1.37.0.(#7648)

Changed

Distinct in go.opentelemetry.io/otel/attribute is no longer guaranteed to uniquely identify an attribute set. Collisions between Distinct values for different Sets are possible with extremely high cardinality (billions of series per instrument), but are highly unlikely. (#7175)

WithInstrumentationAttributes in go.opentelemetry.io/otel/trace synchronously de-duplicates the passed attributes instead of delegating it to the returned TracerOption. (#7266)

WithInstrumentationAttributes in go.opentelemetry.io/otel/meter synchronously de-duplicates the passed attributes instead of delegating it to the returned MeterOption. (#7266)

WithInstrumentationAttributes in go.opentelemetry.io/otel/log synchronously de-duplicates the passed attributes instead of delegating it to the returned LoggerOption. (#7266)

Rename the OTEL_GO_X_SELF_OBSERVABILITY environment variable to OTEL_GO_X_OBSERVABILITY in go.opentelemetry.io/otel/sdk/trace, go.opentelemetry.io/otel/sdk/log, and go.opentelemetry.io/otel/exporters/stdout/stdouttrace. (#7302)

Improve performance of histogram Record in go.opentelemetry.io/otel/sdk/metric when min and max are disabled using NoMinMax. (#7306)

Improve error handling for dropped data during translation by using prometheus.NewInvalidMetric in go.opentelemetry.io/otel/exporters/prometheus. ⚠️ Breaking Change: Previously, these cases were only logged and scrapes succeeded. Now, when translation would drop data (e.g., invalid label/value), the exporter emits a NewInvalidMetric, and Prometheus scrapes fail with HTTP 500 by default. To preserve the prior behavior (scrapes succeed while errors are logged), configure your Prometheus HTTP handler with: promhttp.HandlerOpts{ ErrorHandling: promhttp.ContinueOnError }. (#7363)

Replace fnv hash with xxhash in go.opentelemetry.io/otel/attribute for better performance. (#7371)

The default TranslationStrategy in go.opentelemetry.io/exporters/prometheus is changed from otlptranslator.NoUTF8EscapingWithSuffixes to otlptranslator.UnderscoreEscapingWithSuffixes. (#7421)

Improve performance of concurrent measurements in go.opentelemetry.io/otel/sdk/metric. (#7427)

Include W3C TraceFlags (bits 0–7) in the OTLP Span.Flags field in go.opentelemetry.io/exporters/otlp/otlptrace/otlptracehttp and go.opentelemetry.io/exporters/otlp/otlptrace/otlptracegrpc. (#7438)

The ErrorType function in go.opentelemetry.io/otel/semconv/v1.37.0 now handles custom error types. If an error implements an ErrorType() string method, the return value of that method will be used as the error type. (#7442)

Fixed

Fix WithInstrumentationAttributes options in go.opentelemetry.io/otel/trace, go.opentelemetry.io/otel/metric, and go.opentelemetry.io/otel/log to properly merge attributes when passed multiple times instead of replacing them. Attributes with duplicate keys will use the last value passed. (#7300)

The equality of attribute.Set when using the Equal method is not affected by the user overriding the empty set pointed to by attribute.EmptySet in go.opentelemetry.io/otel/attribute. (#7357)

... (truncated)

Commits

6ce1429 Release v1.39.0 (#7676)
12e421a sdk/log: move Enabled method from FilterProcessor to Processor (#7639)
5982f16 fix(deps): update module golang.org/x/sys to v0.39.0 (#7684)
9288378 chore(deps): update module golang.org/x/sync to v0.19.0 (#7683)
ee3dfef chore(deps): update github.com/securego/gosec/v2 digest to 41f28e2 (#7682)
9345d1f fix(deps): update module github.com/golangci/golangci-lint/v2 to v2.7.2 (#7680)
d03b033 Check context prior to delaying retry in OTLP exporters (#7678)
61765e7 Fix flaky TestClientInstrumentation (#7677)
a54721c chore(deps): update module github.com/go-git/go-billy/v5 to v5.7.0 (#7679)
746d086 chore(deps): update github/codeql-action action to v4.31.7 (#7675)
Additional commits viewable in compare view

Updates go.opentelemetry.io/otel/sdk from 1.38.0 to 1.39.0

Changelog

Sourced from go.opentelemetry.io/otel/sdk's changelog.

[1.39.0/0.61.0/0.15.0/0.0.14] 2025-12-05

Added

Greatly reduce the cost of recording metrics in go.opentelemetry.io/otel/sdk/metric using hashing for map keys. (#7175)

Add WithInstrumentationAttributeSet option to go.opentelemetry.io/otel/log, go.opentelemetry.io/otel/metric, and go.opentelemetry.io/otel/trace packages. This provides a concurrent-safe and performant alternative to WithInstrumentationAttributes by accepting a pre-constructed attribute.Set. (#7287)

Add experimental observability for the Prometheus exporter in go.opentelemetry.io/otel/exporters/prometheus. Check the go.opentelemetry.io/otel/exporters/prometheus/internal/x package documentation for more information. (#7345)

Add experimental observability metrics in go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc. (#7353)

Add temporality selector functions DeltaTemporalitySelector, CumulativeTemporalitySelector, LowMemoryTemporalitySelector to go.opentelemetry.io/otel/sdk/metric. (#7434)

Add experimental observability metrics for simple log processor in go.opentelemetry.io/otel/sdk/log. (#7548)

Add experimental observability metrics in go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc. (#7459)

Add experimental observability metrics in go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp. (#7486)

Add experimental observability metrics for simple span processor in go.opentelemetry.io/otel/sdk/trace. (#7374)

Add experimental observability metrics in go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp. (#7512)

Add experimental observability metrics for manual reader in go.opentelemetry.io/otel/sdk/metric. (#7524)

Add experimental observability metrics for periodic reader in go.opentelemetry.io/otel/sdk/metric. (#7571)

Support OTEL_EXPORTER_OTLP_LOGS_INSECURE and OTEL_EXPORTER_OTLP_INSECURE environmental variables in go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp. (#7608)

Add Enabled method to the Processor interface in go.opentelemetry.io/otel/sdk/log. All Processor implementations now include an Enabled method. (#7639)

The go.opentelemetry.io/otel/semconv/v1.38.0 package. The package contains semantic conventions from the v1.38.0 version of the OpenTelemetry Semantic Conventions. See the migration documentation for information on how to upgrade from go.opentelemetry.io/otel/semconv/v1.37.0.(#7648)

Changed

Distinct in go.opentelemetry.io/otel/attribute is no longer guaranteed to uniquely identify an attribute set. Collisions between Distinct values for different Sets are possible with extremely high cardinality (billions of series per instrument), but are highly unlikely. (#7175)

WithInstrumentationAttributes in go.opentelemetry.io/otel/trace synchronously de-duplicates the passed attributes instead of delegating it to the returned TracerOption. (#7266)

WithInstrumentationAttributes in go.opentelemetry.io/otel/meter synchronously de-duplicates the passed attributes instead of delegating it to the returned MeterOption. (#7266)

WithInstrumentationAttributes in go.opentelemetry.io/otel/log synchronously de-duplicates the passed attributes instead of delegating it to the returned LoggerOption. (#7266)

Rename the OTEL_GO_X_SELF_OBSERVABILITY environment variable to OTEL_GO_X_OBSERVABILITY in go.opentelemetry.io/otel/sdk/trace, go.opentelemetry.io/otel/sdk/log, and go.opentelemetry.io/otel/exporters/stdout/stdouttrace. (#7302)

Improve performance of histogram Record in go.opentelemetry.io/otel/sdk/metric when min and max are disabled using NoMinMax. (#7306)

Improve error handling for dropped data during translation by using prometheus.NewInvalidMetric in go.opentelemetry.io/otel/exporters/prometheus. ⚠️ Breaking Change: Previously, these cases were only logged and scrapes succeeded. Now, when translation would drop data (e.g., invalid label/value), the exporter emits a NewInvalidMetric, and Prometheus scrapes fail with HTTP 500 by default. To preserve the prior behavior (scrapes succeed while errors are logged), configure your Prometheus HTTP handler with: promhttp.HandlerOpts{ ErrorHandling: promhttp.ContinueOnError }. (#7363)

Replace fnv hash with xxhash in go.opentelemetry.io/otel/attribute for better performance. (#7371)

The default TranslationStrategy in go.opentelemetry.io/exporters/prometheus is changed from otlptranslator.NoUTF8EscapingWithSuffixes to otlptranslator.UnderscoreEscapingWithSuffixes. (#7421)

Improve performance of concurrent measurements in go.opentelemetry.io/otel/sdk/metric. (#7427)

Include W3C TraceFlags (bits 0–7) in the OTLP Span.Flags field in go.opentelemetry.io/exporters/otlp/otlptrace/otlptracehttp and go.opentelemetry.io/exporters/otlp/otlptrace/otlptracegrpc. (#7438)

The ErrorType function in go.opentelemetry.io/otel/semconv/v1.37.0 now handles custom error types. If an error implements an ErrorType() string method, the return value of that method will be used as the error type. (#7442)

Fixed

Fix WithInstrumentationAttributes options in go.opentelemetry.io/otel/trace, go.opentelemetry.io/otel/metric, and go.opentelemetry.io/otel/log to properly merge attributes when passed multiple times instead of replacing them. Attributes with duplicate keys will use the last value passed. (#7300)

The equality of attribute.Set when using the Equal method is not affected by the user overriding the empty set pointed to by attribute.EmptySet in go.opentelemetry.io/otel/attribute. (#7357)

... (truncated)

Commits

6ce1429 Release v1.39.0 (#7676)
12e421a sdk/log: move Enabled method from FilterProcessor to Processor (#7639)
5982f16 fix(deps): update module golang.org/x/sys to v0.39.0 (#7684)
9288378 chore(deps): update module golang.org/x/sync to v0.19.0 (#7683)
ee3dfef chore(deps): update github.com/securego/gosec/v2 digest to 41f28e2 (#7682)
9345d1f fix(deps): update module github.com/golangci/golangci-lint/v2 to v2.7.2 (#7680)
d03b033 Check context prior to delaying retry in OTLP exporters (#7678)
61765e7 Fix flaky TestClientInstrumentation (#7677)
a54721c chore(deps): update module github.com/go-git/go-billy/v5 to v5.7.0 (#7679)
746d086 chore(deps): update github/codeql-action action to v4.31.7 (#7675)
Additional commits viewable in compare view

Updates golang.org/x/mod from 0.30.0 to 0.31.0

Commits

d271cf3 go.mod: update golang.org/x dependencies
269c237 sumdb/note: delete chop
3f03020 x/mod: apply go fix and go vet
See full diff in compare view

Updates golang.org/x/sync from 0.18.0 to 0.19.0

Commits

2a180e2 errgroup: use consistent read for SetLimit panic
See full diff in compare view

Updates k8s.io/api from 0.34.2 to 0.34.3

Commits

cf951b1 Update dependencies to v0.34.3 tag
See full diff in compare view

Updates k8s.io/apiextensions-apiserver from 0.34.2 to 0.34.3

Commits

a4ffeda Update dependencies to v0.34.3 tag
See full diff in compare view

Updates k8s.io/apimachinery from 0.34.2 to 0.34.3

Commits

See full diff in compare view

Updates k8s.io/apiserver from 0.34.2 to 0.34.3

Commits

a1e5047 Update dependencies to v0.34.3 tag
a978f35 Merge pull request #135343michaelasp/automated-cherry-pick-of-#135327
7b9813a Merge pull request #135442lalitc375/automated-cherry-pick-of-#135359
7b74a6d Fallback to live ns lookup on admission if lister cannot find namespace
4cb47d3 Fix alpha API warnings for patch version differences
See full diff in compare view

Updates k8s.io/cli-runtime from 0.34.2 to 0.34.3

Commits

d035f64 Update dependencies to v0.34.3 tag
See full diff in compare view

Updates k8s.io/client-go from 0.34.2 to 0.34.3

Commits

3892804 Update dependencies to v0.34.3 tag
ab04e77 Merge pull request #135592serathius/automated-cherry-pick-of-#135580
25da701 Use transformer in consistency checker
0c76ee5 Add unit tests for Data Consistency Detector
cc3d9d0 Embed proper interface in TransformingStore to ensure DeltaFIFO and RealFIFO ...
See full diff in compare view

Updates k8s.io/kubernetes from 1.34.2 to 1.34.3

Release notes

Sourced from k8s.io/kubernetes's releases.

Kubernetes v1.34.3

See kubernetes-announce@. Additional binary downloads are linked in the CHANGELOG.

See the CHANGELOG for more details.

Commits

df11db1 Release commit for Kubernetes v1.34.3
7c5d1fc Merge pull request #135064eltrufas/automated-cherry-pick-of-#133599
7124d34 Merge pull request #135482 from borovetsav/fix-kubeadm-control-plane-join-1-34
071d411 Merge pull request #135612 from cpanato/update-rel-134
3012c00 Bump dependencies, images and versions used to Go 1.24.11 and distroless ipta...
2f17c6c Merge pull request #135592serathius/automated-cherry-pick-of-#135580
58da6ff Merge pull request #135207 from SergeyKanzhelev/automated-cherry-pick-of-#135...
9043cb4 Use transformer in consistency checker
86c4e09 Add unit tests for Data Consistency Detector
be4a4f5 Embed proper interface in TransformingStore to ensure DeltaFIFO and RealFIFO ...
Additional commits viewable in compare view

Updates github.com/hashicorp/go-version from 1.7.0 to 1.8.0

Release notes

Sourced from github.com/hashicorp/go-version's releases.

v1.8.0

What's Changed

Add CODEOWNERS file in .github/CODEOWNERS by @mukeshjc in hashicorp/go-version#145

Linting by @KaushikiAnand in hashicorp/go-version#151

Correct typos in comments by @alexandear in hashicorp/go-version#134

Migrate GitHub Actions updates from TSCCR to Dependabot by @nodyhub in hashicorp/go-version#155

Bump the github-actions-backward-compatible group with 2 updates by @dependabot[bot] in hashicorp/go-version#157

Update doc reference in README by @alexandear in hashicorp/go-version#135

Bump the github-actions-breaking group with 3 updates by @dependabot[bot] in hashicorp/go-version#156

[Compliance] - PR Template Changes Required by @compliance-pr-automation-bot[bot] in hashicorp/go-version#158

Add benchmark test for version.String() by @Manikkumar1988 in hashicorp/go-version#159

Bytes implementation by @Manikkumar1988 in hashicorp/go-version#161

Bump actions/cache from 4.2.3 to 4.2.4 in the github-actions-backward-compatible group by @dependabot[bot] in hashicorp/go-version#167

Bump actions/checkout from 4.2.2 to 5.0.0 in the github-actions-breaking group by @dependabot[bot] in hashicorp/go-version#166

Bump the github-actions-breaking group across 1 directory with 2 updates by @dependabot[bot] in hashicorp/go-version#171

[IND-4226] [COMPLIANCE] Update Copyright Headers by @oss-core-libraries-dashboard[bot] in hashicorp/go-version#172

drop init() by @florianl in hashicorp/go-version#175

New Contributors

@mukeshjc made their first contribution in hashicorp/go-version#145

@KaushikiAnand made their first contribution in hashicorp/go-version#151

@alexandear made their first contribution in hashicorp/go-version#134

@nodyhub made their first contribution in hashicorp/go-version#155

@compliance-pr-automation-bot[bot] made their first contribution in hashicorp/go-version#158

@Manikkumar1988 made their first contribution in hashicorp/go-version#159

@oss-core-libraries-dashboard[bot] made their first contribution in hashicorp/go-version#172

@florianl made their first contribution in hashicorp/go-version#175

Full Changelog: hashicorp/go-version@v1.7.0...v1.8.0

Changelog

Sourced from github.com/hashicorp/go-version's changelog.

1.8.0 (Nov 28, 2025)

ENHANCEMENTS:

Add benchmark test for version.String() in hashicorp/go-version#159

Bytes implementation in hashicorp/go-version#161

INTERNAL:

Add CODEOWNERS file in .github/CODEOWNERS in hashicorp/go-version#145

Linting in hashicorp/go-version#151

Correct typos in comments in hashicorp/go-version#134

Migrate GitHub Actions updates from TSCCR to Dependabot in hashicorp/go-version#155

Bump the github-actions-backward-compatible group with 2 updates in hashicorp/go-version#157

Update doc reference in README in hashicorp/go-version#135

Bump the github-actions-breaking group with 3 updates in hashicorp/go-version#156

[Compliance] - PR Template Changes Required in hashicorp/go-version#158

Bump actions/cache from 4.2.3 to 4.2.4 in the github-actions-backward-compatible group in hashicorp/go-version#167

Bump actions/checkout from 4.2.2 to 5.0.0 in the github-actions-breaking group in hashicorp/go-version#166

Bump the github-actions-breaking group across 1 directory with 2 updates in hashicorp/go-version#171

[IND-4226] [COMPLIANCE] Update Copyright Headers in hashicorp/go-version#172

drop init() in hashicorp/go-version#175

Commits

505335e Merge pull request #175 from florianl/drop-init
6dd734b drop init()
0824a89 Merge pull request #172 from hashicorp/compliance/update-headers
9325934 [COMPLIANCE] Update Copyright and License Headers
5b82b98 Bump the github-actions-breaking group across 1 directory with 2 updates (#171)
6c6cd77 Bump actions/checkout from 4.2.2 to 5.0.0 in the github-actions-breaking grou...
0e50733 Bump actions/cache from 4.2.3 to 4.2.4 in the github-actions-backward-compati...
4e24ef1 Bytes implementation (#161)
437649a Add benchmark test for version.String() (#159)
b6c4db5 Merge pull request #158 from hashicorp/compliance-template
Additional commits viewable in compare view

Updates golang.org/x/net from 0.47.0 to 0.48.0

Commits

35e1306 go.mod: update golang.org/x dependencies
7c36036 http2, webdav, websocket: fix %q verb uses with wrong type
ec11ecc trace: fix data race in RenderEvents
bff14c5 http2: don't PING a responsive server when resetting a stream
88a6421 dns/dnsmessage: avoid use of "strings" and "math" in dns/dnsmessage
123d099 http2: support net/http.Transport.NewClientConn
346cc61 webdav: relax test to check for any redirect status, not just 301
See full diff in compare view

Updates golang.org/x/sys from 0.38.0 to 0.39.0

Commits

08e5482 unix: fix out of bounds memory access in tests
4f4f1c6 Revert "cpu: add HPDS, LOR, PAN detection for arm64"
ca63116 unix: add IOCTL_MEI_* constants
a4199c0 unix: fix definition of Statvfs_t for netbsd-arm.
See full diff in compare view

Updates golang.org/x/text from 0.31.0 to 0.32.0

Commits

0dd57a6 go.mod: update golang.org/x dependencies

Bumps the security group with 18 updates in the / directory: | Package | From | To | | --- | --- | --- | | [github.com/containerd/cgroups/v3](https://github.com/containerd/cgroups) | `3.1.1` | `3.1.2` | | [github.com/microsoft/go-mssqldb](https://github.com/microsoft/go-mssqldb) | `1.9.4` | `1.9.5` | | [github.com/miekg/dns](https://github.com/miekg/dns) | `1.1.68` | `1.1.69` | | [github.com/shirou/gopsutil/v4](https://github.com/shirou/gopsutil) | `4.25.10` | `4.25.11` | | [github.com/spf13/cobra](https://github.com/spf13/cobra) | `1.10.1` | `1.10.2` | | [go.opentelemetry.io/otel](https://github.com/open-telemetry/opentelemetry-go) | `1.38.0` | `1.39.0` | | [go.opentelemetry.io/otel/sdk](https://github.com/open-telemetry/opentelemetry-go) | `1.38.0` | `1.39.0` | | [golang.org/x/mod](https://github.com/golang/mod) | `0.30.0` | `0.31.0` | | [golang.org/x/sync](https://github.com/golang/sync) | `0.18.0` | `0.19.0` | | [k8s.io/api](https://github.com/kubernetes/api) | `0.34.2` | `0.34.3` | | [k8s.io/apiextensions-apiserver](https://github.com/kubernetes/apiextensions-apiserver) | `0.34.2` | `0.34.3` | | [k8s.io/cli-runtime](https://github.com/kubernetes/cli-runtime) | `0.34.2` | `0.34.3` | | [k8s.io/kubernetes](https://github.com/kubernetes/kubernetes) | `1.34.2` | `1.34.3` | | [github.com/hashicorp/go-version](https://github.com/hashicorp/go-version) | `1.7.0` | `1.8.0` | | [golang.org/x/net](https://github.com/golang/net) | `0.47.0` | `0.48.0` | | [helm.sh/helm/v3](https://github.com/helm/helm) | `3.19.0` | `3.19.4` | | [k8s.io/kubelet](https://github.com/kubernetes/kubelet) | `0.34.2` | `0.34.3` | | [k8s.io/metrics](https://github.com/kubernetes/metrics) | `0.34.2` | `0.34.3` | Updates `github.com/containerd/cgroups/v3` from 3.1.1 to 3.1.2 - [Release notes](https://github.com/containerd/cgroups/releases) - [Commits](containerd/cgroups@v3.1.1...v3.1.2) Updates `github.com/microsoft/go-mssqldb` from 1.9.4 to 1.9.5 - [Release notes](https://github.com/microsoft/go-mssqldb/releases) - [Changelog](https://github.com/microsoft/go-mssqldb/blob/main/CHANGELOG.md) - [Commits](microsoft/go-mssqldb@v1.9.4...v1.9.5) Updates `github.com/miekg/dns` from 1.1.68 to 1.1.69 - [Commits](miekg/dns@v1.1.68...v1.1.69) Updates `github.com/shirou/gopsutil/v4` from 4.25.10 to 4.25.11 - [Release notes](https://github.com/shirou/gopsutil/releases) - [Commits](shirou/gopsutil@v4.25.10...v4.25.11) Updates `github.com/spf13/cobra` from 1.10.1 to 1.10.2 - [Release notes](https://github.com/spf13/cobra/releases) - [Commits](spf13/cobra@v1.10.1...v1.10.2) Updates `go.opentelemetry.io/otel` from 1.38.0 to 1.39.0 - [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases) - [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md) - [Commits](open-telemetry/opentelemetry-go@v1.38.0...v1.39.0) Updates `go.opentelemetry.io/otel/sdk` from 1.38.0 to 1.39.0 - [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases) - [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md) - [Commits](open-telemetry/opentelemetry-go@v1.38.0...v1.39.0) Updates `golang.org/x/mod` from 0.30.0 to 0.31.0 - [Commits](golang/mod@v0.30.0...v0.31.0) Updates `golang.org/x/sync` from 0.18.0 to 0.19.0 - [Commits](golang/sync@v0.18.0...v0.19.0) Updates `k8s.io/api` from 0.34.2 to 0.34.3 - [Commits](kubernetes/api@v0.34.2...v0.34.3) Updates `k8s.io/apiextensions-apiserver` from 0.34.2 to 0.34.3 - [Release notes](https://github.com/kubernetes/apiextensions-apiserver/releases) - [Commits](kubernetes/apiextensions-apiserver@v0.34.2...v0.34.3) Updates `k8s.io/apimachinery` from 0.34.2 to 0.34.3 - [Commits](kubernetes/apimachinery@v0.34.2...v0.34.3) Updates `k8s.io/apiserver` from 0.34.2 to 0.34.3 - [Commits](kubernetes/apiserver@v0.34.2...v0.34.3) Updates `k8s.io/cli-runtime` from 0.34.2 to 0.34.3 - [Commits](kubernetes/cli-runtime@v0.34.2...v0.34.3) Updates `k8s.io/client-go` from 0.34.2 to 0.34.3 - [Changelog](https://github.com/kubernetes/client-go/blob/master/CHANGELOG.md) - [Commits](kubernetes/client-go@v0.34.2...v0.34.3) Updates `k8s.io/kubernetes` from 1.34.2 to 1.34.3 - [Release notes](https://github.com/kubernetes/kubernetes/releases) - [Commits](kubernetes/kubernetes@v1.34.2...v1.34.3) Updates `github.com/hashicorp/go-version` from 1.7.0 to 1.8.0 - [Release notes](https://github.com/hashicorp/go-version/releases) - [Changelog](https://github.com/hashicorp/go-version/blob/main/CHANGELOG.md) - [Commits](hashicorp/go-version@v1.7.0...v1.8.0) Updates `golang.org/x/net` from 0.47.0 to 0.48.0 - [Commits](golang/net@v0.47.0...v0.48.0) Updates `golang.org/x/sys` from 0.38.0 to 0.39.0 - [Commits](golang/sys@v0.38.0...v0.39.0) Updates `golang.org/x/text` from 0.31.0 to 0.32.0 - [Release notes](https://github.com/golang/text/releases) - [Commits](golang/text@v0.31.0...v0.32.0) Updates `helm.sh/helm/v3` from 3.19.0 to 3.19.4 - [Release notes](https://github.com/helm/helm/releases) - [Commits](helm/helm@v3.19.0...v3.19.4) Updates `k8s.io/kubelet` from 0.34.2 to 0.34.3 - [Commits](kubernetes/kubelet@v0.34.2...v0.34.3) Updates `k8s.io/metrics` from 0.34.2 to 0.34.3 - [Commits](kubernetes/metrics@v0.34.2...v0.34.3) --- updated-dependencies: - dependency-name: github.com/containerd/cgroups/v3 dependency-version: 3.1.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: security - dependency-name: github.com/microsoft/go-mssqldb dependency-version: 1.9.5 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: security - dependency-name: github.com/miekg/dns dependency-version: 1.1.69 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: security - dependency-name: github.com/shirou/gopsutil/v4 dependency-version: 4.25.11 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: security - dependency-name: github.com/spf13/cobra dependency-version: 1.10.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: security - dependency-name: go.opentelemetry.io/otel dependency-version: 1.39.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: security - dependency-name: go.opentelemetry.io/otel/sdk dependency-version: 1.39.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: security - dependency-name: golang.org/x/mod dependency-version: 0.31.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: security - dependency-name: golang.org/x/sync dependency-version: 0.19.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: security - dependency-name: k8s.io/api dependency-version: 0.34.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: security - dependency-name: k8s.io/apiextensions-apiserver dependency-version: 0.34.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: security - dependency-name: k8s.io/apimachinery dependency-version: 0.34.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: security - dependency-name: k8s.io/apiserver dependency-version: 0.34.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: security - dependency-name: k8s.io/cli-runtime dependency-version: 0.34.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: security - dependency-name: k8s.io/client-go dependency-version: 0.34.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: security - dependency-name: k8s.io/kubernetes dependency-version: 1.34.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: security - dependency-name: github.com/hashicorp/go-version dependency-version: 1.8.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: security - dependency-name: golang.org/x/net dependency-version: 0.48.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: security - dependency-name: golang.org/x/sys dependency-version: 0.39.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: security - dependency-name: golang.org/x/text dependency-version: 0.32.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: security - dependency-name: helm.sh/helm/v3 dependency-version: 3.19.4 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: security - dependency-name: k8s.io/kubelet dependency-version: 0.34.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: security - dependency-name: k8s.io/metrics dependency-version: 0.34.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: security ... Signed-off-by: dependabot[bot] <[email protected]>

dependabot bot added dependencies go type::security labels Dec 15, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

chore(deps): bump the security group across 1 directory with 23 updates #1948

chore(deps): bump the security group across 1 directory with 23 updates #1948

Uh oh!

dependabot bot commented on behalf of github Dec 15, 2025

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

chore(deps): bump the security group across 1 directory with 23 updates #1948

Are you sure you want to change the base?

chore(deps): bump the security group across 1 directory with 23 updates #1948

Uh oh!

Conversation

dependabot bot commented on behalf of github Dec 15, 2025

v3.1.2

What's Changed

New Contributors

v4.25.11

What's Changed

cpu

disk

process

Other Changes

New Contributors

v1.10.2

🔧 Dependencies

📈 CI/CD

🔥✍🏼 Docs

🍂 Refactors

🤗 New Contributors

[1.39.0/0.61.0/0.15.0/0.0.14] 2025-12-05

Added

Changed

Fixed

[1.39.0/0.61.0/0.15.0/0.0.14] 2025-12-05

Added

Changed

Fixed

Kubernetes v1.34.3

v1.8.0

What's Changed

New Contributors

1.8.0 (Nov 28, 2025)

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant