Bump the go-dependencies group across 1 directory with 22 updates by dependabot[bot] · Pull Request #752 · kosli-dev/cli

dependabot · 2026-03-31T16:57:13Z

Bumps the go-dependencies group with 16 updates in the / directory:

Package	From	To
github.com/Azure/azure-sdk-for-go/sdk/azcore	`1.18.0`	`1.21.0`
github.com/Azure/azure-sdk-for-go/sdk/containers/azcontainerregistry	`0.2.2`	`0.2.3`
github.com/andygrunwald/go-jira	`1.16.0`	`1.17.0`
github.com/aws/aws-sdk-go-v2	`1.36.3`	`1.41.5`
github.com/aws/aws-sdk-go-v2/config	`1.29.14`	`1.32.13`
github.com/aws/aws-sdk-go-v2/feature/s3/manager	`1.17.72`	`1.22.10`
github.com/aws/aws-sdk-go-v2/service/ecs	`1.54.6`	`1.75.0`
github.com/aws/aws-sdk-go-v2/service/lambda	`1.71.2`	`1.88.5`
github.com/containers/image/v5	`5.34.3`	`5.36.2`
github.com/go-git/go-git/v5	`5.17.1`	`5.17.2`
github.com/go-playground/validator/v10	`10.26.0`	`10.30.2`
github.com/open-policy-agent/opa	`1.13.2`	`1.15.1`
github.com/zalando/go-keyring	`0.2.6`	`0.2.8`
golang.org/x/oauth2	`0.34.0`	`0.36.0`
k8s.io/kubernetes	`1.35.0`	`1.35.3`
sigs.k8s.io/kind	`0.11.1`	`0.31.0`

Updates github.com/Azure/azure-sdk-for-go/sdk/azcore from 1.18.0 to 1.21.0

Release notes

Sourced from github.com/Azure/azure-sdk-for-go/sdk/azcore's releases.

sdk/azcore/v1.21.0

1.21.0 (2026-01-12)

Features Added

Added runtime/datetime package which provides specialized time type wrappers for serializing and deserializing time values in various formats used by Azure services.

Other Changes

Aligned cloud.AzureGovernment and cloud.AzureChina audience values with Azure CLI

Commits

f6309d4 Prep azcore@v1.21.0 for release (#25864)
d0a9819 Update SDK generation as completed when SDK pull request is linked to release...
aba8672 Configurations: 'specification/resourceconnector/resource-manager/Microsoft....
481e4ab Add some missing methods to the types in datetime (#25826)
35d6071 Skip unsafeptr check for storage SDKs (#25856)
5d68f66 add code (#25837)
944cd8d add code (#25836)
1191825 [Regeneration]sdk/resourcemanager/quota/armquota (#25835)
e1a9bfd add code (#25838)
1de7ac7 [Automation] Regenerate SDK based on typespec-go branch main (#25729)
Additional commits viewable in compare view

Updates github.com/Azure/azure-sdk-for-go/sdk/azidentity from 1.9.0 to 1.10.1

Commits

a98a0db Prepare azidentity v1.10.1 for release (#24746)
8aa9f8b [Release] sdk/resourcemanager/avs/armavs/2.1.0 (#24709)
01782ab Fix typo in azidentity troubleshooting guide (#24748)
6ba8640 remove reprecated service (#24744)
18ff882 [keyvault] upgrade to 7.6 (#24733)
214f119 Add in a simple service bus troubleshooting guide. (#24741)
bb804de [Release] sdk/resourcemanager/containerservice/armcontainerservice/7.0.0-beta...
542616a Support 1es canary template validation for unified pipeline (#24731)
6d7f1b2 [Release] sdk/resourcemanager/mongodbatlas/armmongodbatlas/0.1.0 (#24590)
466a17b upgrade dependency (#24736)
Additional commits viewable in compare view

Updates github.com/Azure/azure-sdk-for-go/sdk/containers/azcontainerregistry from 0.2.2 to 0.2.3

Commits

338d220 Added mock.WithPredicate ResponseOption (#11959)
3ff8ace Omit read-only content from request payloads (#11928)
30a759d remove legacy ci.yml file (#11930)
165ddcb Minor release v44.2.0 (#11841)
c446bd0 add ci.yml for azidentity (#11855)
9ab3f58 Adding azidentity package (#11845)
See full diff in compare view

Updates github.com/andygrunwald/go-jira from 1.16.0 to 1.17.0

Release notes

Sourced from github.com/andygrunwald/go-jira's releases.

v1.17.0

This is a maintenance release, but there are two important changes:

github.com/golang-jwt/jwt/v4 has been updated because of a security issue, see CVE-2025-30204

Minimum Go version has been raised from v1.15 to v1.21, due to an update of github.com/google/go-cmp

What's Changed

Replace ioutil.ReadFile with os.ReadFile

Replace ioutil.ReadAll with io.ReadAll

upgraded static v2022.1 => v2023.1

go fmt issue.go, metaissue.go, sprint.go

Github Actions: Upgrade dominikh/staticcheck-action from v1.2 to v1.4

Github Actions: Upgrade actions/setup-go from v3 to v6

Github Actions: Upgrade actions/checkout from v3 to v5

go mod tidy

upgraded github.com/google/go-cmp v0.5.8 => v0.7.0

upgraded go 1.15 => 1.21

upgraded github.com/golang-jwt/jwt/v4 v4.4.2 => v4.5.2

All these changes have been made by @andygrunwald in andygrunwald/go-jira#735

Full Changelog: andygrunwald/go-jira@v1.16.1...v1.17.0

v1.16.1

This release is shipping a fix for the deprecation of the GET /rest/api/2/search endpoint. See Deprecation of JQL search and Evaluate expression endpoints / 31 October 2024.

If you are using a Jira Cloud-hosted instance and are using either IssueService.Search() or IssueService.SearchWithContext(), there is a high likelihood that these functions will no longer work for you due to deprecation and removal by Atlassian.

This release introduces IssueService.SearchV2JQL() and IssueService.SearchV2JQLWithContext() with a very similar function signature. To get the same results as with IssueService.Search() or IssueService.SearchWithContext(), you may need to configure a Fields list in the options parameter. Please see Search for issues using JQL enhanced search (GET) for further instructions.

What's Changed

Add SearchV2JQL to fix the deprecation of JQL search and evaluate expression endpoints by @conor-naranjo in andygrunwald/go-jira#725

New Contributors

@conor-naranjo made their first contribution in andygrunwald/go-jira#725

Full Changelog: andygrunwald/go-jira@v1.16.0...v1.16.1

Changelog

Sourced from github.com/andygrunwald/go-jira's changelog.

1.17.0 (2025-09-16)

All changes in #735.

Breaking Changes

Minimum Go version increased from 1.15 to 1.21 (due to google/go-cmp dependency update)

Security

Updated github.com/golang-jwt/jwt/v4 v4.4.2 to v4.5.2 (CVE-2025-30204)

Maintenance

Replaced deprecated ioutil.ReadFile with os.ReadFile

Replaced deprecated ioutil.ReadAll with io.ReadAll

Replaced deprecated ioutil.Discard with io.Discard

Upgraded staticcheck v2022.1 to v2023.1

Code formatting updates (issue.go, metaissue.go, sprint.go)

Dependencies

github.com/google/go-cmp v0.5.8 to v0.7.0

github.com/golang-jwt/jwt/v4 v4.4.2 to v4.5.2

CI/CD

Upgraded actions/checkout from v3 to v5

Upgraded actions/setup-go from v3 to v6

Upgraded dominikh/staticcheck-action from v1.2 to v1.4

1.16.1 (2025-09-13)

Features

Added IssueService.SearchV2JQL() and IssueService.SearchV2JQLWithContext() to handle Atlassian's deprecation of GET /rest/api/2/search endpoint (effective October 31, 2024) (#725)

New contributor: @conor-naranjo

Commits

93f28dd Merge pull request #735 from andygrunwald/v1.17.0-dev-upgrade-dependencies
00778a6 Replace ioutil.Discard with io.Discard
44e617e Replace ioutil.ReadFile with os.ReadFile
546b61f Replace ioutil.ReadAll with io.ReadAll
79978f0 upgraded static v2022.1 => v2023.1
463a8a0 go fmt sprint.go
e0ea06f go fmt metaissue.go
2095c75 go fmt issue.go
3d9306e Github Actions: Upgrade dominikh/staticcheck-action from v1.2 to v1.4
ead0c0c Github Actions: Upgrade actions/setup-go from v3 to v6
Additional commits viewable in compare view

Updates github.com/aws/aws-sdk-go-v2 from 1.36.3 to 1.41.5

Commits

90650dd Release 2026-03-26
dd88818 Regenerated Clients
b662c50 Update endpoints model
500a9cb Update API model
6221102 fix stale skew and delayed skew healing (#3359)
0a39373 fix order of generated event header handlers (#3361)
098f389 Only generate resolveAccountID when it's required (#3360)
6ebab66 Release 2026-03-25
b2ec3be Regenerated Clients
abc126f Update API model
Additional commits viewable in compare view

Updates github.com/aws/aws-sdk-go-v2/config from 1.29.14 to 1.32.13

Commits

90650dd Release 2026-03-26
dd88818 Regenerated Clients
b662c50 Update endpoints model
500a9cb Update API model
6221102 fix stale skew and delayed skew healing (#3359)
0a39373 fix order of generated event header handlers (#3361)
098f389 Only generate resolveAccountID when it's required (#3360)
6ebab66 Release 2026-03-25
b2ec3be Regenerated Clients
abc126f Update API model
Additional commits viewable in compare view

Updates github.com/aws/aws-sdk-go-v2/credentials from 1.17.67 to 1.19.13

Commits

90650dd Release 2026-03-26
dd88818 Regenerated Clients
b662c50 Update endpoints model
500a9cb Update API model
6221102 fix stale skew and delayed skew healing (#3359)
0a39373 fix order of generated event header handlers (#3361)
098f389 Only generate resolveAccountID when it's required (#3360)
6ebab66 Release 2026-03-25
b2ec3be Regenerated Clients
abc126f Update API model
Additional commits viewable in compare view

Updates github.com/aws/aws-sdk-go-v2/feature/s3/manager from 1.17.72 to 1.22.10

Commits

d872461 Release 2024-06-07
dd82156 Regenerated Clients
85ebac0 Update endpoints model
490e6cb Update API model
4892b05 Merge pull request #2668 from aws/feature-clock-skew
8bdbe6a Merge branch 'main' into feature-clock-skew
c4f8ba3 run goimports
2474a05 update snapshot tests
9fa716b regen clients
6d365fb address feedback from pr, mostly moving things around
Additional commits viewable in compare view

Updates github.com/aws/aws-sdk-go-v2/service/ecs from 1.54.6 to 1.75.0

Commits

b820c57 Release 2025-01-29
40ddb76 Regenerated Clients
2b4adae Update API model
78c2be4 Revert "beta: feature/s3/transfermanager (S3 transfer manager v2) (#2988)"
5c9d67c beta: feature/s3/transfermanager (S3 transfer manager v2) (#2988)
571aa56 Release 2025-01-28
783ff00 Regenerated Clients
fcdc1bb Update API model
df279db Release 2025-01-27
912497b Regenerated Clients
Additional commits viewable in compare view

Updates github.com/aws/aws-sdk-go-v2/service/lambda from 1.71.2 to 1.88.5

Commits

b9b0c65 Release 2025-10-16
e2bc8a0 Regenerated Clients
8691ee3 Update API model
51e8a3f bump to go1.23 (#3211)
ad2d36c Release 2025-10-15
19a35d6 Regenerated Clients
35cb02f Update endpoints model
f673a1b Update API model
48421fd Release 2025-10-14
fedcba7 Regenerated Clients
Additional commits viewable in compare view

Updates github.com/aws/aws-sdk-go-v2/service/s3 from 1.79.2 to 1.97.3

Commits

90650dd Release 2026-03-26
dd88818 Regenerated Clients
b662c50 Update endpoints model
500a9cb Update API model
6221102 fix stale skew and delayed skew healing (#3359)
0a39373 fix order of generated event header handlers (#3361)
098f389 Only generate resolveAccountID when it's required (#3360)
6ebab66 Release 2026-03-25
b2ec3be Regenerated Clients
abc126f Update API model
Additional commits viewable in compare view

Updates github.com/aws/smithy-go from 1.22.3 to 1.24.2

Release notes

Sourced from github.com/aws/smithy-go's releases.

v1.22.4

Release (2025-06-16)

General Highlights

Dependency Update: Updated to the latest SDK module versions

Module Highlights

github.com/aws/smithy-go: v1.22.4

Bug Fix: Fix CBOR serd empty check for string and enum fields

Commits

b860661 Release 2026-02-27
567846b Bump minimun Go version to 1.24 (#629)
8c63558 Release 2026-02-20
c6d1144 Create new event stream generator (#626)
f82babd update Smithy version to 1.67.0 (#627)
708bee3 move writable and chainwritable up (#622)
7bfe108 Add support for OrExpression JMESPath (#620)
9dbc5b2 bump smithy to v1.64.0
71f5bff Release 2025-12-01
c94c177 changelog
Additional commits viewable in compare view

Updates github.com/containers/image/v5 from 5.34.3 to 5.36.2

Release notes

Sourced from github.com/containers/image/v5's releases.

v5.36.2

What's Changed

[release-5.36] Bump to c/image v5.36.1 by @TomSweeneyRedHat in containers/image#2920

[release-5.36] rekor: do not cancel http context by @TomSweeneyRedHat in containers/image#2943

Full Changelog: containers/image@v5.36.1...v5.36.2

v5.36.1

What's Changed

[release-5.36] Update the CI image, to match Skopeo's updated test code by @TomSweeneyRedHat in containers/image#2913

Full Changelog: containers/image@v5.36.0...v5.36.1

v5.36.0

What's Changed

Bump c/storage to v1.58.0, c/image to v5.35.0 by @TomSweeneyRedHat in containers/image#2828

chore(deps): update dependency golangci/golangci-lint to v2.1.2 by @renovate[bot] in containers/image#2827

fix(deps): update module github.com/mattn/go-sqlite3 to v1.14.28 by @renovate[bot] in containers/image#2829

fix(deps): update module github.com/docker/docker to v28.1.0+incompatible by @renovate[bot] in containers/image#2834

fix(deps): update module github.com/docker/cli to v28.1.0+incompatible by @renovate[bot] in containers/image#2833

fix(deps): update module github.com/docker/cli to v28.1.1+incompatible by @renovate[bot] in containers/image#2836

fix(deps): update module github.com/docker/docker to v28.1.1+incompatible by @renovate[bot] in containers/image#2835

chore(deps): update dependency containers/automation_images to v20250422 by @renovate[bot] in containers/image#2839

chore(deps): update dependency golangci/golangci-lint to v2.1.5 by @renovate[bot] in containers/image#2840

fix(deps): update module github.com/sigstore/sigstore to v1.9.4 by @renovate[bot] in containers/image#2842

chore(deps): update dependency golangci/golangci-lint to v2.1.6 by @renovate[bot] in containers/image#2846

fix(deps): update module github.com/vbauerster/mpb/v8 to v8.10.0 by @renovate[bot] in containers/image#2845

fix(deps): update module golang.org/x/oauth2 to v0.30.0 by @renovate[bot] in containers/image#2847

fix(deps): update module golang.org/x/sync to v0.14.0 by @renovate[bot] in containers/image#2848

fix(deps): update module golang.org/x/term to v0.32.0 by @renovate[bot] in containers/image#2850

fix(deps): update module golang.org/x/crypto to v0.38.0 by @renovate[bot] in containers/image#2849

fix(deps): update module dario.cat/mergo to v1.0.2 by @renovate[bot] in containers/image#2851

vendor: update c/storage by @giuseppe in containers/image#2844

fix(deps): update module github.com/vbauerster/mpb/v8 to v8.10.1 by @renovate[bot] in containers/image#2853

Update old indirect dependencies by @mtrmac in containers/image#2787

Stop setting the btrfs_noversion build tag by @mtrmac in containers/image#2831

fix(deps): update module github.com/santhosh-tekuri/jsonschema/v6 to v6.0.2 by @renovate[bot] in containers/image#2855

fix(deps): update module github.com/docker/docker to v28.2.1+incompatible by @renovate[bot] in containers/image#2859

fix(deps): update module github.com/docker/cli to v28.2.1+incompatible by @renovate[bot] in containers/image#2858

fix(deps): update module github.com/docker/docker to v28.2.2+incompatible by @renovate[bot] in containers/image#2862

fix(deps): update module github.com/docker/cli to v28.2.2+incompatible by @renovate[bot] in containers/image#2861

INCOMPATIBLE: Remove the implementation of the ostree transport by @mtrmac in containers/image#2821

Only upload sigstore signatures to the sigstore tag schema by @mtrmac in containers/image#2717

Update old dependencies by @mtrmac in containers/image#2863

fix(deps): update github.com/containers/storage digest to 78f4258 by @renovate[bot] in containers/image#2864

Queue a partially-pulled layer for commit immediately after staging it by @mtrmac in containers/image#2799

fix(deps): update module github.com/vbauerster/mpb/v8 to v8.10.2 by @renovate[bot] in containers/image#2865

fix(deps): update module golang.org/x/sync to v0.15.0 by @renovate[bot] in containers/image#2866

... (truncated)

Commits

d464a25 Bump to v5.36.2
50a6b67 Merge pull request #2943 from TomSweeneyRedHat/dev/tsweeney/backport_2938
d3eb538 [release-5.36] rekor: do not cancel http context
6ed8326 Merge pull request #2920 from TomSweeneyRedHat/dev/tsweeney/v5.36.1
f6ca2da [release-5.36] Bump to c/image v5.36.1
d18da19 [release-5.36] Bump c/storage to v1.59.1
ae0c9f3 Merge pull request #2913 from TomSweeneyRedHat/dev/tsweeney/cherrypick2907
40d1027 [release-5.36] Update the CI image, to match Skopeo's updated test code
08ce6b4 Bump to c/image v5.36.0
b5e2b66 Bump to c/storage v1.59.0
Additional commits viewable in compare view

Updates github.com/docker/docker from 28.0.4+incompatible to 28.3.2+incompatible

Release notes

Sourced from github.com/docker/docker's releases.

28.3.2

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

docker/cli, 28.3.2 milestone

moby/moby, 28.3.2 milestone

Deprecated and removed features, see Deprecated Features.

Changes to the Engine API, see API version history.

Bug fixes and enhancements

Fix --use-api-socket not working correctly when targeting a remote daemon. docker/cli#6157

Fix stray "otel error" logs being printed if debug logging is enabled. docker/cli#6160

Quote SSH arguments when connecting to a remote daemon over an SSH connection to avoid unexpected expansion. docker/cli#6147

Warn when DOCKER_AUTH_CONFIG is set during docker login and docker logout. docker/cli#6163

Packaging updates

Update Compose to v2.38.2. docker/docker-ce-packaging#1225

Update Docker Model CLI plugin to v0.1.33. docker/docker-ce-packaging#1227

Update Go runtime to 1.24.5. moby/moby#50354

28.3.1

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

docker/cli, 28.3.1 milestone

moby/moby, 28.3.1 milestone

Deprecated and removed features, see Deprecated Features.

Changes to the Engine API, see API version history.

Packaging updates

Update BuildKit to v0.23.2. moby/moby#50309

Update Compose to v2.38.1. docker/docker-ce-packaging#1221

Update Model to v0.1.32 which adds the support for the new top-level models: key in Docker Compose. docker/docker-ce-packaging#1222

28.3.0

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

docker/cli, 28.3.0 milestone

moby/moby, 28.3.0 milestone

Deprecated and removed features, see Deprecated Features.

Changes to the Engine API, see API version history.

New

Add support for AMD GPUs in docker run --gpus. moby/moby#49952

Use DOCKER_AUTH_CONFIG as a credential store. docker/cli#6008

... (truncated)

Commits

e77ff99 Merge pull request #50354 from vvoland/50353-28.x
6e3cf7f Merge pull request #50351 from vvoland/50179-28.x
38c0abf update to go1.24.5
3b7d703 Merge pull request #50352 from vvoland/50347-28.x
d14a60f Merge pull request #50348 from vvoland/50314-28.x
da65c86 Merge pull request #50350 from vvoland/50333-28.x
76fbfe9 Merge pull request #50349 from vvoland/50255-28.x
bfade89 integration/networking: increase context timeout for attach
a818cfd gha: run windows 2025 on PRs, 2022 scheduled
653777a gha: update to windows 2022 / 2025
Additional commits viewable in compare view

Updates github.com/go-git/go-git/v5 from 5.17.1 to 5.17.2

Release notes

Sourced from github.com/go-git/go-git/v5's releases.

v5.17.2

What's Changed

build: Update module github.com/go-git/go-git/v5 to v5.17.1 [SECURITY] (releases/v5.x) by @go-git-renovate[bot] in go-git/go-git#1941

dotgit: skip writing pack files that already exist on disk by @pjbgf in go-git/go-git#1944

⚠️ This release fixes a bug (go-git/go-git#1942) that blocked some users from upgrading to v5.17.1. Thanks @pskrbasu for reporting it. 🙇

Full Changelog: go-git/go-git@v5.17.1...v5.17.2

Commits

45ae193 Merge pull request #1944 from go-git/fix-perms
fda4f74 storage: filesystem/dotgit, Skip writing pack files that already exist on disk
2212dc7 Merge pull request #1941 from go-git/renovate/releases/v5.x-go-github.com-go-...
ebb2d7d build: Update module github.com/go-git/go-git/v5 to v5.17.1 [SECURITY]
See full diff in compare view

Updates github.com/go-playground/validator/v10 from 10.26.0 to 10.30.2

Release notes

Sourced from github.com/go-playground/validator/v10's releases.

v10.30.2

What's Changed

chore(deps): bump golang.org/x/crypto from 0.46.0 to 0.47.0 by @dependabot[bot] in go-playground/validator#1523

feat: add translations for alphaspace and alphanumspace tags in indonesian by @savioruz in go-playground/validator#1522

chore(deps): bump github.com/gabriel-vasile/mimetype from 1.4.12 to 1.4.13 by @dependabot[bot] in go-playground/validator#1526

feat: add cmyk(color) to validator by @thenicolau in go-playground/validator#1528

chore(deps): bump golang.org/x/text from 0.33.0 to 0.34.0 by @dependabot[bot] in go-playground/validator#1534

chore(deps): bump golang.org/x/crypto from 0.47.0 to 0.48.0 by @dependabot[bot] in go-playground/validator#1533

Go 1.26 support by @nodivbyzero in go-playground/validator#1535

fix: prevent panic in unique validation with nil pointer elements by @nodivbyzero in go-playground/validator#1532

docs: fix typos by @alexandear in go-playground/validator#1527

feat: implement ValidatorValuer interface feature by @thommeo in go-playground/validator#1416

docs: add Valuer interface documentation and example by @wofiporia in go-playground/validator#1540

chore(deps): bump golang.org/x/text from 0.34.0 to 0.35.0 by @dependabot[bot] in go-playground/validator#1545

chore(deps): bump golang.org/x/crypto from 0.48.0 to 0.49.0 by @dependabot[bot] in go-playground/validator#1546

feat: add postcode patterns for Colombia (CO) and British Virgin Islands (VG) by @j-ibarra in go-playground/validator#1547

fix(fqdn): allow hyphens in last domain label by @alihasan070707 in go-playground/validator#1548

New Contributors

@savioruz made their first contribution in go-playground/validator#1522

@thenicolau made their first contribution in go-playground/validator#1528

@thommeo made their first contribution in go-playground/validator#1416

@wofiporia made their first contribution in go-playground/validator#1540

@j-ibarra made their first contribution in go-playground/validator#1547

@alihasan070707 made their first contribution in go-playground/validator#1548

Full Changelog: go-playground/validator@v10.30.1...v10.30.2

Release 10.30.1

What's Changed

Feat: uds_exists validator by @barash-asenov in go-playground/validator#1482

fix: Revert min limit of e164 regex by @zemzale in go-playground/validator#1516

Fix 1513 update ISO 3166-2 codes by @xyz27900 in go-playground/validator#1514

New Contributors

@barash-asenov made their first contribution in go-playground/validator#1482

@xyz27900 made their first contribution in go-playground/validator#1514

Full Changelog: go-playground/validator@v10.30.0...v10.30.1

Release 10.30.0

What's Changed

Bump golang.org/x/crypto from 0.45.0 to 0.46.0 by @dependabot[bot] in go-playground/validator#1504

Bump github.com/gabriel-vasile/mimetype from 1.4.11 to 1.4.12 by @dependabot[bot] in go-playground/validator#1505

docs: document omitzero by @minoritea in go-playground/validator#1509

fix: add missing translations for alpha validators by @shindonghwi in go-playground/validator#1510

fix: resolve panic when using aliases with OR operator by @shindonghwi in go-playground/validator#1507

fix: resolve panic when using cross-field validators with ValidateMap by @shindonghwi in go-playground/validator#1508

New Contributors

... (truncated)

Commits

b9258bd fix(fqdn): allow hyphens in last domain label (#1548)
b9f1d79 feat: add postcode patterns for Colombia (CO) and British Virgin Islands (VG)...
7fa9599 chore(deps): bump golang.org/x/crypto from 0.48.0 to 0.49.0 (#1546)
8ca29ec chore(deps): bump golang.org/x/text from 0.34.0 to 0.35.0 (#1545)
5e1bedf docs: add Valuer interface documentation and example (#1540)
42927a0 feat: implement ValidatorValuer interface feature (#1416<...
Description has been truncated

claude · 2026-03-31T16:57:31Z

Claude finished @dependabot[bot]'s task in 2m 53s —— View job

Dependency Update Review

Gather context and read changed files
Analyze dependency usage in codebase
Check for breaking changes and risks
Post review

Summary

This PR bumps 22 Go dependencies (16 direct, 6 indirect). The changes are net-negative on lines (179 added / 856 deleted in go.sum), indicating dependency tree simplification. Overall this looks low-to-medium risk, but a few items deserve attention before merging.

Dependency-by-Dependency Analysis

Low Risk (routine patch/minor updates)

Package	Change	Notes
`go-git/go-git/v5`	5.17.1 → 5.17.2	Bugfix for pack file write issue. No API changes.
`golang.org/x/oauth2`	0.34.0 → 0.36.0	Standard stdlib-adjacent bump.
`docker/docker`	28.0.4 → 28.3.2	Indirect usage only (Docker client). No breaking API changes.
`hashicorp/go-retryablehttp`	0.7.7 → 0.7.8	Patch bump.
`go-playground/validator/v10`	10.26.0 → 10.30.2	Adds new validators, fixes panics. Used in `cmd/kosli/snapshotPaths.go` and `internal/server/server.go` with basic `validate:"required"` tags — no risk.
`zalando/go-keyring`	0.2.6 → 0.2.8	Patch bumps. APIs used (`Get`, `Set`, `ErrNotFound`, `MockInit`) unchanged.
`k8s.io/kubernetes`	1.35.0 → 1.35.3	Patch release. Used for `test/e2e/framework/pod` in tests only.

Medium Risk — Worth Verifying

aws/aws-sdk-go-v2 family (v1.36.3 → v1.41.5 + service bumps)

Used in internal/aws/aws.go for ECS, Lambda, and S3 operations.
AWS SDK v2 follows strict semver for service clients — minor/patch bumps should not break existing APIs.
Notable: smithy-go bumped min Go to 1.24, but this repo is on Go 1.25 so no issue.
New indirect dependency aws/aws-sdk-go-v2/service/signin appeared — this is pulled in by the config/credentials chain, not a concern.
Recommendation: ✅ Should be safe. The APIs used (ListFunctions, GetFunctionConfiguration, ListObjectsV2, ECS describe/list operations) are stable GA APIs.

containers/image/v5 (5.34.3 → 5.36.2)

Used in internal/digest/digest.go via docker.ParseReference(), docker.GetDigest(), and types.SystemContext.
Release notes mention removal of the ostree transport (INCOMPATIBLE) — but this repo only uses the docker transport, so not affected.
containers/storage transitive dep bumped 1.57.2 → 1.59.1.
New transitive deps: containerd/errdefs and containerd/errdefs/pkg.
Removed: alessio/shellescape (replaced by al.essio.dev/pkg/shellescape which was already present).
Recommendation: ✅ Safe for this codebase's usage pattern.

andygrunwald/go-jira (1.16.0 → 1.17.0)

Used in internal/jira/jira.go with BasicAuthTransport, BearerAuthTransport, NewClient, Issue.Get.
Breaking change in v1.17.0: Min Go version raised from 1.15 to 1.21 — no issue (repo uses Go 1.25).
Security fix: Updates golang-jwt/jwt/v4 for CVE-2025-30204.
Adds SearchV2JQL for deprecated Jira Cloud endpoint — this repo uses Issue.Get() only, not search, so no action needed.
Recommendation: ✅ Safe. The security fix for JWT is a good reason to take this update.

open-policy-agent/opa (1.13.2 → 1.15.1)

Used in internal/evaluate/rego.go via opa/v1/ast and opa/v1/rego packages.
The v1 import path is OPA's stable API surface. Between 1.13 and 1.15, changes are primarily new built-in functions and performance improvements.
Recommendation: ✅ Should be safe. The usage is standard (rego.New, rego.Query, rego.Module, rego.Input, Eval).

Higher Risk — Needs Attention

⚠️ sigs.k8s.io/kind (0.11.1 → 0.31.0)

This is a massive version jump (20 minor versions). Used in internal/kube/kube_test.go for creating test KIND clusters.
APIs used: cluster.NewProvider(cluster.ProviderWithDocker()), provider.Create(), provider.ExportKubeConfig(), provider.Delete(), cluster.CreateWithWaitForReady().
KIND's Go API has been relatively stable for these core operations, but with a jump this large there could be behavioral changes (e.g., default K8s version in the node image, cluster creation options).
Since this is test-only, the blast radius is limited to the integration test suite.
Recommendation: ⚠️ Run make test_integration_single TARGET=KubeTestSuite to verify KIND cluster creation still works. The API signatures likely haven't changed, but the default node image and behavior may have shifted significantly over 20 minor versions.

⚠️ Removed dependency: gopkg.in/ini.v1

This indirect dependency was removed from go.mod. This is expected as newer versions of dependencies have migrated away from it, but worth noting — if any code path still needs it transitively, the build would fail.
Recommendation: Verify the project compiles cleanly (go build ./...).

⚠️ Removed dependency: go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp

This OpenTelemetry HTTP trace exporter was removed as an indirect dep. This is likely due to upstream dependency changes.
Recommendation: Should be fine if only gRPC exporter is used upstream, but verify build.

Action Items

Critical: Verify the project compiles — go build ./... (CI should catch this)
Important: Run the Kubernetes integration tests to validate the KIND v0.31.0 jump — make test_integration_full or at minimum make test_integration_single TARGET=KubeTestSuite
Nice to have: Run make test_integration to confirm no regressions from the AWS SDK, containers/image, or OPA updates

Overall Assessment

Approve with testing. The dependency updates are well-scoped and include important security fixes (go-jira JWT CVE, go-git bugfix). The main risk is the sigs.k8s.io/kind v0.11.1→v0.31.0 jump, which should be validated by CI's integration test suite. All other changes are backwards-compatible minor/patch bumps against stable APIs.

Bumps the go-dependencies group with 16 updates in the / directory: | Package | From | To | | --- | --- | --- | | [github.com/Azure/azure-sdk-for-go/sdk/azcore](https://github.com/Azure/azure-sdk-for-go) | `1.18.0` | `1.21.0` | | [github.com/Azure/azure-sdk-for-go/sdk/containers/azcontainerregistry](https://github.com/Azure/azure-sdk-for-go) | `0.2.2` | `0.2.3` | | [github.com/andygrunwald/go-jira](https://github.com/andygrunwald/go-jira) | `1.16.0` | `1.17.0` | | [github.com/aws/aws-sdk-go-v2](https://github.com/aws/aws-sdk-go-v2) | `1.36.3` | `1.41.5` | | [github.com/aws/aws-sdk-go-v2/config](https://github.com/aws/aws-sdk-go-v2) | `1.29.14` | `1.32.13` | | [github.com/aws/aws-sdk-go-v2/feature/s3/manager](https://github.com/aws/aws-sdk-go-v2) | `1.17.72` | `1.22.10` | | [github.com/aws/aws-sdk-go-v2/service/ecs](https://github.com/aws/aws-sdk-go-v2) | `1.54.6` | `1.75.0` | | [github.com/aws/aws-sdk-go-v2/service/lambda](https://github.com/aws/aws-sdk-go-v2) | `1.71.2` | `1.88.5` | | [github.com/containers/image/v5](https://github.com/containers/image) | `5.34.3` | `5.36.2` | | [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) | `5.17.1` | `5.17.2` | | [github.com/go-playground/validator/v10](https://github.com/go-playground/validator) | `10.26.0` | `10.30.2` | | [github.com/open-policy-agent/opa](https://github.com/open-policy-agent/opa) | `1.13.2` | `1.15.1` | | [github.com/zalando/go-keyring](https://github.com/zalando/go-keyring) | `0.2.6` | `0.2.8` | | [golang.org/x/oauth2](https://github.com/golang/oauth2) | `0.34.0` | `0.36.0` | | [k8s.io/kubernetes](https://github.com/kubernetes/kubernetes) | `1.35.0` | `1.35.3` | | [sigs.k8s.io/kind](https://github.com/kubernetes-sigs/kind) | `0.11.1` | `0.31.0` | Updates `github.com/Azure/azure-sdk-for-go/sdk/azcore` from 1.18.0 to 1.21.0 - [Release notes](https://github.com/Azure/azure-sdk-for-go/releases) - [Commits](Azure/azure-sdk-for-go@sdk/azcore/v1.18.0...sdk/azcore/v1.21.0) Updates `github.com/Azure/azure-sdk-for-go/sdk/azidentity` from 1.9.0 to 1.10.1 - [Release notes](https://github.com/Azure/azure-sdk-for-go/releases) - [Commits](Azure/azure-sdk-for-go@sdk/azcore/v1.9.0...sdk/azidentity/v1.10.1) Updates `github.com/Azure/azure-sdk-for-go/sdk/containers/azcontainerregistry` from 0.2.2 to 0.2.3 - [Release notes](https://github.com/Azure/azure-sdk-for-go/releases) - [Commits](Azure/azure-sdk-for-go@sdk/internal/v0.2.2...sdk/internal/v0.2.3) Updates `github.com/andygrunwald/go-jira` from 1.16.0 to 1.17.0 - [Release notes](https://github.com/andygrunwald/go-jira/releases) - [Changelog](https://github.com/andygrunwald/go-jira/blob/main/CHANGELOG.md) - [Commits](andygrunwald/go-jira@v1.16.0...v1.17.0) Updates `github.com/aws/aws-sdk-go-v2` from 1.36.3 to 1.41.5 - [Release notes](https://github.com/aws/aws-sdk-go-v2/releases) - [Commits](aws/aws-sdk-go-v2@v1.36.3...v1.41.5) Updates `github.com/aws/aws-sdk-go-v2/config` from 1.29.14 to 1.32.13 - [Release notes](https://github.com/aws/aws-sdk-go-v2/releases) - [Commits](aws/aws-sdk-go-v2@config/v1.29.14...config/v1.32.13) Updates `github.com/aws/aws-sdk-go-v2/credentials` from 1.17.67 to 1.19.13 - [Release notes](https://github.com/aws/aws-sdk-go-v2/releases) - [Commits](aws/aws-sdk-go-v2@credentials/v1.17.67...credentials/v1.19.13) Updates `github.com/aws/aws-sdk-go-v2/feature/s3/manager` from 1.17.72 to 1.22.10 - [Release notes](https://github.com/aws/aws-sdk-go-v2/releases) - [Commits](aws/aws-sdk-go-v2@feature/s3/manager/v1.17.72...service/mq/v1.22.10) Updates `github.com/aws/aws-sdk-go-v2/service/ecs` from 1.54.6 to 1.75.0 - [Release notes](https://github.com/aws/aws-sdk-go-v2/releases) - [Commits](aws/aws-sdk-go-v2@service/ecs/v1.54.6...service/s3/v1.75.0) Updates `github.com/aws/aws-sdk-go-v2/service/lambda` from 1.71.2 to 1.88.5 - [Release notes](https://github.com/aws/aws-sdk-go-v2/releases) - [Commits](aws/aws-sdk-go-v2@service/rds/v1.71.2...service/s3/v1.88.5) Updates `github.com/aws/aws-sdk-go-v2/service/s3` from 1.79.2 to 1.97.3 - [Release notes](https://github.com/aws/aws-sdk-go-v2/releases) - [Commits](aws/aws-sdk-go-v2@service/s3/v1.79.2...service/s3/v1.97.3) Updates `github.com/aws/smithy-go` from 1.22.3 to 1.24.2 - [Release notes](https://github.com/aws/smithy-go/releases) - [Changelog](https://github.com/aws/smithy-go/blob/main/CHANGELOG.md) - [Commits](aws/smithy-go@v1.22.3...v1.24.2) Updates `github.com/containers/image/v5` from 5.34.3 to 5.36.2 - [Release notes](https://github.com/containers/image/releases) - [Commits](containers/image@v5.34.3...v5.36.2) Updates `github.com/docker/docker` from 28.0.4+incompatible to 28.3.2+incompatible - [Release notes](https://github.com/docker/docker/releases) - [Commits](moby/moby@v28.0.4...v28.3.2) Updates `github.com/go-git/go-git/v5` from 5.17.1 to 5.17.2 - [Release notes](https://github.com/go-git/go-git/releases) - [Commits](go-git/go-git@v5.17.1...v5.17.2) Updates `github.com/go-playground/validator/v10` from 10.26.0 to 10.30.2 - [Release notes](https://github.com/go-playground/validator/releases) - [Commits](go-playground/validator@v10.26.0...v10.30.2) Updates `github.com/hashicorp/go-retryablehttp` from 0.7.7 to 0.7.8 - [Changelog](https://github.com/hashicorp/go-retryablehttp/blob/main/CHANGELOG.md) - [Commits](hashicorp/go-retryablehttp@v0.7.7...v0.7.8) Updates `github.com/open-policy-agent/opa` from 1.13.2 to 1.15.1 - [Release notes](https://github.com/open-policy-agent/opa/releases) - [Changelog](https://github.com/open-policy-agent/opa/blob/main/CHANGELOG.md) - [Commits](open-policy-agent/opa@v1.13.2...v1.15.1) Updates `github.com/zalando/go-keyring` from 0.2.6 to 0.2.8 - [Release notes](https://github.com/zalando/go-keyring/releases) - [Commits](zalando/go-keyring@v0.2.6...v0.2.8) Updates `golang.org/x/oauth2` from 0.34.0 to 0.36.0 - [Commits](golang/oauth2@v0.34.0...v0.36.0) Updates `k8s.io/kubernetes` from 1.35.0 to 1.35.3 - [Release notes](https://github.com/kubernetes/kubernetes/releases) - [Commits](kubernetes/kubernetes@v1.35.0...v1.35.3) Updates `sigs.k8s.io/kind` from 0.11.1 to 0.31.0 - [Release notes](https://github.com/kubernetes-sigs/kind/releases) - [Commits](kubernetes-sigs/kind@v0.11.1...v0.31.0) --- updated-dependencies: - dependency-name: github.com/Azure/azure-sdk-for-go/sdk/azcore dependency-version: 1.21.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-dependencies - dependency-name: github.com/Azure/azure-sdk-for-go/sdk/azidentity dependency-version: 1.10.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-dependencies - dependency-name: github.com/Azure/azure-sdk-for-go/sdk/containers/azcontainerregistry dependency-version: 0.2.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go-dependencies - dependency-name: github.com/andygrunwald/go-jira dependency-version: 1.17.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-dependencies - dependency-name: github.com/aws/aws-sdk-go-v2 dependency-version: 1.41.5 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-dependencies - dependency-name: github.com/aws/aws-sdk-go-v2/config dependency-version: 1.32.13 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-dependencies - dependency-name: github.com/aws/aws-sdk-go-v2/credentials dependency-version: 1.19.13 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-dependencies - dependency-name: github.com/aws/aws-sdk-go-v2/feature/s3/manager dependency-version: 1.22.10 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-dependencies - dependency-name: github.com/aws/aws-sdk-go-v2/service/ecs dependency-version: 1.75.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-dependencies - dependency-name: github.com/aws/aws-sdk-go-v2/service/lambda dependency-version: 1.88.5 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-dependencies - dependency-name: github.com/aws/aws-sdk-go-v2/service/s3 dependency-version: 1.97.3 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-dependencies - dependency-name: github.com/aws/smithy-go dependency-version: 1.24.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-dependencies - dependency-name: github.com/containers/image/v5 dependency-version: 5.36.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-dependencies - dependency-name: github.com/docker/docker dependency-version: 28.3.2+incompatible dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-dependencies - dependency-name: github.com/go-git/go-git/v5 dependency-version: 5.17.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go-dependencies - dependency-name: github.com/go-playground/validator/v10 dependency-version: 10.30.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-dependencies - dependency-name: github.com/hashicorp/go-retryablehttp dependency-version: 0.7.8 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go-dependencies - dependency-name: github.com/open-policy-agent/opa dependency-version: 1.15.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-dependencies - dependency-name: github.com/zalando/go-keyring dependency-version: 0.2.8 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go-dependencies - dependency-name: golang.org/x/oauth2 dependency-version: 0.36.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-dependencies - dependency-name: k8s.io/kubernetes dependency-version: 1.35.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go-dependencies - dependency-name: sigs.k8s.io/kind dependency-version: 0.31.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-dependencies ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot · 2026-04-01T08:15:30Z

Looks like these dependencies are updatable in another way, so this is no longer needed.

dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update go code labels Mar 31, 2026

dependabot bot force-pushed the dependabot/go_modules/go-dependencies-12ed2b9744 branch from e726ba5 to 17b88b7 Compare April 1, 2026 08:14

dependabot bot closed this Apr 1, 2026

dependabot bot deleted the dependabot/go_modules/go-dependencies-12ed2b9744 branch April 1, 2026 08:15

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump the go-dependencies group across 1 directory with 22 updates#752

Bump the go-dependencies group across 1 directory with 22 updates#752
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/go_modules/go-dependencies-12ed2b9744

dependabot bot commented on behalf of github Mar 31, 2026 •

edited

Loading

Uh oh!

claude bot commented Mar 31, 2026 •

edited

Loading

Uh oh!

dependabot bot commented on behalf of github Apr 1, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot bot commented on behalf of github Mar 31, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

sdk/azcore/v1.21.0

1.21.0 (2026-01-12)

Features Added

Other Changes

v1.17.0

What's Changed

v1.16.1

What's Changed

New Contributors

1.17.0 (2025-09-16)

Breaking Changes

Security

Maintenance

Dependencies

CI/CD

1.16.1 (2025-09-13)

Features

v1.22.4

Release (2025-06-16)

General Highlights

Module Highlights

v5.36.2

What's Changed

v5.36.1

What's Changed

v5.36.0

What's Changed

28.3.2

Bug fixes and enhancements

Packaging updates

28.3.1

Packaging updates

28.3.0

New

v5.17.2

What's Changed

v10.30.2

What's Changed

New Contributors

Release 10.30.1

What's Changed

New Contributors

Release 10.30.0

What's Changed

New Contributors

Uh oh!

claude bot commented Mar 31, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Dependency Update Review

Summary

Dependency-by-Dependency Analysis

Low Risk (routine patch/minor updates)

Medium Risk — Worth Verifying

Higher Risk — Needs Attention

Action Items

Overall Assessment

Uh oh!

dependabot bot commented on behalf of github Apr 1, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

dependabot bot commented on behalf of github Mar 31, 2026 •

edited

Loading

claude bot commented Mar 31, 2026 •

edited

Loading