deps: bump the all-go-minor-and-patch group across 1 directory with 26 updates by dependabot[bot] · Pull Request #4305 · Azure/azure-container-networking

dependabot · 2026-03-27T23:26:33Z

Bumps the all-go-minor-and-patch group with 18 updates in the / directory:

Package	From	To
github.com/Azure/azure-sdk-for-go/sdk/azcore	`1.19.1`	`1.21.0`
github.com/Azure/azure-sdk-for-go/sdk/azidentity	`1.13.0`	`1.13.1`
github.com/hashicorp/go-version	`1.7.0`	`1.8.0`
github.com/spf13/cobra	`1.10.1`	`1.10.2`
go.uber.org/zap	`1.27.0`	`1.27.1`
google.golang.org/grpc	`1.76.0`	`1.79.3`
google.golang.org/protobuf	`1.36.10`	`1.36.11`
k8s.io/api	`0.34.1`	`0.34.6`
k8s.io/apiextensions-apiserver	`0.34.1`	`0.34.6`
k8s.io/klog/v2	`2.130.1`	`2.140.0`
sigs.k8s.io/controller-runtime	`0.22.1`	`0.23.3`
github.com/labstack/echo/v4	`4.13.4`	`4.15.1`
github.com/prometheus/common	`0.67.1`	`0.67.5`
github.com/sirupsen/logrus	`1.9.3`	`1.9.4`
golang.org/x/time	`0.14.0`	`0.15.0`
github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v4	`4.7.0-beta.1`	`4.9.0-beta.1`
github.com/cilium/cilium	`1.16.17`	`1.19.2`
k8s.io/kubelet	`0.34.1`	`0.34.6`

Updates github.com/Azure/azure-sdk-for-go/sdk/azcore from 1.19.1 to 1.21.0

Release notes

Sourced from github.com/Azure/azure-sdk-for-go/sdk/azcore's releases.

sdk/azcore/v1.21.0

1.21.0 (2026-01-12)

Features Added

Added runtime/datetime package which provides specialized time type wrappers for serializing and deserializing time values in various formats used by Azure services.

Other Changes

Aligned cloud.AzureGovernment and cloud.AzureChina audience values with Azure CLI

Commits

f6309d4 Prep azcore@v1.21.0 for release (#25864)
d0a9819 Update SDK generation as completed when SDK pull request is linked to release...
aba8672 Configurations: 'specification/resourceconnector/resource-manager/Microsoft....
481e4ab Add some missing methods to the types in datetime (#25826)
35d6071 Skip unsafeptr check for storage SDKs (#25856)
5d68f66 add code (#25837)
944cd8d add code (#25836)
1191825 [Regeneration]sdk/resourcemanager/quota/armquota (#25835)
e1a9bfd add code (#25838)
1de7ac7 [Automation] Regenerate SDK based on typespec-go branch main (#25729)
Additional commits viewable in compare view

Updates github.com/Azure/azure-sdk-for-go/sdk/azidentity from 1.13.0 to 1.13.1

Commits

6bb9b03 azidentity v1.13.1 (#25574)
e18dbd7 Increment package version after release of azidentity (#25367)
4f0facc Prepare azidentity v1.13.0 for release (#25352)
2d8c98b Selecting ManagedIdentityCredential disables DefaultAzureCredential's IMDS pr...
67dd4fc Increment package version after release of azidentity (#25263)
1a74bc8 Prepare azidentity v1.12.0 for release (#25231)
839a355 Test IMDS managed identity with a remote VM (#25237)
c352be3 Sync eng/common directory with azure-sdk-tools for PR 11931 (#25243)
c994eca gofmt (#25234)
9c95d95 [Release] sdk/resourcemanager/computefleet/armcomputefleet/2.0.0-beta.1 gener...
Additional commits viewable in compare view

Updates github.com/hashicorp/go-version from 1.7.0 to 1.8.0

Release notes

Sourced from github.com/hashicorp/go-version's releases.

v1.8.0

What's Changed

Add CODEOWNERS file in .github/CODEOWNERS by @mukeshjc in hashicorp/go-version#145

Linting by @KaushikiAnand in hashicorp/go-version#151

Correct typos in comments by @alexandear in hashicorp/go-version#134

Migrate GitHub Actions updates from TSCCR to Dependabot by @nodyhub in hashicorp/go-version#155

Bump the github-actions-backward-compatible group with 2 updates by @dependabot[bot] in hashicorp/go-version#157

Update doc reference in README by @alexandear in hashicorp/go-version#135

Bump the github-actions-breaking group with 3 updates by @dependabot[bot] in hashicorp/go-version#156

[Compliance] - PR Template Changes Required by @compliance-pr-automation-bot[bot] in hashicorp/go-version#158

Add benchmark test for version.String() by @Manikkumar1988 in hashicorp/go-version#159

Bytes implementation by @Manikkumar1988 in hashicorp/go-version#161

Bump actions/cache from 4.2.3 to 4.2.4 in the github-actions-backward-compatible group by @dependabot[bot] in hashicorp/go-version#167

Bump actions/checkout from 4.2.2 to 5.0.0 in the github-actions-breaking group by @dependabot[bot] in hashicorp/go-version#166

Bump the github-actions-breaking group across 1 directory with 2 updates by @dependabot[bot] in hashicorp/go-version#171

[IND-4226] [COMPLIANCE] Update Copyright Headers by @oss-core-libraries-dashboard[bot] in hashicorp/go-version#172

drop init() by @florianl in hashicorp/go-version#175

New Contributors

@mukeshjc made their first contribution in hashicorp/go-version#145

@KaushikiAnand made their first contribution in hashicorp/go-version#151

@alexandear made their first contribution in hashicorp/go-version#134

@nodyhub made their first contribution in hashicorp/go-version#155

@compliance-pr-automation-bot[bot] made their first contribution in hashicorp/go-version#158

@Manikkumar1988 made their first contribution in hashicorp/go-version#159

@oss-core-libraries-dashboard[bot] made their first contribution in hashicorp/go-version#172

@florianl made their first contribution in hashicorp/go-version#175

Full Changelog: hashicorp/go-version@v1.7.0...v1.8.0

Changelog

Sourced from github.com/hashicorp/go-version's changelog.

1.8.0 (Nov 28, 2025)

ENHANCEMENTS:

Add benchmark test for version.String() in hashicorp/go-version#159

Bytes implementation in hashicorp/go-version#161

INTERNAL:

Add CODEOWNERS file in .github/CODEOWNERS in hashicorp/go-version#145

Linting in hashicorp/go-version#151

Correct typos in comments in hashicorp/go-version#134

Migrate GitHub Actions updates from TSCCR to Dependabot in hashicorp/go-version#155

Bump the github-actions-backward-compatible group with 2 updates in hashicorp/go-version#157

Update doc reference in README in hashicorp/go-version#135

Bump the github-actions-breaking group with 3 updates in hashicorp/go-version#156

[Compliance] - PR Template Changes Required in hashicorp/go-version#158

Bump actions/cache from 4.2.3 to 4.2.4 in the github-actions-backward-compatible group in hashicorp/go-version#167

Bump actions/checkout from 4.2.2 to 5.0.0 in the github-actions-breaking group in hashicorp/go-version#166

Bump the github-actions-breaking group across 1 directory with 2 updates in hashicorp/go-version#171

[IND-4226] [COMPLIANCE] Update Copyright Headers in hashicorp/go-version#172

drop init() in hashicorp/go-version#175

Commits

505335e Merge pull request #175 from florianl/drop-init
6dd734b drop init()
0824a89 Merge pull request #172 from hashicorp/compliance/update-headers
9325934 [COMPLIANCE] Update Copyright and License Headers
5b82b98 Bump the github-actions-breaking group across 1 directory with 2 updates (#171)
6c6cd77 Bump actions/checkout from 4.2.2 to 5.0.0 in the github-actions-breaking grou...
0e50733 Bump actions/cache from 4.2.3 to 4.2.4 in the github-actions-backward-compati...
4e24ef1 Bytes implementation (#161)
437649a Add benchmark test for version.String() (#159)
b6c4db5 Merge pull request #158 from hashicorp/compliance-template
Additional commits viewable in compare view

Updates github.com/spf13/cobra from 1.10.1 to 1.10.2

Release notes

Sourced from github.com/spf13/cobra's releases.

v1.10.2

🔧 Dependencies

chore: Migrate from gopkg.in/yaml.v3 to go.yaml.in/yaml/v3 by @dims in spf13/cobra#2336 - the gopkg.in/yaml.v3 package has been deprecated for some time: this should significantly cleanup dependency/supply-chains for consumers of spf13/cobra

📈 CI/CD

Fix linter and allow CI to pass by @marckhouzam in spf13/cobra#2327

fix: actions/setup-go v6 by @jpmcb in spf13/cobra#2337

🔥✍🏼 Docs

Add documentation for repeated flags functionality by @rvergis in spf13/cobra#2316

🍂 Refactors

refactor: replace several vars with consts by @htoyoda18 in spf13/cobra#2328

refactor: change minUsagePadding from var to const by @ssam18 in spf13/cobra#2325

🤗 New Contributors

@rvergis made their first contribution in spf13/cobra#2316

@htoyoda18 made their first contribution in spf13/cobra#2328

@ssam18 made their first contribution in spf13/cobra#2325

@dims made their first contribution in spf13/cobra#2336

Full Changelog: spf13/cobra@v1.10.1...v1.10.2

Thank you to our amazing contributors!!!!! 🐍 🚀

Commits

88b30ab chore: Migrate from gopkg.in/yaml.v3 to go.yaml.in/yaml/v3 (#2336)
346d408 fix: actions/setup-go v6 (#2337)
fc81d20 refactor: change minUsagePadding from var to const (#2325)
117698a refactor: replace several vars with consts (#2328)
e2dd29d Add documentation for repeated flags functionality (#2316)
0629892 Fix linter (#2327)
See full diff in compare view

Updates go.uber.org/zap from 1.27.0 to 1.27.1

Release notes

Sourced from go.uber.org/zap's releases.

v1.27.1

Enhancements:

#1501[]: prevent Object from panicking on nils

#1511[]: Fix a race condition in WithLazy.

Thanks to @rabbbit, @alshopov, @jquirke, @arukiidou for their contributions to this release.

#1501: uber-go/zap#1501 #1511: uber-go/zap#1511

Changelog

Sourced from go.uber.org/zap's changelog.

1.27.1 (19 Nov 2025)

Enhancements:

#1501[]: prevent Object from panicking on nils

#1511[]: Fix a race condition in WithLazy.

Thanks to @rabbbit, @alshopov, @jquirke, @arukiidou for their contributions to this release.

#1501: uber-go/zap#1501 #1511: uber-go/zap#1511

Commits

7b755a3 release 1.27.1 (#1521)
d6b395b Update lazy logger not to materialize unless it's being written to (#1519)
4b9cea0 ci: Test with Go 1.24, Go 1.25 (#1508)
7c80d7b Fix race condition in WithLazy implementation (#1426) (#1511)
07077a6 Prevent zap.Object from panicing on nils (#1501)
a6afd05 Fix lint check name (#1502)
6d48253 chore: fix typo (#1482)
32f2ec1 Fix the field test for bool type (#1480)
fe16eb5 Upgrade grpc in zapgrc test package & bump go version (#1478)
5f00c34 test(AtomicLevel): demonstrate Handler is not vulnerable to XSS (#1477)
Additional commits viewable in compare view

Updates golang.org/x/sys from 0.38.0 to 0.40.0

Commits

2f44229 sys/cpu: add symbolic constants for remaining cpuid bits
e5770d2 sys/cpu: use symbolic names for masks
714a44c sys/cpu: modify x86 port to match what internal/cpu does
08e5482 unix: fix out of bounds memory access in tests
4f4f1c6 Revert "cpu: add HPDS, LOR, PAN detection for arm64"
ca63116 unix: add IOCTL_MEI_* constants
a4199c0 unix: fix definition of Statvfs_t for netbsd-arm.
See full diff in compare view

Updates google.golang.org/grpc from 1.76.0 to 1.79.3

Release notes

Sourced from google.golang.org/grpc's releases.

Release 1.79.3

Security

server: fix an authorization bypass where malformed :path headers (missing the leading slash) could bypass path-based restricted "deny" rules in interceptors like grpc/authz. Any request with a non-canonical path is now immediately rejected with an Unimplemented error. (#8981)

Release 1.79.2

Bug Fixes

stats: Prevent redundant error logging in health/ORCA producers by skipping stats/tracing processing when no stats handler is configured. (grpc/grpc-go#8874)

Release 1.79.1

Bug Fixes

grpc: Remove the -dev suffix from the User-Agent header. (grpc/grpc-go#8902)

Release 1.79.0

API Changes

mem: Add experimental API SetDefaultBufferPool to change the default buffer pool. (#8806)

Special Thanks: @vanja-p

experimental/stats: Update MetricsRecorder to require embedding the new UnimplementedMetricsRecorder (a no-op struct) in all implementations for forward compatibility. (#8780)

Behavior Changes

balancer/weightedtarget: Remove handling of Addresses and only handle Endpoints in resolver updates. (#8841)

New Features

experimental/stats: Add support for asynchronous gauge metrics through the new AsyncMetricReporter and RegisterAsyncReporter APIs. (#8780)

pickfirst: Add support for weighted random shuffling of endpoints, as described in gRFC A113.

This is enabled by default, and can be turned off using the environment variable GRPC_EXPERIMENTAL_PF_WEIGHTED_SHUFFLING. (#8864)

xds: Implement :authority rewriting, as specified in gRFC A81. (#8779)

balancer/randomsubsetting: Implement the random_subsetting LB policy, as specified in gRFC A68. (#8650)

Special Thanks: @marek-szews

Bug Fixes

credentials/tls: Fix a bug where the port was not stripped from the authority override before validation. (#8726)

Special Thanks: @Atul1710

xds/priority: Fix a bug causing delayed failover to lower-priority clusters when a higher-priority cluster is stuck in CONNECTING state. (#8813)

health: Fix a bug where health checks failed for clients using legacy compression options (WithDecompressor or RPCDecompressor). (#8765)

Special Thanks: @sanki92

transport: Fix an issue where the HTTP/2 server could skip header size checks when terminating a stream early. (#8769)

Special Thanks: @joybestourous

server: Propagate status detail headers, if available, when terminating a stream during request header processing. (#8754)

Special Thanks: @joybestourous

Performance Improvements

credentials/alts: Optimize read buffer alignment to reduce copies. (#8791)

mem: Optimize pooling and creation of buffer objects. (#8784)

transport: Reduce slice re-allocations by reserving slice capacity. (#8797)

... (truncated)

Commits

dda86db Change version to 1.79.3 (#8983)
72186f1 grpc: enforce strict path checking for incoming requests on the server (#8981)
97ca352 Changing version to 1.79.3-dev (#8954)
8902ab6 Change the version to release 1.79.2 (#8947)
a928670 Cherry-pick #8874 to v1.79.x (#8904)
06df363 Change version to 1.79.2-dev (#8903)
782f2de Change version to 1.79.1 (#8902)
850eccb Change version to 1.79.1-dev (#8851)
765ff05 Change version to 1.79.0 (#8850)
68804be Cherry pick #8864 to v1.79.x (#8896)
Additional commits viewable in compare view

Updates google.golang.org/protobuf from 1.36.10 to 1.36.11

Updates k8s.io/api from 0.34.1 to 0.34.6

Commits

ca6c46f Update dependencies to v0.34.6 tag
See full diff in compare view

Updates k8s.io/apiextensions-apiserver from 0.34.1 to 0.34.6

Commits

2b14339 Update dependencies to v0.34.6 tag
16981f4 Merge pull request #136386vikasbolla/automated-cherry-pick-of-#135567
f2218fa Merge pull request #136142 from shwetha-s-poojary/automated-cherry-pick-of-#1...
56824a3 Fix flaky TestApplyCRDuringCRDFinalization test
1ef066b Fixes the flaky test (Issue #132953)
a7769a6 Merge pull request #135363fusida/automated-cherry-pick-of-#133721
6db0a2d fix panic for the crd with status subresource but lose openAPIV3Schema fileds
See full diff in compare view

Updates k8s.io/apimachinery from 0.34.1 to 0.34.6

Commits

See full diff in compare view

Updates k8s.io/client-go from 0.34.1 to 0.34.6

Commits

2ca4863 Update dependencies to v0.34.6 tag
3a88ce1 Merge pull request #135716p0lyn0mial/automated-cherry-pick-of-#135591
c80976c downgrade reflector watchlist fallback log to V(4)
ab04e77 Merge pull request #135592serathius/automated-cherry-pick-of-#135580
25da701 Use transformer in consistency checker
0c76ee5 Add unit tests for Data Consistency Detector
cc3d9d0 Embed proper interface in TransformingStore to ensure DeltaFIFO and RealFIFO ...
1bb1ad2 Merge pull request #134589liggitt/automated-cherry-pick-of-#134588
2505205 Remove invalid SAN certificate construction
7ffba0f Merge pull request #134004DerekFrank/automated-cherry-pick-of-#133573
Additional commits viewable in compare view

Updates k8s.io/klog/v2 from 2.130.1 to 2.140.0

Release notes

Sourced from k8s.io/klog/v2's releases.

Prepare klog release for Kubernetes v1.36

What's Changed

Add dependabot by @lucacome in kubernetes/klog#410

Use strconv.AppendQuote instead of strconv.Quote for message formatting by @astef in kubernetes/klog#413

de-duplication of key/value pairs by @pohly in kubernetes/klog#415

Fix: Ensure constant format strings in fmt and printf calls by @mikelolasagasti in kubernetes/klog#417

Remove old note on Go version requirements by @guettli in kubernetes/klog#425

test with 1.24 and 1.25 by @pohly in kubernetes/klog#428

ktesting: fix vmodule support by @pohly in kubernetes/klog#431

ktesting: support multi-line result from AnyToStringHook by @pohly in kubernetes/klog#433

textlogger: optionally turn off header by @pohly in kubernetes/klog#430

feat: fix stderrthreshold not honored when logtostderr is set (#212) + two new flags by @pierluigilenoci in kubernetes/klog#432

New Contributors

@lucacome made their first contribution in kubernetes/klog#410

@astef made their first contribution in kubernetes/klog#413

@mikelolasagasti made their first contribution in kubernetes/klog#417

@guettli made their first contribution in kubernetes/klog#425

@pierluigilenoci made their first contribution in kubernetes/klog#432

Full Changelog: kubernetes/klog@v2.130.1...v2.140.0

Commits

ef4b370 Merge pull request #432 from pierluigilenoci/fix/stderr-threshold-issue-212
39c4c76 refactor: address code review feedback from @pohly
764a9a3 Merge pull request #430 from pohly/textlogger-optional-header
015c613 Update stderr_threshold_test.go
2f517bd Update klog.go
36bc4ff textlogger: optionally turn off header
5f1f303 Merge pull request #433 from pohly/textlogger-hook-result
c469d41 Merge pull request #431 from pohly/ktesting-vmodule-fix
8509d6a ktesting: support multi-line result from AnyToStringHook
08e6e8b Fix stderrthreshold not honored when logtostderr is set
Additional commits viewable in compare view

Updates sigs.k8s.io/controller-runtime from 0.22.1 to 0.23.3

Release notes

Sourced from sigs.k8s.io/controller-runtime's releases.

v0.23.3

What's Changed

🐛 Ensure DefaulterRemoveUnknownOrOmitableFields is still working even if objects are equal by @k8s-infra-cherrypick-robot in kubernetes-sigs/controller-runtime#3469

Full Changelog: kubernetes-sigs/controller-runtime@v0.23.2...v0.23.3

v0.23.2

What's Changed

🐛 Fix fake client's SSA status patch resource version check by @k8s-infra-cherrypick-robot in kubernetes-sigs/controller-runtime#3446

✨ Reduce memory usage of default webhooks by @k8s-infra-cherrypick-robot in kubernetes-sigs/controller-runtime#3467

Full Changelog: kubernetes-sigs/controller-runtime@v0.23.1...v0.23.2

v0.23.1

What's Changed

🐛 Cache reader: Wait for cache sync when ReaderFailOnMissingInformer is true by @k8s-infra-cherrypick-robot in kubernetes-sigs/controller-runtime#3433

🐛 Fix panic when using CRs with embedded pointer structs by @k8s-infra-cherrypick-robot in kubernetes-sigs/controller-runtime#3436

🌱 Test cache reader waits for cache sync by @k8s-infra-cherrypick-robot in kubernetes-sigs/controller-runtime#3438

🐛 Fakeclient: Fix status apply if existing object has managedFields set by @k8s-infra-cherrypick-robot in kubernetes-sigs/controller-runtime#3437

Full Changelog: kubernetes-sigs/controller-runtime@v0.23.0...v0.23.1

v0.23.0

🔆 Highlights

Client: Add subresource Apply support by @alvaroaleman in kubernetes-sigs/controller-runtime#3321

Conversion: Enable implementation of conversion outside of API packages by @sbueringer in kubernetes-sigs/controller-runtime#3335

Priorityqueue: Various improvements, bug fixes and now enabled per default

Webhooks: Generic Validator and Defaulter by @alvaroaleman in kubernetes-sigs/controller-runtime#3360

⚠️ Breaking changes

Dependencies: Update to k8s.io/* v1.35 by @alvaroaleman @dongjiang1989 @kannon92 (#3316, #3349, #3386, #3391, #3401)

Client: Add subresource Apply support by @alvaroaleman in kubernetes-sigs/controller-runtime#3321

Events: Migration to the new events API by @clebs in kubernetes-sigs/controller-runtime#3262

Using the new GetEventRecorderFor requires updating your rbac for events to use the events.k8s.io apiGroup rather than the `` (core) apiGroup

Fakeclient: Set ResourceVersion for SSA Create by @alvaroaleman in kubernetes-sigs/controller-runtime#3311

Webhooks: Generic Validator and Defaulter by @alvaroaleman in kubernetes-sigs/controller-runtime#3360

Existing code of the form builder.WebhookManagedBy(mgr).For(&corev1.Deployment{}) has to be changed to builder.WebhookManagedBy(mgr, &appsv1.Deployment{})

Existing webhook implementations have to be changed to take the concrete object rather than runtime.Object, for example from ValidateCreate(ctx context.Context, obj runtime.Object) (admission.Warnings, error) to ValidateCreate(ctx context.Context, obj *appsv1.Deployment) (admission.Warnings, error)

✨ Features

Cache: Allow fine-granular SyncPeriod configuration by @sbueringer in kubernetes-sigs/controller-runtime#3376

Client: Add FieldOwner option to client.Options by @aerfio in kubernetes-sigs/controller-runtime#3389

Client: Add FieldValidation option to client.Options by @aerfio in kubernetes-sigs/controller-runtime#3393

... (truncated)

Commits

f9589b9 Merge pull request #3469 from k8s-infra-cherrypick-robot/cherry-pick-3468-to-...
25615ad Ensure DefaulterRemoveUnknownOrOmitableFields is still working even if object...
8122a62 Merge pull request #3467 from k8s-infra-cherrypick-robot/cherry-pick-3463-to-...
35093c6 Reduce memory usage of default webhooks
4dbfa5c [release-0.23] 🐛 Fix fake client's SSA status patch resource version check (#...
f52bbb8 Merge pull request #3437 from k8s-infra-cherrypick-robot/cherry-pick-3430-to-...
4f41337 Merge pull request #3438 from k8s-infra-cherrypick-robot/cherry-pick-3434-to-...
e29a1b9 seedling: Test cache reader waits for cache sync
83c8dc3 bug: Fakeclient: Fix status apply if existing object has managedFields set
bf6bcd5 Merge pull request #3436 from k8s-infra-cherrypick-robot/cherry-pick-3431-to-...
Additional commits viewable in compare view

Updates github.com/labstack/echo/v4 from 4.13.4 to 4.15.1

Release notes

Sourced from github.com/labstack/echo/v4's releases.

v4.15.0

Security

WARNING: If your application relies on cross-origin or same-site (same subdomain) requests do not blindly push this version to production

The CSRF middleware now supports the Sec-Fetch-Site header as a modern, defense-in-depth approach to CSRF protection, implementing the OWASP-recommended Fetch Metadata API alongside the traditional token-based mechanism.

How it works:

Modern browsers automatically send the Sec-Fetch-Site header with all requests, indicating the relationship between the request origin and the target. The middleware uses this to make security decisions:

same-origin or none: Requests are allowed (exact origin match or direct user navigation)

same-site: Falls back to token validation (e.g., subdomain to main domain)

cross-site: Blocked by default with 403 error for unsafe methods (POST, PUT, DELETE, PATCH)

For browsers that don't send this header (older browsers), the middleware seamlessly falls back to traditional token-based CSRF protection.

New Configuration Options:

TrustedOrigins []string: Allowlist specific origins for cross-site requests (useful for OAuth callbacks, webhooks)

AllowSecFetchSiteFunc func(echo.Context) (bool, error): Custom logic for same-site/cross-site request validation

Example:
e.Use(middleware.CSRFWithConfig(middleware.CSRFConfig{
    // Allow OAuth callbacks from trusted provider
    TrustedOrigins: []string{"https://oauth-provider.com"},
// Custom validation for same-site requests
AllowSecFetchSiteFunc: func(c echo.Context) (bool, error) {
    // Your custom authorization logic here
    return validateCustomAuth(c), nil
    // return true, err  // blocks request with error
    // return true, nil  // allows CSRF request through
    // return false, nil // falls back to legacy token logic
},

}))
PR: labstack/echo#2858

Type-Safe Generic Parameter Binding

Added generic functions for type-safe parameter extraction and context access by @aldas in labstack/echo#2856

Echo now provides generic functions for extracting path, query, and form parameters with automatic type conversion, eliminating manual string parsing and type assertions.

... (truncated)

Changelog

Sourced from github.com/labstack/echo/v4's changelog.

Changelog

v5.0.4 - 2026-02-15

Enhancements

Remove unused import 'errors' from README example by @kumapower17 in labstack/echo#2889

Fix Graceful shutdown: after http.Server.Serve returns we need to wait for graceful shutdown goroutine to finish by @aldas in labstack/echo#2898

Update location of oapi-codegen in README by @mromaszewicz in labstack/echo#2896

Add Go 1.26 to CI flow by @aldas in labstack/echo#2899

Add new function echo.StatusCode by @suwakei in labstack/echo#2892

CSRF: support older token-based CSRF protection handler that want to render token into template by @aldas in labstack/echo#2894

Add echo.ResolveResponseStatus function to help middleware/handlers determine HTTP status code and echo.Response by @aldas in labstack/echo#2900

v5.0.3 - 2026-02-06

Security

Fix directory traversal vulnerability under Windows in Static middleware when default Echo filesystem is used. Reported by @shblue21.

This applies to cases when:<...
Description has been truncated

dependabot · 2026-03-27T23:26:34Z

Labels

The following labels could not be found: release/1.7. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

jpayne3506 · 2026-03-27T23:37:47Z

go.mod

 module github.com/Azure/azure-container-networking

-go 1.24.1
+go 1.25.0


Needs to be paired with dockerfile update

Bumps the all-go-minor-and-patch group with 26 updates: | Package | From | To | | --- | --- | --- | | [github.com/Azure/azure-sdk-for-go/sdk/azcore](https://github.com/Azure/azure-sdk-for-go) | `1.19.1` | `1.21.0` | | [github.com/Azure/azure-sdk-for-go/sdk/azidentity](https://github.com/Azure/azure-sdk-for-go) | `1.13.0` | `1.13.1` | | [github.com/hashicorp/go-version](https://github.com/hashicorp/go-version) | `1.7.0` | `1.8.0` | | [github.com/spf13/cobra](https://github.com/spf13/cobra) | `1.10.1` | `1.10.2` | | [go.uber.org/zap](https://github.com/uber-go/zap) | `1.27.0` | `1.27.1` | | [golang.org/x/sys](https://github.com/golang/sys) | `0.38.0` | `0.40.0` | | [google.golang.org/grpc](https://github.com/grpc/grpc-go) | `1.76.0` | `1.79.3` | | google.golang.org/protobuf | `1.36.10` | `1.36.11` | | [k8s.io/api](https://github.com/kubernetes/api) | `0.34.1` | `0.34.6` | | [k8s.io/apiextensions-apiserver](https://github.com/kubernetes/apiextensions-apiserver) | `0.34.1` | `0.34.6` | | [k8s.io/apimachinery](https://github.com/kubernetes/apimachinery) | `0.34.1` | `0.34.6` | | [k8s.io/client-go](https://github.com/kubernetes/client-go) | `0.34.1` | `0.34.6` | | [k8s.io/klog/v2](https://github.com/kubernetes/klog) | `2.130.1` | `2.140.0` | | [sigs.k8s.io/controller-runtime](https://github.com/kubernetes-sigs/controller-runtime) | `0.22.1` | `0.23.3` | | [github.com/labstack/echo/v4](https://github.com/labstack/echo) | `4.13.4` | `4.15.1` | | [github.com/prometheus/common](https://github.com/prometheus/common) | `0.67.1` | `0.67.5` | | [github.com/sirupsen/logrus](https://github.com/sirupsen/logrus) | `1.9.3` | `1.9.4` | | [golang.org/x/crypto](https://github.com/golang/crypto) | `0.45.0` | `0.47.0` | | [golang.org/x/net](https://github.com/golang/net) | `0.47.0` | `0.49.0` | | [golang.org/x/time](https://github.com/golang/time) | `0.14.0` | `0.15.0` | | [github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v4](https://github.com/Azure/azure-sdk-for-go) | `4.7.0-beta.1` | `4.9.0-beta.1` | | [github.com/cilium/cilium](https://github.com/cilium/cilium) | `1.16.17` | `1.19.2` | | [github.com/cilium/ebpf](https://github.com/cilium/ebpf) | `0.19.0` | `0.20.1-0.20260218191617-ee67e7f43dd9` | | [golang.org/x/sync](https://github.com/golang/sync) | `0.18.0` | `0.19.0` | | [k8s.io/kubectl](https://github.com/kubernetes/kubectl) | `0.34.1` | `0.35.2` | | [k8s.io/kubelet](https://github.com/kubernetes/kubelet) | `0.34.1` | `0.34.6` | Updates `github.com/Azure/azure-sdk-for-go/sdk/azcore` from 1.19.1 to 1.21.0 - [Release notes](https://github.com/Azure/azure-sdk-for-go/releases) - [Commits](Azure/azure-sdk-for-go@sdk/azcore/v1.19.1...sdk/azcore/v1.21.0) Updates `github.com/Azure/azure-sdk-for-go/sdk/azidentity` from 1.13.0 to 1.13.1 - [Release notes](https://github.com/Azure/azure-sdk-for-go/releases) - [Commits](Azure/azure-sdk-for-go@sdk/azcore/v1.13.0...sdk/azidentity/v1.13.1) Updates `github.com/hashicorp/go-version` from 1.7.0 to 1.8.0 - [Release notes](https://github.com/hashicorp/go-version/releases) - [Changelog](https://github.com/hashicorp/go-version/blob/main/CHANGELOG.md) - [Commits](hashicorp/go-version@v1.7.0...v1.8.0) Updates `github.com/spf13/cobra` from 1.10.1 to 1.10.2 - [Release notes](https://github.com/spf13/cobra/releases) - [Commits](spf13/cobra@v1.10.1...v1.10.2) Updates `go.uber.org/zap` from 1.27.0 to 1.27.1 - [Release notes](https://github.com/uber-go/zap/releases) - [Changelog](https://github.com/uber-go/zap/blob/master/CHANGELOG.md) - [Commits](uber-go/zap@v1.27.0...v1.27.1) Updates `golang.org/x/sys` from 0.38.0 to 0.40.0 - [Commits](golang/sys@v0.38.0...v0.40.0) Updates `google.golang.org/grpc` from 1.76.0 to 1.79.3 - [Release notes](https://github.com/grpc/grpc-go/releases) - [Commits](grpc/grpc-go@v1.76.0...v1.79.3) Updates `google.golang.org/protobuf` from 1.36.10 to 1.36.11 Updates `k8s.io/api` from 0.34.1 to 0.34.6 - [Commits](kubernetes/api@v0.34.1...v0.34.6) Updates `k8s.io/apiextensions-apiserver` from 0.34.1 to 0.34.6 - [Release notes](https://github.com/kubernetes/apiextensions-apiserver/releases) - [Commits](kubernetes/apiextensions-apiserver@v0.34.1...v0.34.6) Updates `k8s.io/apimachinery` from 0.34.1 to 0.34.6 - [Commits](kubernetes/apimachinery@v0.34.1...v0.34.6) Updates `k8s.io/client-go` from 0.34.1 to 0.34.6 - [Changelog](https://github.com/kubernetes/client-go/blob/master/CHANGELOG.md) - [Commits](kubernetes/client-go@v0.34.1...v0.34.6) Updates `k8s.io/klog/v2` from 2.130.1 to 2.140.0 - [Release notes](https://github.com/kubernetes/klog/releases) - [Changelog](https://github.com/kubernetes/klog/blob/main/RELEASE.md) - [Commits](kubernetes/klog@v2.130.1...2.140.0) Updates `sigs.k8s.io/controller-runtime` from 0.22.1 to 0.23.3 - [Release notes](https://github.com/kubernetes-sigs/controller-runtime/releases) - [Changelog](https://github.com/kubernetes-sigs/controller-runtime/blob/main/RELEASE.md) - [Commits](kubernetes-sigs/controller-runtime@v0.22.1...v0.23.3) Updates `github.com/labstack/echo/v4` from 4.13.4 to 4.15.1 - [Release notes](https://github.com/labstack/echo/releases) - [Changelog](https://github.com/labstack/echo/blob/master/CHANGELOG.md) - [Commits](labstack/echo@v4.13.4...v4.15.1) Updates `github.com/prometheus/common` from 0.67.1 to 0.67.5 - [Release notes](https://github.com/prometheus/common/releases) - [Changelog](https://github.com/prometheus/common/blob/main/CHANGELOG.md) - [Commits](prometheus/common@v0.67.1...v0.67.5) Updates `github.com/sirupsen/logrus` from 1.9.3 to 1.9.4 - [Release notes](https://github.com/sirupsen/logrus/releases) - [Changelog](https://github.com/sirupsen/logrus/blob/master/CHANGELOG.md) - [Commits](sirupsen/logrus@v1.9.3...v1.9.4) Updates `golang.org/x/crypto` from 0.45.0 to 0.47.0 - [Commits](golang/crypto@v0.45.0...v0.47.0) Updates `golang.org/x/net` from 0.47.0 to 0.49.0 - [Commits](golang/net@v0.47.0...v0.49.0) Updates `golang.org/x/time` from 0.14.0 to 0.15.0 - [Commits](golang/time@v0.14.0...v0.15.0) Updates `github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v4` from 4.7.0-beta.1 to 4.9.0-beta.1 - [Release notes](https://github.com/Azure/azure-sdk-for-go/releases) - [Commits](Azure/azure-sdk-for-go@sdk/resourcemanager/containerservice/armcontainerservice/v4.7.0-beta.1...sdk/resourcemanager/containerservice/armcontainerservice/v4.9.0-beta.1) Updates `github.com/cilium/cilium` from 1.16.17 to 1.19.2 - [Release notes](https://github.com/cilium/cilium/releases) - [Changelog](https://github.com/cilium/cilium/blob/1.19.2/CHANGELOG.md) - [Commits](cilium/cilium@1.16.17...1.19.2) Updates `github.com/cilium/ebpf` from 0.19.0 to 0.20.1-0.20260218191617-ee67e7f43dd9 - [Release notes](https://github.com/cilium/ebpf/releases) - [Commits](https://github.com/cilium/ebpf/commits) Updates `golang.org/x/sync` from 0.18.0 to 0.19.0 - [Commits](golang/sync@v0.18.0...v0.19.0) Updates `k8s.io/kubectl` from 0.34.1 to 0.35.2 - [Commits](kubernetes/kubectl@v0.34.1...v0.35.2) Updates `k8s.io/kubelet` from 0.34.1 to 0.34.6 - [Commits](kubernetes/kubelet@v0.34.1...v0.34.6) --- updated-dependencies: - dependency-name: github.com/Azure/azure-sdk-for-go/sdk/azcore dependency-version: 1.21.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all-go-minor-and-patch - dependency-name: github.com/Azure/azure-sdk-for-go/sdk/azidentity dependency-version: 1.13.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all-go-minor-and-patch - dependency-name: github.com/hashicorp/go-version dependency-version: 1.8.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all-go-minor-and-patch - dependency-name: github.com/spf13/cobra dependency-version: 1.10.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all-go-minor-and-patch - dependency-name: go.uber.org/zap dependency-version: 1.27.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all-go-minor-and-patch - dependency-name: golang.org/x/sys dependency-version: 0.40.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all-go-minor-and-patch - dependency-name: google.golang.org/grpc dependency-version: 1.79.3 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all-go-minor-and-patch - dependency-name: google.golang.org/protobuf dependency-version: 1.36.11 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all-go-minor-and-patch - dependency-name: k8s.io/api dependency-version: 0.34.6 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all-go-minor-and-patch - dependency-name: k8s.io/apiextensions-apiserver dependency-version: 0.34.6 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all-go-minor-and-patch - dependency-name: k8s.io/apimachinery dependency-version: 0.34.6 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all-go-minor-and-patch - dependency-name: k8s.io/client-go dependency-version: 0.34.6 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all-go-minor-and-patch - dependency-name: k8s.io/klog/v2 dependency-version: 2.140.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all-go-minor-and-patch - dependency-name: sigs.k8s.io/controller-runtime dependency-version: 0.23.3 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all-go-minor-and-patch - dependency-name: github.com/labstack/echo/v4 dependency-version: 4.15.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all-go-minor-and-patch - dependency-name: github.com/prometheus/common dependency-version: 0.67.5 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all-go-minor-and-patch - dependency-name: github.com/sirupsen/logrus dependency-version: 1.9.4 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all-go-minor-and-patch - dependency-name: golang.org/x/crypto dependency-version: 0.47.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all-go-minor-and-patch - dependency-name: golang.org/x/net dependency-version: 0.49.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all-go-minor-and-patch - dependency-name: golang.org/x/time dependency-version: 0.15.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all-go-minor-and-patch - dependency-name: github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v4 dependency-version: 4.9.0-beta.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all-go-minor-and-patch - dependency-name: github.com/cilium/cilium dependency-version: 1.19.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all-go-minor-and-patch - dependency-name: github.com/cilium/ebpf dependency-version: 0.20.1-0.20260218191617-ee67e7f43dd9 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all-go-minor-and-patch - dependency-name: golang.org/x/sync dependency-version: 0.19.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all-go-minor-and-patch - dependency-name: k8s.io/kubectl dependency-version: 0.35.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all-go-minor-and-patch - dependency-name: k8s.io/kubelet dependency-version: 0.34.6 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all-go-minor-and-patch ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot bot added the dependencies Dependencies only. label Mar 27, 2026

dependabot bot requested a review from a team as a code owner March 27, 2026 23:26

dependabot bot requested a review from alam-tahmid March 27, 2026 23:26

dependabot bot added the dependencies Dependencies only. label Mar 27, 2026

jpayne3506 added the release/1.7 Change affects v1.7 release train label Mar 27, 2026

jpayne3506 requested changes Mar 27, 2026

View reviewed changes

dependabot bot changed the title ~~deps: bump the all-go-minor-and-patch group with 26 updates~~ deps: bump the all-go-minor-and-patch group across 1 directory with 26 updates Mar 30, 2026

dependabot bot force-pushed the dependabot/go_modules/release/v1.7/all-go-minor-and-patch-9148186b49 branch from dae10d3 to d31fe45 Compare March 30, 2026 10:41

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

deps: bump the all-go-minor-and-patch group across 1 directory with 26 updates#4305

deps: bump the all-go-minor-and-patch group across 1 directory with 26 updates#4305
dependabot[bot] wants to merge 1 commit intorelease/v1.7from
dependabot/go_modules/release/v1.7/all-go-minor-and-patch-9148186b49

dependabot bot commented on behalf of github Mar 27, 2026 •

edited

Loading

Uh oh!

dependabot bot commented on behalf of github Mar 27, 2026

Uh oh!

jpayne3506 Mar 27, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Conversation

dependabot bot commented on behalf of github Mar 27, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

sdk/azcore/v1.21.0

1.21.0 (2026-01-12)

Features Added

Other Changes

v1.8.0

What's Changed

New Contributors

1.8.0 (Nov 28, 2025)

v1.10.2

🔧 Dependencies

📈 CI/CD

🔥✍🏼 Docs

🍂 Refactors

🤗 New Contributors

v1.27.1

1.27.1 (19 Nov 2025)

Release 1.79.3

Security

Release 1.79.2

Bug Fixes

Release 1.79.1

Bug Fixes

Release 1.79.0

API Changes

Behavior Changes

New Features

Bug Fixes

Performance Improvements

Prepare klog release for Kubernetes v1.36

What's Changed

New Contributors

v0.23.3

What's Changed

v0.23.2

What's Changed

v0.23.1

What's Changed

v0.23.0

🔆 Highlights

⚠️ Breaking changes

✨ Features

v4.15.0

Changelog

v5.0.4 - 2026-02-15

v5.0.3 - 2026-02-06

Uh oh!

dependabot bot commented on behalf of github Mar 27, 2026

Labels

Uh oh!

jpayne3506 Mar 27, 2026

Choose a reason for hiding this comment

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

dependabot bot commented on behalf of github Mar 27, 2026 •

edited

Loading