chore(deps): bump the gomod group across 1 directory with 14 updates #717

dependabot · 2026-01-26T06:14:42Z

Bumps the gomod group with 6 updates in the / directory:

Package	From	To
github.com/in-toto/in-toto-golang	`0.9.0`	`0.10.0`
github.com/prometheus/client_golang	`1.22.0`	`1.23.2`
go.uber.org/zap	`1.27.0`	`1.27.1`
github.com/prometheus/procfs	`0.17.0`	`0.19.2`
go.yaml.in/yaml/v2	`2.4.2`	`2.4.3`
sigs.k8s.io/yaml	`1.5.0`	`1.6.0`

Updates github.com/in-toto/in-toto-golang from 0.9.0 to 0.10.0

Release notes

Sourced from github.com/in-toto/in-toto-golang's releases.

v0.10.0

What's Changed

chore(deps): bump google.golang.org/grpc from 1.54.0 to 1.55.0 by @dependabot[bot] in in-toto/in-toto-golang#232

Update maintainers and governance by @adityasaky in in-toto/in-toto-golang#233

chore(deps): bump github.com/stretchr/testify from 1.8.2 to 1.8.3 by @dependabot[bot] in in-toto/in-toto-golang#234

chore(deps): bump github.com/spiffe/go-spiffe/v2 from 2.1.3 to 2.1.5 by @dependabot[bot] in in-toto/in-toto-golang#235

chore(deps): bump github.com/stretchr/testify from 1.8.3 to 1.8.4 by @dependabot[bot] in in-toto/in-toto-golang#236

Fix expired signature in test by @adityasaky in in-toto/in-toto-golang#241

chore(deps): bump golang.org/x/sys from 0.8.0 to 0.9.0 by @dependabot[bot] in in-toto/in-toto-golang#240

chore(deps): bump github.com/spiffe/go-spiffe/v2 from 2.1.5 to 2.1.6 by @dependabot[bot] in in-toto/in-toto-golang#239

chore(deps): bump google.golang.org/grpc from 1.55.0 to 1.56.0 by @dependabot[bot] in in-toto/in-toto-golang#242

chore(deps): bump google.golang.org/grpc from 1.56.0 to 1.56.1 by @dependabot[bot] in in-toto/in-toto-golang#243

Update GitHub Actions workflows by @adityasaky in in-toto/in-toto-golang#246

chore(deps): bump golang.org/x/sys from 0.9.0 to 0.10.0 by @dependabot[bot] in in-toto/in-toto-golang#245

remove linters that are no longer supported and add to make file by @pxp928 in in-toto/in-toto-golang#249

Add match products feature by @adityasaky in in-toto/in-toto-golang#237

Remove unfinished link on record stop by @PradyumnaKrishna in in-toto/in-toto-golang#248

chore(deps): bump google.golang.org/grpc from 1.56.1 to 1.56.2 by @dependabot[bot] in in-toto/in-toto-golang#250

chore(deps): bump github.com/secure-systems-lab/go-securesystemslib from 0.6.0 to 0.7.0 by @dependabot[bot] in in-toto/in-toto-golang#251

chore(deps): bump google.golang.org/grpc from 1.56.2 to 1.57.0 by @dependabot[bot] in in-toto/in-toto-golang#255

Add tests for coverage in envelope.go by @adityasaky in in-toto/in-toto-golang#256

chore(deps): bump golang.org/x/sys from 0.10.0 to 0.11.0 by @dependabot[bot] in in-toto/in-toto-golang#257

chore(deps): bump actions/setup-go from 4.0.1 to 4.1.0 by @dependabot[bot] in in-toto/in-toto-golang#258

chore(deps): bump golangci/golangci-lint-action from 3.6.0 to 3.7.0 by @dependabot[bot] in in-toto/in-toto-golang#259

Fixes filepath pattern matching in windows by @PradyumnaKrishna in in-toto/in-toto-golang#254

chore(deps): bump actions/checkout from 3.5.3 to 3.6.0 by @dependabot[bot] in in-toto/in-toto-golang#261

chore(deps): bump actions/checkout from 3.6.0 to 4.0.0 by @dependabot[bot] in in-toto/in-toto-golang#262

chore(deps): bump golang.org/x/sys from 0.11.0 to 0.12.0 by @dependabot[bot] in in-toto/in-toto-golang#263

chore(deps): bump google.golang.org/grpc from 1.57.0 to 1.58.0 by @dependabot[bot] in in-toto/in-toto-golang#264

chore(deps): bump google.golang.org/grpc from 1.58.0 to 1.58.1 by @dependabot[bot] in in-toto/in-toto-golang#266

Deprecate Provenance v1 struct in favor of /attestation protobufs by @marcelamelara in in-toto/in-toto-golang#267

chore(deps): bump google.golang.org/grpc from 1.58.1 to 1.58.2 by @dependabot[bot] in in-toto/in-toto-golang#269

chore(deps): bump actions/checkout from 4.0.0 to 4.1.0 by @dependabot[bot] in in-toto/in-toto-golang#270

Drop use of any for hash objects by @adityasaky in in-toto/in-toto-golang#238

chore(deps): bump golang.org/x/sys from 0.12.0 to 0.13.0 by @dependabot[bot] in in-toto/in-toto-golang#271

chore(deps): bump github.com/google/go-cmp from 0.5.9 to 0.6.0 by @dependabot[bot] in in-toto/in-toto-golang#273

chore(deps): bump google.golang.org/grpc from 1.58.2 to 1.58.3 by @dependabot[bot] in in-toto/in-toto-golang#272

chore(deps): bump golang.org/x/net from 0.12.0 to 0.17.0 by @dependabot[bot] in in-toto/in-toto-golang#274

chore(deps): bump google.golang.org/grpc from 1.58.3 to 1.59.0 by @dependabot[bot] in in-toto/in-toto-golang#275

chore(deps): bump actions/checkout from 4.1.0 to 4.1.1 by @dependabot[bot] in in-toto/in-toto-golang#276

Trigger workflow on pushes only to master branch by @adityasaky in in-toto/in-toto-golang#280

chore(deps): bump golang.org/x/sys from 0.13.0 to 0.14.0 by @dependabot[bot] in in-toto/in-toto-golang#278

chore(deps): bump github.com/spf13/cobra from 1.7.0 to 1.8.0 by @dependabot[bot] in in-toto/in-toto-golang#277

add openssf scorecard by @viveksahu26 in in-toto/in-toto-golang#281

chore(deps): bump github.com/go-jose/go-jose/v3 from 3.0.0 to 3.0.1 by @dependabot[bot] in in-toto/in-toto-golang#282

Fix coveralls, use action by @adityasaky in in-toto/in-toto-golang#285

Secure System Lab Sign/Verify by @Forrin in in-toto/in-toto-golang#279

chore(deps): bump golang.org/x/sys from 0.14.0 to 0.15.0 by @dependabot[bot] in in-toto/in-toto-golang#287

chore(deps): bump actions/setup-go from 4.1.0 to 5.0.0 by @dependabot[bot] in in-toto/in-toto-golang#289

chore(deps): bump google.golang.org/grpc from 1.59.0 to 1.60.0 by @dependabot[bot] in in-toto/in-toto-golang#290

... (truncated)

Commits

db554e2 Merge pull request #450 from in-toto/dependabot/go_modules/all-e2678a00b5
b2ea0f2 chore(deps): bump golang.org/x/sys in the all group
acc2f33 Merge pull request #448 from in-toto/dependabot/go_modules/github.com/secure-...
313b1d6 Merge pull request #449 from in-toto/dependabot/github_actions/all-2ed24f8e11
d9a60af chore(deps): bump github.com/secure-systems-lab/go-securesystemslib
e7783d5 chore(deps): bump the all group with 3 updates
7a1798a Merge pull request #447 from in-toto/fix-ci
b6af1a7 Modernize CI and automation
ad67645 Merge pull request #446 from in-toto/dependabot/go_modules/google.golang.org/...
b63fd33 chore(deps): bump google.golang.org/grpc from 1.74.2 to 1.78.0
Additional commits viewable in compare view

Updates github.com/prometheus/client_golang from 1.22.0 to 1.23.2

Release notes

Sourced from github.com/prometheus/client_golang's releases.

v1.23.2 - 2025-09-05

This release is made to upgrade to prometheus/common v0.66.1, which drops the dependencies github.com/grafana/regexp and go.uber.org/atomic and replaces gopkg.in/yaml.v2 with go.yaml.in/yaml/v2 (a drop-in replacement). There are no functional changes.

[release-1.23] Upgrade to prometheus/[email protected] by @aknuds1 in prometheus/client_golang#1869

[release-1.23] Cut v1.23.2 by @aknuds1 in prometheus/client_golang#1870

Full Changelog: prometheus/client_golang@v1.23.1...v1.23.2

v1.23.1 - 2025-09-04

This release is made to be compatible with a backwards incompatible API change in prometheus/common v0.66.0. There are no functional changes.

[release-1.23] Upgrade to prometheus/common v0.66 by @aknuds1 in prometheus/client_golang#1866

[release-1.23] Cut v1.23.1 by @aknuds1 in prometheus/client_golang#1867

Full Changelog: prometheus/client_golang@v1.23.0...v1.23.1

v1.23.0 - 2025-07-30

[CHANGE] Minimum required Go version is now 1.23, only the two latest Go versions are supported from now on. #1812

[FEATURE] Add WrapCollectorWith and WrapCollectorWithPrefix #1766

[FEATURE] Add exemplars for native histograms #1686

[ENHANCEMENT] exp/api: Bubble up status code from writeResponse #1823

[ENHANCEMENT] collector/go: Update runtime metrics for Go v1.23 and v1.24 #1833

[BUGFIX] exp/api: client prompt return on context cancellation #1729

... (truncated)

Changelog

Sourced from github.com/prometheus/client_golang's changelog.

1.23.2 / 2025-09-05

This release is made to upgrade to prometheus/common v0.66.1, which drops the dependencies github.com/grafana/regexp and go.uber.org/atomic and replaces gopkg.in/yaml.v2 with go.yaml.in/yaml/v2 (a drop-in replacement). There are no functional changes.

1.23.1 / 2025-09-04

This release is made to be compatible with a backwards incompatible API change in prometheus/common v0.66.0. There are no functional changes.

1.23.0 / 2025-07-30

[CHANGE] Minimum required Go version is now 1.23, only the two latest Go versions are supported from now on. #1812

[FEATURE] Add WrapCollectorWith and WrapCollectorWithPrefix #1766

[FEATURE] Add exemplars for native histograms #1686

[ENHANCEMENT] exp/api: Bubble up status code from writeResponse #1823

[ENHANCEMENT] collector/go: Update runtime metrics for Go v1.23 and v1.24 #1833

[BUGFIX] exp/api: client prompt return on context cancellation #1729

Commits

8179a56 Cut v1.23.2 (#1870)
4142b59 Merge pull request #1869 from prometheus/arve/upgrade-common
4ff40f0 Cut v1.23.1 (#1867)
989b029 Upgrade to prometheus/common v0.66 (#1866)
e4b2208 Cut v1.23.0 (#1848)
d9492af cut v1.23.0-rc.1 (#1842)
aeae8a0 Cut v1.23.0-rc.0 (#1837)
b157309 Update common Prometheus files (#1832)
a704e28 build(deps): bump the github-actions group with 3 updates (#1826)
c774311 Fix errNotImplemented reference (#1835)
Additional commits viewable in compare view

Updates github.com/spf13/cobra from 1.9.1 to 1.10.2

Release notes

Sourced from github.com/spf13/cobra's releases.

v1.10.2

🔧 Dependencies

chore: Migrate from gopkg.in/yaml.v3 to go.yaml.in/yaml/v3 by @dims in spf13/cobra#2336 - the gopkg.in/yaml.v3 package has been deprecated for some time: this should significantly cleanup dependency/supply-chains for consumers of spf13/cobra

📈 CI/CD

Fix linter and allow CI to pass by @marckhouzam in spf13/cobra#2327

fix: actions/setup-go v6 by @jpmcb in spf13/cobra#2337

🔥✍🏼 Docs

Add documentation for repeated flags functionality by @rvergis in spf13/cobra#2316

🍂 Refactors

refactor: replace several vars with consts by @htoyoda18 in spf13/cobra#2328

refactor: change minUsagePadding from var to const by @ssam18 in spf13/cobra#2325

🤗 New Contributors

@rvergis made their first contribution in spf13/cobra#2316

@htoyoda18 made their first contribution in spf13/cobra#2328

@ssam18 made their first contribution in spf13/cobra#2325

@dims made their first contribution in spf13/cobra#2336

Full Changelog: spf13/cobra@v1.10.1...v1.10.2

Thank you to our amazing contributors!!!!! 🐍 🚀

v1.10.1

🐛 Fix

chore: upgrade pflags v1.0.9 by @jpmcb in spf13/cobra#2305

v1.0.9 of pflags brought back ParseErrorsWhitelist and marked it as deprecated

Full Changelog: spf13/cobra@v1.10.0...v1.10.1

v1.10.0

What's Changed

🚨 Attention!

Bump pflag to 1.0.8 by @tomasaschan in spf13/cobra#2303

This version of pflag carried a breaking change: it renamed ParseErrorsWhitelist to ParseErrorsAllowlist which can break builds if both pflag and cobra are dependencies in your project.

If you use both pflag and cobra, upgrade pflagto 1.0.8 andcobrato1.10.0`

or use the newer, fixed version of pflag v1.0.9 which keeps the deprecated ParseErrorsWhitelist

... (truncated)

Commits

88b30ab chore: Migrate from gopkg.in/yaml.v3 to go.yaml.in/yaml/v3 (#2336)
346d408 fix: actions/setup-go v6 (#2337)
fc81d20 refactor: change minUsagePadding from var to const (#2325)
117698a refactor: replace several vars with consts (#2328)
e2dd29d Add documentation for repeated flags functionality (#2316)
0629892 Fix linter (#2327)
7da941c chore: Bump pflag to v1.0.9 (#2305)
51d6751 Bump pflag to 1.0.8 (#2303)
3f3b818 Update README.md with new logo
dcaf42e Add Periscope to the list of projects using Cobra (#2299)
Additional commits viewable in compare view

Updates go.uber.org/zap from 1.27.0 to 1.27.1

Release notes

Sourced from go.uber.org/zap's releases.

v1.27.1

Enhancements:

#1501[]: prevent Object from panicking on nils

#1511[]: Fix a race condition in WithLazy.

Thanks to @rabbbit, @alshopov, @jquirke, @arukiidou for their contributions to this release.

#1501: uber-go/zap#1501 #1511: uber-go/zap#1511

Changelog

Sourced from go.uber.org/zap's changelog.

1.27.1 (19 Nov 2025)

Enhancements:

#1501[]: prevent Object from panicking on nils

#1511[]: Fix a race condition in WithLazy.

Thanks to @rabbbit, @alshopov, @jquirke, @arukiidou for their contributions to this release.

#1501: uber-go/zap#1501 #1511: uber-go/zap#1511

Commits

7b755a3 release 1.27.1 (#1521)
d6b395b Update lazy logger not to materialize unless it's being written to (#1519)
4b9cea0 ci: Test with Go 1.24, Go 1.25 (#1508)
7c80d7b Fix race condition in WithLazy implementation (#1426) (#1511)
07077a6 Prevent zap.Object from panicing on nils (#1501)
a6afd05 Fix lint check name (#1502)
6d48253 chore: fix typo (#1482)
32f2ec1 Fix the field test for bool type (#1480)
fe16eb5 Upgrade grpc in zapgrc test package & bump go version (#1478)
5f00c34 test(AtomicLevel): demonstrate Handler is not vulnerable to XSS (#1477)
Additional commits viewable in compare view

Updates github.com/prometheus/common from 0.65.0 to 0.66.1

Release notes

Sourced from github.com/prometheus/common's releases.

v0.66.1

This release has no functional changes, it just drops the dependencies github.com/grafana/regexp and go.uber.org/atomic and replaces gopkg.in/yaml.v2 with go.yaml.in/yaml/v2 (a drop-in replacement).

What's Changed

Revert "Use github.com/grafana/regexp instead of regexp" by @aknuds1 in prometheus/common#835

Move to supported version of yaml parser by @dims in prometheus/common#834

Revert "Use go.uber.org/atomic instead of sync/atomic (#825)" by @aknuds1 in prometheus/common#838

Full Changelog: prometheus/common@v1.20.99...v0.66.1

v0.66.0

⚠️ Breaking Changes ⚠️

A default-constructed TextParser will be invalid. It must have a valid scheme set, so users should use the NewTextParser function to create a valid TextParser. Otherwise parsing will panic with "Invalid name validation scheme requested: unset".

What's Changed

model: add constants for type and unit labels. by @bwplotka in prometheus/common#801

model.ValidationScheme: Support encoding as YAML by @aknuds1 in prometheus/common#799

fix(promslog): always print time.Duration values as go duration strings by @tjhop in prometheus/common#798

Add ValidationScheme methods IsValidMetricName and IsValidLabelName by @aknuds1 in prometheus/common#806

Fix delimited proto not escaped correctly by @thampiotr in prometheus/common#809

Decoder: Remove use of global name validation and add validation by @ywwg in prometheus/common#808

ValidationScheme implements pflag.Value and json.Marshaler/Unmarshaler interfaces by @juliusmh in prometheus/common#807

expfmt: Add NewTextParser function by @aknuds1 in prometheus/common#816

Enable the godot linter by @aknuds1 in prometheus/common#821

Enable usestdlibvars linter by @aknuds1 in prometheus/common#820

Enable unconvert linter by @aknuds1 in prometheus/common#819

Enable the fatcontext linter by @aknuds1 in prometheus/common#822

Enable gocritic linter by @aknuds1 in prometheus/common#818

Use go.uber.org/atomic instead of sync/atomic by @aknuds1 in prometheus/common#825

Enable revive rule unused-parameter by @aknuds1 in prometheus/common#824

Enable revive rules by @aknuds1 in prometheus/common#823

Synchronize common files from prometheus/prometheus by @prombot in prometheus/common#802

Synchronize common files from prometheus/prometheus by @prombot in prometheus/common#803

Sync .golangci.yml with prometheus/prometheus by @aknuds1 in prometheus/common#817

ci: update upload-actions by @ywwg in prometheus/common#814

docs: fix typo in expfmt.Negotiate by @wmcram in prometheus/common#813

build(deps): bump golang.org/x/net from 0.40.0 to 0.41.0 by @dependabot[bot] in prometheus/common#800

build(deps): bump golang.org/x/net from 0.41.0 to 0.42.0 by @dependabot[bot] in prometheus/common#810

build(deps): bump github.com/stretchr/testify from 1.10.0 to 1.11.1 in /assets by @dependabot[bot] in prometheus/common#826

build(deps): bump google.golang.org/protobuf from 1.36.6 to 1.36.8 by @dependabot[bot] in prometheus/common#830

build(deps): bump golang.org/x/net from 0.42.0 to 0.43.0 by @dependabot[bot] in prometheus/common#829

build(deps): bump github.com/stretchr/testify from 1.10.0 to 1.11.1 by @dependabot[bot] in prometheus/common#827

New Contributors

@aknuds1 made their first contribution in prometheus/common#799

@thampiotr made their first contribution in prometheus/common#809

@wmcram made their first contribution in prometheus/common#813

... (truncated)

Changelog

Sourced from github.com/prometheus/common's changelog.

v0.66.1 / 2025-09-05

This release has no functional changes, it just drops the dependencies github.com/grafana/regexp and go.uber.org/atomic and replaces gopkg.in/yaml.v2 with go.yaml.in/yaml/v2 (a drop-in replacement).

What's Changed

Revert "Use github.com/grafana/regexp instead of regexp" by @aknuds1 in prometheus/common#835

Move to supported version of yaml parser by @dims in prometheus/common#834

Revert "Use go.uber.org/atomic instead of sync/atomic (#825)" by @aknuds1 in prometheus/common#838

Full Changelog: prometheus/common@v1.20.99...v0.66.1

v0.66.0 / 2025-09-02

⚠️ Breaking Changes ⚠️

A default-constructed TextParser will be invalid. It must have a valid scheme set, so users should use the NewTextParser function to create a valid TextParser. Otherwise parsing will panic with "Invalid name validation scheme requested: unset".

What's Changed

model: add constants for type and unit labels. by @bwplotka in prometheus/common#801

model.ValidationScheme: Support encoding as YAML by @aknuds1 in prometheus/common#799

fix(promslog): always print time.Duration values as go duration strings by @tjhop in prometheus/common#798

Add ValidationScheme methods IsValidMetricName and IsValidLabelName by @aknuds1 in prometheus/common#806

Fix delimited proto not escaped correctly by @thampiotr in prometheus/common#809

Decoder: Remove use of global name validation and add validation by @ywwg in prometheus/common#808

ValidationScheme implements pflag.Value and json.Marshaler/Unmarshaler interfaces by @juliusmh in prometheus/common#807

expfmt: Add NewTextParser function by @aknuds1 in prometheus/common#816

Enable the godot linter by @aknuds1 in prometheus/common#821

Enable usestdlibvars linter by @aknuds1 in prometheus/common#820

Enable unconvert linter by @aknuds1 in prometheus/common#819

Enable the fatcontext linter by @aknuds1 in prometheus/common#822

Enable gocritic linter by @aknuds1 in prometheus/common#818

Use go.uber.org/atomic instead of sync/atomic by @aknuds1 in prometheus/common#825

Enable revive rule unused-parameter by @aknuds1 in prometheus/common#824

Enable revive rules by @aknuds1 in prometheus/common#823

Synchronize common files from prometheus/prometheus by @prombot in prometheus/common#802

Synchronize common files from prometheus/prometheus by @prombot in prometheus/common#803

Sync .golangci.yml with prometheus/prometheus by @aknuds1 in prometheus/common#817

ci: update upload-actions by @ywwg in prometheus/common#814

docs: fix typo in expfmt.Negotiate by @wmcram in prometheus/common#813

build(deps): bump golang.org/x/net from 0.40.0 to 0.41.0 by @dependabot[bot] in prometheus/common#800

build(deps): bump golang.org/x/net from 0.41.0 to 0.42.0 by @dependabot[bot] in prometheus/common#810

build(deps): bump github.com/stretchr/testify from 1.10.0 to 1.11.1 in /assets by @dependabot[bot] in prometheus/common#826

build(deps): bump google.golang.org/protobuf from 1.36.6 to 1.36.8 by @dependabot[bot] in prometheus/common#830

build(deps): bump golang.org/x/net from 0.42.0 to 0.43.0 by @dependabot[bot] in prometheus/common#829

build(deps): bump github.com/stretchr/testify from 1.10.0 to 1.11.1 by @dependabot[bot] in prometheus/common#827

New Contributors

@aknuds1 made their first contribution in prometheus/common#799

@thampiotr made their first contribution in prometheus/common#809

... (truncated)

Commits

8975dde Revert "Use go.uber.org/atomic instead of sync/atomic (#825)" (#838)
08d7f66 Move to supported version of yaml parser (#834)
80e275e Revert "Use github.com/grafana/regexp instead of regexp" (#835)
4c2f9e7 Merge pull request #832 from roidelapluie/retract
e120453 Retract v1.20.3
2b1487c Merge pull request #827 from prometheus/dependabot/go_modules/github.com/stre...
db38951 Merge pull request #829 from prometheus/dependabot/go_modules/golang.org/x/ne...
9e19a90 build(deps): bump github.com/stretchr/testify from 1.10.0 to 1.11.1
a1ba2a7 build(deps): bump golang.org/x/net from 0.42.0 to 0.43.0
c7a031c Merge pull request #830 from prometheus/dependabot/go_modules/google.golang.o...
Additional commits viewable in compare view

Updates github.com/prometheus/procfs from 0.17.0 to 0.19.2

Release notes

Sourced from github.com/prometheus/procfs's releases.

v0.19.2

What's Changed

chore: Migrate tests to cmp package by @SuperQ in prometheus/procfs#760

Fix: Use base16 to convert pci sriov_vf_device by @jj-asama in prometheus/procfs#762

Full Changelog: prometheus/procfs@v0.19.1...v0.19.2

v0.19.1

What's Changed

meminfo: Fix ZswappedBytes by @SuperQ in prometheus/procfs#759

Full Changelog: prometheus/procfs@v0.19.0...v0.19.1

v0.19.0

What's Changed

Add FS handler for mountinfo by @SuperQ in prometheus/procfs#757

sysfs: add link_layer property to InfiniBandPort by @thomasbarrett in prometheus/procfs#700

feat: expose MD raid component devices by @robbat2 in prometheus/procfs#674

New Contributors

@robbat2 made their first contribution in prometheus/procfs#674

Full Changelog: prometheus/procfs@v0.18.0...v0.19.0

v0.18.0

What's Changed

chore: clean up golangci-lint configuration by @mmorel-35 in prometheus/procfs#720

chore: enable errorlint linter by @mmorel-35 in prometheus/procfs#742

Modify proc_statm_test notes by @SilenceAdele in prometheus/procfs#735

feat: Add hung_task_detect_count by @dongjiang1989 in prometheus/procfs#738

Synchronize common files from prometheus/prometheus by @prombot in prometheus/procfs#736

net_dev_snmp6: directory traversal by @lzap in prometheus/procfs#743

sysfs/class_sas_phy: Continue on EINVAL in parseSASPhy by @hrtbrock in prometheus/procfs#749

Add compact metrics to vmstat by @cbensimon in prometheus/procfs#754

Update supported Go versions. by @SuperQ in prometheus/procfs#755

chore: enable several rules from go-critic by @mmorel-35 in prometheus/procfs#741

build(deps): bump golang.org/x/sync from 0.15.0 to 0.17.0 by @dependabot[bot] in prometheus/procfs#751

build(deps): bump golang.org/x/sys from 0.33.0 to 0.36.0 by @dependabot[bot] in prometheus/procfs#752

[PROM-50] Update copyright headers by @SuperQ in prometheus/procfs#756

add sriov, power state and numa node info in PciDevice by @jj-asama in prometheus/procfs#748

Fix Proc.Limits limit name matching by @inkel in prometheus/procfs#667

add netfilter queue support by @KonstantinKuklin in prometheus/procfs#677

New Contributors

@lzap made their first contribution in prometheus/procfs#743

@hrtbrock made their first contribution in prometheus/procfs#749

@cbensimon made their first contribution in prometheus/procfs#754

@jj-asama made their first contribution in prometheus/procfs#748

... (truncated)

Commits

9b0219b Fix: Use base16 to convert pci sriov_vf_device (#762)
b8b5106 chore: Migrate tests to cmp package (#760)
d4dc49b meminfo: Fix ZswappedBytes (#759)
638b55c feat: expose MD raid component devices (#674)
b2bde72 sysfs: add link_layer property to InfiniBandPort (#700)
9479c29 Add FS handler for mountinfo (#757)
25803af add netfilter queue support (#677)
e54b37a Fix Proc.Limits limit name matching (#667)
d9d95c9 add sriov, power state and numa node info in PciDevice (#748)
e9627e2 [PROM-50] Update copyright headers (#756)
Additional commits viewable in compare view

Updates github.com/secure-systems-lab/go-securesystemslib from 0.9.0 to 0.10.0

Commits

93d7e1c Merge pull request #139 from secure-systems-lab/dependabot/github_actions/gol...
b2fe7df Merge pull request #138 from secure-systems-lab/dependabot/github_actions/act...
7e9f79e chore(deps): bump golangci/golangci-lint-action from 8.0.0 to 9.2.0
1552d12 chore(deps): bump actions/setup-go from 5.5.0 to 6.1.0
d1d5111 Merge...
Description has been truncated

Bumps the gomod group with 6 updates in the / directory: | Package | From | To | | --- | --- | --- | | [github.com/in-toto/in-toto-golang](https://github.com/in-toto/in-toto-golang) | `0.9.0` | `0.10.0` | | [github.com/prometheus/client_golang](https://github.com/prometheus/client_golang) | `1.22.0` | `1.23.2` | | [go.uber.org/zap](https://github.com/uber-go/zap) | `1.27.0` | `1.27.1` | | [github.com/prometheus/procfs](https://github.com/prometheus/procfs) | `0.17.0` | `0.19.2` | | [go.yaml.in/yaml/v2](https://github.com/yaml/go-yaml) | `2.4.2` | `2.4.3` | | [sigs.k8s.io/yaml](https://github.com/kubernetes-sigs/yaml) | `1.5.0` | `1.6.0` | Updates `github.com/in-toto/in-toto-golang` from 0.9.0 to 0.10.0 - [Release notes](https://github.com/in-toto/in-toto-golang/releases) - [Changelog](https://github.com/in-toto/in-toto-golang/blob/master/CHANGELOG.md) - [Commits](in-toto/in-toto-golang@v0.9.0...v0.10.0) Updates `github.com/prometheus/client_golang` from 1.22.0 to 1.23.2 - [Release notes](https://github.com/prometheus/client_golang/releases) - [Changelog](https://github.com/prometheus/client_golang/blob/main/CHANGELOG.md) - [Commits](prometheus/client_golang@v1.22.0...v1.23.2) Updates `github.com/spf13/cobra` from 1.9.1 to 1.10.2 - [Release notes](https://github.com/spf13/cobra/releases) - [Commits](spf13/cobra@v1.9.1...v1.10.2) Updates `go.uber.org/zap` from 1.27.0 to 1.27.1 - [Release notes](https://github.com/uber-go/zap/releases) - [Changelog](https://github.com/uber-go/zap/blob/master/CHANGELOG.md) - [Commits](uber-go/zap@v1.27.0...v1.27.1) Updates `github.com/prometheus/common` from 0.65.0 to 0.66.1 - [Release notes](https://github.com/prometheus/common/releases) - [Changelog](https://github.com/prometheus/common/blob/main/CHANGELOG.md) - [Commits](prometheus/common@v0.65.0...v0.66.1) Updates `github.com/prometheus/procfs` from 0.17.0 to 0.19.2 - [Release notes](https://github.com/prometheus/procfs/releases) - [Commits](prometheus/procfs@v0.17.0...v0.19.2) Updates `github.com/secure-systems-lab/go-securesystemslib` from 0.9.0 to 0.10.0 - [Release notes](https://github.com/secure-systems-lab/go-securesystemslib/releases) - [Commits](secure-systems-lab/go-securesystemslib@v0.9.0...v0.10.0) Updates `github.com/spf13/pflag` from 1.0.7 to 1.0.10 - [Release notes](https://github.com/spf13/pflag/releases) - [Commits](spf13/pflag@v1.0.7...v1.0.10) Updates `go.yaml.in/yaml/v2` from 2.4.2 to 2.4.3 - [Commits](yaml/go-yaml@v2.4.2...v2.4.3) Updates `golang.org/x/crypto` from 0.40.0 to 0.46.0 - [Commits](golang/crypto@v0.40.0...v0.46.0) Updates `golang.org/x/sys` from 0.34.0 to 0.40.0 - [Commits](golang/sys@v0.34.0...v0.40.0) Updates `golang.org/x/text` from 0.27.0 to 0.32.0 - [Release notes](https://github.com/golang/text/releases) - [Commits](golang/text@v0.27.0...v0.32.0) Updates `google.golang.org/protobuf` from 1.36.6 to 1.36.11 Updates `sigs.k8s.io/yaml` from 1.5.0 to 1.6.0 - [Release notes](https://github.com/kubernetes-sigs/yaml/releases) - [Changelog](https://github.com/kubernetes-sigs/yaml/blob/master/RELEASE.md) - [Commits](kubernetes-sigs/yaml@v1.5.0...v1.6.0) --- updated-dependencies: - dependency-name: github.com/in-toto/in-toto-golang dependency-version: 0.10.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: gomod - dependency-name: github.com/prometheus/client_golang dependency-version: 1.23.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: gomod - dependency-name: github.com/spf13/cobra dependency-version: 1.10.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: gomod - dependency-name: go.uber.org/zap dependency-version: 1.27.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gomod - dependency-name: github.com/prometheus/common dependency-version: 0.66.1 dependency-type: indirect update-type: version-update:semver-minor dependency-group: gomod - dependency-name: github.com/prometheus/procfs dependency-version: 0.19.2 dependency-type: indirect update-type: version-update:semver-minor dependency-group: gomod - dependency-name: github.com/secure-systems-lab/go-securesystemslib dependency-version: 0.10.0 dependency-type: indirect update-type: version-update:semver-minor dependency-group: gomod - dependency-name: github.com/spf13/pflag dependency-version: 1.0.10 dependency-type: indirect update-type: version-update:semver-patch dependency-group: gomod - dependency-name: go.yaml.in/yaml/v2 dependency-version: 2.4.3 dependency-type: indirect update-type: version-update:semver-patch dependency-group: gomod - dependency-name: golang.org/x/crypto dependency-version: 0.46.0 dependency-type: indirect update-type: version-update:semver-minor dependency-group: gomod - dependency-name: golang.org/x/sys dependency-version: 0.40.0 dependency-type: indirect update-type: version-update:semver-minor dependency-group: gomod - dependency-name: golang.org/x/text dependency-version: 0.32.0 dependency-type: indirect update-type: version-update:semver-minor dependency-group: gomod - dependency-name: google.golang.org/protobuf dependency-version: 1.36.11 dependency-type: indirect update-type: version-update:semver-patch dependency-group: gomod - dependency-name: sigs.k8s.io/yaml dependency-version: 1.6.0 dependency-type: indirect update-type: version-update:semver-minor dependency-group: gomod ... Signed-off-by: dependabot[bot] <[email protected]>

kusari-inspector · 2026-01-26T06:14:45Z

⚠️ Workspace Mapping Required

Hello! We noticed that your GitHub organization is not yet mapped to a Kusari workspace. Kusari Inspector now requires installations to be associated with a Kusari workspace.

⚠️ NOTE: Only the admin who installed the Kusari GitHub App can complete these steps. If the admin is unable to complete these steps, please contact [email protected]

To complete the setup:

Visit https://console.us.kusari.cloud/auth/github and log in via github
If you have only one workspace, it will be automatically selected for you
Once the mapping is complete, return here and create a new comment with: @kusari-inspector re-run

This will trigger the analysis to run again.

For more information, or if you need help, visit https://github.com/kusaridev/community/discussions

dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Jan 26, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): bump the gomod group across 1 directory with 14 updates #717

chore(deps): bump the gomod group across 1 directory with 14 updates #717

dependabot bot commented on behalf of github Jan 26, 2026

Uh oh!

kusari-inspector bot commented Jan 26, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

chore(deps): bump the gomod group across 1 directory with 14 updates #717

Are you sure you want to change the base?

chore(deps): bump the gomod group across 1 directory with 14 updates #717

Conversation

dependabot bot commented on behalf of github Jan 26, 2026

v0.10.0

What's Changed

v1.23.2 - 2025-09-05

v1.23.1 - 2025-09-04

v1.23.0 - 2025-07-30

1.23.2 / 2025-09-05

1.23.1 / 2025-09-04

1.23.0 / 2025-07-30

v1.10.2

🔧 Dependencies

📈 CI/CD

🔥✍🏼 Docs

🍂 Refactors

🤗 New Contributors

v1.10.1

🐛 Fix

v1.10.0

What's Changed

🚨 Attention!

v1.27.1

1.27.1 (19 Nov 2025)

v0.66.1

What's Changed

v0.66.0

⚠️ Breaking Changes ⚠️

What's Changed

New Contributors

v0.66.1 / 2025-09-05

What's Changed

v0.66.0 / 2025-09-02

⚠️ Breaking Changes ⚠️

What's Changed

New Contributors

v0.19.2

What's Changed

v0.19.1

What's Changed

v0.19.0

What's Changed

New Contributors

v0.18.0

What's Changed

New Contributors

Uh oh!

kusari-inspector bot commented Jan 26, 2026

⚠️ Workspace Mapping Required

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants