fix(deps): update all non-major dependencies

[renovate]

Note: This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Type	Update	Change	Age	Confidence
actions/cache	action	minor	v4.2.4 → v4.3.0
actions/checkout (changelog)	action	digest	11bd719 → 34e1148
actions/checkout	action	minor	v4.2.2 → v4.3.1
actions/dependency-review-action	action	minor	v4.5.0 → v4.8.2
actions/setup-go (changelog)	action	digest	93397be → 7b8cf10
dario.cat/mergo	require	patch	v1.0.1 → v1.0.2
docker/login-action (changelog)	action	digest	9780b0c → 5e57cd1
docker/setup-qemu-action (changelog)	action	digest	49b3bc8 → c7c5346
github.com/knadh/koanf/v2	require	minor	v2.1.2 → v2.3.0
github.com/stretchr/testify	require	minor	v1.9.0 → v1.11.1
github/codeql-action	action	minor	v2.27.4 → v2.28.1
github/codeql-action (changelog)	action	digest	5b62e7a → b8d3b6e
go (source)	toolchain	minor	1.23.3 → 1.25.5
golangci/golangci-lint-action	action	minor	v6.1.1 → v6.5.2
k8s.io/apimachinery	require	minor	v0.31.2 → v0.35.0
k8s.io/kube-openapi	require	digest	32ad38e → 4e65d59
ossf/scorecard-action	action	patch	v2.4.0 → v2.4.3
renovate/renovate	docker	digest	213766a → d3ab0e5
sigs.k8s.io/kustomize/kyaml	require	minor	v0.18.1 → v0.21.0
step-security/harden-runner	action	minor	v2.10.1 → v2.14.0
ubuntu	final	digest	278628f → c35e29c

---

Release Notes

actions/cache (actions/cache)

v4.3.0

Compare Source

What's Changed

• Add note on runner versions by @​GhadimiR in #​1642
• Prepare v4.3.0 release by @​Link- in #​1655

New Contributors

• @​GhadimiR made their first contribution in #​1642

Full Changelog: actions/cache@v4...v4.3.0

actions/checkout (actions/checkout)

v4.3.1

Compare Source

What's Changed

• Port v6 cleanup to v4 by @​ericsciple in #​2305

Full Changelog: actions/checkout@v4...v4.3.1

v4.3.0

Compare Source

What's Changed

• docs: update README.md by @​motss in #​1971
• Add internal repos for checking out multiple repositories by @​mouismail in #​1977
• Documentation update - add recommended permissions to Readme by @​benwells in #​2043
• Adjust positioning of user email note and permissions heading by @​joshmgross in #​2044
• Update README.md by @​nebuk89 in #​2194
• Update CODEOWNERS for actions by @​TingluoHuang in #​2224
• Update package dependencies by @​salmanmkc in #​2236
• Prepare release v4.3.0 by @​salmanmkc in #​2237

New Contributors

• @​motss made their first contribution in #​1971
• @​mouismail made their first contribution in #​1977
• @​benwells made their first contribution in #​2043
• @​nebuk89 made their first contribution in #​2194
• @​salmanmkc made their first contribution in #​2236

Full Changelog: actions/checkout@v4...v4.3.0

actions/dependency-review-action (actions/dependency-review-action)

v4.8.2

Compare Source

Minor fixes:

• Fix PURL parsing for scoped packages (#​1008 from @​danielhardej)
• Fix for large summaries (#​1007 from @​gitulisca)
• README includes a working example for allow-dependencies-licenses (#​1009 from @​danielhardej)

v4.8.1: Dependency Review Action v4.8.1

Compare Source

What's Changed

• (bug) Fix spamming link test in deprecation warning (again) by @​ahpook in #​1000
• Bump version for 4.8.1 release by @​ahpook in #​1001

Full Changelog: actions/dependency-review-action@v4...v4.8.1

v4.8.0

Compare Source

What's Changed

• Make Ruby Code Scannable by @​ljones140 in #​978
• Batch some contributions for release by @​brrygrdn in #​986
  • Make license lists collapsable by @​jasperkamerling
  • feat: add large summary handling with artifact upload by @​MattMencel

New Contributors

• @​ljones140 made their first contribution in #​978
• @​jasperkamerling made their first contribution in #​986
• @​MattMencel made their first contribution in #​986

Full Changelog: actions/dependency-review-action@v4...v4.8.0

v4.7.4

Compare Source

v4.7.3: 4.7.3

Compare Source

What's Changed

• Add explicit permissions to workflow files by @​AshelyTC in #​966
• Claire153/fix spamming mentioned issue by @​claire153 in #​974

Full Changelog: actions/dependency-review-action@v4...v4.7.3

v4.7.2: 4.7.2

Compare Source

What's Changed

• Add Missing Languages to CodeQL Advanced Configuration by @​KyFaSt in #​945
• Deprecate deny lists by @​claire153 in #​958
• Address discrepancy between docs and reality by @​ahpook in #​960

New Contributors

• @​KyFaSt made their first contribution in #​945
• @​claire153 made their first contribution in #​958
• @​ahpook made their first contribution in #​960

Full Changelog: actions/dependency-review-action@v4...v4.7.2

v4.7.1

Compare Source

• Packages added to allow-dependencies-licenses will be allowed even if the package in question has no license information #​889
• License expressions (e.g. Ruby OR GPL-2.0) in the allow list are automatically discarded so that they don't invalidate the whole allow list, which should just be license identifier (e.g. Ruby)

v4.7.0

Compare Source

• Handle complex license expressions (e.g. MIT AND GPL-2.0) in allow lists (fixes #​809 and probably others)
• Replace OTHER in package licenses with LicenseRef-clearlydefined-OTHER so that parsing passes

v4.6.0

Compare Source

What's Changed

• Updating multiple dependency versions by @​Ahmed3lmallah in #​870
• Grouping minor and patch dependabot updates to lessen the number of PRs by @​Ahmed3lmallah in #​876
• Bump actions/stale from 9.0.0 to 9.1.0 by @​dependabot in #​878
• Bump undici from 5.28.4 to 5.28.5 by @​dependabot in #​877
• DR Action should link to the proxima stamp when appropriate in error messages by @​AshelyTC in #​891
• Allow deny package removal by @​ellenfieldn in #​888
• Fix typos by @​omahs in #​893
• Bump esbuild from 0.19.5 to 0.25.0 by @​dependabot in #​900
• Bump octokit and related dependencies by @​RomanIakovlev in #​904
• Bump @​babel/helpers from 7.23.2 to 7.26.10 by @​dependabot in #​905
• Bump @​octokit/plugin-paginate-rest from 9.1.5 to 9.2.2 by @​dependabot in #​899
• Update transitive dependency spdx-license-ids by @​ailox in #​855
• To not print OpenSSF Scorecard section if no dependencies scanned by @​fabasoad in #​884
• Improve usage of this action in dependency-review.yml by @​fabasoad in #​883
• Clarify comment-summary-in-pr behaviour by @​Pantelis-Santorinios in #​902
• Prepare 4.6.0 Release candidate by @​brrygrdn in #​910

New Contributors

• @​AshelyTC made their first contribution in #​891
• @​ellenfieldn made their first contribution in #​888
• @​omahs made their first contribution in #​893
• @​RomanIakovlev made their first contribution in #​904
• @​ailox made their first contribution in #​855
• @​fabasoad made their first contribution in #​884
• @​Pantelis-Santorinios made their first contribution in #​902
• @​brrygrdn made their first contribution in #​910

Full Changelog: actions/dependency-review-action@v4.5.0...v4.6.0

imdario/mergo (dario.cat/mergo)

v1.0.2

Compare Source

What's Changed

• Drops gopkg.in/yaml.v3, only used for loading fixtures. Thanks @​trim21 for bringing to my attention (#​262) that this library is no longer maintained.

Full Changelog: darccio/mergo@v1.0.1...v1.0.2

knadh/koanf (github.com/knadh/koanf/v2)

v2.3.0

Compare Source

What's Changed

• feat: add provider for kiln by @​Thunderbottom in #​369
• Fix rendering of header and add it to the table of contents by @​remyzandwijk in #​373
• Bump github.com/go-viper/mapstructure/v2 from 2.0.0-alpha.1 to 2.4.0 in /examples by @​dependabot[bot] in #​375
• feat: add HUML parser support by @​rhnvrm in #​374
• Bump github.com/go-viper/mapstructure/v2 from 2.2.1 to 2.4.0 in /tests by @​dependabot[bot] in #​376
• Bump github.com/go-viper/mapstructure/v2 from 2.2.1 to 2.4.0 in /providers/cliflagv3 by @​dependabot[bot] in #​378
• Bump github.com/go-viper/mapstructure/v2 from 2.3.0 to 2.4.0 in /providers/cliflagv2 by @​dependabot[bot] in #​380
• Add thread safety to resolve race conditions in Issues #​305 and #​335 by @​rhnvrm in #​377
• fix: bump mapstructure version by @​rostislaved in #​381

New Contributors

• @​remyzandwijk made their first contribution in #​373
• @​rostislaved made their first contribution in #​381

Full Changelog: knadh/koanf@v2.2.2...v2.3.0

v2.2.2

Compare Source

What's Changed

• Replace yaml package with go.yaml.in/yaml/v3 by @​devhaozi in #​365
• Bump github.com/go-viper/mapstructure/v2 from 2.2.1 to 2.3.0 in /providers/cliflagv2 by @​dependabot[bot] in #​366
• Bump github.com/go-viper/mapstructure/v2 from 2.2.1 to 2.3.0 by @​dependabot[bot] in #​367
• feat: config to override env vars by @​nickajacks1 in #​341

New Contributors

• @​devhaozi made their first contribution in #​365
• @​nickajacks1 made their first contribution in #​341

Full Changelog: knadh/koanf@v2.2.1...v2.2.2

v2.2.1

Compare Source

What's Changed

• Bump github.com/nats-io/nats-server/v2 from 2.9.23 to 2.10.27 in /providers/nats by @​dependabot in #​350
• Bump golang.org/x/net from 0.36.0 to 0.38.0 in /providers/consul by @​dependabot in #​351
• Bump golang.org/x/net from 0.37.0 to 0.38.0 in /examples by @​dependabot in #​353
• changing cliflagv2 to support variadic forcedinclude parameter by @​kooroo in #​357
• adds urfave/cli/v3 parser by @​n0cloud in #​361
• add toggle to split nats kv on "." delimiter by @​nickchomey in #​355

New Contributors

• @​kooroo made their first contribution in #​357
• @​n0cloud made their first contribution in #​361
• @​nickchomey made their first contribution in #​355

Full Changelog: knadh/koanf@v2.2.0...v2.2.1

v2.2.0

Compare Source

This release sets the min required Go version to v1.23.0

An increasing number of important updates to various deps, including golang.org/x/*, require go >= 1.23.0. It is now untenable
to maintain support for older Go versions. This does not break existing installations, just that further updates will only be available to newer Go versions.

What's Changed

• Update CI by @​StefMa in #​332
• Fix typos by @​NathanBaulch in #​336
• adds urfave/cli/v2 flag parser by @​joicemjoseph in #​330
• Bump golang.org/x/net from 0.23.0 to 0.36.0 in /providers/consul by @​dependabot in #​342
• Added support for Azure Keyvault by @​arawin1979 in #​343
• Bump golang.org/x/crypto from 0.21.0 to 0.35.0 in /providers/vault by @​dependabot in #​348
• Bump golang.org/x/crypto from 0.17.0 to 0.35.0 in /providers/nats by @​dependabot in #​347
• Bump github.com/golang-jwt/jwt/v5 from 5.2.1 to 5.2.2 in /examples by @​dependabot in #​346
• Bump golang.org/x/net from 0.23.0 to 0.36.0 in /providers/vault by @​dependabot in #​344
• Upgrade min Go version and deps across all providers and parsers by @​knadh in #​349

New Contributors

• @​NathanBaulch made their first contribution in #​336
• @​joicemjoseph made their first contribution in #​330
• @​arawin1979 made their first contribution in #​343

Full Changelog: knadh/koanf@v2.1.2...v2.2.0

stretchr/testify (github.com/stretchr/testify)

v1.11.1

Compare Source

This release fixes #​1785 introduced in v1.11.0 where expected argument values implementing the stringer interface (String() string) with a method which mutates their value, when passed to mock.Mock.On (m.On("Method", <expected>).Return()) or actual argument values passed to mock.Mock.Called may no longer match one another where they previously did match. The behaviour prior to v1.11.0 where the stringer is always called is restored. Future testify releases may not call the stringer method at all in this case.

What's Changed

• Backport #​1786 to release/1.11: mock: revert to pre-v1.11.0 argument matching behavior for mutating stringers by @​brackendawson in #​1788

Full Changelog: stretchr/testify@v1.11.0...v1.11.1

v1.11.0

Compare Source

What's Changed

Functional Changes

v1.11.0 Includes a number of performance improvements.

• Call stack perf change for CallerInfo by @​mikeauclair in #​1614
• Lazily render mock diff output on successful match by @​mikeauclair in #​1615
• assert: check early in Eventually, EventuallyWithT, and Never by @​cszczepaniak in #​1427
• assert: add IsNotType by @​bartventer in #​1730
• assert.JSONEq: shortcut if same strings by @​dolmen in #​1754
• assert.YAMLEq: shortcut if same strings by @​dolmen in #​1755
• assert: faster and simpler isEmpty using reflect.Value.IsZero by @​dolmen in #​1761
• suite: faster methods filtering (internal refactor) by @​dolmen in #​1758

Fixes

• assert.ErrorAs: log target type by @​craig65535 in #​1345
• Fix failure message formatting for Positive and Negative asserts in #​1062
• Improve ErrorIs message when error is nil but an error was expected by @​tsioftas in #​1681
• fix Subset/NotSubset when calling with mixed input types by @​siliconbrain in #​1729
• Improve ErrorAs failure message when error is nil by @​ccoVeille in #​1734
• mock.AssertNumberOfCalls: improve error msg by @​3scalation in #​1743

Documentation, Build & CI

• docs: Fix typo in README by @​alexandear in #​1688
• Replace deprecated io/ioutil with io and os by @​alexandear in #​1684
• Document consequences of calling t.FailNow() by @​greg0ire in #​1710
• chore: update docs for Unset #​1621 by @​techfg in #​1709
• README: apply gofmt to examples by @​alexandear in #​1687
• refactor: use %q and %T to simplify fmt.Sprintf by @​alexandear in #​1674
• Propose Christophe Colombier (ccoVeille) as approver by @​brackendawson in #​1716
• Update documentation for the Error function in assert or require package by @​architagr in #​1675
• assert: remove deprecated build constraints by @​alexandear in #​1671
• assert: apply gofumpt to internal test suite by @​ccoVeille in #​1739
• CI: fix shebang in .ci.*.sh scripts by @​dolmen in #​1746
• assert,require: enable parallel testing on (almost) all top tests by @​dolmen in #​1747
• suite.Passed: add one more status test report by @​Ararsa-Derese in #​1706
• Add Helper() method in internal mocks and assert.CollectT by @​dolmen in #​1423
• assert.Same/NotSame: improve usage of Sprintf by @​ccoVeille in #​1742
• mock: enable parallel testing on internal testsuite by @​dolmen in #​1756
• suite: cleanup use of 'testing' internals at runtime by @​dolmen in #​1751
• assert: check test failure message for Empty and NotEmpty by @​ccoVeille in #​1745
• deps: fix dependency cycle with objx (again) by @​dolmen in #​1567
• assert.Empty: comprehensive doc of "Empty"-ness rules by @​dolmen in #​1753
• doc: improve godoc of top level 'testify' package by @​dolmen in #​1760
• assert.ErrorAs: simplify retrieving the type name by @​ccoVeille in #​1740
• assert.EqualValues: improve test coverage to 100% by @​dolmen in #​1763
• suite.Run: simplify running of Setup/TeardownSuite by @​renzoarreaza in #​1769
• assert.CallerInfo: micro optimization by using LastIndexByte by @​dolmen in #​1767
• assert.CallerInfo: micro cleanup by @​dolmen in #​1768
• assert: refactor TestFileExists and TestDirExists tests to enable parallel testing by @​dolmen in #​1766
• suite.Run: refactor handling of stats for improved readability by @​dolmen in #​1764
• tests: improve captureTestingT helper by @​ccoVeille in #​1741
• build(deps): bump actions/checkout from 4 to 5 by @​dependabot[bot] in #​1778

New Contributors

• @​greg0ire made their first contribution in #​1710
• @​techfg made their first contribution in #​1709
• @​mikeauclair made their first contribution in #​1614
• @​cszczepaniak made their first contribution in #​1427
• @​architagr made their first contribution in #​1675
• @​tsioftas made their first contribution in #​1681
• @​siliconbrain made their first contribution in #​1729
• @​bartventer made their first contribution in #​1730
• @​Ararsa-Derese made their first contribution in #​1706
• @​renzoarreaza made their first contribution in #​1769
• @​3scalation made their first contribution in #​1743

Full Changelog: stretchr/testify@v1.10.0...v1.11.0

v1.10.0

Compare Source

What's Changed

Functional Changes

• Add PanicAssertionFunc by @​fahimbagar in #​1337
• assert: deprecate CompareType by @​dolmen in #​1566
• assert: make YAML dependency pluggable via build tags by @​dolmen in #​1579
• assert: new assertion NotElementsMatch by @​hendrywiranto in #​1600
• mock: in order mock calls by @​ReyOrtiz in #​1637
• Add assertion for NotErrorAs by @​palsivertsen in #​1129
• Record Return Arguments of a Call by @​jayd3e in #​1636
• assert.EqualExportedValues: accepts everything by @​redachl in #​1586

Fixes

• assert: make tHelper a type alias by @​dolmen in #​1562
• Do not get argument again unnecessarily in Arguments.Error() by @​TomWright in #​820
• Fix time.Time compare by @​myxo in #​1582
• assert.Regexp: handle []byte array properly by @​kevinburkesegment in #​1587
• assert: collect.FailNow() should not panic by @​marshall-lee in #​1481
• mock: simplify implementation of FunctionalOptions by @​dolmen in #​1571
• mock: caller information for unexpected method call by @​spirin in #​1644
• suite: fix test failures by @​stevenh in #​1421
• Fix issue #​1662 (comparing infs should fail) by @​ybrustin in #​1663
• NotSame should fail if args are not pointers #​1661 by @​sikehish in #​1664
• Increase timeouts in Test_Mock_Called_blocks to reduce flakiness in CI by @​sikehish in #​1667
• fix: compare functional option names for indirect calls by @​arjun-1 in #​1626

Documentation, Build & CI

• .gitignore: ignore "go test -c" binaries by @​dolmen in #​1565
• mock: improve doc by @​dolmen in #​1570
• mock: fix FunctionalOptions docs by @​snirye in #​1433
• README: link out to the excellent testifylint by @​brackendawson in #​1568
• assert: fix typo in comment by @​JohnEndson in #​1580
• Correct the EventuallyWithT and EventuallyWithTf example by @​JonCrowther in #​1588
• CI: bump softprops/action-gh-release from 1 to 2 by @​dependabot in #​1575
• mock: document more alternatives to deprecated AnythingOfTypeArgument by @​dolmen in #​1569
• assert: Correctly document EqualValues behavior by @​brackendawson in #​1593
• fix: grammar in godoc by @​miparnisari in #​1607
• .github/workflows: Run tests for Go 1.22 by @​HaraldNordgren in #​1629
• Document suite's lack of support for t.Parallel by @​brackendawson in #​1645
• assert: fix typos in comments by @​alexandear in #​1650
• mock: fix doc comment for NotBefore by @​alexandear in #​1651
• Generate better comments for require package by @​Neokil in #​1610
• README: replace Testify V2 notice with @​dolmen's V2 manifesto by @​hendrywiranto in #​1518

New Contributors

• @​fahimbagar made their first contribution in #​1337
• @​TomWright made their first contribution in #​820
• @​snirye made their first contribution in #​1433
• @​myxo made their first contribution in #​1582
• @​JohnEndson made their first contribution in #​1580
• @​JonCrowther made their first contribution in #​1588
• @​miparnisari made their first contribution in #​1607
• @​marshall-lee made their first contribution in #​1481
• @​spirin made their first contribution in #​1644
• @​ReyOrtiz made their first contribution in #​1637
• @​stevenh made their first contribution in #​1421
• @​jayd3e made their first contribution in #​1636
• @​Neokil made their first contribution in #​1610
• @​redachl made their first contribution in #​1586
• @​ybrustin made their first contribution in #​1663
• @​sikehish made their first contribution in #​1664
• @​arjun-1 made their first contribution in #​1626

Full Changelog: stretchr/testify@v1.9.0...v1.10.0

github/codeql-action (github/codeql-action)

v2.28.1

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

This is the last planned release of the v2. To continue getting updates for the CodeQL Action, please switch to v3.

2.28.1 - 10 Jan 2025

• CodeQL Action v2 is now deprecated, and is no longer updated or supported. For better performance, improved security, and new features, upgrade to v3. For more information, see this changelog post. #​2677
• Update default CodeQL bundle version to 2.20.1. #​2678

See the full CHANGELOG.md for more information.

v2.28.0

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

Note that the only difference between v2 and v3 of the CodeQL Action is the node version they support, with v3 running on node 20 while we continue to release v2 to support running on node 16. For example 3.22.11 was the first v3 release and is functionally identical to 2.22.11. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.

This is the last planned release of the v2. To continue getting updates for the CodeQL Action, please switch to v3.

2.28.0 - 20 Dec 2024

• Bump the minimum CodeQL bundle version to 2.15.5. #​2655
• Don't fail in the unusual case that a file is on the search path. #​2660.

See the full CHANGELOG.md for more information.

v2.27.9

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

Note that the only difference between v2 and v3 of the CodeQL Action is the node version they support, with v3 running on node 20 while we continue to release v2 to support running on node 16. For example 3.22.11 was the first v3 release and is functionally identical to 2.22.11. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.

2.27.9 - 12 Dec 2024

No user facing changes.

See the full CHANGELOG.md for more information.

v2.27.8

Compare Source

[v2.27.7](https://redirect.github.com/github/codeql-action/releases/tag/

---

Configuration

📅 Schedule: Branch creation - Between 04:00 AM and 04:59 AM, on day 1 and 16 of the month ( * 4 1,16 * * ) (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[renovate]

ℹ️ Artifact update notice

File name: go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

• 10 additional dependencies were updated

Details:

Package	Change
github.com/fxamacker/cbor/v2	v2.7.0 -> v2.9.0
github.com/go-logr/logr	v1.4.2 -> v1.4.3
github.com/go-viper/mapstructure/v2	v2.2.1 -> v2.4.0
github.com/knadh/koanf/maps	v0.1.1 -> v0.1.2
github.com/modern-go/reflect2	v1.0.2 -> v1.0.3-0.20250322232337-35a7c28c31ee
golang.org/x/net	v0.28.0 -> v0.47.0
golang.org/x/sys	v0.23.0 -> v0.38.0
k8s.io/utils	v0.0.0-20240711033017-18e509b52bc8 -> v0.0.0-20251002143259-bc988d571ff4
sigs.k8s.io/json	v0.0.0-20221116044647-bc3834ca7abd -> v0.0.0-20250730193827-2d320260d730
sigs.k8s.io/yaml	v1.4.0 -> v1.6.0