[release-v1.15][gomod]: Bump the patch group across 1 directory with 4 updates

[dependabot]

Bumps the patch group with 4 updates in the / directory: github.com/go-jose/go-jose/v3, github.com/gorilla/websocket, github.com/hashicorp/go-retryablehttp and go.uber.org/zap.

Updates github.com/go-jose/go-jose/v3 from 3.0.3 to 3.0.4

Release notes

Sourced from github.com/go-jose/go-jose/v3's releases.

v3.0.4

What's Changed

Backport fix for GHSA-c6gw-w398-hv78 CVE-2025-27144 go-jose/go-jose#174

Full Changelog: go-jose/go-jose@v3.0.3...v3.0.4

Commits

• 5253038 Backport fix 167 to v3 (#174)
• 047dc99 CI: Update github actions and go version (#173)
• 0f017e9 Revert #26 (ignore unsupported JWKs in Sets) (#131)
• 3e2bbef Unmarshal jwk keys with unsupported key type or algorithm into empty … (#26)
• See full diff in compare view

Updates github.com/gorilla/websocket from 1.5.1 to 1.5.3

Release notes

Sourced from github.com/gorilla/websocket's releases.

v1.5.3

Important change

This reverts the websockets package back to gorilla/websocket@931041c

What's Changed

• Fixes subprotocol selection (aling with rfc6455) by @​KSDaemon in gorilla/websocket#823
• Update README.md, replace master to main by @​mstmdev in gorilla/websocket#862
• Use status code constant by @​mstmdev in gorilla/websocket#864
• conn.go: default close handler should not return ErrCloseSent. by @​pnx in gorilla/websocket#865
• fix: replace ioutil.readfile with os.readfile by @​rfyiamcool in gorilla/websocket#868
• fix: add comment for the readBufferSize and writeBufferSize by @​rfyiamcool in gorilla/websocket#869
• Remove noisy printf in NextReader() and beginMessage() by @​bcreane in gorilla/websocket#878
• docs(echoreadall): fix function echoReadAll comment by @​XdpCs in gorilla/websocket#881
• make tests parallel by @​ninedraft in gorilla/websocket#872
• Upgrader.Upgrade: use http.ResposnseController by @​ninedraft in gorilla/websocket#871
• Do not handle network error in SetCloseHandler() by @​nak3 in gorilla/websocket#863
• perf: reduce timer in write_control by @​rfyiamcool in gorilla/websocket#879
• fix: lint example code by @​rfyiamcool in gorilla/websocket#890
• feat: format message type by @​rfyiamcool in gorilla/websocket#889
• Remove hideTempErr to allow downstream users to check for errors like net.ErrClosed by @​UnAfraid in gorilla/websocket#894
• Do not timeout when WriteControl deadline is zero in gorilla/websocket#898
• Excludes errchecks linter by @​apoorvajagtap in gorilla/websocket#904
• Return errors instead of printing to logs by @​apoorvajagtap in gorilla/websocket#897
• Revert " Update go version & add verification/testing tools (#840)" by @​apoorvajagtap in gorilla/websocket#908
• Fixes broken random value generation by @​apoorvajagtap in gorilla/websocket#926
• Reverts back to v1.5.0 by @​apoorvajagtap in gorilla/websocket#929

New Contributors

• @​KSDaemon made their first contribution in gorilla/websocket#823
• @​mstmdev made their first contribution in gorilla/websocket#862
• @​pnx made their first contribution in gorilla/websocket#865
• @​rfyiamcool made their first contribution in gorilla/websocket#868
• @​bcreane made their first contribution in gorilla/websocket#878
• @​XdpCs made their first contribution in gorilla/websocket#881
• @​ninedraft made their first contribution in gorilla/websocket#872
• @​nak3 made their first contribution in gorilla/websocket#863
• @​UnAfraid made their first contribution in gorilla/websocket#894
• @​apoorvajagtap made their first contribution in gorilla/websocket#904

Full Changelog: gorilla/websocket@v1.5.1...v1.5.3

v1.5.2

What's Changed

• Fixes subprotocol selection (aling with rfc6455) by @​KSDaemon in gorilla/websocket#823
• Update README.md, replace master to main by @​mstmdev in gorilla/websocket#862
• Use status code constant by @​mstmdev in gorilla/websocket#864
• conn.go: default close handler should not return ErrCloseSent. by @​pnx in gorilla/websocket#865
• fix: replace ioutil.readfile with os.readfile by @​rfyiamcool in gorilla/websocket#868
• fix: add comment for the readBufferSize and writeBufferSize by @​rfyiamcool in gorilla/websocket#869
• Remove noisy printf in NextReader() and beginMessage() by @​bcreane in gorilla/websocket#878

... (truncated)

Commits

• ce903f6 Reverts to v1.5.0
• 9ec25ca fixes broken random value generation
• 1bddf2e bumps go version & removes deprecated module usage
• 750bf92 adds GHA & Makefile configs
• b2c246b Revert " Update go version & add verification/testing tools (#840)"
• 09a6bab removing error handling while closing connections
• 58af150 return errors instead of printing to logs
• e5f1a0a excludes errchecks linter
• b2a86a1 Do not timeout when WriteControl deadline is zero
• 695e909 Remove hideTempErr to allow downstream users to check for errors like net.Err...
• Additional commits viewable in compare view

Updates github.com/hashicorp/go-retryablehttp from 0.7.7 to 0.7.8

Commits

• e1f5485 Add a new RateLimitLinearJitterBackoff policy
• b0cac1e Merge pull request #262 from hashicorp/dependabot-intge
• 66c110b few new parameters added to dependabot.yml
• 25b39e6 IND-3836 additions of new parameters to dependabot.yml
• eeac125 add comment for bodyType param in client.Post
• 390c1d8 Merge pull request #254 from hashicorp/compliance/add-headers
• f4d7325 [COMPLIANCE] Add Copyright and License Headers
• a881d6c Merge pull request #251 from hashicorp/build-test
• 9c1b40b go-version matrix updated
• e3867e3 resolved comments
• Additional commits viewable in compare view

Updates go.uber.org/zap from 1.27.0 to 1.27.1

Release notes

Sourced from go.uber.org/zap's releases.

v1.27.1

Enhancements:

• #1501[]: prevent Object from panicking on nils
• #1511[]: Fix a race condition in WithLazy.

Thanks to @​rabbbit, @​alshopov, @​jquirke, @​arukiidou for their contributions to this release.

#1501: uber-go/zap#1501 #1511: uber-go/zap#1511

Changelog

Sourced from go.uber.org/zap's changelog.

1.27.1 (19 Nov 2025)

Enhancements:

• #1501[]: prevent Object from panicking on nils
• #1511[]: Fix a race condition in WithLazy.

Thanks to @​rabbbit, @​alshopov, @​jquirke, @​arukiidou for their contributions to this release.

#1501: uber-go/zap#1501 #1511: uber-go/zap#1511

Commits

• 7b755a3 release 1.27.1 (#1521)
• d6b395b Update lazy logger not to materialize unless it's being written to (#1519)
• 4b9cea0 ci: Test with Go 1.24, Go 1.25 (#1508)
• 7c80d7b Fix race condition in WithLazy implementation (#1426) (#1511)
• 07077a6 Prevent zap.Object from panicing on nils (#1501)
• a6afd05 Fix lint check name (#1502)
• 6d48253 chore: fix typo (#1482)
• 32f2ec1 Fix the field test for bool type (#1480)
• fe16eb5 Upgrade grpc in zapgrc test package & bump go version (#1478)
• 5f00c34 test(AtomicLevel): demonstrate Handler is not vulnerable to XSS (#1477)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: dependabot[bot]
Once this PR has been reviewed and has the lgtm label, please assign aliok for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[openshift-ci]

Hi @dependabot[bot]. Thanks for your PR.

I'm waiting for a openshift-knative member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.