build(deps): bump the go-dependencies group in /controller with 16 updates

[dependabot]

Bumps the go-dependencies group in /controller with 16 updates:

Package	From	To
github.com/gin-gonic/gin	1.10.0	1.12.0
github.com/go-jose/go-jose/v4	4.1.3	4.1.4
github.com/grpc-ecosystem/go-grpc-middleware/v2	2.2.0	2.3.3
github.com/grpc-ecosystem/grpc-gateway/v2	2.24.0	2.29.0
github.com/onsi/ginkgo/v2	2.22.2	2.28.1
github.com/onsi/gomega	1.36.2	1.39.0
github.com/zitadel/oidc/v3	3.34.1	3.47.4
golang.org/x/sync	0.19.0	0.20.0
google.golang.org/genproto/googleapis/api	0.0.0-20260120221211-b8f7ae30c516	0.0.0-20260414002931-afd174a4e478
k8s.io/api	0.33.0	0.35.4
k8s.io/apimachinery	0.33.0	0.35.4
k8s.io/apiserver	0.33.0	0.35.4
k8s.io/client-go	0.33.0	0.35.4
k8s.io/utils	0.0.0-20241104100929-3ea5e8cea738	0.0.0-20251002143259-bc988d571ff4
sigs.k8s.io/controller-runtime	0.21.0	0.23.3
sigs.k8s.io/yaml	1.4.0	1.6.0

Updates github.com/gin-gonic/gin from 1.10.0 to 1.12.0

Release notes

Sourced from github.com/gin-gonic/gin's releases.

v1.12.0

Changelog

Features

• 192ac89eefc1c30f7c97ae48a9ffb1c6f1c8c8bc: feat(binding): add support for encoding.UnmarshalText in uri/query binding (#4203) (@​takanuva15)
• 53410d2e07054369e0960fbe2eed97e1b9966f12: feat(context): add GetError and GetErrorSlice methods for error retrieval (#4502) (@​raju-mechatronics)
• acc55e049e33b401e810dbd8c0d6dcb6b3ba2b05: feat(context): add Protocol Buffers support to content negotiation (#4423) (@​1911860538)
• 38e765119241d990705169bedb5002a29ae0cbd1: feat(context): implemented Delete method (@​Spyder01)
• 771dcc6476d7bc6abb9ec0235ecefa4d38fe6fb0: feat(gin): add option to use escaped path (#4420) (@​ldesauw)
• 4dec17afdff48e8018c83618fbbe69fceeb2b41d: feat(logger): color latency (#4146) (@​wsyqn6)
• d7776de7d444935ea4385999711bd6331a98fecb: feat(render): add bson protocol (#4145) (@​laurentcau)

Bug fixes

• b917b14ff9d189f16a7492be79d123a47806ee19: fix(binding): empty value error (#2169) (@​guonaihong)
• c3d1092b3b48addf6f9cd00fe274ec3bd14650eb: fix(binding): improve empty slice/array handling in form binding (#4380) (@​1911860538)
• 9914178584e42458ff7d23891463a880f58c9d86: fix(context): ClientIP handling for multiple X-Forwarded-For header values (#4472) (@​Nurysso)
• 2a794cd0b0faa7d829291375b27a3467ea972b0d: fix(debug): version mismatch (#4403) (@​zeek0x)
• c3d5a28ed6d3849da820195b6774d212bcc038a9: fix(gin): close os.File in RunFd to prevent resource leak (#4422) (@​1911860538)
• 5fad976b372e381312f8de69f0969f1284d229d3: fix(gin): literal colon routes not working with engine.Handler() (#4415) (@​pawannn)
• 63dd3e60cab89c27fb66bce1423bd268d52abad1: fix(recover): suppress http.ErrAbortHandler in recover (#4336) (@​MondayCha)
• 5c00df8afadd06cc5be530dde00fe6d9fa4a2e4a: fix(render): write content length in Data.Render (#4206) (@​dengaleev)
• 234a6d4c00cb77af9852aca0b8289745d5529b4b: fix(response): refine hijack behavior for response lifecycle (#4373) (@​appleboy)
• 472d086af2acd924cb4b9d7be0525f7d790f69bc: fix(tree): panic in findCaseInsensitivePathRec with RedirectFixedPath (#4535) (@​veeceey)
• 8e07d37c63e5536eb25f4af4c91eabeee4011fba: fix: Correct typos, improve documentation clarity, and remove dead code (#4511) (@​mahanadh)

Enhancements

• ba093d19477b896ac89a7fc3246af23d290b8e26: chore(binding): upgrade bson dependency to mongo-driver v2 (#4549) (@​BobDu)
• b2b489dbf4826c2c630717a77fd5e42774625410: chore(context): always trust xff headers from unix socket (#3359) (@​WeidiDeng)
• ecb3f7b5e2f3915bf1db240ed5eee572f8dbea36: chore(deps): upgrade golang.org/x/crypto to v0.45.0 (#4449) (@​appleboy)
• af6e8b70b8261bb0c99ad094fe552ab92991620a: chore(deps): upgrade quic-go to v0.57.1 (@​appleboy)
• db309081bc5c137b2aa15701ef53f7f19788da25: chore(logger): allow skipping query string output (#4547) (@​USA-RedDragon)
• 26c3a628655cad2388380cb8102d6ce7d4875f3b: chore(response): prevent Flush() panic when http.Flusher (#4479) (@​Twacqwq)
• 5dd833f1f26de0eb30eae47b17e05ced2482dc41: chore: bump minimum Go version to 1.24 and update workflows (#4388) (@​appleboy)

Refactor

• 39858a0859c914bd26948fa950477e11bd8d3823: refactor(binding): use maps.Copy for cleaner map handling (#4352) (@​russcoss)
• c0048f645ee945c4db30593afdea10123e2c30a6: refactor(context): omit the return value names (#4395) (@​wanghaolong613)
• 915e4c90d28ec4cffc6eb146e208ab5a65eac772: refactor(context): replace hardcoded localhost IPs with constants (#4481) (@​pauloappbr)
• 414de60574449457f3192a7a1d5528940db2836d: refactor(context): using maps.Clone (#4333) (@​cuiweixie)
• 59e9d4a794f12c4f9a6c7bed441b9644e5f6d99b: refactor(ginS): use sync.OnceValue to simplify engine function (#4314) (@​1911860538)
• 3ab698dc5110af1977d57226e4995c57dd34c233: refactor(recovery): smart error comparison (#4142) (@​zeek0x)
• d1a15347b1e45a8ee816193d3578a93bfd73b70f: refactor(utils): move util functions to utils.go (#4467) (@​zeek0x)
• e3118cc378d263454098924ebbde7e8d1dd2e904: refactor: for loop can be modernized using range over int (#4392) (@​wanghaolong613)
• 488f8c3ffa579a8d19beb2bae95ff8ef36b3d53f: refactor: replace magic numbers with named constants in bodyAllowedForStatus (#4529) (@​veeceey)
• 9968c4bf9d5a99edc3eee2c068a4c9160ece8915: refactor: use b.Loop() to simplify the code and improve performance (#4389) (@​reddaisyy)
• a85ef5ce4d0cda8834c59c855068ed48b51192d1: refactor: use b.Loop() to simplify the code and improve performance (#4432) (@​efcking)

Build process updates

• 61b67de522a189b568aced4c5c16917c558e3387: ci(bot): increase frequency and group updates for dependencies (#4367) (@​appleboy)
• fb27ef26c2fdfe25344b4c039d8a53551f9e912c: ci(lint): refactor test assertions and linter configuration (#4436) (@​appleboy)
• 93ff771e6dbf10e432864b30f3719ac5c84a4d4a: ci(sec): improve type safety and server organization in HTTP middleware (#4437) (@​appleboy)
• e88fc8927a52b74f55bec0351604a56ac0aa1c51: ci(sec): schedule Trivy security scans to run daily at midnight UTC (#4439) (@​appleboy)
• 5e5ff3ace496a31b138b0820136a146bfb5de0ef: ci: replace vulnerability scanning workflow with Trivy integration (#4421) (@​appleboy)
• 00900fb3e1ea9dde33985a0e4f6afec793d5e786: ci: update CI workflows and standardize Trivy config quotes (#4531) (@​appleboy)
• ae3f524974fc4f55d18c9e7fae4614503c015226: ci: update Go version support to 1.25+ across CI and docs (#4550) (@​appleboy)

... (truncated)

Changelog

Sourced from github.com/gin-gonic/gin's changelog.

Gin v1.12.0

Features

• feat(render): add bson protocol (#4145)
• feat(context): add GetError and GetErrorSlice methods for error retrieval (#4502)
• feat(binding): add support for encoding.UnmarshalText in uri/query binding (#4203)
• feat(gin): add option to use escaped path (#4420)
• feat(context): add Protocol Buffers support to content negotiation (#4423)
• feat(context): implemented Delete method (#38e7651)
• feat(logger): color latency (#4146)

Enhancements

• perf(tree): reduce allocations in findCaseInsensitivePath (#4417)
• perf(recovery): optimize line reading in stack function (#4466)
• perf(path): replace regex with custom functions in redirectTrailingSlash (#4414)
• perf(tree): optimize path parsing using strings.Count (#4246)
• chore(logger): allow skipping query string output (#4547)
• chore(context): always trust xff headers from unix socket (#3359)
• chore(response): prevent Flush() panic when the underlying ResponseWriter does not implement http.Flusher (#4479)
• refactor(recovery): smart error comparison (#4142)
• refactor(context): replace hardcoded localhost IPs with constants (#4481)
• refactor(utils): move util functions to utils.go (#4467)
• refactor(binding): use maps.Copy for cleaner map handling (#4352)
• refactor(context): using maps.Clone (#4333)
• refactor(ginS): use sync.OnceValue to simplify engine function (#4314)
• refactor: replace magic numbers with named constants in bodyAllowedForStatus (#4529)
• refactor: for loop can be modernized using range over int (#4392)

Bug Fixes

• fix(tree): panic in findCaseInsensitivePathRec with RedirectFixedPath (#4535)
• fix(render): write content length in Data.Render (#4206)
• fix(context): ClientIP handling for multiple X-Forwarded-For header values (#4472)
• fix(binding): empty value error (#2169)
• fix(recover): suppress http.ErrAbortHandler in recover (#4336)
• fix(gin): literal colon routes not working with engine.Handler() (#4415)
• fix(gin): close os.File in RunFd to prevent resource leak (#4422)
• fix(response): refine hijack behavior for response lifecycle (#4373)
• fix(binding): improve empty slice/array handling in form binding (#4380)
• fix(debug): version mismatch (#4403)
• fix: correct typos, improve documentation clarity, and remove dead code (#4511)

Build process updates / CI

• ci: update Go version support to 1.25+ across CI and docs (#4550)
• chore(binding): upgrade bson dependency to mongo-driver v2 (#4549)

Gin v1.11.0

... (truncated)

Commits

• 73726dc docs: update documentation to reflect Go version changes (#4552)
• e292e5c docs: document and finalize Gin v1.12.0 release (#4551)
• ae3f524 ci: update Go version support to 1.25+ across CI and docs (#4550)
• 38534e2 chore(deps): bump golang.org/x/net from 0.50.0 to 0.51.0 (#4548)
• 472d086 fix(tree): panic in findCaseInsensitivePathRec with RedirectFixedPath (#4535)
• fb25834 test(context): use http.StatusContinue constant instead of magic number 100 (...
• 6f1d5fe test(render): add comprehensive error handling tests (#4541)
• 5c00df8 fix(render): write content length in Data.Render (#4206)
• db30908 chore(logger): allow skipping query string output (#4547)
• ba093d1 chore(binding): upgrade bson dependency to mongo-driver v2 (#4549)
• Additional commits viewable in compare view

Updates github.com/go-jose/go-jose/v4 from 4.1.3 to 4.1.4

Release notes

Sourced from github.com/go-jose/go-jose/v4's releases.

v4.1.4

What's Changed

Fixes Panic in JWE decryption. See GHSA-78h2-9frx-2jm8

Full Changelog: go-jose/go-jose@v4.1.3...v4.1.4

Commits

• 0e59876 Merge commit from fork
• ddffdbc Bump actions/checkout from 5 to 6 (#213)
• See full diff in compare view

Updates github.com/grpc-ecosystem/go-grpc-middleware/v2 from 2.2.0 to 2.3.3

Release notes

Sourced from github.com/grpc-ecosystem/go-grpc-middleware/v2's releases.

v2.3.3

What's Changed

• add WithLabelsFromContext prometheus interceptor option by @​benjibuiltit in grpc-ecosystem/go-grpc-middleware#758
• fix: correct comment typo in StreamServerInterceptor function by @​haru-256 in grpc-ecosystem/go-grpc-middleware#760
• Minor refactor to remove duplication by @​nwnt in grpc-ecosystem/go-grpc-middleware#761
• chore: migrate golangci-lint to v2.3.0 by @​mmorel-35 in grpc-ecosystem/go-grpc-middleware#765
• chore: enable misspell linter with golangci-lint by @​mmorel-35 in grpc-ecosystem/go-grpc-middleware#768
• chore: enable errorlint by @​mmorel-35 in grpc-ecosystem/go-grpc-middleware#774
• chore: update buf to v1.55.1 by @​mmorel-35 in grpc-ecosystem/go-grpc-middleware#767
• chore: update dependabot configuration for gomod and github-actions by @​mmorel-35 in grpc-ecosystem/go-grpc-middleware#775
• chore: enable testifylint linter by @​mmorel-35 in grpc-ecosystem/go-grpc-middleware#769
• chore: enable several rules from go-critic by @​mmorel-35 in grpc-ecosystem/go-grpc-middleware#766
• chore: enable several rules from govet by @​mmorel-35 in grpc-ecosystem/go-grpc-middleware#773
• chore: enable contextcheck and fatcontext linters by @​mmorel-35 in grpc-ecosystem/go-grpc-middleware#770
• chore: enable usestdlibvars linter by @​mmorel-35 in grpc-ecosystem/go-grpc-middleware#772
• chore: enable promlinter linter by @​mmorel-35 in grpc-ecosystem/go-grpc-middleware#771
• chore: enable usetesting linter by @​mmorel-35 in grpc-ecosystem/go-grpc-middleware#784
• build(deps): bump google.golang.org/grpc from 1.67.1 to 1.74.2 by @​mmorel-35 in grpc-ecosystem/go-grpc-middleware#785
• chore: enable hugeParam rule from go-critic by @​mmorel-35 in grpc-ecosystem/go-grpc-middleware#786
• chore: use actions/setup-go native cache by @​mmorel-35 in grpc-ecosystem/go-grpc-middleware#787
• fix(#794): Wrapping codes.OK should not cause panic by @​floppyzedolfin in grpc-ecosystem/go-grpc-middleware#795
• feat(prometheus): add ContextLabels to ClientMetrics by @​ArtARTs36 in grpc-ecosystem/go-grpc-middleware#798
• fix(ci): tidy module before linting by @​manute in grpc-ecosystem/go-grpc-middleware#808
• [Prometheus] Fix pre-registration of handled metrics with context labels by @​t-bowcock in grpc-ecosystem/go-grpc-middleware#810
• avoid unnecessary logging field creation when payload logging is disabled by @​dbeneker in grpc-ecosystem/go-grpc-middleware#809

New Contributors

• @​benjibuiltit made their first contribution in grpc-ecosystem/go-grpc-middleware#758
• @​haru-256 made their first contribution in grpc-ecosystem/go-grpc-middleware#760
• @​nwnt made their first contribution in grpc-ecosystem/go-grpc-middleware#761
• @​mmorel-35 made their first contribution in grpc-ecosystem/go-grpc-middleware#765
• @​floppyzedolfin made their first contribution in grpc-ecosystem/go-grpc-middleware#795
• @​ArtARTs36 made their first contribution in grpc-ecosystem/go-grpc-middleware#798
• @​manute made their first contribution in grpc-ecosystem/go-grpc-middleware#808
• @​t-bowcock made their first contribution in grpc-ecosystem/go-grpc-middleware#810
• @​dbeneker made their first contribution in grpc-ecosystem/go-grpc-middleware#809

Full Changelog: grpc-ecosystem/go-grpc-middleware@v2.3.2...v2.3.3

v2.3.2

What's Changed

• chore: fix some typos by @​dockercui in grpc-ecosystem/go-grpc-middleware#755
• update module for protovalidate by @​calmh in grpc-ecosystem/go-grpc-middleware#757

New Contributors

• @​dockercui made their first contribution in grpc-ecosystem/go-grpc-middleware#755
• @​calmh made their first contribution in grpc-ecosystem/go-grpc-middleware#757

Full Changelog: grpc-ecosystem/go-grpc-middleware@v2.3.1...v2.3.2

... (truncated)

Commits

• 390bcef avoid unnecessary logging field creation when payload logging is disabled (#809)
• 748e2b2 fix metric label initialize (#810)
• af451d0 fix(ci): tidy module before linting (#808)
• 2dc9821 feat: add ContextLabels to ClientMetrics (#798)
• 2338d5a fix(#794): Wrapping codes.OK should not cause panic (#795)
• 6ec6dd3 chore: use actions/setup-go native cache (#787)
• f7911cc chore: enable hugeParam rule from go-critic (#786)
• e2d5773 build(deps): bump google.golang.org/grpc from 1.67.1 to 1.74.2 (#785)
• d75e7d9 chore: enable usetesting linter (#784)
• c8a612b chore: enable promlinter linter (#771)
• Additional commits viewable in compare view

Updates github.com/grpc-ecosystem/grpc-gateway/v2 from 2.24.0 to 2.29.0

Release notes

Sourced from github.com/grpc-ecosystem/grpc-gateway/v2's releases.

v2.29.0

What's Changed

• fix: use proto.Merge to avoid copylocks with use_opaque_api=true by @​emahiro in grpc-ecosystem/grpc-gateway#6383
• fix: allow proto3 optional fields in path parameters by @​susanachl in grpc-ecosystem/grpc-gateway#6416
• Add option to disable HTTP method override by @​achew22 in grpc-ecosystem/grpc-gateway#6447
• Add Go documentation badge to README by @​achew22 in grpc-ecosystem/grpc-gateway#6448
• fix: add missing return statements in error handler paths by @​jet-go in grpc-ecosystem/grpc-gateway#6561
• Deprecate fields and methods if file is deprecated by @​aidandj in grpc-ecosystem/grpc-gateway#6613
• Add edition 2024 support by @​printfn in grpc-ecosystem/grpc-gateway#6622

New Contributors

• @​emahiro made their first contribution in grpc-ecosystem/grpc-gateway#6383
• @​susanachl made their first contribution in grpc-ecosystem/grpc-gateway#6416
• @​jet-go made their first contribution in grpc-ecosystem/grpc-gateway#6561
• @​aidandj made their first contribution in grpc-ecosystem/grpc-gateway#6613
• @​printfn made their first contribution in grpc-ecosystem/grpc-gateway#6622

Full Changelog: grpc-ecosystem/grpc-gateway@v2.28.0...v2.29.0

v2.28.0

What's Changed

• feat: add option to disable chunked headers by @​irenarindos in grpc-ecosystem/grpc-gateway#6354
• fix(protoc-gen-openapiv2): fix panic on enum resolution in nested messages by @​franchb in grpc-ecosystem/grpc-gateway#6367

New Contributors

• @​irenarindos made their first contribution in grpc-ecosystem/grpc-gateway#6354

Full Changelog: grpc-ecosystem/grpc-gateway@v2.27.8...v2.28.0

v2.27.8

What's Changed

• Fix opaque missing imports casing by @​kellen-miller in grpc-ecosystem/grpc-gateway#6304
• Revert "fix(protoc-gen-openapiv2): prevent panic when generating OpenAPI for multiple files" by @​johanbrandhorst in grpc-ecosystem/grpc-gateway#6309
• fix(protoc-gen-openapiv2): fix naming cache for multi-file generation by @​franchb in grpc-ecosystem/grpc-gateway#6315
• fix(openapiv2): exclude oneof fields from required with proto3 field semantics by @​sessa in grpc-ecosystem/grpc-gateway#6335

New Contributors

• @​sessa made their first contribution in grpc-ecosystem/grpc-gateway#6335

Full Changelog: grpc-ecosystem/grpc-gateway@v2.27.7...v2.27.8

v2.27.7

Re-release of v2.26.7 as v2.27.7 for correct semver ordering.

v2.27.6

What's Changed

• feat(generator): harden opaque imports and fix snake case to go casing by @​kellen-miller in grpc-ecosystem/grpc-gateway#6279
• fix(protoc-gen-openapiv2): prevent panic when generating OpenAPI for multiple files by @​franchb in grpc-ecosystem/grpc-gateway#6275

... (truncated)

Commits

• ba9b55c chore(deps): update dependency rules_shell to v0.8.0 (#6626)
• 284a82e chore(deps): update googleapis digest to bcfcbda (#6625)
• f74bc7f chore(deps): update google/oss-fuzz digest to d58fd64 (#6624)
• efb665d Add edition 2024 support (#6622)
• c58da15 chore(deps): update google/oss-fuzz digest to 32b8df7 (#6621)
• 42997a1 Deprecate fields and methods if file is deprecated (#6613)
• 6f4af8b chore(deps): update googleapis digest to bf85cad (#6620)
• 68fde5f chore(deps): update google/oss-fuzz digest to 7b814a1 (#6619)
• 6da2a46 chore(deps): update googleapis digest to 898f25c (#6617)
• c9c7ad4 chore(deps): update googleapis digest to fc96870 (#6616)
• Additional commits viewable in compare view

Updates github.com/onsi/ginkgo/v2 from 2.22.2 to 2.28.1

Release notes

Sourced from github.com/onsi/ginkgo/v2's releases.

v2.28.1

2.28.1

Update all dependencies. This auto-updated the required version of Go to 1.24, consistent with the fact that Go 1.23 has been out of support for almost six months.

v2.28.0

2.28.0

Ginkgo's SemVer filter now supports filtering multiple components by SemVer version:

It("should work in a specific version range (1.0.0, 2.0.0) and third-party dependency redis in [8.0.0, ~)", SemVerConstraint(">= 3.2.0"), ComponentSemVerConstraint("redis", ">= 8.0.0") func() {
    // This test will only run when version is between 1.0.0 (exclusive) and 2.0.0 (exclusive) and redis version is >= 8.0.0
})

can be filtered in or out with an invocation like:

ginkgo --sem-ver-filter="2.1.1, redis=8.2.0"

Huge thanks to @​Icarus9913 for working on this!

v2.27.5

2.27.5

Fixes

Don't make a new formatter for each GinkgoT(); that's just silly and uses precious memory

v2.27.4

2.27.4

Fixes

• CurrentTreeConstructionNodeReport: fix for nested container nodes [59bc751]

v2.27.3

2.27.3

Fixes

report exit result in case of failure [1c9f356] fix data race [ece19c8]

v2.27.2

2.27.2

Fixes

• inline automaxprocs to simplify dependencies; this will be removed when Go 1.26 comes out [a69113a]

Maintenance

... (truncated)

Changelog

Sourced from github.com/onsi/ginkgo/v2's changelog.

2.28.1

Update all dependencies. This auto-updated the required version of Go to 1.24, consistent with the fact that Go 1.23 has been out of support for almost six months.

2.28.0

Ginkgo's SemVer filter now supports filtering multiple components by SemVer version:

It("should work in a specific version range (1.0.0, 2.0.0) and third-party dependency redis in [8.0.0, ~)", SemVerConstraint(">= 3.2.0"), ComponentSemVerConstraint("redis", ">= 8.0.0") func() {
    // This test will only run when version is between 1.0.0 (exclusive) and 2.0.0 (exclusive) and redis version is >= 8.0.0
})

can be filtered in or out with an invocation like:

ginkgo --sem-ver-filter="2.1.1, redis=8.2.0"

Huge thanks to @​Icarus9913 for working on this!

2.27.5

Fixes

Don't make a new formatter for each GinkgoT(); that's just silly and uses precious memory

2.27.4

Fixes

• CurrentTreeConstructionNodeReport: fix for nested container nodes [59bc751]

2.27.3

Fixes

report exit result in case of failure [1c9f356] fix data race [ece19c8]

2.27.2

Fixes

• inline automaxprocs to simplify dependencies; this will be removed when Go 1.26 comes out [a69113a]

Maintenance

• Fix syntax errors and typo [a99c6e0]
• Fix paragraph position error [f993df5]

2.27.1

Fixes

... (truncated)

Commits

• 5d1d628 v2.28.1
• 676f985 update test mu language
• 8032100 appease go vet
• 41ca807 bump dependencies
• 2b2305b v2.28.0
• 71d2d89 feat: support component semantic version filtering
• 8cbbcb4 Fix doclink for ginkgo run
• a928307 v2.27.5
• 0d0e96d don't make a new formatter for each GinkgoT(); that's just silly and uses pre...
• 867ce95 v2.27.4
• Additional commits viewable in compare view

Updates github.com/onsi/gomega from 1.36.2 to 1.39.0

Release notes

Sourced from github.com/onsi/gomega's releases.

v1.39.0

1.39.0

Features

Add MatchErrorStrictly which only passes if errors.Is(actual, expected) returns true. MatchError, by contrast, will fallback to string comparison.

v1.38.3

1.38.3

Fixes

make string formatitng more consistent for users who use format.Object directly

v1.38.2

1.38.2

• roll back to go 1.23.0 [c404969]

v1.38.1

1.38.1

Fixes

Numerous minor fixes and dependency bumps

v1.38.0

1.38.0

Features

• gstruct handles extra unexported fields [4ee7ed0]

Fixes

• support [] in IgnoringTopFunction function signatures (#851) [36bbf72]

Maintenance

• Bump golang.org/x/net from 0.40.0 to 0.41.0 (#846) [529d408]
• Fix typo [acd1f55]
• Bump google.golang.org/protobuf from 1.36.5 to 1.36.6 (#835) [bae65a0]
• Bump nokogiri from 1.18.4 to 1.18.8 in /docs (#842) [8dda91f]
• Bump golang.org/x/net from 0.39.0 to 0.40.0 (#843) [212d812]
• Bump github.com/onsi/ginkgo/v2 from 2.23.3 to 2.23.4 (#839) [59bd7f9]
• Bump nokogiri from 1.18.1 to 1.18.4 in /docs (#834) [328c729]
• Bump uri from 1.0.2 to 1.0.3 in /docs (#826) [9a798a1]
• Bump golang.org/x/net from 0.37.0 to 0.39.0 (#841) [04a72c6]

v1.37.0

1.37.0

Features

• add To/ToNot/NotTo aliases for AsyncAssertion [5666f98]

... (truncated)

Changelog

Sourced from github.com/onsi/gomega's changelog.

1.39.0

Features

Add MatchErrorStrictly which only passes if errors.Is(actual, expected) returns true. MatchError, by contrast, will fallback to string comparison.

1.38.3

Fixes

make string formatitng more consistent for users who use format.Object directly

1.38.2

• roll back to go 1.23.0 [c404969]

1.38.1

Fixes

Numerous minor fixes and dependency bumps

1.38.0

Features

• gstruct handles extra unexported fields [4ee7ed0]

Fixes

• support [] in IgnoringTopFunction function signatures (#851) [36bbf72]

Maintenance

• Bump golang.org/x/net from 0.40.0 to 0.41.0 (#846) [529d408]
• Fix typo [acd1f55]
• Bump google.golang.org/protobuf from 1.36.5 to 1.36.6 (#835) [bae65a0]
• Bump nokogiri from 1.18.4 to 1.18.8 in /docs (#842) [8dda91f]
• Bump golang.org/x/net from 0.39.0 to 0.40.0 (#843) [212d812]
• Bump github.com/onsi/ginkgo/v2 from 2.23.3 to 2.23.4 (#839) [59bd7f9]
• Bump nokogiri from 1.18.1 to 1.18.4 in /docs (#834) [328c729]
• Bump uri from 1.0.2 to 1.0.3 in /docs (#826) [9a798a1]
• Bump golang.org/x/net from 0.37.0 to 0.39.0 (#841) [04a72c6]

1.37.0

Features

• add To/ToNot/NotTo aliases for AsyncAssertion [5666f98]

1.36.3

Maintenance

• bump all the things [adb8b49]

... (truncated)

Commits

• 49561ad v1.39.0
• 8f7f425 document MatchErrorStrictly
• bae643d add matcher relecting errors.Is behavior
• a3ca2ca v1.38.3
• 4dada36 fix failing have http tests
• d40c691 make string formatitng more consistent for users who use format.Object directly
• 2a37b46 doc: fix typos
• ee26170 docs: fix HaveValue example
• cc85c05 Bump actions/setup-go from 5 to 6 (#866)
• 8905788 Bump github.com/onsi/ginkgo/v2 from 2.25.1 to 2.25.3 (#865)
• Additional commits viewable in compare view

Updates github.com/zitadel/oidc/v3 from 3.34.1 to 3.47.4

Release notes

Sourced from github.com/zitadel/oidc/v3's releases.

v3.47.4

3.47.4 (2026-04-17)

Bug Fixes

• URL-encode client credentials in Basic Auth per RFC 6749 §2.3.1 (#873) (178e018), closes /datatracker.ietf.org/doc/html/rfc6749#section-2 #857 #858

v3.47.3

3.47.3 (2026-04-15)

Bug Fixes

• propagate signature verification errors correctly (#872) (49664bf)

v3.47.2

3.47.2 (2026-04-10)

Bug Fixes

• tolerate string amr claims from external providers (#855) (5f70eff)

v3.47.1

3.47.1 (2026-04-09)

Bug Fixes

• oidc server error to http status mapping (#865) (d118dd7)

v3.47.0

This release adds signing of opaque tokens. By secure default, all existing opaque access tokens emitted by OP implementations, will be invalid. Users will need to re-login. If you want a more gradual upgrade use the op.WithCrypto() option to pass a op.NewCompositeCrypto(). Use aop.NewAESCrypto() in the Decrypter slice with the existing master key.

This change does not affect client / RP / RS libraries.

What's Changed

• feat: use jose for bearer-token encryption by @​wim07101993 in zitadel/oidc@b4cf422
• chore: package upgrades by @​wim07101993 in zitadel/oidc#866

Full Changelog: zitadel/oidc@v3.46.0...v3.47.0

v3.46.0

3.46.0 (2026-04-02)

Features

... (truncated)

Commits

• 178e018 fix: URL-encode client credentials in Basic Auth per RFC 6749 §2.3.1 (#873)
• 49664bf fix: propagate signature verification errors correctly (#872)
• 5f70eff fix: tolerate string amr claims from external providers (#855)
• 97b71d3 chore(deps): bump golang.org/x/text from 0.35.0 to 0.36.0 (#869)
• d118dd7 fix: oidc server error to http status mapping (#865)
• 2534f81 docs: update semantic title requirements (#863)
• d016375 example: set device cookie httpOnly (#868)
• b4cf422 Merge commit from fork
• 0bf0ade chore: package upgrades (#866)
• 4fae59b feat: Allow for reuse of cookie creation + decouple creation from http writer...
• Additional commits viewable in compare view

Updates golang.org/x/sync from 0.19.0 to 0.20.0

Commits

• ec11c4a errgroup: fix a typo in the documentation
• 1a58307 all: modernize interface{} -> any
• 3172ca5 all: upgrade go directive to at least 1.25.0 [generated]
• See full diff in compare view

Updates google.golang.org/genproto/googleapis/api from 0.0.0-20260120221211-b8f7ae30c516 to 0.0.0-20260414002931-afd174a4e478

Commits

• See full diff in compare view

Updates k8s.io/api from 0.33.0 to 0.35.4

Commits

• e8f0e9f Update dependencies to v0.35.4 tag
• 0b2a75e Merge pull request #138356 from dims/update-moby-spdystream-v0.5.1-1.35
• e1ef9bc Update github.com/moby/spdystream from v0.5.0 to v0.5.1
• bbcbaa8 Merge remote-tracking branch 'origin/master' into release-1.35
• 5bced61 Bump golang.org/x/crypto to v...

  Description has been truncated

[ambient-code]

Dependabot PR Review Summary — K8s Version Bump

cc @mangelajo @bzlotnik @kirkbrauer — This PR bumps Kubernetes dependencies, please review.

Overview

This PR bumps 16 Go dependencies in controller/go.mod, including a Kubernetes minor version bump from 0.33.0 → 0.35.4 (Kubernetes 1.33 → 1.35) and controller-runtime from 0.21.0 → 0.23.3. It also bumps the Go version from 1.24 → 1.25 and several other significant libraries.

Why is this bump requested?

• K8s 1.35 is the latest stable Kubernetes release (requires Go 1.25.x)
• gin 1.10.0 → 1.12.0 (HTTP framework)
• zitadel/oidc 3.34.1 → 3.47.4 (OIDC library, many releases)
• grpc-gateway 2.24.0 → 2.29.0
• sigs.k8s.io/yaml 1.4.0 → 1.6.0

K8s 1.35 Breaking API Changes

(Same as noted in PR #610)

• gogo/protobuf runtime usage removed from API Go types
• structured-merge-diff v4 → v6
• StorageVersionMigration and VolumeAttributesClass v1alpha1 APIs removed

CI Failures Analysis

1. lint-go — FAILING

Error: can't load config: the Go language version (go1.24) used to build golangci-lint
is lower than the targeted Go version (1.25.0)

The CI's golangci-lint is built with Go 1.24 but the go.mod now targets Go 1.25. Fix: update CI to install Go 1.25 and rebuild golangci-lint.

2. tests — FAILING (cross-module dependency conflict)

Error: load packages in root ".../controller/deploy/operator":
err: exit status 1: stderr: go: downloading github.com/cert-manager/cert-manager v1.18.6

The test target builds both controller AND operator. The operator's go.mod still references cert-manager v1.18.6 and k8s.io/* v0.34.1, which conflicts with the controller's new k8s.io/* v0.35.4. The replace directive creates the dependency chain.

3. build-controller-image / build-operator-image — FAILING (compilation errors)
Same cross-module Go version and k8s API conflicts.

4. deploy-kind / e2e-test-operator — FAILING (downstream of build failures)

⚠️ Cross-Module Issue: Other go.mod files NOT updated

This PR only modifies controller/go.mod. The other Go subprojects need coordinated updates:

Subproject	Current k8s	This PR	Needs Update?
controller/go.mod	0.33.0	0.35.4	✅ (this PR)
controller/deploy/operator/go.mod	0.34.1	unchanged	⚠️ YES — must be bumped too
e2e/test/go.mod	(no k8s deps)	unchanged	No

Also: PR #610 bumps operator to k8s 0.35.2

PR #610 bumps the operator's k8s deps to 0.35.2. These two PRs target different minor versions (0.35.4 vs 0.35.2) and should be coordinated into a single PR with aligned versions across both go.mod files.

Recommendation

1. Combine with PR build(deps): bump the go-operator-dependencies group across 1 directory with 9 updates #610 — or at minimum, add a commit here updating controller/deploy/operator/go.mod to match (k8s 0.35.4, cert-manager 1.20.2, controller-runtime 0.23.3).
2. Update CI toolchain to Go 1.25 — golangci-lint, setup-go action, etc.
3. Test for gogo/protobuf breakage — verify controller code doesn't rely on gogo type registry.
4. Consider the scope: this is a 2-minor-version jump (1.33 → 1.35). If there's no CVE urgency, a staged approach (1.33 → 1.34 first, then 1.34 → 1.35) might reduce risk.