fix(deps): update go minor/patch updates

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
github.com/labstack/echo/v4	v4.13.4 → v4.15.0
github.com/labstack/echo/v5	v5.0.0 → v5.0.1
github.com/minio/minio-go/v7	v7.0.97 → v7.0.98
k8s.io/api	v0.34.3 → v0.35.0
sigs.k8s.io/controller-runtime	v0.22.4 → v0.23.1

---

Release Notes

labstack/echo (github.com/labstack/echo/v4)

v4.15.0

Compare Source

Security

NB: If your application relies on cross-origin or same-site (same subdomain) requests do not blindly push this version to production

The CSRF middleware now supports the Sec-Fetch-Site header as a modern, defense-in-depth approach to CSRF
protection, implementing the OWASP-recommended Fetch Metadata API alongside the traditional token-based mechanism.

How it works:

Modern browsers automatically send the Sec-Fetch-Site header with all requests, indicating the relationship
between the request origin and the target. The middleware uses this to make security decisions:

• same-origin or none: Requests are allowed (exact origin match or direct user navigation)
• same-site: Falls back to token validation (e.g., subdomain to main domain)
• cross-site: Blocked by default with 403 error for unsafe methods (POST, PUT, DELETE, PATCH)

For browsers that don't send this header (older browsers), the middleware seamlessly falls back to
traditional token-based CSRF protection.

New Configuration Options:

• TrustedOrigins []string: Allowlist specific origins for cross-site requests (useful for OAuth callbacks, webhooks)
• AllowSecFetchSiteFunc func(echo.Context) (bool, error): Custom logic for same-site/cross-site request validation

Example:

e.Use(middleware.CSRFWithConfig(middleware.CSRFConfig{
    // Allow OAuth callbacks from trusted provider
    TrustedOrigins: []string{"https://oauth-provider.com"},

    // Custom validation for same-site requests
    AllowSecFetchSiteFunc: func(c echo.Context) (bool, error) {
        // Your custom authorization logic here
        return validateCustomAuth(c), nil
        // return true, err  // blocks request with error
        // return true, nil  // allows CSRF request through
        // return false, nil // falls back to legacy token logic
    },
}))

PR: #​2858

Type-Safe Generic Parameter Binding

• Added generic functions for type-safe parameter extraction and context access by @​aldas in #​2856

  Echo now provides generic functions for extracting path, query, and form parameters with automatic type conversion,
  eliminating manual string parsing and type assertions.

  New Functions:

  • Path parameters: PathParam[T], PathParamOr[T]
  • Query parameters: QueryParam[T], QueryParamOr[T], QueryParams[T], QueryParamsOr[T]
  • Form values: FormParam[T], FormParamOr[T], FormParams[T], FormParamsOr[T]
  • Context store: ContextGet[T], ContextGetOr[T]

  Supported Types:
  Primitives (bool, string, int/uint variants, float32/float64), time.Duration, time.Time
  (with custom layouts and Unix timestamp support), and custom types implementing BindUnmarshaler,
  TextUnmarshaler, or JSONUnmarshaler.

  Example:

  // Before: Manual parsing
  idStr := c.Param("id")
  id, err := strconv.Atoi(idStr)
  
  // After: Type-safe with automatic parsing
  id, err := echo.PathParam[int](c, "id")
  
  // With default values
  page, err := echo.QueryParamOr[int](c, "page", 1)
  limit, err := echo.QueryParamOr[int](c, "limit", 20)
  
  // Type-safe context access (no more panics from type assertions)
  user, err := echo.ContextGet[*User](c, "user")

PR: #​2856

DEPRECATION NOTICE Timeout Middleware Deprecated - Use ContextTimeout Instead

The middleware.Timeout middleware has been deprecated due to fundamental architectural issues that cause
data races. Use middleware.ContextTimeout or middleware.ContextTimeoutWithConfig instead.

Why is this being deprecated?

The Timeout middleware manipulates response writers across goroutine boundaries, which causes data races that
cannot be reliably fixed without a complete architectural redesign. The middleware:

• Swaps the response writer using http.TimeoutHandler
• Must be the first middleware in the chain (fragile constraint)
• Can cause races with other middleware (Logger, metrics, custom middleware)
• Has been the source of multiple race condition fixes over the years

What should you use instead?

The ContextTimeout middleware (available since v4.12.0) provides timeout functionality using Go's standard
context mechanism. It is:

• Race-free by design
• Can be placed anywhere in the middleware chain
• Simpler and more maintainable
• Compatible with all other middleware

Migration Guide:

// Before (deprecated):
e.Use(middleware.Timeout())

// After (recommended):
e.Use(middleware.ContextTimeout(30 * time.Second))

Important Behavioral Differences:

1. Handler cooperation required: With ContextTimeout, your handlers must check context.Done() for cooperative
   cancellation. The old Timeout middleware would send a 503 response regardless of handler cooperation, but had
   data race issues.

2. Error handling: ContextTimeout returns errors through the standard error handling flow. Handlers that receive
   context.DeadlineExceeded should handle it appropriately:

e.GET("/long-task", func(c echo.Context) error {
    ctx := c.Request().Context()

    // Example: database query with context
    result, err := db.QueryContext(ctx, "SELECT * FROM large_table")
    if err != nil {
        if errors.Is(err, context.DeadlineExceeded) {
            // Handle timeout
            return echo.NewHTTPError(http.StatusServiceUnavailable, "Request timeout")
        }
        return err
    }

    return c.JSON(http.StatusOK, result)
})

3. Background tasks: For long-running background tasks, use goroutines with context:

e.GET("/async-task", func(c echo.Context) error {
    ctx := c.Request().Context()

    resultCh := make(chan Result, 1)
    errCh := make(chan error, 1)

    go func() {
        result, err := performLongTask(ctx)
        if err != nil {
            errCh <- err
            return
        }
        resultCh <- result
    }()

    select {
    case result := <-resultCh:
        return c.JSON(http.StatusOK, result)
    case err := <-errCh:
        return err
    case <-ctx.Done():
        return echo.NewHTTPError(http.StatusServiceUnavailable, "Request timeout")
    }
})

Enhancements

• Fixes by @​aldas in #​2852
• Generic functions by @​aldas in #​2856
• CRSF with Sec-Fetch-Site checks by @​aldas in #​2858

v4.14.0

Compare Source

middleware.Logger has been deprecated. For request logging, use middleware.RequestLogger or
middleware.RequestLoggerWithConfig.

middleware.RequestLogger replaces middleware.Logger, offering comparable configuration while relying on the
Go standard library’s new slog logger.

The previous default output format was JSON. The new default follows the standard slog logger settings.
To continue emitting request logs in JSON, configure slog accordingly:

slog.SetDefault(slog.New(slog.NewJSONHandler(os.Stdout, nil)))
e.Use(middleware.RequestLogger())

Security

• Logger middleware json string escaping and deprecation by @​aldas in #​2849

Enhancements

• Update deps by @​aldas in #​2807
• refactor to use reflect.TypeFor by @​cuiweixie in #​2812
• Use Go 1.25 in CI by @​aldas in #​2810
• Modernize context.go by replacing interface{} with any by @​vishr in #​2822
• Fix typo in SetParamValues comment by @​vishr in #​2828
• Fix typo in ContextTimeout middleware comment by @​vishr in #​2827
• Improve BasicAuth middleware: use strings.Cut and RFC compliance by @​vishr in #​2825
• Fix duplicate plus operator in router backtracking logic by @​yuya-morimoto in #​2832
• Replace custom private IP range check with built-in net.IP.IsPrivate by @​kumapower17 in #​2835
• Ensure proxy connection is closed in proxyRaw function(#​2837) by @​kumapower17 in #​2838
• Update deps by @​aldas in #​2843
• Update golang.org/x/* deps by @​aldas in #​2850

minio/minio-go (github.com/minio/minio-go/v7)

v7.0.98

Compare Source

What's Changed

• Only marshal lifecycle rule Filter XML when not empty by @​amigan in #​2177
• Add post-call checks on AppendObject by @​klauspost in #​2178
• Replace gopkg.in/yaml.v3 with go.yaml.in/yaml/v3 by @​emike922 in #​2182
• Support GCS bulk delete with serialized single DELETE requests by @​harshavardhana in #​2185
• Add automatic checksum test by @​klauspost in #​2184
• Fix wrong checksum type field name by @​klauspost in #​2188
• Upgrade dependencies, remove toolchain by @​klauspost in #​2189
• Increase max object size to ~48.83TiB (5GiB * 10000 parts) by @​harshavardhana in #​2190
• Add generic Set[T comparable] implementation to pkg/set by @​harshavardhana in #​2192
• Refactor: Use pkg/set types for internal set collections by @​harshavardhana in #​2193

New Contributors

• @​amigan made their first contribution in #​2177
• @​emike922 made their first contribution in #​2182

Full Changelog: minio/minio-go@v7.0.97...v7.0.98

kubernetes/api (k8s.io/api)

v0.35.0

Compare Source

kubernetes-sigs/controller-runtime (sigs.k8s.io/controller-runtime)

v0.23.1

Compare Source

What's Changed

• [release-0.23] 🐛 Cache reader: Wait for cache sync when ReaderFailOnMissingInformer is true by @​k8s-infra-cherrypick-robot in #​3433
• [release-0.23] 🐛 Fix panic when using CRs with embedded pointer structs by @​k8s-infra-cherrypick-robot in #​3436
• [release-0.23] 🌱 Test cache reader waits for cache sync by @​k8s-infra-cherrypick-robot in #​3438
• [release-0.23] 🐛 Fakeclient: Fix status apply if existing object has managedFields set by @​k8s-infra-cherrypick-robot in #​3437

Full Changelog: kubernetes-sigs/controller-runtime@v0.23.0...v0.23.1

v0.23.0

Compare Source

🔆 Highlights

• Client: Add subresource Apply support by @​alvaroaleman in #​3321
• Conversion: Enable implementation of conversion outside of API packages by @​sbueringer in #​3335
• Priorityqueue: Various improvements, bug fixes and now enabled per default
• Webhooks: Generic Validator and Defaulter by @​alvaroaleman in #​3360

⚠️ Breaking changes

• Dependencies: Update to k8s.io/* v1.35 by @​alvaroaleman @​dongjiang1989 @​kannon92 (#​3316, #​3349, #​3386, #​3391, #​3401)
• Client: Add subresource Apply support by @​alvaroaleman in #​3321
• Events: Migration to the new events API by @​clebs in #​3262
  • Using the new GetEventRecorderFor requires updating your rbac for events to use the events.k8s.io apiGroup rather than the `` (core) apiGroup
• Fakeclient: Set ResourceVersion for SSA Create by @​alvaroaleman in #​3311
• Webhooks: Generic Validator and Defaulter by @​alvaroaleman in #​3360
  • Existing code of the form builder.WebhookManagedBy(mgr).For(&corev1.Deployment{}) has to be changed to builder.WebhookManagedBy(mgr, &appsv1.Deployment{})
  • Existing webhook implementations have to be changed to take the concrete object rather than runtime.Object, for example from ValidateCreate(ctx context.Context, obj runtime.Object) (admission.Warnings, error) to ValidateCreate(ctx context.Context, obj *appsv1.Deployment) (admission.Warnings, error)

✨ Features

• Cache: Allow fine-granular SyncPeriod configuration by @​sbueringer in #​3376
• Client: Add FieldOwner option to client.Options by @​aerfio in #​3389
• Client: Add FieldValidation option to client.Options by @​aerfio in #​3393
• Conversion: Enable implementation of conversion outside of API packages by @​sbueringer in #​3335
• Metrics: Add controller_runtime_reconcile_timeouts_total metric to track ReconciliationTimeout timeouts by @​godwinpang in #​3382
• Priorityqueue: Add optional Priority field to reconcile.Result by @​sbueringer in #​3333
• Priorityqueue: Enable per default by @​sbueringer in #​3332
• Priorityqueue: Use a buffer to optimize priority queue AddWithOpts performance by @​zach593 in #​3415
• Source/Kind: Delay reconciliation until handlers sync by @​GonzaloLuminary in #​3406
• Webhooks: Add WithContextFunc to WebhookBuilder by @​dmvolod in #​3324

🐛 Bugfixes

• Client: Allow SSA after normal resource creation by @​filipcirtog in #​3346
• Client: Fix List in namespaced client to list objects that are cluster scoped by @​troy0820 in #​3351 #​3353
• Envtest: Respect pre-configured binary paths in ControlPlane by @​mzhaom in #​3372
• Fakeclient: Fix a number of bugs when updating through apply by @​alvaroaleman in #​3319
• FakeClient: Fix Apply with Unstructured ApplyConfiguration and resourceVersion unset by @​sbueringer in #​3403
• Fakeclient: Fix SSA after List with non-list kind by @​sbueringer in #​3364
• Fakeclient: Panic when trying to build more than one instance of fake.ClientBuilder by @​troy0820 in #​3314
• Leaderelection: Copy all parent context values to leader elector's context by @​msudheendra-cflt in #​3327
• Metrics: Adding missing exponential buckets on webhook native histogram by @​brito-rafa in #​3411
• Priorityqueue: Do FIFO ordering within priorities and not across by @​zach593 in #​3408
• Priorityqueue: Don't block on Get when queue is shutdown (2nd try) by @​sbueringer in #​3337
• Priorityqueue: Ensure priority queue always returns high-priority items first by @​moritzmoe in #​3330
• Priorityqueue: Fix TestWhenAddingMultipleItemsWithRatelimitTrueTheyDontAffectEachOther by @​zach593 in #​3395
• Priorityqueue: Limit depthWithPriorityMetric cardinality to 25 by @​alvaroaleman #​3419
• Priorityqueue: Properly sync the waiter manipulation by @​fossedihelm in #​3368
• setup-envtest: Select the newest Kubernetes by default by @​cbandy in #​3380
• testing/addr: Prevent possible leak by avoiding defer in loop by @​s-z-z in #​3367

🌱 Other

• Dependencies: Update controller-tools to 0.20.0 and fix lint by @​dongjiang1989 in #​3405
• Linter: Add depguard golangci-linter for forbid sort pkg by @​dongjiang1989 in #​3374
• Linter: Modernize finalizer utils by @​tbavelier in #​3329
• Linter: Update golangci-lint version and modernize lint by @​dongjiang1989 in #​3384
• Linter: Update golangci-lint version to v2.4.0 by @​dongjiang1989 in #​3318
• Linter: Update golangci-lint version to v2.5.0 by @​dongjiang1989 in #​3323
• Linter: Update golangci-lint version to v2.7.2 by @​dongjiang1989 in #​3399
• Manager: Deflake should execute the Warmup function test when Warmup group is started by @​alvaroaleman in #​3356
• Misc: Add CreateOrPatch function in alias.go by @​tisonkun in #​3375
• Misc: Change sort to slices package by @​dongjiang1989 in #​3370
• Misc: Fix typo in unit test name by @​s-z-z in #​3304
• Misc: Revert deprecation of client.Apply by @​sbueringer in #​3307
• Priorityqueue: Add and use newQueueWithTimeForwarder by @​alvaroaleman in #​3336
• Priorityqueue: Add some more tests to the priorityqueue by @​alvaroaleman in #​3387
• Priorityqueue: Use separate b-trees for ready and non-ready items by @​alvaroaleman in #​3416
• Priorityqueue: Use synctest by @​alvaroaleman in #​3350

📖 Documentation

• Add a design for supporting warm replicas by @​godwinpang in #​3121
• Remove latest from setupenvtest docs by @​troy0820 in #​3359
• pkg/client/config: Remove outdated doc comments by @​haoqixu in #​3306
• Update client.Apply example by @​aerfio in #​3390
• Update README.md's compatibility matrix for v0.22.x. by @​renormalize in #​3392

Dependencies

Added

• github.com/Masterminds/semver/v3: v3.4.0
• github.com/gkampitakis/ciinfo: v0.3.2
• github.com/gkampitakis/go-diff: v1.3.2
• github.com/gkampitakis/go-snaps: v0.5.15
• github.com/goccy/go-yaml: v1.18.0
• github.com/joshdk/go-junit: v1.0.0
• github.com/maruel/natural: v1.1.1
• github.com/mfridman/tparse: v0.18.0
• github.com/tidwall/gjson: v1.18.0
• github.com/tidwall/match: v1.1.1
• github.com/tidwall/pretty: v1.2.1
• github.com/tidwall/sjson: v1.2.5
• go.uber.org/automaxprocs: v1.6.0
• golang.org/x/tools/go/expect: v0.1.0-deprecated
• golang.org/x/tools/go/packages/packagestest: v0.1.1-deprecated

Changed

• github.com/go-logr/logr: v1.4.2 → v1.4.3
• github.com/google/pprof: d1b30fe → 27863c8
• github.com/onsi/ginkgo/v2: v2.22.0 → v2.27.2
• github.com/onsi/gomega: v1.36.1 → v1.38.2
• github.com/prometheus/client_golang: v1.22.0 → v1.23.2
• github.com/prometheus/client_model: v0.6.1 → v0.6.2
• github.com/prometheus/common: v0.62.0 → v0.66.1
• github.com/prometheus/procfs: v0.15.1 → v0.16.1
• github.com/rogpeppe/go-internal: v1.13.1 → v1.14.1
• github.com/spf13/cobra: v1.9.1 → v1.10.0
• github.com/spf13/pflag: v1.0.6 → v1.0.9
• github.com/stretchr/testify: v1.10.0 → v1.11.1
• go.etcd.io/bbolt: v1.4.2 → v1.4.3
• go.etcd.io/etcd/api/v3: v3.6.4 → v3.6.5
• go.etcd.io/etcd/client/pkg/v3: v3.6.4 → v3.6.5
• go.etcd.io/etcd/client/v3: v3.6.4 → v3.6.5
• go.etcd.io/etcd/pkg/v3: v3.6.4 → v3.6.5
• go.etcd.io/etcd/server/v3: v3.6.4 → v3.6.5
• go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp: v0.58.0 → v0.61.0
• go.opentelemetry.io/otel/metric: v1.35.0 → v1.36.0
• go.opentelemetry.io/otel/sdk/metric: v1.34.0 → v1.36.0
• go.opentelemetry.io/otel/sdk: v1.34.0 → v1.36.0
• go.opentelemetry.io/otel/trace: v1.35.0 → v1.36.0
• go.opentelemetry.io/otel: v1.35.0 → v1.36.0
• go.yaml.in/yaml/v2: v2.4.2 → v2.4.3
• golang.org/x/crypto: v0.36.0 → v0.45.0
• golang.org/x/mod: v0.21.0 → v0.29.0
• golang.org/x/net: v0.38.0 → v0.47.0
• golang.org/x/oauth2: v0.27.0 → v0.30.0
• golang.org/x/sync: v0.12.0 → v0.18.0
• golang.org/x/sys: v0.31.0 → v0.38.0
• golang.org/x/telemetry: bda5523 → 078029d
• golang.org/x/term: v0.30.0 → v0.37.0
• golang.org/x/text: v0.23.0 → v0.31.0
• golang.org/x/tools: v0.26.0 → v0.38.0
• golang.org/x/xerrors: 5ec99f8 → 9bdfabe
• google.golang.org/genproto/googleapis/rpc: a0af3ef → 200df99
• google.golang.org/grpc: v1.72.1 → v1.72.2
• google.golang.org/protobuf: v1.36.5 → v1.36.8
• gopkg.in/evanphx/json-patch.v4: v4.12.0 → v4.13.0
• k8s.io/api: v0.34.0 → v0.35.0
• k8s.io/apiextensions-apiserver: v0.34.0 → v0.35.0
• k8s.io/apimachinery: v0.34.0 → v0.35.0
• k8s.io/apiserver: v0.34.0 → v0.35.0
• k8s.io/client-go: v0.34.0 → v0.35.0
• k8s.io/code-generator: v0.34.0 → v0.35.0
• k8s.io/component-base: v0.34.0 → v0.35.0
• k8s.io/gengo/v2: 85fd79d → ec3ebc5
• k8s.io/kms: v0.34.0 → v0.35.0
• k8s.io/kube-openapi: f3f2b99 → 589584f
• k8s.io/utils: 4c0f3b2 → bc988d5
• sigs.k8s.io/json: cfa47c3 → 2d32026

Removed

• github.com/kisielk/errcheck: v1.5.0
• github.com/kisielk/gotool: v1.0.0
• gopkg.in/yaml.v2: v2.4.0

New Contributors

• @​haoqixu made their first contribution in #​3306
• @​msudheendra-cflt made their first contribution in #​3327
• @​tbavelier made their first contribution in #​3329
• @​moritzmoe made their first contribution in #​3330
• @​filipcirtog made their first contribution in #​3346
• @​fossedihelm made their first contribution in #​3368
• @​mzhaom made their first contribution in #​3372
• @​tisonkun made their first contribution in #​3375
• @​renormalize made their first contribution in #​3392
• @​brito-rafa made their first contribution in #​3411
• @​GonzaloLuminary made their first contribution in #​3406

Full Changelog: kubernetes-sigs/controller-runtime@v0.22.0...v0.23.0

Thanks to all our contributors! 😊

v0.22.5

Compare Source

What's Changed

• 🌱 Bump k8s.io/* to v0.34.3 by @​sbueringer in #​3420

Full Changelog: kubernetes-sigs/controller-runtime@v0.22.4...v0.22.5

---

Configuration

📅 Schedule: Branch creation - "before 3am on sunday" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[renovate]

ℹ️ Artifact update notice

File name: example/complete/go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

• 34 additional dependencies were updated

Details:

Package	Change
github.com/BurntSushi/toml	v1.5.0 -> v1.6.0
github.com/containerd/containerd	v1.7.29 -> v1.7.30
github.com/cyphar/filepath-securejoin	v0.6.0 -> v0.6.1
github.com/go-openapi/jsonpointer	v0.21.0 -> v0.21.1
github.com/go-openapi/jsonreference	v0.20.4 -> v0.21.0
github.com/go-openapi/swag	v0.23.0 -> v0.23.1
github.com/klauspost/compress	v1.18.0 -> v1.18.2
github.com/mailru/easyjson	v0.7.7 -> v0.9.0
github.com/minio/crc64nvme	v1.1.0 -> v1.1.1
github.com/rubenv/sql-migrate	v1.8.0 -> v1.8.1
github.com/spf13/cobra	v1.10.1 -> v1.10.2
github.com/tinylib/msgp	v1.3.0 -> v1.6.1
go.yaml.in/yaml/v2	v2.4.2 -> v2.4.3
golang.org/x/crypto	v0.43.0 -> v0.47.0
golang.org/x/net	v0.45.0 -> v0.49.0
golang.org/x/sync	v0.17.0 -> v0.19.0
golang.org/x/sys	v0.37.0 -> v0.40.0
golang.org/x/term	v0.36.0 -> v0.39.0
golang.org/x/text	v0.30.0 -> v0.33.0
golang.org/x/time	v0.12.0 -> v0.14.0
google.golang.org/protobuf	v1.36.6 -> v1.36.8
gopkg.in/evanphx/json-patch.v4	v4.12.0 -> v4.13.0
helm.sh/helm/v3	v3.19.2 -> v3.20.0
k8s.io/apiextensions-apiserver	v0.34.2 -> v0.35.0
k8s.io/apimachinery	v0.34.3 -> v0.35.0
k8s.io/apiserver	v0.34.2 -> v0.35.0
k8s.io/cli-runtime	v0.34.2 -> v0.35.0
k8s.io/client-go	v0.34.2 -> v0.35.0
k8s.io/component-base	v0.34.2 -> v0.35.0
k8s.io/kube-openapi	v0.0.0-20250710124328-f3f2b991d03b -> v0.0.0-20250910181357-589584f1c912
k8s.io/kubectl	v0.34.0 -> v0.35.0
k8s.io/utils	v0.0.0-20250604170112-4c0f3b243397 -> v0.0.0-20251002143259-bc988d571ff4
sigs.k8s.io/json	v0.0.0-20241014173422-cfa47c3a1cc8 -> v0.0.0-20250730193827-2d320260d730
sigs.k8s.io/kustomize/kyaml	v0.20.1 -> v0.21.0

File name: example/kubernetes/go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

• 19 additional dependencies were updated

Details:

Package	Change
github.com/go-openapi/jsonpointer	v0.21.0 -> v0.21.1
github.com/go-openapi/jsonreference	v0.20.4 -> v0.21.0
github.com/go-openapi/swag	v0.23.0 -> v0.23.1
github.com/mailru/easyjson	v0.7.7 -> v0.9.0
go.yaml.in/yaml/v2	v2.4.2 -> v2.4.3
golang.org/x/crypto	v0.43.0 -> v0.47.0
golang.org/x/net	v0.45.0 -> v0.49.0
golang.org/x/sys	v0.37.0 -> v0.40.0
golang.org/x/term	v0.36.0 -> v0.39.0
golang.org/x/text	v0.30.0 -> v0.33.0
golang.org/x/time	v0.12.0 -> v0.14.0
google.golang.org/protobuf	v1.36.6 -> v1.36.8
gopkg.in/evanphx/json-patch.v4	v4.12.0 -> v4.13.0
k8s.io/apiextensions-apiserver	v0.34.2 -> v0.35.0
k8s.io/apimachinery	v0.34.3 -> v0.35.0
k8s.io/client-go	v0.34.2 -> v0.35.0
k8s.io/kube-openapi	v0.0.0-20250710124328-f3f2b991d03b -> v0.0.0-20250910181357-589584f1c912
k8s.io/utils	v0.0.0-20250604170112-4c0f3b243397 -> v0.0.0-20251002143259-bc988d571ff4
sigs.k8s.io/json	v0.0.0-20241014173422-cfa47c3a1cc8 -> v0.0.0-20250730193827-2d320260d730

File name: go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

• 4 additional dependencies were updated

Details:

Package	Change
github.com/klauspost/compress	v1.18.0 -> v1.18.2
github.com/minio/crc64nvme	v1.1.0 -> v1.1.1
github.com/tinylib/msgp	v1.3.0 -> v1.6.1
sigs.k8s.io/structured-merge-diff/v6	v6.3.0 -> v6.3.2-0.20260122202528-d9cc6641c482