chore(deps): Bump the gomod group across 1 directory with 4 updates

[dependabot]

Bumps the gomod group with 4 updates in the / directory: github.com/prometheus/client_golang, golang.org/x/crypto, golang.org/x/oauth2 and tailscale.com.

Updates github.com/prometheus/client_golang from 1.21.1 to 1.22.0

Release notes

Sourced from github.com/prometheus/client_golang's releases.

v1.22.0 - 2025-04-07

⚠️ This release contains potential breaking change if you use experimental zstd support introduce in #1496 ⚠️

Experimental support for zstd on scrape was added, controlled by the request Accept-Encoding header. It was enabled by default since version 1.20, but now you need to add a blank import to enable it. The decision to make it opt-in by default was originally made because the Go standard library was expected to have default zstd support added soon, golang/go#62513 however, the work took longer than anticipated and it will be postponed to upcoming major Go versions.

e.g.:

import (
  _ "github.com/prometheus/client_golang/prometheus/promhttp/zstd"
)

• [FEATURE] prometheus: Add new CollectorFunc utility #1724
• [CHANGE] Minimum required Go version is now 1.22 (we also test client_golang against latest go version - 1.24) #1738
• [FEATURE] api: WithLookbackDelta and WithStats options have been added to API client. #1743
• [CHANGE] ⚠️ promhttp: Isolate zstd support and klauspost/compress library use to promhttp/zstd package. #1765

• build(deps): bump golang.org/x/sys from 0.28.0 to 0.29.0 by @​dependabot in prometheus/client_golang#1720
• build(deps): bump google.golang.org/protobuf from 1.36.1 to 1.36.3 by @​dependabot in prometheus/client_golang#1719
• Update RELEASE.md by @​bwplotka in prometheus/client_golang#1721
• chore(docs): Add links for the upstream PRs by @​kakkoyun in prometheus/client_golang#1722
• Added tips on releasing client and checking with k8s. by @​bwplotka in prometheus/client_golang#1723
• feat: Add new CollectorFunc utility by @​Saumya40-codes in prometheus/client_golang#1724
• build(deps): bump google.golang.org/protobuf from 1.36.3 to 1.36.4 by @​dependabot in prometheus/client_golang#1725
• build(deps): bump the github-actions group with 5 updates by @​dependabot in prometheus/client_golang#1726
• Synchronize common files from prometheus/prometheus by @​prombot in prometheus/client_golang#1727
• Synchronize common files from prometheus/prometheus by @​prombot in prometheus/client_golang#1731
• build(deps): bump golang.org/x/sys from 0.29.0 to 0.30.0 by @​dependabot in prometheus/client_golang#1739
• build(deps): bump google.golang.org/protobuf from 1.36.4 to 1.36.5 by @​dependabot in prometheus/client_golang#1740
• Cleanup dependabot config by @​SuperQ in prometheus/client_golang#1741
• Upgrade Golang version v1.24 by @​dongjiang1989 in prometheus/client_golang#1738
• build(deps): bump the github-actions group with 2 updates by @​dependabot in prometheus/client_golang#1742
• Merging 1.21 release back to main. by @​bwplotka in prometheus/client_golang#1744
• Synchronize common files from prometheus/prometheus by @​prombot in prometheus/client_golang#1745
• Add support for undocumented query options for API by @​mahendrapaipuri in prometheus/client_golang#1743
• exp/api: Add experimental exp module; Add remote API with write client and handler. by @​bwplotka in prometheus/client_golang#1658
• exp/api: Add accepted msg type validation to handler by @​saswatamcode in prometheus/client_golang#1750
• build(deps): bump the github-actions group with 5 updates by @​dependabot in prometheus/client_golang#1751
• build(deps): bump github.com/klauspost/compress from 1.17.11 to 1.18.0 by @​dependabot in prometheus/client_golang#1752
• build(deps): bump github.com/google/go-cmp from 0.6.0 to 0.7.0 by @​dependabot in prometheus/client_golang#1753
• exp: Reset snappy buf by @​saswatamcode in prometheus/client_golang#1756
• Merge release 1.21.1 to main. by @​bwplotka in prometheus/client_golang#1762
• exp: Add dependabot config by @​saswatamcode in prometheus/client_golang#1754
• build(deps): bump peter-evans/create-pull-request from 7.0.7 to 7.0.8 in the github-actions group by @​dependabot in prometheus/client_golang#1764

... (truncated)

Changelog

Sourced from github.com/prometheus/client_golang's changelog.

1.22.0 / 2025-04-07

⚠️ This release contains potential breaking change if you use experimental zstd support introduce in #1496 ⚠️

Experimental support for zstd on scrape was added, controlled by the request Accept-Encoding header. It was enabled by default since version 1.20, but now you need to add a blank import to enable it. The decision to make it opt-in by default was originally made because the Go standard library was expected to have default zstd support added soon, golang/go#62513 however, the work took longer than anticipated and it will be postponed to upcoming major Go versions.

e.g.:

import (
  _ "github.com/prometheus/client_golang/prometheus/promhttp/zstd"
)

• [FEATURE] prometheus: Add new CollectorFunc utility #1724
• [CHANGE] Minimum required Go version is now 1.22 (we also test client_golang against latest go version - 1.24) #1738
• [FEATURE] api: WithLookbackDelta and WithStats options have been added to API client. #1743
• [CHANGE] ⚠️ promhttp: Isolate zstd support and klauspost/compress library use to promhttp/zstd package. #1765

Commits

• d50be25 Cut 1.22.0 (#1793)
• 1043db7 Cut 1.22.0-rc.0 (#1768)
• e575c9c promhttp: Isolate zstd support and klauspost/compress library use to promhttp...
• f2276aa Merge pull request #1764 from prometheus/dependabot/github_actions/github-act...
• 9df772c build(deps): bump peter-evans/create-pull-request
• a3548c5 Merge pull request #1754 from saswatamcode/exp-eh
• 60fd2b0 Remove go.work file for now
• 8f9d0de exp: Add dependabot config
• c5cf981 Merge pull request #1762 from prometheus/release-1.21
• e84c305 exp: Reset snappy buf (#1756)
• Additional commits viewable in compare view

Updates golang.org/x/crypto from 0.36.0 to 0.37.0

Commits

• 959f8f3 go.mod: update golang.org/x dependencies
• 769bcd6 ssh: use the configured rand in kex init
• d0a798f cryptobyte: fix typo 'octects' into 'octets' for asn1.go
• acbcbef acme: remove unnecessary []byte conversion
• 376eb14 x509roots: support constrained roots
• b369b72 crypto/internal/poly1305: implement function update in assembly on loong64
• 6b853fb ssh/knownhosts: check more than one key
• See full diff in compare view

Updates golang.org/x/oauth2 from 0.28.0 to 0.29.0

Commits

• 65c15a3 oauth2: remove extra period
• ce56909 jws: improve fix for CVE-2025-22868
• See full diff in compare view

Updates tailscale.com from 1.80.3 to 1.82.0

Release notes

Sourced from tailscale.com's releases.

v1.82.0

Please refer to the changelog available at https://tailscale.com/changelog.

Commits

• 6676b12 VERSION.txt: this is v1.82.0 (#15442)
• fea74a6 cmd/k8s-operator,k8s-operator: disable HA Ingress before stable release (#15433)
• e3c04c5 build_docker.sh: bump default base image (#15432)
• d0e7af3 cmd/natc: add test and fix for ip exhaustion
• 2685484 Bump Alpine, link iptables back to legacy (#15428)
• a622deb cmd/{k8s-operator,containerboot}: check TLS cert before advertising VIPServic...
• 4777cc2 ipn/store/kubestore: skip cache for the write replica in cert share mode (#15...
• 7537389 tsnet: Default executable name on iOS
• 5aa1c27 control/controlhttp: quiet "forcing port 443" log spam
• 725c8d2 ipn/ipnlocal: remove misleading [unexpected] log for auditlog (#15421)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[antifuchs]

@dependabot rebase

[dependabot]

Looks like this PR is already up-to-date with main! If you'd still like to recreate it from scratch, overwriting any edits, you can request @dependabot recreate.

[dependabot]

Dependabot tried to update this pull request, but something went wrong. We're looking into it, but in the meantime you can retry the update by commenting @dependabot rebase.

[dependabot]

Dependabot tried to update this pull request, but something went wrong. We're looking into it, but in the meantime you can retry the update by commenting @dependabot recreate.