{"id":90140,"name":"github.com/moby/spdystream","ecosystem":"go","repository_url":"https://github.com/moby/spdystream","issues_count":93,"created_at":"2026-04-14T08:03:42.293Z","updated_at":"2026-04-14T08:03:42.293Z","purl":"pkg:golang/github.com/moby/spdystream","metadata":{"id":3858315,"name":"github.com/moby/spdystream","ecosystem":"go","description":"","homepage":"https://github.com/moby/spdystream","licenses":"Apache-2.0","normalized_licenses":["Apache-2.0"],"repository_url":"https://github.com/moby/spdystream","keywords_array":[],"namespace":"github.com/moby","versions_count":6,"first_release_published_at":"2021-01-26T11:48:57.000Z","latest_release_published_at":"2026-04-13T17:36:51.000Z","latest_release_number":"v0.5.1","last_synced_at":"2026-04-14T11:30:50.973Z","created_at":"2022-04-11T21:34:58.905Z","updated_at":"2026-04-14T11:30:50.973Z","registry_url":"https://pkg.go.dev/github.com/moby/spdystream","install_command":"go get github.com/moby/spdystream","documentation_url":"https://pkg.go.dev/github.com/moby/spdystream#section-documentation","metadata":{},"repo_metadata":{"id":38442995,"uuid":"20544129","full_name":"moby/spdystream","owner":"moby","description":null,"archived":false,"fork":false,"pushed_at":"2024-07-24T22:05:49.000Z","size":183,"stargazers_count":148,"open_issues_count":9,"forks_count":54,"subscribers_count":43,"default_branch":"master","last_synced_at":"2025-07-06T18:43:01.302Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/moby.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2014-06-05T22:44:33.000Z","updated_at":"2025-04-24T16:02:32.000Z","dependencies_parsed_at":"2024-06-27T20:08:40.413Z","dependency_job_id":"46700159-3643-49e3-b392-649333ff247d","html_url":"https://github.com/moby/spdystream","commit_stats":{"total_commits":84,"total_committers":19,"mean_commits":4.421052631578948,"dds":0.6190476190476191,"last_synced_commit":"77eb080123d208697674a07b74ceaf94c98bee8b"},"previous_names":[],"tags_count":5,"template":false,"template_full_name":null,"purl":"pkg:github/moby/spdystream","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/moby%2Fspdystream","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/moby%2Fspdystream/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/moby%2Fspdystream/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/moby%2Fspdystream/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/moby","download_url":"https://codeload.github.com/moby/spdystream/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/moby%2Fspdystream/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":271487222,"owners_count":24768146,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-08-21T02:00:08.990Z","response_time":74,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"},"owner_record":{"login":"moby","name":"Moby","uuid":"27259197","kind":"organization","description":"An open framework to assemble specialized container systems without reinventing the wheel.","email":null,"website":"https://mobyproject.org/","location":null,"twitter":null,"company":null,"icon_url":"https://avatars.githubusercontent.com/u/27259197?v=4","repositories_count":27,"last_synced_at":"2024-03-26T23:45:44.218Z","metadata":{"has_sponsors_listing":false},"html_url":"https://github.com/moby","funding_links":[],"total_stars":86721,"followers":725,"following":0,"created_at":"2022-11-04T18:10:50.804Z","updated_at":"2024-03-26T23:45:48.570Z","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/moby","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/moby/repositories"},"tags":[{"name":"v0.5.0","sha":"77eb080123d208697674a07b74ceaf94c98bee8b","kind":"commit","published_at":"2024-07-23T13:25:06.000Z","download_url":"https://codeload.github.com/moby/spdystream/tar.gz/v0.5.0","html_url":"https://github.com/moby/spdystream/releases/tag/v0.5.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/moby/spdystream@v0.5.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/moby%2Fspdystream/tags/v0.5.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/moby%2Fspdystream/tags/v0.5.0/manifests"},{"name":"v0.4.0","sha":"258380da5f17ec2c26272bcb91a61d592fcb0105","kind":"commit","published_at":"2024-06-27T16:56:17.000Z","download_url":"https://codeload.github.com/moby/spdystream/tar.gz/v0.4.0","html_url":"https://github.com/moby/spdystream/releases/tag/v0.4.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/moby/spdystream@v0.4.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/moby%2Fspdystream/tags/v0.4.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/moby%2Fspdystream/tags/v0.4.0/manifests"},{"name":"v0.3.0","sha":"0c1fc43b0e4a133966cb8b6be96d302fceefd94b","kind":"commit","published_at":"2024-06-21T17:41:47.000Z","download_url":"https://codeload.github.com/moby/spdystream/tar.gz/v0.3.0","html_url":"https://github.com/moby/spdystream/releases/tag/v0.3.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/moby/spdystream@v0.3.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/moby%2Fspdystream/tags/v0.3.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/moby%2Fspdystream/tags/v0.3.0/manifests"},{"name":"v0.2.0","sha":"dbc715126c0e3fa07721879c6d265b2b82c71e5b","kind":"commit","published_at":"2021-01-28T04:18:15.000Z","download_url":"https://codeload.github.com/moby/spdystream/tar.gz/v0.2.0","html_url":"https://github.com/moby/spdystream/releases/tag/v0.2.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/moby/spdystream@v0.2.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/moby%2Fspdystream/tags/v0.2.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/moby%2Fspdystream/tags/v0.2.0/manifests"},{"name":"v0.1.0","sha":"18f9c867b9a958e49ea0ed67887f10c67d209341","kind":"commit","published_at":"2021-01-26T11:48:57.000Z","download_url":"https://codeload.github.com/moby/spdystream/tar.gz/v0.1.0","html_url":"https://github.com/moby/spdystream/releases/tag/v0.1.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/moby/spdystream@v0.1.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/moby%2Fspdystream/tags/v0.1.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/moby%2Fspdystream/tags/v0.1.0/manifests"}]},"repo_metadata_updated_at":"2025-08-21T14:54:37.703Z","dependent_packages_count":3074,"downloads":null,"downloads_period":null,"dependent_repos_count":21746,"rankings":{"downloads":null,"dependent_repos_count":0.04346887877266295,"dependent_packages_count":0.06774505450727662,"stargazers_count":4.053710575812812,"forks_count":3.2767063283840874,"docker_downloads_count":0.014835440726708359,"average":1.4912932556407095},"purl":"pkg:golang/github.com/moby/spdystream","advisories":[],"docker_usage_url":"https://docker.ecosyste.ms/usage/go/github.com/moby/spdystream","docker_dependents_count":6433,"docker_downloads_count":23661825723,"usage_url":"https://repos.ecosyste.ms/usage/go/github.com/moby/spdystream","dependent_repositories_url":"https://repos.ecosyste.ms/api/v1/usage/go/github.com/moby/spdystream/dependencies","status":null,"funding_links":[],"critical":true,"issue_metadata":{"last_synced_at":"2025-07-08T06:08:02.473Z","issues_count":29,"pull_requests_count":74,"avg_time_to_close_issue":17759114.85,"avg_time_to_close_pull_request":9000110.067567568,"issues_closed_count":20,"pull_requests_closed_count":74,"pull_request_authors_count":22,"issue_authors_count":17,"avg_comments_per_issue":2.1379310344827585,"avg_comments_per_pull_request":2.0,"merged_pull_requests_count":62,"bot_issues_count":0,"bot_pull_requests_count":0,"past_year_issues_count":1,"past_year_pull_requests_count":0,"past_year_avg_time_to_close_issue":824.0,"past_year_avg_time_to_close_pull_request":null,"past_year_issues_closed_count":1,"past_year_pull_requests_closed_count":0,"past_year_pull_request_authors_count":0,"past_year_issue_authors_count":1,"past_year_avg_comments_per_issue":1.0,"past_year_avg_comments_per_pull_request":null,"past_year_bot_issues_count":0,"past_year_bot_pull_requests_count":0,"past_year_merged_pull_requests_count":0,"issues_url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/repositories/moby%2Fspdystream/issues","maintainers":[{"login":"dmcgowan","count":31,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/dmcgowan"},{"login":"thaJeztah","count":10,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/thaJeztah"},{"login":"dims","count":1,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/dims"}],"active_maintainers":[]},"versions_url":"https://packages.ecosyste.ms/api/v1/registries/proxy.golang.org/packages/github.com%2Fmoby%2Fspdystream/versions","version_numbers_url":"https://packages.ecosyste.ms/api/v1/registries/proxy.golang.org/packages/github.com%2Fmoby%2Fspdystream/version_numbers","dependent_packages_url":"https://packages.ecosyste.ms/api/v1/registries/proxy.golang.org/packages/github.com%2Fmoby%2Fspdystream/dependent_packages","related_packages_url":"https://packages.ecosyste.ms/api/v1/registries/proxy.golang.org/packages/github.com%2Fmoby%2Fspdystream/related_packages","codemeta_url":"https://packages.ecosyste.ms/api/v1/registries/proxy.golang.org/packages/github.com%2Fmoby%2Fspdystream/codemeta","maintainers":[],"registry":{"name":"proxy.golang.org","url":"https://proxy.golang.org","ecosystem":"go","default":true,"packages_count":2097301,"maintainers_count":0,"namespaces_count":781316,"keywords_count":112803,"github":"golang","metadata":{"funded_packages_count":53476},"icon_url":"https://github.com/golang.png","created_at":"2022-04-04T15:19:22.939Z","updated_at":"2026-04-14T05:14:00.078Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/proxy.golang.org/packages","maintainers_url":"https://packages.ecosyste.ms/api/v1/registries/proxy.golang.org/maintainers","namespaces_url":"https://packages.ecosyste.ms/api/v1/registries/proxy.golang.org/namespaces"}},"unique_repositories_count":87,"unique_repositories_count_past_30_days":5,"recent_issues":[{"uuid":"4554010034","node_id":"PR_kwDOQXHkUc7g7LQz","number":2,"state":"open","title":"build(deps): bump the go_modules group across 2 directories with 25 updates","user":"dependabot[bot]","labels":["dependencies","go"],"assignees":[],"locked":false,"comments_count":4,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-30T09:39:44.000Z","updated_at":"2026-05-30T09:41:11.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps): bump","group_name":"go_modules","update_count":25,"packages":[{"name":"github.com/agentgateway/agentgateway","old_version":"0.10.6-0.20251108001651-54763bfe02e1","new_version":"0.12.0","repository_url":"https://github.com/agentgateway/agentgateway"},{"name":"google.golang.org/grpc","old_version":"1.76.0","new_version":"1.79.3","repository_url":"https://github.com/grpc/grpc-go"},{"name":"helm.sh/helm/v3","old_version":"3.19.2","new_version":"3.20.2","repository_url":"https://github.com/helm/helm"},{"name":"github.com/in-toto/in-toto-golang","old_version":"0.9.0","new_version":"0.11.0","repository_url":"https://github.com/in-toto/in-toto-golang"},{"name":"github.com/theupdateframework/go-tuf/v2","old_version":"2.0.2","new_version":"2.4.1","repository_url":"https://github.com/theupdateframework/go-tuf"},{"name":"github.com/anchore/quill","old_version":"0.5.1","new_version":"0.7.1","repository_url":"https://github.com/anchore/quill"},{"name":"github.com/buger/jsonparser","old_version":"1.1.1","new_version":"1.1.2","repository_url":"https://github.com/buger/jsonparser"},{"name":"github.com/cloudflare/circl","old_version":"1.6.1","new_version":"1.6.3","repository_url":"https://github.com/cloudflare/circl"},{"name":"github.com/go-git/go-billy/v5","old_version":"5.6.2","new_version":"5.9.0","repository_url":"https://github.com/go-git/go-billy"},{"name":"github.com/go-git/go-git/v5","old_version":"5.14.0","new_version":"5.19.1","repository_url":"https://github.com/go-git/go-git"},{"name":"github.com/moby/spdystream","old_version":"0.5.0","new_version":"0.5.1","repository_url":"https://github.com/moby/spdystream"},{"name":"github.com/sigstore/cosign/v2","old_version":"2.5.0","new_version":"2.6.2","repository_url":"https://github.com/sigstore/cosign"},{"name":"github.com/slack-go/slack","old_version":"0.17.3","new_version":"0.23.1","repository_url":"https://github.com/slack-go/slack"}],"path":null,"ecosystem":"go"},"body":"Bumps the go_modules group with 13 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [github.com/agentgateway/agentgateway](https://github.com/agentgateway/agentgateway) | `0.10.6-0.20251108001651-54763bfe02e1` | `0.12.0` |\n| [google.golang.org/grpc](https://github.com/grpc/grpc-go) | `1.76.0` | `1.79.3` |\n| [helm.sh/helm/v3](https://github.com/helm/helm) | `3.19.2` | `3.20.2` |\n| [github.com/in-toto/in-toto-golang](https://github.com/in-toto/in-toto-golang) | `0.9.0` | `0.11.0` |\n| [github.com/theupdateframework/go-tuf/v2](https://github.com/theupdateframework/go-tuf) | `2.0.2` | `2.4.1` |\n| [github.com/anchore/quill](https://github.com/anchore/quill) | `0.5.1` | `0.7.1` |\n| [github.com/buger/jsonparser](https://github.com/buger/jsonparser) | `1.1.1` | `1.1.2` |\n| [github.com/cloudflare/circl](https://github.com/cloudflare/circl) | `1.6.1` | `1.6.3` |\n| [github.com/go-git/go-billy/v5](https://github.com/go-git/go-billy) | `5.6.2` | `5.9.0` |\n| [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) | `5.14.0` | `5.19.1` |\n| [github.com/moby/spdystream](https://github.com/moby/spdystream) | `0.5.0` | `0.5.1` |\n| [github.com/sigstore/cosign/v2](https://github.com/sigstore/cosign) | `2.5.0` | `2.6.2` |\n| [github.com/slack-go/slack](https://github.com/slack-go/slack) | `0.17.3` | `0.23.1` |\n\nBumps the go_modules group with 3 updates in the /hack/utils/applier directory: [github.com/moby/spdystream](https://github.com/moby/spdystream), [golang.org/x/crypto](https://github.com/golang/crypto) and [golang.org/x/oauth2](https://github.com/golang/oauth2).\n\nUpdates `github.com/agentgateway/agentgateway` from 0.10.6-0.20251108001651-54763bfe02e1 to 0.12.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/agentgateway/agentgateway/releases\"\u003egithub.com/agentgateway/agentgateway's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.12.0\u003c/h2\u003e\n\u003cp\u003eAgentgateway is an open source project that is built on AI-native protocols to connect, secure, and observe agent-to-agent and agent-to-tool communication across any agent framework and environment.\u003c/p\u003e\n\u003cp\u003eThis release contains various bug fixes, and some major changes to the CEL expression language implementation.\u003c/p\u003e\n\u003ch2\u003eCEL\u003c/h2\u003e\n\u003cp\u003eThis release comes with a rewrite of the \u003ca href=\"https://agentgateway.dev/docs/local/latest/reference/cel/\"\u003eCEL implementation\u003c/a\u003e that powers policies such as authorization, rate limiting, access logging, etc. The new implementation is 5-500x faster depending on the expression; typical users can see up to a 50% increase in end-to-end throughput.\u003c/p\u003e\n\u003cp\u003eAdditionally, a new CEL playground is available in the UI to help troubleshoot and test CEL expressions.\u003c/p\u003e\n\u003cp\u003eWhile most of the changes are internal, a few minor behavioral changes are present\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix MCP attributes not being available during logging (only authz)\u003c/li\u003e\n\u003cli\u003eBefore, we snapshotted the request once at an arbitrary (and inconsistent, across requests) time. Now, each execution consistently gets the 'current' view of the request and response. For example, during logging, manipulations from policies would be observed.\u003c/li\u003e\n\u003cli\u003eNew function names: \u003ccode\u003ebase64Encode\u003c/code\u003e -\u0026gt; \u003ccode\u003ebase64.encode\u003c/code\u003e (this comes from a bump in the library before forking it). The old name is available for backwards compat.\u003c/li\u003e\n\u003cli\u003eBefore, the top level variables were always present but could be \u003ccode\u003enull\u003c/code\u003e. Now, if they are not available they will fail to lookup instead of return \u003ccode\u003enull\u003c/code\u003e. For example, before \u003ccode\u003ehas(jwt)\u003c/code\u003e would always return \u003ccode\u003etrue\u003c/code\u003e; now it will only return \u003ccode\u003etrue\u003c/code\u003e if there is a JWT.\u003c/li\u003e\n\u003cli\u003eIts faster!\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSPIKE: Fork htpasswd-verify and upgrade deps by \u003ca href=\"https://github.com/markuskobler\"\u003e\u003ccode\u003e@​markuskobler\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/agentgateway/agentgateway/pull/787\"\u003eagentgateway/agentgateway#787\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(mcp/openapi): improve path, query and header handling by \u003ca href=\"https://github.com/markuskobler\"\u003e\u003ccode\u003e@​markuskobler\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/agentgateway/agentgateway/pull/866\"\u003eagentgateway/agentgateway#866\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDelete MCP-Authentication.md by \u003ca href=\"https://github.com/rinormaloku\"\u003e\u003ccode\u003e@​rinormaloku\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/agentgateway/agentgateway/pull/872\"\u003eagentgateway/agentgateway#872\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ellm: properly use user-defined buffer limit by \u003ca href=\"https://github.com/howardjohn\"\u003e\u003ccode\u003e@​howardjohn\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/agentgateway/agentgateway/pull/881\"\u003eagentgateway/agentgateway#881\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCEL 2.0 by \u003ca href=\"https://github.com/howardjohn\"\u003e\u003ccode\u003e@​howardjohn\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/agentgateway/agentgateway/pull/877\"\u003eagentgateway/agentgateway#877\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003emcp: update to rmcp 0.14.0 by \u003ca href=\"https://github.com/howardjohn\"\u003e\u003ccode\u003e@​howardjohn\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/agentgateway/agentgateway/pull/885\"\u003eagentgateway/agentgateway#885\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(aws-sse): migrate to official AWS EventStream crates by \u003ca href=\"https://github.com/apexlnc\"\u003e\u003ccode\u003e@​apexlnc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/agentgateway/agentgateway/pull/879\"\u003eagentgateway/agentgateway#879\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(llm): Implements count_tokens for Anthropic/Vertex/Bedrock providers by \u003ca href=\"https://github.com/markuskobler\"\u003e\u003ccode\u003e@​markuskobler\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/agentgateway/agentgateway/pull/883\"\u003eagentgateway/agentgateway#883\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Feat] MCP target policies by \u003ca href=\"https://github.com/Jack-Kilrain\"\u003e\u003ccode\u003e@​Jack-Kilrain\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/agentgateway/agentgateway/pull/862\"\u003eagentgateway/agentgateway#862\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport hostname in incoming HBONE connect by \u003ca href=\"https://github.com/ymesika\"\u003e\u003ccode\u003e@​ymesika\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/agentgateway/agentgateway/pull/859\"\u003eagentgateway/agentgateway#859\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003elocal: fix regression in mcp backends by \u003ca href=\"https://github.com/howardjohn\"\u003e\u003ccode\u003e@​howardjohn\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/agentgateway/agentgateway/pull/888\"\u003eagentgateway/agentgateway#888\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(llm): bedrock token counting and get_messages conversions by \u003ca href=\"https://github.com/markuskobler\"\u003e\u003ccode\u003e@​markuskobler\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/agentgateway/agentgateway/pull/884\"\u003eagentgateway/agentgateway#884\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003emcp: better propogate errors up by \u003ca href=\"https://github.com/howardjohn\"\u003e\u003ccode\u003e@​howardjohn\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/agentgateway/agentgateway/pull/889\"\u003eagentgateway/agentgateway#889\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ellm e2e: add support for completions to anthropic via vertex by \u003ca href=\"https://github.com/howardjohn\"\u003e\u003ccode\u003e@​howardjohn\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/agentgateway/agentgateway/pull/892\"\u003eagentgateway/agentgateway#892\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(ui): upgrade npm packages by \u003ca href=\"https://github.com/markuskobler\"\u003e\u003ccode\u003e@​markuskobler\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/agentgateway/agentgateway/pull/894\"\u003eagentgateway/agentgateway#894\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003egha: cache only on main by \u003ca href=\"https://github.com/howardjohn\"\u003e\u003ccode\u003e@​howardjohn\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/agentgateway/agentgateway/pull/893\"\u003eagentgateway/agentgateway#893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edeps: bump rust by \u003ca href=\"https://github.com/howardjohn\"\u003e\u003ccode\u003e@​howardjohn\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/agentgateway/agentgateway/pull/899\"\u003eagentgateway/agentgateway#899\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eExt Proc and Ext Authz: Treat Unset Header Append as Overwrite by \u003ca href=\"https://github.com/danehans\"\u003e\u003ccode\u003e@​danehans\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/agentgateway/agentgateway/pull/906\"\u003eagentgateway/agentgateway#906\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003emcp: enhance observability and route discovery plumbing by \u003ca href=\"https://github.com/apexlnc\"\u003e\u003ccode\u003e@​apexlnc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/agentgateway/agentgateway/pull/901\"\u003eagentgateway/agentgateway#901\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd primitive TCP CEL logging support by \u003ca href=\"https://github.com/howardjohn\"\u003e\u003ccode\u003e@​howardjohn\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/agentgateway/agentgateway/pull/916\"\u003eagentgateway/agentgateway#916\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: drop build from pull request by \u003ca href=\"https://github.com/howardjohn\"\u003e\u003ccode\u003e@​howardjohn\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/agentgateway/agentgateway/pull/915\"\u003eagentgateway/agentgateway#915\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCEL playground by \u003ca href=\"https://github.com/howardjohn\"\u003e\u003ccode\u003e@​howardjohn\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/agentgateway/agentgateway/pull/914\"\u003eagentgateway/agentgateway#914\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/danehans\"\u003e\u003ccode\u003e@​danehans\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/agentgateway/agentgateway/pull/906\"\u003eagentgateway/agentgateway#906\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/agentgateway/agentgateway/compare/v0.11.3...v0.12.0\"\u003ehttps://github.com/agentgateway/agentgateway/compare/v0.11.3...v0.12.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev0.11.3\u003c/h2\u003e\n\u003cp\u003eAutomated release of v0.11.3.\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/agentgateway/agentgateway/commits/v0.12.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `google.golang.org/grpc` from 1.76.0 to 1.79.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/grpc/grpc-go/releases\"\u003egoogle.golang.org/grpc's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRelease 1.79.3\u003c/h2\u003e\n\u003ch1\u003eSecurity\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eserver: fix an authorization bypass where malformed :path headers (missing the leading slash) could bypass path-based restricted \u0026quot;deny\u0026quot; rules in interceptors like \u003ccode\u003egrpc/authz\u003c/code\u003e. Any request with a non-canonical path is now immediately rejected with an \u003ccode\u003eUnimplemented\u003c/code\u003e error. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8981\"\u003e#8981\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eRelease 1.79.2\u003c/h2\u003e\n\u003ch1\u003eBug Fixes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003estats: Prevent redundant error logging in health/ORCA producers by skipping stats/tracing processing when no stats handler is configured. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/pull/8874\"\u003egrpc/grpc-go#8874\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eRelease 1.79.1\u003c/h2\u003e\n\u003ch1\u003eBug Fixes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003egrpc: Remove the \u003ccode\u003e-dev\u003c/code\u003e suffix from the User-Agent header. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/pull/8902\"\u003egrpc/grpc-go#8902\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eRelease 1.79.0\u003c/h2\u003e\n\u003ch1\u003eAPI Changes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003emem: Add experimental API \u003ccode\u003eSetDefaultBufferPool\u003c/code\u003e to change the default buffer pool. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8806\"\u003e#8806\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eSpecial Thanks: \u003ca href=\"https://github.com/vanja-p\"\u003e\u003ccode\u003e@​vanja-p\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eexperimental/stats: Update \u003ccode\u003eMetricsRecorder\u003c/code\u003e to require embedding the new \u003ccode\u003eUnimplementedMetricsRecorder\u003c/code\u003e (a no-op struct) in all implementations for forward compatibility. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8780\"\u003e#8780\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eBehavior Changes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003ebalancer/weightedtarget: Remove handling of \u003ccode\u003eAddresses\u003c/code\u003e and only handle \u003ccode\u003eEndpoints\u003c/code\u003e in resolver updates. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8841\"\u003e#8841\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eNew Features\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eexperimental/stats: Add support for asynchronous gauge metrics through the new \u003ccode\u003eAsyncMetricReporter\u003c/code\u003e and \u003ccode\u003eRegisterAsyncReporter\u003c/code\u003e APIs. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8780\"\u003e#8780\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003epickfirst: Add support for weighted random shuffling of endpoints, as described in \u003ca href=\"https://redirect.github.com/grpc/proposal/pull/535\"\u003egRFC A113\u003c/a\u003e.\n\u003cul\u003e\n\u003cli\u003eThis is enabled by default, and can be turned off using the environment variable \u003ccode\u003eGRPC_EXPERIMENTAL_PF_WEIGHTED_SHUFFLING\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8864\"\u003e#8864\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003exds: Implement \u003ccode\u003e:authority\u003c/code\u003e rewriting, as specified in \u003ca href=\"https://github.com/grpc/proposal/blob/master/A81-xds-authority-rewriting.md\"\u003egRFC A81\u003c/a\u003e. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8779\"\u003e#8779\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ebalancer/randomsubsetting: Implement the \u003ccode\u003erandom_subsetting\u003c/code\u003e LB policy, as specified in \u003ca href=\"https://github.com/grpc/proposal/blob/master/A68-random-subsetting.md\"\u003egRFC A68\u003c/a\u003e. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8650\"\u003e#8650\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eSpecial Thanks: \u003ca href=\"https://github.com/marek-szews\"\u003e\u003ccode\u003e@​marek-szews\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eBug Fixes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003ecredentials/tls: Fix a bug where the port was not stripped from the authority override before validation. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8726\"\u003e#8726\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eSpecial Thanks: \u003ca href=\"https://github.com/Atul1710\"\u003e\u003ccode\u003e@​Atul1710\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003exds/priority: Fix a bug causing delayed failover to lower-priority clusters when a higher-priority cluster is stuck in \u003ccode\u003eCONNECTING\u003c/code\u003e state. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8813\"\u003e#8813\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ehealth: Fix a bug where health checks failed for clients using legacy compression options (\u003ccode\u003eWithDecompressor\u003c/code\u003e or \u003ccode\u003eRPCDecompressor\u003c/code\u003e). (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8765\"\u003e#8765\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eSpecial Thanks: \u003ca href=\"https://github.com/sanki92\"\u003e\u003ccode\u003e@​sanki92\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003etransport: Fix an issue where the HTTP/2 server could skip header size checks when terminating a stream early. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8769\"\u003e#8769\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eSpecial Thanks: \u003ca href=\"https://github.com/joybestourous\"\u003e\u003ccode\u003e@​joybestourous\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eserver: Propagate status detail headers, if available, when terminating a stream during request header processing. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8754\"\u003e#8754\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eSpecial Thanks: \u003ca href=\"https://github.com/joybestourous\"\u003e\u003ccode\u003e@​joybestourous\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003ePerformance Improvements\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003ecredentials/alts: Optimize read buffer alignment to reduce copies. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8791\"\u003e#8791\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003emem: Optimize pooling and creation of \u003ccode\u003ebuffer\u003c/code\u003e objects.  (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8784\"\u003e#8784\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003etransport: Reduce slice re-allocations by reserving slice capacity. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8797\"\u003e#8797\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/dda86dbd9cecb8b35b58c73d507d81d67761205f\"\u003e\u003ccode\u003edda86db\u003c/code\u003e\u003c/a\u003e Change version to 1.79.3 (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8983\"\u003e#8983\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/72186f163e75a065c39e6f7df9b6dea07fbdeff5\"\u003e\u003ccode\u003e72186f1\u003c/code\u003e\u003c/a\u003e grpc: enforce strict path checking for incoming requests on the server (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8981\"\u003e#8981\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/97ca3522b239edf6813e2b1106924e9d55e89d43\"\u003e\u003ccode\u003e97ca352\u003c/code\u003e\u003c/a\u003e Changing version to 1.79.3-dev (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8954\"\u003e#8954\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/8902ab6efea590f5b3861126559eaa26fa9783b2\"\u003e\u003ccode\u003e8902ab6\u003c/code\u003e\u003c/a\u003e Change the version to release 1.79.2 (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8947\"\u003e#8947\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/a9286705aa689bee321ec674323b6896284f3e02\"\u003e\u003ccode\u003ea928670\u003c/code\u003e\u003c/a\u003e Cherry-pick \u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8874\"\u003e#8874\u003c/a\u003e to v1.79.x (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8904\"\u003e#8904\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/06df3638c0bcee88197b1033b3ba83e1eb8bc010\"\u003e\u003ccode\u003e06df363\u003c/code\u003e\u003c/a\u003e Change version to 1.79.2-dev (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8903\"\u003e#8903\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/782f2de44f597af18a120527e7682a6670d84289\"\u003e\u003ccode\u003e782f2de\u003c/code\u003e\u003c/a\u003e Change version to 1.79.1 (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8902\"\u003e#8902\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/850eccbb2257bd2de6ac28ee88a7172ab6175629\"\u003e\u003ccode\u003e850eccb\u003c/code\u003e\u003c/a\u003e Change version to 1.79.1-dev (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8851\"\u003e#8851\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/765ff056b6890f6c8341894df4e9668e9bfc18ef\"\u003e\u003ccode\u003e765ff05\u003c/code\u003e\u003c/a\u003e Change version to 1.79.0 (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8850\"\u003e#8850\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/68804be0e78ed0365bb5a576dedc12e2168ed63e\"\u003e\u003ccode\u003e68804be\u003c/code\u003e\u003c/a\u003e Cherry pick \u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8864\"\u003e#8864\u003c/a\u003e to v1.79.x (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8896\"\u003e#8896\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/grpc/grpc-go/compare/v1.76.0...v1.79.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `helm.sh/helm/v3` from 3.19.2 to 3.20.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/helm/helm/releases\"\u003ehelm.sh/helm/v3's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eHelm v3.20.2\u003c/h2\u003e\n\u003ch2\u003ev3.20.2\u003c/h2\u003e\n\u003cp\u003eHelm v3.20.2 is a security patch release. Users are encouraged to upgrade for the best experience.\u003c/p\u003e\n\u003cp\u003eThe community keeps growing, and we'd love to see you there!\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eJoin the discussion in \u003ca href=\"https://kubernetes.slack.com\"\u003eKubernetes Slack\u003c/a\u003e:\n\u003cul\u003e\n\u003cli\u003efor questions and just to hang out\u003c/li\u003e\n\u003cli\u003efor discussing PRs, code, and bugs\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eHang out at the Public Developer Call: Thursday, 9:30 Pacific via \u003ca href=\"https://zoom.us/j/696660622\"\u003eZoom\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eTest, debug, and contribute charts: \u003ca href=\"https://artifacthub.io/packages/search?kind=0\"\u003eArtifactHub/packages\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eSecurity fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/helm/helm/security/advisories/GHSA-hr2v-4r36-88hr\"\u003eGHSA-hr2v-4r36-88hr\u003c/a\u003e Helm Chart extraction output directory collapse via \u003ccode\u003eChart.yaml\u003c/code\u003e name dot-segment\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eInstallation and Upgrading\u003c/h2\u003e\n\u003cp\u003eDownload Helm v3.20.2. The common platform binaries are here:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://get.helm.sh/helm-v3.20.2-darwin-amd64.tar.gz\"\u003eMacOS amd64\u003c/a\u003e (\u003ca href=\"https://get.helm.sh/helm-v3.20.2-darwin-amd64.tar.gz.sha256sum\"\u003echecksum\u003c/a\u003e / 7de04301f28b902a74f6286ed941cadc86ee5e6a9086a18f2ccf1f548e99d618)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://get.helm.sh/helm-v3.20.2-darwin-arm64.tar.gz\"\u003eMacOS arm64\u003c/a\u003e (\u003ca href=\"https://get.helm.sh/helm-v3.20.2-darwin-arm64.tar.gz.sha256sum\"\u003echecksum\u003c/a\u003e / 139c794c22f16b579d08ddd3008c8038b9bb2814f35b5bcca91f50a1f458978d)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://get.helm.sh/helm-v3.20.2-linux-amd64.tar.gz\"\u003eLinux amd64\u003c/a\u003e (\u003ca href=\"https://get.helm.sh/helm-v3.20.2-linux-amd64.tar.gz.sha256sum\"\u003echecksum\u003c/a\u003e / 258e830a9e613c8a7a302d6059b4bb3b9758f2f3e1bb8ea0d707ce10a9a72fea)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://get.helm.sh/helm-v3.20.2-linux-arm.tar.gz\"\u003eLinux arm\u003c/a\u003e (\u003ca href=\"https://get.helm.sh/helm-v3.20.2-linux-arm.tar.gz.sha256sum\"\u003echecksum\u003c/a\u003e / a8a614c740399ff1ef32bcea6be6e4523f17e3376f9cf55c192cc48c8f2d1f19)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://get.helm.sh/helm-v3.20.2-linux-arm64.tar.gz\"\u003eLinux arm64\u003c/a\u003e (\u003ca href=\"https://get.helm.sh/helm-v3.20.2-linux-arm64.tar.gz.sha256sum\"\u003echecksum\u003c/a\u003e / 5ea2d6bc2cda3f8edf985e028809f5a9278f404fb8ab24044de9b7cb9b79a691)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://get.helm.sh/helm-v3.20.2-linux-386.tar.gz\"\u003eLinux i386\u003c/a\u003e (\u003ca href=\"https://get.helm.sh/helm-v3.20.2-linux-386.tar.gz.sha256sum\"\u003echecksum\u003c/a\u003e / 88e4c1834307cdbc9f3b80920e1a383e4ba50bb488fb0be1b1fbd4918bb6ae73)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://get.helm.sh/helm-v3.20.2-linux-ppc64le.tar.gz\"\u003eLinux ppc64le\u003c/a\u003e (\u003ca href=\"https://get.helm.sh/helm-v3.20.2-linux-ppc64le.tar.gz.sha256sum\"\u003echecksum\u003c/a\u003e / 98bb26a2f3c0b0c1a50db3181dff192554e0c204a07427d98d6b01e259f23cbe)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://get.helm.sh/helm-v3.20.2-linux-s390x.tar.gz\"\u003eLinux s390x\u003c/a\u003e (\u003ca href=\"https://get.helm.sh/helm-v3.20.2-linux-s390x.tar.gz.sha256sum\"\u003echecksum\u003c/a\u003e / 584dd77ef8096d6ef939a1822f72840e749fc8311b2b13ae94df5f786862a56b)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://get.helm.sh/helm-v3.20.2-linux-riscv64.tar.gz\"\u003eLinux riscv64\u003c/a\u003e (\u003ca href=\"https://get.helm.sh/helm-v3.20.2-linux-riscv64.tar.gz.sha256sum\"\u003echecksum\u003c/a\u003e / 957391d0710d72678acd09959b5dc77888cd007a78a4b99944d3b2fc7e1895ca)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://get.helm.sh/helm-v3.20.2-windows-amd64.zip\"\u003eWindows amd64\u003c/a\u003e (\u003ca href=\"https://get.helm.sh/helm-v3.20.2-windows-amd64.zip.sha256sum\"\u003echecksum\u003c/a\u003e / 24e8e5b71bab4ee17e6f989931ecf4fb144f9916cbe9990c0b6b2ec7b925c454)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://get.helm.sh/helm-v3.20.2-windows-arm64.zip\"\u003eWindows arm64\u003c/a\u003e (\u003ca href=\"https://get.helm.sh/helm-v3.20.2-windows-arm64.zip.sha256sum\"\u003echecksum\u003c/a\u003e / 7c940a73a6882f50b69aec3282549da4a49917669db18fc503db930fb74b9789)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThe \u003ca href=\"https://helm.sh/docs/intro/quickstart/\"\u003eQuickstart Guide\u003c/a\u003e will get you going from there. For \u003cstrong\u003eupgrade instructions\u003c/strong\u003e or detailed installation notes, check the \u003ca href=\"https://helm.sh/docs/intro/install/\"\u003einstall guide\u003c/a\u003e. You can also use a \u003ca href=\"https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3\"\u003escript to install\u003c/a\u003e on any system with \u003ccode\u003ebash\u003c/code\u003e.\u003c/p\u003e\n\u003ch2\u003eWhat's Next\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e4.1.5 and 3.20.3 are the next patch (bug fix) releases and will be on April 8, 2026\u003c/li\u003e\n\u003cli\u003e4.2.0 and 3.21.0 are the next minor (feature) releases and will be on May 13, 2026\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eChangelog\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: Chart dot-name path bug 8fb76d6ab555577e98e23b7500009537a471feee (George Jenkins)\u003c/li\u003e\n\u003cli\u003efix: pin codeql-action/upload-sarif to commit SHA in scorecards workflow 3a8927e275c50cecde273872dad2a5576bd46375 (Terry Howe)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eHelm v3.20.1 is a patch release. Users are encouraged to upgrade for the best experience.\u003c/p\u003e\n\u003cp\u003eThe community keeps growing, and we'd love to see you there!\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eJoin the discussion in \u003ca href=\"https://kubernetes.slack.com\"\u003eKubernetes Slack\u003c/a\u003e:\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/helm/helm/commit/8fb76d6ab555577e98e23b7500009537a471feee\"\u003e\u003ccode\u003e8fb76d6\u003c/code\u003e\u003c/a\u003e fix: Chart dot-name path bug\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/helm/helm/commit/3a8927e275c50cecde273872dad2a5576bd46375\"\u003e\u003ccode\u003e3a8927e\u003c/code\u003e\u003c/a\u003e fix: pin codeql-action/upload-sarif to commit SHA in scorecards workflow\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/helm/helm/commit/a2369ca71c0ef633bf6e4fccd66d634eb379b371\"\u003e\u003ccode\u003ea2369ca\u003c/code\u003e\u003c/a\u003e chore(deps): bump the k8s-io group with 7 updates\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/helm/helm/commit/90e10564f7ae746a153f3a03006e7061a54ad490\"\u003e\u003ccode\u003e90e1056\u003c/code\u003e\u003c/a\u003e add image index test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/helm/helm/commit/911f2e908ae40b01ca95b857e94b8894043f64fd\"\u003e\u003ccode\u003e911f2e9\u003c/code\u003e\u003c/a\u003e fix pulling charts from OCI indices\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/helm/helm/commit/76dad33fb1a2b6451920429b4f5f2dd575ea71bb\"\u003e\u003ccode\u003e76dad33\u003c/code\u003e\u003c/a\u003e Remove refactorring changes from coalesce_test.go\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/helm/helm/commit/45c12f71407b6054a37d3e425d5293ee79a1ab37\"\u003e\u003ccode\u003e45c12f7\u003c/code\u003e\u003c/a\u003e Fix import\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/helm/helm/commit/26c6f19f967941dbe53bfb5e52d419b3b3e46075\"\u003e\u003ccode\u003e26c6f19\u003c/code\u003e\u003c/a\u003e Update pkg/chart/common/util/coalesce_test.go\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/helm/helm/commit/09f5129d49a14c9336cea6f33adf5f52889915ef\"\u003e\u003ccode\u003e09f5129\u003c/code\u003e\u003c/a\u003e Fix lint warning\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/helm/helm/commit/417deb2b6b7504357b0f580b76f5eed1bb8a5270\"\u003e\u003ccode\u003e417deb2\u003c/code\u003e\u003c/a\u003e Preserve nil values in chart already\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/helm/helm/compare/v3.19.2...v3.20.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/in-toto/in-toto-golang` from 0.9.0 to 0.11.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/in-toto/in-toto-golang/releases\"\u003egithub.com/in-toto/in-toto-golang's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.11.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003echore(deps): bump the all group with 2 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/in-toto/in-toto-golang/pull/453\"\u003ein-toto/in-toto-golang#453\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump the all group across 1 directory with 2 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/in-toto/in-toto-golang/pull/452\"\u003ein-toto/in-toto-golang#452\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump google.golang.org/grpc from 1.79.1 to 1.79.3 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/in-toto/in-toto-golang/pull/457\"\u003ein-toto/in-toto-golang#457\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump github.com/go-jose/go-jose/v4 from 4.1.3 to 4.1.4 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/in-toto/in-toto-golang/pull/459\"\u003ein-toto/in-toto-golang#459\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ematch: Replace ^ with ! for negation in character classes by \u003ca href=\"https://github.com/adityasaky\"\u003e\u003ccode\u003e@​adityasaky\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/in-toto/in-toto-golang/pull/462\"\u003ein-toto/in-toto-golang#462\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/in-toto/in-toto-golang/compare/v0.10.0...v0.11.0\"\u003ehttps://github.com/in-toto/in-toto-golang/compare/v0.10.0...v0.11.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev0.10.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003echore(deps): bump google.golang.org/grpc from 1.54.0 to 1.55.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/in-toto/in-toto-golang/pull/232\"\u003ein-toto/in-toto-golang#232\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate maintainers and governance by \u003ca href=\"https://github.com/adityasaky\"\u003e\u003ccode\u003e@​adityasaky\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/in-toto/in-toto-golang/pull/233\"\u003ein-toto/in-toto-golang#233\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump github.com/stretchr/testify from 1.8.2 to 1.8.3 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/in-toto/in-toto-golang/pull/234\"\u003ein-toto/in-toto-golang#234\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump github.com/spiffe/go-spiffe/v2 from 2.1.3 to 2.1.5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/in-toto/in-toto-golang/pull/235\"\u003ein-toto/in-toto-golang#235\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump github.com/stretchr/testify from 1.8.3 to 1.8.4 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/in-toto/in-toto-golang/pull/236\"\u003ein-toto/in-toto-golang#236\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix expired signature in test by \u003ca href=\"https://github.com/adityasaky\"\u003e\u003ccode\u003e@​adityasaky\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/in-toto/in-toto-golang/pull/241\"\u003ein-toto/in-toto-golang#241\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump golang.org/x/sys from 0.8.0 to 0.9.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/in-toto/in-toto-golang/pull/240\"\u003ein-toto/in-toto-golang#240\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump github.com/spiffe/go-spiffe/v2 from 2.1.5 to 2.1.6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/in-toto/in-toto-golang/pull/239\"\u003ein-toto/in-toto-golang#239\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump google.golang.org/grpc from 1.55.0 to 1.56.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/in-toto/in-toto-golang/pull/242\"\u003ein-toto/in-toto-golang#242\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump google.golang.org/grpc from 1.56.0 to 1.56.1 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/in-toto/in-toto-golang/pull/243\"\u003ein-toto/in-toto-golang#243\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate GitHub Actions workflows by \u003ca href=\"https://github.com/adityasaky\"\u003e\u003ccode\u003e@​adityasaky\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/in-toto/in-toto-golang/pull/246\"\u003ein-toto/in-toto-golang#246\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump golang.org/x/sys from 0.9.0 to 0.10.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/in-toto/in-toto-golang/pull/245\"\u003ein-toto/in-toto-golang#245\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eremove linters that are no longer supported and add to make file by \u003ca href=\"https://github.com/pxp928\"\u003e\u003ccode\u003e@​pxp928\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/in-toto/in-toto-golang/pull/249\"\u003ein-toto/in-toto-golang#249\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd match products feature by \u003ca href=\"https://github.com/adityasaky\"\u003e\u003ccode\u003e@​adityasaky\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/in-toto/in-toto-golang/pull/237\"\u003ein-toto/in-toto-golang#237\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove unfinished link on record stop by \u003ca href=\"https://github.com/PradyumnaKrishna\"\u003e\u003ccode\u003e@​PradyumnaKrishna\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/in-toto/in-toto-golang/pull/248\"\u003ein-toto/in-toto-golang#248\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump google.golang.org/grpc from 1.56.1 to 1.56.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/in-toto/in-toto-golang/pull/250\"\u003ein-toto/in-toto-golang#250\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump github.com/secure-systems-lab/go-securesystemslib from 0.6.0 to 0.7.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/in-toto/in-toto-golang/pull/251\"\u003ein-toto/in-toto-golang#251\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump google.golang.org/grpc from 1.56.2 to 1.57.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/in-toto/in-toto-golang/pull/255\"\u003ein-toto/in-toto-golang#255\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd tests for coverage in envelope.go by \u003ca href=\"https://github.com/adityasaky\"\u003e\u003ccode\u003e@​adityasaky\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/in-toto/in-toto-golang/pull/256\"\u003ein-toto/in-toto-golang#256\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump golang.org/x/sys from 0.10.0 to 0.11.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/in-toto/in-toto-golang/pull/257\"\u003ein-toto/in-toto-golang#257\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump actions/setup-go from 4.0.1 to 4.1.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/in-toto/in-toto-golang/pull/258\"\u003ein-toto/in-toto-golang#258\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump golangci/golangci-lint-action from 3.6.0 to 3.7.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/in-toto/in-toto-golang/pull/259\"\u003ein-toto/in-toto-golang#259\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes filepath pattern matching in windows by \u003ca href=\"https://github.com/PradyumnaKrishna\"\u003e\u003ccode\u003e@​PradyumnaKrishna\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/in-toto/in-toto-golang/pull/254\"\u003ein-toto/in-toto-golang#254\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump actions/checkout from 3.5.3 to 3.6.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/in-toto/in-toto-golang/pull/261\"\u003ein-toto/in-toto-golang#261\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump actions/checkout from 3.6.0 to 4.0.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/in-toto/in-toto-golang/pull/262\"\u003ein-toto/in-toto-golang#262\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump golang.org/x/sys from 0.11.0 to 0.12.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/in-toto/in-toto-golang/pull/263\"\u003ein-toto/in-toto-golang#263\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump google.golang.org/grpc from 1.57.0 to 1.58.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/in-toto/in-toto-golang/pull/264\"\u003ein-toto/in-toto-golang#264\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump google.golang.org/grpc from 1.58.0 to 1.58.1 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/in-toto/in-toto-golang/pull/266\"\u003ein-toto/in-toto-golang#266\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDeprecate Provenance v1 struct in favor of /attestation protobufs by \u003ca href=\"https://github.com/marcelamelara\"\u003e\u003ccode\u003e@​marcelamelara\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/in-toto/in-toto-golang/pull/267\"\u003ein-toto/in-toto-golang#267\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump google.golang.org/grpc from 1.58.1 to 1.58.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/in-toto/in-toto-golang/pull/269\"\u003ein-toto/in-toto-golang#269\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump actions/checkout from 4.0.0 to 4.1.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/in-toto/in-toto-golang/pull/270\"\u003ein-toto/in-toto-golang#270\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDrop use of \u003ccode\u003eany\u003c/code\u003e for hash objects by \u003ca href=\"https://github.com/adityasaky\"\u003e\u003ccode\u003e@​adityasaky\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/in-toto/in-toto-golang/pull/238\"\u003ein-toto/in-toto-golang#238\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump golang.org/x/sys from 0.12.0 to 0.13.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/in-toto/in-toto-golang/pull/271\"\u003ein-toto/in-toto-golang#271\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump github.com/google/go-cmp from 0.5.9 to 0.6.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/in-toto/in-toto-golang/pull/273\"\u003ein-toto/in-toto-golang#273\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump google.golang.org/grpc from 1.58.2 to 1.58.3 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/in-toto/in-toto-golang/pull/272\"\u003ein-toto/in-toto-golang#272\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump golang.org/x/net from 0.12.0 to 0.17.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/in-toto/in-toto-golang/pull/274\"\u003ein-toto/in-toto-golang#274\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump google.golang.org/grpc from 1.58.3 to 1.59.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/in-toto/in-toto-golang/pull/275\"\u003ein-toto/in-toto-golang#275\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/in-toto/in-toto-golang/commit/36d782ffb2ca3adbffcdce1fd971c23319dd4469\"\u003e\u003ccode\u003e36d782f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/in-toto/in-toto-golang/issues/462\"\u003e#462\u003c/a\u003e from in-toto/fix-negation-character\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/in-toto/in-toto-golang/commit/4a09e3bbc44bc687577b6532e57e8a4abfa5ddf4\"\u003e\u003ccode\u003e4a09e3b\u003c/code\u003e\u003c/a\u003e match: Replace ^ with ! for negation in character classes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/in-toto/in-toto-golang/commit/c3302e8bc36e46119f7ae17c07eb879ff3507caa\"\u003e\u003ccode\u003ec3302e8\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/in-toto/in-toto-golang/issues/459\"\u003e#459\u003c/a\u003e from in-toto/dependabot/go_modules/github.com/go-jose...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/in-toto/in-toto-golang/commit/016e87efbb55c6dd8772ce227002eeb1b6e3f593\"\u003e\u003ccode\u003e016e87e\u003c/code\u003e\u003c/a\u003e chore(deps): bump github.com/go-jose/go-jose/v4 from 4.1.3 to 4.1.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/in-toto/in-toto-golang/commit/5b9df76e685eaa0a950ea9ba3f4a5561e87e13ad\"\u003e\u003ccode\u003e5b9df76\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/in-toto/in-toto-golang/issues/457\"\u003e#457\u003c/a\u003e from in-toto/dependabot/go_modules/google.golang.org/...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/in-toto/in-toto-golang/commit/595b3fe0a13f481eb0ef898ccaff5e345e492a2f\"\u003e\u003ccode\u003e595b3fe\u003c/code\u003e\u003c/a\u003e chore(deps): bump google.golang.org/grpc from 1.79.1 to 1.79.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/in-toto/in-toto-golang/commit/e396d248c9cf19f9e144f4e90c476af88742bf35\"\u003e\u003ccode\u003ee396d24\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/in-toto/in-toto-golang/issues/452\"\u003e#452\u003c/a\u003e from in-toto/dependabot/github_actions/all-502588e1ca\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/in-toto/in-toto-golang/commit/142b779059713332fe5c7856e98f1c564c6d6a09\"\u003e\u003ccode\u003e142b779\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/in-toto/in-toto-golang/issues/453\"\u003e#453\u003c/a\u003e from in-toto/dependabot/go_modules/all-d8ef5820aa\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/in-toto/in-toto-golang/commit/f741bcc43330554606b813fa0f8fe0c284fcdaea\"\u003e\u003ccode\u003ef741bcc\u003c/code\u003e\u003c/a\u003e chore(deps): bump the all group with 2 updates\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/in-toto/in-toto-golang/commit/c374dc9808137651fe8754eed363ec816cd59d2a\"\u003e\u003ccode\u003ec374dc9\u003c/code\u003e\u003c/a\u003e chore(deps): bump the all group across 1 directory with 2 updates\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/in-toto/in-toto-golang/compare/v0.9.0...v0.11.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/theupdateframework/go-tuf/v2` from 2.0.2 to 2.4.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/theupdateframework/go-tuf/releases\"\u003egithub.com/theupdateframework/go-tuf/v2's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.4.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003echore(deps): bump github.com/sigstore/sigstore from 1.10.3 to 1.10.4 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/theupdateframework/go-tuf/pull/718\"\u003etheupdateframework/go-tuf#718\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEnforce a stricter validation on the repo name for TAP 4 by \u003ca href=\"https://github.com/rdimitrov\"\u003e\u003ccode\u003e@​rdimitrov\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theupdateframework/go-tuf/pull/720\"\u003etheupdateframework/go-tuf#720\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/theupdateframework/go-tuf/compare/v2.4.0...v2.4.1\"\u003ehttps://github.com/theupdateframework/go-tuf/compare/v2.4.0...v2.4.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.4.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd BitLength validation for SuccinctRoles by \u003ca href=\"https://github.com/rdimitrov\"\u003e\u003ccode\u003e@​rdimitrov\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theupdateframework/go-tuf/pull/716\"\u003etheupdateframework/go-tuf#716\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd thread safety documentation for key types by \u003ca href=\"https://github.com/rdimitrov\"\u003e\u003ccode\u003e@​rdimitrov\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theupdateframework/go-tuf/pull/715\"\u003etheupdateframework/go-tuf#715\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse restrictive permissions (0700) for cache directories by \u003ca href=\"https://github.com/rdimitrov\"\u003e\u003ccode\u003e@​rdimitrov\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theupdateframework/go-tuf/pull/714\"\u003etheupdateframework/go-tuf#714\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBreaking change: Replace panic with error return in Key.ID() by \u003ca href=\"https://github.com/rdimitrov\"\u003e\u003ccode\u003e@​rdimitrov\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theupdateframework/go-tuf/pull/713\"\u003etheupdateframework/go-tuf#713\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/theupdateframework/go-tuf/compare/v2.3.1...v2.4.0\"\u003ehttps://github.com/theupdateframework/go-tuf/compare/v2.3.1...v2.4.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.3.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003echore(deps): bump golang.org/x/crypto from 0.40.0 to 0.45.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/theupdateframework/go-tuf/pull/702\"\u003etheupdateframework/go-tuf#702\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eResolve govulncheck errors by bumping go to 1.24.11 by \u003ca href=\"https://github.com/rdimitrov\"\u003e\u003ccode\u003e@​rdimitrov\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theupdateframework/go-tuf/pull/707\"\u003etheupdateframework/go-tuf#707\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump github.com/spf13/cobra from 1.10.1 to 1.10.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/theupdateframework/go-tuf/pull/704\"\u003etheupdateframework/go-tuf#704\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003emodern go (1.20+) improvements by \u003ca href=\"https://github.com/udf2457\"\u003e\u003ccode\u003e@​udf2457\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theupdateframework/go-tuf/pull/705\"\u003etheupdateframework/go-tuf#705\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump github.com/sigstore/sigstore from 1.9.5 to 1.10.3 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/theupdateframework/go-tuf/pull/706\"\u003etheupdateframework/go-tuf#706\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump github.com/secure-systems-lab/go-securesystemslib from 0.9.1 to 0.10.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/theupdateframework/go-tuf/pull/708\"\u003etheupdateframework/go-tuf#708\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePerform type assertion by \u003ca href=\"https://github.com/kommendorkapten\"\u003e\u003ccode\u003e@​kommendorkapten\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theupdateframework/go-tuf/pull/710\"\u003etheupdateframework/go-tuf#710\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd tests for failing type assertions by \u003ca href=\"https://github.com/rdimitrov\"\u003e\u003ccode\u003e@​rdimitrov\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theupdateframework/go-tuf/pull/711\"\u003etheupdateframework/go-tuf#711\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eVerify threshold is valid by \u003ca href=\"https://github.com/kommendorkapten\"\u003e\u003ccode\u003e@​kommendorkapten\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theupdateframework/go-tuf/pull/712\"\u003etheupdateframework/go-tuf#712\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/theupdateframework/go-tuf/compare/v2.3.0...v2.3.1\"\u003ehttps://github.com/theupdateframework/go-tuf/compare/v2.3.0...v2.3.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.3.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate the config for govulncheck by \u003ca href=\"https://github.com/rdimitrov\"\u003e\u003ccode\u003e@​rdimitrov\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theupdateframework/go-tuf/pull/697\"\u003etheupdateframework/go-tuf#697\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump Go to 1.24.9 by \u003ca href=\"https://github.com/rdimitrov\"\u003e\u003ccode\u003e@​rdimitrov\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theupdateframework/go-tuf/pull/698\"\u003etheupdateframework/go-tuf#698\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/theupdateframework/go-tuf/compare/v2.2.0...v2.3.0\"\u003ehttps://github.com/theupdateframework/go-tuf/compare/v2.2.0...v2.3.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.2.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: treat http 403 as an updater error by \u003ca href=\"https://github.com/MDr164\"\u003e\u003ccode\u003e@​MDr164\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theupdateframework/go-tuf/pull/687\"\u003etheupdateframework/go-tuf#687\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump github.com/sigstore/sigstore from 1.8.4 to 1.8.7 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/theupdateframework/go-tuf/pull/646\"\u003etheupdateframework/go-tuf#646\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump github.com/cenkalti/backoff/v5 from 5.0.2 to 5.0.3 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/theupdateframework/go-tuf/pull/690\"\u003etheupdateframework/go-tuf#690\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump github.com/secure-systems-lab/go-securesystemslib from 0.9.0 to 0.9.1 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/theupdateframework/go-tuf/pull/691\"\u003etheupdateframework/go-tuf#691\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump github.com/stretchr/testify from 1.10.0 to 1.11.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/theupdateframework/go-tuf/pull/692\"\u003etheupdateframework/go-tuf#692\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump github.com/stretchr/testify from 1.11.0 to 1.11.1 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/theupdateframework/go-tuf/pull/693\"\u003etheupdateframework/go-tuf#693\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump github.com/spf13/cobra from 1.9.1 to 1.10.1 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/theupdateframework/go-tuf/pull/694\"\u003etheupdateframework/go-tuf#694\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theupdateframework/go-tuf/commit/d361e2ea24e427581343dee5c7a32b485d79fcc0\"\u003e\u003ccode\u003ed361e2e\u003c/code\u003e\u003c/a\u003e Enforce a stricter validation on the repo name for TAP 4 (\u003ca href=\"https://redirect.github.com/theupdateframework/go-tuf/issues/720\"\u003e#720\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theupdateframework/go-tuf/commit/29aae36c83127913c24e881bc1f95dbb0f0961e6\"\u003e\u003ccode\u003e29aae36\u003c/code\u003e\u003c/a\u003e chore(deps): bump github.com/sigstore/sigstore from 1.10.3 to 1.10.4 (\u003ca href=\"https://redirect.github.com/theupdateframework/go-tuf/issues/718\"\u003e#718\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theupdateframework/go-tuf/commit/bde5f18dc95dfac365fc452ee4e278e5fd66d4b4\"\u003e\u003ccode\u003ebde5f18\u003c/code\u003e\u003c/a\u003e Replace panic with error return in Key.ID() (\u003ca href=\"https://redirect.github.com/theupdateframework/go-tuf/issues/713\"\u003e#713\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theupdateframework/go-tuf/commit/f400bf4c20476804475d34239f01212e1041ec38\"\u003e\u003ccode\u003ef400bf4\u003c/code\u003e\u003c/a\u003e Use restrictive permissions (0700) for cache directories (\u003ca href=\"https://redirect.github.com/theupdateframework/go-tuf/issues/714\"\u003e#714\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theupdateframework/go-tuf/commit/d2dbc180e74f4fe371392bb0b02d5a8659bc2fa4\"\u003e\u003ccode\u003ed2dbc18\u003c/code\u003e\u003c/a\u003e Add thread safety documentation for key types (\u003ca href=\"https://redirect.github.com/theupdateframework/go-tuf/issues/715\"\u003e#715\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theupdateframework/go-tuf/commit/846cd4eccd92b1a333c89cb45cf4f179de74018f\"\u003e\u003ccode\u003e846cd4e\u003c/code\u003e\u003c/a\u003e Add BitLength validation for SuccinctRoles (\u003ca href=\"https://redirect.github.com/theupdateframework/go-tuf/issues/716\"\u003e#716\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theupdateframework/go-tuf/commit/b38d91fdbc69dfe31fe9230d97dafe527ea854a0\"\u003e\u003ccode\u003eb38d91f\u003c/code\u003e\u003c/a\u003e Verify threshold is valid (\u003ca href=\"https://redirect.github.com/theupdateframework/go-tuf/issues/712\"\u003e#712\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theupdateframework/go-tuf/commit/876cf2a82b320be6deb43f4ad629057b209a584e\"\u003e\u003ccode\u003e876cf2a\u003c/code\u003e\u003c/a\u003e Add tests for failing type assertions (\u003ca href=\"https://redirect.github.com/theupdateframework/go-tuf/issues/711\"\u003e#711\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theupdateframework/go-tuf/commit/73345ab6b0eb7e59d525dac17a428f043074cef6\"\u003e\u003ccode\u003e73345ab\u003c/code\u003e\u003c/a\u003e Perform type assertion (\u003ca href=\"https://redirect.github.com/theupdateframework/go-tuf/issues/710\"\u003e#710\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theupdateframework/go-tuf/commit/d3cdc4b2796d8c452ce17766f0cade2e80a3597d\"\u003e\u003ccode\u003ed3cdc4b\u003c/code\u003e\u003c/a\u003e chore(deps): bump github.com/secure-systems-lab/go-securesystemslib from 0.9....\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/theupdateframework/go-tuf/compare/v2.0.2...v2.4.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/anchore/quill` from 0.5.1 to 0.7.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/anchore/quill/releases\"\u003egithub.com/anchore/quill's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003ev0.7.1\u003c/h1\u003e\n\u003ch3\u003eSecurity Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDo not allow for unbounded reads for user controlled input [\u003ca href=\"https://redirect.github.com/anchore/quill/pull/681\"\u003e#681\u003c/a\u003e \u003ca href=\"https://github.com/wagoodman\"\u003e\u003ccode\u003e@​wagoodman\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eAccount for excessive read limits in macho parsing [\u003ca href=\"https://redirect.github.com/anchore/quill/pull/682\"\u003e#682\u003c/a\u003e \u003ca href=\"https://github.com/wagoodman\"\u003e\u003ccode\u003e@​wagoodman\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eValidate developer log URL requests [\u003ca href=\"https://redirect.github.com/anchore/quill/pull/680\"\u003e#680\u003c/a\u003e \u003ca href=\"https://github.com/wagoodman\"\u003e\u003ccode\u003e@​wagoodman\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/anchore/quill/compare/v0.7.0...v0.7.1\"\u003e(Full Changelog)\u003c/a\u003e\u003c/strong\u003e\u003c/p\u003e\n\u003ch1\u003ev0.7.0\u003c/h1\u003e\n\u003ch3\u003eAdded Features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003edry run signing and notarization process before running in production [\u003ca href=\"https://redirect.github.com/anchore/quill/issues/617\"\u003e#617\u003c/a\u003e \u003ca href=\"https://redirect.github.com/anchore/quill/pull/618\"\u003e#618\u003c/a\u003e \u003ca href=\"https://github.com/willmurphyscode\"\u003e\u003ccode\u003e@​willmurphyscode\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eTeamID is not set during signing [\u003ca href=\"https://redirect.github.com/anchore/quill/issues/147\"\u003e#147\u003c/a\u003e \u003ca href=\"https://redirect.github.com/anchore/quill/pull/669\"\u003e#669\u003c/a\u003e \u003ca href=\"https://github.com/jflowers\"\u003e\u003ccode\u003e@​jflowers\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eAdditional Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eTypo in install.sh help text [\u003ca href=\"https://redirect.github.com/anchore/quill/issues/546\"\u003e#546\u003c/a\u003e \u003ca href=\"https://redirect.github.com/anchore/quill/pull/549\"\u003e#549\u003c/a\u003e \u003ca href=\"https://github.com/popey\"\u003e\u003ccode\u003e@​popey\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003emigrate to latest tool ci patterns [\u003ca href=\"https://redirect.github.com/anchore/quill/pull/670\"\u003e#670\u003c/a\u003e \u003ca href=\"https://github.com/spiffcs\"\u003e\u003ccode\u003e@​spiffcs\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eupdate golang to v1.26 [\u003ca href=\"https://redirect.github.com/anchore/quill/pull/668\"\u003e#668\u003c/a\u003e \u003ca href=\"https://github.com/wagoodman\"\u003e\u003ccode\u003e@​wagoodman\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003edoc: Add llms.txt for the 🤖 🕷️ [\u003ca href=\"https://redirect.github.com/anchore/quill/pull/592\"\u003e#592\u003c/a\u003e \u003ca href=\"https://github.com/popey\"\u003e\u003ccode\u003e@​popey\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate dependencies [\u003ca href=\"https://redirect.github.com/anchore/quill/pull/627\"\u003e#627\u003c/a\u003e \u003ca href=\"https://github.com/wagoodman\"\u003e\u003ccode\u003e@​wagoodman\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eAdd periodic workflow to update certs [\u003ca href=\"https://redirect.github.com/anchore/quill/pull/608\"\u003e#608\u003c/a\u003e \u003ca href=\"https://github.com/wagoodman\"\u003e\u003ccode\u003e@​wagoodman\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003elint gh actions with zizmor [\u003ca href=\"https://redirect.github.com/anchore/quill/pull/581\"\u003e#581\u003c/a\u003e \u003ca href=\"https://github.com/willmurphyscode\"\u003e\u003ccode\u003e@​willmurphyscode\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eupdate to go 1.24.x [\u003ca href=\"https://redirect.github.com/anchore/quill/pull/543\"\u003e#543\u003c/a\u003e \u003ca href=\"https://github.com/westonsteimel\"\u003e\u003ccode\u003e@​westonsteimel\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eupdate runners to ubuntu-24.04 [\u003ca href=\"https://redirect.github.com/anchore/quill/pull/541\"\u003e#541\u003c/a\u003e \u003ca href=\"https://github.com/kzantow\"\u003e\u003ccode\u003e@​kzantow\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/anchore/quill/compare/v0.5.1...v0.7.0\"\u003e(Full Changelog)\u003c/a\u003e\u003c/strong\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anchore/quill/commit/9cdb0823ea1d2c45dcc11557f8c5cd7291c75d29\"\u003e\u003ccode\u003e9cdb082\u003c/code\u003e\u003c/a\u003e do not allow for unbounded reads for user controlled input (\u003ca href=\"https://redirect.github.com/anchore/quill/issues/681\"\u003e#681\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anchore/quill/commit/80cf3fe082678af0ec4f9f8dd93f39189d2dc1fe\"\u003e\u003ccode\u003e80cf3fe\u003c/code\u003e\u003c/a\u003e account for excessive read limits in macho parsing code (\u003ca href=\"https://redirect.github.com/anchore/quill/issues/682\"\u003e#682\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anchore/quill/commit/e41d66a517c2dc20ad8e9fbccffbdc6ba5ef0020\"\u003e\u003ccode\u003ee41d66a\u003c/code\u003e\u003c/a\u003e validate developer log URL requests (\u003ca href=\"https://redirect.github.com/anchore/quill/issues/680\"\u003e#680\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anchore/quill/commit/899202c7eace3de7b3f4f7461bdfd1c4c38701db\"\u003e\u003ccode\u003e899202c\u003c/code\u003e\u003c/a\u003e update cred var values for p12 in release (\u003ca href=\"https://redirect.github.com/anchore/quill/issues/679\"\u003e#679\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anchore/quill/commit/c73a37bd3b655633c1bd5466c2b2f65b2ae4032c\"\u003e\u003ccode\u003ec73a37b\u003c/code\u003e\u003c/a\u003e remove goreleaser config for release step + update tool refs (\u003ca href=\"https://redirect.github.com/anchore/quill/issues/678\"\u003e#678\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anchore/quill/commit/95e119c6cb513a69f6b45d3e86a9fbcb2c77b669\"\u003e\u003ccode\u003e95e119c\u003c/code\u003e\u003c/a\u003e persist credentials for git (\u003ca href=\"https://redirect.github.com/anchore/quill/issues/677\"\u003e#677\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anchore/quill/commit/02e765ab563811d7a3f0ede8df36977da92e8779\"\u003e\u003ccode\u003e02e765a\u003c/code\u003e\u003c/a\u003e chore(deps): bump github.com/aws/aws-sdk-go-v2/config (\u003ca href=\"https://redirect.github.com/anchore/quill/issues/663\"\u003e#663\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anchore/quill/commit/530bb7f3ddf667d262891b79fb15c0147d81cf11\"\u003e\u003ccode\u003e530bb7f\u003c/code\u003e\u003c/a\u003e add test notarize command (\u003ca href=\"https://redirect.github.com/anchore/quill/issues/618\"\u003e#618\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anchore/quill/commit/3e8269c31055b1878a34c1954347254a42b37452\"\u003e\u003ccode\u003e3e8269c\u003c/code\u003e\u003c/a\u003e Set team ID during signing (\u003ca href=\"https://redirect.github.com/anchore/quill/issues/675\"\u003e#675\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anchore/quill/commit/12b3e8eb4c06d7582da9725fad3bc7c268872752\"\u003e\u003ccode\u003e12b3e8e\u003c/code\u003e\u003c/a\u003e chore(deps): bump github.com/blacktop/go-macho from 1.1.259 to 1.1.263 (\u003ca href=\"https://redirect.github.com/anchore/quill/issues/661\"\u003e#661\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/anchore/quill/compare/v0.5.1...v0.7.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream` from 1.7.0 to 1.7.5\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/4599f78694cabb6853addabc6f92cb197fdb5647\"\u003e\u003ccode\u003e4599f78\u003c/code\u003e\u003c/a\u003e Release 2023-08-21\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/2a439ce0fdda24816a5ea71c083765af67e93599\"\u003e\u003ccode\u003e2a439ce\u003c/code\u003e\u003c/a\u003e Regenerated Clients\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/46f31d76b34aefbc66bbfb08d2ef7e22267d4b66\"\u003e\u003ccode\u003e46f31d7\u003c/code\u003e\u003c/a\u003e Update endpoints model\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/525486a4cfa9b8364ea5346a526dd1f92d3edc76\"\u003e\u003ccode\u003e525486a\u003c/code\u003e\u003c/a\u003e Update API model\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/b4e3176642b69937575f61f752f7d094fb6f4084\"\u003e\u003ccode\u003eb4e3176\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/aws/aws-sdk-go-v2/issues/2189\"\u003e#2189\u003c/a\u003e from aws/feat-presign-polly\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/30fe9b8de4c8538156248ae21b577a3e49170750\"\u003e\u003ccode\u003e30fe9b8\u003c/code\u003e\u003c/a\u003e Modify and Merge polly mod import\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/f6c1d4839450e7f99850868570ff0c47850b72ca\"\u003e\u003ccode\u003ef6c1d48\u003c/code\u003e\u003c/a\u003e sync polly presigner from main\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/396f97a998c5fab5bc7ee7bd4297c6d0f42b661e\"\u003e\u003ccode\u003e396f97a\u003c/code\u003e\u003c/a\u003e Release 2023-08-18\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/08ab45438df135fc66f2eaf80032694ff2486db3\"\u003e\u003ccode\u003e08ab454\u003c/code\u003e\u003c/a\u003e Regenerated Clients\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/b50999bacbf780bf55d5c2b051c96e5c4467a5f6\"\u003e\u003ccode\u003eb50999b\u003c/code\u003e\u003c/a\u003e Update SDK's smithy-go dependency to v1.14.2\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/aws/aws-sdk-go-v2/compare/v1.7.0...service/m2/v1.7.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/buger/jsonparser` from 1.1.1 to 1.1.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/buger/jsonparser/releases\"\u003egithub.com/buger/jsonparser's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.1.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdated travis to build for 1.13 to 1.15 by \u003ca href=\"https://github.com/janreggie\"\u003e\u003ccode\u003e@​janreggie\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/buger/jsonparser/pull/225\"\u003ebuger/jsonparser#225\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\n\u003cul\u003e\n\u003cli\u003eeliminate 2 allocations in EachKey() by \u003ca href=\"https://github.com/Villenny\"\u003e\u003ccode\u003e@​Villenny\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/buger/jsonparser/pull/223\"\u003ebuger/jsonparser#223\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003efix issue \u003ca href=\"https://redirect.github.com/buger/jsonparser/issues/150\"\u003e#150\u003c/a\u003e (in deleting case) by \u003ca href=\"https://github.com/daria-kay\"\u003e\u003ccode\u003e@​daria-kay\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/buger/jsonparser/pull/226\"\u003ebuger/jsonparser#226\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efixing the oss-fuzz issue by \u003ca href=\"https://github.com/daria-kay\"\u003e\u003ccode\u003e@​daria-kay\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/buger/jsonparser/pull/227\"\u003ebuger/jsonparser#227\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix parseInt overflow check false negative by \u003ca href=\"https://github.com/carsonip\"\u003e\u003ccode\u003e@​carsonip\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/buger/jsonparser/pull/231\"\u003ebuger/jsonparser#231\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded bespoke error for null cases by \u003ca href=\"https://github.com/jonomacd\"\u003e\u003ccode\u003e@​jonomacd\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/buger/jsonparser/pull/228\"\u003ebuger/jsonparser#228\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFuzzing: Add CIFuzz by \u003ca href=\"https://github.com/AdamKorcz\"\u003e\u003ccode\u003e@​AdamKorcz\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/buger/jsonparser/pull/239\"\u003ebuger/jsonparser#239\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded latest versions of go to tests by \u003ca href=\"https://github.com/moredure\"\u003e\u003ccode\u003e@​moredure\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/buger/jsonparser/pull/244\"\u003ebuger/jsonparser#244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix EachKey pIdxFlags allocation by \u003ca href=\"https://github.com/unxcepted\"\u003e\u003ccode\u003e@​unxcepted\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/buger/jsonparser/pull/241\"\u003ebuger/jsonparser#241\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: prevent panic on negative slice index in Delete with malformed JSON (GO-2026-4514) by \u003ca href=\"https://github.com/dbarrosop\"\u003e\u003ccode\u003e@​dbarrosop\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/buger/jsonparser/pull/276\"\u003ebuger/jsonparser#276\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/janreggie\"\u003e\u003ccode\u003e@​janreggie\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/buger/jsonparser/pull/225\"\u003ebuger/jsonparser#225\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Villenny\"\u003e\u003ccode\u003e@​Villenny\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/buger/jsonparser/pull/223\"\u003ebuger/jsonparser#223\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/daria-kay\"\u003e\u003ccode\u003e@​daria-kay\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/buger/jsonparser/pull/226\"\u003ebuger/jsonparser#226\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/carsonip\"\u003e\u003ccode\u003e@​carsonip\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/buger/jsonparser/pull/231\"\u003ebuger/jsonparser#231\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jonomacd\"\u003e\u003ccode\u003e@​jonomacd\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/buger/jsonparser/pull/228\"\u003ebuger/jsonparser#228\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moredure\"\u003e\u003ccode\u003e@​moredure\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/buger/jsonparser/pull/244\"\u003ebuger/jsonparser#244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/unxcepted\"\u003e\u003ccode\u003e@​unxcepted\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/buger/jsonparser/pull/241\"\u003ebuger/jsonparser#241\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dbarrosop\"\u003e\u003ccode\u003e@​dbarrosop\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/buger/jsonparser/pull/276\"\u003ebuger/jsonparser#276\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/buger/jsonparser/compare/v1.1.1...v1.1.2\"\u003ehttps://github.com/buger/jsonparser/compare/v1.1.1...v1.1.2\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/buger/jsonparser/commit/a69e7e01cd4ad67bdfd3ac2c080b9212af16f4b0\"\u003e\u003ccode\u003ea69e7e0\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/buger/jsonparser/issues/276\"\u003e#276\u003c/a\u003e from dbarrosop/master\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/buger/jsonparser/commit/d3eacc0bab779d6cf98221f5268828fff287876e\"\u003e\u003ccode\u003ed3eacc0\u003c/code\u003e\u003c/a\u003e fix: prevent panic on negative slice index in Delete with malformed JSON (GO-...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/buger/jsonparser/commit/61b32cfdfa0f5d368ef7c7daef28ce12d538740f\"\u003e\u003ccode\u003e61b32cf\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/buger/jsonparser/issues/241\"\u003e#241\u003c/a\u003e from unxcepted/master\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/buger/jsonparser/commit/2181e8398f18397c9cacbaea9889314bb585e868\"\u003e\u003ccode\u003e2181e83\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/buger/jsonparser/issues/244\"\u003e#244\u003c/a\u003e from ScaleChamp/patch-2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/buger/jsonparser/commit/1510b5194182fc2fb898f28cdbceb42fd7258bfa\"\u003e\u003ccode\u003e1510b51\u003c/code\u003e\u003c/a\u003e Added latest versions of go to tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/buger/jsonparser/commit/6fc2e488ed3cc4f1f1debec3b0c70715bd7be6fd\"\u003e\u003ccode\u003e6fc2e48\u003c/code\u003e\u003c/a\u003e fix: eachkey allocation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/buger/jsonparser/commit/a6f867eb7787e4ec54536b77b5d628ddf5c4f73d\"\u003e\u003ccode\u003ea6f867e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/buger/jsonparser/issues/239\"\u003e#239\u003c/a\u003e from AdamKorcz/cifuzz1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/buger/jsonparser/commit/cbc01fdbbe131706e89eeaaf0cd917760d8d3949\"\u003e\u003ccode\u003ecbc01fd\u003c/code\u003e\u003c/a\u003e Fuzzing: Add CIFuzz\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/buger/jsonparser/commit/dc92d6932a1272b4d8f485f798a88c3a75106256\"\u003e\u003ccode\u003edc92d69\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/buger/jsonparser/issues/228\"\u003e#228\u003c/a\u003e from jonomacd/null-handling\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/buger/jsonparser/commit/2d9d6343e8621ddc18c70749663f74bc584c0de4\"\u003e\u003ccode\u003e2d9d634\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/buger/jsonparser/issues/231\"\u003e#231\u003c/a\u003e from carsonip/fix-parseint-overflow-check\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/buger/jsonparser/compare/v1.1.1...v1.1.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/cloudflare/circl` from 1.6.1 to 1.6.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/cloudflare/circl/releases\"\u003egithub.com/cloudflare/circl's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eCIRCL v1.6.3\u003c/h2\u003e\n\u003cp\u003eFix a bug on ecc/p384 scalar multiplication.\u003c/p\u003e\n\u003ch3\u003eWhat's Changed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003esign/mldsa: Check opts for nil value  by \u003ca href=\"https://github.com/armfazh\"\u003e\u003ccode\u003e@​armfazh\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/cloudflare/circl/pull/582\"\u003ecloudflare/circl#582\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eecc/p384: Point addition must handle point doubling case. by \u003ca href=\"https://github.com/armfazh\"\u003e\u003ccode\u003e@​armfazh\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/cloudflare/circl/pull/583\"\u003ecloudflare/circl#583\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRelease CIRCL v1.6.3 by \u003ca href=\"https://github.com/armfazh\"\u003e\u003ccode\u003e@​armfazh\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/cloudflare/circl/pull/584\"\u003ecloudflare/circl#584\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/cloudflare/circl/compare/v1.6.2...v1.6.3\"\u003ehttps://github.com/cloudflare/circl/compare/v1.6.2...v1.6.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eCIRCL v1.6.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNew SLH-DSA, improvements in ML-DSA for arm64.\u003c/li\u003e\n\u003cli\u003eTested compilation on WASM.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eOptimize pairing product computation by moving exponentiations to G1. by \u003ca href=\"https://github.com/dfaranha\"\u003e\u003ccode\u003e@​dfaranha\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/cloudflare/circl/pull/547\"\u003ecloudflare/circl#547\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003esign: Adding SLH-DSA signature by \u003ca href=\"https://github.com/armfazh\"\u003e\u003ccode\u003e@​armfazh\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/cloudflare/circl/pull/512\"\u003ecloudflare/circl#512\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate code generators to CIRCL v1.6.1. by \u003ca href=\"https://github.com/armfazh\"\u003e\u003ccode\u003e@​armfazh\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/cloudflare/circl/pull/548\"\u003ecloudflare/circl#548\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eML-DSA: Add preliminary Wycheproof test vectors by \u003ca href=\"https://github.com/bwesterb\"\u003e\u003ccode\u003e@​bwesterb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/cloudflare/circl/pull/552\"\u003ecloudflare/circl#552\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ego fmt by \u003ca href=\"https://github.com/bwesterb\"\u003e\u003ccode\u003e@​bwesterb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/cloudflare/circl/pull/554\"\u003ecloudflare/circl#554\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003egz-compressing test vectors, use of HexBytes and ReadGzip functions. b...\n\n_Description has been truncated_\n\n\u003c!-- This is an auto-generated description by cubic. --\u003e\n---\n## Summary by cubic\nUpdate Go dependencies across the repo to pick up security fixes and performance improvements. Notable changes include gRPC and Helm security patches and a major `github.com/agentgateway/agentgateway` upgrade with faster CEL evaluation.\n\n- **Dependencies**\n  - `google.golang.org/grpc` → 1.79.3: fixes an auth bypass by rejecting malformed :path headers.\n  - `helm.sh/helm/v3` → 3.20.2: security patch for chart extraction path handling.\n  - `github.com/agentgateway/agentgateway` → 0.12.0: CEL rewrite with large perf gains and minor behavior tweaks.\n  - `github.com/buger/jsonparser` → 1.1.2: fixes panic on malformed JSON.\n  - `github.com/cloudflare/circl` → 1.6.3: bug fix in P-384 scalar multiplication.\n  - `github.com/sigstore/cosign/v2` → 2.6.2 and related `sigstore/*` bumps: supply chain signing updates.\n  - `github.com/moby/spdystream` → 0.5.1: patch applied in root and `hack/utils/applier`.\n  - Tooling/libs: Go 1.25.5, k8s libs v0.35.1, OpenTelemetry 1.39.0, `helm.sh/helm/v3` 3.20.2.\n\n- **Migration**\n  - Review CEL policies with `agentgateway` v0.12.0 (e.g., `base64.encode` naming and stricter variable lookups).\n  - Run an end-to-end smoke test to confirm routes with path-based auth still pass with gRPC’s stricter path validation.\n\n\u003csup\u003eWritten for commit f2d9194e186a8d9e9e41df92f41d5245e7adaa82. Summary will update on new commits.\u003c/sup\u003e\n\n\u003ca href=\"https://cubic.dev/pr/EmilynnJ/kgateway/pull/2?utm_source=github\" target=\"_blank\" rel=\"noopener noreferrer\" data-no-image-dialog=\"true\"\u003e\u003cpicture\u003e\u003csource media=\"(prefers-color-scheme: dark)\" srcset=\"https://cubic.dev/buttons/review-in-cubic-dark.svg\"\u003e\u003csource media=\"(prefers-color-scheme: light)\" srcset=\"https://cubic.dev/buttons/review-in-cubic-light.svg\"\u003e\u003cimg alt=\"Review in cubic\" src=\"https://cubic.dev/buttons/review-in-cubic-dark.svg\"\u003e\u003c/picture\u003e\u003c/a\u003e\n\n\u003c!-- End of auto-generated description by cubic. --\u003e\n\n\n\n\u003c!-- Macroscope's pull request summary starts here --\u003e\n\u003c!-- Macroscope will only edit the content between these invisible markers, and the markers themselves will not be visible in the GitHub rendered markdown. --\u003e\n\u003c!-- If you delete either of the start / end markers from your PR's description, Macroscope will append its summary at the bottom of the description. --\u003e\n\u003e [!NOTE]\n\u003e ### Bump Go dependencies across root and applier modules with 25 updates\n\u003e Updates [go.mod](https://github.com/EmilynnJ/kgateway/pull/2/files#diff-33ef32bf6c23acb95f5902d7097b7a1d5128ca061167ec0716715b0b9eeaa5f6) and [hack/utils/applier/go.mod](https://github.com/EmilynnJ/kgateway/pull/2/files#diff-7d16860419c22926d06b08ae9b67f33b83236c49e7008e3b4c652e3c87df9748) to their latest versions. Key upgrades include Kubernetes libraries to v0.35.1, Helm v3 to v3.20.2, agentgateway to v0.12.0, gRPC/protobuf, and extensive AWS SDK v1/v2 updates. Several indirect dependencies are removed (e.g. `go-chi/chi`, `mitchellh/mapstructure`, `sourcegraph/conc`) and new ones added (e.g. `moby/moby`, `coreos/go-oidc/v3`). Risk: transitive dependency additions and removals may surface unexpected build or runtime behavior in modules that relied on removed packages.\n\u003e\n\u003e \u003c!-- Macroscope's review summary starts here --\u003e\n\u003e\n\u003e \u003csup\u003e\u003ca href=\"https://app.macroscope.com\"\u003eMacroscope\u003c/a\u003e summarized f2d9194.\u003c/sup\u003e\n\u003e \u003c!-- Macroscope's review summary ends here --\u003e\n\u003e\n\u003c!-- macroscope-ui-refresh --\u003e\n\u003c!-- Macroscope's pull request summary ends here --\u003e","html_url":"https://github.com/EmilynnJ/kgateway/pull/2","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/EmilynnJ%2Fkgateway/issues/2","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/2/packages"},{"uuid":"4460468457","node_id":"PR_kwDOCQaX7s7cPDvC","number":2338,"state":"open","title":"CLOUD-727: Bump the go_modules group across 1 directory with 2 updates","user":"dependabot[bot]","labels":["size/S","dependencies"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-16T16:03:07.000Z","updated_at":"2026-05-16T20:22:13.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"CLOUD-727: Bump","group_name":"go_modules","update_count":2,"packages":[{"name":"github.com/Azure/go-ntlmssp","old_version":"0.0.0-20221128193559-754e69321358","new_version":"0.1.1","repository_url":"https://github.com/Azure/go-ntlmssp"},{"name":"github.com/moby/spdystream","old_version":"0.5.0","new_version":"0.5.1","repository_url":"https://github.com/moby/spdystream"}],"path":null,"ecosystem":"go"},"body":"Bumps the go_modules group with 2 updates in the / directory: [github.com/Azure/go-ntlmssp](https://github.com/Azure/go-ntlmssp) and [github.com/moby/spdystream](https://github.com/moby/spdystream).\n\nUpdates `github.com/Azure/go-ntlmssp` from 0.0.0-20221128193559-754e69321358 to 0.1.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Azure/go-ntlmssp/releases\"\u003egithub.com/Azure/go-ntlmssp's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.1.1\u003c/h2\u003e\n\u003cp\u003eFix CVE-2026-32952: A malicious NTLM challenge message can causes an slice out of bounds panic, which can crash any Go process using ntlmssp.Negotiator as an HTTP transport.\u003c/p\u003e\n\u003ch2\u003ev0.1.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump minimum required version to Go 1.24 by \u003ca href=\"https://github.com/qmuntal\"\u003e\u003ccode\u003e@​qmuntal\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Azure/go-ntlmssp/pull/53\"\u003eAzure/go-ntlmssp#53\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix OOM in NTLM negotiator by avoiding buffering of seekable request bodies by \u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Azure/go-ntlmssp/pull/54\"\u003eAzure/go-ntlmssp#54\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDon't modify the rountripped request by \u003ca href=\"https://github.com/qmuntal\"\u003e\u003ccode\u003e@​qmuntal\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Azure/go-ntlmssp/pull/57\"\u003eAzure/go-ntlmssp#57\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix a race occurring when the wrapped Rountripper closes the request body in another goroutine by \u003ca href=\"https://github.com/qmuntal\"\u003e\u003ccode\u003e@​qmuntal\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Azure/go-ntlmssp/pull/58\"\u003eAzure/go-ntlmssp#58\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix a race occurring when the wrapped Rountripper reads request fields in another goroutine by \u003ca href=\"https://github.com/qmuntal\"\u003e\u003ccode\u003e@​qmuntal\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Azure/go-ntlmssp/pull/59\"\u003eAzure/go-ntlmssp#59\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eOnly perform basic auth if requested by the server by \u003ca href=\"https://github.com/qmuntal\"\u003e\u003ccode\u003e@​qmuntal\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Azure/go-ntlmssp/pull/60\"\u003eAzure/go-ntlmssp#60\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDon't pass the original body in the client handshake request by \u003ca href=\"https://github.com/qmuntal\"\u003e\u003ccode\u003e@​qmuntal\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Azure/go-ntlmssp/pull/61\"\u003eAzure/go-ntlmssp#61\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReturn latest server response in case there is an error processing the handshake by \u003ca href=\"https://github.com/qmuntal\"\u003e\u003ccode\u003e@​qmuntal\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Azure/go-ntlmssp/pull/63\"\u003eAzure/go-ntlmssp#63\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSend body on client NTLM handshake  by \u003ca href=\"https://github.com/qmuntal\"\u003e\u003ccode\u003e@​qmuntal\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Azure/go-ntlmssp/pull/64\"\u003eAzure/go-ntlmssp#64\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport user accounts not living in server's domain by \u003ca href=\"https://github.com/qmuntal\"\u003e\u003ccode\u003e@​qmuntal\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Azure/go-ntlmssp/pull/65\"\u003eAzure/go-ntlmssp#65\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImplement NewAuthenticateMessage and deprecate ProcessChallenge by \u003ca href=\"https://github.com/qmuntal\"\u003e\u003ccode\u003e@​qmuntal\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Azure/go-ntlmssp/pull/67\"\u003eAzure/go-ntlmssp#67\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMake basic authentication support opt-in by \u003ca href=\"https://github.com/qmuntal\"\u003e\u003ccode\u003e@​qmuntal\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Azure/go-ntlmssp/pull/66\"\u003eAzure/go-ntlmssp#66\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAllow passing custom client domain and workstation name by \u003ca href=\"https://github.com/qmuntal\"\u003e\u003ccode\u003e@​qmuntal\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Azure/go-ntlmssp/pull/68\"\u003eAzure/go-ntlmssp#68\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eset NEGOTIATE_NTLM and NEGOTIATE_ALWAYS_SIGN capabilities by \u003ca href=\"https://github.com/qmuntal\"\u003e\u003ccode\u003e@​qmuntal\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Azure/go-ntlmssp/pull/69\"\u003eAzure/go-ntlmssp#69\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etesting: add e2e tests by \u003ca href=\"https://github.com/gdams\"\u003e\u003ccode\u003e@​gdams\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Azure/go-ntlmssp/pull/56\"\u003eAzure/go-ntlmssp#56\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qmuntal\"\u003e\u003ccode\u003e@​qmuntal\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/Azure/go-ntlmssp/pull/53\"\u003eAzure/go-ntlmssp#53\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/Azure/go-ntlmssp/pull/54\"\u003eAzure/go-ntlmssp#54\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Azure/go-ntlmssp/compare/v0.0.1...v0.1.0\"\u003ehttps://github.com/Azure/go-ntlmssp/compare/v0.0.1...v0.1.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev0.0.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCommit to Go 1.6 by \u003ca href=\"https://github.com/boumenot\"\u003e\u003ccode\u003e@​boumenot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Azure/go-ntlmssp/pull/5\"\u003eAzure/go-ntlmssp#5\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eHandle http redirect by \u003ca href=\"https://github.com/nqv\"\u003e\u003ccode\u003e@​nqv\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Azure/go-ntlmssp/pull/4\"\u003eAzure/go-ntlmssp#4\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edrain request body for connection reuse by \u003ca href=\"https://github.com/paulmey\"\u003e\u003ccode\u003e@​paulmey\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Azure/go-ntlmssp/pull/6\"\u003eAzure/go-ntlmssp#6\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd CoC notice by \u003ca href=\"https://github.com/paulmey\"\u003e\u003ccode\u003e@​paulmey\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Azure/go-ntlmssp/pull/7\"\u003eAzure/go-ntlmssp#7\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport for auth when server responds with Www-Authenticate: NTLM by \u003ca href=\"https://github.com/lafriks\"\u003e\u003ccode\u003e@​lafriks\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Azure/go-ntlmssp/pull/8\"\u003eAzure/go-ntlmssp#8\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupdate README with example by \u003ca href=\"https://github.com/PaluMacil\"\u003e\u003ccode\u003e@​PaluMacil\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Azure/go-ntlmssp/pull/11\"\u003eAzure/go-ntlmssp#11\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eadd version, domain and workstation fields by \u003ca href=\"https://github.com/justdan96\"\u003e\u003ccode\u003e@​justdan96\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Azure/go-ntlmssp/pull/13\"\u003eAzure/go-ntlmssp#13\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003emove to a current version of Go by \u003ca href=\"https://github.com/boumenot\"\u003e\u003ccode\u003e@​boumenot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Azure/go-ntlmssp/pull/19\"\u003eAzure/go-ntlmssp#19\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e(BUG) Negotiation fails for servers where 'NTLMv2 session security' i… by \u003ca href=\"https://github.com/davejohnston\"\u003e\u003ccode\u003e@​davejohnston\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Azure/go-ntlmssp/pull/18\"\u003eAzure/go-ntlmssp#18\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate negotiator.go by \u003ca href=\"https://github.com/mszuyev\"\u003e\u003ccode\u003e@​mszuyev\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Azure/go-ntlmssp/pull/24\"\u003eAzure/go-ntlmssp#24\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix golint import path by \u003ca href=\"https://github.com/paulmey\"\u003e\u003ccode\u003e@​paulmey\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Azure/go-ntlmssp/pull/25\"\u003eAzure/go-ntlmssp#25\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eadd ProcessChallengeWithHash function by \u003ca href=\"https://github.com/ropnop\"\u003e\u003ccode\u003e@​ropnop\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Azure/go-ntlmssp/pull/27\"\u003eAzure/go-ntlmssp#27\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSet workstation to empty string in authenticate_message.go by \u003ca href=\"https://github.com/Catbuttes\"\u003e\u003ccode\u003e@​Catbuttes\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Azure/go-ntlmssp/pull/30\"\u003eAzure/go-ntlmssp#30\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eChange of the negociator working, to handle several identical header by \u003ca href=\"https://github.com/Resousse\"\u003e\u003ccode\u003e@​Resousse\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Azure/go-ntlmssp/pull/31\"\u003eAzure/go-ntlmssp#31\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport for UPN by \u003ca href=\"https://github.com/tirupatibg\"\u003e\u003ccode\u003e@​tirupatibg\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Azure/go-ntlmssp/pull/32\"\u003eAzure/go-ntlmssp#32\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdding Microsoft SECURITY.MD by \u003ca href=\"https://github.com/microsoft-github-policy-service\"\u003e\u003ccode\u003e@​microsoft-github-policy-service\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/Azure/go-ntlmssp/pull/39\"\u003eAzure/go-ntlmssp#39\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eHandle 3rd return value from GetDomain by \u003ca href=\"https://github.com/opoplawski\"\u003e\u003ccode\u003e@​opoplawski\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Azure/go-ntlmssp/pull/41\"\u003eAzure/go-ntlmssp#41\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003einitial refactor by \u003ca href=\"https://github.com/gdams\"\u003e\u003ccode\u003e@​gdams\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Azure/go-ntlmssp/pull/48\"\u003eAzure/go-ntlmssp#48\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix linter errors by \u003ca href=\"https://github.com/gdams\"\u003e\u003ccode\u003e@​gdams\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Azure/go-ntlmssp/pull/49\"\u003eAzure/go-ntlmssp#49\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eadd dependabot/codeowners + installation instructions by \u003ca href=\"https://github.com/gdams\"\u003e\u003ccode\u003e@​gdams\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Azure/go-ntlmssp/pull/50\"\u003eAzure/go-ntlmssp#50\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/Azure/go-ntlmssp/commits/v0.1.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/moby/spdystream` from 0.5.0 to 0.5.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/moby/spdystream/releases\"\u003egithub.com/moby/spdystream's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.5.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cp\u003eFix memory amplification in SPDY frame parsing leads to denial of service (\u003ca href=\"https://github.com/moby/spdystream/security/advisories/GHSA-pc3f-x583-g7j2\"\u003eCVE-2026-35469\u003c/a\u003e / \u003ca href=\"https://github.com/moby/spdystream/security/advisories/GHSA-pc3f-x583-g7j2\"\u003eGHSA-pc3f-x583-g7j2\u003c/a\u003e)\u003c/p\u003e\n\u003ch3\u003eChanges\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003espdy: fix duplicate license headers, add LICENSE, PATENTS, and update NOTICE \u003ca href=\"https://redirect.github.com/moby/spdystream/pull/106\"\u003emoby/spdystream#106\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: update actions and test against latest Go versions \u003ca href=\"https://redirect.github.com/moby/spdystream/pull/107\"\u003emoby/spdystream#107\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003euse ioutil.Discard for go1.13 compatibility \u003ca href=\"https://redirect.github.com/moby/spdystream/pull/109\"\u003emoby/spdystream#109\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/moby/spdystream/compare/v0.5.0...v0.5.1\"\u003ehttps://github.com/moby/spdystream/compare/v0.5.0...v0.5.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/c59e5d73daa301bde452ea77545bdf51e32554a2\"\u003e\u003ccode\u003ec59e5d7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/moby/spdystream/issues/109\"\u003e#109\u003c/a\u003e from thaJeztah/use_ioutil\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/2fd0155e904f1f9b834b8460e8fdb8522bb59f84\"\u003e\u003ccode\u003e2fd0155\u003c/code\u003e\u003c/a\u003e use ioutil.Discard for go1.13 compatibility\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/ef6121f62c730110bf5ae604a865a8613bfb787f\"\u003e\u003ccode\u003eef6121f\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/241cec95b8f02919845dc4758f1f5310fc886739\"\u003e\u003ccode\u003e241cec9\u003c/code\u003e\u003c/a\u003e compare with signed Int for 32-bit Arm\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/21c38640c8c8f43173b17e5bc6690a5fa25d6935\"\u003e\u003ccode\u003e21c3864\u003c/code\u003e\u003c/a\u003e Add options to customize limits\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/acf9b456d06816c5cf23bf3892e13441f947d5fd\"\u003e\u003ccode\u003eacf9b45\u003c/code\u003e\u003c/a\u003e spdy: update godoc for MaxDataLength\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/eb6360582bf1343f485ca87b76efc9e72b49d690\"\u003e\u003ccode\u003eeb63605\u003c/code\u003e\u003c/a\u003e spdy: limit header-size and header-count\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/2f21da42eaab90f03a82fb03d0de8e91eb1d0fc6\"\u003e\u003ccode\u003e2f21da4\u003c/code\u003e\u003c/a\u003e spdy: fix header block byte accounting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/5976b6612f07a27f2e9a4de875485defb43b5d50\"\u003e\u003ccode\u003e5976b66\u003c/code\u003e\u003c/a\u003e spdy: enforce 24-bit frame length limits\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/cf0ec5d0fe4dbb2f3525f733946e0d0ddbfd5b13\"\u003e\u003ccode\u003ecf0ec5d\u003c/code\u003e\u003c/a\u003e Guard against oversized SPDY frames\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/moby/spdystream/compare/v0.5.0...v0.5.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/percona/percona-server-mongodb-operator/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/percona/percona-server-mongodb-operator/pull/2338","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/percona%2Fpercona-server-mongodb-operator/issues/2338","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/2338/packages"},{"uuid":"4444111915","node_id":"PR_kwDOQVEF4s7bbLuv","number":2,"state":"open","title":"Bump github.com/moby/spdystream from 0.5.0 to 0.5.1 in the go_modules group across 1 directory","user":"dependabot[bot]","labels":["dependencies","go"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-14T07:35:29.000Z","updated_at":"2026-05-15T00:18:40.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"github.com/moby/spdystream","old_version":"0.5.0","new_version":"0.5.1","repository_url":"https://github.com/moby/spdystream"}],"path":"the go_modules group across 1 directory","ecosystem":"go"},"body":"Bumps the go_modules group with 1 update in the / directory: [github.com/moby/spdystream](https://github.com/moby/spdystream).\n\nUpdates `github.com/moby/spdystream` from 0.5.0 to 0.5.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/moby/spdystream/releases\"\u003egithub.com/moby/spdystream's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.5.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cp\u003eFix memory amplification in SPDY frame parsing leads to denial of service (\u003ca href=\"https://github.com/moby/spdystream/security/advisories/GHSA-pc3f-x583-g7j2\"\u003eCVE-2026-35469\u003c/a\u003e / \u003ca href=\"https://github.com/moby/spdystream/security/advisories/GHSA-pc3f-x583-g7j2\"\u003eGHSA-pc3f-x583-g7j2\u003c/a\u003e)\u003c/p\u003e\n\u003ch3\u003eChanges\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003espdy: fix duplicate license headers, add LICENSE, PATENTS, and update NOTICE \u003ca href=\"https://redirect.github.com/moby/spdystream/pull/106\"\u003emoby/spdystream#106\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: update actions and test against latest Go versions \u003ca href=\"https://redirect.github.com/moby/spdystream/pull/107\"\u003emoby/spdystream#107\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003euse ioutil.Discard for go1.13 compatibility \u003ca href=\"https://redirect.github.com/moby/spdystream/pull/109\"\u003emoby/spdystream#109\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/moby/spdystream/compare/v0.5.0...v0.5.1\"\u003ehttps://github.com/moby/spdystream/compare/v0.5.0...v0.5.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/c59e5d73daa301bde452ea77545bdf51e32554a2\"\u003e\u003ccode\u003ec59e5d7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/moby/spdystream/issues/109\"\u003e#109\u003c/a\u003e from thaJeztah/use_ioutil\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/2fd0155e904f1f9b834b8460e8fdb8522bb59f84\"\u003e\u003ccode\u003e2fd0155\u003c/code\u003e\u003c/a\u003e use ioutil.Discard for go1.13 compatibility\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/ef6121f62c730110bf5ae604a865a8613bfb787f\"\u003e\u003ccode\u003eef6121f\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/241cec95b8f02919845dc4758f1f5310fc886739\"\u003e\u003ccode\u003e241cec9\u003c/code\u003e\u003c/a\u003e compare with signed Int for 32-bit Arm\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/21c38640c8c8f43173b17e5bc6690a5fa25d6935\"\u003e\u003ccode\u003e21c3864\u003c/code\u003e\u003c/a\u003e Add options to customize limits\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/acf9b456d06816c5cf23bf3892e13441f947d5fd\"\u003e\u003ccode\u003eacf9b45\u003c/code\u003e\u003c/a\u003e spdy: update godoc for MaxDataLength\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/eb6360582bf1343f485ca87b76efc9e72b49d690\"\u003e\u003ccode\u003eeb63605\u003c/code\u003e\u003c/a\u003e spdy: limit header-size and header-count\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/2f21da42eaab90f03a82fb03d0de8e91eb1d0fc6\"\u003e\u003ccode\u003e2f21da4\u003c/code\u003e\u003c/a\u003e spdy: fix header block byte accounting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/5976b6612f07a27f2e9a4de875485defb43b5d50\"\u003e\u003ccode\u003e5976b66\u003c/code\u003e\u003c/a\u003e spdy: enforce 24-bit frame length limits\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/cf0ec5d0fe4dbb2f3525f733946e0d0ddbfd5b13\"\u003e\u003ccode\u003ecf0ec5d\u003c/code\u003e\u003c/a\u003e Guard against oversized SPDY frames\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/moby/spdystream/compare/v0.5.0...v0.5.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/moby/spdystream\u0026package-manager=go_modules\u0026previous-version=0.5.0\u0026new-version=0.5.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/GlacierEQ/k8z/network/alerts).\n\n\u003c/details\u003e\n\n---\n\n🔒 This PR updates the `github.com/moby/spdystream` dependency from version 0.5.0 to 0.5.1, addressing a critical security vulnerability (CVE-2026-35469) that could lead to denial of service attacks through memory amplification in SPDY frame parsing. This is an automated dependency update managed by Dependabot that requires no code changes but provides important security improvements.\n\n\u003cdetails\u003e\n\u003csummary\u003e🔍 \u003cstrong\u003eDetailed Analysis\u003c/strong\u003e\u003c/summary\u003e\n\n### Key Changes\n- **Security Update**: Fixes memory amplification vulnerability in SPDY frame parsing (CVE-2026-35469/GHSA-pc3f-x583-g7j2)\n- **Dependency Management**: Updates indirect dependency from v0.5.0 to v0.5.1 in go.mod\n- **Compatibility**: Maintains Go 1.13 compatibility with ioutil.Discard usage\n\n### Technical Implementation\n```mermaid\nflowchart TD\n    A[Dependabot Scan] --\u003e B[Vulnerability Detected]\n    B --\u003e C[CVE-2026-35469: Memory Amplification]\n    C --\u003e D[Update spdystream v0.5.0 → v0.5.1]\n    D --\u003e E[Security Fix Applied]\n    E --\u003e F[DoS Protection Enabled]\n    \n    G[SPDY Frame Parsing] --\u003e H[Frame Length Limits]\n    H --\u003e I[Header Size Limits]\n    I --\u003e J[Memory Usage Control]\n```\n\n### Impact\n- **Security Enhancement**: Eliminates denial of service vulnerability through improved frame parsing limits\n- **Stability Improvement**: Adds proper bounds checking for SPDY frame lengths and header sizes\n- **Zero Breaking Changes**: Indirect dependency update with no API changes or compatibility issues\n\n\u003c/details\u003e\n\n_Created with [Palmier](https://www.palmier.io)_","html_url":"https://github.com/GlacierEQ/k8z/pull/2","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/GlacierEQ%2Fk8z/issues/2","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/2/packages"},{"uuid":"4406616632","node_id":"PR_kwDOCAWh-M7Ziv3C","number":434,"state":"closed","title":"Bump github.com/moby/spdystream from 0.5.0 to 0.5.1 in /cluster-autoscaler/e2e","user":"dependabot[bot]","labels":["size/XS","dependencies","go","cla: yes","do-not-merge/needs-kind"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":"2026-05-11T11:08:53.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-08T13:07:40.000Z","updated_at":"2026-05-11T11:09:03.000Z","time_to_close":252073,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"github.com/moby/spdystream","old_version":"0.5.0","new_version":"0.5.1","repository_url":"https://github.com/moby/spdystream"}],"path":"/cluster-autoscaler/e2e","ecosystem":"go"},"body":"Bumps [github.com/moby/spdystream](https://github.com/moby/spdystream) from 0.5.0 to 0.5.1.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/moby/spdystream/releases\"\u003egithub.com/moby/spdystream's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.5.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cp\u003eFix memory amplification in SPDY frame parsing leads to denial of service (\u003ca href=\"https://github.com/moby/spdystream/security/advisories/GHSA-pc3f-x583-g7j2\"\u003eCVE-2026-35469\u003c/a\u003e / \u003ca href=\"https://github.com/moby/spdystream/security/advisories/GHSA-pc3f-x583-g7j2\"\u003eGHSA-pc3f-x583-g7j2\u003c/a\u003e)\u003c/p\u003e\n\u003ch3\u003eChanges\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003espdy: fix duplicate license headers, add LICENSE, PATENTS, and update NOTICE \u003ca href=\"https://redirect.github.com/moby/spdystream/pull/106\"\u003emoby/spdystream#106\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: update actions and test against latest Go versions \u003ca href=\"https://redirect.github.com/moby/spdystream/pull/107\"\u003emoby/spdystream#107\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003euse ioutil.Discard for go1.13 compatibility \u003ca href=\"https://redirect.github.com/moby/spdystream/pull/109\"\u003emoby/spdystream#109\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/moby/spdystream/compare/v0.5.0...v0.5.1\"\u003ehttps://github.com/moby/spdystream/compare/v0.5.0...v0.5.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/c59e5d73daa301bde452ea77545bdf51e32554a2\"\u003e\u003ccode\u003ec59e5d7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/moby/spdystream/issues/109\"\u003e#109\u003c/a\u003e from thaJeztah/use_ioutil\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/2fd0155e904f1f9b834b8460e8fdb8522bb59f84\"\u003e\u003ccode\u003e2fd0155\u003c/code\u003e\u003c/a\u003e use ioutil.Discard for go1.13 compatibility\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/ef6121f62c730110bf5ae604a865a8613bfb787f\"\u003e\u003ccode\u003eef6121f\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/241cec95b8f02919845dc4758f1f5310fc886739\"\u003e\u003ccode\u003e241cec9\u003c/code\u003e\u003c/a\u003e compare with signed Int for 32-bit Arm\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/21c38640c8c8f43173b17e5bc6690a5fa25d6935\"\u003e\u003ccode\u003e21c3864\u003c/code\u003e\u003c/a\u003e Add options to customize limits\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/acf9b456d06816c5cf23bf3892e13441f947d5fd\"\u003e\u003ccode\u003eacf9b45\u003c/code\u003e\u003c/a\u003e spdy: update godoc for MaxDataLength\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/eb6360582bf1343f485ca87b76efc9e72b49d690\"\u003e\u003ccode\u003eeb63605\u003c/code\u003e\u003c/a\u003e spdy: limit header-size and header-count\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/2f21da42eaab90f03a82fb03d0de8e91eb1d0fc6\"\u003e\u003ccode\u003e2f21da4\u003c/code\u003e\u003c/a\u003e spdy: fix header block byte accounting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/5976b6612f07a27f2e9a4de875485defb43b5d50\"\u003e\u003ccode\u003e5976b66\u003c/code\u003e\u003c/a\u003e spdy: enforce 24-bit frame length limits\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/cf0ec5d0fe4dbb2f3525f733946e0d0ddbfd5b13\"\u003e\u003ccode\u003ecf0ec5d\u003c/code\u003e\u003c/a\u003e Guard against oversized SPDY frames\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/moby/spdystream/compare/v0.5.0...v0.5.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/moby/spdystream\u0026package-manager=go_modules\u0026previous-version=0.5.0\u0026new-version=0.5.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/gardener/autoscaler/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/gardener/autoscaler/pull/434","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/gardener%2Fautoscaler/issues/434","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/434/packages"},{"uuid":"4366094588","node_id":"PR_kwDOCtTBt87XgN2U","number":827,"state":"closed","title":"chore(deps): bump github.com/moby/spdystream from 0.5.0 to 0.5.1","user":"dependabot[bot]","labels":["lgtm","cncf-cla: yes","size/L","approved","ok-to-test","dependencies","go"],"assignees":["cheftako"],"locked":false,"comments_count":4,"pull_request":true,"closed_at":"2026-05-01T20:40:37.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-01T18:46:23.000Z","updated_at":"2026-05-01T20:40:44.000Z","time_to_close":6854,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps)","packages":[{"name":"github.com/moby/spdystream","old_version":"0.5.0","new_version":"0.5.1","repository_url":"https://github.com/moby/spdystream"}],"path":null,"ecosystem":"go"},"body":"Bumps [github.com/moby/spdystream](https://github.com/moby/spdystream) from 0.5.0 to 0.5.1.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/moby/spdystream/releases\"\u003egithub.com/moby/spdystream's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.5.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cp\u003eFix memory amplification in SPDY frame parsing leads to denial of service (\u003ca href=\"https://github.com/moby/spdystream/security/advisories/GHSA-pc3f-x583-g7j2\"\u003eCVE-2026-35469\u003c/a\u003e / \u003ca href=\"https://github.com/moby/spdystream/security/advisories/GHSA-pc3f-x583-g7j2\"\u003eGHSA-pc3f-x583-g7j2\u003c/a\u003e)\u003c/p\u003e\n\u003ch3\u003eChanges\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003espdy: fix duplicate license headers, add LICENSE, PATENTS, and update NOTICE \u003ca href=\"https://redirect.github.com/moby/spdystream/pull/106\"\u003emoby/spdystream#106\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: update actions and test against latest Go versions \u003ca href=\"https://redirect.github.com/moby/spdystream/pull/107\"\u003emoby/spdystream#107\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003euse ioutil.Discard for go1.13 compatibility \u003ca href=\"https://redirect.github.com/moby/spdystream/pull/109\"\u003emoby/spdystream#109\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/moby/spdystream/compare/v0.5.0...v0.5.1\"\u003ehttps://github.com/moby/spdystream/compare/v0.5.0...v0.5.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/c59e5d73daa301bde452ea77545bdf51e32554a2\"\u003e\u003ccode\u003ec59e5d7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/moby/spdystream/issues/109\"\u003e#109\u003c/a\u003e from thaJeztah/use_ioutil\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/2fd0155e904f1f9b834b8460e8fdb8522bb59f84\"\u003e\u003ccode\u003e2fd0155\u003c/code\u003e\u003c/a\u003e use ioutil.Discard for go1.13 compatibility\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/ef6121f62c730110bf5ae604a865a8613bfb787f\"\u003e\u003ccode\u003eef6121f\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/241cec95b8f02919845dc4758f1f5310fc886739\"\u003e\u003ccode\u003e241cec9\u003c/code\u003e\u003c/a\u003e compare with signed Int for 32-bit Arm\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/21c38640c8c8f43173b17e5bc6690a5fa25d6935\"\u003e\u003ccode\u003e21c3864\u003c/code\u003e\u003c/a\u003e Add options to customize limits\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/acf9b456d06816c5cf23bf3892e13441f947d5fd\"\u003e\u003ccode\u003eacf9b45\u003c/code\u003e\u003c/a\u003e spdy: update godoc for MaxDataLength\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/eb6360582bf1343f485ca87b76efc9e72b49d690\"\u003e\u003ccode\u003eeb63605\u003c/code\u003e\u003c/a\u003e spdy: limit header-size and header-count\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/2f21da42eaab90f03a82fb03d0de8e91eb1d0fc6\"\u003e\u003ccode\u003e2f21da4\u003c/code\u003e\u003c/a\u003e spdy: fix header block byte accounting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/5976b6612f07a27f2e9a4de875485defb43b5d50\"\u003e\u003ccode\u003e5976b66\u003c/code\u003e\u003c/a\u003e spdy: enforce 24-bit frame length limits\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/cf0ec5d0fe4dbb2f3525f733946e0d0ddbfd5b13\"\u003e\u003ccode\u003ecf0ec5d\u003c/code\u003e\u003c/a\u003e Guard against oversized SPDY frames\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/moby/spdystream/compare/v0.5.0...v0.5.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/moby/spdystream\u0026package-manager=go_modules\u0026previous-version=0.5.0\u0026new-version=0.5.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/kubernetes-sigs/apiserver-network-proxy/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/kubernetes-sigs/apiserver-network-proxy/pull/827","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/kubernetes-sigs%2Fapiserver-network-proxy/issues/827","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/827/packages"},{"uuid":"4341574735","node_id":"PR_kwDORp3ETc7WQEH4","number":1,"state":"open","title":"Bump github.com/moby/spdystream from 0.5.0 to 0.5.1","user":"dependabot[bot]","labels":["dependencies","go"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-04-28T08:11:50.000Z","updated_at":"2026-04-28T08:12:11.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"github.com/moby/spdystream","old_version":"0.5.0","new_version":"0.5.1","repository_url":"https://github.com/moby/spdystream"}],"path":null,"ecosystem":"go"},"body":"Bumps [github.com/moby/spdystream](https://github.com/moby/spdystream) from 0.5.0 to 0.5.1.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/moby/spdystream/releases\"\u003egithub.com/moby/spdystream's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.5.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cp\u003eFix memory amplification in SPDY frame parsing leads to denial of service (\u003ca href=\"https://github.com/moby/spdystream/security/advisories/GHSA-pc3f-x583-g7j2\"\u003eCVE-2026-35469\u003c/a\u003e / \u003ca href=\"https://github.com/moby/spdystream/security/advisories/GHSA-pc3f-x583-g7j2\"\u003eGHSA-pc3f-x583-g7j2\u003c/a\u003e)\u003c/p\u003e\n\u003ch3\u003eChanges\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003espdy: fix duplicate license headers, add LICENSE, PATENTS, and update NOTICE \u003ca href=\"https://redirect.github.com/moby/spdystream/pull/106\"\u003emoby/spdystream#106\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: update actions and test against latest Go versions \u003ca href=\"https://redirect.github.com/moby/spdystream/pull/107\"\u003emoby/spdystream#107\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003euse ioutil.Discard for go1.13 compatibility \u003ca href=\"https://redirect.github.com/moby/spdystream/pull/109\"\u003emoby/spdystream#109\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/moby/spdystream/compare/v0.5.0...v0.5.1\"\u003ehttps://github.com/moby/spdystream/compare/v0.5.0...v0.5.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/c59e5d73daa301bde452ea77545bdf51e32554a2\"\u003e\u003ccode\u003ec59e5d7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/moby/spdystream/issues/109\"\u003e#109\u003c/a\u003e from thaJeztah/use_ioutil\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/2fd0155e904f1f9b834b8460e8fdb8522bb59f84\"\u003e\u003ccode\u003e2fd0155\u003c/code\u003e\u003c/a\u003e use ioutil.Discard for go1.13 compatibility\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/ef6121f62c730110bf5ae604a865a8613bfb787f\"\u003e\u003ccode\u003eef6121f\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/241cec95b8f02919845dc4758f1f5310fc886739\"\u003e\u003ccode\u003e241cec9\u003c/code\u003e\u003c/a\u003e compare with signed Int for 32-bit Arm\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/21c38640c8c8f43173b17e5bc6690a5fa25d6935\"\u003e\u003ccode\u003e21c3864\u003c/code\u003e\u003c/a\u003e Add options to customize limits\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/acf9b456d06816c5cf23bf3892e13441f947d5fd\"\u003e\u003ccode\u003eacf9b45\u003c/code\u003e\u003c/a\u003e spdy: update godoc for MaxDataLength\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/eb6360582bf1343f485ca87b76efc9e72b49d690\"\u003e\u003ccode\u003eeb63605\u003c/code\u003e\u003c/a\u003e spdy: limit header-size and header-count\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/2f21da42eaab90f03a82fb03d0de8e91eb1d0fc6\"\u003e\u003ccode\u003e2f21da4\u003c/code\u003e\u003c/a\u003e spdy: fix header block byte accounting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/5976b6612f07a27f2e9a4de875485defb43b5d50\"\u003e\u003ccode\u003e5976b66\u003c/code\u003e\u003c/a\u003e spdy: enforce 24-bit frame length limits\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/cf0ec5d0fe4dbb2f3525f733946e0d0ddbfd5b13\"\u003e\u003ccode\u003ecf0ec5d\u003c/code\u003e\u003c/a\u003e Guard against oversized SPDY frames\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/moby/spdystream/compare/v0.5.0...v0.5.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/moby/spdystream\u0026package-manager=go_modules\u0026previous-version=0.5.0\u0026new-version=0.5.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/alialobidm/kubectl/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/alialobidm/kubectl/pull/1","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/alialobidm%2Fkubectl/issues/1","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/1/packages"},{"uuid":"4329118832","node_id":"PR_kwDOOMU3Kc7Vo60l","number":233,"state":"open","title":"chore(deps): bump the go_modules group across 17 directories with 20 updates","user":"dependabot[bot]","labels":["dependencies","go"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-04-25T20:14:46.000Z","updated_at":"2026-04-25T20:14:50.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"go_modules","update_count":20,"packages":[{"name":"google.golang.org/grpc","old_version":"1.78.0","new_version":"1.79.3","repository_url":"https://github.com/grpc/grpc-go"},{"name":"github.com/buger/jsonparser","old_version":"1.1.1","new_version":"1.1.2","repository_url":"https://github.com/buger/jsonparser"},{"name":"github.com/docker/cli","old_version":"28.1.1+incompatible","new_version":"29.2.0+incompatible","repository_url":"https://github.com/docker/cli"},{"name":"github.com/go-jose/go-jose/v4","old_version":"4.1.3","new_version":"4.1.4","repository_url":"https://github.com/go-jose/go-jose"},{"name":"github.com/moby/spdystream","old_version":"0.5.0","new_version":"0.5.1","repository_url":"https://github.com/moby/spdystream"}],"path":null,"ecosystem":"go"},"body":"Bumps the go_modules group with 5 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [google.golang.org/grpc](https://github.com/grpc/grpc-go) | `1.78.0` | `1.79.3` |\n| [github.com/buger/jsonparser](https://github.com/buger/jsonparser) | `1.1.1` | `1.1.2` |\n| [github.com/docker/cli](https://github.com/docker/cli) | `28.1.1+incompatible` | `29.2.0+incompatible` |\n| [github.com/go-jose/go-jose/v4](https://github.com/go-jose/go-jose) | `4.1.3` | `4.1.4` |\n| [github.com/moby/spdystream](https://github.com/moby/spdystream) | `0.5.0` | `0.5.1` |\n\nBumps the go_modules group with 7 updates in the /hgctl directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [google.golang.org/grpc](https://github.com/grpc/grpc-go) | `1.78.0` | `1.79.3` |\n| [github.com/go-jose/go-jose/v4](https://github.com/go-jose/go-jose) | `4.1.3` | `4.1.4` |\n| [github.com/moby/spdystream](https://github.com/moby/spdystream) | `0.5.0` | `0.5.1` |\n| [helm.sh/helm/v3](https://github.com/helm/helm) | `3.18.5` | `3.20.2` |\n| [github.com/getkin/kin-openapi](https://github.com/getkin/kin-openapi) | `0.118.0` | `0.131.0` |\n| [github.com/opencontainers/runc](https://github.com/opencontainers/runc) | `1.1.9` | `1.2.8` |\n| [go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp](https://github.com/open-telemetry/opentelemetry-go) | `1.38.0` | `1.43.0` |\n\nBumps the go_modules group with 5 updates in the /plugins/golang-filter directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [golang.org/x/net](https://github.com/golang/net) | `0.34.0` | `0.38.0` |\n| [google.golang.org/grpc](https://github.com/grpc/grpc-go) | `1.59.0` | `1.79.3` |\n| [github.com/buger/jsonparser](https://github.com/buger/jsonparser) | `1.1.1` | `1.1.2` |\n| [github.com/ClickHouse/ch-go](https://github.com/ClickHouse/ch-go) | `0.61.5` | `0.65.0` |\n| [github.com/jackc/pgx/v5](https://github.com/jackc/pgx) | `5.5.5` | `5.9.2` |\n\nBumps the go_modules group with 2 updates in the /plugins/golang-filter/mcp-server/servers/higress/nginx-migration directory: [golang.org/x/net](https://github.com/golang/net) and [github.com/envoyproxy/envoy](https://github.com/envoyproxy/envoy).\nBumps the go_modules group with 1 update in the /plugins/wasm-go/extensions/ai-search directory: [github.com/antchfx/xpath](https://github.com/antchfx/xpath).\nBumps the go_modules group with 2 updates in the /plugins/wasm-go/extensions/jsonrpc-converter directory: [github.com/buger/jsonparser](https://github.com/buger/jsonparser) and [golang.org/x/crypto](https://github.com/golang/crypto).\nBumps the go_modules group with 1 update in the /plugins/wasm-go/extensions/jwt-auth directory: [golang.org/x/crypto](https://github.com/golang/crypto).\nBumps the go_modules group with 2 updates in the /plugins/wasm-go/extensions/mcp-router directory: [github.com/buger/jsonparser](https://github.com/buger/jsonparser) and [golang.org/x/crypto](https://github.com/golang/crypto).\nBumps the go_modules group with 2 updates in the /plugins/wasm-go/extensions/mcp-server directory: [github.com/buger/jsonparser](https://github.com/buger/jsonparser) and [golang.org/x/crypto](https://github.com/golang/crypto).\nBumps the go_modules group with 2 updates in the /plugins/wasm-go/extensions/oidc directory: [github.com/go-jose/go-jose/v4](https://github.com/go-jose/go-jose) and [golang.org/x/crypto](https://github.com/golang/crypto).\nBumps the go_modules group with 1 update in the /plugins/wasm-go/extensions/waf directory: [golang.org/x/net](https://github.com/golang/net).\nBumps the go_modules group with 2 updates in the /plugins/wasm-go/mcp-servers/amap-tools directory: [github.com/buger/jsonparser](https://github.com/buger/jsonparser) and [golang.org/x/crypto](https://github.com/golang/crypto).\nBumps the go_modules group with 2 updates in the /plugins/wasm-go/mcp-servers/quark-search directory: [github.com/buger/jsonparser](https://github.com/buger/jsonparser) and [golang.org/x/crypto](https://github.com/golang/crypto).\nBumps the go_modules group with 2 updates in the /plugins/wasm-go/pkg/mcp directory: [github.com/buger/jsonparser](https://github.com/buger/jsonparser) and [golang.org/x/crypto](https://github.com/golang/crypto).\nBumps the go_modules group with 1 update in the /tools/src/controller-gen directory: [golang.org/x/net](https://github.com/golang/net).\nBumps the go_modules group with 1 update in the /tools/src/golangci-lint directory: [github.com/sirupsen/logrus](https://github.com/sirupsen/logrus).\nBumps the go_modules group with 2 updates in the /tools/src/kustomize directory: [golang.org/x/net](https://github.com/golang/net) and [github.com/ulikunitz/xz](https://github.com/ulikunitz/xz).\n\nUpdates `google.golang.org/grpc` from 1.78.0 to 1.79.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/grpc/grpc-go/releases\"\u003egoogle.golang.org/grpc's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRelease 1.79.3\u003c/h2\u003e\n\u003ch1\u003eSecurity\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eserver: fix an authorization bypass where malformed :path headers (missing the leading slash) could bypass path-based restricted \u0026quot;deny\u0026quot; rules in interceptors like \u003ccode\u003egrpc/authz\u003c/code\u003e. Any request with a non-canonical path is now immediately rejected with an \u003ccode\u003eUnimplemented\u003c/code\u003e error. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8981\"\u003e#8981\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eRelease 1.79.2\u003c/h2\u003e\n\u003ch1\u003eBug Fixes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003estats: Prevent redundant error logging in health/ORCA producers by skipping stats/tracing processing when no stats handler is configured. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/pull/8874\"\u003egrpc/grpc-go#8874\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eRelease 1.79.1\u003c/h2\u003e\n\u003ch1\u003eBug Fixes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003egrpc: Remove the \u003ccode\u003e-dev\u003c/code\u003e suffix from the User-Agent header. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/pull/8902\"\u003egrpc/grpc-go#8902\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eRelease 1.79.0\u003c/h2\u003e\n\u003ch1\u003eAPI Changes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003emem: Add experimental API \u003ccode\u003eSetDefaultBufferPool\u003c/code\u003e to change the default buffer pool. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8806\"\u003e#8806\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eSpecial Thanks: \u003ca href=\"https://github.com/vanja-p\"\u003e\u003ccode\u003e@​vanja-p\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eexperimental/stats: Update \u003ccode\u003eMetricsRecorder\u003c/code\u003e to require embedding the new \u003ccode\u003eUnimplementedMetricsRecorder\u003c/code\u003e (a no-op struct) in all implementations for forward compatibility. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8780\"\u003e#8780\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eBehavior Changes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003ebalancer/weightedtarget: Remove handling of \u003ccode\u003eAddresses\u003c/code\u003e and only handle \u003ccode\u003eEndpoints\u003c/code\u003e in resolver updates. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8841\"\u003e#8841\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eNew Features\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eexperimental/stats: Add support for asynchronous gauge metrics through the new \u003ccode\u003eAsyncMetricReporter\u003c/code\u003e and \u003ccode\u003eRegisterAsyncReporter\u003c/code\u003e APIs. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8780\"\u003e#8780\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003epickfirst: Add support for weighted random shuffling of endpoints, as described in \u003ca href=\"https://redirect.github.com/grpc/proposal/pull/535\"\u003egRFC A113\u003c/a\u003e.\n\u003cul\u003e\n\u003cli\u003eThis is enabled by default, and can be turned off using the environment variable \u003ccode\u003eGRPC_EXPERIMENTAL_PF_WEIGHTED_SHUFFLING\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8864\"\u003e#8864\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003exds: Implement \u003ccode\u003e:authority\u003c/code\u003e rewriting, as specified in \u003ca href=\"https://github.com/grpc/proposal/blob/master/A81-xds-authority-rewriting.md\"\u003egRFC A81\u003c/a\u003e. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8779\"\u003e#8779\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ebalancer/randomsubsetting: Implement the \u003ccode\u003erandom_subsetting\u003c/code\u003e LB policy, as specified in \u003ca href=\"https://github.com/grpc/proposal/blob/master/A68-random-subsetting.md\"\u003egRFC A68\u003c/a\u003e. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8650\"\u003e#8650\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eSpecial Thanks: \u003ca href=\"https://github.com/marek-szews\"\u003e\u003ccode\u003e@​marek-szews\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eBug Fixes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003ecredentials/tls: Fix a bug where the port was not stripped from the authority override before validation. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8726\"\u003e#8726\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eSpecial Thanks: \u003ca href=\"https://github.com/Atul1710\"\u003e\u003ccode\u003e@​Atul1710\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003exds/priority: Fix a bug causing delayed failover to lower-priority clusters when a higher-priority cluster is stuck in \u003ccode\u003eCONNECTING\u003c/code\u003e state. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8813\"\u003e#8813\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ehealth: Fix a bug where health checks failed for clients using legacy compression options (\u003ccode\u003eWithDecompressor\u003c/code\u003e or \u003ccode\u003eRPCDecompressor\u003c/code\u003e). (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8765\"\u003e#8765\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eSpecial Thanks: \u003ca href=\"https://github.com/sanki92\"\u003e\u003ccode\u003e@​sanki92\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003etransport: Fix an issue where the HTTP/2 server could skip header size checks when terminating a stream early. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8769\"\u003e#8769\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eSpecial Thanks: \u003ca href=\"https://github.com/joybestourous\"\u003e\u003ccode\u003e@​joybestourous\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eserver: Propagate status detail headers, if available, when terminating a stream during request header processing. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8754\"\u003e#8754\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eSpecial Thanks: \u003ca href=\"https://github.com/joybestourous\"\u003e\u003ccode\u003e@​joybestourous\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003ePerformance Improvements\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003ecredentials/alts: Optimize read buffer alignment to reduce copies. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8791\"\u003e#8791\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003emem: Optimize pooling and creation of \u003ccode\u003ebuffer\u003c/code\u003e objects.  (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8784\"\u003e#8784\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003etransport: Reduce slice re-allocations by reserving slice capacity. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8797\"\u003e#8797\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/dda86dbd9cecb8b35b58c73d507d81d67761205f\"\u003e\u003ccode\u003edda86db\u003c/code\u003e\u003c/a\u003e Change version to 1.79.3 (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8983\"\u003e#8983\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/72186f163e75a065c39e6f7df9b6dea07fbdeff5\"\u003e\u003ccode\u003e72186f1\u003c/code\u003e\u003c/a\u003e grpc: enforce strict path checking for incoming requests on the server (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8981\"\u003e#8981\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/97ca3522b239edf6813e2b1106924e9d55e89d43\"\u003e\u003ccode\u003e97ca352\u003c/code\u003e\u003c/a\u003e Changing version to 1.79.3-dev (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8954\"\u003e#8954\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/8902ab6efea590f5b3861126559eaa26fa9783b2\"\u003e\u003ccode\u003e8902ab6\u003c/code\u003e\u003c/a\u003e Change the version to release 1.79.2 (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8947\"\u003e#8947\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/a9286705aa689bee321ec674323b6896284f3e02\"\u003e\u003ccode\u003ea928670\u003c/code\u003e\u003c/a\u003e Cherry-pick \u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8874\"\u003e#8874\u003c/a\u003e to v1.79.x (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8904\"\u003e#8904\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/06df3638c0bcee88197b1033b3ba83e1eb8bc010\"\u003e\u003ccode\u003e06df363\u003c/code\u003e\u003c/a\u003e Change version to 1.79.2-dev (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8903\"\u003e#8903\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/782f2de44f597af18a120527e7682a6670d84289\"\u003e\u003ccode\u003e782f2de\u003c/code\u003e\u003c/a\u003e Change version to 1.79.1 (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8902\"\u003e#8902\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/850eccbb2257bd2de6ac28ee88a7172ab6175629\"\u003e\u003ccode\u003e850eccb\u003c/code\u003e\u003c/a\u003e Change version to 1.79.1-dev (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8851\"\u003e#8851\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/765ff056b6890f6c8341894df4e9668e9bfc18ef\"\u003e\u003ccode\u003e765ff05\u003c/code\u003e\u003c/a\u003e Change version to 1.79.0 (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8850\"\u003e#8850\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/68804be0e78ed0365bb5a576dedc12e2168ed63e\"\u003e\u003ccode\u003e68804be\u003c/code\u003e\u003c/a\u003e Cherry pick \u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8864\"\u003e#8864\u003c/a\u003e to v1.79.x (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8896\"\u003e#8896\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/grpc/grpc-go/compare/v1.78.0...v1.79.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/buger/jsonparser` from 1.1.1 to 1.1.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/buger/jsonparser/releases\"\u003egithub.com/buger/jsonparser's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.1.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdated travis to build for 1.13 to 1.15 by \u003ca href=\"https://github.com/janreggie\"\u003e\u003ccode\u003e@​janreggie\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/buger/jsonparser/pull/225\"\u003ebuger/jsonparser#225\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\n\u003cul\u003e\n\u003cli\u003eeliminate 2 allocations in EachKey() by \u003ca href=\"https://github.com/Villenny\"\u003e\u003ccode\u003e@​Villenny\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/buger/jsonparser/pull/223\"\u003ebuger/jsonparser#223\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003efix issue \u003ca href=\"https://redirect.github.com/buger/jsonparser/issues/150\"\u003e#150\u003c/a\u003e (in deleting case) by \u003ca href=\"https://github.com/daria-kay\"\u003e\u003ccode\u003e@​daria-kay\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/buger/jsonparser/pull/226\"\u003ebuger/jsonparser#226\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efixing the oss-fuzz issue by \u003ca href=\"https://github.com/daria-kay\"\u003e\u003ccode\u003e@​daria-kay\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/buger/jsonparser/pull/227\"\u003ebuger/jsonparser#227\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix parseInt overflow check false negative by \u003ca href=\"https://github.com/carsonip\"\u003e\u003ccode\u003e@​carsonip\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/buger/jsonparser/pull/231\"\u003ebuger/jsonparser#231\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded bespoke error for null cases by \u003ca href=\"https://github.com/jonomacd\"\u003e\u003ccode\u003e@​jonomacd\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/buger/jsonparser/pull/228\"\u003ebuger/jsonparser#228\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFuzzing: Add CIFuzz by \u003ca href=\"https://github.com/AdamKorcz\"\u003e\u003ccode\u003e@​AdamKorcz\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/buger/jsonparser/pull/239\"\u003ebuger/jsonparser#239\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded latest versions of go to tests by \u003ca href=\"https://github.com/moredure\"\u003e\u003ccode\u003e@​moredure\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/buger/jsonparser/pull/244\"\u003ebuger/jsonparser#244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix EachKey pIdxFlags allocation by \u003ca href=\"https://github.com/unxcepted\"\u003e\u003ccode\u003e@​unxcepted\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/buger/jsonparser/pull/241\"\u003ebuger/jsonparser#241\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: prevent panic on negative slice index in Delete with malformed JSON (GO-2026-4514) by \u003ca href=\"https://github.com/dbarrosop\"\u003e\u003ccode\u003e@​dbarrosop\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/buger/jsonparser/pull/276\"\u003ebuger/jsonparser#276\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/janreggie\"\u003e\u003ccode\u003e@​janreggie\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/buger/jsonparser/pull/225\"\u003ebuger/jsonparser#225\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Villenny\"\u003e\u003ccode\u003e@​Villenny\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/buger/jsonparser/pull/223\"\u003ebuger/jsonparser#223\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/daria-kay\"\u003e\u003ccode\u003e@​daria-kay\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/buger/jsonparser/pull/226\"\u003ebuger/jsonparser#226\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/carsonip\"\u003e\u003ccode\u003e@​carsonip\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/buger/jsonparser/pull/231\"\u003ebuger/jsonparser#231\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jonomacd\"\u003e\u003ccode\u003e@​jonomacd\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/buger/jsonparser/pull/228\"\u003ebuger/jsonparser#228\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moredure\"\u003e\u003ccode\u003e@​moredure\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/buger/jsonparser/pull/244\"\u003ebuger/jsonparser#244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/unxcepted\"\u003e\u003ccode\u003e@​unxcepted\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/buger/jsonparser/pull/241\"\u003ebuger/jsonparser#241\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dbarrosop\"\u003e\u003ccode\u003e@​dbarrosop\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/buger/jsonparser/pull/276\"\u003ebuger/jsonparser#276\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/buger/jsonparser/compare/v1.1.1...v1.1.2\"\u003ehttps://github.com/buger/jsonparser/compare/v1.1.1...v1.1.2\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/buger/jsonparser/commit/a69e7e01cd4ad67bdfd3ac2c080b9212af16f4b0\"\u003e\u003ccode\u003ea69e7e0\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/buger/jsonparser/issues/276\"\u003e#276\u003c/a\u003e from dbarrosop/master\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/buger/jsonparser/commit/d3eacc0bab779d6cf98221f5268828fff287876e\"\u003e\u003ccode\u003ed3eacc0\u003c/code\u003e\u003c/a\u003e fix: prevent panic on negative slice index in Delete with malformed JSON (GO-...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/buger/jsonparser/commit/61b32cfdfa0f5d368ef7c7daef28ce12d538740f\"\u003e\u003ccode\u003e61b32cf\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/buger/jsonparser/issues/241\"\u003e#241\u003c/a\u003e from unxcepted/master\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/buger/jsonparser/commit/2181e8398f18397c9cacbaea9889314bb585e868\"\u003e\u003ccode\u003e2181e83\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/buger/jsonparser/issues/244\"\u003e#244\u003c/a\u003e from ScaleChamp/patch-2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/buger/jsonparser/commit/1510b5194182fc2fb898f28cdbceb42fd7258bfa\"\u003e\u003ccode\u003e1510b51\u003c/code\u003e\u003c/a\u003e Added latest versions of go to tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/buger/jsonparser/commit/6fc2e488ed3cc4f1f1debec3b0c70715bd7be6fd\"\u003e\u003ccode\u003e6fc2e48\u003c/code\u003e\u003c/a\u003e fix: eachkey allocation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/buger/jsonparser/commit/a6f867eb7787e4ec54536b77b5d628ddf5c4f73d\"\u003e\u003ccode\u003ea6f867e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/buger/jsonparser/issues/239\"\u003e#239\u003c/a\u003e from AdamKorcz/cifuzz1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/buger/jsonparser/commit/cbc01fdbbe131706e89eeaaf0cd917760d8d3949\"\u003e\u003ccode\u003ecbc01fd\u003c/code\u003e\u003c/a\u003e Fuzzing: Add CIFuzz\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/buger/jsonparser/commit/dc92d6932a1272b4d8f485f798a88c3a75106256\"\u003e\u003ccode\u003edc92d69\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/buger/jsonparser/issues/228\"\u003e#228\u003c/a\u003e from jonomacd/null-handling\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/buger/jsonparser/commit/2d9d6343e8621ddc18c70749663f74bc584c0de4\"\u003e\u003ccode\u003e2d9d634\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/buger/jsonparser/issues/231\"\u003e#231\u003c/a\u003e from carsonip/fix-parseint-overflow-check\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/buger/jsonparser/compare/v1.1.1...v1.1.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/docker/cli` from 28.1.1+incompatible to 29.2.0+incompatible\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/cli/commit/0b9d1985dbf919678745f122b12b46f730b97d87\"\u003e\u003ccode\u003e0b9d198\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/cli/issues/6764\"\u003e#6764\u003c/a\u003e from vvoland/update-docker\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/cli/commit/9c9ec7358833bb3e5622a166673744fca7fefac4\"\u003e\u003ccode\u003e9c9ec73\u003c/code\u003e\u003c/a\u003e vendor: github.com/moby/moby/client v0.2.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/cli/commit/bab3e81e1d8874a2d4f26afc02225ee537d0b15d\"\u003e\u003ccode\u003ebab3e81\u003c/code\u003e\u003c/a\u003e vendor: github.com/moby/moby/api v1.53.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/cli/commit/2e64fc162ab632a530f7191cc6af65c22356ea0d\"\u003e\u003ccode\u003e2e64fc1\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/cli/issues/6367\"\u003e#6367\u003c/a\u003e from thaJeztah/template_slicejoin\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/cli/commit/1f2ba2ac9d8c92870f7cce89dfa17d89d3375c19\"\u003e\u003ccode\u003e1f2ba2a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/cli/issues/6760\"\u003e#6760\u003c/a\u003e from thaJeztah/container_create_fix_error\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/cli/commit/e34a3422cc32c808d2e8b0e0ef51112d53fa896d\"\u003e\u003ccode\u003ee34a342\u003c/code\u003e\u003c/a\u003e templates: make \u0026quot;join\u0026quot; work with non-string slices and map values\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/cli/commit/a86356d42f918968579e670b51bc85dc45982a33\"\u003e\u003ccode\u003ea86356d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/cli/issues/6763\"\u003e#6763\u003c/a\u003e from thaJeztah/bump_mapstructure\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/cli/commit/771660a17e56116eb32677a6d83c5210e5092194\"\u003e\u003ccode\u003e771660a\u003c/code\u003e\u003c/a\u003e vendor: github.com/go-viper/mapstructure/v2 v2.5.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/cli/commit/9cff36b35a828be8d137bc5de4983b7e3fef1614\"\u003e\u003ccode\u003e9cff36b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/cli/issues/6762\"\u003e#6762\u003c/a\u003e from thaJeztah/bump_x_deps\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/cli/commit/08ed2bc6e8bc49ad988ecd44633620a48fb10967\"\u003e\u003ccode\u003e08ed2bc\u003c/code\u003e\u003c/a\u003e cli/command/container: make injecting config.json failures a warning\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/docker/cli/compare/v28.1.1...v29.2.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/go-jose/go-jose/v4` from 4.1.3 to 4.1.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/go-jose/go-jose/releases\"\u003egithub.com/go-jose/go-jose/v4's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.1.4\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cp\u003eFixes Panic in JWE decryption. See \u003ca href=\"https://github.com/go-jose/go-jose/security/advisories/GHSA-78h2-9frx-2jm8\"\u003ehttps://github.com/go-jose/go-jose/security/advisories/GHSA-78h2-9frx-2jm8\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/go-jose/go-jose/compare/v4.1.3...v4.1.4\"\u003ehttps://github.com/go-jose/go-jose/compare/v4.1.3...v4.1.4\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-jose/go-jose/commit/0e59876635f3dbf46d7b5e97b52bb75a3f96e7d9\"\u003e\u003ccode\u003e0e59876\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-jose/go-jose/commit/ddffdbcec8bdadea8e02a20bdf19239878228215\"\u003e\u003ccode\u003eddffdbc\u003c/code\u003e\u003c/a\u003e Bump actions/checkout from 5 to 6 (\u003ca href=\"https://redirect.github.com/go-jose/go-jose/issues/213\"\u003e#213\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/go-jose/go-jose/compare/v4.1.3...v4.1.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/moby/spdystream` from 0.5.0 to 0.5.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/moby/spdystream/releases\"\u003egithub.com/moby/spdystream's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.5.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cp\u003eFix memory amplification in SPDY frame parsing leads to denial of service (\u003ca href=\"https://github.com/moby/spdystream/security/advisories/GHSA-pc3f-x583-g7j2\"\u003eCVE-2026-35469\u003c/a\u003e / \u003ca href=\"https://github.com/moby/spdystream/security/advisories/GHSA-pc3f-x583-g7j2\"\u003eGHSA-pc3f-x583-g7j2\u003c/a\u003e)\u003c/p\u003e\n\u003ch3\u003eChanges\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003espdy: fix duplicate license headers, add LICENSE, PATENTS, and update NOTICE \u003ca href=\"https://redirect.github.com/moby/spdystream/pull/106\"\u003emoby/spdystream#106\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: update actions and test against latest Go versions \u003ca href=\"https://redirect.github.com/moby/spdystream/pull/107\"\u003emoby/spdystream#107\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003euse ioutil.Discard for go1.13 compatibility \u003ca href=\"https://redirect.github.com/moby/spdystream/pull/109\"\u003emoby/spdystream#109\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/moby/spdystream/compare/v0.5.0...v0.5.1\"\u003ehttps://github.com/moby/spdystream/compare/v0.5.0...v0.5.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/c59e5d73daa301bde452ea77545bdf51e32554a2\"\u003e\u003ccode\u003ec59e5d7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/moby/spdystream/issues/109\"\u003e#109\u003c/a\u003e from thaJeztah/use_ioutil\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/2fd0155e904f1f9b834b8460e8fdb8522bb59f84\"\u003e\u003ccode\u003e2fd0155\u003c/code\u003e\u003c/a\u003e use ioutil.Discard for go1.13 compatibility\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/ef6121f62c730110bf5ae604a865a8613bfb787f\"\u003e\u003ccode\u003eef6121f\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/241cec95b8f02919845dc4758f1f5310fc886739\"\u003e\u003ccode\u003e241cec9\u003c/code\u003e\u003c/a\u003e compare with signed Int for 32-bit Arm\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/21c38640c8c8f43173b17e5bc6690a5fa25d6935\"\u003e\u003ccode\u003e21c3864\u003c/code\u003e\u003c/a\u003e Add options to customize limits\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/acf9b456d06816c5cf23bf3892e13441f947d5fd\"\u003e\u003ccode\u003eacf9b45\u003c/code\u003e\u003c/a\u003e spdy: update godoc for MaxDataLength\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/eb6360582bf1343f485ca87b76efc9e72b49d690\"\u003e\u003ccode\u003eeb63605\u003c/code\u003e\u003c/a\u003e spdy: limit header-size and header-count\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/2f21da42eaab90f03a82fb03d0de8e91eb1d0fc6\"\u003e\u003ccode\u003e2f21da4\u003c/code\u003e\u003c/a\u003e spdy: fix header block byte accounting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/5976b6612f07a27f2e9a4de875485defb43b5d50\"\u003e\u003ccode\u003e5976b66\u003c/code\u003e\u003c/a\u003e spdy: enforce 24-bit frame length limits\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/cf0ec5d0fe4dbb2f3525f733946e0d0ddbfd5b13\"\u003e\u003ccode\u003ecf0ec5d\u003c/code\u003e\u003c/a\u003e Guard against oversized SPDY frames\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/moby/spdystream/compare/v0.5.0...v0.5.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `go.opentelemetry.io/otel` from 1.38.0 to 1.39.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md\"\u003ego.opentelemetry.io/otel's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[1.39.0/0.61.0/0.15.0/0.0.14] 2025-12-05\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eGreatly reduce the cost of recording metrics in \u003ccode\u003ego.opentelemetry.io/otel/sdk/metric\u003c/code\u003e using hashing for map keys. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7175\"\u003e#7175\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eWithInstrumentationAttributeSet\u003c/code\u003e option to \u003ccode\u003ego.opentelemetry.io/otel/log\u003c/code\u003e, \u003ccode\u003ego.opentelemetry.io/otel/metric\u003c/code\u003e, and \u003ccode\u003ego.opentelemetry.io/otel/trace\u003c/code\u003e packages.\nThis provides a concurrent-safe and performant alternative to \u003ccode\u003eWithInstrumentationAttributes\u003c/code\u003e by accepting a pre-constructed \u003ccode\u003eattribute.Set\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7287\"\u003e#7287\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd experimental observability for the Prometheus exporter in \u003ccode\u003ego.opentelemetry.io/otel/exporters/prometheus\u003c/code\u003e.\nCheck the \u003ccode\u003ego.opentelemetry.io/otel/exporters/prometheus/internal/x\u003c/code\u003e package documentation for more information. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7345\"\u003e#7345\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd experimental observability metrics in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7353\"\u003e#7353\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd temporality selector functions \u003ccode\u003eDeltaTemporalitySelector\u003c/code\u003e, \u003ccode\u003eCumulativeTemporalitySelector\u003c/code\u003e, \u003ccode\u003eLowMemoryTemporalitySelector\u003c/code\u003e to \u003ccode\u003ego.opentelemetry.io/otel/sdk/metric\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7434\"\u003e#7434\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd experimental observability metrics for simple log processor in \u003ccode\u003ego.opentelemetry.io/otel/sdk/log\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7548\"\u003e#7548\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd experimental observability metrics in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7459\"\u003e#7459\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd experimental observability metrics in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7486\"\u003e#7486\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd experimental observability metrics for simple span processor in \u003ccode\u003ego.opentelemetry.io/otel/sdk/trace\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7374\"\u003e#7374\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd experimental observability metrics in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7512\"\u003e#7512\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd experimental observability metrics for manual reader in \u003ccode\u003ego.opentelemetry.io/otel/sdk/metric\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7524\"\u003e#7524\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd experimental observability metrics for periodic reader in \u003ccode\u003ego.opentelemetry.io/otel/sdk/metric\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7571\"\u003e#7571\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport \u003ccode\u003eOTEL_EXPORTER_OTLP_LOGS_INSECURE\u003c/code\u003e and \u003ccode\u003eOTEL_EXPORTER_OTLP_INSECURE\u003c/code\u003e environmental variables in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7608\"\u003e#7608\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eEnabled\u003c/code\u003e method to the \u003ccode\u003eProcessor\u003c/code\u003e interface in \u003ccode\u003ego.opentelemetry.io/otel/sdk/log\u003c/code\u003e.\nAll \u003ccode\u003eProcessor\u003c/code\u003e implementations now include an \u003ccode\u003eEnabled\u003c/code\u003e method. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7639\"\u003e#7639\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003ego.opentelemetry.io/otel/semconv/v1.38.0\u003c/code\u003e package.\nThe package contains semantic conventions from the \u003ccode\u003ev1.38.0\u003c/code\u003e version of the OpenTelemetry Semantic Conventions.\nSee the \u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/blob/main/semconv/v1.38.0/MIGRATION.md\"\u003emigration documentation\u003c/a\u003e for information on how to upgrade from \u003ccode\u003ego.opentelemetry.io/otel/semconv/v1.37.0.\u003c/code\u003e(\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7648\"\u003e#7648\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eDistinct\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/attribute\u003c/code\u003e is no longer guaranteed to uniquely identify an attribute set.\nCollisions between \u003ccode\u003eDistinct\u003c/code\u003e values for different Sets are possible with extremely high cardinality (billions of series per instrument), but are highly unlikely. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7175\"\u003e#7175\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eWithInstrumentationAttributes\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/trace\u003c/code\u003e synchronously de-duplicates the passed attributes instead of delegating it to the returned \u003ccode\u003eTracerOption\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7266\"\u003e#7266\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eWithInstrumentationAttributes\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/meter\u003c/code\u003e synchronously de-duplicates the passed attributes instead of delegating it to the returned \u003ccode\u003eMeterOption\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7266\"\u003e#7266\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eWithInstrumentationAttributes\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/log\u003c/code\u003e synchronously de-duplicates the passed attributes instead of delegating it to the returned \u003ccode\u003eLoggerOption\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7266\"\u003e#7266\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRename the \u003ccode\u003eOTEL_GO_X_SELF_OBSERVABILITY\u003c/code\u003e environment variable to \u003ccode\u003eOTEL_GO_X_OBSERVABILITY\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/sdk/trace\u003c/code\u003e, \u003ccode\u003ego.opentelemetry.io/otel/sdk/log\u003c/code\u003e, and \u003ccode\u003ego.opentelemetry.io/otel/exporters/stdout/stdouttrace\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7302\"\u003e#7302\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImprove performance of histogram \u003ccode\u003eRecord\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/sdk/metric\u003c/code\u003e when min and max are disabled using \u003ccode\u003eNoMinMax\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7306\"\u003e#7306\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImprove error handling for dropped data during translation by using \u003ccode\u003eprometheus.NewInvalidMetric\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/exporters/prometheus\u003c/code\u003e.\n⚠️ \u003cstrong\u003eBreaking Change:\u003c/strong\u003e Previously, these cases were only logged and scrapes succeeded.\nNow, when translation would drop data (e.g., invalid label/value), the exporter emits a \u003ccode\u003eNewInvalidMetric\u003c/code\u003e, and Prometheus scrapes \u003cstrong\u003efail with HTTP 500\u003c/strong\u003e by default.\nTo preserve the prior behavior (scrapes succeed while errors are logged), configure your Prometheus HTTP handler with: \u003ccode\u003epromhttp.HandlerOpts{ ErrorHandling: promhttp.ContinueOnError }\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7363\"\u003e#7363\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReplace fnv hash with xxhash in \u003ccode\u003ego.opentelemetry.io/otel/attribute\u003c/code\u003e for better performance. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7371\"\u003e#7371\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eThe default \u003ccode\u003eTranslationStrategy\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/exporters/prometheus\u003c/code\u003e is changed from \u003ccode\u003eotlptranslator.NoUTF8EscapingWithSuffixes\u003c/code\u003e to \u003ccode\u003eotlptranslator.UnderscoreEscapingWithSuffixes\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7421\"\u003e#7421\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImprove performance of concurrent measurements in \u003ccode\u003ego.opentelemetry.io/otel/sdk/metric\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7427\"\u003e#7427\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eInclude W3C TraceFlags (bits 0–7) in the OTLP \u003ccode\u003eSpan.Flags\u003c/code\u003e field in \u003ccode\u003ego.opentelemetry.io/exporters/otlp/otlptrace/otlptracehttp\u003c/code\u003e and \u003ccode\u003ego.opentelemetry.io/exporters/otlp/otlptrace/otlptracegrpc\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7438\"\u003e#7438\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003eErrorType\u003c/code\u003e function in \u003ccode\u003ego.opentelemetry.io/otel/semconv/v1.37.0\u003c/code\u003e now handles custom error types.\nIf an error implements an \u003ccode\u003eErrorType() string\u003c/code\u003e method, the return value of that method will be used as the error type. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7442\"\u003e#7442\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003eWithInstrumentationAttributes\u003c/code\u003e options in \u003ccode\u003ego.opentelemetry.io/otel/trace\u003c/code\u003e, \u003ccode\u003ego.opentelemetry.io/otel/metric\u003c/code\u003e, and \u003ccode\u003ego.opentelemetry.io/otel/log\u003c/code\u003e to properly merge attributes when passed multiple times instead of replacing them.\nAttributes with duplicate keys will use the last value passed. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7300\"\u003e#7300\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eThe equality of \u003ccode\u003eattribute.Set\u003c/code\u003e when using the \u003ccode\u003eEqual\u003c/code\u003e method is not affected by the user overriding the empty set pointed to by \u003ccode\u003eattribute.EmptySet\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/attribute\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7357\"\u003e#7357\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/6ce14298b9d58647295280560205307768400496\"\u003e\u003ccode\u003e6ce1429\u003c/code\u003e\u003c/a\u003e Release v1.39.0 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7676\"\u003e#7676\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/12e421a7061c1ab5c25a1851ca168e1c3ac11bbb\"\u003e\u003ccode\u003e12e421a\u003c/code\u003e\u003c/a\u003e sdk/log: move Enabled method from FilterProcessor to Processor (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7639\"\u003e#7639\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/5982f16d244fafebffcfc92b4673dbeb565b4e7b\"\u003e\u003ccode\u003e5982f16\u003c/code\u003e\u003c/a\u003e fix(deps): update module golang.org/x/sys to v0.39.0 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7684\"\u003e#7684\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/928837830da34dea636b48a468149d480cc41058\"\u003e\u003ccode\u003e9288378\u003c/code\u003e\u003c/a\u003e chore(deps): update module golang.org/x/sync to v0.19.0 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7683\"\u003e#7683\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/ee3dfef45d9462e209d92e0651a58d2417c1305f\"\u003e\u003ccode\u003eee3dfef\u003c/code\u003e\u003c/a\u003e chore(deps): update github.com/securego/gosec/v2 digest to 41f28e2 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7682\"\u003e#7682\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/9345d1f64d874fa8df5f6ca4e14acaeb44532cd3\"\u003e\u003ccode\u003e9345d1f\u003c/code\u003e\u003c/a\u003e fix(deps): update module github.com/golangci/golangci-lint/v2 to v2.7.2 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7680\"\u003e#7680\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/d03b03395dc9436d79d5ba7b5ea77053b18a9915\"\u003e\u003ccode\u003ed03b033\u003c/code\u003e\u003c/a\u003e Check context prior to delaying retry in OTLP exporters (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7678\"\u003e#7678\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/61765e78a620994b5922e34e776e029da1a2b983\"\u003e\u003ccode\u003e61765e7\u003c/code\u003e\u003c/a\u003e Fix flaky \u003ccode\u003eTestClientInstrumentation\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7677\"\u003e#7677\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/a54721cc8052fcd497d6f637a463d1aba787012c\"\u003e\u003ccode\u003ea54721c\u003c/code\u003e\u003c/a\u003e chore(deps): update module github.com/go-git/go-billy/v5 to v5.7.0 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7679\"\u003e#7679\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/746d0860d70bb9c1e875afe1c7e41e9060387d46\"\u003e\u003ccode\u003e746d086\u003c/code\u003e\u003c/a\u003e chore(deps): update github/codeql-action action to v4.31.7 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7675\"\u003e#7675\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/compare/v1.38.0...v1.39.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `go.opentelemetry.io/otel/sdk` from 1.38.0 to 1.39.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md\"\u003ego.opentelemetry.io/otel/sdk's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[1.39.0/0.61.0/0.15.0/0.0.14] 2025-12-05\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eGreatly reduce the cost of recording metrics in \u003ccode\u003ego.opentelemetry.io/otel/sdk/metric\u003c/code\u003e using hashing for map keys. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7175\"\u003e#7175\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eWithInstrumentationAttributeSet\u003c/code\u003e option to \u003ccode\u003ego.opentelemetry.io/otel/log\u003c/code\u003e, \u003ccode\u003ego.opentelemetry.io/otel/metric\u003c/code\u003e, and \u003ccode\u003ego.opentelemetry.io/otel/trace\u003c/code\u003e packages.\nThis provides a concurrent-safe and performant alternative to \u003ccode\u003eWithInstrumentationAttributes\u003c/code\u003e by accepting a pre-constructed \u003ccode\u003eattribute.Set\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7287\"\u003e#7287\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd experimental observability for the Prometheus exporter in \u003ccode\u003ego.opentelemetry.io/otel/exporters/prometheus\u003c/code\u003e.\nCheck the \u003ccode\u003ego.opentelemetry.io/otel/exporters/prometheus/internal/x\u003c/code\u003e package documentation for more information. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7345\"\u003e#7345\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd experimental observability metrics in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7353\"\u003e#7353\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd temporality selector functions \u003ccode\u003eDeltaTemporalitySelector\u003c/code\u003e, \u003ccode\u003eCumulativeTemporalitySelector\u003c/code\u003e, \u003ccode\u003eLowMemoryTemporalitySelector\u003c/code\u003e to \u003ccode\u003ego.opentelemetry.io/otel/sdk/metric\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7434\"\u003e#7434\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd experimental observability metrics for simple log processor in \u003ccode\u003ego.opentelemetry.io/otel/sdk/log\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7548\"\u003e#7548\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd experimental observability metrics in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7459\"\u003e#7459\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd experimental observability metrics in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7486\"\u003e#7486\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd experimental observability metrics for simple span processor in \u003ccode\u003ego.opentelemetry.io/otel/sdk/trace\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7374\"\u003e#7374\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd experimental observability metrics in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7512\"\u003e#7512\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd experimental observability metrics for manual reader in \u003ccode\u003ego.opentelemetry.io/otel/sdk/metric\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7524\"\u003e#7524\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd experimental observability metrics for periodic reader in \u003ccode\u003ego.opentelemetry.io/otel/sdk/metric\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7571\"\u003e#7571\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport \u003ccode\u003eOTEL_EXPORTER_OTLP_LOGS_INSECURE\u003c/code\u003e and \u003ccode\u003eOTEL_EXPORTER_OTLP_INSECURE\u003c/code\u003e environmental variables in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7608\"\u003e#7608\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eEnabled\u003c/code\u003e method to the \u003ccode\u003eProcessor\u003c/code\u003e interface in \u003ccode\u003ego.opentelemetry.io/otel/sdk/log\u003c/code\u003e.\nAll \u003ccode\u003eProcessor\u003c/code\u003e implementations now include an \u003ccode\u003eEnabled\u003c/code\u003e method. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7639\"\u003e#7639\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003ego.opentelemetry.io/otel/semconv/v1.38.0\u003c/code\u003e package.\nThe package contains semantic conventions from the \u003ccode\u003ev1.38.0\u003c/code\u003e version of the OpenTelemetry Semantic Conventions.\nSee the \u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/blob/main/semconv/v1.38.0/MIGRATION.md\"\u003emigration documentation\u003c/a\u003e for information on how to upgrade from \u003ccode\u003ego.opentelemetry.io/otel/semconv/v1.37.0.\u003c/code\u003e(\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7648\"\u003e#7648\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eDistinct\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/attribute\u003c/code\u003e is no longer guaranteed to uniquely identify an attribute set.\nCollisions between \u003ccode\u003eDistinct\u003c/code\u003e values for different Sets are possible with extremely high cardinality (billions of series per instrument), but are highly unlikely. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7175\"\u003e#7175\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eWithInstrumentationAttributes\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/trace\u003c/code\u003e synchronously de-duplicates the passed attributes instead of delegating it to the returned \u003ccode\u003eTracerOption\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7266\"\u003e#7266\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eWithInstrumentationAttributes\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/meter\u003c/code\u003e synchronously de-duplicates the passed attributes instead of delegating it to the returned \u003ccode\u003eMeterOption\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7266\"\u003e#7266\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eWithInstrumentationAttributes\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/log\u003c/code\u003e synchronously de-duplicates the passed attributes instead of delegating it to the returned \u003ccode\u003eLoggerOption\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7266\"\u003e#7266\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRename the \u003ccode\u003eOTEL_GO_X_SELF_OBSERVABILITY\u003c/code\u003e environment variable to \u003ccode\u003eOTEL_GO_X_OBSERVABILITY\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/sdk/trace\u003c/code\u003e, \u003ccode\u003ego.opentelemetry.io/otel/sdk/log\u003c/code\u003e, and \u003ccode\u003ego.opentelemetry.io/otel/exporters/stdout/stdouttrace\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7302\"\u003e#7302\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImprove performance of histogram \u003ccode\u003eRecord\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/sdk/metric\u003c/code\u003e when min and max are disabled using \u003ccode\u003eNoMinMax\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7306\"\u003e#7306\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImprove error handling for dropped data during translation by using \u003ccode\u003eprometheus.NewInvalidMetric\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/exporters/prometheus\u003c/code\u003e.\n⚠️ \u003cstrong\u003eBreaking Change:\u003c/strong\u003e Previously, these cases were only logged and scrapes succeeded.\nNow, when translation would drop data (e.g., invalid label/value), the exporter emits a \u003ccode\u003eNewInvalidMetric\u003c/code\u003e, and Prometheus scrapes \u003cstrong\u003efail with HTTP 500\u003c/strong\u003e by default.\nTo preserve the prior behavior (scrapes succeed while errors are logged), configure your Prometheus HTTP handler with: \u003ccode\u003epromhttp.HandlerOpts{ ErrorHandling: promhttp.ContinueOnError }\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7363\"\u003e#7363\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReplace fnv hash with xxhash in \u003ccode\u003ego.opentelemetry.io/otel/attribute\u003c/code\u003e for better performance. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7371\"\u003e#7371\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eThe default \u003ccode\u003eTranslationStrategy\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/exporters/prometheus\u003c/code\u003e is changed from \u003ccode\u003eotlptranslator.NoUTF8EscapingWithSuffixes\u003c/code\u003e to \u003ccode\u003eotlptranslator.UnderscoreEscapingWithSuffixes\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7421\"\u003e#7421\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImprove performance of concurrent measurements in \u003ccode\u003ego.opentelemetry.io/otel/sdk/metric\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7427\"\u003e#7427\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eInclude W3C TraceFlags (bits 0–7) in the OTLP \u003ccode\u003eSpan.Flags\u003c/code\u003e field in \u003ccode\u003ego.opentelemetry.io/exporters/otlp/otlptrace/otlptracehttp\u003c/code\u003e and \u003ccode\u003ego.opentelemetry.io/exporters/otlp/otlptrace/otlptracegrpc\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7438\"\u003e#7438\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003eErrorType\u003c/code\u003e function in \u003ccode\u003ego.opentelemetry.io/otel/semconv/v1.37.0\u003c/code\u003e now handles custom error types.\nIf an error implements an \u003ccode\u003eErrorType() string\u003c/code\u003e method, the return value of that method will be used as the error type. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7442\"\u003e#7442\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003eWithInstrumentationAttributes\u003c/code\u003e options in \u003ccode\u003ego.opentelemetry.io/otel/trace\u003c/code\u003e, \u003ccode\u003ego.opentelemetry.io/otel/metric\u003c/code\u003e, and \u003ccode\u003ego.opentelemetry.io/otel/log\u003c/code\u003e to properly merge attributes when passed multiple times instead of replacing them.\nAttributes with duplicate keys will use the last value passed. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7300\"\u003e#7300\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eThe equality of \u003ccode\u003eattribute.Set\u003c/code\u003e when using the \u003ccode\u003eEqual\u003c/code\u003e method is not affected by the user overriding the empty set pointed to by \u003ccode\u003eattribute.EmptySet\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/attribute\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7357\"\u003e#7357\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/6ce14298b9d58647295280560205307768400496\"\u003e\u003ccode\u003e6ce1429\u003c/code\u003e\u003c/a\u003e Release v1.39.0 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7676\"\u003e#7676\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/12e421a7061c1ab5c25a1851ca168e1c3ac11bbb\"\u003e\u003ccode\u003e12e421a\u003c/code\u003e\u003c/a\u003e sdk/log: move Enabled method from FilterProcessor to Processor (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7639\"\u003e#7639\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/5982f16d244fafebffcfc92b4673dbeb565b4e7b\"\u003e\u003ccode\u003e5982f16\u003c/code\u003e\u003c/a\u003e fix(deps): update module golang.org/x/sys to v0.39.0 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7684\"\u003e#7684\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/928837830da34dea636b48a468149d480cc41058\"\u003e\u003ccode\u003e9288378\u003c/code\u003e\u003c/a\u003e chore(deps): update module golang.org/x/sync to v0.19.0 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7683\"\u003e#7683\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/ee3dfef45d9462e209d92e0651a58d2417c1305f\"\u003e\u003ccode\u003eee3dfef\u003c/code\u003e\u003c/a\u003e chore(deps): update github.com/securego/gosec/v2 digest to 41f28e2 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7682\"\u003e#7682\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/9345d1f64d874fa8df5f6ca4e14acaeb44532cd3\"\u003e\u003ccode\u003e9345d1f\u003c/code\u003e\u003c/a\u003e fix(deps): update module github.com/golangci/golangci-lint/v2 to v2.7.2 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7680\"\u003e#7680\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/d03b03395dc9436d79d5ba7b5ea77053b18a9915\"\u003e\u003ccode\u003ed03b033\u003c/code\u003e\u003c/a\u003e Check context prior to delaying retry in OTLP exporters (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7678\"\u003e#7678\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/61765e78a620994b5922e34e776e029da1a2b983\"\u003e\u003ccode\u003e61765e7\u003c/code\u003e\u003c/a\u003e Fix flaky \u003ccode\u003eTestClientInstrumentation\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7677\"\u003e#7677\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/a54721cc8052fcd497d6f637a463d1aba787012c\"\u003e\u003ccode\u003ea54721c\u003c/code\u003e\u003c/a\u003e chore(deps): update module github.com/go-git/go-billy/v5 to v5.7.0 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7679\"\u003e#7679\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/746d0860d70bb9c1e875afe1c7e41e9060387d46\"\u003e\u003ccode\u003e746d086\u003c/code\u003e\u003c/a\u003e chore(deps): update github/codeql-action action to v4.31.7 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7675\"\u003e#7675\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/compare/v1.38.0...v1.39.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `golang.org/x/crypto` from 0.44.0 to 0.50.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/4e0068c0098be10d7025c99ab7c50ce454c1f0f9\"\u003e\u003ccode\u003e4e0068c\u003c/code\u003e\u003c/a\u003e go.mod: update golang.org/x dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/e79546e28b85ea53dd37afe1c4102746ef553b9c\"\u003e\u003ccode\u003ee79546e\u003c/code\u003e\u003c/a\u003e ssh: curb GSSAPI DoS risk by limiting number of specified OIDs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/f91f7a7c31bf90b39c1de895ad116a2bacc88748\"\u003e\u003ccode\u003ef91f7a7\u003c/code\u003e\u003c/a\u003e ssh/agent: prevent panic on malformed constraint\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/2df4153a0311bdfea44376e0eb6ef2faefb0275b\"\u003e\u003ccode\u003e2df4153\u003c/code\u003e\u003c/a\u003e acme/autocert: let automatic renewal work with short lifetime certs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/bcf6a849efcf4702fa5172cb0998b46c3da1e989\"\u003e\u003ccode\u003ebcf6a84\u003c/code\u003e\u003c/a\u003e acme: pass context to request\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/b4f2b62076abeee4e43fb59544dac565715fbf1e\"\u003e\u003ccode\u003eb4f2b62\u003c/code\u003e\u003c/a\u003e ssh: fix error message on unsupported cipher\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/79ec3a51fcc7fbd2691d56155d578225ccc542e2\"\u003e\u003ccode\u003e79ec3a5\u003c/code\u003e\u003c/a\u003e ssh: allow to bind to a hostname in remote forwarding\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/122a78f140d9d3303ed3261bc374bbbca149140f\"\u003e\u003ccode\u003e122a78f\u003c/code\u003e\u003c/a\u003e go.mod: update golang.org/x dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/c0531f9c34514ad5c5551e2d6ce569ca673a8afd\"\u003e\u003ccode\u003ec0531f9\u003c/code\u003e\u003c/a\u003e all: eliminate vet diagnostics\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/0997000b45e3a40598272081bcad03ffd21b8adb\"\u003e\u003ccode\u003e0997000\u003c/code\u003e\u003c/a\u003e all: fix some comments\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/golang/crypto/compare/v0.26.0...v0.45.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `google.golang.org/grpc` from 1.78.0 to 1.79.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/grpc/grpc-go/releases\"\u003egoogle.golang.org/grpc's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRelease 1.79.3\u003c/h2\u003e\n\u003ch1\u003eSecurity\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eserver: fix an authorization bypass where malformed :path headers (missing the leading slash) could bypass path-based restricted \u0026quot;deny\u0026quot; rules in interceptors like \u003ccode\u003egrpc/authz\u003c/code\u003e. Any request with a non-canonical path is now immediately rejected with an \u003ccode\u003eUnimplemented\u003c/code\u003e error. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8981\"\u003e#8981\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eRelease 1.79.2\u003c/h2\u003e\n\u003ch1\u003eBug Fixes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003estats: Prevent redundant error logging in health/ORCA producers by skipping stats/tracing processing when no stats handler is configured. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/pull/8874\"\u003egrpc/grpc-go#8874\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eRelease 1.79.1\u003c/h2\u003e\n\u003ch1\u003eBug Fixes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003egrpc: Remove the \u003ccode\u003e-dev\u003c/code\u003e suffix from the User-Agent header. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/pull/8902\"\u003egrpc/grpc-go#8902\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eRelease 1.79.0\u003c/h2\u003e\n\u003ch1\u003eAPI Changes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003emem: Add experimental API \u003ccode\u003eSetDefaultBufferPool\u003c/code\u003e to change the default buffer pool. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8806\"\u003e#8806\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eSpecial Thanks: \u003ca href=\"https://github.com/vanja-p\"\u003e\u003ccode\u003e@​vanja-p\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eexperimental/stats: Update \u003ccode\u003eMetricsRecorder\u003c/code\u003e to require embedding the new \u003ccode\u003eUnimplementedMetricsRecorder\u003c/code\u003e (a no-op struct) in all implementations for forward compatibility. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8780\"\u003e#8780\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eBehavior Changes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003ebalancer/weightedtarget: Remove handling of \u003ccode\u003eAddresses\u003c/code\u003e and only handle \u003ccode\u003eEndpoints\u003c/code\u003e in resolver updates. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8841\"\u003e#8841\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eNew Features\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eexperimental/stats: Add support for asynchronous gauge metrics through the new \u003ccode\u003eAsyncMetricReporter\u003c/code\u003e and \u003ccode\u003eRegisterAsyncReporter\u003c/code\u003e APIs. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8780\"\u003e#8780\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003epickfirst: Add support for weighted random shuffling of endpoints, as described in \u003ca href=\"https://redirect.github.com/grpc/proposal/pull/535\"\u003egRFC A113\u003c/a\u003e.\n\u003cul\u003e\n\u003cli\u003eThis is enabled by default, and can be turned off using the environment variable \u003ccode\u003eGRPC_EXPERIMENTAL_PF_WEIGHTED_SHUFFLING\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8864\"\u003e#8864\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003exds: Implement \u003ccode\u003e:authority\u003c/code\u003e rewriting, as specified in \u003ca href=\"https://github.com/grpc/proposal/blob/master/A81-xds-authority-rewriting.md\"\u003egRFC A81\u003c/a\u003e. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8779\"\u003e#8779\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ebalancer/randomsubsetting: Implement the \u003ccode\u003erandom_subsetting\u003c/code\u003e LB policy, as specified in \u003ca href=\"https://github.com/grpc/proposal/blob/master/A68-random-subsetting.md\"\u003egRFC A68\u003c/a\u003e. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8650\"\u003e#8650\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eSpecial Thanks: \u003ca href=\"https://github.com/marek-szews\"\u003e\u003ccode\u003e@​marek-szews\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eBug Fixes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003ecredentials/tls: Fix a bug where the port was not stripped from the authority override before validation. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8726\"\u003e#8726\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eSpecial Thanks: \u003ca href=\"https://github.com/Atul1710\"\u003e\u003ccode\u003e@​Atul1710\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003exds/priority: Fix a bug causing delayed failover to lower-priority clusters when a higher-priority cluster is stuck in \u003ccode\u003eCONNECTING\u003c/code\u003e state. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8813\"\u003e#8813\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ehealth: Fix a bug where health checks failed for clients using legacy compression options (\u003ccode\u003eWithDecompressor\u003c/code\u003e or \u003ccode\u003eRPCDecompressor\u003c/code\u003e). (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8765\"\u003e#8765\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eSpecial Thanks: \u003ca href=\"https://github.com/sanki92\"\u003e\u003ccode\u003e@​sanki92\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003etransport: Fix an issue where the HTTP/2 server could skip header size checks when terminating a stream early. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8769\"\u003e#8769\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eSpecial Thanks: \u003ca href=\"https://github.com/joybestourous\"\u003e\u003ccode\u003e@​joybestourous\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eserver: Propagate status detail headers, if available, when terminating a stream during request header processing. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8754\"\u003e#8754\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eSpecial Thanks: \u003ca href=\"https://github.com/joybestourous\"\u003e\u003ccode\u003e@​joybestourous\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003ePerformance Improvements\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003ecredentials/alts: Optimize read buffer alignment to reduce copies. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8791\"\u003e#8791\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003emem: Optimize pooling and creation of \u003ccode\u003ebuffer\u003c/code\u003e objects.  (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8784\"\u003e#8784\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003etransport: Reduce slice re-allocations by reserving slice capacity. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8797\"\u003e#8797\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/dda86dbd9cecb8b35b58c73d507d81d67761205f\"\u003e\u003ccode\u003edda86db\u003c/code\u003e\u003c/a\u003e Change version to 1.79.3 (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8983\"\u003e#8983\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/72186f163e75a065c39e6f7df9b6dea07fbdeff5\"\u003e\u003ccode\u003e72186f1\u003c/code\u003e\u003c/a\u003e grpc: enforce strict path checking for incoming requests on the server (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8981\"\u003e#8981\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/97ca3522b239edf6813e2b1106924e9d55e89d43\"\u003e\u003ccode\u003e97ca352\u003c/code\u003e\u003c/a\u003e Changing version to 1.79.3-dev (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8954\"\u003e#8954\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/8902ab6efea590f5b3861126559eaa26fa9783b2\"\u003e\u003ccode\u003e8902ab6\u003c/code\u003e\u003c/a\u003e Change the version to release 1.79.2 (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8947\"\u003e#8947\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/a9286705aa689bee321ec674323b6896284f3e02\"\u003e\u003ccode\u003ea928670\u003c/code\u003e\u003c/a\u003e Cherry-pick \u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8874\"\u003e#8874\u003c/a\u003e to v1.79.x (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8904\"\u003e#8904\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/06df3638c0bcee88197b1033b3ba83e1eb8bc010\"\u003e\u003ccode\u003e06df363\u003c/code\u003e\u003c/a\u003e Change version to 1.79.2-dev (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8903\"\u003e#8903\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/782f2de44f597af18a120527e7682a6670d84289\"\u003e\u003ccode\u003e782f2de\u003c/code\u003e\u003c/a\u003e Change version to 1.79.1 (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8902\"\u003e#8902\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/850eccbb2257bd2de6ac28ee88a7172ab6175629\"\u003e\u003ccode\u003e850eccb\u003c/code\u003e\u003c/a\u003e Change version to 1.79.1-dev (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8851\"\u003e#8851\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/765ff056b6890f6c8341894df4e9668e9bfc18ef\"\u003e\u003ccode\u003e765ff05\u003c/code\u003e\u003c/a\u003e Change version to 1.79.0 (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8850\"\u003e#8850\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/68804be0e78ed0365bb5a576dedc12e2168ed63e\"\u003e\u003ccode\u003e68804be\u003c/code\u003e\u003c/a\u003e Cherry pick \u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8864\"\u003e#8864\u003c/a\u003e to v1.79.x (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8896\"\u003e#8896\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/grpc/grpc-go/compare/v1.78.0...v1.79.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/go-jose/go-jose/v4` from 4.1.3 to 4.1.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/go-jose/go-jose/releases\"\u003egithub.com/go-jose/go-jose/v4's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.1.4\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cp\u003eFixes Panic in JWE decryption. See \u003ca href=\"https://github.com/go-jose/go-jose/security/advisories/GHSA-78h2-9frx-2jm8\"\u003ehttps://github.com/go-jose/go-jose/security/advisories/GHSA-78h2-9frx-2jm8\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/go-jose/go-jose/compare/v4.1.3...v4.1.4\"\u003ehttps://github.com/go-jose/go-jose/compare/v4.1.3...v4.1.4\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-jose/go-jose/commit/0e59876635f3dbf46d7b5e97b52bb75a3f96e7d9\"\u003e\u003ccode\u003e0e59876\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-jose/go-jose/commit/ddffdbcec8bdadea8e02a20bdf19239878228215\"\u003e\u003ccode\u003eddffdbc\u003c/code\u003e\u003c/a\u003e Bump actions/checkout from 5 to 6 (\u003ca href=\"https://redirect.github.com/go-jose/go-jose/issues/213\"\u003e#213\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/go-jose/go-jose/compare/v4.1.3...v4.1.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/moby/spdystream` from 0.5.0 to 0.5.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/moby/spdystream/releases\"\u003egithub.com/moby/spdystream's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.5.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cp\u003eFix memory amplification in SPDY frame parsing leads to denial of service (\u003ca href=\"https://github.com/moby/spdystream/security/advisories/GHSA-pc3f-x583-g7j2\"\u003eCVE-2026-35469\u003c/a\u003e / \u003ca href=\"https://github.com/moby/spdystream/security/advisories/GHSA-pc3f-x583-g7j2\"\u003eGHSA-pc3f-x583-g7j2\u003c/a\u003e)\u003c/p\u003e\n\u003ch3\u003eChanges\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003espdy: fix duplicate license headers, add LICENSE, PATENTS, and update NOTICE \u003ca href=\"https://redirect.github.com/moby/spdystream/pull/106\"\u003emoby/spdystream#106\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: update actions and test against latest Go versions \u003ca href=\"https://redirect.github.com/moby/spdystream/pull/107\"\u003emoby/spdystream#107\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003euse ioutil.Discard for go1.13 compatibility \u003ca href=\"https://redirect.github.com/moby/spdystream/pull/109\"\u003emoby/spdystream#109\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/moby/spdystream/compare/v0.5.0...v0.5.1\"\u003ehttps://github.com/moby/spdystream/compare/v0.5.0...v0.5.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/c59e5d73daa301bde452ea77545bdf51e32554a2\"\u003e\u003ccode\u003ec59e5d7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/moby/spdystream/issues/109\"\u003e#109\u003c/a\u003e from thaJeztah/use_ioutil\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/2fd0155e904f1f9b834b8460e8fdb8522bb59f84\"\u003e\u003ccode\u003e2fd0155\u003c/code\u003e\u003c/a\u003e use ioutil.Discard for go1.13 compatibility\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/ef6121f62c730110bf5ae604a865a8613bfb787f\"\u003e\u003ccode\u003eef6121f\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/241cec95b8f02919845dc4758f1f5310fc886739\"\u003e\u003ccode\u003e241cec9\u003c/code\u003e\u003c/a\u003e compare with signed Int for 32-bit Arm\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/21c38640c8c8f43173b17e5bc6690a5fa25d6935\"\u003e\u003ccode\u003e21c3864\u003c/code\u003e\u003c/a\u003e Add options to customize limits\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/acf9b456d06816c5cf23bf3892e13441f947d5fd\"\u003e\u003ccode\u003eacf9b45\u003c/code\u003e\u003c/a\u003e spdy: update god...\n\n_Description has been truncated_","html_url":"https://github.com/AKJUS/higress/pull/233","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/AKJUS%2Fhigress/issues/233","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/233/packages"},{"uuid":"4325443956","node_id":"PR_kwDOQzBTb87VdhzY","number":13,"state":"open","title":"Bump the go_modules group across 20 directories with 6 updates","user":"dependabot[bot]","labels":["dependencies","go"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-04-24T20:35:24.000Z","updated_at":"2026-04-24T20:35:51.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"go_modules","update_count":6,"packages":[{"name":"github.com/go-viper/mapstructure/v2","old_version":"2.3.0","new_version":"2.4.0","repository_url":"https://github.com/go-viper/mapstructure"},{"name":"github.com/golang/glog","old_version":"1.2.2","new_version":"1.2.4","repository_url":"https://github.com/golang/glog"},{"name":"go.opentelemetry.io/otel","old_version":"1.38.0","new_version":"1.41.0","repository_url":"https://github.com/open-telemetry/opentelemetry-go"},{"name":"go.opentelemetry.io/otel/sdk","old_version":"1.38.0","new_version":"1.43.0","repository_url":"https://github.com/open-telemetry/opentelemetry-go"},{"name":"google.golang.org/grpc","old_version":"1.75.0","new_version":"1.79.3","repository_url":"https://github.com/grpc/grpc-go"},{"name":"github.com/moby/spdystream","old_version":"0.5.0","new_version":"0.5.1","repository_url":"https://github.com/moby/spdystream"},{"name":"github.com/moby/spdystream","old_version":"0.5.0","new_version":"0.5.1","repository_url":"https://github.com/moby/spdystream"},{"name":"go.opentelemetry.io/otel","old_version":"1.38.0","new_version":"1.41.0","repository_url":"https://github.com/open-telemetry/opentelemetry-go"},{"name":"go.opentelemetry.io/otel/sdk","old_version":"1.38.0","new_version":"1.43.0","repository_url":"https://github.com/open-telemetry/opentelemetry-go"}],"path":null,"ecosystem":"go"},"body":"Bumps the go_modules group with 2 updates in the /hack/tools directory: [github.com/go-viper/mapstructure/v2](https://github.com/go-viper/mapstructure) and [github.com/golang/glog](https://github.com/golang/glog).\nBumps the go_modules group with 4 updates in the /staging/src/k8s.io/apiextensions-apiserver directory: [go.opentelemetry.io/otel](https://github.com/open-telemetry/opentelemetry-go), [go.opentelemetry.io/otel/sdk](https://github.com/open-telemetry/opentelemetry-go), [google.golang.org/grpc](https://github.com/grpc/grpc-go) and [github.com/moby/spdystream](https://github.com/moby/spdystream).\nBumps the go_modules group with 1 update in the /staging/src/k8s.io/apimachinery directory: [github.com/moby/spdystream](https://github.com/moby/spdystream).\nBumps the go_modules group with 4 updates in the /staging/src/k8s.io/apiserver directory: [go.opentelemetry.io/otel](https://github.com/open-telemetry/opentelemetry-go), [go.opentelemetry.io/otel/sdk](https://github.com/open-telemetry/opentelemetry-go), [google.golang.org/grpc](https://github.com/grpc/grpc-go) and [github.com/moby/spdystream](https://github.com/moby/spdystream).\nBumps the go_modules group with 1 update in the /staging/src/k8s.io/client-go directory: [github.com/moby/spdystream](https://github.com/moby/spdystream).\nBumps the go_modules group with 3 updates in the /staging/src/k8s.io/cloud-provider directory: [go.opentelemetry.io/otel](https://github.com/open-telemetry/opentelemetry-go), [go.opentelemetry.io/otel/sdk](https://github.com/open-telemetry/opentelemetry-go) and [google.golang.org/grpc](https://github.com/grpc/grpc-go).\nBumps the go_modules group with 3 updates in the /staging/src/k8s.io/component-base directory: [go.opentelemetry.io/otel](https://github.com/open-telemetry/opentelemetry-go), [go.opentelemetry.io/otel/sdk](https://github.com/open-telemetry/opentelemetry-go) and [google.golang.org/grpc](https://github.com/grpc/grpc-go).\nBumps the go_modules group with 3 updates in the /staging/src/k8s.io/controller-manager directory: [go.opentelemetry.io/otel](https://github.com/open-telemetry/opentelemetry-go), [go.opentelemetry.io/otel/sdk](https://github.com/open-telemetry/opentelemetry-go) and [google.golang.org/grpc](https://github.com/grpc/grpc-go).\nBumps the go_modules group with 2 updates in the /staging/src/k8s.io/cri-api directory: [go.opentelemetry.io/otel](https://github.com/open-telemetry/opentelemetry-go) and [google.golang.org/grpc](https://github.com/grpc/grpc-go).\nBumps the go_modules group with 3 updates in the /staging/src/k8s.io/cri-client directory: [go.opentelemetry.io/otel](https://github.com/open-telemetry/opentelemetry-go), [go.opentelemetry.io/otel/sdk](https://github.com/open-telemetry/opentelemetry-go) and [google.golang.org/grpc](https://github.com/grpc/grpc-go).\nBumps the go_modules group with 2 updates in the /staging/src/k8s.io/dynamic-resource-allocation directory: [go.opentelemetry.io/otel](https://github.com/open-telemetry/opentelemetry-go) and [google.golang.org/grpc](https://github.com/grpc/grpc-go).\nBumps the go_modules group with 1 update in the /staging/src/k8s.io/endpointslice directory: [go.opentelemetry.io/otel](https://github.com/open-telemetry/opentelemetry-go).\nBumps the go_modules group with 2 updates in the /staging/src/k8s.io/externaljwt directory: [go.opentelemetry.io/otel](https://github.com/open-telemetry/opentelemetry-go) and [google.golang.org/grpc](https://github.com/grpc/grpc-go).\nBumps the go_modules group with 2 updates in the /staging/src/k8s.io/kms directory: [go.opentelemetry.io/otel](https://github.com/open-telemetry/opentelemetry-go) and [google.golang.org/grpc](https://github.com/grpc/grpc-go).\nBumps the go_modules group with 1 update in the /staging/src/k8s.io/kms/internal/plugins/_mock directory: [google.golang.org/grpc](https://github.com/grpc/grpc-go).\nBumps the go_modules group with 4 updates in the /staging/src/k8s.io/kube-aggregator directory: [go.opentelemetry.io/otel](https://github.com/open-telemetry/opentelemetry-go), [go.opentelemetry.io/otel/sdk](https://github.com/open-telemetry/opentelemetry-go), [google.golang.org/grpc](https://github.com/grpc/grpc-go) and [github.com/moby/spdystream](https://github.com/moby/spdystream).\nBumps the go_modules group with 1 update in the /staging/src/k8s.io/kubectl directory: [github.com/moby/spdystream](https://github.com/moby/spdystream).\nBumps the go_modules group with 3 updates in the /staging/src/k8s.io/kubelet directory: [go.opentelemetry.io/otel](https://github.com/open-telemetry/opentelemetry-go), [google.golang.org/grpc](https://github.com/grpc/grpc-go) and [github.com/moby/spdystream](https://github.com/moby/spdystream).\nBumps the go_modules group with 3 updates in the /staging/src/k8s.io/pod-security-admission directory: [go.opentelemetry.io/otel](https://github.com/open-telemetry/opentelemetry-go), [go.opentelemetry.io/otel/sdk](https://github.com/open-telemetry/opentelemetry-go) and [google.golang.org/grpc](https://github.com/grpc/grpc-go).\nBumps the go_modules group with 3 updates in the /staging/src/k8s.io/sample-apiserver directory: [go.opentelemetry.io/otel](https://github.com/open-telemetry/opentelemetry-go), [go.opentelemetry.io/otel/sdk](https://github.com/open-telemetry/opentelemetry-go) and [google.golang.org/grpc](https://github.com/grpc/grpc-go).\n\nUpdates `github.com/go-viper/mapstructure/v2` from 2.3.0 to 2.4.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/go-viper/mapstructure/releases\"\u003egithub.com/go-viper/mapstructure/v2's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.4.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003erefactor: replace interface{} with any by \u003ca href=\"https://github.com/sagikazarmark\"\u003e\u003ccode\u003e@​sagikazarmark\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-viper/mapstructure/pull/115\"\u003ego-viper/mapstructure#115\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github/codeql-action from 3.29.0 to 3.29.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/go-viper/mapstructure/pull/114\"\u003ego-viper/mapstructure#114\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eGeneric tests by \u003ca href=\"https://github.com/sagikazarmark\"\u003e\u003ccode\u003e@​sagikazarmark\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-viper/mapstructure/pull/118\"\u003ego-viper/mapstructure#118\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix godoc reference link in README.md by \u003ca href=\"https://github.com/peczenyj\"\u003e\u003ccode\u003e@​peczenyj\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-viper/mapstructure/pull/107\"\u003ego-viper/mapstructure#107\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: add StringToTimeLocationHookFunc to convert strings to *time.Location by \u003ca href=\"https://github.com/ErfanMomeniii\"\u003e\u003ccode\u003e@​ErfanMomeniii\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-viper/mapstructure/pull/117\"\u003ego-viper/mapstructure#117\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: add back previous StringToSlice as a weak function by \u003ca href=\"https://github.com/sagikazarmark\"\u003e\u003ccode\u003e@​sagikazarmark\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-viper/mapstructure/pull/119\"\u003ego-viper/mapstructure#119\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ErfanMomeniii\"\u003e\u003ccode\u003e@​ErfanMomeniii\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-viper/mapstructure/pull/117\"\u003ego-viper/mapstructure#117\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/go-viper/mapstructure/compare/v2.3.0...v2.4.0\"\u003ehttps://github.com/go-viper/mapstructure/compare/v2.3.0...v2.4.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-viper/mapstructure/commit/b9794a5f0e73d425210d6614ed833067029155f5\"\u003e\u003ccode\u003eb9794a5\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/go-viper/mapstructure/issues/119\"\u003e#119\u003c/a\u003e from go-viper/string-to-weak-slice\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-viper/mapstructure/commit/17cdcb0741054e2a33938adf6bd1f2a5c0aa8f30\"\u003e\u003ccode\u003e17cdcb0\u003c/code\u003e\u003c/a\u003e feat: add back previous StringToSlice as a weak function\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-viper/mapstructure/commit/3caca3614c3ab2c5b5d359c44fdcd72058887b19\"\u003e\u003ccode\u003e3caca36\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/go-viper/mapstructure/issues/117\"\u003e#117\u003c/a\u003e from ErfanMomeniii/main\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-viper/mapstructure/commit/9a861bc115f2b54ed4e494662f29c172d9ef046a\"\u003e\u003ccode\u003e9a861bc\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/go-viper/mapstructure/issues/107\"\u003e#107\u003c/a\u003e from peczenyj/patch-2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-viper/mapstructure/commit/86ed5b59da0615fb8c3a413f401cdf0231f1234c\"\u003e\u003ccode\u003e86ed5b5\u003c/code\u003e\u003c/a\u003e refactor: update\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-viper/mapstructure/commit/ace5b4e8b3dec99468ffa9498e42fb09d177b0a6\"\u003e\u003ccode\u003eace5b4e\u003c/code\u003e\u003c/a\u003e chore: add interface any linter\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-viper/mapstructure/commit/1a4f1aef38bfa8549762aaf42c7c18a5d268e76e\"\u003e\u003ccode\u003e1a4f1ae\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/go-viper/mapstructure/issues/118\"\u003e#118\u003c/a\u003e from go-viper/generic-tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-viper/mapstructure/commit/a2689090ed4348033c36724d866faf1f911a9f63\"\u003e\u003ccode\u003ea268909\u003c/code\u003e\u003c/a\u003e fix: lint\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-viper/mapstructure/commit/17f1fd44eb7606b109c9bb017c0a1c6d3e93b5cd\"\u003e\u003ccode\u003e17f1fd4\u003c/code\u003e\u003c/a\u003e test: add more comments\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-viper/mapstructure/commit/b48c8566836bf291bfee2b217d51fc36e8e61f6f\"\u003e\u003ccode\u003eb48c856\u003c/code\u003e\u003c/a\u003e test: expand tests\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/go-viper/mapstructure/compare/v2.3.0...v2.4.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/golang/glog` from 1.2.2 to 1.2.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/golang/glog/releases\"\u003egithub.com/golang/glog's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.2.4\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFail if log file already exists by \u003ca href=\"https://github.com/chressie\"\u003e\u003ccode\u003e@​chressie\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/golang/glog/pull/74\"\u003egolang/glog#74\u003c/a\u003e:\n\u003cul\u003e\n\u003cli\u003eglog: Don't try to create/rotate a given syncBuffer twice in the same second\u003c/li\u003e\n\u003cli\u003eglog: introduce createInDir function as in internal version\u003c/li\u003e\n\u003cli\u003eglog: have createInDir fail if the file already exists\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/golang/glog/compare/v1.2.3...v1.2.4\"\u003ehttps://github.com/golang/glog/compare/v1.2.3...v1.2.4\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.2.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eglog: check that stderr is valid before using it by default by \u003ca href=\"https://github.com/chressie\"\u003e\u003ccode\u003e@​chressie\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/golang/glog/pull/72\"\u003egolang/glog#72\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eglog: fix typo by \u003ca href=\"https://github.com/chressie\"\u003e\u003ccode\u003e@​chressie\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/golang/glog/pull/73\"\u003egolang/glog#73\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/golang/glog/compare/v1.2.2...v1.2.3\"\u003ehttps://github.com/golang/glog/compare/v1.2.2...v1.2.3\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/glog/commit/a0e3c40a0ed0cecc58c84e7684d9ce55a54044ee\"\u003e\u003ccode\u003ea0e3c40\u003c/code\u003e\u003c/a\u003e glog: have createInDir fail if the file already exists\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/glog/commit/7139da234346c23dba05a8c588284c379b9c0bf8\"\u003e\u003ccode\u003e7139da2\u003c/code\u003e\u003c/a\u003e glog: introduce createInDir function as in internal version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/glog/commit/dd58629ba6ced28322bcb149ed86016fb1ec9a5b\"\u003e\u003ccode\u003edd58629\u003c/code\u003e\u003c/a\u003e glog: Don't try to create/rotate a given syncBuffer twice in the same second\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/glog/commit/04dbec0df8d03d5c187beaf5ce8e6c58e9fc82b5\"\u003e\u003ccode\u003e04dbec0\u003c/code\u003e\u003c/a\u003e glog: fix typo (\u003ca href=\"https://redirect.github.com/golang/glog/issues/73\"\u003e#73\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/glog/commit/459cf3b8151dcfd8aa971077774eaf0c804119e4\"\u003e\u003ccode\u003e459cf3b\u003c/code\u003e\u003c/a\u003e glog: check that stderr is valid before using it by default (\u003ca href=\"https://redirect.github.com/golang/glog/issues/72\"\u003e#72\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/golang/glog/compare/v1.2.2...v1.2.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `go.opentelemetry.io/otel` from 1.38.0 to 1.41.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md\"\u003ego.opentelemetry.io/otel's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[1.41.0/0.63.0/0.17.0/0.0.15] 2026-03-02\u003c/h2\u003e\n\u003cp\u003eThis release is the last to support [Go 1.24].\nThe next release will require at least [Go 1.25].\u003c/p\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSupport testing of [Go 1.26]. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7902\"\u003e#7902\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate \u003ccode\u003eBaggage\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/propagation\u003c/code\u003e and \u003ccode\u003eParse\u003c/code\u003e and \u003ccode\u003eNew\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/baggage\u003c/code\u003e to comply with W3C Baggage specification limits.\n\u003ccode\u003eNew\u003c/code\u003e and \u003ccode\u003eParse\u003c/code\u003e now return partial baggage along with an error when limits are exceeded.\nErrors from baggage extraction are reported to the global error handler. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7880\"\u003e#7880\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReturn an error when the endpoint is configured as insecure and with TLS configuration in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7914\"\u003e#7914\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReturn an error when the endpoint is configured as insecure and with TLS configuration in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7914\"\u003e#7914\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReturn an error when the endpoint is configured as insecure and with TLS configuration in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7914\"\u003e#7914\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[1.40.0/0.62.0/0.16.0] 2026-02-02\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eAlwaysRecord\u003c/code\u003e sampler in \u003ccode\u003ego.opentelemetry.io/otel/sdk/trace\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7724\"\u003e#7724\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eEnabled\u003c/code\u003e method to all synchronous instrument interfaces (\u003ccode\u003eFloat64Counter\u003c/code\u003e, \u003ccode\u003eFloat64UpDownCounter\u003c/code\u003e, \u003ccode\u003eFloat64Histogram\u003c/code\u003e, \u003ccode\u003eFloat64Gauge\u003c/code\u003e, \u003ccode\u003eInt64Counter\u003c/code\u003e, \u003ccode\u003eInt64UpDownCounter\u003c/code\u003e, \u003ccode\u003eInt64Histogram\u003c/code\u003e, \u003ccode\u003eInt64Gauge\u003c/code\u003e,) in \u003ccode\u003ego.opentelemetry.io/otel/metric\u003c/code\u003e.\nThis stabilizes the synchronous instrument enabled feature, allowing users to check if an instrument will process measurements before performing computationally expensive operations. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7763\"\u003e#7763\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003ego.opentelemetry.io/otel/semconv/v1.39.0\u003c/code\u003e package.\nThe package contains semantic conventions from the \u003ccode\u003ev1.39.0\u003c/code\u003e version of the OpenTelemetry Semantic Conventions.\nSee the \u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/blob/main/semconv/v1.39.0/MIGRATION.md\"\u003emigration documentation\u003c/a\u003e for information on how to upgrade from \u003ccode\u003ego.opentelemetry.io/otel/semconv/v1.38.0.\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7783\"\u003e#7783\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7789\"\u003e#7789\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eImprove the concurrent performance of \u003ccode\u003eHistogramReservoir\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/sdk/metric/exemplar\u003c/code\u003e by 4x. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7443\"\u003e#7443\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImprove the concurrent performance of \u003ccode\u003eFixedSizeReservoir\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/sdk/metric/exemplar\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7447\"\u003e#7447\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImprove performance of concurrent histogram measurements in \u003ccode\u003ego.opentelemetry.io/otel/sdk/metric\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7474\"\u003e#7474\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImprove performance of concurrent synchronous gauge measurements in \u003ccode\u003ego.opentelemetry.io/otel/sdk/metric\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7478\"\u003e#7478\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd experimental observability metrics in \u003ccode\u003ego.opentelemetry.io/otel/exporters/stdout/stdoutmetric\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7492\"\u003e#7492\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eExporter\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/exporters/prometheus\u003c/code\u003e ignores metrics with the scope \u003ccode\u003ego.opentelemetry.io/contrib/bridges/prometheus\u003c/code\u003e.\nThis prevents scrape failures when the Prometheus exporter is misconfigured to get data from the Prometheus bridge. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7688\"\u003e#7688\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImprove performance of concurrent exponential histogram measurements in \u003ccode\u003ego.opentelemetry.io/otel/sdk/metric\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7702\"\u003e#7702\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003erpc.grpc.status_code\u003c/code\u003e attribute in the experimental metrics emitted from \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc\u003c/code\u003e is replaced with the \u003ccode\u003erpc.response.status_code\u003c/code\u003e attribute to align with the semantic conventions. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7854\"\u003e#7854\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003erpc.grpc.status_code\u003c/code\u003e attribute in the experimental metrics emitted from \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc\u003c/code\u003e is replaced with the \u003ccode\u003erpc.response.status_code\u003c/code\u003e attribute to align with the semantic conventions. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7854\"\u003e#7854\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix bad log message when key-value pairs are dropped because of key duplication in \u003ccode\u003ego.opentelemetry.io/otel/sdk/log\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7662\"\u003e#7662\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eDroppedAttributes\u003c/code\u003e on \u003ccode\u003eRecord\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/sdk/log\u003c/code\u003e to not count the non-attribute key-value pairs dropped because of key duplication. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7662\"\u003e#7662\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eSetAttributes\u003c/code\u003e on \u003ccode\u003eRecord\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/sdk/log\u003c/code\u003e to not log that attributes are dropped when they are actually not dropped. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7662\"\u003e#7662\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix missing \u003ccode\u003erequest.GetBody\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp\u003c/code\u003e to correctly handle HTTP/2 \u003ccode\u003eGOAWAY\u003c/code\u003e frame. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7794\"\u003e#7794\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eWithHostID\u003c/code\u003e detector in \u003ccode\u003ego.opentelemetry.io/otel/sdk/resource\u003c/code\u003e to use full path for \u003ccode\u003eioreg\u003c/code\u003e command on Darwin (macOS). (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7818\"\u003e#7818\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/4575a9774dd9415ffc858dd34955493b0031065a\"\u003e\u003ccode\u003e4575a97\u003c/code\u003e\u003c/a\u003e Release 1.41.0/0.63.0/0.17.0/0.0.15 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7977\"\u003e#7977\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/66fc10d9dff9653c65bcca111b965137d06f09aa\"\u003e\u003ccode\u003e66fc10d\u003c/code\u003e\u003c/a\u003e fix: add error handling for insecure HTTP endpoints with TLS client configura...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/76e6eec88f186f06a0708b5620324d2b002d9a97\"\u003e\u003ccode\u003e76e6eec\u003c/code\u003e\u003c/a\u003e chore(deps): update github/codeql-action action to v4.32.5 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7980\"\u003e#7980\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/0d50f9008c8c93fe49a7caa45c88c30370479d27\"\u003e\u003ccode\u003e0d50f90\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Generate semconv/v1.40.0\u0026quot; (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7978\"\u003e#7978\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/c38a4a57c320b6098ca5c92f0a85201034780b1f\"\u003e\u003ccode\u003ec38a4a5\u003c/code\u003e\u003c/a\u003e Generate semconv/v1.40.0 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7929\"\u003e#7929\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/0f1a22484ec52d6beb1efdb0fa1b63a31e7405af\"\u003e\u003ccode\u003e0f1a224\u003c/code\u003e\u003c/a\u003e chore(deps): update module github.com/securego/gosec/v2 to v2.23.0 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7899\"\u003e#7899\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/c79ebf43eb1cff6dd76a33bb1549f2c082dab604\"\u003e\u003ccode\u003ec79ebf4\u003c/code\u003e\u003c/a\u003e chore(deps): update module github.com/daixiang0/gci to v0.14.0 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7973\"\u003e#7973\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/f75815746541d0d4ac84e1c5955bdcd1a2df2d7d\"\u003e\u003ccode\u003ef758157\u003c/code\u003e\u003c/a\u003e chore(deps): update module github.com/sonatard/noctx to v0.5.0 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7968\"\u003e#7968\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/92a11645724515630187def073ae39f1b6cb3c69\"\u003e\u003ccode\u003e92a1164\u003c/code\u003e\u003c/a\u003e fix(deps): update github.com/opentracing-contrib/go-grpc/test digest to d566b...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/3cd7c27e840ea3114115459db2e299a27fffaff8\"\u003e\u003ccode\u003e3cd7c27\u003c/code\u003e\u003c/a\u003e chore(deps): update module github.com/protonmail/go-crypto to v1.4.0 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7969\"\u003e#7969\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/compare/v1.38.0...v1.41.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `go.opentelemetry.io/otel/sdk` from 1.38.0 to 1.43.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md\"\u003ego.opentelemetry.io/otel/sdk's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[1.43.0/0.65.0/0.19.0] 2026-04-02\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eIsRandom\u003c/code\u003e and \u003ccode\u003eWithRandom\u003c/code\u003e on \u003ccode\u003eTraceFlags\u003c/code\u003e, and \u003ccode\u003eIsRandom\u003c/code\u003e on \u003ccode\u003eSpanContext\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/trace\u003c/code\u003e for \u003ca href=\"https://www.w3.org/TR/trace-context-2/#random-trace-id-flag\"\u003eW3C Trace Context Level 2 Random Trace ID Flag\u003c/a\u003e support. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8012\"\u003e#8012\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd service detection with \u003ccode\u003eWithService\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/sdk/resource\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7642\"\u003e#7642\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eDefaultWithContext\u003c/code\u003e and \u003ccode\u003eEnvironmentWithContext\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/sdk/resource\u003c/code\u003e to support plumbing \u003ccode\u003econtext.Context\u003c/code\u003e through default and environment detectors. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8051\"\u003e#8051\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport attributes with empty value (\u003ccode\u003eattribute.EMPTY\u003c/code\u003e) in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport attributes with empty value (\u003ccode\u003eattribute.EMPTY\u003c/code\u003e) in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport attributes with empty value (\u003ccode\u003eattribute.EMPTY\u003c/code\u003e) in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport attributes with empty value (\u003ccode\u003eattribute.EMPTY\u003c/code\u003e) in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport attributes with empty value (\u003ccode\u003eattribute.EMPTY\u003c/code\u003e) in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport attributes with empty value (\u003ccode\u003eattribute.EMPTY\u003c/code\u003e) in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport attributes with empty value (\u003ccode\u003eattribute.EMPTY\u003c/code\u003e) in \u003ccode\u003ego.opentelemetry.io/otel/sdk/metric/metricdata/metricdatatest\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd support for per-series start time tracking for cumulative metrics in \u003ccode\u003ego.opentelemetry.io/otel/sdk/metric\u003c/code\u003e.\nSet \u003ccode\u003eOTEL_GO_X_PER_SERIES_START_TIMESTAMPS=true\u003c/code\u003e to enable. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8060\"\u003e#8060\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eWithCardinalityLimitSelector\u003c/code\u003e for metric reader for configuring cardinality limits specific to the instrument kind. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7855\"\u003e#7855\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eIntroduce the \u003ccode\u003eEMPTY\u003c/code\u003e Type in \u003ccode\u003ego.opentelemetry.io/otel/attribute\u003c/code\u003e to reflect that an empty value is now a valid value, with \u003ccode\u003eINVALID\u003c/code\u003e remaining as a deprecated alias of \u003ccode\u003eEMPTY\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImprove slice handling in \u003ccode\u003ego.opentelemetry.io/otel/attribute\u003c/code\u003e to optimize short slice values with fixed-size fast paths. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8039\"\u003e#8039\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImprove performance of span metric recording in \u003ccode\u003ego.opentelemetry.io/otel/sdk/trace\u003c/code\u003e by returning early if self-observability is not enabled. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8067\"\u003e#8067\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImprove formatting of metric data diffs in \u003ccode\u003ego.opentelemetry.io/otel/sdk/metric/metricdata/metricdatatest\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8073\"\u003e#8073\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDeprecated\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDeprecate \u003ccode\u003eINVALID\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/attribute\u003c/code\u003e. Use \u003ccode\u003eEMPTY\u003c/code\u003e instead. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eReturn spec-compliant \u003ccode\u003eTraceIdRatioBased\u003c/code\u003e description. This is a breaking behavioral change, but it is necessary to\nmake the implementation \u003ca href=\"https://opentelemetry.io/docs/specs/otel/trace/sdk/#traceidratiobased\"\u003espec-compliant\u003c/a\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8027\"\u003e#8027\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix a race condition in \u003ccode\u003ego.opentelemetry.io/otel/sdk/metric\u003c/code\u003e where the lastvalue aggregation could collect the value 0 even when no zero-value measurements were recorded. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8056\"\u003e#8056\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eLimit HTTP response body to 4 MiB in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp\u003c/code\u003e to mitigate excessive memory usage caused by a misconfigured or malicious server.\nResponses exceeding the limit are treated as non-retryable errors. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8108\"\u003e#8108\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eLimit HTTP response body to 4 MiB in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp\u003c/code\u003e to mitigate excessive memory usage caused by a misconfigured or malicious server.\nResponses exceeding the limit are treated as non-retryable errors. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8108\"\u003e#8108\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eLimit HTTP response body to 4 MiB in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp\u003c/code\u003e to mitigate excessive memory usage caused by a misconfigured or malicious server.\nResponses exceeding the limit are treated as non-retryable errors. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8108\"\u003e#8108\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eWithHostID\u003c/code\u003e detector in \u003ccode\u003ego.opentelemetry.io/otel/sdk/resource\u003c/code\u003e to use full path for \u003ccode\u003ekenv\u003c/code\u003e command on BSD. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8113\"\u003e#8113\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix missing \u003ccode\u003erequest.GetBody\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp\u003c/code\u003e to correctly handle HTTP2 GOAWAY frame. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8096\"\u003e#8096\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[1.42.0/0.64.0/0.18.0/0.0.16] 2026-03-06\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003ego.opentelemetry.io/otel/semconv/v1.40.0\u003c/code\u003e package.\nThe package contains semantic conventions from the \u003ccode\u003ev1.40.0\u003c/code\u003e version of the OpenTelemetry Semantic Conventions.\nSee the \u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/blob/main/semconv/v1.40.0/MIGRATION.md\"\u003emigration documentation\u003c/a\u003e for information on how to upgrade from \u003ccode\u003ego.opentelemetry.io/otel/semconv/v1.39.0\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7985\"\u003e#7985\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/9276201a64b623606e3eaa0d61ae8ee6d62756c0\"\u003e\u003ccode\u003e9276201\u003c/code\u003e\u003c/a\u003e Release v1.43.0 / v0.65.0 / v0.19.0 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8128\"\u003e#8128\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/61b8c9466c4e6b17e69b622279fe9b63fb15c89a\"\u003e\u003ccode\u003e61b8c94\u003c/code\u003e\u003c/a\u003e chore(deps): update module github.com/mattn/go-runewidth to v0.0.22 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8131\"\u003e#8131\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/97a086e82ffe01502f4c620e9c447efa229e2a23\"\u003e\u003ccode\u003e97a086e\u003c/code\u003e\u003c/a\u003e chore(deps): update github.com/golangci/dupl digest to c99c5cf (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8122\"\u003e#8122\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/5e363de517dba6db62736b2f5cdef0e0929b4cd0\"\u003e\u003ccode\u003e5e363de\u003c/code\u003e\u003c/a\u003e limit response body size for OTLP HTTP exporters (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8108\"\u003e#8108\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/35214b60138eac8dec97a2d2b851d8c8471680c7\"\u003e\u003ccode\u003e35214b6\u003c/code\u003e\u003c/a\u003e Use an absolute path when calling bsd kenv (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8113\"\u003e#8113\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/290024ceaf695f9cdbf29a0c6731a317d92bc361\"\u003e\u003ccode\u003e290024c\u003c/code\u003e\u003c/a\u003e fix(deps): update module google.golang.org/grpc to v1.80.0 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8121\"\u003e#8121\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/e70658e098033d6bb5ec1b399de16bbb2642f6dc\"\u003e\u003ccode\u003ee70658e\u003c/code\u003e\u003c/a\u003e fix: support getBody in otelploghttp (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8096\"\u003e#8096\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/4afe468e3b4859c949a1c1e8d92684d43d86ef8a\"\u003e\u003ccode\u003e4afe468\u003c/code\u003e\u003c/a\u003e fix(deps): update googleapis to 9d38bb4 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8117\"\u003e#8117\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/b9ca729776309e3c08fe700c131797a3b4d10634\"\u003e\u003ccode\u003eb9ca729\u003c/code\u003e\u003c/a\u003e chore(deps): update module github.com/go-git/go-git/v5 to v5.17.2 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8115\"\u003e#8115\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/69472ec56cb7674d55ca2e2bcb04dea73228ab79\"\u003e\u003ccode\u003e69472ec\u003c/code\u003e\u003c/a\u003e chore(deps): update fossas/fossa-action action to v1.9.0 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8118\"\u003e#8118\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/compare/v1.38.0...v1.43.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `google.golang.org/grpc` from 1.75.0 to 1.79.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/grpc/grpc-go/releases\"\u003egoogle.golang.org/grpc's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRelease 1.79.3\u003c/h2\u003e\n\u003ch1\u003eSecurity\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eserver: fix an authorization bypass where malformed :path headers (missing the leading slash) could bypass path-based restricted \u0026quot;deny\u0026quot; rules in interceptors like \u003ccode\u003egrpc/authz\u003c/code\u003e. Any request with a non-canonical path is now immediately rejected with an \u003ccode\u003eUnimplemented\u003c/code\u003e error. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8981\"\u003e#8981\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eRelease 1.79.2\u003c/h2\u003e\n\u003ch1\u003eBug Fixes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003estats: Prevent redundant error logging in health/ORCA producers by skipping stats/tracing processing when no stats handler is configured. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/pull/8874\"\u003egrpc/grpc-go#8874\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eRelease 1.79.1\u003c/h2\u003e\n\u003ch1\u003eBug Fixes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003egrpc: Remove the \u003ccode\u003e-dev\u003c/code\u003e suffix from the User-Agent header. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/pull/8902\"\u003egrpc/grpc-go#8902\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eRelease 1.79.0\u003c/h2\u003e\n\u003ch1\u003eAPI Changes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003emem: Add experimental API \u003ccode\u003eSetDefaultBufferPool\u003c/code\u003e to change the default buffer pool. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8806\"\u003e#8806\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eSpecial Thanks: \u003ca href=\"https://github.com/vanja-p\"\u003e\u003ccode\u003e@​vanja-p\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eexperimental/stats: Update \u003ccode\u003eMetricsRecorder\u003c/code\u003e to require embedding the new \u003ccode\u003eUnimplementedMetricsRecorder\u003c/code\u003e (a no-op struct) in all implementations for forward compatibility. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8780\"\u003e#8780\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eBehavior Changes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003ebalancer/weightedtarget: Remove handling of \u003ccode\u003eAddresses\u003c/code\u003e and only handle \u003ccode\u003eEndpoints\u003c/code\u003e in resolver updates. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8841\"\u003e#8841\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eNew Features\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eexperimental/stats: Add support for asynchronous gauge metrics through the new \u003ccode\u003eAsyncMetricReporter\u003c/code\u003e and \u003ccode\u003eRegisterAsyncReporter\u003c/code\u003e APIs. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8780\"\u003e#8780\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003epickfirst: Add support for weighted random shuffling of endpoints, as described in \u003ca href=\"https://redirect.github.com/grpc/proposal/pull/535\"\u003egRFC A113\u003c/a\u003e.\n\u003cul\u003e\n\u003cli\u003eThis is enabled by default, and can be turned off using the environment variable \u003ccode\u003eGRPC_EXPERIMENTAL_PF_WEIGHTED_SHUFFLING\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8864\"\u003e#8864\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003exds: Implement \u003ccode\u003e:authority\u003c/code\u003e rewriting, as specified in \u003ca href=\"https://github.com/grpc/proposal/blob/master/A81-xds-authority-rewriting.md\"\u003egRFC A81\u003c/a\u003e. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8779\"\u003e#8779\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ebalancer/randomsubsetting: Implement the \u003ccode\u003erandom_subsetting\u003c/code\u003e LB policy, as specified in \u003ca href=\"https://github.com/grpc/proposal/blob/master/A68-random-subsetting.md\"\u003egRFC A68\u003c/a\u003e. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8650\"\u003e#8650\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eSpecial Thanks: \u003ca href=\"https://github.com/marek-szews\"\u003e\u003ccode\u003e@​marek-szews\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eBug Fixes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003ecredentials/tls: Fix a bug where the port was not stripped from the authority override before validation. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8726\"\u003e#8726\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eSpecial Thanks: \u003ca href=\"https://github.com/Atul1710\"\u003e\u003ccode\u003e@​Atul1710\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003exds/priority: Fix a bug causing delayed failover to lower-priority clusters when a higher-priority cluster is stuck in \u003ccode\u003eCONNECTING\u003c/code\u003e state. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8813\"\u003e#8813\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ehealth: Fix a bug where health checks failed for clients using legacy compression options (\u003ccode\u003eWithDecompressor\u003c/code\u003e or \u003ccode\u003eRPCDecompressor\u003c/code\u003e). (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8765\"\u003e#8765\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eSpecial Thanks: \u003ca href=\"https://github.com/sanki92\"\u003e\u003ccode\u003e@​sanki92\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003etransport: Fix an issue where the HTTP/2 server could skip header size checks when terminating a stream early. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8769\"\u003e#8769\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eSpecial Thanks: \u003ca href=\"https://github.com/joybestourous\"\u003e\u003ccode\u003e@​joybestourous\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eserver: Propagate status detail headers, if available, when terminating a stream during request header processing. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8754\"\u003e#8754\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eSpecial Thanks: \u003ca href=\"https://github.com/joybestourous\"\u003e\u003ccode\u003e@​joybestourous\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003ePerformance Improvements\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003ecredentials/alts: Optimize read buffer alignment to reduce copies. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8791\"\u003e#8791\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003emem: Optimize pooling and creation of \u003ccode\u003ebuffer\u003c/code\u003e objects.  (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8784\"\u003e#8784\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003etransport: Reduce slice re-allocations by reserving slice capacity. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8797\"\u003e#8797\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/dda86dbd9cecb8b35b58c73d507d81d67761205f\"\u003e\u003ccode\u003edda86db\u003c/code\u003e\u003c/a\u003e Change version to 1.79.3 (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8983\"\u003e#8983\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/72186f163e75a065c39e6f7df9b6dea07fbdeff5\"\u003e\u003ccode\u003e72186f1\u003c/code\u003e\u003c/a\u003e grpc: enforce strict path checking for incoming requests on the server (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8981\"\u003e#8981\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/97ca3522b239edf6813e2b1106924e9d55e89d43\"\u003e\u003ccode\u003e97ca352\u003c/code\u003e\u003c/a\u003e Changing version to 1.79.3-dev (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8954\"\u003e#8954\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/8902ab6efea590f5b3861126559eaa26fa9783b2\"\u003e\u003ccode\u003e8902ab6\u003c/code\u003e\u003c/a\u003e Change the version to release 1.79.2 (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8947\"\u003e#8947\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/a9286705aa689bee321ec674323b6896284f3e02\"\u003e\u003ccode\u003ea928670\u003c/code\u003e\u003c/a\u003e Cherry-pick \u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8874\"\u003e#8874\u003c/a\u003e to v1.79.x (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8904\"\u003e#8904\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/06df3638c0bcee88197b1033b3ba83e1eb8bc010\"\u003e\u003ccode\u003e06df363\u003c/code\u003e\u003c/a\u003e Change version to 1.79.2-dev (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8903\"\u003e#8903\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/782f2de44f597af18a120527e7682a6670d84289\"\u003e\u003ccode\u003e782f2de\u003c/code\u003e\u003c/a\u003e Change version to 1.79.1 (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8902\"\u003e#8902\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/850eccbb2257bd2de6ac28ee88a7172ab6175629\"\u003e\u003ccode\u003e850eccb\u003c/code\u003e\u003c/a\u003e Change version to 1.79.1-dev (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8851\"\u003e#8851\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/765ff056b6890f6c8341894df4e9668e9bfc18ef\"\u003e\u003ccode\u003e765ff05\u003c/code\u003e\u003c/a\u003e Change version to 1.79.0 (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8850\"\u003e#8850\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/68804be0e78ed0365bb5a576dedc12e2168ed63e\"\u003e\u003ccode\u003e68804be\u003c/code\u003e\u003c/a\u003e Cherry pick \u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8864\"\u003e#8864\u003c/a\u003e to v1.79.x (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8896\"\u003e#8896\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/grpc/grpc-go/compare/v1.75.0...v1.79.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/moby/spdystream` from 0.5.0 to 0.5.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/moby/spdystream/releases\"\u003egithub.com/moby/spdystream's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.5.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cp\u003eFix memory amplification in SPDY frame parsing leads to denial of service (\u003ca href=\"https://github.com/moby/spdystream/security/advisories/GHSA-pc3f-x583-g7j2\"\u003eCVE-2026-35469\u003c/a\u003e / \u003ca href=\"https://github.com/moby/spdystream/security/advisories/GHSA-pc3f-x583-g7j2\"\u003eGHSA-pc3f-x583-g7j2\u003c/a\u003e)\u003c/p\u003e\n\u003ch3\u003eChanges\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003espdy: fix duplicate license headers, add LICENSE, PATENTS, and update NOTICE \u003ca href=\"https://redirect.github.com/moby/spdystream/pull/106\"\u003emoby/spdystream#106\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: update actions and test against latest Go versions \u003ca href=\"https://redirect.github.com/moby/spdystream/pull/107\"\u003emoby/spdystream#107\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003euse ioutil.Discard for go1.13 compatibility \u003ca href=\"https://redirect.github.com/moby/spdystream/pull/109\"\u003emoby/spdystream#109\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/moby/spdystream/compare/v0.5.0...v0.5.1\"\u003ehttps://github.com/moby/spdystream/compare/v0.5.0...v0.5.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/c59e5d73daa301bde452ea77545bdf51e32554a2\"\u003e\u003ccode\u003ec59e5d7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/moby/spdystream/issues/109\"\u003e#109\u003c/a\u003e from thaJeztah/use_ioutil\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/2fd0155e904f1f9b834b8460e8fdb8522bb59f84\"\u003e\u003ccode\u003e2fd0155\u003c/code\u003e\u003c/a\u003e use ioutil.Discard for go1.13 compatibility\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/ef6121f62c730110bf5ae604a865a8613bfb787f\"\u003e\u003ccode\u003eef6121f\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/241cec95b8f02919845dc4758f1f5310fc886739\"\u003e\u003ccode\u003e241cec9\u003c/code\u003e\u003c/a\u003e compare with signed Int for 32-bit Arm\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/21c38640c8c8f43173b17e5bc6690a5fa25d6935\"\u003e\u003ccode\u003e21c3864\u003c/code\u003e\u003c/a\u003e Add options to customize limits\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/acf9b456d06816c5cf23bf3892e13441f947d5fd\"\u003e\u003ccode\u003eacf9b45\u003c/code\u003e\u003c/a\u003e spdy: update godoc for MaxDataLength\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/eb6360582bf1343f485ca87b76efc9e72b49d690\"\u003e\u003ccode\u003eeb63605\u003c/code\u003e\u003c/a\u003e spdy: limit header-size and header-count\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/2f21da42eaab90f03a82fb03d0de8e91eb1d0fc6\"\u003e\u003ccode\u003e2f21da4\u003c/code\u003e\u003c/a\u003e spdy: fix header block byte accounting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/5976b6612f07a27f2e9a4de875485defb43b5d50\"\u003e\u003ccode\u003e5976b66\u003c/code\u003e\u003c/a\u003e spdy: enforce 24-bit frame length limits\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/cf0ec5d0fe4dbb2f3525f733946e0d0ddbfd5b13\"\u003e\u003ccode\u003ecf0ec5d\u003c/code\u003e\u003c/a\u003e Guard against oversized SPDY frames\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/moby/spdystream/compare/v0.5.0...v0.5.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/moby/spdystream` from 0.5.0 to 0.5.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/moby/spdystream/releases\"\u003egithub.com/moby/spdystream's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.5.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cp\u003eFix memory amplification in SPDY frame parsing leads to denial of service (\u003ca href=\"https://github.com/moby/spdystream/security/advisories/GHSA-pc3f-x583-g7j2\"\u003eCVE-2026-35469\u003c/a\u003e / \u003ca href=\"https://github.com/moby/spdystream/security/advisories/GHSA-pc3f-x583-g7j2\"\u003eGHSA-pc3f-x583-g7j2\u003c/a\u003e)\u003c/p\u003e\n\u003ch3\u003eChanges\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003espdy: fix duplicate license headers, add LICENSE, PATENTS, and update NOTICE \u003ca href=\"https://redirect.github.com/moby/spdystream/pull/106\"\u003emoby/spdystream#106\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: update actions and test against latest Go versions \u003ca href=\"https://redirect.github.com/moby/spdystream/pull/107\"\u003emoby/spdystream#107\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003euse ioutil.Discard for go1.13 compatibility \u003ca href=\"https://redirect.github.com/moby/spdystream/pull/109\"\u003emoby/spdystream#109\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/moby/spdystream/compare/v0.5.0...v0.5.1\"\u003ehttps://github.com/moby/spdystream/compare/v0.5.0...v0.5.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/c59e5d73daa301bde452ea77545bdf51e32554a2\"\u003e\u003ccode\u003ec59e5d7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/moby/spdystream/issues/109\"\u003e#109\u003c/a\u003e from thaJeztah/use_ioutil\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/2fd0155e904f1f9b834b8460e8fdb8522bb59f84\"\u003e\u003ccode\u003e2fd0155\u003c/code\u003e\u003c/a\u003e use ioutil.Discard for go1.13 compatibility\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/ef6121f62c730110bf5ae604a865a8613bfb787f\"\u003e\u003ccode\u003eef6121f\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/241cec95b8f02919845dc4758f1f5310fc886739\"\u003e\u003ccode\u003e241cec9\u003c/code\u003e\u003c/a\u003e compare with signed Int for 32-bit Arm\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/21c38640c8c8f43173b17e5bc6690a5fa25d6935\"\u003e\u003ccode\u003e21c3864\u003c/code\u003e\u003c/a\u003e Add options to customize limits\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/acf9b456d06816c5cf23bf3892e13441f947d5fd\"\u003e\u003ccode\u003eacf9b45\u003c/code\u003e\u003c/a\u003e spdy: update godoc for MaxDataLength\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/eb6360582bf1343f485ca87b76efc9e72b49d690\"\u003e\u003ccode\u003eeb63605\u003c/code\u003e\u003c/a\u003e spdy: limit header-size and header-count\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/2f21da42eaab90f03a82fb03d0de8e91eb1d0fc6\"\u003e\u003ccode\u003e2f21da4\u003c/code\u003e\u003c/a\u003e spdy: fix header block byte accounting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/5976b6612f07a27f2e9a4de875485defb43b5d50\"\u003e\u003ccode\u003e5976b66\u003c/code\u003e\u003c/a\u003e spdy: enforce 24-bit frame length limits\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/cf0ec5d0fe4dbb2f3525f733946e0d0ddbfd5b13\"\u003e\u003ccode\u003ecf0ec5d\u003c/code\u003e\u003c/a\u003e Guard against oversized SPDY frames\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/moby/spdystream/compare/v0.5.0...v0.5.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `go.opentelemetry.io/otel` from 1.38.0 to 1.41.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md\"\u003ego.opentelemetry.io/otel's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[1.41.0/0.63.0/0.17.0/0.0.15] 2026-03-02\u003c/h2\u003e\n\u003cp\u003eThis release is the last to support [Go 1.24].\nThe next release will require at least [Go 1.25].\u003c/p\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSupport testing of [Go 1.26]. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7902\"\u003e#7902\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate \u003ccode\u003eBaggage\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/propagation\u003c/code\u003e and \u003ccode\u003eParse\u003c/code\u003e and \u003ccode\u003eNew\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/baggage\u003c/code\u003e to comply with W3C Baggage specification limits.\n\u003ccode\u003eNew\u003c/code\u003e and \u003ccode\u003eParse\u003c/code\u003e now return partial baggage along with an error when limits are exceeded.\nErrors from baggage extraction are reported to the global error handler. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7880\"\u003e#7880\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReturn an error when the endpoint is configured as insecure and with TLS configuration in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7914\"\u003e#7914\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReturn an error when the endpoint is configured as insecure and with TLS configuration in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7914\"\u003e#7914\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReturn an error when the endpoint is configured as insecure and with TLS configuration in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7914\"\u003e#7914\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[1.40.0/0.62.0/0.16.0] 2026-02-02\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eAlwaysRecord\u003c/code\u003e sampler in \u003ccode\u003ego.opentelemetry.io/otel/sdk/trace\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7724\"\u003e#7724\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eEnabled\u003c/code\u003e method to all synchronous instrument interfaces (\u003ccode\u003eFloat64Counter\u003c/code\u003e, \u003ccode\u003eFloat64UpDownCounter\u003c/code\u003e, \u003ccode\u003eFloat64Histogram\u003c/code\u003e, \u003ccode\u003eFloat64Gauge\u003c/code\u003e, \u003ccode\u003eInt64Counter\u003c/code\u003e, \u003ccode\u003eInt64UpDownCounter\u003c/code\u003e, \u003ccode\u003eInt64Histogram\u003c/code\u003e, \u003ccode\u003eInt64Gauge\u003c/code\u003e,) in \u003ccode\u003ego.opentelemetry.io/otel/metric\u003c/code\u003e.\nThis stabilizes the synchronous instrument enabled feature, allowing users to check if an instrument will process measurements before performing computationally expensive operations. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7763\"\u003e#7763\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003ego.opentelemetry.io/otel/semconv/v1.39.0\u003c/code\u003e package.\nThe package contains semantic conventions from the \u003ccode\u003ev1.39.0\u003c/code\u003e version of the OpenTelemetry Semantic Conventions.\nSee the \u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/blob/main/semconv/v1.39.0/MIGRATION.md\"\u003emigration documentation\u003c/a\u003e for information on how to upgrade from \u003ccode\u003ego.opentelemetry.io/otel/semconv/v1.38.0.\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7783\"\u003e#7783\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7789\"\u003e#7789\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eImprove the concurrent performance of \u003ccode\u003eHistogramReservoir\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/sdk/metric/exemplar\u003c/code\u003e by 4x. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7443\"\u003e#7443\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImprove the concurrent performance of \u003ccode\u003eFixedSizeReservoir\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/sdk/metric/exemplar\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7447\"\u003e#7447\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImprove performance of concurrent histogram measurements in \u003ccode\u003ego.opentelemetry.io/otel/sdk/metric\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7474\"\u003e#7474\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImprove performance of concurrent synchronous gauge measurements in \u003ccode\u003ego.opentelemetry.io/otel/sdk/metric\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7478\"\u003e#7478\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd experimental observability metrics in \u003ccode\u003ego.opentelemetry.io/otel/exporters/stdout/stdoutmetric\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7492\"\u003e#7492\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eExporter\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/exporters/prometheus\u003c/code\u003e ignores metrics with the scope \u003ccode\u003ego.opentelemetry.io/contrib/bridges/prometheus\u003c/code\u003e.\nThis prevents scrape failures when the Prometheus exporter is misconfigured to get data from the Prometheus bridge. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7688\"\u003e#7688\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImprove performance of concurrent exponential histogram measurements in \u003ccode\u003ego.opentelemetry.io/otel/sdk/metric\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7702\"\u003e#7702\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003erpc.grpc.status_code\u003c/code\u003e attribute in the experimental metrics emitted from \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc\u003c/code\u003e is replaced with the \u003ccode\u003erpc.response.status_code\u003c/code\u003e attribute to align with the semantic conventions. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7854\"\u003e#7854\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003erpc.grpc.status_code\u003c/code\u003e attribute in the experimental metrics emitted from \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc\u003c/code\u003e is replaced with the \u003ccode\u003erpc.response.status_code\u003c/code\u003e attribute to align with the semantic conventions. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7854\"\u003e#7854\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix bad log message when key-value pairs are dropped because of key duplication in \u003ccode\u003ego.opentelemetry.io/otel/sdk/log\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7662\"\u003e#7662\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eDroppedAttributes\u003c/code\u003e on \u003ccode\u003eRecord\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/sdk/log\u003c/code\u003e to not count the non-attribute key-value pairs dropped because of key duplication. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7662\"\u003e#7662\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eSetAttributes\u003c/code\u003e on \u003ccode\u003eRecord\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/sdk/log\u003c/code\u003e to not log that attributes are dropped when they are actually not dropped. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7662\"\u003e#7662\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix missing \u003ccode\u003erequest.GetBody\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp\u003c/code\u003e to correctly handle HTTP/2 \u003ccode\u003eGOAWAY\u003c/code\u003e frame. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7794\"\u003e#7794\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eWithHostID\u003c/code\u003e detector in \u003ccode\u003ego.opentelemetry.io/otel/sdk/resource\u003c/code\u003e to use full path for \u003ccode\u003eioreg\u003c/code\u003e command on Darwin (macOS). (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7818\"\u003e#7818\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/4575a9774dd9415ffc858dd34955493b0031065a\"\u003e\u003ccode\u003e4575a97\u003c/code\u003e\u003c/a\u003e Release 1.41.0/0.63.0/0.17.0/0.0.15 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7977\"\u003e#7977\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/66fc10d9dff9653c65bcca111b965137d06f09aa\"\u003e\u003ccode\u003e66fc10d\u003c/code\u003e\u003c/a\u003e fix: add error handling for insecure HTTP endpoints with TLS client configura...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/76e6eec88f186f06a0708b5620324d2b002d9a97\"\u003e\u003ccode\u003e76e6eec\u003c/code\u003e\u003c/a\u003e chore(deps): update github/codeql-action action to v4.32.5 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7980\"\u003e#7980\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/0d50f9008c8c93fe49a7caa45c88c30370479d27\"\u003e\u003ccode\u003e0d50f90\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Generate semconv/v1.40.0\u0026quot; (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7978\"\u003e#7978\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/c38a4a57c320b6098ca5c92f0a85201034780b1f\"\u003e\u003ccode\u003ec38a4a5\u003c/code\u003e\u003c/a\u003e Generate semconv/v1.40.0 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7929\"\u003e#7929\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/0f1a22484ec52d6beb1efdb0fa1b63a31e7405af\"\u003e\u003ccode\u003e0f1a224\u003c/code\u003e\u003c/a\u003e chore(deps): update module github.com/securego/gosec/v2 to v2.23.0 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7899\"\u003e#7899\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/c79ebf43eb1cff6dd76a33bb1549f2c082dab604\"\u003e\u003ccode\u003ec79ebf4\u003c/code\u003e\u003c/a\u003e chore(deps): update module github.com/daixiang0/gci to v0.14.0 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7973\"\u003e#7973\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/f75815746541d0d4ac84e1c5955bdcd1a2df2d7d\"\u003e\u003ccode\u003ef758157\u003c/code\u003e\u003c/a\u003e chore(deps): update module github.com/sonatard/noctx to v0.5.0 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7968\"\u003e#7968\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/92a11645724515630187def073ae39f1b6cb3c69\"\u003e\u003ccode\u003e92a1164\u003c/code\u003e\u003c/a\u003e fix(deps): update github.com/opentracing-contrib/go-grpc/test digest to d566b...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/3cd7c27e840ea3114115459db2e299a27fffaff8\"\u003e\u003ccode\u003e3cd7c27\u003c/code\u003e\u003c/a\u003e chore(deps): update module github.com/protonmail/go-crypto to v1.4.0 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7969\"\u003e#7969\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/compare/v1.38.0...v1.41.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `go.opentelemetry.io/otel/sdk` from 1.38.0 to 1.43.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md\"\u003ego.opentelemetry.io/otel/sdk's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[1.43.0/0.65.0/0.19.0] 2026-04-02\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eIsRandom\u003c/code\u003e and \u003ccode\u003eWithRandom\u003c/code\u003e on \u003ccode\u003eTraceFlags\u003c/code\u003e, and \u003ccode\u003eIsRandom\u003c/code\u003e on \u003ccode\u003eSpanContext\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/trace\u003c/code\u003e for \u003ca href=\"https://www.w3.org/TR/trace-context-2/#random-trace-id-flag\"\u003eW3C Trace Context Level 2 Random Trace ID Flag\u003c/a\u003e support. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8012\"\u003e#8012\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd service detection with \u003ccode\u003eWithService\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/sdk/resource\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7642\"\u003e#7642\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eDefaultWithContext\u003c/code\u003e and \u003ccode\u003eEnvironmentWithContext\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/sdk/resource\u003c/code\u003e to support plumbing \u003ccode\u003econtext.Context\u003c/code\u003e through default and environment detectors. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8051\"\u003e#8051\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport attributes with empty value (\u003ccode\u003eattribute.EMPTY\u003c/code\u003e) in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport attributes with empty value (\u003ccode\u003eattribute.EMPTY\u003c/code\u003e) in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport attributes with empty value (\u003ccode\u003eattribute.EMPTY\u003c/code\u003e) in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport attributes with empty value (\u003ccode\u003eattribute.EMPTY\u003c/code\u003e) in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport attributes with empty value (\u003ccode\u003eattribute.EMPTY\u003c/code\u003e) in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport attributes with empty value (\u003ccode\u003eattribute.EMPTY\u003c/code\u003e) in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport attributes with empty value (\u003ccode\u003eattribute.EMPTY\u003c/code\u003e) in \u003ccode\u003ego.opentelemetry.io/otel/sdk/metric/metricdata/metricdatatest\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd support for per-series start time tracking for cumulative metrics in \u003ccode\u003ego.opentelemetry.io/otel/sdk/metric\u003c/code\u003e.\nSet \u003ccode\u003eOTEL_GO_X_PER_SERIES_START_TIMESTAMPS=true\u003c/code\u003e to enable. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8060\"\u003e#8060\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eWithCardinalityLimitSelector\u003c/code\u003e for metric reader for configuring cardinality limits specific to the instrument kind. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7855\"\u003e#7855\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eIntroduce the \u003ccode\u003eEMPTY\u003c/code\u003e Type in \u003ccode\u003ego.opentelemetry.io/otel/attribute\u003c/code\u003e to reflect that an empty value is now a valid value, with \u003ccode\u003eINVALID\u003c/code\u003e remaining as a deprecated alias of \u003ccode\u003eEMPTY\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImprove slice handling in \u003ccode\u003ego.opentelemetry.io/otel/attribute\u003c/code\u003e to optimize short slice values with fixed-size fast paths. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8039\"\u003e#8039\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImprove performance of span metric recording in \u003ccode\u003ego.opentelemetry.io/otel/sdk/trace\u003c/code\u003e by returning early if self-observability is not enabled. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8067\"\u003e#8067\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImprove formatting of metric data diffs in \u003ccode\u003ego.opentelemetry.io/otel/sdk/metric/metricdata/metricdatatest\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8073\"\u003e#8073\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDeprecated\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDeprecate \u003ccode\u003eINVALID\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/attribute\u003c/code\u003e. Use \u003ccode\u003eEMPTY\u003c/code\u003e instead. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eReturn spec-compliant \u003ccode\u003eTraceIdRatioBased\u003c/code\u003e description. This is a breaking behavioral change, but it is necessary to\nmake the implementation \u003ca href=\"https://opentelemetry.io/docs/specs/otel/trace/sdk/#traceidratiobased\"\u003espec-compliant\u003c/a\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8027\"\u003e#8027\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix a race condition in \u003ccode\u003ego.opentelemetry.io/otel/sdk/metric\u003c/code\u003e where the lastvalue aggregation could collect the value 0 even when no zero-value measurements were recorded. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8056\"\u003e#8056\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eLimit HTTP response body to 4 MiB in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp\u003c/code\u003e to mitigate excessive memory usage caused by a misconfigured or malicious server.\nResponses exceeding the limit are treated as non-retryable errors. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8108\"\u003e#8108\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eLimit HTTP response body to 4 MiB in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp\u003c/code\u003e to mitigate excessive memory usage caused by a misconfigured or malicious server.\nResponses exceeding the limit are treated as non-retryable errors. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8108\"\u003e#8108\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eLimit HTTP response body to 4 MiB in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp\u003c/code\u003e to mitigate excessive memory usage caused by a misconfigured or malicious server.\nResponses exceeding the limit are treated as non-retryable errors. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8108\"\u003e#8108\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eWithHostID\u003c/code\u003e detector in \u003ccode\u003ego.opentelemetry.io/otel/sdk/resource\u003c/code\u003e to use full path for \u003ccode\u003ekenv\u003c/code\u003e command on BSD. (\u003ca href=\"https://redirect.github.com/open-telemetry/open...\n\n_Description has been truncated_\n\n---\n\n🔄 This PR updates Go module dependencies across 20 directories in the Kubernetes codebase, bumping 6 key packages including OpenTelemetry, gRPC, and security-related libraries to their latest versions.\n\n\u003cdetails\u003e\n\u003csummary\u003e🔍 \u003cstrong\u003eDetailed Analysis\u003c/strong\u003e\u003c/summary\u003e\n\n### Key Changes\n- **OpenTelemetry Updates**: Upgraded `go.opentelemetry.io/otel` from 1.38.0 to 1.41.0/1.43.0 and related SDK packages, bringing performance improvements and new features like synchronous instrument enabled checks\n- **gRPC Security Update**: Updated `google.golang.org/grpc` from 1.75.0 to 1.79.3, including critical security fixes for authorization bypass vulnerabilities (CVE-2026-35469)\n- **SPDY Stream Security Fix**: Bumped `github.com/moby/spdystream` from 0.5.0 to 0.5.1, addressing memory amplification DoS vulnerability in SPDY frame parsing\n- **Utility Libraries**: Minor updates to `github.com/go-viper/mapstructure/v2` (2.3.0→2.4.0) and `github.com/golang/glog` (1.2.2→1.2.4) with bug fixes and improvements\n\n### Technical Implementation\n```mermaid\nflowchart TD\n    A[Dependabot Scan] --\u003e B[Identify 6 Core Dependencies]\n    B --\u003e C[Update across 20 Directories]\n    C --\u003e D[OpenTelemetry 1.38→1.41/1.43]\n    C --\u003e E[gRPC 1.75→1.79.3]\n    C --\u003e F[spdystream 0.5.0→0.5.1]\n    C --\u003e G[mapstructure 2.3→2.4]\n    C --\u003e H[glog 1.2.2→1.2.4]\n    D --\u003e I[Performance Improvements]\n    E --\u003e J[Security Fixes]\n    F --\u003e K[DoS Protection]\n    G --\u003e L[API Enhancements]\n    H --\u003e M[Bug Fixes]\n```\n\n### Impact\n- **Security Enhancement**: Addresses critical authorization bypass in gRPC and memory amplification DoS in SPDY stream processing\n- **Performance Optimization**: OpenTelemetry updates bring 4x performance improvements in histogram operations and better concurrent measurement handling\n- **Observability Improvements**: Enhanced metrics, tracing capabilities, and better error handling across the telemetry stack\n- **Maintenance**: Keeps dependencies current with latest bug fixes and stability improvements while maintaining backward compatibility\n\n\u003c/details\u003e\n\n_Created with [Palmier](https://www.palmier.io)_","html_url":"https://github.com/GlacierEQ/kubernetes/pull/13","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/GlacierEQ%2Fkubernetes/issues/13","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/13/packages"},{"uuid":"4325440154","node_id":"PR_kwDOQzBTb87Vdg_b","number":10,"state":"open","title":"Bump the go_modules group across 22 directories with 6 updates","user":"dependabot[bot]","labels":["dependencies","go"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-04-24T20:34:32.000Z","updated_at":"2026-04-24T20:35:34.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"go_modules","update_count":6,"packages":[{"name":"github.com/go-viper/mapstructure/v2","old_version":"2.3.0","new_version":"2.4.0","repository_url":"https://github.com/go-viper/mapstructure"},{"name":"github.com/golang/glog","old_version":"1.2.2","new_version":"1.2.4","repository_url":"https://github.com/golang/glog"},{"name":"go.opentelemetry.io/otel","old_version":"1.38.0","new_version":"1.41.0","repository_url":"https://github.com/open-telemetry/opentelemetry-go"},{"name":"go.opentelemetry.io/otel/sdk","old_version":"1.38.0","new_version":"1.43.0","repository_url":"https://github.com/open-telemetry/opentelemetry-go"},{"name":"google.golang.org/grpc","old_version":"1.75.0","new_version":"1.79.3","repository_url":"https://github.com/grpc/grpc-go"},{"name":"github.com/moby/spdystream","old_version":"0.5.0","new_version":"0.5.1","repository_url":"https://github.com/moby/spdystream"},{"name":"github.com/moby/spdystream","old_version":"0.5.0","new_version":"0.5.1","repository_url":"https://github.com/moby/spdystream"},{"name":"go.opentelemetry.io/otel","old_version":"1.38.0","new_version":"1.41.0","repository_url":"https://github.com/open-telemetry/opentelemetry-go"},{"name":"go.opentelemetry.io/otel/sdk","old_version":"1.38.0","new_version":"1.43.0","repository_url":"https://github.com/open-telemetry/opentelemetry-go"}],"path":null,"ecosystem":"go"},"body":"Bumps the go_modules group with 2 updates in the /hack/tools directory: [github.com/go-viper/mapstructure/v2](https://github.com/go-viper/mapstructure) and [github.com/golang/glog](https://github.com/golang/glog).\nBumps the go_modules group with 4 updates in the /staging/src/k8s.io/apiextensions-apiserver directory: [go.opentelemetry.io/otel](https://github.com/open-telemetry/opentelemetry-go), [go.opentelemetry.io/otel/sdk](https://github.com/open-telemetry/opentelemetry-go), [google.golang.org/grpc](https://github.com/grpc/grpc-go) and [github.com/moby/spdystream](https://github.com/moby/spdystream).\nBumps the go_modules group with 1 update in the /staging/src/k8s.io/apimachinery directory: [github.com/moby/spdystream](https://github.com/moby/spdystream).\nBumps the go_modules group with 4 updates in the /staging/src/k8s.io/apiserver directory: [go.opentelemetry.io/otel](https://github.com/open-telemetry/opentelemetry-go), [go.opentelemetry.io/otel/sdk](https://github.com/open-telemetry/opentelemetry-go), [google.golang.org/grpc](https://github.com/grpc/grpc-go) and [github.com/moby/spdystream](https://github.com/moby/spdystream).\nBumps the go_modules group with 1 update in the /staging/src/k8s.io/client-go directory: [github.com/moby/spdystream](https://github.com/moby/spdystream).\nBumps the go_modules group with 3 updates in the /staging/src/k8s.io/cloud-provider directory: [go.opentelemetry.io/otel](https://github.com/open-telemetry/opentelemetry-go), [go.opentelemetry.io/otel/sdk](https://github.com/open-telemetry/opentelemetry-go) and [google.golang.org/grpc](https://github.com/grpc/grpc-go).\nBumps the go_modules group with 3 updates in the /staging/src/k8s.io/component-base directory: [go.opentelemetry.io/otel](https://github.com/open-telemetry/opentelemetry-go), [go.opentelemetry.io/otel/sdk](https://github.com/open-telemetry/opentelemetry-go) and [google.golang.org/grpc](https://github.com/grpc/grpc-go).\nBumps the go_modules group with 3 updates in the /staging/src/k8s.io/controller-manager directory: [go.opentelemetry.io/otel](https://github.com/open-telemetry/opentelemetry-go), [go.opentelemetry.io/otel/sdk](https://github.com/open-telemetry/opentelemetry-go) and [google.golang.org/grpc](https://github.com/grpc/grpc-go).\nBumps the go_modules group with 2 updates in the /staging/src/k8s.io/cri-api directory: [go.opentelemetry.io/otel](https://github.com/open-telemetry/opentelemetry-go) and [google.golang.org/grpc](https://github.com/grpc/grpc-go).\nBumps the go_modules group with 3 updates in the /staging/src/k8s.io/cri-client directory: [go.opentelemetry.io/otel](https://github.com/open-telemetry/opentelemetry-go), [go.opentelemetry.io/otel/sdk](https://github.com/open-telemetry/opentelemetry-go) and [google.golang.org/grpc](https://github.com/grpc/grpc-go).\nBumps the go_modules group with 2 updates in the /staging/src/k8s.io/dynamic-resource-allocation directory: [go.opentelemetry.io/otel](https://github.com/open-telemetry/opentelemetry-go) and [google.golang.org/grpc](https://github.com/grpc/grpc-go).\nBumps the go_modules group with 1 update in the /staging/src/k8s.io/endpointslice directory: [go.opentelemetry.io/otel](https://github.com/open-telemetry/opentelemetry-go).\nBumps the go_modules group with 2 updates in the /staging/src/k8s.io/externaljwt directory: [go.opentelemetry.io/otel](https://github.com/open-telemetry/opentelemetry-go) and [google.golang.org/grpc](https://github.com/grpc/grpc-go).\nBumps the go_modules group with 2 updates in the /staging/src/k8s.io/kms directory: [go.opentelemetry.io/otel](https://github.com/open-telemetry/opentelemetry-go) and [google.golang.org/grpc](https://github.com/grpc/grpc-go).\nBumps the go_modules group with 1 update in the /staging/src/k8s.io/kms/internal/plugins/_mock directory: [google.golang.org/grpc](https://github.com/grpc/grpc-go).\nBumps the go_modules group with 4 updates in the /staging/src/k8s.io/kube-aggregator directory: [go.opentelemetry.io/otel](https://github.com/open-telemetry/opentelemetry-go), [go.opentelemetry.io/otel/sdk](https://github.com/open-telemetry/opentelemetry-go), [google.golang.org/grpc](https://github.com/grpc/grpc-go) and [github.com/moby/spdystream](https://github.com/moby/spdystream).\nBumps the go_modules group with 1 update in the /staging/src/k8s.io/kube-proxy directory: [go.opentelemetry.io/otel](https://github.com/open-telemetry/opentelemetry-go).\nBumps the go_modules group with 1 update in the /staging/src/k8s.io/kube-scheduler directory: [go.opentelemetry.io/otel](https://github.com/open-telemetry/opentelemetry-go).\nBumps the go_modules group with 1 update in the /staging/src/k8s.io/kubectl directory: [github.com/moby/spdystream](https://github.com/moby/spdystream).\nBumps the go_modules group with 3 updates in the /staging/src/k8s.io/kubelet directory: [go.opentelemetry.io/otel](https://github.com/open-telemetry/opentelemetry-go), [google.golang.org/grpc](https://github.com/grpc/grpc-go) and [github.com/moby/spdystream](https://github.com/moby/spdystream).\nBumps the go_modules group with 3 updates in the /staging/src/k8s.io/pod-security-admission directory: [go.opentelemetry.io/otel](https://github.com/open-telemetry/opentelemetry-go), [go.opentelemetry.io/otel/sdk](https://github.com/open-telemetry/opentelemetry-go) and [google.golang.org/grpc](https://github.com/grpc/grpc-go).\nBumps the go_modules group with 3 updates in the /staging/src/k8s.io/sample-apiserver directory: [go.opentelemetry.io/otel](https://github.com/open-telemetry/opentelemetry-go), [go.opentelemetry.io/otel/sdk](https://github.com/open-telemetry/opentelemetry-go) and [google.golang.org/grpc](https://github.com/grpc/grpc-go).\n\nUpdates `github.com/go-viper/mapstructure/v2` from 2.3.0 to 2.4.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/go-viper/mapstructure/releases\"\u003egithub.com/go-viper/mapstructure/v2's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.4.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003erefactor: replace interface{} with any by \u003ca href=\"https://github.com/sagikazarmark\"\u003e\u003ccode\u003e@​sagikazarmark\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-viper/mapstructure/pull/115\"\u003ego-viper/mapstructure#115\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github/codeql-action from 3.29.0 to 3.29.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/go-viper/mapstructure/pull/114\"\u003ego-viper/mapstructure#114\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eGeneric tests by \u003ca href=\"https://github.com/sagikazarmark\"\u003e\u003ccode\u003e@​sagikazarmark\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-viper/mapstructure/pull/118\"\u003ego-viper/mapstructure#118\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix godoc reference link in README.md by \u003ca href=\"https://github.com/peczenyj\"\u003e\u003ccode\u003e@​peczenyj\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-viper/mapstructure/pull/107\"\u003ego-viper/mapstructure#107\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: add StringToTimeLocationHookFunc to convert strings to *time.Location by \u003ca href=\"https://github.com/ErfanMomeniii\"\u003e\u003ccode\u003e@​ErfanMomeniii\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-viper/mapstructure/pull/117\"\u003ego-viper/mapstructure#117\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: add back previous StringToSlice as a weak function by \u003ca href=\"https://github.com/sagikazarmark\"\u003e\u003ccode\u003e@​sagikazarmark\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-viper/mapstructure/pull/119\"\u003ego-viper/mapstructure#119\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ErfanMomeniii\"\u003e\u003ccode\u003e@​ErfanMomeniii\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-viper/mapstructure/pull/117\"\u003ego-viper/mapstructure#117\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/go-viper/mapstructure/compare/v2.3.0...v2.4.0\"\u003ehttps://github.com/go-viper/mapstructure/compare/v2.3.0...v2.4.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-viper/mapstructure/commit/b9794a5f0e73d425210d6614ed833067029155f5\"\u003e\u003ccode\u003eb9794a5\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/go-viper/mapstructure/issues/119\"\u003e#119\u003c/a\u003e from go-viper/string-to-weak-slice\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-viper/mapstructure/commit/17cdcb0741054e2a33938adf6bd1f2a5c0aa8f30\"\u003e\u003ccode\u003e17cdcb0\u003c/code\u003e\u003c/a\u003e feat: add back previous StringToSlice as a weak function\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-viper/mapstructure/commit/3caca3614c3ab2c5b5d359c44fdcd72058887b19\"\u003e\u003ccode\u003e3caca36\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/go-viper/mapstructure/issues/117\"\u003e#117\u003c/a\u003e from ErfanMomeniii/main\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-viper/mapstructure/commit/9a861bc115f2b54ed4e494662f29c172d9ef046a\"\u003e\u003ccode\u003e9a861bc\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/go-viper/mapstructure/issues/107\"\u003e#107\u003c/a\u003e from peczenyj/patch-2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-viper/mapstructure/commit/86ed5b59da0615fb8c3a413f401cdf0231f1234c\"\u003e\u003ccode\u003e86ed5b5\u003c/code\u003e\u003c/a\u003e refactor: update\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-viper/mapstructure/commit/ace5b4e8b3dec99468ffa9498e42fb09d177b0a6\"\u003e\u003ccode\u003eace5b4e\u003c/code\u003e\u003c/a\u003e chore: add interface any linter\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-viper/mapstructure/commit/1a4f1aef38bfa8549762aaf42c7c18a5d268e76e\"\u003e\u003ccode\u003e1a4f1ae\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/go-viper/mapstructure/issues/118\"\u003e#118\u003c/a\u003e from go-viper/generic-tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-viper/mapstructure/commit/a2689090ed4348033c36724d866faf1f911a9f63\"\u003e\u003ccode\u003ea268909\u003c/code\u003e\u003c/a\u003e fix: lint\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-viper/mapstructure/commit/17f1fd44eb7606b109c9bb017c0a1c6d3e93b5cd\"\u003e\u003ccode\u003e17f1fd4\u003c/code\u003e\u003c/a\u003e test: add more comments\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-viper/mapstructure/commit/b48c8566836bf291bfee2b217d51fc36e8e61f6f\"\u003e\u003ccode\u003eb48c856\u003c/code\u003e\u003c/a\u003e test: expand tests\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/go-viper/mapstructure/compare/v2.3.0...v2.4.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/golang/glog` from 1.2.2 to 1.2.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/golang/glog/releases\"\u003egithub.com/golang/glog's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.2.4\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFail if log file already exists by \u003ca href=\"https://github.com/chressie\"\u003e\u003ccode\u003e@​chressie\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/golang/glog/pull/74\"\u003egolang/glog#74\u003c/a\u003e:\n\u003cul\u003e\n\u003cli\u003eglog: Don't try to create/rotate a given syncBuffer twice in the same second\u003c/li\u003e\n\u003cli\u003eglog: introduce createInDir function as in internal version\u003c/li\u003e\n\u003cli\u003eglog: have createInDir fail if the file already exists\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/golang/glog/compare/v1.2.3...v1.2.4\"\u003ehttps://github.com/golang/glog/compare/v1.2.3...v1.2.4\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.2.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eglog: check that stderr is valid before using it by default by \u003ca href=\"https://github.com/chressie\"\u003e\u003ccode\u003e@​chressie\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/golang/glog/pull/72\"\u003egolang/glog#72\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eglog: fix typo by \u003ca href=\"https://github.com/chressie\"\u003e\u003ccode\u003e@​chressie\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/golang/glog/pull/73\"\u003egolang/glog#73\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/golang/glog/compare/v1.2.2...v1.2.3\"\u003ehttps://github.com/golang/glog/compare/v1.2.2...v1.2.3\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/glog/commit/a0e3c40a0ed0cecc58c84e7684d9ce55a54044ee\"\u003e\u003ccode\u003ea0e3c40\u003c/code\u003e\u003c/a\u003e glog: have createInDir fail if the file already exists\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/glog/commit/7139da234346c23dba05a8c588284c379b9c0bf8\"\u003e\u003ccode\u003e7139da2\u003c/code\u003e\u003c/a\u003e glog: introduce createInDir function as in internal version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/glog/commit/dd58629ba6ced28322bcb149ed86016fb1ec9a5b\"\u003e\u003ccode\u003edd58629\u003c/code\u003e\u003c/a\u003e glog: Don't try to create/rotate a given syncBuffer twice in the same second\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/glog/commit/04dbec0df8d03d5c187beaf5ce8e6c58e9fc82b5\"\u003e\u003ccode\u003e04dbec0\u003c/code\u003e\u003c/a\u003e glog: fix typo (\u003ca href=\"https://redirect.github.com/golang/glog/issues/73\"\u003e#73\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/glog/commit/459cf3b8151dcfd8aa971077774eaf0c804119e4\"\u003e\u003ccode\u003e459cf3b\u003c/code\u003e\u003c/a\u003e glog: check that stderr is valid before using it by default (\u003ca href=\"https://redirect.github.com/golang/glog/issues/72\"\u003e#72\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/golang/glog/compare/v1.2.2...v1.2.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `go.opentelemetry.io/otel` from 1.38.0 to 1.41.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md\"\u003ego.opentelemetry.io/otel's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[1.41.0/0.63.0/0.17.0/0.0.15] 2026-03-02\u003c/h2\u003e\n\u003cp\u003eThis release is the last to support [Go 1.24].\nThe next release will require at least [Go 1.25].\u003c/p\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSupport testing of [Go 1.26]. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7902\"\u003e#7902\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate \u003ccode\u003eBaggage\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/propagation\u003c/code\u003e and \u003ccode\u003eParse\u003c/code\u003e and \u003ccode\u003eNew\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/baggage\u003c/code\u003e to comply with W3C Baggage specification limits.\n\u003ccode\u003eNew\u003c/code\u003e and \u003ccode\u003eParse\u003c/code\u003e now return partial baggage along with an error when limits are exceeded.\nErrors from baggage extraction are reported to the global error handler. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7880\"\u003e#7880\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReturn an error when the endpoint is configured as insecure and with TLS configuration in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7914\"\u003e#7914\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReturn an error when the endpoint is configured as insecure and with TLS configuration in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7914\"\u003e#7914\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReturn an error when the endpoint is configured as insecure and with TLS configuration in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7914\"\u003e#7914\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[1.40.0/0.62.0/0.16.0] 2026-02-02\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eAlwaysRecord\u003c/code\u003e sampler in \u003ccode\u003ego.opentelemetry.io/otel/sdk/trace\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7724\"\u003e#7724\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eEnabled\u003c/code\u003e method to all synchronous instrument interfaces (\u003ccode\u003eFloat64Counter\u003c/code\u003e, \u003ccode\u003eFloat64UpDownCounter\u003c/code\u003e, \u003ccode\u003eFloat64Histogram\u003c/code\u003e, \u003ccode\u003eFloat64Gauge\u003c/code\u003e, \u003ccode\u003eInt64Counter\u003c/code\u003e, \u003ccode\u003eInt64UpDownCounter\u003c/code\u003e, \u003ccode\u003eInt64Histogram\u003c/code\u003e, \u003ccode\u003eInt64Gauge\u003c/code\u003e,) in \u003ccode\u003ego.opentelemetry.io/otel/metric\u003c/code\u003e.\nThis stabilizes the synchronous instrument enabled feature, allowing users to check if an instrument will process measurements before performing computationally expensive operations. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7763\"\u003e#7763\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003ego.opentelemetry.io/otel/semconv/v1.39.0\u003c/code\u003e package.\nThe package contains semantic conventions from the \u003ccode\u003ev1.39.0\u003c/code\u003e version of the OpenTelemetry Semantic Conventions.\nSee the \u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/blob/main/semconv/v1.39.0/MIGRATION.md\"\u003emigration documentation\u003c/a\u003e for information on how to upgrade from \u003ccode\u003ego.opentelemetry.io/otel/semconv/v1.38.0.\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7783\"\u003e#7783\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7789\"\u003e#7789\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eImprove the concurrent performance of \u003ccode\u003eHistogramReservoir\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/sdk/metric/exemplar\u003c/code\u003e by 4x. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7443\"\u003e#7443\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImprove the concurrent performance of \u003ccode\u003eFixedSizeReservoir\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/sdk/metric/exemplar\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7447\"\u003e#7447\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImprove performance of concurrent histogram measurements in \u003ccode\u003ego.opentelemetry.io/otel/sdk/metric\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7474\"\u003e#7474\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImprove performance of concurrent synchronous gauge measurements in \u003ccode\u003ego.opentelemetry.io/otel/sdk/metric\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7478\"\u003e#7478\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd experimental observability metrics in \u003ccode\u003ego.opentelemetry.io/otel/exporters/stdout/stdoutmetric\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7492\"\u003e#7492\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eExporter\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/exporters/prometheus\u003c/code\u003e ignores metrics with the scope \u003ccode\u003ego.opentelemetry.io/contrib/bridges/prometheus\u003c/code\u003e.\nThis prevents scrape failures when the Prometheus exporter is misconfigured to get data from the Prometheus bridge. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7688\"\u003e#7688\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImprove performance of concurrent exponential histogram measurements in \u003ccode\u003ego.opentelemetry.io/otel/sdk/metric\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7702\"\u003e#7702\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003erpc.grpc.status_code\u003c/code\u003e attribute in the experimental metrics emitted from \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc\u003c/code\u003e is replaced with the \u003ccode\u003erpc.response.status_code\u003c/code\u003e attribute to align with the semantic conventions. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7854\"\u003e#7854\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003erpc.grpc.status_code\u003c/code\u003e attribute in the experimental metrics emitted from \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc\u003c/code\u003e is replaced with the \u003ccode\u003erpc.response.status_code\u003c/code\u003e attribute to align with the semantic conventions. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7854\"\u003e#7854\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix bad log message when key-value pairs are dropped because of key duplication in \u003ccode\u003ego.opentelemetry.io/otel/sdk/log\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7662\"\u003e#7662\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eDroppedAttributes\u003c/code\u003e on \u003ccode\u003eRecord\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/sdk/log\u003c/code\u003e to not count the non-attribute key-value pairs dropped because of key duplication. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7662\"\u003e#7662\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eSetAttributes\u003c/code\u003e on \u003ccode\u003eRecord\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/sdk/log\u003c/code\u003e to not log that attributes are dropped when they are actually not dropped. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7662\"\u003e#7662\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix missing \u003ccode\u003erequest.GetBody\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp\u003c/code\u003e to correctly handle HTTP/2 \u003ccode\u003eGOAWAY\u003c/code\u003e frame. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7794\"\u003e#7794\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eWithHostID\u003c/code\u003e detector in \u003ccode\u003ego.opentelemetry.io/otel/sdk/resource\u003c/code\u003e to use full path for \u003ccode\u003eioreg\u003c/code\u003e command on Darwin (macOS). (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7818\"\u003e#7818\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/4575a9774dd9415ffc858dd34955493b0031065a\"\u003e\u003ccode\u003e4575a97\u003c/code\u003e\u003c/a\u003e Release 1.41.0/0.63.0/0.17.0/0.0.15 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7977\"\u003e#7977\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/66fc10d9dff9653c65bcca111b965137d06f09aa\"\u003e\u003ccode\u003e66fc10d\u003c/code\u003e\u003c/a\u003e fix: add error handling for insecure HTTP endpoints with TLS client configura...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/76e6eec88f186f06a0708b5620324d2b002d9a97\"\u003e\u003ccode\u003e76e6eec\u003c/code\u003e\u003c/a\u003e chore(deps): update github/codeql-action action to v4.32.5 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7980\"\u003e#7980\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/0d50f9008c8c93fe49a7caa45c88c30370479d27\"\u003e\u003ccode\u003e0d50f90\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Generate semconv/v1.40.0\u0026quot; (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7978\"\u003e#7978\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/c38a4a57c320b6098ca5c92f0a85201034780b1f\"\u003e\u003ccode\u003ec38a4a5\u003c/code\u003e\u003c/a\u003e Generate semconv/v1.40.0 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7929\"\u003e#7929\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/0f1a22484ec52d6beb1efdb0fa1b63a31e7405af\"\u003e\u003ccode\u003e0f1a224\u003c/code\u003e\u003c/a\u003e chore(deps): update module github.com/securego/gosec/v2 to v2.23.0 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7899\"\u003e#7899\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/c79ebf43eb1cff6dd76a33bb1549f2c082dab604\"\u003e\u003ccode\u003ec79ebf4\u003c/code\u003e\u003c/a\u003e chore(deps): update module github.com/daixiang0/gci to v0.14.0 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7973\"\u003e#7973\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/f75815746541d0d4ac84e1c5955bdcd1a2df2d7d\"\u003e\u003ccode\u003ef758157\u003c/code\u003e\u003c/a\u003e chore(deps): update module github.com/sonatard/noctx to v0.5.0 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7968\"\u003e#7968\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/92a11645724515630187def073ae39f1b6cb3c69\"\u003e\u003ccode\u003e92a1164\u003c/code\u003e\u003c/a\u003e fix(deps): update github.com/opentracing-contrib/go-grpc/test digest to d566b...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/3cd7c27e840ea3114115459db2e299a27fffaff8\"\u003e\u003ccode\u003e3cd7c27\u003c/code\u003e\u003c/a\u003e chore(deps): update module github.com/protonmail/go-crypto to v1.4.0 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7969\"\u003e#7969\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/compare/v1.38.0...v1.41.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `go.opentelemetry.io/otel/sdk` from 1.38.0 to 1.43.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md\"\u003ego.opentelemetry.io/otel/sdk's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[1.43.0/0.65.0/0.19.0] 2026-04-02\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eIsRandom\u003c/code\u003e and \u003ccode\u003eWithRandom\u003c/code\u003e on \u003ccode\u003eTraceFlags\u003c/code\u003e, and \u003ccode\u003eIsRandom\u003c/code\u003e on \u003ccode\u003eSpanContext\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/trace\u003c/code\u003e for \u003ca href=\"https://www.w3.org/TR/trace-context-2/#random-trace-id-flag\"\u003eW3C Trace Context Level 2 Random Trace ID Flag\u003c/a\u003e support. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8012\"\u003e#8012\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd service detection with \u003ccode\u003eWithService\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/sdk/resource\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7642\"\u003e#7642\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eDefaultWithContext\u003c/code\u003e and \u003ccode\u003eEnvironmentWithContext\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/sdk/resource\u003c/code\u003e to support plumbing \u003ccode\u003econtext.Context\u003c/code\u003e through default and environment detectors. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8051\"\u003e#8051\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport attributes with empty value (\u003ccode\u003eattribute.EMPTY\u003c/code\u003e) in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport attributes with empty value (\u003ccode\u003eattribute.EMPTY\u003c/code\u003e) in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport attributes with empty value (\u003ccode\u003eattribute.EMPTY\u003c/code\u003e) in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport attributes with empty value (\u003ccode\u003eattribute.EMPTY\u003c/code\u003e) in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport attributes with empty value (\u003ccode\u003eattribute.EMPTY\u003c/code\u003e) in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport attributes with empty value (\u003ccode\u003eattribute.EMPTY\u003c/code\u003e) in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport attributes with empty value (\u003ccode\u003eattribute.EMPTY\u003c/code\u003e) in \u003ccode\u003ego.opentelemetry.io/otel/sdk/metric/metricdata/metricdatatest\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd support for per-series start time tracking for cumulative metrics in \u003ccode\u003ego.opentelemetry.io/otel/sdk/metric\u003c/code\u003e.\nSet \u003ccode\u003eOTEL_GO_X_PER_SERIES_START_TIMESTAMPS=true\u003c/code\u003e to enable. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8060\"\u003e#8060\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eWithCardinalityLimitSelector\u003c/code\u003e for metric reader for configuring cardinality limits specific to the instrument kind. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7855\"\u003e#7855\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eIntroduce the \u003ccode\u003eEMPTY\u003c/code\u003e Type in \u003ccode\u003ego.opentelemetry.io/otel/attribute\u003c/code\u003e to reflect that an empty value is now a valid value, with \u003ccode\u003eINVALID\u003c/code\u003e remaining as a deprecated alias of \u003ccode\u003eEMPTY\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImprove slice handling in \u003ccode\u003ego.opentelemetry.io/otel/attribute\u003c/code\u003e to optimize short slice values with fixed-size fast paths. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8039\"\u003e#8039\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImprove performance of span metric recording in \u003ccode\u003ego.opentelemetry.io/otel/sdk/trace\u003c/code\u003e by returning early if self-observability is not enabled. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8067\"\u003e#8067\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImprove formatting of metric data diffs in \u003ccode\u003ego.opentelemetry.io/otel/sdk/metric/metricdata/metricdatatest\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8073\"\u003e#8073\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDeprecated\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDeprecate \u003ccode\u003eINVALID\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/attribute\u003c/code\u003e. Use \u003ccode\u003eEMPTY\u003c/code\u003e instead. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eReturn spec-compliant \u003ccode\u003eTraceIdRatioBased\u003c/code\u003e description. This is a breaking behavioral change, but it is necessary to\nmake the implementation \u003ca href=\"https://opentelemetry.io/docs/specs/otel/trace/sdk/#traceidratiobased\"\u003espec-compliant\u003c/a\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8027\"\u003e#8027\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix a race condition in \u003ccode\u003ego.opentelemetry.io/otel/sdk/metric\u003c/code\u003e where the lastvalue aggregation could collect the value 0 even when no zero-value measurements were recorded. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8056\"\u003e#8056\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eLimit HTTP response body to 4 MiB in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp\u003c/code\u003e to mitigate excessive memory usage caused by a misconfigured or malicious server.\nResponses exceeding the limit are treated as non-retryable errors. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8108\"\u003e#8108\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eLimit HTTP response body to 4 MiB in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp\u003c/code\u003e to mitigate excessive memory usage caused by a misconfigured or malicious server.\nResponses exceeding the limit are treated as non-retryable errors. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8108\"\u003e#8108\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eLimit HTTP response body to 4 MiB in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp\u003c/code\u003e to mitigate excessive memory usage caused by a misconfigured or malicious server.\nResponses exceeding the limit are treated as non-retryable errors. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8108\"\u003e#8108\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eWithHostID\u003c/code\u003e detector in \u003ccode\u003ego.opentelemetry.io/otel/sdk/resource\u003c/code\u003e to use full path for \u003ccode\u003ekenv\u003c/code\u003e command on BSD. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8113\"\u003e#8113\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix missing \u003ccode\u003erequest.GetBody\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp\u003c/code\u003e to correctly handle HTTP2 GOAWAY frame. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8096\"\u003e#8096\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[1.42.0/0.64.0/0.18.0/0.0.16] 2026-03-06\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003ego.opentelemetry.io/otel/semconv/v1.40.0\u003c/code\u003e package.\nThe package contains semantic conventions from the \u003ccode\u003ev1.40.0\u003c/code\u003e version of the OpenTelemetry Semantic Conventions.\nSee the \u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/blob/main/semconv/v1.40.0/MIGRATION.md\"\u003emigration documentation\u003c/a\u003e for information on how to upgrade from \u003ccode\u003ego.opentelemetry.io/otel/semconv/v1.39.0\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7985\"\u003e#7985\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/9276201a64b623606e3eaa0d61ae8ee6d62756c0\"\u003e\u003ccode\u003e9276201\u003c/code\u003e\u003c/a\u003e Release v1.43.0 / v0.65.0 / v0.19.0 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8128\"\u003e#8128\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/61b8c9466c4e6b17e69b622279fe9b63fb15c89a\"\u003e\u003ccode\u003e61b8c94\u003c/code\u003e\u003c/a\u003e chore(deps): update module github.com/mattn/go-runewidth to v0.0.22 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8131\"\u003e#8131\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/97a086e82ffe01502f4c620e9c447efa229e2a23\"\u003e\u003ccode\u003e97a086e\u003c/code\u003e\u003c/a\u003e chore(deps): update github.com/golangci/dupl digest to c99c5cf (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8122\"\u003e#8122\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/5e363de517dba6db62736b2f5cdef0e0929b4cd0\"\u003e\u003ccode\u003e5e363de\u003c/code\u003e\u003c/a\u003e limit response body size for OTLP HTTP exporters (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8108\"\u003e#8108\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/35214b60138eac8dec97a2d2b851d8c8471680c7\"\u003e\u003ccode\u003e35214b6\u003c/code\u003e\u003c/a\u003e Use an absolute path when calling bsd kenv (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8113\"\u003e#8113\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/290024ceaf695f9cdbf29a0c6731a317d92bc361\"\u003e\u003ccode\u003e290024c\u003c/code\u003e\u003c/a\u003e fix(deps): update module google.golang.org/grpc to v1.80.0 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8121\"\u003e#8121\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/e70658e098033d6bb5ec1b399de16bbb2642f6dc\"\u003e\u003ccode\u003ee70658e\u003c/code\u003e\u003c/a\u003e fix: support getBody in otelploghttp (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8096\"\u003e#8096\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/4afe468e3b4859c949a1c1e8d92684d43d86ef8a\"\u003e\u003ccode\u003e4afe468\u003c/code\u003e\u003c/a\u003e fix(deps): update googleapis to 9d38bb4 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8117\"\u003e#8117\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/b9ca729776309e3c08fe700c131797a3b4d10634\"\u003e\u003ccode\u003eb9ca729\u003c/code\u003e\u003c/a\u003e chore(deps): update module github.com/go-git/go-git/v5 to v5.17.2 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8115\"\u003e#8115\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/69472ec56cb7674d55ca2e2bcb04dea73228ab79\"\u003e\u003ccode\u003e69472ec\u003c/code\u003e\u003c/a\u003e chore(deps): update fossas/fossa-action action to v1.9.0 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8118\"\u003e#8118\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/compare/v1.38.0...v1.43.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `google.golang.org/grpc` from 1.75.0 to 1.79.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/grpc/grpc-go/releases\"\u003egoogle.golang.org/grpc's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRelease 1.79.3\u003c/h2\u003e\n\u003ch1\u003eSecurity\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eserver: fix an authorization bypass where malformed :path headers (missing the leading slash) could bypass path-based restricted \u0026quot;deny\u0026quot; rules in interceptors like \u003ccode\u003egrpc/authz\u003c/code\u003e. Any request with a non-canonical path is now immediately rejected with an \u003ccode\u003eUnimplemented\u003c/code\u003e error. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8981\"\u003e#8981\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eRelease 1.79.2\u003c/h2\u003e\n\u003ch1\u003eBug Fixes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003estats: Prevent redundant error logging in health/ORCA producers by skipping stats/tracing processing when no stats handler is configured. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/pull/8874\"\u003egrpc/grpc-go#8874\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eRelease 1.79.1\u003c/h2\u003e\n\u003ch1\u003eBug Fixes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003egrpc: Remove the \u003ccode\u003e-dev\u003c/code\u003e suffix from the User-Agent header. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/pull/8902\"\u003egrpc/grpc-go#8902\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eRelease 1.79.0\u003c/h2\u003e\n\u003ch1\u003eAPI Changes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003emem: Add experimental API \u003ccode\u003eSetDefaultBufferPool\u003c/code\u003e to change the default buffer pool. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8806\"\u003e#8806\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eSpecial Thanks: \u003ca href=\"https://github.com/vanja-p\"\u003e\u003ccode\u003e@​vanja-p\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eexperimental/stats: Update \u003ccode\u003eMetricsRecorder\u003c/code\u003e to require embedding the new \u003ccode\u003eUnimplementedMetricsRecorder\u003c/code\u003e (a no-op struct) in all implementations for forward compatibility. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8780\"\u003e#8780\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eBehavior Changes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003ebalancer/weightedtarget: Remove handling of \u003ccode\u003eAddresses\u003c/code\u003e and only handle \u003ccode\u003eEndpoints\u003c/code\u003e in resolver updates. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8841\"\u003e#8841\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eNew Features\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eexperimental/stats: Add support for asynchronous gauge metrics through the new \u003ccode\u003eAsyncMetricReporter\u003c/code\u003e and \u003ccode\u003eRegisterAsyncReporter\u003c/code\u003e APIs. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8780\"\u003e#8780\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003epickfirst: Add support for weighted random shuffling of endpoints, as described in \u003ca href=\"https://redirect.github.com/grpc/proposal/pull/535\"\u003egRFC A113\u003c/a\u003e.\n\u003cul\u003e\n\u003cli\u003eThis is enabled by default, and can be turned off using the environment variable \u003ccode\u003eGRPC_EXPERIMENTAL_PF_WEIGHTED_SHUFFLING\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8864\"\u003e#8864\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003exds: Implement \u003ccode\u003e:authority\u003c/code\u003e rewriting, as specified in \u003ca href=\"https://github.com/grpc/proposal/blob/master/A81-xds-authority-rewriting.md\"\u003egRFC A81\u003c/a\u003e. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8779\"\u003e#8779\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ebalancer/randomsubsetting: Implement the \u003ccode\u003erandom_subsetting\u003c/code\u003e LB policy, as specified in \u003ca href=\"https://github.com/grpc/proposal/blob/master/A68-random-subsetting.md\"\u003egRFC A68\u003c/a\u003e. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8650\"\u003e#8650\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eSpecial Thanks: \u003ca href=\"https://github.com/marek-szews\"\u003e\u003ccode\u003e@​marek-szews\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eBug Fixes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003ecredentials/tls: Fix a bug where the port was not stripped from the authority override before validation. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8726\"\u003e#8726\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eSpecial Thanks: \u003ca href=\"https://github.com/Atul1710\"\u003e\u003ccode\u003e@​Atul1710\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003exds/priority: Fix a bug causing delayed failover to lower-priority clusters when a higher-priority cluster is stuck in \u003ccode\u003eCONNECTING\u003c/code\u003e state. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8813\"\u003e#8813\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ehealth: Fix a bug where health checks failed for clients using legacy compression options (\u003ccode\u003eWithDecompressor\u003c/code\u003e or \u003ccode\u003eRPCDecompressor\u003c/code\u003e). (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8765\"\u003e#8765\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eSpecial Thanks: \u003ca href=\"https://github.com/sanki92\"\u003e\u003ccode\u003e@​sanki92\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003etransport: Fix an issue where the HTTP/2 server could skip header size checks when terminating a stream early. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8769\"\u003e#8769\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eSpecial Thanks: \u003ca href=\"https://github.com/joybestourous\"\u003e\u003ccode\u003e@​joybestourous\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eserver: Propagate status detail headers, if available, when terminating a stream during request header processing. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8754\"\u003e#8754\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eSpecial Thanks: \u003ca href=\"https://github.com/joybestourous\"\u003e\u003ccode\u003e@​joybestourous\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003ePerformance Improvements\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003ecredentials/alts: Optimize read buffer alignment to reduce copies. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8791\"\u003e#8791\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003emem: Optimize pooling and creation of \u003ccode\u003ebuffer\u003c/code\u003e objects.  (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8784\"\u003e#8784\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003etransport: Reduce slice re-allocations by reserving slice capacity. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8797\"\u003e#8797\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/dda86dbd9cecb8b35b58c73d507d81d67761205f\"\u003e\u003ccode\u003edda86db\u003c/code\u003e\u003c/a\u003e Change version to 1.79.3 (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8983\"\u003e#8983\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/72186f163e75a065c39e6f7df9b6dea07fbdeff5\"\u003e\u003ccode\u003e72186f1\u003c/code\u003e\u003c/a\u003e grpc: enforce strict path checking for incoming requests on the server (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8981\"\u003e#8981\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/97ca3522b239edf6813e2b1106924e9d55e89d43\"\u003e\u003ccode\u003e97ca352\u003c/code\u003e\u003c/a\u003e Changing version to 1.79.3-dev (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8954\"\u003e#8954\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/8902ab6efea590f5b3861126559eaa26fa9783b2\"\u003e\u003ccode\u003e8902ab6\u003c/code\u003e\u003c/a\u003e Change the version to release 1.79.2 (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8947\"\u003e#8947\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/a9286705aa689bee321ec674323b6896284f3e02\"\u003e\u003ccode\u003ea928670\u003c/code\u003e\u003c/a\u003e Cherry-pick \u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8874\"\u003e#8874\u003c/a\u003e to v1.79.x (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8904\"\u003e#8904\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/06df3638c0bcee88197b1033b3ba83e1eb8bc010\"\u003e\u003ccode\u003e06df363\u003c/code\u003e\u003c/a\u003e Change version to 1.79.2-dev (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8903\"\u003e#8903\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/782f2de44f597af18a120527e7682a6670d84289\"\u003e\u003ccode\u003e782f2de\u003c/code\u003e\u003c/a\u003e Change version to 1.79.1 (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8902\"\u003e#8902\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/850eccbb2257bd2de6ac28ee88a7172ab6175629\"\u003e\u003ccode\u003e850eccb\u003c/code\u003e\u003c/a\u003e Change version to 1.79.1-dev (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8851\"\u003e#8851\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/765ff056b6890f6c8341894df4e9668e9bfc18ef\"\u003e\u003ccode\u003e765ff05\u003c/code\u003e\u003c/a\u003e Change version to 1.79.0 (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8850\"\u003e#8850\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/68804be0e78ed0365bb5a576dedc12e2168ed63e\"\u003e\u003ccode\u003e68804be\u003c/code\u003e\u003c/a\u003e Cherry pick \u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8864\"\u003e#8864\u003c/a\u003e to v1.79.x (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8896\"\u003e#8896\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/grpc/grpc-go/compare/v1.75.0...v1.79.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/moby/spdystream` from 0.5.0 to 0.5.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/moby/spdystream/releases\"\u003egithub.com/moby/spdystream's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.5.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cp\u003eFix memory amplification in SPDY frame parsing leads to denial of service (\u003ca href=\"https://github.com/moby/spdystream/security/advisories/GHSA-pc3f-x583-g7j2\"\u003eCVE-2026-35469\u003c/a\u003e / \u003ca href=\"https://github.com/moby/spdystream/security/advisories/GHSA-pc3f-x583-g7j2\"\u003eGHSA-pc3f-x583-g7j2\u003c/a\u003e)\u003c/p\u003e\n\u003ch3\u003eChanges\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003espdy: fix duplicate license headers, add LICENSE, PATENTS, and update NOTICE \u003ca href=\"https://redirect.github.com/moby/spdystream/pull/106\"\u003emoby/spdystream#106\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: update actions and test against latest Go versions \u003ca href=\"https://redirect.github.com/moby/spdystream/pull/107\"\u003emoby/spdystream#107\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003euse ioutil.Discard for go1.13 compatibility \u003ca href=\"https://redirect.github.com/moby/spdystream/pull/109\"\u003emoby/spdystream#109\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/moby/spdystream/compare/v0.5.0...v0.5.1\"\u003ehttps://github.com/moby/spdystream/compare/v0.5.0...v0.5.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/c59e5d73daa301bde452ea77545bdf51e32554a2\"\u003e\u003ccode\u003ec59e5d7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/moby/spdystream/issues/109\"\u003e#109\u003c/a\u003e from thaJeztah/use_ioutil\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/2fd0155e904f1f9b834b8460e8fdb8522bb59f84\"\u003e\u003ccode\u003e2fd0155\u003c/code\u003e\u003c/a\u003e use ioutil.Discard for go1.13 compatibility\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/ef6121f62c730110bf5ae604a865a8613bfb787f\"\u003e\u003ccode\u003eef6121f\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/241cec95b8f02919845dc4758f1f5310fc886739\"\u003e\u003ccode\u003e241cec9\u003c/code\u003e\u003c/a\u003e compare with signed Int for 32-bit Arm\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/21c38640c8c8f43173b17e5bc6690a5fa25d6935\"\u003e\u003ccode\u003e21c3864\u003c/code\u003e\u003c/a\u003e Add options to customize limits\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/acf9b456d06816c5cf23bf3892e13441f947d5fd\"\u003e\u003ccode\u003eacf9b45\u003c/code\u003e\u003c/a\u003e spdy: update godoc for MaxDataLength\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/eb6360582bf1343f485ca87b76efc9e72b49d690\"\u003e\u003ccode\u003eeb63605\u003c/code\u003e\u003c/a\u003e spdy: limit header-size and header-count\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/2f21da42eaab90f03a82fb03d0de8e91eb1d0fc6\"\u003e\u003ccode\u003e2f21da4\u003c/code\u003e\u003c/a\u003e spdy: fix header block byte accounting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/5976b6612f07a27f2e9a4de875485defb43b5d50\"\u003e\u003ccode\u003e5976b66\u003c/code\u003e\u003c/a\u003e spdy: enforce 24-bit frame length limits\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/cf0ec5d0fe4dbb2f3525f733946e0d0ddbfd5b13\"\u003e\u003ccode\u003ecf0ec5d\u003c/code\u003e\u003c/a\u003e Guard against oversized SPDY frames\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/moby/spdystream/compare/v0.5.0...v0.5.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/moby/spdystream` from 0.5.0 to 0.5.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/moby/spdystream/releases\"\u003egithub.com/moby/spdystream's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.5.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cp\u003eFix memory amplification in SPDY frame parsing leads to denial of service (\u003ca href=\"https://github.com/moby/spdystream/security/advisories/GHSA-pc3f-x583-g7j2\"\u003eCVE-2026-35469\u003c/a\u003e / \u003ca href=\"https://github.com/moby/spdystream/security/advisories/GHSA-pc3f-x583-g7j2\"\u003eGHSA-pc3f-x583-g7j2\u003c/a\u003e)\u003c/p\u003e\n\u003ch3\u003eChanges\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003espdy: fix duplicate license headers, add LICENSE, PATENTS, and update NOTICE \u003ca href=\"https://redirect.github.com/moby/spdystream/pull/106\"\u003emoby/spdystream#106\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: update actions and test against latest Go versions \u003ca href=\"https://redirect.github.com/moby/spdystream/pull/107\"\u003emoby/spdystream#107\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003euse ioutil.Discard for go1.13 compatibility \u003ca href=\"https://redirect.github.com/moby/spdystream/pull/109\"\u003emoby/spdystream#109\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/moby/spdystream/compare/v0.5.0...v0.5.1\"\u003ehttps://github.com/moby/spdystream/compare/v0.5.0...v0.5.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/c59e5d73daa301bde452ea77545bdf51e32554a2\"\u003e\u003ccode\u003ec59e5d7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/moby/spdystream/issues/109\"\u003e#109\u003c/a\u003e from thaJeztah/use_ioutil\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/2fd0155e904f1f9b834b8460e8fdb8522bb59f84\"\u003e\u003ccode\u003e2fd0155\u003c/code\u003e\u003c/a\u003e use ioutil.Discard for go1.13 compatibility\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/ef6121f62c730110bf5ae604a865a8613bfb787f\"\u003e\u003ccode\u003eef6121f\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/241cec95b8f02919845dc4758f1f5310fc886739\"\u003e\u003ccode\u003e241cec9\u003c/code\u003e\u003c/a\u003e compare with signed Int for 32-bit Arm\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/21c38640c8c8f43173b17e5bc6690a5fa25d6935\"\u003e\u003ccode\u003e21c3864\u003c/code\u003e\u003c/a\u003e Add options to customize limits\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/acf9b456d06816c5cf23bf3892e13441f947d5fd\"\u003e\u003ccode\u003eacf9b45\u003c/code\u003e\u003c/a\u003e spdy: update godoc for MaxDataLength\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/eb6360582bf1343f485ca87b76efc9e72b49d690\"\u003e\u003ccode\u003eeb63605\u003c/code\u003e\u003c/a\u003e spdy: limit header-size and header-count\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/2f21da42eaab90f03a82fb03d0de8e91eb1d0fc6\"\u003e\u003ccode\u003e2f21da4\u003c/code\u003e\u003c/a\u003e spdy: fix header block byte accounting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/5976b6612f07a27f2e9a4de875485defb43b5d50\"\u003e\u003ccode\u003e5976b66\u003c/code\u003e\u003c/a\u003e spdy: enforce 24-bit frame length limits\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/cf0ec5d0fe4dbb2f3525f733946e0d0ddbfd5b13\"\u003e\u003ccode\u003ecf0ec5d\u003c/code\u003e\u003c/a\u003e Guard against oversized SPDY frames\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/moby/spdystream/compare/v0.5.0...v0.5.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `go.opentelemetry.io/otel` from 1.38.0 to 1.41.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md\"\u003ego.opentelemetry.io/otel's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[1.41.0/0.63.0/0.17.0/0.0.15] 2026-03-02\u003c/h2\u003e\n\u003cp\u003eThis release is the last to support [Go 1.24].\nThe next release will require at least [Go 1.25].\u003c/p\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSupport testing of [Go 1.26]. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7902\"\u003e#7902\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate \u003ccode\u003eBaggage\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/propagation\u003c/code\u003e and \u003ccode\u003eParse\u003c/code\u003e and \u003ccode\u003eNew\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/baggage\u003c/code\u003e to comply with W3C Baggage specification limits.\n\u003ccode\u003eNew\u003c/code\u003e and \u003ccode\u003eParse\u003c/code\u003e now return partial baggage along with an error when limits are exceeded.\nErrors from baggage extraction are reported to the global error handler. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7880\"\u003e#7880\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReturn an error when the endpoint is configured as insecure and with TLS configuration in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7914\"\u003e#7914\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReturn an error when the endpoint is configured as insecure and with TLS configuration in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7914\"\u003e#7914\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReturn an error when the endpoint is configured as insecure and with TLS configuration in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7914\"\u003e#7914\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[1.40.0/0.62.0/0.16.0] 2026-02-02\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eAlwaysRecord\u003c/code\u003e sampler in \u003ccode\u003ego.opentelemetry.io/otel/sdk/trace\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7724\"\u003e#7724\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eEnabled\u003c/code\u003e method to all synchronous instrument interfaces (\u003ccode\u003eFloat64Counter\u003c/code\u003e, \u003ccode\u003eFloat64UpDownCounter\u003c/code\u003e, \u003ccode\u003eFloat64Histogram\u003c/code\u003e, \u003ccode\u003eFloat64Gauge\u003c/code\u003e, \u003ccode\u003eInt64Counter\u003c/code\u003e, \u003ccode\u003eInt64UpDownCounter\u003c/code\u003e, \u003ccode\u003eInt64Histogram\u003c/code\u003e, \u003ccode\u003eInt64Gauge\u003c/code\u003e,) in \u003ccode\u003ego.opentelemetry.io/otel/metric\u003c/code\u003e.\nThis stabilizes the synchronous instrument enabled feature, allowing users to check if an instrument will process measurements before performing computationally expensive operations. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7763\"\u003e#7763\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003ego.opentelemetry.io/otel/semconv/v1.39.0\u003c/code\u003e package.\nThe package contains semantic conventions from the \u003ccode\u003ev1.39.0\u003c/code\u003e version of the OpenTelemetry Semantic Conventions.\nSee the \u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/blob/main/semconv/v1.39.0/MIGRATION.md\"\u003emigration documentation\u003c/a\u003e for information on how to upgrade from \u003ccode\u003ego.opentelemetry.io/otel/semconv/v1.38.0.\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7783\"\u003e#7783\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7789\"\u003e#7789\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eImprove the concurrent performance of \u003ccode\u003eHistogramReservoir\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/sdk/metric/exemplar\u003c/code\u003e by 4x. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7443\"\u003e#7443\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImprove the concurrent performance of \u003ccode\u003eFixedSizeReservoir\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/sdk/metric/exemplar\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7447\"\u003e#7447\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImprove performance of concurrent histogram measurements in \u003ccode\u003ego.opentelemetry.io/otel/sdk/metric\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7474\"\u003e#7474\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImprove performance of concurrent synchronous gauge measurements in \u003ccode\u003ego.opentelemetry.io/otel/sdk/metric\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7478\"\u003e#7478\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd experimental observability metrics in \u003ccode\u003ego.opentelemetry.io/otel/exporters/stdout/stdoutmetric\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7492\"\u003e#7492\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eExporter\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/exporters/prometheus\u003c/code\u003e ignores metrics with the scope \u003ccode\u003ego.opentelemetry.io/contrib/bridges/prometheus\u003c/code\u003e.\nThis prevents scrape failures when the Prometheus exporter is misconfigured to get data from the Prometheus bridge. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7688\"\u003e#7688\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImprove performance of concurrent exponential histogram measurements in \u003ccode\u003ego.opentelemetry.io/otel/sdk/metric\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7702\"\u003e#7702\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003erpc.grpc.status_code\u003c/code\u003e attribute in the experimental metrics emitted from \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc\u003c/code\u003e is replaced with the \u003ccode\u003erpc.response.status_code\u003c/code\u003e attribute to align with the semantic conventions. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7854\"\u003e#7854\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003erpc.grpc.status_code\u003c/code\u003e attribute in the experimental metrics emitted from \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc\u003c/code\u003e is replaced with the \u003ccode\u003erpc.response.status_code\u003c/code\u003e attribute to align with the semantic conventions. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7854\"\u003e#7854\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix bad log message when key-value pairs are dropped because of key duplication in \u003ccode\u003ego.opentelemetry.io/otel/sdk/log\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7662\"\u003e#7662\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eDroppedAttributes\u003c/code\u003e on \u003ccode\u003eRecord\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/sdk/log\u003c/code\u003e to not count the non-attribute key-value pairs dropped because of key duplication. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7662\"\u003e#7662\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eSetAttributes\u003c/code\u003e on \u003ccode\u003eRecord\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/sdk/log\u003c/code\u003e to not log that attributes are dropped when they are actually not dropped. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7662\"\u003e#7662\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix missing \u003ccode\u003erequest.GetBody\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp\u003c/code\u003e to correctly handle HTTP/2 \u003ccode\u003eGOAWAY\u003c/code\u003e frame. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7794\"\u003e#7794\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eWithHostID\u003c/code\u003e detector in \u003ccode\u003ego.opentelemetry.io/otel/sdk/resource\u003c/code\u003e to use full path for \u003ccode\u003eioreg\u003c/code\u003e command on Darwin (macOS). (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7818\"\u003e#7818\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/4575a9774dd9415ffc858dd34955493b0031065a\"\u003e\u003ccode\u003e4575a97\u003c/code\u003e\u003c/a\u003e Release 1.41.0/0.63.0/0.17.0/0.0.15 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7977\"\u003e#7977\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/66fc10d9dff9653c65bcca111b965137d06f09aa\"\u003e\u003ccode\u003e66fc10d\u003c/code\u003e\u003c/a\u003e fix: add error handling for insecure HTTP endpoints with TLS client configura...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/76e6eec88f186f06a0708b5620324d2b002d9a97\"\u003e\u003ccode\u003e76e6eec\u003c/code\u003e\u003c/a\u003e chore(deps): update github/codeql-action action to v4.32.5 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7980\"\u003e#7980\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/0d50f9008c8c93fe49a7caa45c88c30370479d27\"\u003e\u003ccode\u003e0d50f90\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Generate semconv/v1.40.0\u0026quot; (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7978\"\u003e#7978\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/c38a4a57c320b6098ca5c92f0a85201034780b1f\"\u003e\u003ccode\u003ec38a4a5\u003c/code\u003e\u003c/a\u003e Generate semconv/v1.40.0 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7929\"\u003e#7929\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/0f1a22484ec52d6beb1efdb0fa1b63a31e7405af\"\u003e\u003ccode\u003e0f1a224\u003c/code\u003e\u003c/a\u003e chore(deps): update module github.com/securego/gosec/v2 to v2.23.0 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7899\"\u003e#7899\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/c79ebf43eb1cff6dd76a33bb1549f2c082dab604\"\u003e\u003ccode\u003ec79ebf4\u003c/code\u003e\u003c/a\u003e chore(deps): update module github.com/daixiang0/gci to v0.14.0 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7973\"\u003e#7973\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/f75815746541d0d4ac84e1c5955bdcd1a2df2d7d\"\u003e\u003ccode\u003ef758157\u003c/code\u003e\u003c/a\u003e chore(deps): update module github.com/sonatard/noctx to v0.5.0 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7968\"\u003e#7968\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/92a11645724515630187def073ae39f1b6cb3c69\"\u003e\u003ccode\u003e92a1164\u003c/code\u003e\u003c/a\u003e fix(deps): update github.com/opentracing-contrib/go-grpc/test digest to d566b...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/3cd7c27e840ea3114115459db2e299a27fffaff8\"\u003e\u003ccode\u003e3cd7c27\u003c/code\u003e\u003c/a\u003e chore(deps): update module github.com/protonmail/go-crypto to v1.4.0 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7969\"\u003e#7969\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/compare/v1.38.0...v1.41.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `go.opentelemetry.io/otel/sdk` from 1.38.0 to 1.43.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md\"\u003ego.opentelemetry.io/otel/sdk's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[1.43.0/0.65.0/0.19.0] 2026-04-02\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eIsRandom\u003c/code\u003e and \u003ccode\u003eWithRandom\u003c/code\u003e on \u003ccode\u003eTraceFlags\u003c/code\u003e, and \u003ccode\u003eIsRandom\u003c/code\u003e on \u003ccode\u003eSpanContext\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/trace\u003c/code\u003e for \u003ca href=\"https://www.w3.org/TR/trace-context-2/#random-trace-id-flag\"\u003eW3C Trace Context Level 2 Random Trace ID Flag\u003c/a\u003e support. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8012\"\u003e#8012\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd service detection with \u003ccode\u003eWithService\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/sdk/resource\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7642\"\u003e#7642\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eDefaultWithContext\u003c/code\u003e and \u003ccode\u003eEnvironmentWithContext\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/sdk/resource\u003c/code\u003e to support plumbing \u003ccode\u003econtext.Context\u003c/code\u003e through default and environment detectors. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8051\"\u003e#8051\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport attributes with empty value (\u003ccode\u003eattribute.EMPTY\u003c/code\u003e) in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport attributes with empty value (\u003ccode\u003eattribute.EMPTY\u003c/code\u003e) in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport attributes with empty value (\u003ccode\u003eattribute.EMPTY\u003c/code\u003e) in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport attributes with empty value (\u003ccode\u003eattribute.EMPTY\u003c/code\u003e) in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport attributes with empty value (\u003ccode\u003eattribute.EMPTY\u003c/code\u003e) in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport attributes with empty value (\u003ccode\u003eattribute.EMPTY\u003c/code\u003e) in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport attributes with empty value (\u003ccode\u003eattribute.EMPTY\u003c/code\u003e) in \u003ccode\u003ego.opentelemetry.io/otel/sdk/metric/metricdata/metricdatatest\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd support for per-series start time tracking for cumulative metrics in \u003ccode\u003ego.opentelemetry.io/otel/sdk/metric\u003c/code\u003e.\nSet \u003ccode\u003eOTEL_GO_X_PER_SERIES_START_TIMESTAMPS=true\u003c/code\u003e to enable. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8060\"\u003e#8060\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eWithCardinalityLimitSelector\u003c/code\u003e for metric reader for configuring cardinality limits specific to the instrument kind. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7855\"\u003e#7855\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eIntroduce the \u003ccode\u003eEMPTY\u003c/code\u003e Type in \u003ccode\u003ego.opentelemetry.io/otel/attribute\u003c/code\u003e to reflect that an empty value is now a valid value, with \u003ccode\u003eINVALID\u003c/code\u003e remaining as a deprecated alias of \u003ccode\u003eEMPTY\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImprove slice handling in \u003ccode\u003ego.opentelemetry.io/otel/attribute\u003c/code\u003e to optimize short slice values with fixed-size fast paths. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8039\"\u003e#8039\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImprove performance of span metric recording in \u003ccode\u003ego.opentelemetry.io/otel/sdk/trace\u003c/code\u003e by returning early if self-observability is not enabled. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8067\"\u003e#8067\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImprove formatting of metric data diffs in \u003ccode\u003ego.opentelemetry.io/otel/sdk/metric/metricdata/metricdatatest\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8073\"\u003e#8073\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDeprecated\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDeprecate \u003ccode\u003eINVALID\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/attribute\u003c/code\u003e. Use \u003ccode\u003eEMPTY\u003c/code\u003e instead. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eReturn spec-compliant \u003ccode\u003eTraceIdRatioBased\u003c/code\u003e description. This is a breaking behavioral change, but it is necessary to\nmake the implementation \u003ca href=\"https://opentelemetry.io/docs/specs/otel/trace/sdk/#traceidratiobased\"\u003espec-compliant\u003c/a\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8027\"\u003e#8027\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix a race condition in \u003ccode\u003ego.opentelemetry.io/otel/sdk/metric\u003c/code\u003e where the lastvalue aggregation could collect the value 0 even when no zero-value measurements were recorded. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8056\"\u003e#8056\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eLimit HTTP response body to 4 MiB in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp\u003c/code\u003e to mitigate excessive memory usage caused by a misconfigured or malicious server.\nResponses exceeding the limit are treated as non-retryable errors. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8108\"\u003e#8108\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eLimit HTTP response body to 4 MiB in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp\u003c/code\u003e to mitigate excessive memory usage caused by a misconfigured or malicious server.\nResponses exceeding the limit are treated as non-retryable errors. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8108\"\u003e#8108\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eLimit HTTP response body to 4 MiB in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp\u003c/code\u003e to mitigate excessive memory usage caused by a misconfigured or malicious server.\nResponses exceeding the l...\n\n_Description has been truncated_\n\n---\n\n🔄 This PR updates Go module dependencies across 22 directories in the Kubernetes codebase, bumping 6 key packages including OpenTelemetry libraries, gRPC, and security-critical components to their latest versions.\n\n\u003cdetails\u003e\n\u003csummary\u003e🔍 \u003cstrong\u003eDetailed Analysis\u003c/strong\u003e\u003c/summary\u003e\n\n### Key Changes\n- **OpenTelemetry Updates**: Upgraded `go.opentelemetry.io/otel` from 1.38.0 to 1.41.0/1.43.0 and related SDK components, bringing performance improvements and new features like synchronous instrument enabled checks\n- **gRPC Security Update**: Updated `google.golang.org/grpc` from 1.75.0 to 1.79.3, including critical security fixes for authorization bypass vulnerabilities\n- **SPDY Stream Security Fix**: Bumped `github.com/moby/spdystream` from 0.5.0 to 0.5.1, addressing CVE-2026-35469 for memory amplification DoS protection\n- **Utility Libraries**: Minor updates to `github.com/go-viper/mapstructure/v2` (2.3.0→2.4.0) and `github.com/golang/glog` (1.2.2→1.2.4)\n\n### Technical Implementation\n```mermaid\nflowchart TD\n    A[Dependabot Scan] --\u003e B[22 Directories Analyzed]\n    B --\u003e C[6 Core Dependencies Identified]\n    C --\u003e D[Security Updates]\n    C --\u003e E[Performance Updates]\n    C --\u003e F[Feature Updates]\n    D --\u003e G[gRPC Auth Bypass Fix]\n    D --\u003e H[SPDY DoS Protection]\n    E --\u003e I[OpenTelemetry Performance]\n    F --\u003e J[New OTel Features]\n    G --\u003e K[go.mod Updates]\n    H --\u003e K\n    I --\u003e K\n    J --\u003e K\n    K --\u003e L[go.sum Regeneration]\n```\n\n### Impact\n- **Security Enhancement**: Addresses critical authorization bypass in gRPC and memory amplification DoS in SPDY stream parsing\n- **Performance Improvements**: OpenTelemetry updates provide 4x better concurrent performance for histogram reservoirs and optimized metric measurements\n- **Observability Features**: New synchronous instrument enabled checks and improved baggage handling with W3C specification compliance\n- **Maintenance**: Automated dependency management across the entire Kubernetes staging area ensures consistent versions and reduces technical debt\n\n\u003c/details\u003e\n\n_Created with [Palmier](https://www.palmier.io)_","html_url":"https://github.com/GlacierEQ/kubernetes/pull/10","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/GlacierEQ%2Fkubernetes/issues/10","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/10/packages"},{"uuid":"4312535806","node_id":"PR_kwDOHuLMr87UzOpY","number":552,"state":"closed","title":"chore(deps): bump the go_modules group across 1 directory with 2 updates","user":"dependabot[bot]","labels":["dependencies","go"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":"2026-04-23T20:26:57.000Z","author_association":null,"state_reason":null,"created_at":"2026-04-23T00:15:46.000Z","updated_at":"2026-04-23T20:27:08.000Z","time_to_close":72671,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"go_modules","update_count":2,"packages":[{"name":"github.com/jackc/pgx/v5","old_version":"5.7.4","new_version":"5.9.2","repository_url":"https://github.com/jackc/pgx"},{"name":"github.com/moby/spdystream","old_version":"0.5.0","new_version":"0.5.1","repository_url":"https://github.com/moby/spdystream"}],"path":null,"ecosystem":"go"},"body":"Bumps the go_modules group with 2 updates in the /tests directory: [github.com/jackc/pgx/v5](https://github.com/jackc/pgx) and [github.com/moby/spdystream](https://github.com/moby/spdystream).\n\nUpdates `github.com/jackc/pgx/v5` from 5.7.4 to 5.9.2\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jackc/pgx/blob/master/CHANGELOG.md\"\u003egithub.com/jackc/pgx/v5's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e5.9.2 (April 18, 2026)\u003c/h1\u003e\n\u003cp\u003eFix SQL Injection via placeholder confusion with dollar quoted string literals (GHSA-j88v-2chj-qfwx)\u003c/p\u003e\n\u003cp\u003eSQL injection can occur when:\u003c/p\u003e\n\u003col\u003e\n\u003cli\u003eThe non-default simple protocol is used.\u003c/li\u003e\n\u003cli\u003eA dollar quoted string literal is used in the SQL query.\u003c/li\u003e\n\u003cli\u003eThat query contains text that would be would be interpreted outside as a placeholder outside of a string literal.\u003c/li\u003e\n\u003cli\u003eThe value of that placeholder is controllable by the attacker.\u003c/li\u003e\n\u003c/ol\u003e\n\u003cp\u003ee.g.\u003c/p\u003e\n\u003cpre lang=\"go\"\u003e\u003ccode\u003eattackValue := `$tag$; drop table canary; --`\n_, err = tx.Exec(ctx, `select $tag$ $1 $tag$, $1`, pgx.QueryExecModeSimpleProtocol, attackValue)\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eThis is unlikely to occur outside of a contrived scenario.\u003c/p\u003e\n\u003ch1\u003e5.9.1 (March 22, 2026)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFix: batch result format corruption when using cached prepared statements (reported by Dirkjan Bussink)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e5.9.0 (March 21, 2026)\u003c/h1\u003e\n\u003cp\u003eThis release includes a number of new features such as SCRAM-SHA-256-PLUS support, OAuth authentication support, and\nPostgreSQL protocol 3.2 support.\u003c/p\u003e\n\u003cp\u003eIt significantly reduces the amount of network traffic when using prepared statements (which are used automatically by\ndefault) by avoiding unnecessary Describe Portal messages. This also reduces local memory usage.\u003c/p\u003e\n\u003cp\u003eIt also includes multiple fixes for potential DoS due to panic or OOM if connected to a malicious server that sends\ndeliberately malformed messages.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eRequire Go 1.25+\u003c/li\u003e\n\u003cli\u003eAdd SCRAM-SHA-256-PLUS support (Adam Brightwell)\u003c/li\u003e\n\u003cli\u003eAdd OAuth authentication support for PostgreSQL 18 (David Schneider)\u003c/li\u003e\n\u003cli\u003eAdd PostgreSQL protocol 3.2 support (Dirkjan Bussink)\u003c/li\u003e\n\u003cli\u003eAdd tsvector type support (Adam Brightwell)\u003c/li\u003e\n\u003cli\u003eSkip Describe Portal for cached prepared statements reducing network round trips\u003c/li\u003e\n\u003cli\u003eMake LoadTypes query easier to support on \u0026quot;postgres-like\u0026quot; servers (Jelte Fennema-Nio)\u003c/li\u003e\n\u003cli\u003eDefault empty user to current OS user matching libpq behavior (ShivangSrivastava)\u003c/li\u003e\n\u003cli\u003eOptimize LRU statement cache with custom linked list and node pooling (Mathias Bogaert)\u003c/li\u003e\n\u003cli\u003eOptimize date scanning by replacing regex with manual parsing (Mathias Bogaert)\u003c/li\u003e\n\u003cli\u003eOptimize pgio append/set functions with direct byte shifts (Mathias Bogaert)\u003c/li\u003e\n\u003cli\u003eMake RowsAffected faster (Abhishek Chanda)\u003c/li\u003e\n\u003cli\u003eFix: Pipeline.Close panic when server sends multiple FATAL errors (Varun Chawla)\u003c/li\u003e\n\u003cli\u003eFix: ContextWatcher goroutine leak (Hank Donnay)\u003c/li\u003e\n\u003cli\u003eFix: stdlib discard connections with open transactions in ResetSession (Jeremy Schneider)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jackc/pgx/commit/0aeabbcf11d859229c1f0b20e710d3596c76bf27\"\u003e\u003ccode\u003e0aeabbc\u003c/code\u003e\u003c/a\u003e Release v5.9.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jackc/pgx/commit/60644f84918a8af66d14a4b0d865d4edafd955da\"\u003e\u003ccode\u003e60644f8\u003c/code\u003e\u003c/a\u003e Fix SQL sanitizer bugs with dollar-quoted strings and placeholder overflow\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jackc/pgx/commit/a5680bc945aa7c6ebac2778d859ee7b4ba86db60\"\u003e\u003ccode\u003ea5680bc\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/jackc/pgx/issues/2531\"\u003e#2531\u003c/a\u003e from dolmen-go/godoc-add-links\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jackc/pgx/commit/e34e4524007062710c6a4fb9c8655b75a486b5cd\"\u003e\u003ccode\u003ee34e452\u003c/code\u003e\u003c/a\u003e doc: Add godoc links\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jackc/pgx/commit/08c9bb1f0d8fa6cc10ed8c713e68b1baa64dfe2c\"\u003e\u003ccode\u003e08c9bb1\u003c/code\u003e\u003c/a\u003e Fix Stringer types encoded as text instead of numeric value in composite fields\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jackc/pgx/commit/96b4dbdfd0458cb425bf8454d292a23978872cc8\"\u003e\u003ccode\u003e96b4dbd\u003c/code\u003e\u003c/a\u003e Remove unstable test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jackc/pgx/commit/acf88e0065682e8948696d26fa6438669c4cabee\"\u003e\u003ccode\u003eacf88e0\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/jackc/pgx/issues/2526\"\u003e#2526\u003c/a\u003e from abrightwell/abrightwell-min-proto\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jackc/pgx/commit/2f81f1fc03bef99593e92c64ad9cac954c00e8e6\"\u003e\u003ccode\u003e2f81f1f\u003c/code\u003e\u003c/a\u003e Update \u003ccode\u003emax_protocol_version\u003c/code\u003e and \u003ccode\u003emin_protocol_version\u003c/code\u003e defaults\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jackc/pgx/commit/4e4eaedb47b7b3cfba0a1b0a9e6a3f015764f046\"\u003e\u003ccode\u003e4e4eaed\u003c/code\u003e\u003c/a\u003e Release v5.9.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jackc/pgx/commit/62731882651a90348febb43b2119b5f8bd9272de\"\u003e\u003ccode\u003e6273188\u003c/code\u003e\u003c/a\u003e Fix batch result format corruption when using cached prepared statements\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/jackc/pgx/compare/v5.7.4...v5.9.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/moby/spdystream` from 0.5.0 to 0.5.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/moby/spdystream/releases\"\u003egithub.com/moby/spdystream's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.5.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cp\u003eFix memory amplification in SPDY frame parsing leads to denial of service (\u003ca href=\"https://github.com/moby/spdystream/security/advisories/GHSA-pc3f-x583-g7j2\"\u003eCVE-2026-35469\u003c/a\u003e / \u003ca href=\"https://github.com/moby/spdystream/security/advisories/GHSA-pc3f-x583-g7j2\"\u003eGHSA-pc3f-x583-g7j2\u003c/a\u003e)\u003c/p\u003e\n\u003ch3\u003eChanges\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003espdy: fix duplicate license headers, add LICENSE, PATENTS, and update NOTICE \u003ca href=\"https://redirect.github.com/moby/spdystream/pull/106\"\u003emoby/spdystream#106\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: update actions and test against latest Go versions \u003ca href=\"https://redirect.github.com/moby/spdystream/pull/107\"\u003emoby/spdystream#107\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003euse ioutil.Discard for go1.13 compatibility \u003ca href=\"https://redirect.github.com/moby/spdystream/pull/109\"\u003emoby/spdystream#109\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/moby/spdystream/compare/v0.5.0...v0.5.1\"\u003ehttps://github.com/moby/spdystream/compare/v0.5.0...v0.5.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/c59e5d73daa301bde452ea77545bdf51e32554a2\"\u003e\u003ccode\u003ec59e5d7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/moby/spdystream/issues/109\"\u003e#109\u003c/a\u003e from thaJeztah/use_ioutil\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/2fd0155e904f1f9b834b8460e8fdb8522bb59f84\"\u003e\u003ccode\u003e2fd0155\u003c/code\u003e\u003c/a\u003e use ioutil.Discard for go1.13 compatibility\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/ef6121f62c730110bf5ae604a865a8613bfb787f\"\u003e\u003ccode\u003eef6121f\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/241cec95b8f02919845dc4758f1f5310fc886739\"\u003e\u003ccode\u003e241cec9\u003c/code\u003e\u003c/a\u003e compare with signed Int for 32-bit Arm\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/21c38640c8c8f43173b17e5bc6690a5fa25d6935\"\u003e\u003ccode\u003e21c3864\u003c/code\u003e\u003c/a\u003e Add options to customize limits\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/acf9b456d06816c5cf23bf3892e13441f947d5fd\"\u003e\u003ccode\u003eacf9b45\u003c/code\u003e\u003c/a\u003e spdy: update godoc for MaxDataLength\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/eb6360582bf1343f485ca87b76efc9e72b49d690\"\u003e\u003ccode\u003eeb63605\u003c/code\u003e\u003c/a\u003e spdy: limit header-size and header-count\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/2f21da42eaab90f03a82fb03d0de8e91eb1d0fc6\"\u003e\u003ccode\u003e2f21da4\u003c/code\u003e\u003c/a\u003e spdy: fix header block byte accounting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/5976b6612f07a27f2e9a4de875485defb43b5d50\"\u003e\u003ccode\u003e5976b66\u003c/code\u003e\u003c/a\u003e spdy: enforce 24-bit frame length limits\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/cf0ec5d0fe4dbb2f3525f733946e0d0ddbfd5b13\"\u003e\u003ccode\u003ecf0ec5d\u003c/code\u003e\u003c/a\u003e Guard against oversized SPDY frames\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/moby/spdystream/compare/v0.5.0...v0.5.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/voxel51/fiftyone-teams-app-deploy/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/voxel51/fiftyone-teams-app-deploy/pull/552","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/voxel51%2Ffiftyone-teams-app-deploy/issues/552","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/552/packages"},{"uuid":"4309713879","node_id":"PR_kwDORsmrI87UqFN-","number":2,"state":"closed","title":"build(deps): Bump github.com/moby/spdystream from 0.5.0 to 0.5.1 in /test/integration","user":"dependabot[bot]","labels":["dependencies","go"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-08T23:38:32.000Z","author_association":null,"state_reason":null,"created_at":"2026-04-22T14:29:56.000Z","updated_at":"2026-05-08T23:38:34.000Z","time_to_close":1415316,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps): Bump","packages":[{"name":"github.com/moby/spdystream","old_version":"0.5.0","new_version":"0.5.1","repository_url":"https://github.com/moby/spdystream"}],"path":"/test/integration","ecosystem":"go"},"body":"Bumps [github.com/moby/spdystream](https://github.com/moby/spdystream) from 0.5.0 to 0.5.1.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/moby/spdystream/releases\"\u003egithub.com/moby/spdystream's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.5.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cp\u003eFix memory amplification in SPDY frame parsing leads to denial of service (\u003ca href=\"https://github.com/moby/spdystream/security/advisories/GHSA-pc3f-x583-g7j2\"\u003eCVE-2026-35469\u003c/a\u003e / \u003ca href=\"https://github.com/moby/spdystream/security/advisories/GHSA-pc3f-x583-g7j2\"\u003eGHSA-pc3f-x583-g7j2\u003c/a\u003e)\u003c/p\u003e\n\u003ch3\u003eChanges\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003espdy: fix duplicate license headers, add LICENSE, PATENTS, and update NOTICE \u003ca href=\"https://redirect.github.com/moby/spdystream/pull/106\"\u003emoby/spdystream#106\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: update actions and test against latest Go versions \u003ca href=\"https://redirect.github.com/moby/spdystream/pull/107\"\u003emoby/spdystream#107\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003euse ioutil.Discard for go1.13 compatibility \u003ca href=\"https://redirect.github.com/moby/spdystream/pull/109\"\u003emoby/spdystream#109\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/moby/spdystream/compare/v0.5.0...v0.5.1\"\u003ehttps://github.com/moby/spdystream/compare/v0.5.0...v0.5.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/c59e5d73daa301bde452ea77545bdf51e32554a2\"\u003e\u003ccode\u003ec59e5d7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/moby/spdystream/issues/109\"\u003e#109\u003c/a\u003e from thaJeztah/use_ioutil\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/2fd0155e904f1f9b834b8460e8fdb8522bb59f84\"\u003e\u003ccode\u003e2fd0155\u003c/code\u003e\u003c/a\u003e use ioutil.Discard for go1.13 compatibility\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/ef6121f62c730110bf5ae604a865a8613bfb787f\"\u003e\u003ccode\u003eef6121f\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/241cec95b8f02919845dc4758f1f5310fc886739\"\u003e\u003ccode\u003e241cec9\u003c/code\u003e\u003c/a\u003e compare with signed Int for 32-bit Arm\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/21c38640c8c8f43173b17e5bc6690a5fa25d6935\"\u003e\u003ccode\u003e21c3864\u003c/code\u003e\u003c/a\u003e Add options to customize limits\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/acf9b456d06816c5cf23bf3892e13441f947d5fd\"\u003e\u003ccode\u003eacf9b45\u003c/code\u003e\u003c/a\u003e spdy: update godoc for MaxDataLength\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/eb6360582bf1343f485ca87b76efc9e72b49d690\"\u003e\u003ccode\u003eeb63605\u003c/code\u003e\u003c/a\u003e spdy: limit header-size and header-count\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/2f21da42eaab90f03a82fb03d0de8e91eb1d0fc6\"\u003e\u003ccode\u003e2f21da4\u003c/code\u003e\u003c/a\u003e spdy: fix header block byte accounting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/5976b6612f07a27f2e9a4de875485defb43b5d50\"\u003e\u003ccode\u003e5976b66\u003c/code\u003e\u003c/a\u003e spdy: enforce 24-bit frame length limits\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/cf0ec5d0fe4dbb2f3525f733946e0d0ddbfd5b13\"\u003e\u003ccode\u003ecf0ec5d\u003c/code\u003e\u003c/a\u003e Guard against oversized SPDY frames\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/moby/spdystream/compare/v0.5.0...v0.5.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/moby/spdystream\u0026package-manager=go_modules\u0026previous-version=0.5.0\u0026new-version=0.5.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/eagle19900203-boop/flagd/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/eagle19900203-boop/flagd/pull/2","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/eagle19900203-boop%2Fflagd/issues/2","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/2/packages"},{"uuid":"4299428652","node_id":"PR_kwDOGWmxQ87UI1f6","number":1724,"state":"closed","title":"build(deps): bump github.com/moby/spdystream from 0.5.0 to 0.5.1 in /deployment","user":"dependabot[bot]","labels":["dependencies","go"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":"2026-04-21T23:40:25.000Z","author_association":null,"state_reason":null,"created_at":"2026-04-21T00:10:10.000Z","updated_at":"2026-04-21T23:40:27.000Z","time_to_close":84615,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps)","packages":[{"name":"github.com/moby/spdystream","old_version":"0.5.0","new_version":"0.5.1","repository_url":"https://github.com/moby/spdystream"}],"path":"/deployment","ecosystem":"go"},"body":"Bumps [github.com/moby/spdystream](https://github.com/moby/spdystream) from 0.5.0 to 0.5.1.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/moby/spdystream/releases\"\u003egithub.com/moby/spdystream's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.5.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cp\u003eFix memory amplification in SPDY frame parsing leads to denial of service (\u003ca href=\"https://github.com/moby/spdystream/security/advisories/GHSA-pc3f-x583-g7j2\"\u003eCVE-2026-35469\u003c/a\u003e / \u003ca href=\"https://github.com/moby/spdystream/security/advisories/GHSA-pc3f-x583-g7j2\"\u003eGHSA-pc3f-x583-g7j2\u003c/a\u003e)\u003c/p\u003e\n\u003ch3\u003eChanges\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003espdy: fix duplicate license headers, add LICENSE, PATENTS, and update NOTICE \u003ca href=\"https://redirect.github.com/moby/spdystream/pull/106\"\u003emoby/spdystream#106\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: update actions and test against latest Go versions \u003ca href=\"https://redirect.github.com/moby/spdystream/pull/107\"\u003emoby/spdystream#107\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003euse ioutil.Discard for go1.13 compatibility \u003ca href=\"https://redirect.github.com/moby/spdystream/pull/109\"\u003emoby/spdystream#109\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/moby/spdystream/compare/v0.5.0...v0.5.1\"\u003ehttps://github.com/moby/spdystream/compare/v0.5.0...v0.5.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/c59e5d73daa301bde452ea77545bdf51e32554a2\"\u003e\u003ccode\u003ec59e5d7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/moby/spdystream/issues/109\"\u003e#109\u003c/a\u003e from thaJeztah/use_ioutil\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/2fd0155e904f1f9b834b8460e8fdb8522bb59f84\"\u003e\u003ccode\u003e2fd0155\u003c/code\u003e\u003c/a\u003e use ioutil.Discard for go1.13 compatibility\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/ef6121f62c730110bf5ae604a865a8613bfb787f\"\u003e\u003ccode\u003eef6121f\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/241cec95b8f02919845dc4758f1f5310fc886739\"\u003e\u003ccode\u003e241cec9\u003c/code\u003e\u003c/a\u003e compare with signed Int for 32-bit Arm\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/21c38640c8c8f43173b17e5bc6690a5fa25d6935\"\u003e\u003ccode\u003e21c3864\u003c/code\u003e\u003c/a\u003e Add options to customize limits\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/acf9b456d06816c5cf23bf3892e13441f947d5fd\"\u003e\u003ccode\u003eacf9b45\u003c/code\u003e\u003c/a\u003e spdy: update godoc for MaxDataLength\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/eb6360582bf1343f485ca87b76efc9e72b49d690\"\u003e\u003ccode\u003eeb63605\u003c/code\u003e\u003c/a\u003e spdy: limit header-size and header-count\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/2f21da42eaab90f03a82fb03d0de8e91eb1d0fc6\"\u003e\u003ccode\u003e2f21da4\u003c/code\u003e\u003c/a\u003e spdy: fix header block byte accounting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/5976b6612f07a27f2e9a4de875485defb43b5d50\"\u003e\u003ccode\u003e5976b66\u003c/code\u003e\u003c/a\u003e spdy: enforce 24-bit frame length limits\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/cf0ec5d0fe4dbb2f3525f733946e0d0ddbfd5b13\"\u003e\u003ccode\u003ecf0ec5d\u003c/code\u003e\u003c/a\u003e Guard against oversized SPDY frames\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/moby/spdystream/compare/v0.5.0...v0.5.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/moby/spdystream\u0026package-manager=go_modules\u0026previous-version=0.5.0\u0026new-version=0.5.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/mikeyhodl/chainlink/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/mikeyhodl/chainlink/pull/1724","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/mikeyhodl%2Fchainlink/issues/1724","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/1724/packages"},{"uuid":"4294926001","node_id":"PR_kwDOQuMk587T6ItP","number":102,"state":"closed","title":"chore(deps)(deps): bump github.com/moby/spdystream from 0.5.0 to 0.5.1","user":"dependabot[bot]","labels":[],"assignees":["eightynine01"],"locked":false,"comments_count":2,"pull_request":true,"closed_at":"2026-04-30T02:16:29.000Z","author_association":null,"state_reason":null,"created_at":"2026-04-20T10:20:51.000Z","updated_at":"2026-04-30T02:16:31.000Z","time_to_close":834938,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps)(deps)","packages":[{"name":"github.com/moby/spdystream","old_version":"0.5.0","new_version":"0.5.1","repository_url":"https://github.com/moby/spdystream"}],"path":null,"ecosystem":"go"},"body":"Bumps [github.com/moby/spdystream](https://github.com/moby/spdystream) from 0.5.0 to 0.5.1.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/moby/spdystream/releases\"\u003egithub.com/moby/spdystream's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.5.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cp\u003eFix memory amplification in SPDY frame parsing leads to denial of service (\u003ca href=\"https://github.com/moby/spdystream/security/advisories/GHSA-pc3f-x583-g7j2\"\u003eCVE-2026-35469\u003c/a\u003e / \u003ca href=\"https://github.com/moby/spdystream/security/advisories/GHSA-pc3f-x583-g7j2\"\u003eGHSA-pc3f-x583-g7j2\u003c/a\u003e)\u003c/p\u003e\n\u003ch3\u003eChanges\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003espdy: fix duplicate license headers, add LICENSE, PATENTS, and update NOTICE \u003ca href=\"https://redirect.github.com/moby/spdystream/pull/106\"\u003emoby/spdystream#106\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: update actions and test against latest Go versions \u003ca href=\"https://redirect.github.com/moby/spdystream/pull/107\"\u003emoby/spdystream#107\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003euse ioutil.Discard for go1.13 compatibility \u003ca href=\"https://redirect.github.com/moby/spdystream/pull/109\"\u003emoby/spdystream#109\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/moby/spdystream/compare/v0.5.0...v0.5.1\"\u003ehttps://github.com/moby/spdystream/compare/v0.5.0...v0.5.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/c59e5d73daa301bde452ea77545bdf51e32554a2\"\u003e\u003ccode\u003ec59e5d7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/moby/spdystream/issues/109\"\u003e#109\u003c/a\u003e from thaJeztah/use_ioutil\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/2fd0155e904f1f9b834b8460e8fdb8522bb59f84\"\u003e\u003ccode\u003e2fd0155\u003c/code\u003e\u003c/a\u003e use ioutil.Discard for go1.13 compatibility\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/ef6121f62c730110bf5ae604a865a8613bfb787f\"\u003e\u003ccode\u003eef6121f\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/241cec95b8f02919845dc4758f1f5310fc886739\"\u003e\u003ccode\u003e241cec9\u003c/code\u003e\u003c/a\u003e compare with signed Int for 32-bit Arm\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/21c38640c8c8f43173b17e5bc6690a5fa25d6935\"\u003e\u003ccode\u003e21c3864\u003c/code\u003e\u003c/a\u003e Add options to customize limits\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/acf9b456d06816c5cf23bf3892e13441f947d5fd\"\u003e\u003ccode\u003eacf9b45\u003c/code\u003e\u003c/a\u003e spdy: update godoc for MaxDataLength\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/eb6360582bf1343f485ca87b76efc9e72b49d690\"\u003e\u003ccode\u003eeb63605\u003c/code\u003e\u003c/a\u003e spdy: limit header-size and header-count\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/2f21da42eaab90f03a82fb03d0de8e91eb1d0fc6\"\u003e\u003ccode\u003e2f21da4\u003c/code\u003e\u003c/a\u003e spdy: fix header block byte accounting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/5976b6612f07a27f2e9a4de875485defb43b5d50\"\u003e\u003ccode\u003e5976b66\u003c/code\u003e\u003c/a\u003e spdy: enforce 24-bit frame length limits\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/cf0ec5d0fe4dbb2f3525f733946e0d0ddbfd5b13\"\u003e\u003ccode\u003ecf0ec5d\u003c/code\u003e\u003c/a\u003e Guard against oversized SPDY frames\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/moby/spdystream/compare/v0.5.0...v0.5.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e","html_url":"https://github.com/keiailab/mongodb-operator/pull/102","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/keiailab%2Fmongodb-operator/issues/102","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/102/packages"},{"uuid":"4289300671","node_id":"PR_kwDOCo3boc7TpGQd","number":6648,"state":"open","title":"chore(deps): bump github.com/moby/spdystream from 0.5.0 to 0.5.1 in /test/anp","user":"dependabot[bot]","labels":["dependencies","go","size:XS"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-04-18T22:04:40.000Z","updated_at":"2026-04-18T22:10:54.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps)","packages":[{"name":"github.com/moby/spdystream","old_version":"0.5.0","new_version":"0.5.1","repository_url":"https://github.com/moby/spdystream"}],"path":"/test/anp","ecosystem":"go"},"body":"Bumps [github.com/moby/spdystream](https://github.com/moby/spdystream) from 0.5.0 to 0.5.1.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/moby/spdystream/releases\"\u003egithub.com/moby/spdystream's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.5.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003espdy: fix duplicate license headers, add LICENSE, PATENTS, and update NOTICE \u003ca href=\"https://redirect.github.com/moby/spdystream/pull/106\"\u003emoby/spdystream#106\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: update actions and test against latest Go versions \u003ca href=\"https://redirect.github.com/moby/spdystream/pull/107\"\u003emoby/spdystream#107\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003euse ioutil.Discard for go1.13 compatibility \u003ca href=\"https://redirect.github.com/moby/spdystream/pull/109\"\u003emoby/spdystream#109\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/moby/spdystream/compare/v0.5.0...v0.5.1\"\u003ehttps://github.com/moby/spdystream/compare/v0.5.0...v0.5.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/c59e5d73daa301bde452ea77545bdf51e32554a2\"\u003e\u003ccode\u003ec59e5d7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/moby/spdystream/issues/109\"\u003e#109\u003c/a\u003e from thaJeztah/use_ioutil\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/2fd0155e904f1f9b834b8460e8fdb8522bb59f84\"\u003e\u003ccode\u003e2fd0155\u003c/code\u003e\u003c/a\u003e use ioutil.Discard for go1.13 compatibility\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/ef6121f62c730110bf5ae604a865a8613bfb787f\"\u003e\u003ccode\u003eef6121f\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/241cec95b8f02919845dc4758f1f5310fc886739\"\u003e\u003ccode\u003e241cec9\u003c/code\u003e\u003c/a\u003e compare with signed Int for 32-bit Arm\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/21c38640c8c8f43173b17e5bc6690a5fa25d6935\"\u003e\u003ccode\u003e21c3864\u003c/code\u003e\u003c/a\u003e Add options to customize limits\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/acf9b456d06816c5cf23bf3892e13441f947d5fd\"\u003e\u003ccode\u003eacf9b45\u003c/code\u003e\u003c/a\u003e spdy: update godoc for MaxDataLength\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/eb6360582bf1343f485ca87b76efc9e72b49d690\"\u003e\u003ccode\u003eeb63605\u003c/code\u003e\u003c/a\u003e spdy: limit header-size and header-count\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/2f21da42eaab90f03a82fb03d0de8e91eb1d0fc6\"\u003e\u003ccode\u003e2f21da4\u003c/code\u003e\u003c/a\u003e spdy: fix header block byte accounting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/5976b6612f07a27f2e9a4de875485defb43b5d50\"\u003e\u003ccode\u003e5976b66\u003c/code\u003e\u003c/a\u003e spdy: enforce 24-bit frame length limits\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/cf0ec5d0fe4dbb2f3525f733946e0d0ddbfd5b13\"\u003e\u003ccode\u003ecf0ec5d\u003c/code\u003e\u003c/a\u003e Guard against oversized SPDY frames\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/moby/spdystream/compare/v0.5.0...v0.5.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/moby/spdystream\u0026package-manager=go_modules\u0026previous-version=0.5.0\u0026new-version=0.5.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/kubeovn/kube-ovn/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/kubeovn/kube-ovn/pull/6648","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/kubeovn%2Fkube-ovn/issues/6648","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/6648/packages"},{"uuid":"4286492584","node_id":"PR_kwDOGWmxQ87TglbB","number":1722,"state":"open","title":"build(deps): bump github.com/moby/spdystream from 0.5.0 to 0.5.1 in /devenv","user":"dependabot[bot]","labels":["dependencies","go"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-04-18T03:13:21.000Z","updated_at":"2026-04-22T00:10:07.189Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps)","packages":[{"name":"github.com/moby/spdystream","old_version":"0.5.0","new_version":"0.5.1","repository_url":"https://github.com/moby/spdystream"}],"path":"/devenv","ecosystem":"go"},"body":"Bumps [github.com/moby/spdystream](https://github.com/moby/spdystream) from 0.5.0 to 0.5.1.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/moby/spdystream/releases\"\u003egithub.com/moby/spdystream's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.5.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003espdy: fix duplicate license headers, add LICENSE, PATENTS, and update NOTICE \u003ca href=\"https://redirect.github.com/moby/spdystream/pull/106\"\u003emoby/spdystream#106\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: update actions and test against latest Go versions \u003ca href=\"https://redirect.github.com/moby/spdystream/pull/107\"\u003emoby/spdystream#107\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003euse ioutil.Discard for go1.13 compatibility \u003ca href=\"https://redirect.github.com/moby/spdystream/pull/109\"\u003emoby/spdystream#109\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/moby/spdystream/compare/v0.5.0...v0.5.1\"\u003ehttps://github.com/moby/spdystream/compare/v0.5.0...v0.5.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/c59e5d73daa301bde452ea77545bdf51e32554a2\"\u003e\u003ccode\u003ec59e5d7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/moby/spdystream/issues/109\"\u003e#109\u003c/a\u003e from thaJeztah/use_ioutil\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/2fd0155e904f1f9b834b8460e8fdb8522bb59f84\"\u003e\u003ccode\u003e2fd0155\u003c/code\u003e\u003c/a\u003e use ioutil.Discard for go1.13 compatibility\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/ef6121f62c730110bf5ae604a865a8613bfb787f\"\u003e\u003ccode\u003eef6121f\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/241cec95b8f02919845dc4758f1f5310fc886739\"\u003e\u003ccode\u003e241cec9\u003c/code\u003e\u003c/a\u003e compare with signed Int for 32-bit Arm\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/21c38640c8c8f43173b17e5bc6690a5fa25d6935\"\u003e\u003ccode\u003e21c3864\u003c/code\u003e\u003c/a\u003e Add options to customize limits\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/acf9b456d06816c5cf23bf3892e13441f947d5fd\"\u003e\u003ccode\u003eacf9b45\u003c/code\u003e\u003c/a\u003e spdy: update godoc for MaxDataLength\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/eb6360582bf1343f485ca87b76efc9e72b49d690\"\u003e\u003ccode\u003eeb63605\u003c/code\u003e\u003c/a\u003e spdy: limit header-size and header-count\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/2f21da42eaab90f03a82fb03d0de8e91eb1d0fc6\"\u003e\u003ccode\u003e2f21da4\u003c/code\u003e\u003c/a\u003e spdy: fix header block byte accounting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/5976b6612f07a27f2e9a4de875485defb43b5d50\"\u003e\u003ccode\u003e5976b66\u003c/code\u003e\u003c/a\u003e spdy: enforce 24-bit frame length limits\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/cf0ec5d0fe4dbb2f3525f733946e0d0ddbfd5b13\"\u003e\u003ccode\u003ecf0ec5d\u003c/code\u003e\u003c/a\u003e Guard against oversized SPDY frames\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/moby/spdystream/compare/v0.5.0...v0.5.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/moby/spdystream\u0026package-manager=go_modules\u0026previous-version=0.5.0\u0026new-version=0.5.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/mikeyhodl/chainlink/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/mikeyhodl/chainlink/pull/1722","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/mikeyhodl%2Fchainlink/issues/1722","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/1722/packages"},{"uuid":"4285720329","node_id":"PR_kwDOKRBotc7TeDqD","number":20,"state":"open","title":"Bump github.com/moby/spdystream from 0.2.0 to 0.5.1","user":"dependabot[bot]","labels":["dependencies","go"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-04-17T22:48:05.000Z","updated_at":"2026-04-17T22:48:14.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"github.com/moby/spdystream","old_version":"0.2.0","new_version":"0.5.1","repository_url":"https://github.com/moby/spdystream"}],"path":null,"ecosystem":"go"},"body":"Bumps [github.com/moby/spdystream](https://github.com/moby/spdystream) from 0.2.0 to 0.5.1.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/moby/spdystream/releases\"\u003egithub.com/moby/spdystream's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.5.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003espdy: fix duplicate license headers, add LICENSE, PATENTS, and update NOTICE \u003ca href=\"https://redirect.github.com/moby/spdystream/pull/106\"\u003emoby/spdystream#106\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: update actions and test against latest Go versions \u003ca href=\"https://redirect.github.com/moby/spdystream/pull/107\"\u003emoby/spdystream#107\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003euse ioutil.Discard for go1.13 compatibility \u003ca href=\"https://redirect.github.com/moby/spdystream/pull/109\"\u003emoby/spdystream#109\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/moby/spdystream/compare/v0.5.0...v0.5.1\"\u003ehttps://github.com/moby/spdystream/compare/v0.5.0...v0.5.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e[v0.5.0] Avoid leaking timeout timer channels and update github actions\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eremove empty go.sum by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/moby/spdystream/pull/100\"\u003emoby/spdystream#100\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003egha: update actions and go versions  by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/moby/spdystream/pull/102\"\u003emoby/spdystream#102\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAvoid leaking goroutines on close by \u003ca href=\"https://github.com/liggitt\"\u003e\u003ccode\u003e@​liggitt\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/moby/spdystream/pull/101\"\u003emoby/spdystream#101\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/moby/spdystream/compare/v0.4.0...v0.5.0\"\u003ehttps://github.com/moby/spdystream/compare/v0.4.0...v0.5.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e[v0.4.0] fix goroutine leak and remove unused code\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAvoid 10 minute goroutine leak in error case for handled errors by \u003ca href=\"https://github.com/liggitt\"\u003e\u003ccode\u003e@​liggitt\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/moby/spdystream/pull/99\"\u003emoby/spdystream#99\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove unused websocket package by \u003ca href=\"https://github.com/dmcgowan\"\u003e\u003ccode\u003e@​dmcgowan\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/moby/spdystream/pull/98\"\u003emoby/spdystream#98\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/liggitt\"\u003e\u003ccode\u003e@​liggitt\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/moby/spdystream/pull/99\"\u003emoby/spdystream#99\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/moby/spdystream/compare/v0.3.0...v0.4.0\"\u003ehttps://github.com/moby/spdystream/compare/v0.3.0...v0.4.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e[v0.3.0] Release with fixes for a race condition\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003egha: update go versions by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/moby/spdystream/pull/90\"\u003emoby/spdystream#90\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix Ping data-race by \u003ca href=\"https://github.com/tigrato\"\u003e\u003ccode\u003e@​tigrato\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/moby/spdystream/pull/91\"\u003emoby/spdystream#91\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix unit test races (carry \u003ca href=\"https://redirect.github.com/moby/spdystream/issues/48\"\u003e#48\u003c/a\u003e) by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/moby/spdystream/pull/89\"\u003emoby/spdystream#89\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed data race in Stream.IsFInished()  by \u003ca href=\"https://github.com/code-qote\"\u003e\u003ccode\u003e@​code-qote\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/moby/spdystream/pull/96\"\u003emoby/spdystream#96\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tigrato\"\u003e\u003ccode\u003e@​tigrato\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/moby/spdystream/pull/91\"\u003emoby/spdystream#91\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/code-qote\"\u003e\u003ccode\u003e@​code-qote\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/moby/spdystream/pull/96\"\u003emoby/spdystream#96\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/moby/spdystream/compare/v0.2.0...v0.3.0\"\u003ehttps://github.com/moby/spdystream/compare/v0.2.0...v0.3.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/c59e5d73daa301bde452ea77545bdf51e32554a2\"\u003e\u003ccode\u003ec59e5d7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/moby/spdystream/issues/109\"\u003e#109\u003c/a\u003e from thaJeztah/use_ioutil\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/2fd0155e904f1f9b834b8460e8fdb8522bb59f84\"\u003e\u003ccode\u003e2fd0155\u003c/code\u003e\u003c/a\u003e use ioutil.Discard for go1.13 compatibility\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/ef6121f62c730110bf5ae604a865a8613bfb787f\"\u003e\u003ccode\u003eef6121f\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/241cec95b8f02919845dc4758f1f5310fc886739\"\u003e\u003ccode\u003e241cec9\u003c/code\u003e\u003c/a\u003e compare with signed Int for 32-bit Arm\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/21c38640c8c8f43173b17e5bc6690a5fa25d6935\"\u003e\u003ccode\u003e21c3864\u003c/code\u003e\u003c/a\u003e Add options to customize limits\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/acf9b456d06816c5cf23bf3892e13441f947d5fd\"\u003e\u003ccode\u003eacf9b45\u003c/code\u003e\u003c/a\u003e spdy: update godoc for MaxDataLength\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/eb6360582bf1343f485ca87b76efc9e72b49d690\"\u003e\u003ccode\u003eeb63605\u003c/code\u003e\u003c/a\u003e spdy: limit header-size and header-count\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/2f21da42eaab90f03a82fb03d0de8e91eb1d0fc6\"\u003e\u003ccode\u003e2f21da4\u003c/code\u003e\u003c/a\u003e spdy: fix header block byte accounting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/5976b6612f07a27f2e9a4de875485defb43b5d50\"\u003e\u003ccode\u003e5976b66\u003c/code\u003e\u003c/a\u003e spdy: enforce 24-bit frame length limits\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/cf0ec5d0fe4dbb2f3525f733946e0d0ddbfd5b13\"\u003e\u003ccode\u003ecf0ec5d\u003c/code\u003e\u003c/a\u003e Guard against oversized SPDY frames\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/moby/spdystream/compare/v0.2.0...v0.5.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/moby/spdystream\u0026package-manager=go_modules\u0026previous-version=0.2.0\u0026new-version=0.5.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/kluster-api/cluster-api/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/kluster-api/cluster-api/pull/20","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/kluster-api%2Fcluster-api/issues/20","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/20/packages"},{"uuid":"4285700711","node_id":"PR_kwDOA_lnj87Td_kE","number":697,"state":"closed","title":"build(deps): bump the go_modules group across 1 directory with 3 updates","user":"dependabot[bot]","labels":["dependencies","go"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-04-22T00:35:28.000Z","author_association":null,"state_reason":null,"created_at":"2026-04-17T22:42:30.000Z","updated_at":"2026-04-22T00:35:30.000Z","time_to_close":352378,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps): bump","group_name":"go_modules","update_count":3,"packages":[{"name":"github.com/go-git/go-git/v5","old_version":"5.17.1","new_version":"5.18.0","repository_url":"https://github.com/go-git/go-git"},{"name":"github.com/jackc/pgx/v5","old_version":"5.8.0","new_version":"5.9.0","repository_url":"https://github.com/jackc/pgx"},{"name":"github.com/moby/spdystream","old_version":"0.5.0","new_version":"0.5.1","repository_url":"https://github.com/moby/spdystream"}],"path":null,"ecosystem":"go"},"body":"Bumps the go_modules group with 3 updates in the / directory: [github.com/go-git/go-git/v5](https://github.com/go-git/go-git), [github.com/jackc/pgx/v5](https://github.com/jackc/pgx) and [github.com/moby/spdystream](https://github.com/moby/spdystream).\n\nUpdates `github.com/go-git/go-git/v5` from 5.17.1 to 5.18.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/go-git/go-git/releases\"\u003egithub.com/go-git/go-git/v5's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.18.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eplumbing: transport/http, Add support for followRedirects policy by \u003ca href=\"https://github.com/pjbgf\"\u003e\u003ccode\u003e@​pjbgf\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-git/go-git/pull/2004\"\u003ego-git/go-git#2004\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/go-git/go-git/compare/v5.17.2...v5.18.0\"\u003ehttps://github.com/go-git/go-git/compare/v5.17.2...v5.18.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.17.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ebuild: Update module github.com/go-git/go-git/v5 to v5.17.1 [SECURITY] (releases/v5.x) by \u003ca href=\"https://github.com/go-git-renovate\"\u003e\u003ccode\u003e@​go-git-renovate\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/go-git/go-git/pull/1941\"\u003ego-git/go-git#1941\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edotgit: skip writing pack files that already exist on disk by \u003ca href=\"https://github.com/pjbgf\"\u003e\u003ccode\u003e@​pjbgf\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-git/go-git/pull/1944\"\u003ego-git/go-git#1944\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e:warning: This release fixes a bug (\u003ca href=\"https://redirect.github.com/go-git/go-git/issues/1942\"\u003ego-git/go-git#1942\u003c/a\u003e) that blocked some users from upgrading to \u003ccode\u003ev5.17.1\u003c/code\u003e. Thanks \u003ca href=\"https://github.com/pskrbasu\"\u003e\u003ccode\u003e@​pskrbasu\u003c/code\u003e\u003c/a\u003e for reporting it. :bow:\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/go-git/go-git/compare/v5.17.1...v5.17.2\"\u003ehttps://github.com/go-git/go-git/compare/v5.17.1...v5.17.2\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-git/go-git/commit/ea3e7ec9dfc54f577a01afb4dd601c0284604264\"\u003e\u003ccode\u003eea3e7ec\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/go-git/go-git/issues/2004\"\u003e#2004\u003c/a\u003e from go-git/v5-http-hardening\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-git/go-git/commit/bcd20a9c525826081262a06a9ed9c3167abfcd53\"\u003e\u003ccode\u003ebcd20a9\u003c/code\u003e\u003c/a\u003e plumbing: transport/http, Add support for followRedirects policy\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-git/go-git/commit/45ae193b3a60aa8ec8a3e373f7265a7819473d5f\"\u003e\u003ccode\u003e45ae193\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/go-git/go-git/issues/1944\"\u003e#1944\u003c/a\u003e from go-git/fix-perms\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-git/go-git/commit/fda4f7464b597ff33d2dea1c026482a5e900037c\"\u003e\u003ccode\u003efda4f74\u003c/code\u003e\u003c/a\u003e storage: filesystem/dotgit, Skip writing pack files that already exist on disk\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-git/go-git/commit/2212dc7caeb2a389fe2129923811ef63f75a557a\"\u003e\u003ccode\u003e2212dc7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/go-git/go-git/issues/1941\"\u003e#1941\u003c/a\u003e from go-git/renovate/releases/v5.x-go-github.com-go-...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-git/go-git/commit/ebb2d7da7f5d5aebeaa0b5e13276d72d602c1ae3\"\u003e\u003ccode\u003eebb2d7d\u003c/code\u003e\u003c/a\u003e build: Update module github.com/go-git/go-git/v5 to v5.17.1 [SECURITY]\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/go-git/go-git/compare/v5.17.1...v5.18.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/jackc/pgx/v5` from 5.8.0 to 5.9.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jackc/pgx/blob/master/CHANGELOG.md\"\u003egithub.com/jackc/pgx/v5's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e5.9.0 (March 21, 2026)\u003c/h1\u003e\n\u003cp\u003eThis release includes a number of new features such as SCRAM-SHA-256-PLUS support, OAuth authentication support, and\nPostgreSQL protocol 3.2 support.\u003c/p\u003e\n\u003cp\u003eIt significantly reduces the amount of network traffic when using prepared statements (which are used automatically by\ndefault) by avoiding unnecessary Describe Portal messages. This also reduces local memory usage.\u003c/p\u003e\n\u003cp\u003eIt also includes multiple fixes for potential DoS due to panic or OOM if connected to a malicious server that sends\ndeliberately malformed messages.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eRequire Go 1.25+\u003c/li\u003e\n\u003cli\u003eAdd SCRAM-SHA-256-PLUS support (Adam Brightwell)\u003c/li\u003e\n\u003cli\u003eAdd OAuth authentication support for PostgreSQL 18 (David Schneider)\u003c/li\u003e\n\u003cli\u003eAdd PostgreSQL protocol 3.2 support (Dirkjan Bussink)\u003c/li\u003e\n\u003cli\u003eAdd tsvector type support (Adam Brightwell)\u003c/li\u003e\n\u003cli\u003eSkip Describe Portal for cached prepared statements reducing network round trips\u003c/li\u003e\n\u003cli\u003eMake LoadTypes query easier to support on \u0026quot;postgres-like\u0026quot; servers (Jelte Fennema-Nio)\u003c/li\u003e\n\u003cli\u003eDefault empty user to current OS user matching libpq behavior (ShivangSrivastava)\u003c/li\u003e\n\u003cli\u003eOptimize LRU statement cache with custom linked list and node pooling (Mathias Bogaert)\u003c/li\u003e\n\u003cli\u003eOptimize date scanning by replacing regex with manual parsing (Mathias Bogaert)\u003c/li\u003e\n\u003cli\u003eOptimize pgio append/set functions with direct byte shifts (Mathias Bogaert)\u003c/li\u003e\n\u003cli\u003eMake RowsAffected faster (Abhishek Chanda)\u003c/li\u003e\n\u003cli\u003eFix: Pipeline.Close panic when server sends multiple FATAL errors (Varun Chawla)\u003c/li\u003e\n\u003cli\u003eFix: ContextWatcher goroutine leak (Hank Donnay)\u003c/li\u003e\n\u003cli\u003eFix: stdlib discard connections with open transactions in ResetSession (Jeremy Schneider)\u003c/li\u003e\n\u003cli\u003eFix: pipelineBatchResults.Exec silently swallowing lastRows error\u003c/li\u003e\n\u003cli\u003eFix: ColumnTypeLength using BPCharArrayOID instead of BPCharOID\u003c/li\u003e\n\u003cli\u003eFix: TSVector text encoding returning nil for valid empty tsvector\u003c/li\u003e\n\u003cli\u003eFix: wrong error messages for Int2 and Int4 underflow\u003c/li\u003e\n\u003cli\u003eFix: Numeric nil Int pointer dereference with Valid: true\u003c/li\u003e\n\u003cli\u003eFix: reversed strings.ContainsAny arguments in Numeric.ScanScientific\u003c/li\u003e\n\u003cli\u003eFix: message length parsing on 32-bit platforms\u003c/li\u003e\n\u003cli\u003eFix: FunctionCallResponse.Decode mishandling of signed result size\u003c/li\u003e\n\u003cli\u003eFix: returning wrong error in configTLS when DecryptPEMBlock fails (Maxim Motyshen)\u003c/li\u003e\n\u003cli\u003eFix: misleading ParseConfig error when default_query_exec_mode is invalid (Skarm)\u003c/li\u003e\n\u003cli\u003eFix: missed Unwatch in Pipeline error paths\u003c/li\u003e\n\u003cli\u003eClarify too many failed acquire attempts error message\u003c/li\u003e\n\u003cli\u003eBetter error wrapping with context and SQL statement (Aneesh Makala)\u003c/li\u003e\n\u003cli\u003eEnable govet and ineffassign linters (Federico Guerinoni)\u003c/li\u003e\n\u003cli\u003eGuard against various malformed binary messages (arrays, hstore, multirange, protocol messages)\u003c/li\u003e\n\u003cli\u003eFix various godoc comments (ferhat elmas)\u003c/li\u003e\n\u003cli\u003eFix typos in comments (Oleksandr Redko)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jackc/pgx/commit/b4d8e62b6616d0c09c5021500363de0c56e01631\"\u003e\u003ccode\u003eb4d8e62\u003c/code\u003e\u003c/a\u003e Release v5.9.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jackc/pgx/commit/c227cd4f76fa2b1a47c0156621e05c076f4cf5c9\"\u003e\u003ccode\u003ec227cd4\u003c/code\u003e\u003c/a\u003e Bump minimum Go version from 1.24 to 1.25\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jackc/pgx/commit/f492c14836d7d442e8103b09f2c0c74a80c56347\"\u003e\u003ccode\u003ef492c14\u003c/code\u003e\u003c/a\u003e Use reflect.TypeFor instead of reflect.TypeOf for static types\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jackc/pgx/commit/ad8fb08d3f1a36c0e475c9f80dc9bb19d075d8e2\"\u003e\u003ccode\u003ead8fb08\u003c/code\u003e\u003c/a\u003e Use sync.WaitGroup.Go to simplify goroutine spawning\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jackc/pgx/commit/303377376df43ba3d1a99728eaa9f9a6bcaab767\"\u003e\u003ccode\u003e3033773\u003c/code\u003e\u003c/a\u003e Remove go1.26 build tag from synctest test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jackc/pgx/commit/83ffb3c2220737cf11c7dd88c80be9166753102f\"\u003e\u003ccode\u003e83ffb3c\u003c/code\u003e\u003c/a\u003e Validate multirange element count against source length before allocating\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jackc/pgx/commit/828f2147a2d4355e5cf4beac0f542f9c6bbd6709\"\u003e\u003ccode\u003e828f214\u003c/code\u003e\u003c/a\u003e Fix message length parsing on 32-bit platforms\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jackc/pgx/commit/e196a39add04a887b20a0aac58b7be333273a03a\"\u003e\u003ccode\u003ee196a39\u003c/code\u003e\u003c/a\u003e Add fuzz test for SQL lexer in sanitize package\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jackc/pgx/commit/7f969f8da50be0dba69f509f9a30f1084d0feabf\"\u003e\u003ccode\u003e7f969f8\u003c/code\u003e\u003c/a\u003e Rename TraceQueryute to traceExecute\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jackc/pgx/commit/ab523919740a5d83f7613adc3604192f5f653bc4\"\u003e\u003ccode\u003eab52391\u003c/code\u003e\u003c/a\u003e Use single Stat snapshot in checkMinConns\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/jackc/pgx/compare/v5.8.0...v5.9.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/moby/spdystream` from 0.5.0 to 0.5.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/moby/spdystream/releases\"\u003egithub.com/moby/spdystream's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.5.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003espdy: fix duplicate license headers, add LICENSE, PATENTS, and update NOTICE \u003ca href=\"https://redirect.github.com/moby/spdystream/pull/106\"\u003emoby/spdystream#106\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: update actions and test against latest Go versions \u003ca href=\"https://redirect.github.com/moby/spdystream/pull/107\"\u003emoby/spdystream#107\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003euse ioutil.Discard for go1.13 compatibility \u003ca href=\"https://redirect.github.com/moby/spdystream/pull/109\"\u003emoby/spdystream#109\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/moby/spdystream/compare/v0.5.0...v0.5.1\"\u003ehttps://github.com/moby/spdystream/compare/v0.5.0...v0.5.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/c59e5d73daa301bde452ea77545bdf51e32554a2\"\u003e\u003ccode\u003ec59e5d7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/moby/spdystream/issues/109\"\u003e#109\u003c/a\u003e from thaJeztah/use_ioutil\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/2fd0155e904f1f9b834b8460e8fdb8522bb59f84\"\u003e\u003ccode\u003e2fd0155\u003c/code\u003e\u003c/a\u003e use ioutil.Discard for go1.13 compatibility\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/ef6121f62c730110bf5ae604a865a8613bfb787f\"\u003e\u003ccode\u003eef6121f\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/241cec95b8f02919845dc4758f1f5310fc886739\"\u003e\u003ccode\u003e241cec9\u003c/code\u003e\u003c/a\u003e compare with signed Int for 32-bit Arm\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/21c38640c8c8f43173b17e5bc6690a5fa25d6935\"\u003e\u003ccode\u003e21c3864\u003c/code\u003e\u003c/a\u003e Add options to customize limits\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/acf9b456d06816c5cf23bf3892e13441f947d5fd\"\u003e\u003ccode\u003eacf9b45\u003c/code\u003e\u003c/a\u003e spdy: update godoc for MaxDataLength\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/eb6360582bf1343f485ca87b76efc9e72b49d690\"\u003e\u003ccode\u003eeb63605\u003c/code\u003e\u003c/a\u003e spdy: limit header-size and header-count\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/2f21da42eaab90f03a82fb03d0de8e91eb1d0fc6\"\u003e\u003ccode\u003e2f21da4\u003c/code\u003e\u003c/a\u003e spdy: fix header block byte accounting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/5976b6612f07a27f2e9a4de875485defb43b5d50\"\u003e\u003ccode\u003e5976b66\u003c/code\u003e\u003c/a\u003e spdy: enforce 24-bit frame length limits\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/cf0ec5d0fe4dbb2f3525f733946e0d0ddbfd5b13\"\u003e\u003ccode\u003ecf0ec5d\u003c/code\u003e\u003c/a\u003e Guard against oversized SPDY frames\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/moby/spdystream/compare/v0.5.0...v0.5.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/replicatedhq/replicated/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/replicatedhq/replicated/pull/697","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/replicatedhq%2Freplicated/issues/697","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/697/packages"},{"uuid":"4284189731","node_id":"PR_kwDOEAWiEc7TZH1w","number":7303,"state":"open","title":"chore(deps): bump github.com/moby/spdystream from 0.5.0 to 0.5.1 in /packages/autorag/bff","user":"dependabot[bot]","labels":["dependencies","needs-ok-to-test","go","area/autorag","area/components"],"assignees":[],"locked":false,"comments_count":3,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-04-17T17:10:37.000Z","updated_at":"2026-04-21T21:58:48.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps)","packages":[{"name":"github.com/moby/spdystream","old_version":"0.5.0","new_version":"0.5.1","repository_url":"https://github.com/moby/spdystream"}],"path":"/packages/autorag/bff","ecosystem":"go"},"body":"Bumps [github.com/moby/spdystream](https://github.com/moby/spdystream) from 0.5.0 to 0.5.1.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/moby/spdystream/releases\"\u003egithub.com/moby/spdystream's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.5.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003espdy: fix duplicate license headers, add LICENSE, PATENTS, and update NOTICE \u003ca href=\"https://redirect.github.com/moby/spdystream/pull/106\"\u003emoby/spdystream#106\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: update actions and test against latest Go versions \u003ca href=\"https://redirect.github.com/moby/spdystream/pull/107\"\u003emoby/spdystream#107\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003euse ioutil.Discard for go1.13 compatibility \u003ca href=\"https://redirect.github.com/moby/spdystream/pull/109\"\u003emoby/spdystream#109\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/moby/spdystream/compare/v0.5.0...v0.5.1\"\u003ehttps://github.com/moby/spdystream/compare/v0.5.0...v0.5.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/c59e5d73daa301bde452ea77545bdf51e32554a2\"\u003e\u003ccode\u003ec59e5d7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/moby/spdystream/issues/109\"\u003e#109\u003c/a\u003e from thaJeztah/use_ioutil\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/2fd0155e904f1f9b834b8460e8fdb8522bb59f84\"\u003e\u003ccode\u003e2fd0155\u003c/code\u003e\u003c/a\u003e use ioutil.Discard for go1.13 compatibility\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/ef6121f62c730110bf5ae604a865a8613bfb787f\"\u003e\u003ccode\u003eef6121f\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/241cec95b8f02919845dc4758f1f5310fc886739\"\u003e\u003ccode\u003e241cec9\u003c/code\u003e\u003c/a\u003e compare with signed Int for 32-bit Arm\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/21c38640c8c8f43173b17e5bc6690a5fa25d6935\"\u003e\u003ccode\u003e21c3864\u003c/code\u003e\u003c/a\u003e Add options to customize limits\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/acf9b456d06816c5cf23bf3892e13441f947d5fd\"\u003e\u003ccode\u003eacf9b45\u003c/code\u003e\u003c/a\u003e spdy: update godoc for MaxDataLength\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/eb6360582bf1343f485ca87b76efc9e72b49d690\"\u003e\u003ccode\u003eeb63605\u003c/code\u003e\u003c/a\u003e spdy: limit header-size and header-count\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/2f21da42eaab90f03a82fb03d0de8e91eb1d0fc6\"\u003e\u003ccode\u003e2f21da4\u003c/code\u003e\u003c/a\u003e spdy: fix header block byte accounting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/5976b6612f07a27f2e9a4de875485defb43b5d50\"\u003e\u003ccode\u003e5976b66\u003c/code\u003e\u003c/a\u003e spdy: enforce 24-bit frame length limits\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/cf0ec5d0fe4dbb2f3525f733946e0d0ddbfd5b13\"\u003e\u003ccode\u003ecf0ec5d\u003c/code\u003e\u003c/a\u003e Guard against oversized SPDY frames\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/moby/spdystream/compare/v0.5.0...v0.5.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/moby/spdystream\u0026package-manager=go_modules\u0026previous-version=0.5.0\u0026new-version=0.5.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/opendatahub-io/odh-dashboard/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/opendatahub-io/odh-dashboard/pull/7303","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/opendatahub-io%2Fodh-dashboard/issues/7303","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/7303/packages"},{"uuid":"4281117277","node_id":"PR_kwDOKLUTNs7TPLh6","number":97,"state":"open","title":"feat(deps): bump the gomod-deps group with 22 updates","user":"dependabot[bot]","labels":[],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-04-17T08:06:40.000Z","updated_at":"2026-04-17T08:06:41.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"feat(deps): bump","group_name":"gomod-deps","update_count":22,"packages":[{"name":"github.com/evanphx/json-patch","old_version":"5.6.0+incompatible","new_version":"5.9.11+incompatible","repository_url":"https://github.com/evanphx/json-patch"},{"name":"github.com/gin-gonic/gin","old_version":"1.9.1","new_version":"1.12.0","repository_url":"https://github.com/gin-gonic/gin"},{"name":"github.com/go-playground/validator/v10","old_version":"10.15.1","new_version":"10.30.1","repository_url":"https://github.com/go-playground/validator"},{"name":"github.com/google/go-cmp","old_version":"0.5.9","new_version":"0.7.0","repository_url":"https://github.com/google/go-cmp"},{"name":"github.com/google/uuid","old_version":"1.3.1","new_version":"1.6.0","repository_url":"https://github.com/google/uuid"},{"name":"github.com/moby/spdystream","old_version":"0.2.0","new_version":"0.5.1","repository_url":"https://github.com/moby/spdystream"},{"name":"github.com/moby/term","old_version":"0.5.0","new_version":"0.5.2","repository_url":"https://github.com/moby/term"},{"name":"github.com/sony/sonyflake","old_version":"1.2.0","new_version":"1.3.0","repository_url":"https://github.com/sony/sonyflake"},{"name":"github.com/spf13/pflag","old_version":"1.0.5","new_version":"1.0.10","repository_url":"https://github.com/spf13/pflag"},{"name":"github.com/stretchr/testify","old_version":"1.8.4","new_version":"1.11.1","repository_url":"https://github.com/stretchr/testify"},{"name":"golang.org/x/crypto","old_version":"0.12.0","new_version":"0.48.0","repository_url":"https://github.com/golang/crypto"},{"name":"golang.org/x/net","old_version":"0.14.0","new_version":"0.51.0","repository_url":"https://github.com/golang/net"},{"name":"golang.org/x/sync","old_version":"0.3.0","new_version":"0.19.0","repository_url":"https://github.com/golang/sync"},{"name":"golang.org/x/time","old_version":"0.3.0","new_version":"0.15.0","repository_url":"https://github.com/golang/time"},{"name":"gorm.io/gorm","old_version":"1.25.4","new_version":"1.31.1","repository_url":"https://github.com/go-gorm/gorm"},{"name":"k8s.io/apimachinery","old_version":"0.28.1","new_version":"0.35.4","repository_url":"https://github.com/kubernetes/apimachinery"},{"name":"k8s.io/klog/v2","old_version":"2.100.1","new_version":"2.130.1","repository_url":"https://github.com/kubernetes/klog"},{"name":"k8s.io/kube-openapi","old_version":"0.0.0-20230816210353-14e408962443","new_version":"0.0.0-20250910181357-589584f1c912","repository_url":"https://github.com/kubernetes/kube-openapi"},{"name":"k8s.io/utils","old_version":"0.0.0-20230726121419-3b25d923346b","new_version":"0.0.0-20251002143259-bc988d571ff4","repository_url":"https://github.com/kubernetes/utils"},{"name":"sigs.k8s.io/json","old_version":"0.0.0-20221116044647-bc3834ca7abd","new_version":"0.0.0-20250730193827-2d320260d730","repository_url":"https://github.com/kubernetes-sigs/json"},{"name":"sigs.k8s.io/structured-merge-diff/v4","old_version":"4.3.0","new_version":"4.7.0","repository_url":"https://github.com/kubernetes-sigs/structured-merge-diff"},{"name":"sigs.k8s.io/yaml","old_version":"1.3.0","new_version":"1.6.0","repository_url":"https://github.com/kubernetes-sigs/yaml"}],"path":null,"ecosystem":"go"},"body":"Bumps the gomod-deps group with 22 updates:\n\n| Package | From | To |\n| --- | --- | --- |\n| [github.com/evanphx/json-patch](https://github.com/evanphx/json-patch) | `5.6.0+incompatible` | `5.9.11+incompatible` |\n| [github.com/gin-gonic/gin](https://github.com/gin-gonic/gin) | `1.9.1` | `1.12.0` |\n| [github.com/go-playground/validator/v10](https://github.com/go-playground/validator) | `10.15.1` | `10.30.1` |\n| [github.com/google/go-cmp](https://github.com/google/go-cmp) | `0.5.9` | `0.7.0` |\n| [github.com/google/uuid](https://github.com/google/uuid) | `1.3.1` | `1.6.0` |\n| [github.com/moby/spdystream](https://github.com/moby/spdystream) | `0.2.0` | `0.5.1` |\n| [github.com/moby/term](https://github.com/moby/term) | `0.5.0` | `0.5.2` |\n| [github.com/sony/sonyflake](https://github.com/sony/sonyflake) | `1.2.0` | `1.3.0` |\n| [github.com/spf13/pflag](https://github.com/spf13/pflag) | `1.0.5` | `1.0.10` |\n| [github.com/stretchr/testify](https://github.com/stretchr/testify) | `1.8.4` | `1.11.1` |\n| [golang.org/x/crypto](https://github.com/golang/crypto) | `0.12.0` | `0.48.0` |\n| [golang.org/x/net](https://github.com/golang/net) | `0.14.0` | `0.51.0` |\n| [golang.org/x/sync](https://github.com/golang/sync) | `0.3.0` | `0.19.0` |\n| [golang.org/x/time](https://github.com/golang/time) | `0.3.0` | `0.15.0` |\n| [gorm.io/gorm](https://github.com/go-gorm/gorm) | `1.25.4` | `1.31.1` |\n| [k8s.io/apimachinery](https://github.com/kubernetes/apimachinery) | `0.28.1` | `0.35.4` |\n| [k8s.io/klog/v2](https://github.com/kubernetes/klog) | `2.100.1` | `2.130.1` |\n| [k8s.io/kube-openapi](https://github.com/kubernetes/kube-openapi) | `0.0.0-20230816210353-14e408962443` | `0.0.0-20250910181357-589584f1c912` |\n| [k8s.io/utils](https://github.com/kubernetes/utils) | `0.0.0-20230726121419-3b25d923346b` | `0.0.0-20251002143259-bc988d571ff4` |\n| [sigs.k8s.io/json](https://github.com/kubernetes-sigs/json) | `0.0.0-20221116044647-bc3834ca7abd` | `0.0.0-20250730193827-2d320260d730` |\n| [sigs.k8s.io/structured-merge-diff/v4](https://github.com/kubernetes-sigs/structured-merge-diff) | `4.3.0` | `4.7.0` |\n| [sigs.k8s.io/yaml](https://github.com/kubernetes-sigs/yaml) | `1.3.0` | `1.6.0` |\n\nUpdates `github.com/evanphx/json-patch` from 5.6.0+incompatible to 5.9.11+incompatible\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/evanphx/json-patch/releases\"\u003egithub.com/evanphx/json-patch's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.9.11\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eExport errBadJSONDoc and errBadJSONPatch errors by \u003ca href=\"https://github.com/skitt\"\u003e\u003ccode\u003e@​skitt\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/evanphx/json-patch/pull/209\"\u003eevanphx/json-patch#209\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/evanphx/json-patch/compare/v5.9.10...v5.9.11\"\u003ehttps://github.com/evanphx/json-patch/compare/v5.9.10...v5.9.11\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.9.10\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDrop the reference to gopkg.in for v5 by \u003ca href=\"https://github.com/skitt\"\u003e\u003ccode\u003e@​skitt\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/evanphx/json-patch/pull/203\"\u003eevanphx/json-patch#203\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eremove unmaintained errors pkg(github.com/pkg/errors) by \u003ca href=\"https://github.com/koba1t\"\u003e\u003ccode\u003e@​koba1t\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/evanphx/json-patch/pull/206\"\u003eevanphx/json-patch#206\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/skitt\"\u003e\u003ccode\u003e@​skitt\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/evanphx/json-patch/pull/203\"\u003eevanphx/json-patch#203\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/koba1t\"\u003e\u003ccode\u003e@​koba1t\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/evanphx/json-patch/pull/206\"\u003eevanphx/json-patch#206\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/evanphx/json-patch/compare/v5.9.0...v5.9.10\"\u003ehttps://github.com/evanphx/json-patch/compare/v5.9.0...v5.9.10\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.9.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eValidate that the partialDoc is decoded correctly by \u003ca href=\"https://github.com/evanphx\"\u003e\u003ccode\u003e@​evanphx\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/evanphx/json-patch/pull/201\"\u003eevanphx/json-patch#201\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd option to control if the output is HTMLEscaped by \u003ca href=\"https://github.com/evanphx\"\u003e\u003ccode\u003e@​evanphx\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/evanphx/json-patch/pull/202\"\u003eevanphx/json-patch#202\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/evanphx/json-patch/compare/v5.8.1...v5.9.0\"\u003ehttps://github.com/evanphx/json-patch/compare/v5.8.1...v5.9.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eFix API breakage\u003c/h2\u003e\n\u003cp\u003eThis PR fixes Operation containing a reference to internal/json and breaking the ability to manually compose one. This restores that ability using a type alias.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/evanphx/json-patch/compare/v5.8.0...v5.8.1\"\u003ehttps://github.com/evanphx/json-patch/compare/v5.8.0...v5.8.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eBlargh Phixs and Empathyprovements\u003c/h2\u003e\n\u003cp\u003eThis release fixes a few stray panics, addresses large number accuracy, and improves performance!\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCompare strings after decoding them to handle unicode correctly. Fixes \u003ca href=\"https://redirect.github.com/evanphx/json-patch/issues/172\"\u003e#172\u003c/a\u003e by \u003ca href=\"https://github.com/evanphx\"\u003e\u003ccode\u003e@​evanphx\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/evanphx/json-patch/pull/195\"\u003eevanphx/json-patch#195\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAlways use UseNumber() to avoid float64 lossyness by \u003ca href=\"https://github.com/evanphx\"\u003e\u003ccode\u003e@​evanphx\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/evanphx/json-patch/pull/194\"\u003eevanphx/json-patch#194\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eHandle null correctly when introduced by replace. Fixes \u003ca href=\"https://redirect.github.com/evanphx/json-patch/issues/171\"\u003e#171\u003c/a\u003e by \u003ca href=\"https://github.com/evanphx\"\u003e\u003ccode\u003e@​evanphx\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/evanphx/json-patch/pull/196\"\u003eevanphx/json-patch#196\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eHandle from=\u0026quot;\u0026quot; more properly. Fixes \u003ca href=\"https://redirect.github.com/evanphx/json-patch/issues/192\"\u003e#192\u003c/a\u003e by \u003ca href=\"https://github.com/evanphx\"\u003e\u003ccode\u003e@​evanphx\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/evanphx/json-patch/pull/193\"\u003eevanphx/json-patch#193\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImprove performance by \u003ca href=\"https://github.com/evanphx\"\u003e\u003ccode\u003e@​evanphx\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/evanphx/json-patch/pull/197\"\u003eevanphx/json-patch#197\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/evanphx/json-patch/compare/v5.7.0...v5.8.0\"\u003ehttps://github.com/evanphx/json-patch/compare/v5.7.0...v5.8.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eThe 2023 Release\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix invalid sprintf by \u003ca href=\"https://github.com/howardjohn\"\u003e\u003ccode\u003e@​howardjohn\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/evanphx/json-patch/pull/152\"\u003eevanphx/json-patch#152\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd CIFuzz GitHub action by \u003ca href=\"https://github.com/DavidKorczynski\"\u003e\u003ccode\u003e@​DavidKorczynski\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/evanphx/json-patch/pull/167\"\u003eevanphx/json-patch#167\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eREADME: Remove Travis by \u003ca href=\"https://github.com/ohkinozomu\"\u003e\u003ccode\u003e@​ohkinozomu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/evanphx/json-patch/pull/164\"\u003eevanphx/json-patch#164\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdated min supported version to go 1.18 by \u003ca href=\"https://github.com/Neo2308\"\u003e\u003ccode\u003e@​Neo2308\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/evanphx/json-patch/pull/181\"\u003eevanphx/json-patch#181\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded dependabot by \u003ca href=\"https://github.com/Neo2308\"\u003e\u003ccode\u003e@​Neo2308\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/evanphx/json-patch/pull/182\"\u003eevanphx/json-patch#182\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanphx/json-patch/commit/84a4bb100ade42a86fce2647c95a7dbcbf569cb2\"\u003e\u003ccode\u003e84a4bb1\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/evanphx/json-patch/issues/209\"\u003e#209\u003c/a\u003e from skitt/export-errs-v5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanphx/json-patch/commit/7a7a88a24da9cb98ad9c90c91e2a50ab9943f84f\"\u003e\u003ccode\u003e7a7a88a\u003c/code\u003e\u003c/a\u003e Export errBadJSONDoc and errBadJSONPatch errors\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanphx/json-patch/commit/bd18525ff3c7e480b7004a90e7b37248fdb21006\"\u003e\u003ccode\u003ebd18525\u003c/code\u003e\u003c/a\u003e Upgrade go-flags\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanphx/json-patch/commit/42f26cb0cc22ff3a1136ae2ae803692044b59849\"\u003e\u003ccode\u003e42f26cb\u003c/code\u003e\u003c/a\u003e Fix spacing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanphx/json-patch/commit/0a3482b56b0cfd50e8cd430a893dbf1bff4b7a7f\"\u003e\u003ccode\u003e0a3482b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/evanphx/json-patch/issues/206\"\u003e#206\u003c/a\u003e from koba1t/remove_unmaintained_error_pkg\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanphx/json-patch/commit/106306d7fea7e067cf9aaf297f98f9c34a918074\"\u003e\u003ccode\u003e106306d\u003c/code\u003e\u003c/a\u003e remove unmaintained errors pkg\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanphx/json-patch/commit/e7cfbbbcc6e301d230bd304f4996348a4ea33191\"\u003e\u003ccode\u003ee7cfbbb\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/evanphx/json-patch/issues/203\"\u003e#203\u003c/a\u003e from skitt/drop-gopkgin-v5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanphx/json-patch/commit/61e1ad78ab35800ee5e25ed36bf2dc5a0a4c1a73\"\u003e\u003ccode\u003e61e1ad7\u003c/code\u003e\u003c/a\u003e Drop the reference to gopkg.in for v5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanphx/json-patch/commit/b7a4e4a87a35414cd02460dac07e879df729df37\"\u003e\u003ccode\u003eb7a4e4a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/evanphx/json-patch/issues/202\"\u003e#202\u003c/a\u003e from evanphx/f-html-escape\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanphx/json-patch/commit/7eef36c732df996ab6508bfb5cee17a7763097f1\"\u003e\u003ccode\u003e7eef36c\u003c/code\u003e\u003c/a\u003e Guard using options to avoid a crash bug\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/evanphx/json-patch/compare/v5.6.0...v5.9.11\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/gin-gonic/gin` from 1.9.1 to 1.12.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/gin-gonic/gin/releases\"\u003egithub.com/gin-gonic/gin's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.12.0\u003c/h2\u003e\n\u003ch2\u003eChangelog\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e192ac89eefc1c30f7c97ae48a9ffb1c6f1c8c8bc: feat(binding): add support for encoding.UnmarshalText in uri/query binding (\u003ca href=\"https://redirect.github.com/gin-gonic/gin/issues/4203\"\u003e#4203\u003c/a\u003e) (\u003ca href=\"https://github.com/takanuva15\"\u003e\u003ccode\u003e@​takanuva15\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e53410d2e07054369e0960fbe2eed97e1b9966f12: feat(context): add GetError and GetErrorSlice methods for error retrieval (\u003ca href=\"https://redirect.github.com/gin-gonic/gin/issues/4502\"\u003e#4502\u003c/a\u003e) (\u003ca href=\"https://github.com/raju-mechatronics\"\u003e\u003ccode\u003e@​raju-mechatronics\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eacc55e049e33b401e810dbd8c0d6dcb6b3ba2b05: feat(context): add Protocol Buffers support to content negotiation (\u003ca href=\"https://redirect.github.com/gin-gonic/gin/issues/4423\"\u003e#4423\u003c/a\u003e) (\u003ca href=\"https://github.com/1911860538\"\u003e\u003ccode\u003e@​1911860538\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e38e765119241d990705169bedb5002a29ae0cbd1: feat(context): implemented Delete method (\u003ca href=\"https://github.com/Spyder01\"\u003e\u003ccode\u003e@​Spyder01\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e771dcc6476d7bc6abb9ec0235ecefa4d38fe6fb0: feat(gin): add option to use escaped path (\u003ca href=\"https://redirect.github.com/gin-gonic/gin/issues/4420\"\u003e#4420\u003c/a\u003e) (\u003ca href=\"https://github.com/ldesauw\"\u003e\u003ccode\u003e@​ldesauw\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e4dec17afdff48e8018c83618fbbe69fceeb2b41d: feat(logger): color latency (\u003ca href=\"https://redirect.github.com/gin-gonic/gin/issues/4146\"\u003e#4146\u003c/a\u003e) (\u003ca href=\"https://github.com/wsyqn6\"\u003e\u003ccode\u003e@​wsyqn6\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ed7776de7d444935ea4385999711bd6331a98fecb: feat(render): add bson protocol (\u003ca href=\"https://redirect.github.com/gin-gonic/gin/issues/4145\"\u003e#4145\u003c/a\u003e) (\u003ca href=\"https://github.com/laurentcau\"\u003e\u003ccode\u003e@​laurentcau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eb917b14ff9d189f16a7492be79d123a47806ee19: fix(binding): empty value error (\u003ca href=\"https://redirect.github.com/gin-gonic/gin/issues/2169\"\u003e#2169\u003c/a\u003e) (\u003ca href=\"https://github.com/guonaihong\"\u003e\u003ccode\u003e@​guonaihong\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ec3d1092b3b48addf6f9cd00fe274ec3bd14650eb: fix(binding): improve empty slice/array handling in form binding (\u003ca href=\"https://redirect.github.com/gin-gonic/gin/issues/4380\"\u003e#4380\u003c/a\u003e) (\u003ca href=\"https://github.com/1911860538\"\u003e\u003ccode\u003e@​1911860538\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e9914178584e42458ff7d23891463a880f58c9d86: fix(context): ClientIP handling for multiple X-Forwarded-For header values (\u003ca href=\"https://redirect.github.com/gin-gonic/gin/issues/4472\"\u003e#4472\u003c/a\u003e) (\u003ca href=\"https://github.com/Nurysso\"\u003e\u003ccode\u003e@​Nurysso\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e2a794cd0b0faa7d829291375b27a3467ea972b0d: fix(debug): version mismatch (\u003ca href=\"https://redirect.github.com/gin-gonic/gin/issues/4403\"\u003e#4403\u003c/a\u003e) (\u003ca href=\"https://github.com/zeek0x\"\u003e\u003ccode\u003e@​zeek0x\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ec3d5a28ed6d3849da820195b6774d212bcc038a9: fix(gin): close os.File in RunFd to prevent resource leak (\u003ca href=\"https://redirect.github.com/gin-gonic/gin/issues/4422\"\u003e#4422\u003c/a\u003e) (\u003ca href=\"https://github.com/1911860538\"\u003e\u003ccode\u003e@​1911860538\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e5fad976b372e381312f8de69f0969f1284d229d3: fix(gin): literal colon routes not working with engine.Handler() (\u003ca href=\"https://redirect.github.com/gin-gonic/gin/issues/4415\"\u003e#4415\u003c/a\u003e) (\u003ca href=\"https://github.com/pawannn\"\u003e\u003ccode\u003e@​pawannn\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e63dd3e60cab89c27fb66bce1423bd268d52abad1: fix(recover): suppress http.ErrAbortHandler in recover (\u003ca href=\"https://redirect.github.com/gin-gonic/gin/issues/4336\"\u003e#4336\u003c/a\u003e) (\u003ca href=\"https://github.com/MondayCha\"\u003e\u003ccode\u003e@​MondayCha\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e5c00df8afadd06cc5be530dde00fe6d9fa4a2e4a: fix(render): write content length in Data.Render (\u003ca href=\"https://redirect.github.com/gin-gonic/gin/issues/4206\"\u003e#4206\u003c/a\u003e) (\u003ca href=\"https://github.com/dengaleev\"\u003e\u003ccode\u003e@​dengaleev\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e234a6d4c00cb77af9852aca0b8289745d5529b4b: fix(response): refine hijack behavior for response lifecycle (\u003ca href=\"https://redirect.github.com/gin-gonic/gin/issues/4373\"\u003e#4373\u003c/a\u003e) (\u003ca href=\"https://github.com/appleboy\"\u003e\u003ccode\u003e@​appleboy\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e472d086af2acd924cb4b9d7be0525f7d790f69bc: fix(tree): panic in findCaseInsensitivePathRec with RedirectFixedPath (\u003ca href=\"https://redirect.github.com/gin-gonic/gin/issues/4535\"\u003e#4535\u003c/a\u003e) (\u003ca href=\"https://github.com/veeceey\"\u003e\u003ccode\u003e@​veeceey\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e8e07d37c63e5536eb25f4af4c91eabeee4011fba: fix: Correct typos, improve documentation clarity, and remove dead code (\u003ca href=\"https://redirect.github.com/gin-gonic/gin/issues/4511\"\u003e#4511\u003c/a\u003e) (\u003ca href=\"https://github.com/mahanadh\"\u003e\u003ccode\u003e@​mahanadh\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eEnhancements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eba093d19477b896ac89a7fc3246af23d290b8e26: chore(binding): upgrade bson dependency to mongo-driver v2 (\u003ca href=\"https://redirect.github.com/gin-gonic/gin/issues/4549\"\u003e#4549\u003c/a\u003e) (\u003ca href=\"https://github.com/BobDu\"\u003e\u003ccode\u003e@​BobDu\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eb2b489dbf4826c2c630717a77fd5e42774625410: chore(context): always trust xff headers from unix socket (\u003ca href=\"https://redirect.github.com/gin-gonic/gin/issues/3359\"\u003e#3359\u003c/a\u003e) (\u003ca href=\"https://github.com/WeidiDeng\"\u003e\u003ccode\u003e@​WeidiDeng\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eecb3f7b5e2f3915bf1db240ed5eee572f8dbea36: chore(deps): upgrade golang.org/x/crypto to v0.45.0 (\u003ca href=\"https://redirect.github.com/gin-gonic/gin/issues/4449\"\u003e#4449\u003c/a\u003e) (\u003ca href=\"https://github.com/appleboy\"\u003e\u003ccode\u003e@​appleboy\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eaf6e8b70b8261bb0c99ad094fe552ab92991620a: chore(deps): upgrade quic-go to v0.57.1 (\u003ca href=\"https://github.com/appleboy\"\u003e\u003ccode\u003e@​appleboy\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edb309081bc5c137b2aa15701ef53f7f19788da25: chore(logger): allow skipping query string output (\u003ca href=\"https://redirect.github.com/gin-gonic/gin/issues/4547\"\u003e#4547\u003c/a\u003e) (\u003ca href=\"https://github.com/USA-RedDragon\"\u003e\u003ccode\u003e@​USA-RedDragon\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e26c3a628655cad2388380cb8102d6ce7d4875f3b: chore(response): prevent Flush() panic when \u003ccode\u003ehttp.Flusher\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/gin-gonic/gin/issues/4479\"\u003e#4479\u003c/a\u003e) (\u003ca href=\"https://github.com/Twacqwq\"\u003e\u003ccode\u003e@​Twacqwq\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e5dd833f1f26de0eb30eae47b17e05ced2482dc41: chore: bump minimum Go version to 1.24 and update workflows (\u003ca href=\"https://redirect.github.com/gin-gonic/gin/issues/4388\"\u003e#4388\u003c/a\u003e) (\u003ca href=\"https://github.com/appleboy\"\u003e\u003ccode\u003e@​appleboy\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eRefactor\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e39858a0859c914bd26948fa950477e11bd8d3823: refactor(binding): use maps.Copy for cleaner map handling (\u003ca href=\"https://redirect.github.com/gin-gonic/gin/issues/4352\"\u003e#4352\u003c/a\u003e) (\u003ca href=\"https://github.com/russcoss\"\u003e\u003ccode\u003e@​russcoss\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ec0048f645ee945c4db30593afdea10123e2c30a6: refactor(context): omit the return value names (\u003ca href=\"https://redirect.github.com/gin-gonic/gin/issues/4395\"\u003e#4395\u003c/a\u003e) (\u003ca href=\"https://github.com/wanghaolong613\"\u003e\u003ccode\u003e@​wanghaolong613\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e915e4c90d28ec4cffc6eb146e208ab5a65eac772: refactor(context): replace hardcoded localhost IPs with constants (\u003ca href=\"https://redirect.github.com/gin-gonic/gin/issues/4481\"\u003e#4481\u003c/a\u003e) (\u003ca href=\"https://github.com/pauloappbr\"\u003e\u003ccode\u003e@​pauloappbr\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e414de60574449457f3192a7a1d5528940db2836d: refactor(context): using maps.Clone (\u003ca href=\"https://redirect.github.com/gin-gonic/gin/issues/4333\"\u003e#4333\u003c/a\u003e) (\u003ca href=\"https://github.com/cuiweixie\"\u003e\u003ccode\u003e@​cuiweixie\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e59e9d4a794f12c4f9a6c7bed441b9644e5f6d99b: refactor(ginS): use sync.OnceValue to simplify engine function (\u003ca href=\"https://redirect.github.com/gin-gonic/gin/issues/4314\"\u003e#4314\u003c/a\u003e) (\u003ca href=\"https://github.com/1911860538\"\u003e\u003ccode\u003e@​1911860538\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e3ab698dc5110af1977d57226e4995c57dd34c233: refactor(recovery): smart error comparison (\u003ca href=\"https://redirect.github.com/gin-gonic/gin/issues/4142\"\u003e#4142\u003c/a\u003e) (\u003ca href=\"https://github.com/zeek0x\"\u003e\u003ccode\u003e@​zeek0x\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ed1a15347b1e45a8ee816193d3578a93bfd73b70f: refactor(utils): move util functions to utils.go (\u003ca href=\"https://redirect.github.com/gin-gonic/gin/issues/4467\"\u003e#4467\u003c/a\u003e) (\u003ca href=\"https://github.com/zeek0x\"\u003e\u003ccode\u003e@​zeek0x\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ee3118cc378d263454098924ebbde7e8d1dd2e904: refactor: for loop can be modernized using range over int (\u003ca href=\"https://redirect.github.com/gin-gonic/gin/issues/4392\"\u003e#4392\u003c/a\u003e) (\u003ca href=\"https://github.com/wanghaolong613\"\u003e\u003ccode\u003e@​wanghaolong613\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e488f8c3ffa579a8d19beb2bae95ff8ef36b3d53f: refactor: replace magic numbers with named constants in bodyAllowedForStatus (\u003ca href=\"https://redirect.github.com/gin-gonic/gin/issues/4529\"\u003e#4529\u003c/a\u003e) (\u003ca href=\"https://github.com/veeceey\"\u003e\u003ccode\u003e@​veeceey\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e9968c4bf9d5a99edc3eee2c068a4c9160ece8915: refactor: use b.Loop() to simplify the code and improve performance (\u003ca href=\"https://redirect.github.com/gin-gonic/gin/issues/4389\"\u003e#4389\u003c/a\u003e) (\u003ca href=\"https://github.com/reddaisyy\"\u003e\u003ccode\u003e@​reddaisyy\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ea85ef5ce4d0cda8834c59c855068ed48b51192d1: refactor: use b.Loop() to simplify the code and improve performance (\u003ca href=\"https://redirect.github.com/gin-gonic/gin/issues/4432\"\u003e#4432\u003c/a\u003e) (\u003ca href=\"https://github.com/efcking\"\u003e\u003ccode\u003e@​efcking\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBuild process updates\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e61b67de522a189b568aced4c5c16917c558e3387: ci(bot): increase frequency and group updates for dependencies (\u003ca href=\"https://redirect.github.com/gin-gonic/gin/issues/4367\"\u003e#4367\u003c/a\u003e) (\u003ca href=\"https://github.com/appleboy\"\u003e\u003ccode\u003e@​appleboy\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efb27ef26c2fdfe25344b4c039d8a53551f9e912c: ci(lint): refactor test assertions and linter configuration (\u003ca href=\"https://redirect.github.com/gin-gonic/gin/issues/4436\"\u003e#4436\u003c/a\u003e) (\u003ca href=\"https://github.com/appleboy\"\u003e\u003ccode\u003e@​appleboy\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e93ff771e6dbf10e432864b30f3719ac5c84a4d4a: ci(sec): improve type safety and server organization in HTTP middleware (\u003ca href=\"https://redirect.github.com/gin-gonic/gin/issues/4437\"\u003e#4437\u003c/a\u003e) (\u003ca href=\"https://github.com/appleboy\"\u003e\u003ccode\u003e@​appleboy\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ee88fc8927a52b74f55bec0351604a56ac0aa1c51: ci(sec): schedule Trivy security scans to run daily at midnight UTC (\u003ca href=\"https://redirect.github.com/gin-gonic/gin/issues/4439\"\u003e#4439\u003c/a\u003e) (\u003ca href=\"https://github.com/appleboy\"\u003e\u003ccode\u003e@​appleboy\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e5e5ff3ace496a31b138b0820136a146bfb5de0ef: ci: replace vulnerability scanning workflow with Trivy integration (\u003ca href=\"https://redirect.github.com/gin-gonic/gin/issues/4421\"\u003e#4421\u003c/a\u003e) (\u003ca href=\"https://github.com/appleboy\"\u003e\u003ccode\u003e@​appleboy\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e00900fb3e1ea9dde33985a0e4f6afec793d5e786: ci: update CI workflows and standardize Trivy config quotes (\u003ca href=\"https://redirect.github.com/gin-gonic/gin/issues/4531\"\u003e#4531\u003c/a\u003e) (\u003ca href=\"https://github.com/appleboy\"\u003e\u003ccode\u003e@​appleboy\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eae3f524974fc4f55d18c9e7fae4614503c015226: ci: update Go version support to 1.25+ across CI and docs (\u003ca href=\"https://redirect.github.com/gin-gonic/gin/issues/4550\"\u003e#4550\u003c/a\u003e) (\u003ca href=\"https://github.com/appleboy\"\u003e\u003ccode\u003e@​appleboy\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/gin-gonic/gin/blob/master/CHANGELOG.md\"\u003egithub.com/gin-gonic/gin's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eGin v1.12.0\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efeat(render): add bson protocol (\u003ca href=\"https://redirect.github.com/gin-gonic/gin/pull/4145\"\u003e#4145\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efeat(context): add GetError and GetErrorSlice methods for error retrieval (\u003ca href=\"https://redirect.github.com/gin-gonic/gin/pull/4502\"\u003e#4502\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efeat(binding): add support for encoding.UnmarshalText in uri/query binding (\u003ca href=\"https://redirect.github.com/gin-gonic/gin/pull/4203\"\u003e#4203\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efeat(gin): add option to use escaped path (\u003ca href=\"https://redirect.github.com/gin-gonic/gin/pull/4420\"\u003e#4420\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efeat(context): add Protocol Buffers support to content negotiation (\u003ca href=\"https://redirect.github.com/gin-gonic/gin/pull/4423\"\u003e#4423\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efeat(context): implemented Delete method (\u003ca href=\"https://github.com/gin-gonic/gin/commit/38e7651\"\u003e#38e7651\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efeat(logger): color latency (\u003ca href=\"https://redirect.github.com/gin-gonic/gin/pull/4146\"\u003e#4146\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eEnhancements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eperf(tree): reduce allocations in findCaseInsensitivePath (\u003ca href=\"https://redirect.github.com/gin-gonic/gin/pull/4417\"\u003e#4417\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eperf(recovery): optimize line reading in stack function (\u003ca href=\"https://redirect.github.com/gin-gonic/gin/pull/4466\"\u003e#4466\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eperf(path): replace regex with custom functions in redirectTrailingSlash (\u003ca href=\"https://redirect.github.com/gin-gonic/gin/pull/4414\"\u003e#4414\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eperf(tree): optimize path parsing using strings.Count (\u003ca href=\"https://redirect.github.com/gin-gonic/gin/pull/4246\"\u003e#4246\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore(logger): allow skipping query string output (\u003ca href=\"https://redirect.github.com/gin-gonic/gin/pull/4547\"\u003e#4547\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore(context): always trust xff headers from unix socket (\u003ca href=\"https://redirect.github.com/gin-gonic/gin/pull/3359\"\u003e#3359\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore(response): prevent Flush() panic when the underlying ResponseWriter does not implement \u003ccode\u003ehttp.Flusher\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/gin-gonic/gin/pull/4479\"\u003e#4479\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003erefactor(recovery): smart error comparison (\u003ca href=\"https://redirect.github.com/gin-gonic/gin/pull/4142\"\u003e#4142\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003erefactor(context): replace hardcoded localhost IPs with constants (\u003ca href=\"https://redirect.github.com/gin-gonic/gin/pull/4481\"\u003e#4481\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003erefactor(utils): move util functions to utils.go (\u003ca href=\"https://redirect.github.com/gin-gonic/gin/pull/4467\"\u003e#4467\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003erefactor(binding): use maps.Copy for cleaner map handling (\u003ca href=\"https://redirect.github.com/gin-gonic/gin/pull/4352\"\u003e#4352\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003erefactor(context): using maps.Clone (\u003ca href=\"https://redirect.github.com/gin-gonic/gin/pull/4333\"\u003e#4333\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003erefactor(ginS): use sync.OnceValue to simplify engine function (\u003ca href=\"https://redirect.github.com/gin-gonic/gin/pull/4314\"\u003e#4314\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003erefactor: replace magic numbers with named constants in bodyAllowedForStatus (\u003ca href=\"https://redirect.github.com/gin-gonic/gin/pull/4529\"\u003e#4529\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003erefactor: for loop can be modernized using range over int (\u003ca href=\"https://redirect.github.com/gin-gonic/gin/pull/4392\"\u003e#4392\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efix(tree): panic in findCaseInsensitivePathRec with RedirectFixedPath (\u003ca href=\"https://redirect.github.com/gin-gonic/gin/pull/4535\"\u003e#4535\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix(render): write content length in Data.Render (\u003ca href=\"https://redirect.github.com/gin-gonic/gin/pull/4206\"\u003e#4206\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix(context): ClientIP handling for multiple X-Forwarded-For header values (\u003ca href=\"https://redirect.github.com/gin-gonic/gin/pull/4472\"\u003e#4472\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix(binding): empty value error (\u003ca href=\"https://redirect.github.com/gin-gonic/gin/pull/2169\"\u003e#2169\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix(recover): suppress http.ErrAbortHandler in recover (\u003ca href=\"https://redirect.github.com/gin-gonic/gin/pull/4336\"\u003e#4336\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix(gin): literal colon routes not working with engine.Handler() (\u003ca href=\"https://redirect.github.com/gin-gonic/gin/pull/4415\"\u003e#4415\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix(gin): close os.File in RunFd to prevent resource leak (\u003ca href=\"https://redirect.github.com/gin-gonic/gin/pull/4422\"\u003e#4422\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix(response): refine hijack behavior for response lifecycle (\u003ca href=\"https://redirect.github.com/gin-gonic/gin/pull/4373\"\u003e#4373\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix(binding): improve empty slice/array handling in form binding (\u003ca href=\"https://redirect.github.com/gin-gonic/gin/pull/4380\"\u003e#4380\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix(debug): version mismatch (\u003ca href=\"https://redirect.github.com/gin-gonic/gin/pull/4403\"\u003e#4403\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix: correct typos, improve documentation clarity, and remove dead code (\u003ca href=\"https://redirect.github.com/gin-gonic/gin/pull/4511\"\u003e#4511\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBuild process updates / CI\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eci: update Go version support to 1.25+ across CI and docs (\u003ca href=\"https://redirect.github.com/gin-gonic/gin/pull/4550\"\u003e#4550\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore(binding): upgrade bson dependency to mongo-driver v2 (\u003ca href=\"https://redirect.github.com/gin-gonic/gin/pull/4549\"\u003e#4549\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eGin v1.11.0\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gin-gonic/gin/commit/73726dc606796a025971fe451f0aa6f1b9b847f6\"\u003e\u003ccode\u003e73726dc\u003c/code\u003e\u003c/a\u003e docs: update documentation to reflect Go version changes (\u003ca href=\"https://redirect.github.com/gin-gonic/gin/issues/4552\"\u003e#4552\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gin-gonic/gin/commit/e292e5caa777bce70b66fe08c94cbe9cef3e2ec9\"\u003e\u003ccode\u003ee292e5c\u003c/code\u003e\u003c/a\u003e docs: document and finalize Gin v1.12.0 release (\u003ca href=\"https://redirect.github.com/gin-gonic/gin/issues/4551\"\u003e#4551\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gin-gonic/gin/commit/ae3f524974fc4f55d18c9e7fae4614503c015226\"\u003e\u003ccode\u003eae3f524\u003c/code\u003e\u003c/a\u003e ci: update Go version support to 1.25+ across CI and docs (\u003ca href=\"https://redirect.github.com/gin-gonic/gin/issues/4550\"\u003e#4550\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gin-gonic/gin/commit/38534e2bf98a06e1f62d6b24384e90b5f78699bf\"\u003e\u003ccode\u003e38534e2\u003c/code\u003e\u003c/a\u003e chore(deps): bump golang.org/x/net from 0.50.0 to 0.51.0 (\u003ca href=\"https://redirect.github.com/gin-gonic/gin/issues/4548\"\u003e#4548\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gin-gonic/gin/commit/472d086af2acd924cb4b9d7be0525f7d790f69bc\"\u003e\u003ccode\u003e472d086\u003c/code\u003e\u003c/a\u003e fix(tree): panic in findCaseInsensitivePathRec with RedirectFixedPath (\u003ca href=\"https://redirect.github.com/gin-gonic/gin/issues/4535\"\u003e#4535\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gin-gonic/gin/commit/fb2583442c4d9bccb75e6d26f1aa6e7c01950db6\"\u003e\u003ccode\u003efb25834\u003c/code\u003e\u003c/a\u003e test(context): use http.StatusContinue constant instead of magic number 100 (...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gin-gonic/gin/commit/6f1d5fe3cdb171a08928c3c9dd3fbcfc9ee1b521\"\u003e\u003ccode\u003e6f1d5fe\u003c/code\u003e\u003c/a\u003e test(render): add comprehensive error handling tests (\u003ca href=\"https://redirect.github.com/gin-gonic/gin/issues/4541\"\u003e#4541\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gin-gonic/gin/commit/5c00df8afadd06cc5be530dde00fe6d9fa4a2e4a\"\u003e\u003ccode\u003e5c00df8\u003c/code\u003e\u003c/a\u003e fix(render): write content length in Data.Render (\u003ca href=\"https://redirect.github.com/gin-gonic/gin/issues/4206\"\u003e#4206\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gin-gonic/gin/commit/db309081bc5c137b2aa15701ef53f7f19788da25\"\u003e\u003ccode\u003edb30908\u003c/code\u003e\u003c/a\u003e chore(logger): allow skipping query string output (\u003ca href=\"https://redirect.github.com/gin-gonic/gin/issues/4547\"\u003e#4547\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gin-gonic/gin/commit/ba093d19477b896ac89a7fc3246af23d290b8e26\"\u003e\u003ccode\u003eba093d1\u003c/code\u003e\u003c/a\u003e chore(binding): upgrade bson dependency to mongo-driver v2 (\u003ca href=\"https://redirect.github.com/gin-gonic/gin/issues/4549\"\u003e#4549\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/gin-gonic/gin/compare/v1.9.1...v1.12.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/go-playground/validator/v10` from 10.15.1 to 10.30.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/go-playground/validator/releases\"\u003egithub.com/go-playground/validator/v10's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRelease 10.30.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFeat: uds_exists validator by \u003ca href=\"https://github.com/barash-asenov\"\u003e\u003ccode\u003e@​barash-asenov\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-playground/validator/pull/1482\"\u003ego-playground/validator#1482\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Revert min limit of e164 regex by \u003ca href=\"https://github.com/zemzale\"\u003e\u003ccode\u003e@​zemzale\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-playground/validator/pull/1516\"\u003ego-playground/validator#1516\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix 1513 update ISO 3166-2 codes by \u003ca href=\"https://github.com/xyz27900\"\u003e\u003ccode\u003e@​xyz27900\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-playground/validator/pull/1514\"\u003ego-playground/validator#1514\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/barash-asenov\"\u003e\u003ccode\u003e@​barash-asenov\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-playground/validator/pull/1482\"\u003ego-playground/validator#1482\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xyz27900\"\u003e\u003ccode\u003e@​xyz27900\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-playground/validator/pull/1514\"\u003ego-playground/validator#1514\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/go-playground/validator/compare/v10.30.0...v10.30.1\"\u003ehttps://github.com/go-playground/validator/compare/v10.30.0...v10.30.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eRelease 10.30.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump golang.org/x/crypto from 0.45.0 to 0.46.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/go-playground/validator/pull/1504\"\u003ego-playground/validator#1504\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump github.com/gabriel-vasile/mimetype from 1.4.11 to 1.4.12 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/go-playground/validator/pull/1505\"\u003ego-playground/validator#1505\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: document omitzero by \u003ca href=\"https://github.com/minoritea\"\u003e\u003ccode\u003e@​minoritea\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-playground/validator/pull/1509\"\u003ego-playground/validator#1509\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: add missing translations for alpha validators by \u003ca href=\"https://github.com/shindonghwi\"\u003e\u003ccode\u003e@​shindonghwi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-playground/validator/pull/1510\"\u003ego-playground/validator#1510\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: resolve panic when using aliases with OR operator by \u003ca href=\"https://github.com/shindonghwi\"\u003e\u003ccode\u003e@​shindonghwi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-playground/validator/pull/1507\"\u003ego-playground/validator#1507\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: resolve panic when using cross-field validators with ValidateMap by \u003ca href=\"https://github.com/shindonghwi\"\u003e\u003ccode\u003e@​shindonghwi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-playground/validator/pull/1508\"\u003ego-playground/validator#1508\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/minoritea\"\u003e\u003ccode\u003e@​minoritea\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-playground/validator/pull/1509\"\u003ego-playground/validator#1509\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shindonghwi\"\u003e\u003ccode\u003e@​shindonghwi\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-playground/validator/pull/1510\"\u003ego-playground/validator#1510\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/go-playground/validator/compare/v10.29.0...v10.30.0\"\u003ehttps://github.com/go-playground/validator/compare/v10.29.0...v10.30.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev10.29.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: minor spelling fix in docs by \u003ca href=\"https://github.com/Perfect5th\"\u003e\u003ccode\u003e@​Perfect5th\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-playground/validator/pull/1472\"\u003ego-playground/validator#1472\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump golang.org/x/text from 0.29.0 to 0.30.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/go-playground/validator/pull/1473\"\u003ego-playground/validator#1473\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump golang.org/x/crypto from 0.42.0 to 0.43.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/go-playground/validator/pull/1474\"\u003ego-playground/validator#1474\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix integer overflows in test when run on 32bit systems by \u003ca href=\"https://github.com/gibmat\"\u003e\u003ccode\u003e@​gibmat\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-playground/validator/pull/1479\"\u003ego-playground/validator#1479\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: exclude modernize linter by \u003ca href=\"https://github.com/nodivbyzero\"\u003e\u003ccode\u003e@​nodivbyzero\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-playground/validator/pull/1487\"\u003ego-playground/validator#1487\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump golangci/golangci-lint-action from 8 to 9 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/go-playground/validator/pull/1490\"\u003ego-playground/validator#1490\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump github.com/gabriel-vasile/mimetype from 1.4.10 to 1.4.11 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/go-playground/validator/pull/1485\"\u003ego-playground/validator#1485\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport for ISO 9362:2022 BIC (SWIFT) codes by \u003ca href=\"https://github.com/fira42073\"\u003e\u003ccode\u003e@​fira42073\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-playground/validator/pull/1478\"\u003ego-playground/validator#1478\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump golang.org/x/crypto from 0.43.0 to 0.44.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/go-playground/validator/pull/1492\"\u003ego-playground/validator#1492\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix: validation now rejects phone codes starting with +0 by \u003ca href=\"https://github.com/nodivbyzero\"\u003e\u003ccode\u003e@​nodivbyzero\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-playground/validator/pull/1476\"\u003ego-playground/validator#1476\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump golang.org/x/crypto from 0.44.0 to 0.45.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/go-playground/validator/pull/1495\"\u003ego-playground/validator#1495\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/checkout from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/go-playground/validator/pull/1497\"\u003ego-playground/validator#1497\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix/1500:Update Sierra Leone currency code from SLL to SLE by \u003ca href=\"https://github.com/princekm096\"\u003e\u003ccode\u003e@​princekm096\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-playground/validator/pull/1501\"\u003ego-playground/validator#1501\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix/1481 skip invalid type validations by \u003ca href=\"https://github.com/KaranLathiya\"\u003e\u003ccode\u003e@​KaranLathiya\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-playground/validator/pull/1498\"\u003ego-playground/validator#1498\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix 1502 update ccy codes by \u003ca href=\"https://github.com/princekm096\"\u003e\u003ccode\u003e@​princekm096\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-playground/validator/pull/1503\"\u003ego-playground/validator#1503\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded alphanumspace string validator by \u003ca href=\"https://github.com/haribabuk113\"\u003e\u003ccode\u003e@​haribabuk113\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-playground/validator/pull/1484\"\u003ego-playground/validator#1484\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eexcluded_unless\u003c/code\u003e bug fix by \u003ca href=\"https://github.com/chargraves85\"\u003e\u003ccode\u003e@​chargraves85\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-playground/validator/pull/1307\"\u003ego-playground/validator#1307\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Perfect5th\"\u003e\u003ccode\u003e@​Perfect5th\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-playground/validator/pull/1472\"\u003ego-playground/validator#1472\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gibmat\"\u003e\u003ccode\u003e@​gibmat\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-playground/validator/pull/1479\"\u003ego-playground/validator#1479\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-playground/validator/commit/5010f83a6354aa3eac70826f74b87f73837ea10f\"\u003e\u003ccode\u003e5010f83\u003c/code\u003e\u003c/a\u003e Fix 1513 update ISO 3166-2 codes (\u003ca href=\"https://redirect.github.com/go-playground/validator/issues/1514\"\u003e#1514\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-playground/validator/commit/e8627a1e5f44830d04ff2e23d29182e2fc116936\"\u003e\u003ccode\u003ee8627a1\u003c/code\u003e\u003c/a\u003e fix: Revert min limit of e164 regex (\u003ca href=\"https://redirect.github.com/go-playground/validator/issues/1516\"\u003e#1516\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-playground/validator/commit/65b1bcc086b87a632009d8fc79f103dbff6f0cb2\"\u003e\u003ccode\u003e65b1bcc\u003c/code\u003e\u003c/a\u003e Feat: uds_exists validator (\u003ca href=\"https://redirect.github.com/go-playground/validator/issues/1482\"\u003e#1482\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-playground/validator/commit/e9b900c8d62465f85de0713979d929d770f5ce49\"\u003e\u003ccode\u003ee9b900c\u003c/code\u003e\u003c/a\u003e fix: resolve panic when using cross-field validators with ValidateMap (\u003ca href=\"https://redirect.github.com/go-playground/validator/issues/1508\"\u003e#1508\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-playground/validator/commit/7aba81cf8ee5359d19ac8a199f71e6183fb8b180\"\u003e\u003ccode\u003e7aba81c\u003c/code\u003e\u003c/a\u003e fix: resolve panic when using aliases with OR operator (\u003ca href=\"https://redirect.github.com/go-playground/validator/issues/1507\"\u003e#1507\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-playground/validator/commit/4d600befdd2c5ff437025b3d022fbc0ca7e90f17\"\u003e\u003ccode\u003e4d600be\u003c/code\u003e\u003c/a\u003e fix: add missing translations for alpha validators (\u003ca href=\"https://redirect.github.com/go-playground/validator/issues/1510\"\u003e#1510\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-playground/validator/commit/b0e4ba2e690d26c3f0866c34ca49b4b9776c87f4\"\u003e\u003ccode\u003eb0e4ba2\u003c/code\u003e\u003c/a\u003e docs: document omitzero (\u003ca href=\"https://redirect.github.com/go-playground/validator/issues/1509\"\u003e#1509\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-playground/validator/commit/79fba72b00b11aa90ede835b66afcb74ee182488\"\u003e\u003ccode\u003e79fba72\u003c/code\u003e\u003c/a\u003e Bump github.com/gabriel-vasile/mimetype from 1.4.11 to 1.4.12 (\u003ca href=\"https://redirect.github.com/go-playground/validator/issues/1505\"\u003e#1505\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-playground/validator/commit/c3c9084f6fef2685d7bbf6482a38f1345cd1771b\"\u003e\u003ccode\u003ec3c9084\u003c/code\u003e\u003c/a\u003e Bump golang.org/x/crypto from 0.45.0 to 0.46.0 (\u003ca href=\"https://redirect.github.com/go-playground/validator/issues/1504\"\u003e#1504\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-playground/validator/commit/afce000d4f55c2721c8bd568a614b169fa191b39\"\u003e\u003ccode\u003eafce000\u003c/code\u003e\u003c/a\u003e \u003ccode\u003eexcluded_unless\u003c/code\u003e bug fix (\u003ca href=\"https://redirect.github.com/go-playground/validator/issues/1307\"\u003e#1307\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/go-playground/validator/compare/v10.15.1...v10.30.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/google/go-cmp` from 0.5.9 to 0.7.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/google/go-cmp/releases\"\u003egithub.com/google/go-cmp's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.7.0\u003c/h2\u003e\n\u003cp\u003eNew API:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e(\u003ca href=\"https://redirect.github.com/google/go-cmp/issues/367\"\u003e#367\u003c/a\u003e) Support compare functions with SortSlices and SortMaps\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003ePanic messaging:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e(\u003ca href=\"https://redirect.github.com/google/go-cmp/issues/370\"\u003e#370\u003c/a\u003e) Detect proto.Message types when failing to export a field\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev0.6.0\u003c/h2\u003e\n\u003cp\u003eNew API:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e(\u003ca href=\"https://redirect.github.com/google/go-cmp/issues/340\"\u003e#340\u003c/a\u003e) Add \u003ccode\u003ecmpopts.EquateComparable\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eDocumentation changes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e(\u003ca href=\"https://redirect.github.com/google/go-cmp/issues/337\"\u003e#337\u003c/a\u003e) Use of hotlinking of Go identifiers\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eBuild changes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e(\u003ca href=\"https://redirect.github.com/google/go-cmp/issues/325\"\u003e#325\u003c/a\u003e) Remove purego fallbacks\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eTesting changes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e(\u003ca href=\"https://redirect.github.com/google/go-cmp/issues/322\"\u003e#322\u003c/a\u003e) Run tests for Go 1.20 version\u003c/li\u003e\n\u003cli\u003e(\u003ca href=\"https://redirect.github.com/google/go-cmp/issues/332\"\u003e#332\u003c/a\u003e) Pin GitHub action versions\u003c/li\u003e\n\u003cli\u003e(\u003ca href=\"https://redirect.github.com/google/go-cmp/issues/327\"\u003e#327\u003c/a\u003e) set workflow permission to read-only\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/google/go-cmp/commit/9b12f366a942ebc7254abc7f32ca05068b455fb7\"\u003e\u003ccode\u003e9b12f36\u003c/code\u003e\u003c/a\u003e Detect proto.Message types when failing to export a field (\u003ca href=\"https://redirect.github.com/google/go-cmp/issues/370\"\u003e#370\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/google/go-cmp/commit/4dd3d63d6987c0f84fce8e1d1c5bb59f0badc220\"\u003e\u003ccode\u003e4dd3d63\u003c/code\u003e\u003c/a\u003e fix: type 'aribica' =\u0026gt; 'arabica' (\u003ca href=\"https://redirect.github.com/google/go-cmp/issues/368\"\u003e#368\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/google/go-cmp/commit/391980c4b2e1cc2c30d2bfae6039815350490495\"\u003e\u003ccode\u003e391980c\u003c/code\u003e\u003c/a\u003e Support compare functions with SortSlices and SortMaps (\u003ca href=\"https://redirect.github.com/google/go-cmp/issues/367\"\u003e#367\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/google/go-cmp/commit/c3ad8435e7bef96af35732bc0789e5a2278c6d5f\"\u003e\u003ccode\u003ec3ad843\u003c/code\u003e\u003c/a\u003e Add cmpopts.EquateComparable (\u003ca href=\"https://redirect.github.com/google/go-cmp/issues/340\"\u003e#340\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/google/go-cmp/commit/e250a55e913727afa4a4ccf87d716232288d9b5f\"\u003e\u003ccode\u003ee250a55\u003c/code\u003e\u003c/a\u003e Use of hotlinking of Go identifiers (\u003ca href=\"https://redirect.github.com/google/go-cmp/issues/337\"\u003e#337\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/google/go-cmp/commit/8a3e8dd7458e5d9ba6b4317a4b1423b4910d4014\"\u003e\u003ccode\u003e8a3e8dd\u003c/code\u003e\u003c/a\u003e set workflow permission to read-only (\u003ca href=\"https://redirect.github.com/google/go-cmp/issues/327\"\u003e#327\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/google/go-cmp/commit/8cea5de50d284888e0abcdab4c2c65b6e73acb32\"\u003e\u003ccode\u003e8cea5de\u003c/code\u003e\u003c/a\u003e Pin GitHub action versions (\u003ca href=\"https://redirect.github.com/google/go-cmp/issues/332\"\u003e#332\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/google/go-cmp/commit/3bb304a85447513e496f9784afc52189e5bf41e9\"\u003e\u003ccode\u003e3bb304a\u003c/code\u003e\u003c/a\u003e Run tests for Go 1.20 version (\u003ca href=\"https://redirect.github.com/google/go-cmp/issues/322\"\u003e#322\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/google/go-cmp/commit/571a56ba783fe6ec6c9f3aa12166e8e33652e4c5\"\u003e\u003ccode\u003e571a56b\u003c/code\u003e\u003c/a\u003e Remove purego fallbacks (\u003ca href=\"https://redirect.github.com/google/go-cmp/issues/325\"\u003e#325\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/google/go-cmp/compare/v0.5.9...v0.7.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/google/uuid` from 1.3.1 to 1.6.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/google/uuid/releases\"\u003egithub.com/google/uuid's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.6.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/google/uuid/compare/v1.5.0...v1.6.0\"\u003e1.6.0\u003c/a\u003e (2024-01-16)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd Max UUID constant (\u003ca href=\"https://redirect.github.com/google/uuid/issues/149\"\u003e#149\u003c/a\u003e) (\u003ca href=\"https://github.com/google/uuid/commit/c58770eb495f55fe2ced6284f93c5158a62e53e3\"\u003ec58770e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efix typo in version 7 uuid documentation (\u003ca href=\"https://redirect.github.com/google/uuid/issues/153\"\u003e#153\u003c/a\u003e) (\u003ca href=\"https://github.com/google/uuid/commit/016b199544692f745ffc8867b914129ecb47ef06\"\u003e016b199\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMonotonicity in UUIDv7 (\u003ca href=\"https://redirect.github.com/google/uuid/issues/150\"\u003e#150\u003c/a\u003e) (\u003ca href=\"https://github.com/google/uuid/commit/a2b2b32373ff0b1a312b7fdf6d38a977099698a6\"\u003ea2b2b32\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.5.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/google/uuid/compare/v1.4.0...v1.5.0\"\u003e1.5.0\u003c/a\u003e (2023-12-12)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eValidate UUID without creating new UUID (\u003ca href=\"https://redirect.github.com/google/uuid/issues/141\"\u003e#141\u003c/a\u003e) (\u003ca href=\"https://github.com/google/uuid/commit/9ee7366e66c9ad96bab89139418a713dc584ae29\"\u003e9ee7366\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.4.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/google/uuid/compare/v1.3.1...v1.4.0\"\u003e1.4.0\u003c/a\u003e (2023-10-26)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUUIDs slice type with Strings() convenience method (\u003ca href=\"https://redirect.github.com/google/uuid/issues/133\"\u003e#133\u003c/a\u003e) (\u003ca href=\"https://github.com/google/uuid/commit/cd5fbbdd02f3e3467ac18940e07e062be1f864b4\"\u003ecd5fbbd\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eClarify that Parse's job is to parse but not necessarily validate strings. (Documents current behavior)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/google/uuid/blob/master/CHANGELOG.md\"\u003egithub.com/google/uuid's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/google/uuid/compare/v1.5.0...v1.6.0\"\u003e1.6.0\u003c/a\u003e (2024-01-16)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd Max UUID constant (\u003ca href=\"https://redirect.github.com/google/uuid/issues/149\"\u003e#149\u003c/a\u003e) (\u003ca href=\"https://github.com/google/uuid/commit/c58770eb495f55fe2ced6284f93c5158a62e53e3\"\u003ec58770e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efix typo in version 7 uuid documentation (\u003ca href=\"https://redirect.github.com/google/uuid/issues/153\"\u003e#153\u003c/a\u003e) (\u003ca href=\"https://github.com/google/uuid/commit/016b199544692f745ffc8867b914129ecb47ef06\"\u003e016b199\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMonotonicity in UUIDv7 (\u003ca href=\"https://redirect.github.com/google/uuid/issues/150\"\u003e#150\u003c/a\u003e) (\u003ca href=\"https://github.com/google/uuid/commit/a2b2b32373ff0b1a312b7fdf6d38a977099698a6\"\u003ea2b2b32\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/google/uuid/compare/v1.4.0...v1.5.0\"\u003e1.5.0\u003c/a\u003e (2023-12-12)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eValidate UUID without creating new UUID (\u003ca href=\"https://redirect.github.com/google/uuid/issues/141\"\u003e#141\u003c/a\u003e) (\u003ca href=\"https://github.com/google/uuid/commit/9ee7366e66c9ad96bab89139418a713dc584ae29\"\u003e9ee7366\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/google/uuid/compare/v1.3.1...v1.4.0\"\u003e1.4.0\u003c/a\u003e (2023-10-26)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUUIDs slice type with Strings() convenience method (\u003ca href=\"https://redirect.github.com/google/uuid/issues/133\"\u003e#133\u003c/a\u003e) (\u003ca href=\"https://github.com/google/uuid/commit/cd5fbbdd02f3e3467ac18940e07e062be1f864b4\"\u003ecd5fbbd\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eClarify that Parse's job is to parse but not necessarily validate strings. (Documents current behavior)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/google/uuid/commit/0f11ee6918f41a04c201eceeadf612a377bc7fbc\"\u003e\u003ccode\u003e0f11ee6\u003c/code\u003e\u003c/a\u003e chore(master): release 1.6.0 (\u003ca href=\"https://redirect.github.com/google/uuid/issues/151\"\u003e#151\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/google/uuid/commit/16939dafc37a38d2743810a8bdf60fdad6a0f3a3\"\u003e\u003ccode\u003e16939da\u003c/code\u003e\u003c/a\u003e chore(tests):  add strict monotonicity test case for uuid v7. (\u003ca href=\"https://redirect.github.com/google/uuid/issues/154\"\u003e#154\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/google/uuid/commit/016b199544692f745ffc8867b914129ecb47ef06\"\u003e\u003ccode\u003e016b199\u003c/code\u003e\u003c/a\u003e fix: fix typo in version 7 uuid documentation (\u003ca href=\"https://redirect.github.com/google/uuid/issues/153\"\u003e#153\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/google/uuid/commit/1d8b6ea0990d688105843a9a67b1d07222350502\"\u003e\u003ccode\u003e1d8b6ea\u003c/code\u003e\u003c/a\u003e ci: set token permissions to github workflows (\u003ca href=\"https://redirect.github.com/google/uuid/issues/143\"\u003e#143\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/google/uuid/commit/a2b2b32373ff0b1a312b7fdf6d38a977099698a6\"\u003e\u003ccode\u003ea2b2b32\u003c/code\u003e\u003c/a\u003e fix: Monotonicity in UUIDv7 (\u003ca href=\"https://redirect.github.com/google/uuid/issues/150\"\u003e#150\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/google/uuid/commit/c58770eb495f55fe2ced6284f93c5158a62e53e3\"\u003e\u003ccode\u003ec58770e\u003c/code\u003e\u003c/a\u003e feat: add Max UUID constant (\u003ca href=\"https://redirect.github.com/google/uuid/issues/149\"\u003e#149\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/google/uuid/commit/4d47f8eb066f43cfaedd728a543479d9c9dfa8f6\"\u003e\u003ccode\u003e4d47f8e\u003c/code\u003e\u003c/a\u003e chore(master): release 1.5.0 (\u003ca href=\"https://redirect.github.com/google/uuid/issues/145\"\u003e#145\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/google/uuid/commit/9ee7366e66c9ad96bab89139418a713dc584ae29\"\u003e\u003ccode\u003e9ee7366\u003c/code\u003e\u003c/a\u003e feat: Validate UUID without creating new UUID (\u003ca href=\"https://redirect.github.com/google/uuid/issues/141\"\u003e#141\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/google/uuid/commit/b35aa6a595277504b1ec94c520d4091ec050b9d5\"\u003e\u003ccode\u003eb35aa6a\u003c/code\u003e\u003c/a\u003e add uuid version 6 and 7 (\u003ca href=\"https://redirect.github.com/google/uuid/issues/139\"\u003e#139\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/google/uuid/commit/8de8764e294f072b7a2f1a209e88fdcdb1ebc875\"\u003e\u003ccode\u003e8de8764\u003c/code\u003e\u003c/a\u003e chore(master): release 1.4.0 (\u003ca href=\"https://redirect.github.com/google/uuid/issues/134\"\u003e#134\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/google/uuid/compare/v1.3.1...v1.6.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/moby/spdystream` from 0.2.0 to 0.5.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/moby/spdystream/releases\"\u003egithub.com/moby/spdystream's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.5.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003espdy: fix duplicate license headers, add LICENSE, PATENTS, and update NOTICE \u003ca href=\"https://redirect.github.com/moby/spdystream/pull/106\"\u003emoby/spdystream#106\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: update actions and test against latest Go versions \u003ca href=\"https://redirect.github.com/moby/spdystream/pull/107\"\u003emoby/spdystream#107\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003euse ioutil.Discard for go1.13 compatibility \u003ca href=\"https://redirect.github.com/moby/spdystream/pull/109\"\u003emoby/spdystream#109\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/moby/spdystream/compare/v0.5.0...v0.5.1\"\u003ehttps://github.com/moby/spdystream/compare/v0.5.0...v0.5.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e[v0.5.0] Avoid leaking timeout timer channels and update github actions\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eremove empty go.sum by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/moby/spdystream/pull/100\"\u003emoby/spdystream#100\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003egha: update actions and go versions  by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/moby/spdystream/pull/102\"\u003emoby/spdystream#102\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAvoid leaking goroutines on close by \u003ca href=\"https://github.com/liggitt\"\u003e\u003ccode\u003e@​liggitt\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/moby/spdystream/pull/101\"\u003emoby/spdystream#101\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/moby/spdystream/compare/v0.4.0...v0.5.0\"\u003ehttps://github.com/moby/spdystream/compare/v0.4.0...v0.5.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e[v0.4.0] fix goroutine leak and remove unused code\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAvoid 10 minute goroutine leak in error case for handled errors by \u003ca href=\"https://github.com/liggitt\"\u003e\u003ccode\u003e@​liggitt\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/moby/spdystream/pull/99\"\u003emoby/spdystream#99\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove unused websocket package by \u003ca href=\"https://github.com/dmcgowan\"\u003e\u003ccode\u003e@​dmcgowan\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/moby/spdystream/pull/98\"\u003emoby/spdystream#98\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/liggitt\"\u003e\u003ccode\u003e@​liggitt\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/moby/spdystream/pull/99\"\u003emoby/spdystream#99\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/moby/spdystream/compare/v0.3.0...v0.4.0\"\u003ehttps://github.com/moby/spdystream/compare/v0.3.0...v0.4.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e[v0.3.0] Release with fixes for a race condition\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003egha: update go versions by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/moby/spdystream/pull/90\"\u003emoby/spdystream#90\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix Ping data-race by \u003ca href=\"https://github.com/tigrato\"\u003e\u003ccode\u003e@​tigrato\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/moby/spdystream/pull/91\"\u003emoby/spdystream#91\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix unit test races (carry \u003ca href=\"https://redirect.github.com/moby/spdystream/issues/48\"\u003e#48\u003c/a\u003e) by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/moby/spdystream/pull/89\"\u003emoby/spdystream#89\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed data race in Stream.IsFInished()  by \u003ca href=\"https://github.com/code-qote\"\u003e\u003ccode\u003e@​code-qote\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/moby/spdystream/pull/96\"\u003emoby/spdystream#96\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tigrato\"\u003e\u003ccode\u003e@​tigrato\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/moby/spdystream/pull/91\"\u003emoby/spdystream#91\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/code-qote\"\u003e\u003ccode\u003e@​code-qote\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/moby/spdystream/pull/96\"\u003emoby/spdystream#96\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/moby/spdystream/compare/v0.2.0...v0.3.0\"\u003ehttps://github.com/moby/spdystream/compare/v0.2.0...v0.3.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/c59e5d73daa301bde452ea77545bdf51e32554a2\"\u003e\u003ccode\u003ec59e5d7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/moby/spdystream/issues/109\"\u003e#109\u003c/a\u003e from thaJeztah/use_ioutil\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/2fd0155e904f1f9b834b8460e8fdb8522bb59f84\"\u003e\u003ccode\u003e2fd0155\u003c/code\u003e\u003c/a\u003e use ioutil.Discard for go1.13 compatibility\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/ef6121f62c730110bf5ae604a865a8613bfb787f\"\u003e\u003ccode\u003eef6121f\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/241cec95b8f02919845dc4758f1f5310fc886739\"\u003e\u003ccode\u003e241cec9\u003c/code\u003e\u003c/a\u003e compare with signed Int for 32-bit Arm\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/21c38640c8c8f43173b17e5bc6690a5fa25d6935\"\u003e\u003ccode\u003e21c3864\u003c/code\u003e\u003c/a\u003e Add options to customize limits\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/acf9b456d06816c5cf23bf3892e13441f947d5fd\"\u003e\u003ccode\u003eacf9b45\u003c/code\u003e\u003c/a\u003e spdy: update godoc for MaxDataLength\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/eb6360582bf1343f485ca87b76efc9e72b49d690\"\u003e\u003ccode\u003eeb63605\u003c/code\u003e\u003c/a\u003e spdy: limit header-size and header-count\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/2f21da42eaab90f03a82fb03d0de8e91eb1d0fc6\"\u003e\u003ccode\u003e2f21da4\u003c/code\u003e\u003c/a\u003e spdy: fix header block byte accounting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/5976b6612f07a27f2e9a4de875485defb43b5d50\"\u003e\u003ccode\u003e5976b66\u003c/code\u003e\u003c/a\u003e spdy: enforce 24-bit frame length limits\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/cf0ec5d0fe4dbb2f3525f733946e0d0ddbfd5b13\"\u003e\u003ccode\u003ecf0ec5d\u003c/code\u003e\u003c/a\u003e Guard against oversized SPDY frames\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/moby/spdystream/compare/v0.2.0...v0.5.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/moby/term` from 0.5.0 to 0.5.2\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/term/commit/6c1b69fecbac2753dcaf18718a7e9f9093c3760d\"\u003e\u003ccode\u003e6c1b69f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/moby/term/issues/47\"\u003e#47\u003c/a\u003e from thaJeztah/bump_ansiterm\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/term/commit/c3678795976124c4119d365cf947ebfbb9c0bec5\"\u003e\u003ccode\u003ec367879\u003c/code\u003e\u003c/a\u003e go.mod: github.com/Azure/go-ansiterm faa5f7b0171c\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/term/commit/31a7e4ea1cf40419c8ef5288bacc81e136edc436\"\u003e\u003ccode\u003e31a7e4e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/moby/term/issues/48\"\u003e#48\u003c/a\u003e from thaJeztah/gha_tweak\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/term/commit/1700fcb009fba7d7add9f50e2bef37f4347125de\"\u003e\u003ccode\u003e1700fcb\u003c/code\u003e\u003c/a\u003e Add security policy\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/term/commit/ca22ebc1e2bc1564b62ad2b063e24dac635a1227\"\u003e\u003ccode\u003eca22ebc\u003c/code\u003e\u003c/a\u003e gha: add concurrency check\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/term/commit/905a8aa03d4aad33ee2256a28e63c4bec8457f8e\"\u003e\u003ccode\u003e905a8aa\u003c/code\u003e\u003c/a\u003e gha: set default permissions to \u0026quot;read\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/term/commit/e3559a61c4e7f1f48a934096f1d54b81da84c26d\"\u003e\u003ccode\u003ee3559a6\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/moby/term/issues/46\"\u003e#46\u003c/a\u003e from thaJeztah/refresh_gha\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/term/commit/a86f03303976704c36f23f6f024aaa706ad6727e\"\u003e\u003ccode\u003ea86f033\u003c/code\u003e\u003c/a\u003e gha: test against go1.22, go1.23 (latest, latest -1)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/term/commit/ceff820967582be4bd657994f2a1f7bdb7693214\"\u003e\u003ccode\u003eceff820\u003c/code\u003e\u003c/a\u003e gha: update actions/checkout@v4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/term/commit/dfe80c748585cbda3462b01483a678fb695b19c7\"\u003e\u003ccode\u003edfe80c7\u003c/code\u003e\u003c/a\u003e gha: update actions/setup-go@v5\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/moby/term/compare/v0.5.0...v0.5.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/sony/sonyflake` from 1.2.0 to 1.3.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sony/sonyflake/commit/f167a9d53145b661d05ac28b5702b6f29ea9c502\"\u003e\u003ccode\u003ef167a9d\u003c/code\u003e\u003c/a\u003e Add Compose method and corresponding tests (\u003ca href=\"https://redirect.github.com/sony/sonyflake/issues/79\"\u003e#79\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sony/sonyflake/commit/5c401f9c06d65696ccc05069921197d6454ae718\"\u003e\u003ccode\u003e5c401f9\u003c/code\u003e\u003c/a\u003e Make unit tests stabler (\u003ca href=\"https://redirect.github.com/sony/sonyflake/issues/78\"\u003e#78\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sony/sonyflake/commit/0cdef9e4fefac16ba69eb0cdd035fff2a3df7dd1\"\u003e\u003ccode\u003e0cdef9e\u003c/code\u003e\u003c/a\u003e Update TimeUnit in ToTime test to use 100 milliseconds for improved accuracy ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sony/sonyflake/commit/114716564a650e3e7d686833e0e415bafded669d\"\u003e\u003ccode\u003e1147165\u003c/code\u003e\u003c/a\u003e Fix time duration comparison in ToTime test to ensure correct validation of g...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sony/sonyflake/commit/2343cac6764e32c756da0bea2b913a4ba188fc2d\"\u003e\u003ccode\u003e2343cac\u003c/code\u003e\u003c/a\u003e Check compose args (\u003ca href=\"https://redirect.github.com/sony/sonyflake/issues/74\"\u003e#74\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sony/sonyflake/commit/5347433c8caaf6d9083e6ffaa236bbda900cc0be\"\u003e\u003ccode\u003e5347433\u003c/code\u003e\u003c/a\u003e Enhance Sonyflake error handling by adding tests for invalid machine IDs, inc...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sony/sonyflake/commit/774342570aeeb24fd2964e898cbdab01b1468ae2\"\u003e\u003ccode\u003e7743425\u003c/code\u003e\u003c/a\u003e Add Compose method (\u003ca href=\"https://redirect.github.com/sony/sonyflake/issues/71\"\u003e#71\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sony/sonyflake/commit/59c47aeab18f714f485b4c731b2f1ae2a3389637\"\u003e\u003ccode\u003e59c47ae\u003c/code\u003e\u003c/a\u003e Fix lint errors (\u003ca href=\"https://redirect.github.com/sony/sonyflake/issues/70\"\u003e#70\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sony/sonyflake/commit/d764be18d534c29949a3f63b6fe7d7dab9f50187\"\u003e\u003ccode\u003ed764be1\u003c/code\u003e\u003c/a\u003e Update README.md (\u003ca href=\"https://redirect.github.com/sony/sonyflake/issues/69\"\u003e#69\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sony/sonyflake/commit/7ee8f154df0b7d832ac225f91c04e51ba5b791ed\"\u003e\u003ccode\u003e7ee8f15\u003c/code\u003e\u003c/a\u003e feat(v2): make bit assignment for time/sequence/machine customizable … (\u003ca href=\"https://redirect.github.com/sony/sonyflake/issues/68\"\u003e#68\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/sony/sonyflake/compare/v1.2.0...v1.3.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/spf13/pflag` from 1.0.5 to 1.0.10\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/spf13/pflag/releases\"\u003egithub.com/spf13/pflag's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.0.10\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix deprecation comment for (FlagSet.)ParseErrorsWhitelist by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/spf13/pflag/pull/447\"\u003espf13/pflag#447\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eremove uses of errors.Is, which requires go1.13, move go1.16/go1.21 tests to separate file by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/spf13/pflag/pull/448\"\u003espf13/pflag#448\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/spf13/pflag/pull/447\"\u003espf13/pflag#447\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/spf13/pflag/compare/v1.0.9...v1.0.10\"\u003ehttps://github.com/spf13/pflag/compare/v1.0.9...v1.0.10\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.0.9\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: Restore ParseErrorsWhitelist name for now by \u003ca href=\"https://github.com/tomasaschan\"\u003e\u003ccode\u003e@​tomasaschan\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/spf13/pflag/pull/446\"\u003espf13/pflag#446\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/spf13/pflag/compare/v1.0.8...v1.0.9\"\u003ehttps://github.com/spf13/pflag/compare/v1.0.8...v1.0.9\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.0.8\u003c/h2\u003e\n\u003ch2\u003e:warning: Breaking Change\u003c/h2\u003e\n\u003cp\u003eThis version, while only a patch bump, includes a (very minor) breaking change: the \u003ccode\u003eflag.ParseErrorsWhitelist\u003c/code\u003e struct and corresponding \u003ccode\u003eFlagSet.parseErrorsWhitelist\u003c/code\u003e field have been renamed to \u003ccode\u003eParseErrorsAllowlist\u003c/code\u003e.\u003c/p\u003e\n\u003cp\u003eThis should result in compilation errors in any code that uses these fields, which can be fixed by adjusting the names at call sites. There is no change in semantics or behavior of the struct or field referred to by these names. If your code compiles without errors after bumping to/past v1.0.8, you are not affected by this change.\u003c/p\u003e\n\u003cp\u003eThe breaking change was reverted in v1.0.9, by means of re-introducing the old names with deprecation warnings. The plan is still to remove them in a future release, so if your code does depend on the old names, please change them to use the new names at your earliest convenience.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemove Redundant \u0026quot;Unknown-Flag\u0026quot; Error by \u003ca href=\"https://github.com/vaguecoder\"\u003e\u003ccode\u003e@​vaguecoder\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/spf13/pflag/pull/364\"\u003espf13/pflag#364\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSwitching from whitelist to Allowlist terminology by \u003ca href=\"https://github.com/dubrie\"\u003e\u003ccode\u003e@​dubrie\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/spf13/pflag/pull/261\"\u003espf13/pflag#261\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eOmit zero time.Time default from usage line by \u003ca href=\"https://github.com/mologie\"\u003e\u003ccode\u003e@​mologie\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/spf13/pflag/pull/438\"\u003espf13/pflag#438\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eimplement CopyToGoFlagSet by \u003ca href=\"https://github.com/pohly\"\u003e\u003ccode\u003e@​pohly\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/spf13/pflag/pull/330\"\u003espf13/pflag#330\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eflag: Emulate stdlib behavior and do not print ErrHelp by \u003ca href=\"https://github.com/tmc\"\u003e\u003ccode\u003e@​tmc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/spf13/pflag/pull/407\"\u003espf13/pflag#407\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePrint Default Values of String-to-String in Sorted Order by \u003ca href=\"https://github.com/vaguecoder\"\u003e\u003ccode\u003e@​vaguecoder\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/spf13/pflag/pull/365\"\u003espf13/pflag#365\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Don't print ErrHelp in ParseAll by \u003ca href=\"https://github.com/tomasaschan\"\u003e\u003ccode\u003e@​tomasaschan\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/spf13/pflag/pull/443\"\u003espf13/pfl...\n\n_Description has been truncated_","html_url":"https://github.com/openim-sigs/component-base/pull/97","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/openim-sigs%2Fcomponent-base/issues/97","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/97/packages"},{"uuid":"4279360593","node_id":"PR_kwDOGWmxQ87TJlH-","number":1718,"state":"open","title":"build(deps): bump github.com/moby/spdystream from 0.5.0 to 0.5.1 in /system-tests/tests","user":"dependabot[bot]","labels":["dependencies"],"assignees":[],"locked":false,"comments_count":3,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-04-17T00:37:02.000Z","updated_at":"2026-04-22T00:09:56.637Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps)","packages":[{"name":"github.com/moby/spdystream","old_version":"0.5.0","new_version":"0.5.1","repository_url":"https://github.com/moby/spdystream"}],"path":"/system-tests/tests","ecosystem":"go"},"body":"Bumps [github.com/moby/spdystream](https://github.com/moby/spdystream) from 0.5.0 to 0.5.1.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/moby/spdystream/releases\"\u003egithub.com/moby/spdystream's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.5.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003espdy: fix duplicate license headers, add LICENSE, PATENTS, and update NOTICE \u003ca href=\"https://redirect.github.com/moby/spdystream/pull/106\"\u003emoby/spdystream#106\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: update actions and test against latest Go versions \u003ca href=\"https://redirect.github.com/moby/spdystream/pull/107\"\u003emoby/spdystream#107\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003euse ioutil.Discard for go1.13 compatibility \u003ca href=\"https://redirect.github.com/moby/spdystream/pull/109\"\u003emoby/spdystream#109\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/moby/spdystream/compare/v0.5.0...v0.5.1\"\u003ehttps://github.com/moby/spdystream/compare/v0.5.0...v0.5.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/c59e5d73daa301bde452ea77545bdf51e32554a2\"\u003e\u003ccode\u003ec59e5d7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/moby/spdystream/issues/109\"\u003e#109\u003c/a\u003e from thaJeztah/use_ioutil\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/2fd0155e904f1f9b834b8460e8fdb8522bb59f84\"\u003e\u003ccode\u003e2fd0155\u003c/code\u003e\u003c/a\u003e use ioutil.Discard for go1.13 compatibility\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/ef6121f62c730110bf5ae604a865a8613bfb787f\"\u003e\u003ccode\u003eef6121f\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/241cec95b8f02919845dc4758f1f5310fc886739\"\u003e\u003ccode\u003e241cec9\u003c/code\u003e\u003c/a\u003e compare with signed Int for 32-bit Arm\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/21c38640c8c8f43173b17e5bc6690a5fa25d6935\"\u003e\u003ccode\u003e21c3864\u003c/code\u003e\u003c/a\u003e Add options to customize limits\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/acf9b456d06816c5cf23bf3892e13441f947d5fd\"\u003e\u003ccode\u003eacf9b45\u003c/code\u003e\u003c/a\u003e spdy: update godoc for MaxDataLength\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/eb6360582bf1343f485ca87b76efc9e72b49d690\"\u003e\u003ccode\u003eeb63605\u003c/code\u003e\u003c/a\u003e spdy: limit header-size and header-count\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/2f21da42eaab90f03a82fb03d0de8e91eb1d0fc6\"\u003e\u003ccode\u003e2f21da4\u003c/code\u003e\u003c/a\u003e spdy: fix header block byte accounting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/5976b6612f07a27f2e9a4de875485defb43b5d50\"\u003e\u003ccode\u003e5976b66\u003c/code\u003e\u003c/a\u003e spdy: enforce 24-bit frame length limits\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/cf0ec5d0fe4dbb2f3525f733946e0d0ddbfd5b13\"\u003e\u003ccode\u003ecf0ec5d\u003c/code\u003e\u003c/a\u003e Guard against oversized SPDY frames\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/moby/spdystream/compare/v0.5.0...v0.5.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/moby/spdystream\u0026package-manager=go_modules\u0026previous-version=0.5.0\u0026new-version=0.5.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/mikeyhodl/chainlink/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/mikeyhodl/chainlink/pull/1718","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/mikeyhodl%2Fchainlink/issues/1718","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/1718/packages"}],"issue_packages":[{"old_version":"0.5.0","new_version":"0.5.1","update_type":"patch","path":null,"pr_created_at":"2026-05-30T09:39:44.000Z","version_change":"0.5.0 → 0.5.1","issue":{"uuid":"4554010034","node_id":"PR_kwDOQXHkUc7g7LQz","number":2,"state":"open","title":"build(deps): bump the go_modules group across 2 directories with 25 updates","user":"dependabot[bot]","labels":["dependencies","go"],"assignees":[],"locked":false,"comments_count":4,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-30T09:39:44.000Z","updated_at":"2026-05-30T09:41:11.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps): bump","group_name":"go_modules","update_count":25,"packages":[{"name":"github.com/agentgateway/agentgateway","old_version":"0.10.6-0.20251108001651-54763bfe02e1","new_version":"0.12.0","repository_url":"https://github.com/agentgateway/agentgateway"},{"name":"google.golang.org/grpc","old_version":"1.76.0","new_version":"1.79.3","repository_url":"https://github.com/grpc/grpc-go"},{"name":"helm.sh/helm/v3","old_version":"3.19.2","new_version":"3.20.2","repository_url":"https://github.com/helm/helm"},{"name":"github.com/in-toto/in-toto-golang","old_version":"0.9.0","new_version":"0.11.0","repository_url":"https://github.com/in-toto/in-toto-golang"},{"name":"github.com/theupdateframework/go-tuf/v2","old_version":"2.0.2","new_version":"2.4.1","repository_url":"https://github.com/theupdateframework/go-tuf"},{"name":"github.com/anchore/quill","old_version":"0.5.1","new_version":"0.7.1","repository_url":"https://github.com/anchore/quill"},{"name":"github.com/buger/jsonparser","old_version":"1.1.1","new_version":"1.1.2","repository_url":"https://github.com/buger/jsonparser"},{"name":"github.com/cloudflare/circl","old_version":"1.6.1","new_version":"1.6.3","repository_url":"https://github.com/cloudflare/circl"},{"name":"github.com/go-git/go-billy/v5","old_version":"5.6.2","new_version":"5.9.0","repository_url":"https://github.com/go-git/go-billy"},{"name":"github.com/go-git/go-git/v5","old_version":"5.14.0","new_version":"5.19.1","repository_url":"https://github.com/go-git/go-git"},{"name":"github.com/moby/spdystream","old_version":"0.5.0","new_version":"0.5.1","repository_url":"https://github.com/moby/spdystream"},{"name":"github.com/sigstore/cosign/v2","old_version":"2.5.0","new_version":"2.6.2","repository_url":"https://github.com/sigstore/cosign"},{"name":"github.com/slack-go/slack","old_version":"0.17.3","new_version":"0.23.1","repository_url":"https://github.com/slack-go/slack"}],"path":null,"ecosystem":"go"},"body":"Bumps the go_modules group with 13 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [github.com/agentgateway/agentgateway](https://github.com/agentgateway/agentgateway) | `0.10.6-0.20251108001651-54763bfe02e1` | `0.12.0` |\n| [google.golang.org/grpc](https://github.com/grpc/grpc-go) | `1.76.0` | `1.79.3` |\n| [helm.sh/helm/v3](https://github.com/helm/helm) | `3.19.2` | `3.20.2` |\n| [github.com/in-toto/in-toto-golang](https://github.com/in-toto/in-toto-golang) | `0.9.0` | `0.11.0` |\n| [github.com/theupdateframework/go-tuf/v2](https://github.com/theupdateframework/go-tuf) | `2.0.2` | `2.4.1` |\n| [github.com/anchore/quill](https://github.com/anchore/quill) | `0.5.1` | `0.7.1` |\n| [github.com/buger/jsonparser](https://github.com/buger/jsonparser) | `1.1.1` | `1.1.2` |\n| [github.com/cloudflare/circl](https://github.com/cloudflare/circl) | `1.6.1` | `1.6.3` |\n| [github.com/go-git/go-billy/v5](https://github.com/go-git/go-billy) | `5.6.2` | `5.9.0` |\n| [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) | `5.14.0` | `5.19.1` |\n| [github.com/moby/spdystream](https://github.com/moby/spdystream) | `0.5.0` | `0.5.1` |\n| [github.com/sigstore/cosign/v2](https://github.com/sigstore/cosign) | `2.5.0` | `2.6.2` |\n| [github.com/slack-go/slack](https://github.com/slack-go/slack) | `0.17.3` | `0.23.1` |\n\nBumps the go_modules group with 3 updates in the /hack/utils/applier directory: [github.com/moby/spdystream](https://github.com/moby/spdystream), [golang.org/x/crypto](https://github.com/golang/crypto) and [golang.org/x/oauth2](https://github.com/golang/oauth2).\n\nUpdates `github.com/agentgateway/agentgateway` from 0.10.6-0.20251108001651-54763bfe02e1 to 0.12.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/agentgateway/agentgateway/releases\"\u003egithub.com/agentgateway/agentgateway's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.12.0\u003c/h2\u003e\n\u003cp\u003eAgentgateway is an open source project that is built on AI-native protocols to connect, secure, and observe agent-to-agent and agent-to-tool communication across any agent framework and environment.\u003c/p\u003e\n\u003cp\u003eThis release contains various bug fixes, and some major changes to the CEL expression language implementation.\u003c/p\u003e\n\u003ch2\u003eCEL\u003c/h2\u003e\n\u003cp\u003eThis release comes with a rewrite of the \u003ca href=\"https://agentgateway.dev/docs/local/latest/reference/cel/\"\u003eCEL implementation\u003c/a\u003e that powers policies such as authorization, rate limiting, access logging, etc. The new implementation is 5-500x faster depending on the expression; typical users can see up to a 50% increase in end-to-end throughput.\u003c/p\u003e\n\u003cp\u003eAdditionally, a new CEL playground is available in the UI to help troubleshoot and test CEL expressions.\u003c/p\u003e\n\u003cp\u003eWhile most of the changes are internal, a few minor behavioral changes are present\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix MCP attributes not being available during logging (only authz)\u003c/li\u003e\n\u003cli\u003eBefore, we snapshotted the request once at an arbitrary (and inconsistent, across requests) time. Now, each execution consistently gets the 'current' view of the request and response. For example, during logging, manipulations from policies would be observed.\u003c/li\u003e\n\u003cli\u003eNew function names: \u003ccode\u003ebase64Encode\u003c/code\u003e -\u0026gt; \u003ccode\u003ebase64.encode\u003c/code\u003e (this comes from a bump in the library before forking it). The old name is available for backwards compat.\u003c/li\u003e\n\u003cli\u003eBefore, the top level variables were always present but could be \u003ccode\u003enull\u003c/code\u003e. Now, if they are not available they will fail to lookup instead of return \u003ccode\u003enull\u003c/code\u003e. For example, before \u003ccode\u003ehas(jwt)\u003c/code\u003e would always return \u003ccode\u003etrue\u003c/code\u003e; now it will only return \u003ccode\u003etrue\u003c/code\u003e if there is a JWT.\u003c/li\u003e\n\u003cli\u003eIts faster!\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSPIKE: Fork htpasswd-verify and upgrade deps by \u003ca href=\"https://github.com/markuskobler\"\u003e\u003ccode\u003e@​markuskobler\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/agentgateway/agentgateway/pull/787\"\u003eagentgateway/agentgateway#787\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(mcp/openapi): improve path, query and header handling by \u003ca href=\"https://github.com/markuskobler\"\u003e\u003ccode\u003e@​markuskobler\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/agentgateway/agentgateway/pull/866\"\u003eagentgateway/agentgateway#866\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDelete MCP-Authentication.md by \u003ca href=\"https://github.com/rinormaloku\"\u003e\u003ccode\u003e@​rinormaloku\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/agentgateway/agentgateway/pull/872\"\u003eagentgateway/agentgateway#872\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ellm: properly use user-defined buffer limit by \u003ca href=\"https://github.com/howardjohn\"\u003e\u003ccode\u003e@​howardjohn\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/agentgateway/agentgateway/pull/881\"\u003eagentgateway/agentgateway#881\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCEL 2.0 by \u003ca href=\"https://github.com/howardjohn\"\u003e\u003ccode\u003e@​howardjohn\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/agentgateway/agentgateway/pull/877\"\u003eagentgateway/agentgateway#877\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003emcp: update to rmcp 0.14.0 by \u003ca href=\"https://github.com/howardjohn\"\u003e\u003ccode\u003e@​howardjohn\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/agentgateway/agentgateway/pull/885\"\u003eagentgateway/agentgateway#885\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(aws-sse): migrate to official AWS EventStream crates by \u003ca href=\"https://github.com/apexlnc\"\u003e\u003ccode\u003e@​apexlnc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/agentgateway/agentgateway/pull/879\"\u003eagentgateway/agentgateway#879\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(llm): Implements count_tokens for Anthropic/Vertex/Bedrock providers by \u003ca href=\"https://github.com/markuskobler\"\u003e\u003ccode\u003e@​markuskobler\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/agentgateway/agentgateway/pull/883\"\u003eagentgateway/agentgateway#883\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Feat] MCP target policies by \u003ca href=\"https://github.com/Jack-Kilrain\"\u003e\u003ccode\u003e@​Jack-Kilrain\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/agentgateway/agentgateway/pull/862\"\u003eagentgateway/agentgateway#862\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport hostname in incoming HBONE connect by \u003ca href=\"https://github.com/ymesika\"\u003e\u003ccode\u003e@​ymesika\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/agentgateway/agentgateway/pull/859\"\u003eagentgateway/agentgateway#859\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003elocal: fix regression in mcp backends by \u003ca href=\"https://github.com/howardjohn\"\u003e\u003ccode\u003e@​howardjohn\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/agentgateway/agentgateway/pull/888\"\u003eagentgateway/agentgateway#888\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(llm): bedrock token counting and get_messages conversions by \u003ca href=\"https://github.com/markuskobler\"\u003e\u003ccode\u003e@​markuskobler\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/agentgateway/agentgateway/pull/884\"\u003eagentgateway/agentgateway#884\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003emcp: better propogate errors up by \u003ca href=\"https://github.com/howardjohn\"\u003e\u003ccode\u003e@​howardjohn\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/agentgateway/agentgateway/pull/889\"\u003eagentgateway/agentgateway#889\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ellm e2e: add support for completions to anthropic via vertex by \u003ca href=\"https://github.com/howardjohn\"\u003e\u003ccode\u003e@​howardjohn\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/agentgateway/agentgateway/pull/892\"\u003eagentgateway/agentgateway#892\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(ui): upgrade npm packages by \u003ca href=\"https://github.com/markuskobler\"\u003e\u003ccode\u003e@​markuskobler\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/agentgateway/agentgateway/pull/894\"\u003eagentgateway/agentgateway#894\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003egha: cache only on main by \u003ca href=\"https://github.com/howardjohn\"\u003e\u003ccode\u003e@​howardjohn\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/agentgateway/agentgateway/pull/893\"\u003eagentgateway/agentgateway#893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edeps: bump rust by \u003ca href=\"https://github.com/howardjohn\"\u003e\u003ccode\u003e@​howardjohn\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/agentgateway/agentgateway/pull/899\"\u003eagentgateway/agentgateway#899\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eExt Proc and Ext Authz: Treat Unset Header Append as Overwrite by \u003ca href=\"https://github.com/danehans\"\u003e\u003ccode\u003e@​danehans\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/agentgateway/agentgateway/pull/906\"\u003eagentgateway/agentgateway#906\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003emcp: enhance observability and route discovery plumbing by \u003ca href=\"https://github.com/apexlnc\"\u003e\u003ccode\u003e@​apexlnc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/agentgateway/agentgateway/pull/901\"\u003eagentgateway/agentgateway#901\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd primitive TCP CEL logging support by \u003ca href=\"https://github.com/howardjohn\"\u003e\u003ccode\u003e@​howardjohn\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/agentgateway/agentgateway/pull/916\"\u003eagentgateway/agentgateway#916\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: drop build from pull request by \u003ca href=\"https://github.com/howardjohn\"\u003e\u003ccode\u003e@​howardjohn\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/agentgateway/agentgateway/pull/915\"\u003eagentgateway/agentgateway#915\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCEL playground by \u003ca href=\"https://github.com/howardjohn\"\u003e\u003ccode\u003e@​howardjohn\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/agentgateway/agentgateway/pull/914\"\u003eagentgateway/agentgateway#914\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/danehans\"\u003e\u003ccode\u003e@​danehans\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/agentgateway/agentgateway/pull/906\"\u003eagentgateway/agentgateway#906\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/agentgateway/agentgateway/compare/v0.11.3...v0.12.0\"\u003ehttps://github.com/agentgateway/agentgateway/compare/v0.11.3...v0.12.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev0.11.3\u003c/h2\u003e\n\u003cp\u003eAutomated release of v0.11.3.\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/agentgateway/agentgateway/commits/v0.12.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `google.golang.org/grpc` from 1.76.0 to 1.79.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/grpc/grpc-go/releases\"\u003egoogle.golang.org/grpc's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRelease 1.79.3\u003c/h2\u003e\n\u003ch1\u003eSecurity\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eserver: fix an authorization bypass where malformed :path headers (missing the leading slash) could bypass path-based restricted \u0026quot;deny\u0026quot; rules in interceptors like \u003ccode\u003egrpc/authz\u003c/code\u003e. Any request with a non-canonical path is now immediately rejected with an \u003ccode\u003eUnimplemented\u003c/code\u003e error. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8981\"\u003e#8981\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eRelease 1.79.2\u003c/h2\u003e\n\u003ch1\u003eBug Fixes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003estats: Prevent redundant error logging in health/ORCA producers by skipping stats/tracing processing when no stats handler is configured. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/pull/8874\"\u003egrpc/grpc-go#8874\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eRelease 1.79.1\u003c/h2\u003e\n\u003ch1\u003eBug Fixes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003egrpc: Remove the \u003ccode\u003e-dev\u003c/code\u003e suffix from the User-Agent header. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/pull/8902\"\u003egrpc/grpc-go#8902\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eRelease 1.79.0\u003c/h2\u003e\n\u003ch1\u003eAPI Changes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003emem: Add experimental API \u003ccode\u003eSetDefaultBufferPool\u003c/code\u003e to change the default buffer pool. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8806\"\u003e#8806\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eSpecial Thanks: \u003ca href=\"https://github.com/vanja-p\"\u003e\u003ccode\u003e@​vanja-p\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eexperimental/stats: Update \u003ccode\u003eMetricsRecorder\u003c/code\u003e to require embedding the new \u003ccode\u003eUnimplementedMetricsRecorder\u003c/code\u003e (a no-op struct) in all implementations for forward compatibility. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8780\"\u003e#8780\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eBehavior Changes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003ebalancer/weightedtarget: Remove handling of \u003ccode\u003eAddresses\u003c/code\u003e and only handle \u003ccode\u003eEndpoints\u003c/code\u003e in resolver updates. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8841\"\u003e#8841\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eNew Features\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eexperimental/stats: Add support for asynchronous gauge metrics through the new \u003ccode\u003eAsyncMetricReporter\u003c/code\u003e and \u003ccode\u003eRegisterAsyncReporter\u003c/code\u003e APIs. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8780\"\u003e#8780\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003epickfirst: Add support for weighted random shuffling of endpoints, as described in \u003ca href=\"https://redirect.github.com/grpc/proposal/pull/535\"\u003egRFC A113\u003c/a\u003e.\n\u003cul\u003e\n\u003cli\u003eThis is enabled by default, and can be turned off using the environment variable \u003ccode\u003eGRPC_EXPERIMENTAL_PF_WEIGHTED_SHUFFLING\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8864\"\u003e#8864\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003exds: Implement \u003ccode\u003e:authority\u003c/code\u003e rewriting, as specified in \u003ca href=\"https://github.com/grpc/proposal/blob/master/A81-xds-authority-rewriting.md\"\u003egRFC A81\u003c/a\u003e. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8779\"\u003e#8779\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ebalancer/randomsubsetting: Implement the \u003ccode\u003erandom_subsetting\u003c/code\u003e LB policy, as specified in \u003ca href=\"https://github.com/grpc/proposal/blob/master/A68-random-subsetting.md\"\u003egRFC A68\u003c/a\u003e. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8650\"\u003e#8650\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eSpecial Thanks: \u003ca href=\"https://github.com/marek-szews\"\u003e\u003ccode\u003e@​marek-szews\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eBug Fixes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003ecredentials/tls: Fix a bug where the port was not stripped from the authority override before validation. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8726\"\u003e#8726\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eSpecial Thanks: \u003ca href=\"https://github.com/Atul1710\"\u003e\u003ccode\u003e@​Atul1710\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003exds/priority: Fix a bug causing delayed failover to lower-priority clusters when a higher-priority cluster is stuck in \u003ccode\u003eCONNECTING\u003c/code\u003e state. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8813\"\u003e#8813\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ehealth: Fix a bug where health checks failed for clients using legacy compression options (\u003ccode\u003eWithDecompressor\u003c/code\u003e or \u003ccode\u003eRPCDecompressor\u003c/code\u003e). (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8765\"\u003e#8765\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eSpecial Thanks: \u003ca href=\"https://github.com/sanki92\"\u003e\u003ccode\u003e@​sanki92\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003etransport: Fix an issue where the HTTP/2 server could skip header size checks when terminating a stream early. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8769\"\u003e#8769\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eSpecial Thanks: \u003ca href=\"https://github.com/joybestourous\"\u003e\u003ccode\u003e@​joybestourous\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eserver: Propagate status detail headers, if available, when terminating a stream during request header processing. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8754\"\u003e#8754\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eSpecial Thanks: \u003ca href=\"https://github.com/joybestourous\"\u003e\u003ccode\u003e@​joybestourous\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003ePerformance Improvements\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003ecredentials/alts: Optimize read buffer alignment to reduce copies. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8791\"\u003e#8791\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003emem: Optimize pooling and creation of \u003ccode\u003ebuffer\u003c/code\u003e objects.  (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8784\"\u003e#8784\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003etransport: Reduce slice re-allocations by reserving slice capacity. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8797\"\u003e#8797\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/dda86dbd9cecb8b35b58c73d507d81d67761205f\"\u003e\u003ccode\u003edda86db\u003c/code\u003e\u003c/a\u003e Change version to 1.79.3 (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8983\"\u003e#8983\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/72186f163e75a065c39e6f7df9b6dea07fbdeff5\"\u003e\u003ccode\u003e72186f1\u003c/code\u003e\u003c/a\u003e grpc: enforce strict path checking for incoming requests on the server (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8981\"\u003e#8981\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/97ca3522b239edf6813e2b1106924e9d55e89d43\"\u003e\u003ccode\u003e97ca352\u003c/code\u003e\u003c/a\u003e Changing version to 1.79.3-dev (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8954\"\u003e#8954\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/8902ab6efea590f5b3861126559eaa26fa9783b2\"\u003e\u003ccode\u003e8902ab6\u003c/code\u003e\u003c/a\u003e Change the version to release 1.79.2 (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8947\"\u003e#8947\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/a9286705aa689bee321ec674323b6896284f3e02\"\u003e\u003ccode\u003ea928670\u003c/code\u003e\u003c/a\u003e Cherry-pick \u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8874\"\u003e#8874\u003c/a\u003e to v1.79.x (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8904\"\u003e#8904\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/06df3638c0bcee88197b1033b3ba83e1eb8bc010\"\u003e\u003ccode\u003e06df363\u003c/code\u003e\u003c/a\u003e Change version to 1.79.2-dev (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8903\"\u003e#8903\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/782f2de44f597af18a120527e7682a6670d84289\"\u003e\u003ccode\u003e782f2de\u003c/code\u003e\u003c/a\u003e Change version to 1.79.1 (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8902\"\u003e#8902\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/850eccbb2257bd2de6ac28ee88a7172ab6175629\"\u003e\u003ccode\u003e850eccb\u003c/code\u003e\u003c/a\u003e Change version to 1.79.1-dev (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8851\"\u003e#8851\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/765ff056b6890f6c8341894df4e9668e9bfc18ef\"\u003e\u003ccode\u003e765ff05\u003c/code\u003e\u003c/a\u003e Change version to 1.79.0 (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8850\"\u003e#8850\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/68804be0e78ed0365bb5a576dedc12e2168ed63e\"\u003e\u003ccode\u003e68804be\u003c/code\u003e\u003c/a\u003e Cherry pick \u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8864\"\u003e#8864\u003c/a\u003e to v1.79.x (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8896\"\u003e#8896\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/grpc/grpc-go/compare/v1.76.0...v1.79.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `helm.sh/helm/v3` from 3.19.2 to 3.20.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/helm/helm/releases\"\u003ehelm.sh/helm/v3's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eHelm v3.20.2\u003c/h2\u003e\n\u003ch2\u003ev3.20.2\u003c/h2\u003e\n\u003cp\u003eHelm v3.20.2 is a security patch release. Users are encouraged to upgrade for the best experience.\u003c/p\u003e\n\u003cp\u003eThe community keeps growing, and we'd love to see you there!\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eJoin the discussion in \u003ca href=\"https://kubernetes.slack.com\"\u003eKubernetes Slack\u003c/a\u003e:\n\u003cul\u003e\n\u003cli\u003efor questions and just to hang out\u003c/li\u003e\n\u003cli\u003efor discussing PRs, code, and bugs\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eHang out at the Public Developer Call: Thursday, 9:30 Pacific via \u003ca href=\"https://zoom.us/j/696660622\"\u003eZoom\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eTest, debug, and contribute charts: \u003ca href=\"https://artifacthub.io/packages/search?kind=0\"\u003eArtifactHub/packages\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eSecurity fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/helm/helm/security/advisories/GHSA-hr2v-4r36-88hr\"\u003eGHSA-hr2v-4r36-88hr\u003c/a\u003e Helm Chart extraction output directory collapse via \u003ccode\u003eChart.yaml\u003c/code\u003e name dot-segment\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eInstallation and Upgrading\u003c/h2\u003e\n\u003cp\u003eDownload Helm v3.20.2. The common platform binaries are here:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://get.helm.sh/helm-v3.20.2-darwin-amd64.tar.gz\"\u003eMacOS amd64\u003c/a\u003e (\u003ca href=\"https://get.helm.sh/helm-v3.20.2-darwin-amd64.tar.gz.sha256sum\"\u003echecksum\u003c/a\u003e / 7de04301f28b902a74f6286ed941cadc86ee5e6a9086a18f2ccf1f548e99d618)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://get.helm.sh/helm-v3.20.2-darwin-arm64.tar.gz\"\u003eMacOS arm64\u003c/a\u003e (\u003ca href=\"https://get.helm.sh/helm-v3.20.2-darwin-arm64.tar.gz.sha256sum\"\u003echecksum\u003c/a\u003e / 139c794c22f16b579d08ddd3008c8038b9bb2814f35b5bcca91f50a1f458978d)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://get.helm.sh/helm-v3.20.2-linux-amd64.tar.gz\"\u003eLinux amd64\u003c/a\u003e (\u003ca href=\"https://get.helm.sh/helm-v3.20.2-linux-amd64.tar.gz.sha256sum\"\u003echecksum\u003c/a\u003e / 258e830a9e613c8a7a302d6059b4bb3b9758f2f3e1bb8ea0d707ce10a9a72fea)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://get.helm.sh/helm-v3.20.2-linux-arm.tar.gz\"\u003eLinux arm\u003c/a\u003e (\u003ca href=\"https://get.helm.sh/helm-v3.20.2-linux-arm.tar.gz.sha256sum\"\u003echecksum\u003c/a\u003e / a8a614c740399ff1ef32bcea6be6e4523f17e3376f9cf55c192cc48c8f2d1f19)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://get.helm.sh/helm-v3.20.2-linux-arm64.tar.gz\"\u003eLinux arm64\u003c/a\u003e (\u003ca href=\"https://get.helm.sh/helm-v3.20.2-linux-arm64.tar.gz.sha256sum\"\u003echecksum\u003c/a\u003e / 5ea2d6bc2cda3f8edf985e028809f5a9278f404fb8ab24044de9b7cb9b79a691)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://get.helm.sh/helm-v3.20.2-linux-386.tar.gz\"\u003eLinux i386\u003c/a\u003e (\u003ca href=\"https://get.helm.sh/helm-v3.20.2-linux-386.tar.gz.sha256sum\"\u003echecksum\u003c/a\u003e / 88e4c1834307cdbc9f3b80920e1a383e4ba50bb488fb0be1b1fbd4918bb6ae73)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://get.helm.sh/helm-v3.20.2-linux-ppc64le.tar.gz\"\u003eLinux ppc64le\u003c/a\u003e (\u003ca href=\"https://get.helm.sh/helm-v3.20.2-linux-ppc64le.tar.gz.sha256sum\"\u003echecksum\u003c/a\u003e / 98bb26a2f3c0b0c1a50db3181dff192554e0c204a07427d98d6b01e259f23cbe)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://get.helm.sh/helm-v3.20.2-linux-s390x.tar.gz\"\u003eLinux s390x\u003c/a\u003e (\u003ca href=\"https://get.helm.sh/helm-v3.20.2-linux-s390x.tar.gz.sha256sum\"\u003echecksum\u003c/a\u003e / 584dd77ef8096d6ef939a1822f72840e749fc8311b2b13ae94df5f786862a56b)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://get.helm.sh/helm-v3.20.2-linux-riscv64.tar.gz\"\u003eLinux riscv64\u003c/a\u003e (\u003ca href=\"https://get.helm.sh/helm-v3.20.2-linux-riscv64.tar.gz.sha256sum\"\u003echecksum\u003c/a\u003e / 957391d0710d72678acd09959b5dc77888cd007a78a4b99944d3b2fc7e1895ca)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://get.helm.sh/helm-v3.20.2-windows-amd64.zip\"\u003eWindows amd64\u003c/a\u003e (\u003ca href=\"https://get.helm.sh/helm-v3.20.2-windows-amd64.zip.sha256sum\"\u003echecksum\u003c/a\u003e / 24e8e5b71bab4ee17e6f989931ecf4fb144f9916cbe9990c0b6b2ec7b925c454)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://get.helm.sh/helm-v3.20.2-windows-arm64.zip\"\u003eWindows arm64\u003c/a\u003e (\u003ca href=\"https://get.helm.sh/helm-v3.20.2-windows-arm64.zip.sha256sum\"\u003echecksum\u003c/a\u003e / 7c940a73a6882f50b69aec3282549da4a49917669db18fc503db930fb74b9789)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThe \u003ca href=\"https://helm.sh/docs/intro/quickstart/\"\u003eQuickstart Guide\u003c/a\u003e will get you going from there. For \u003cstrong\u003eupgrade instructions\u003c/strong\u003e or detailed installation notes, check the \u003ca href=\"https://helm.sh/docs/intro/install/\"\u003einstall guide\u003c/a\u003e. You can also use a \u003ca href=\"https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3\"\u003escript to install\u003c/a\u003e on any system with \u003ccode\u003ebash\u003c/code\u003e.\u003c/p\u003e\n\u003ch2\u003eWhat's Next\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e4.1.5 and 3.20.3 are the next patch (bug fix) releases and will be on April 8, 2026\u003c/li\u003e\n\u003cli\u003e4.2.0 and 3.21.0 are the next minor (feature) releases and will be on May 13, 2026\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eChangelog\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: Chart dot-name path bug 8fb76d6ab555577e98e23b7500009537a471feee (George Jenkins)\u003c/li\u003e\n\u003cli\u003efix: pin codeql-action/upload-sarif to commit SHA in scorecards workflow 3a8927e275c50cecde273872dad2a5576bd46375 (Terry Howe)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eHelm v3.20.1 is a patch release. Users are encouraged to upgrade for the best experience.\u003c/p\u003e\n\u003cp\u003eThe community keeps growing, and we'd love to see you there!\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eJoin the discussion in \u003ca href=\"https://kubernetes.slack.com\"\u003eKubernetes Slack\u003c/a\u003e:\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/helm/helm/commit/8fb76d6ab555577e98e23b7500009537a471feee\"\u003e\u003ccode\u003e8fb76d6\u003c/code\u003e\u003c/a\u003e fix: Chart dot-name path bug\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/helm/helm/commit/3a8927e275c50cecde273872dad2a5576bd46375\"\u003e\u003ccode\u003e3a8927e\u003c/code\u003e\u003c/a\u003e fix: pin codeql-action/upload-sarif to commit SHA in scorecards workflow\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/helm/helm/commit/a2369ca71c0ef633bf6e4fccd66d634eb379b371\"\u003e\u003ccode\u003ea2369ca\u003c/code\u003e\u003c/a\u003e chore(deps): bump the k8s-io group with 7 updates\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/helm/helm/commit/90e10564f7ae746a153f3a03006e7061a54ad490\"\u003e\u003ccode\u003e90e1056\u003c/code\u003e\u003c/a\u003e add image index test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/helm/helm/commit/911f2e908ae40b01ca95b857e94b8894043f64fd\"\u003e\u003ccode\u003e911f2e9\u003c/code\u003e\u003c/a\u003e fix pulling charts from OCI indices\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/helm/helm/commit/76dad33fb1a2b6451920429b4f5f2dd575ea71bb\"\u003e\u003ccode\u003e76dad33\u003c/code\u003e\u003c/a\u003e Remove refactorring changes from coalesce_test.go\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/helm/helm/commit/45c12f71407b6054a37d3e425d5293ee79a1ab37\"\u003e\u003ccode\u003e45c12f7\u003c/code\u003e\u003c/a\u003e Fix import\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/helm/helm/commit/26c6f19f967941dbe53bfb5e52d419b3b3e46075\"\u003e\u003ccode\u003e26c6f19\u003c/code\u003e\u003c/a\u003e Update pkg/chart/common/util/coalesce_test.go\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/helm/helm/commit/09f5129d49a14c9336cea6f33adf5f52889915ef\"\u003e\u003ccode\u003e09f5129\u003c/code\u003e\u003c/a\u003e Fix lint warning\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/helm/helm/commit/417deb2b6b7504357b0f580b76f5eed1bb8a5270\"\u003e\u003ccode\u003e417deb2\u003c/code\u003e\u003c/a\u003e Preserve nil values in chart already\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/helm/helm/compare/v3.19.2...v3.20.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/in-toto/in-toto-golang` from 0.9.0 to 0.11.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/in-toto/in-toto-golang/releases\"\u003egithub.com/in-toto/in-toto-golang's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.11.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003echore(deps): bump the all group with 2 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/in-toto/in-toto-golang/pull/453\"\u003ein-toto/in-toto-golang#453\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump the all group across 1 directory with 2 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/in-toto/in-toto-golang/pull/452\"\u003ein-toto/in-toto-golang#452\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump google.golang.org/grpc from 1.79.1 to 1.79.3 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/in-toto/in-toto-golang/pull/457\"\u003ein-toto/in-toto-golang#457\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump github.com/go-jose/go-jose/v4 from 4.1.3 to 4.1.4 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/in-toto/in-toto-golang/pull/459\"\u003ein-toto/in-toto-golang#459\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ematch: Replace ^ with ! for negation in character classes by \u003ca href=\"https://github.com/adityasaky\"\u003e\u003ccode\u003e@​adityasaky\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/in-toto/in-toto-golang/pull/462\"\u003ein-toto/in-toto-golang#462\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/in-toto/in-toto-golang/compare/v0.10.0...v0.11.0\"\u003ehttps://github.com/in-toto/in-toto-golang/compare/v0.10.0...v0.11.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev0.10.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003echore(deps): bump google.golang.org/grpc from 1.54.0 to 1.55.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/in-toto/in-toto-golang/pull/232\"\u003ein-toto/in-toto-golang#232\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate maintainers and governance by \u003ca href=\"https://github.com/adityasaky\"\u003e\u003ccode\u003e@​adityasaky\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/in-toto/in-toto-golang/pull/233\"\u003ein-toto/in-toto-golang#233\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump github.com/stretchr/testify from 1.8.2 to 1.8.3 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/in-toto/in-toto-golang/pull/234\"\u003ein-toto/in-toto-golang#234\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump github.com/spiffe/go-spiffe/v2 from 2.1.3 to 2.1.5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/in-toto/in-toto-golang/pull/235\"\u003ein-toto/in-toto-golang#235\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump github.com/stretchr/testify from 1.8.3 to 1.8.4 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/in-toto/in-toto-golang/pull/236\"\u003ein-toto/in-toto-golang#236\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix expired signature in test by \u003ca href=\"https://github.com/adityasaky\"\u003e\u003ccode\u003e@​adityasaky\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/in-toto/in-toto-golang/pull/241\"\u003ein-toto/in-toto-golang#241\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump golang.org/x/sys from 0.8.0 to 0.9.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/in-toto/in-toto-golang/pull/240\"\u003ein-toto/in-toto-golang#240\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump github.com/spiffe/go-spiffe/v2 from 2.1.5 to 2.1.6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/in-toto/in-toto-golang/pull/239\"\u003ein-toto/in-toto-golang#239\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump google.golang.org/grpc from 1.55.0 to 1.56.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/in-toto/in-toto-golang/pull/242\"\u003ein-toto/in-toto-golang#242\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump google.golang.org/grpc from 1.56.0 to 1.56.1 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/in-toto/in-toto-golang/pull/243\"\u003ein-toto/in-toto-golang#243\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate GitHub Actions workflows by \u003ca href=\"https://github.com/adityasaky\"\u003e\u003ccode\u003e@​adityasaky\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/in-toto/in-toto-golang/pull/246\"\u003ein-toto/in-toto-golang#246\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump golang.org/x/sys from 0.9.0 to 0.10.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/in-toto/in-toto-golang/pull/245\"\u003ein-toto/in-toto-golang#245\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eremove linters that are no longer supported and add to make file by \u003ca href=\"https://github.com/pxp928\"\u003e\u003ccode\u003e@​pxp928\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/in-toto/in-toto-golang/pull/249\"\u003ein-toto/in-toto-golang#249\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd match products feature by \u003ca href=\"https://github.com/adityasaky\"\u003e\u003ccode\u003e@​adityasaky\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/in-toto/in-toto-golang/pull/237\"\u003ein-toto/in-toto-golang#237\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove unfinished link on record stop by \u003ca href=\"https://github.com/PradyumnaKrishna\"\u003e\u003ccode\u003e@​PradyumnaKrishna\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/in-toto/in-toto-golang/pull/248\"\u003ein-toto/in-toto-golang#248\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump google.golang.org/grpc from 1.56.1 to 1.56.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/in-toto/in-toto-golang/pull/250\"\u003ein-toto/in-toto-golang#250\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump github.com/secure-systems-lab/go-securesystemslib from 0.6.0 to 0.7.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/in-toto/in-toto-golang/pull/251\"\u003ein-toto/in-toto-golang#251\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump google.golang.org/grpc from 1.56.2 to 1.57.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/in-toto/in-toto-golang/pull/255\"\u003ein-toto/in-toto-golang#255\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd tests for coverage in envelope.go by \u003ca href=\"https://github.com/adityasaky\"\u003e\u003ccode\u003e@​adityasaky\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/in-toto/in-toto-golang/pull/256\"\u003ein-toto/in-toto-golang#256\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump golang.org/x/sys from 0.10.0 to 0.11.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/in-toto/in-toto-golang/pull/257\"\u003ein-toto/in-toto-golang#257\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump actions/setup-go from 4.0.1 to 4.1.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/in-toto/in-toto-golang/pull/258\"\u003ein-toto/in-toto-golang#258\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump golangci/golangci-lint-action from 3.6.0 to 3.7.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/in-toto/in-toto-golang/pull/259\"\u003ein-toto/in-toto-golang#259\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes filepath pattern matching in windows by \u003ca href=\"https://github.com/PradyumnaKrishna\"\u003e\u003ccode\u003e@​PradyumnaKrishna\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/in-toto/in-toto-golang/pull/254\"\u003ein-toto/in-toto-golang#254\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump actions/checkout from 3.5.3 to 3.6.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/in-toto/in-toto-golang/pull/261\"\u003ein-toto/in-toto-golang#261\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump actions/checkout from 3.6.0 to 4.0.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/in-toto/in-toto-golang/pull/262\"\u003ein-toto/in-toto-golang#262\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump golang.org/x/sys from 0.11.0 to 0.12.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/in-toto/in-toto-golang/pull/263\"\u003ein-toto/in-toto-golang#263\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump google.golang.org/grpc from 1.57.0 to 1.58.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/in-toto/in-toto-golang/pull/264\"\u003ein-toto/in-toto-golang#264\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump google.golang.org/grpc from 1.58.0 to 1.58.1 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/in-toto/in-toto-golang/pull/266\"\u003ein-toto/in-toto-golang#266\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDeprecate Provenance v1 struct in favor of /attestation protobufs by \u003ca href=\"https://github.com/marcelamelara\"\u003e\u003ccode\u003e@​marcelamelara\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/in-toto/in-toto-golang/pull/267\"\u003ein-toto/in-toto-golang#267\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump google.golang.org/grpc from 1.58.1 to 1.58.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/in-toto/in-toto-golang/pull/269\"\u003ein-toto/in-toto-golang#269\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump actions/checkout from 4.0.0 to 4.1.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/in-toto/in-toto-golang/pull/270\"\u003ein-toto/in-toto-golang#270\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDrop use of \u003ccode\u003eany\u003c/code\u003e for hash objects by \u003ca href=\"https://github.com/adityasaky\"\u003e\u003ccode\u003e@​adityasaky\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/in-toto/in-toto-golang/pull/238\"\u003ein-toto/in-toto-golang#238\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump golang.org/x/sys from 0.12.0 to 0.13.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/in-toto/in-toto-golang/pull/271\"\u003ein-toto/in-toto-golang#271\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump github.com/google/go-cmp from 0.5.9 to 0.6.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/in-toto/in-toto-golang/pull/273\"\u003ein-toto/in-toto-golang#273\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump google.golang.org/grpc from 1.58.2 to 1.58.3 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/in-toto/in-toto-golang/pull/272\"\u003ein-toto/in-toto-golang#272\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump golang.org/x/net from 0.12.0 to 0.17.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/in-toto/in-toto-golang/pull/274\"\u003ein-toto/in-toto-golang#274\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump google.golang.org/grpc from 1.58.3 to 1.59.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/in-toto/in-toto-golang/pull/275\"\u003ein-toto/in-toto-golang#275\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/in-toto/in-toto-golang/commit/36d782ffb2ca3adbffcdce1fd971c23319dd4469\"\u003e\u003ccode\u003e36d782f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/in-toto/in-toto-golang/issues/462\"\u003e#462\u003c/a\u003e from in-toto/fix-negation-character\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/in-toto/in-toto-golang/commit/4a09e3bbc44bc687577b6532e57e8a4abfa5ddf4\"\u003e\u003ccode\u003e4a09e3b\u003c/code\u003e\u003c/a\u003e match: Replace ^ with ! for negation in character classes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/in-toto/in-toto-golang/commit/c3302e8bc36e46119f7ae17c07eb879ff3507caa\"\u003e\u003ccode\u003ec3302e8\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/in-toto/in-toto-golang/issues/459\"\u003e#459\u003c/a\u003e from in-toto/dependabot/go_modules/github.com/go-jose...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/in-toto/in-toto-golang/commit/016e87efbb55c6dd8772ce227002eeb1b6e3f593\"\u003e\u003ccode\u003e016e87e\u003c/code\u003e\u003c/a\u003e chore(deps): bump github.com/go-jose/go-jose/v4 from 4.1.3 to 4.1.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/in-toto/in-toto-golang/commit/5b9df76e685eaa0a950ea9ba3f4a5561e87e13ad\"\u003e\u003ccode\u003e5b9df76\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/in-toto/in-toto-golang/issues/457\"\u003e#457\u003c/a\u003e from in-toto/dependabot/go_modules/google.golang.org/...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/in-toto/in-toto-golang/commit/595b3fe0a13f481eb0ef898ccaff5e345e492a2f\"\u003e\u003ccode\u003e595b3fe\u003c/code\u003e\u003c/a\u003e chore(deps): bump google.golang.org/grpc from 1.79.1 to 1.79.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/in-toto/in-toto-golang/commit/e396d248c9cf19f9e144f4e90c476af88742bf35\"\u003e\u003ccode\u003ee396d24\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/in-toto/in-toto-golang/issues/452\"\u003e#452\u003c/a\u003e from in-toto/dependabot/github_actions/all-502588e1ca\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/in-toto/in-toto-golang/commit/142b779059713332fe5c7856e98f1c564c6d6a09\"\u003e\u003ccode\u003e142b779\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/in-toto/in-toto-golang/issues/453\"\u003e#453\u003c/a\u003e from in-toto/dependabot/go_modules/all-d8ef5820aa\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/in-toto/in-toto-golang/commit/f741bcc43330554606b813fa0f8fe0c284fcdaea\"\u003e\u003ccode\u003ef741bcc\u003c/code\u003e\u003c/a\u003e chore(deps): bump the all group with 2 updates\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/in-toto/in-toto-golang/commit/c374dc9808137651fe8754eed363ec816cd59d2a\"\u003e\u003ccode\u003ec374dc9\u003c/code\u003e\u003c/a\u003e chore(deps): bump the all group across 1 directory with 2 updates\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/in-toto/in-toto-golang/compare/v0.9.0...v0.11.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/theupdateframework/go-tuf/v2` from 2.0.2 to 2.4.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/theupdateframework/go-tuf/releases\"\u003egithub.com/theupdateframework/go-tuf/v2's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.4.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003echore(deps): bump github.com/sigstore/sigstore from 1.10.3 to 1.10.4 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/theupdateframework/go-tuf/pull/718\"\u003etheupdateframework/go-tuf#718\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEnforce a stricter validation on the repo name for TAP 4 by \u003ca href=\"https://github.com/rdimitrov\"\u003e\u003ccode\u003e@​rdimitrov\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theupdateframework/go-tuf/pull/720\"\u003etheupdateframework/go-tuf#720\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/theupdateframework/go-tuf/compare/v2.4.0...v2.4.1\"\u003ehttps://github.com/theupdateframework/go-tuf/compare/v2.4.0...v2.4.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.4.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd BitLength validation for SuccinctRoles by \u003ca href=\"https://github.com/rdimitrov\"\u003e\u003ccode\u003e@​rdimitrov\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theupdateframework/go-tuf/pull/716\"\u003etheupdateframework/go-tuf#716\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd thread safety documentation for key types by \u003ca href=\"https://github.com/rdimitrov\"\u003e\u003ccode\u003e@​rdimitrov\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theupdateframework/go-tuf/pull/715\"\u003etheupdateframework/go-tuf#715\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse restrictive permissions (0700) for cache directories by \u003ca href=\"https://github.com/rdimitrov\"\u003e\u003ccode\u003e@​rdimitrov\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theupdateframework/go-tuf/pull/714\"\u003etheupdateframework/go-tuf#714\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBreaking change: Replace panic with error return in Key.ID() by \u003ca href=\"https://github.com/rdimitrov\"\u003e\u003ccode\u003e@​rdimitrov\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theupdateframework/go-tuf/pull/713\"\u003etheupdateframework/go-tuf#713\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/theupdateframework/go-tuf/compare/v2.3.1...v2.4.0\"\u003ehttps://github.com/theupdateframework/go-tuf/compare/v2.3.1...v2.4.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.3.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003echore(deps): bump golang.org/x/crypto from 0.40.0 to 0.45.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/theupdateframework/go-tuf/pull/702\"\u003etheupdateframework/go-tuf#702\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eResolve govulncheck errors by bumping go to 1.24.11 by \u003ca href=\"https://github.com/rdimitrov\"\u003e\u003ccode\u003e@​rdimitrov\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theupdateframework/go-tuf/pull/707\"\u003etheupdateframework/go-tuf#707\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump github.com/spf13/cobra from 1.10.1 to 1.10.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/theupdateframework/go-tuf/pull/704\"\u003etheupdateframework/go-tuf#704\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003emodern go (1.20+) improvements by \u003ca href=\"https://github.com/udf2457\"\u003e\u003ccode\u003e@​udf2457\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theupdateframework/go-tuf/pull/705\"\u003etheupdateframework/go-tuf#705\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump github.com/sigstore/sigstore from 1.9.5 to 1.10.3 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/theupdateframework/go-tuf/pull/706\"\u003etheupdateframework/go-tuf#706\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump github.com/secure-systems-lab/go-securesystemslib from 0.9.1 to 0.10.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/theupdateframework/go-tuf/pull/708\"\u003etheupdateframework/go-tuf#708\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePerform type assertion by \u003ca href=\"https://github.com/kommendorkapten\"\u003e\u003ccode\u003e@​kommendorkapten\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theupdateframework/go-tuf/pull/710\"\u003etheupdateframework/go-tuf#710\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd tests for failing type assertions by \u003ca href=\"https://github.com/rdimitrov\"\u003e\u003ccode\u003e@​rdimitrov\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theupdateframework/go-tuf/pull/711\"\u003etheupdateframework/go-tuf#711\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eVerify threshold is valid by \u003ca href=\"https://github.com/kommendorkapten\"\u003e\u003ccode\u003e@​kommendorkapten\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theupdateframework/go-tuf/pull/712\"\u003etheupdateframework/go-tuf#712\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/theupdateframework/go-tuf/compare/v2.3.0...v2.3.1\"\u003ehttps://github.com/theupdateframework/go-tuf/compare/v2.3.0...v2.3.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.3.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate the config for govulncheck by \u003ca href=\"https://github.com/rdimitrov\"\u003e\u003ccode\u003e@​rdimitrov\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theupdateframework/go-tuf/pull/697\"\u003etheupdateframework/go-tuf#697\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump Go to 1.24.9 by \u003ca href=\"https://github.com/rdimitrov\"\u003e\u003ccode\u003e@​rdimitrov\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theupdateframework/go-tuf/pull/698\"\u003etheupdateframework/go-tuf#698\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/theupdateframework/go-tuf/compare/v2.2.0...v2.3.0\"\u003ehttps://github.com/theupdateframework/go-tuf/compare/v2.2.0...v2.3.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.2.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: treat http 403 as an updater error by \u003ca href=\"https://github.com/MDr164\"\u003e\u003ccode\u003e@​MDr164\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theupdateframework/go-tuf/pull/687\"\u003etheupdateframework/go-tuf#687\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump github.com/sigstore/sigstore from 1.8.4 to 1.8.7 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/theupdateframework/go-tuf/pull/646\"\u003etheupdateframework/go-tuf#646\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump github.com/cenkalti/backoff/v5 from 5.0.2 to 5.0.3 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/theupdateframework/go-tuf/pull/690\"\u003etheupdateframework/go-tuf#690\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump github.com/secure-systems-lab/go-securesystemslib from 0.9.0 to 0.9.1 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/theupdateframework/go-tuf/pull/691\"\u003etheupdateframework/go-tuf#691\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump github.com/stretchr/testify from 1.10.0 to 1.11.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/theupdateframework/go-tuf/pull/692\"\u003etheupdateframework/go-tuf#692\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump github.com/stretchr/testify from 1.11.0 to 1.11.1 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/theupdateframework/go-tuf/pull/693\"\u003etheupdateframework/go-tuf#693\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump github.com/spf13/cobra from 1.9.1 to 1.10.1 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/theupdateframework/go-tuf/pull/694\"\u003etheupdateframework/go-tuf#694\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theupdateframework/go-tuf/commit/d361e2ea24e427581343dee5c7a32b485d79fcc0\"\u003e\u003ccode\u003ed361e2e\u003c/code\u003e\u003c/a\u003e Enforce a stricter validation on the repo name for TAP 4 (\u003ca href=\"https://redirect.github.com/theupdateframework/go-tuf/issues/720\"\u003e#720\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theupdateframework/go-tuf/commit/29aae36c83127913c24e881bc1f95dbb0f0961e6\"\u003e\u003ccode\u003e29aae36\u003c/code\u003e\u003c/a\u003e chore(deps): bump github.com/sigstore/sigstore from 1.10.3 to 1.10.4 (\u003ca href=\"https://redirect.github.com/theupdateframework/go-tuf/issues/718\"\u003e#718\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theupdateframework/go-tuf/commit/bde5f18dc95dfac365fc452ee4e278e5fd66d4b4\"\u003e\u003ccode\u003ebde5f18\u003c/code\u003e\u003c/a\u003e Replace panic with error return in Key.ID() (\u003ca href=\"https://redirect.github.com/theupdateframework/go-tuf/issues/713\"\u003e#713\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theupdateframework/go-tuf/commit/f400bf4c20476804475d34239f01212e1041ec38\"\u003e\u003ccode\u003ef400bf4\u003c/code\u003e\u003c/a\u003e Use restrictive permissions (0700) for cache directories (\u003ca href=\"https://redirect.github.com/theupdateframework/go-tuf/issues/714\"\u003e#714\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theupdateframework/go-tuf/commit/d2dbc180e74f4fe371392bb0b02d5a8659bc2fa4\"\u003e\u003ccode\u003ed2dbc18\u003c/code\u003e\u003c/a\u003e Add thread safety documentation for key types (\u003ca href=\"https://redirect.github.com/theupdateframework/go-tuf/issues/715\"\u003e#715\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theupdateframework/go-tuf/commit/846cd4eccd92b1a333c89cb45cf4f179de74018f\"\u003e\u003ccode\u003e846cd4e\u003c/code\u003e\u003c/a\u003e Add BitLength validation for SuccinctRoles (\u003ca href=\"https://redirect.github.com/theupdateframework/go-tuf/issues/716\"\u003e#716\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theupdateframework/go-tuf/commit/b38d91fdbc69dfe31fe9230d97dafe527ea854a0\"\u003e\u003ccode\u003eb38d91f\u003c/code\u003e\u003c/a\u003e Verify threshold is valid (\u003ca href=\"https://redirect.github.com/theupdateframework/go-tuf/issues/712\"\u003e#712\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theupdateframework/go-tuf/commit/876cf2a82b320be6deb43f4ad629057b209a584e\"\u003e\u003ccode\u003e876cf2a\u003c/code\u003e\u003c/a\u003e Add tests for failing type assertions (\u003ca href=\"https://redirect.github.com/theupdateframework/go-tuf/issues/711\"\u003e#711\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theupdateframework/go-tuf/commit/73345ab6b0eb7e59d525dac17a428f043074cef6\"\u003e\u003ccode\u003e73345ab\u003c/code\u003e\u003c/a\u003e Perform type assertion (\u003ca href=\"https://redirect.github.com/theupdateframework/go-tuf/issues/710\"\u003e#710\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theupdateframework/go-tuf/commit/d3cdc4b2796d8c452ce17766f0cade2e80a3597d\"\u003e\u003ccode\u003ed3cdc4b\u003c/code\u003e\u003c/a\u003e chore(deps): bump github.com/secure-systems-lab/go-securesystemslib from 0.9....\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/theupdateframework/go-tuf/compare/v2.0.2...v2.4.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/anchore/quill` from 0.5.1 to 0.7.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/anchore/quill/releases\"\u003egithub.com/anchore/quill's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003ev0.7.1\u003c/h1\u003e\n\u003ch3\u003eSecurity Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDo not allow for unbounded reads for user controlled input [\u003ca href=\"https://redirect.github.com/anchore/quill/pull/681\"\u003e#681\u003c/a\u003e \u003ca href=\"https://github.com/wagoodman\"\u003e\u003ccode\u003e@​wagoodman\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eAccount for excessive read limits in macho parsing [\u003ca href=\"https://redirect.github.com/anchore/quill/pull/682\"\u003e#682\u003c/a\u003e \u003ca href=\"https://github.com/wagoodman\"\u003e\u003ccode\u003e@​wagoodman\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eValidate developer log URL requests [\u003ca href=\"https://redirect.github.com/anchore/quill/pull/680\"\u003e#680\u003c/a\u003e \u003ca href=\"https://github.com/wagoodman\"\u003e\u003ccode\u003e@​wagoodman\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/anchore/quill/compare/v0.7.0...v0.7.1\"\u003e(Full Changelog)\u003c/a\u003e\u003c/strong\u003e\u003c/p\u003e\n\u003ch1\u003ev0.7.0\u003c/h1\u003e\n\u003ch3\u003eAdded Features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003edry run signing and notarization process before running in production [\u003ca href=\"https://redirect.github.com/anchore/quill/issues/617\"\u003e#617\u003c/a\u003e \u003ca href=\"https://redirect.github.com/anchore/quill/pull/618\"\u003e#618\u003c/a\u003e \u003ca href=\"https://github.com/willmurphyscode\"\u003e\u003ccode\u003e@​willmurphyscode\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eTeamID is not set during signing [\u003ca href=\"https://redirect.github.com/anchore/quill/issues/147\"\u003e#147\u003c/a\u003e \u003ca href=\"https://redirect.github.com/anchore/quill/pull/669\"\u003e#669\u003c/a\u003e \u003ca href=\"https://github.com/jflowers\"\u003e\u003ccode\u003e@​jflowers\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eAdditional Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eTypo in install.sh help text [\u003ca href=\"https://redirect.github.com/anchore/quill/issues/546\"\u003e#546\u003c/a\u003e \u003ca href=\"https://redirect.github.com/anchore/quill/pull/549\"\u003e#549\u003c/a\u003e \u003ca href=\"https://github.com/popey\"\u003e\u003ccode\u003e@​popey\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003emigrate to latest tool ci patterns [\u003ca href=\"https://redirect.github.com/anchore/quill/pull/670\"\u003e#670\u003c/a\u003e \u003ca href=\"https://github.com/spiffcs\"\u003e\u003ccode\u003e@​spiffcs\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eupdate golang to v1.26 [\u003ca href=\"https://redirect.github.com/anchore/quill/pull/668\"\u003e#668\u003c/a\u003e \u003ca href=\"https://github.com/wagoodman\"\u003e\u003ccode\u003e@​wagoodman\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003edoc: Add llms.txt for the 🤖 🕷️ [\u003ca href=\"https://redirect.github.com/anchore/quill/pull/592\"\u003e#592\u003c/a\u003e \u003ca href=\"https://github.com/popey\"\u003e\u003ccode\u003e@​popey\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate dependencies [\u003ca href=\"https://redirect.github.com/anchore/quill/pull/627\"\u003e#627\u003c/a\u003e \u003ca href=\"https://github.com/wagoodman\"\u003e\u003ccode\u003e@​wagoodman\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eAdd periodic workflow to update certs [\u003ca href=\"https://redirect.github.com/anchore/quill/pull/608\"\u003e#608\u003c/a\u003e \u003ca href=\"https://github.com/wagoodman\"\u003e\u003ccode\u003e@​wagoodman\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003elint gh actions with zizmor [\u003ca href=\"https://redirect.github.com/anchore/quill/pull/581\"\u003e#581\u003c/a\u003e \u003ca href=\"https://github.com/willmurphyscode\"\u003e\u003ccode\u003e@​willmurphyscode\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eupdate to go 1.24.x [\u003ca href=\"https://redirect.github.com/anchore/quill/pull/543\"\u003e#543\u003c/a\u003e \u003ca href=\"https://github.com/westonsteimel\"\u003e\u003ccode\u003e@​westonsteimel\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eupdate runners to ubuntu-24.04 [\u003ca href=\"https://redirect.github.com/anchore/quill/pull/541\"\u003e#541\u003c/a\u003e \u003ca href=\"https://github.com/kzantow\"\u003e\u003ccode\u003e@​kzantow\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/anchore/quill/compare/v0.5.1...v0.7.0\"\u003e(Full Changelog)\u003c/a\u003e\u003c/strong\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anchore/quill/commit/9cdb0823ea1d2c45dcc11557f8c5cd7291c75d29\"\u003e\u003ccode\u003e9cdb082\u003c/code\u003e\u003c/a\u003e do not allow for unbounded reads for user controlled input (\u003ca href=\"https://redirect.github.com/anchore/quill/issues/681\"\u003e#681\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anchore/quill/commit/80cf3fe082678af0ec4f9f8dd93f39189d2dc1fe\"\u003e\u003ccode\u003e80cf3fe\u003c/code\u003e\u003c/a\u003e account for excessive read limits in macho parsing code (\u003ca href=\"https://redirect.github.com/anchore/quill/issues/682\"\u003e#682\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anchore/quill/commit/e41d66a517c2dc20ad8e9fbccffbdc6ba5ef0020\"\u003e\u003ccode\u003ee41d66a\u003c/code\u003e\u003c/a\u003e validate developer log URL requests (\u003ca href=\"https://redirect.github.com/anchore/quill/issues/680\"\u003e#680\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anchore/quill/commit/899202c7eace3de7b3f4f7461bdfd1c4c38701db\"\u003e\u003ccode\u003e899202c\u003c/code\u003e\u003c/a\u003e update cred var values for p12 in release (\u003ca href=\"https://redirect.github.com/anchore/quill/issues/679\"\u003e#679\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anchore/quill/commit/c73a37bd3b655633c1bd5466c2b2f65b2ae4032c\"\u003e\u003ccode\u003ec73a37b\u003c/code\u003e\u003c/a\u003e remove goreleaser config for release step + update tool refs (\u003ca href=\"https://redirect.github.com/anchore/quill/issues/678\"\u003e#678\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anchore/quill/commit/95e119c6cb513a69f6b45d3e86a9fbcb2c77b669\"\u003e\u003ccode\u003e95e119c\u003c/code\u003e\u003c/a\u003e persist credentials for git (\u003ca href=\"https://redirect.github.com/anchore/quill/issues/677\"\u003e#677\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anchore/quill/commit/02e765ab563811d7a3f0ede8df36977da92e8779\"\u003e\u003ccode\u003e02e765a\u003c/code\u003e\u003c/a\u003e chore(deps): bump github.com/aws/aws-sdk-go-v2/config (\u003ca href=\"https://redirect.github.com/anchore/quill/issues/663\"\u003e#663\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anchore/quill/commit/530bb7f3ddf667d262891b79fb15c0147d81cf11\"\u003e\u003ccode\u003e530bb7f\u003c/code\u003e\u003c/a\u003e add test notarize command (\u003ca href=\"https://redirect.github.com/anchore/quill/issues/618\"\u003e#618\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anchore/quill/commit/3e8269c31055b1878a34c1954347254a42b37452\"\u003e\u003ccode\u003e3e8269c\u003c/code\u003e\u003c/a\u003e Set team ID during signing (\u003ca href=\"https://redirect.github.com/anchore/quill/issues/675\"\u003e#675\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anchore/quill/commit/12b3e8eb4c06d7582da9725fad3bc7c268872752\"\u003e\u003ccode\u003e12b3e8e\u003c/code\u003e\u003c/a\u003e chore(deps): bump github.com/blacktop/go-macho from 1.1.259 to 1.1.263 (\u003ca href=\"https://redirect.github.com/anchore/quill/issues/661\"\u003e#661\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/anchore/quill/compare/v0.5.1...v0.7.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream` from 1.7.0 to 1.7.5\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/4599f78694cabb6853addabc6f92cb197fdb5647\"\u003e\u003ccode\u003e4599f78\u003c/code\u003e\u003c/a\u003e Release 2023-08-21\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/2a439ce0fdda24816a5ea71c083765af67e93599\"\u003e\u003ccode\u003e2a439ce\u003c/code\u003e\u003c/a\u003e Regenerated Clients\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/46f31d76b34aefbc66bbfb08d2ef7e22267d4b66\"\u003e\u003ccode\u003e46f31d7\u003c/code\u003e\u003c/a\u003e Update endpoints model\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/525486a4cfa9b8364ea5346a526dd1f92d3edc76\"\u003e\u003ccode\u003e525486a\u003c/code\u003e\u003c/a\u003e Update API model\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/b4e3176642b69937575f61f752f7d094fb6f4084\"\u003e\u003ccode\u003eb4e3176\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/aws/aws-sdk-go-v2/issues/2189\"\u003e#2189\u003c/a\u003e from aws/feat-presign-polly\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/30fe9b8de4c8538156248ae21b577a3e49170750\"\u003e\u003ccode\u003e30fe9b8\u003c/code\u003e\u003c/a\u003e Modify and Merge polly mod import\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/f6c1d4839450e7f99850868570ff0c47850b72ca\"\u003e\u003ccode\u003ef6c1d48\u003c/code\u003e\u003c/a\u003e sync polly presigner from main\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/396f97a998c5fab5bc7ee7bd4297c6d0f42b661e\"\u003e\u003ccode\u003e396f97a\u003c/code\u003e\u003c/a\u003e Release 2023-08-18\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/08ab45438df135fc66f2eaf80032694ff2486db3\"\u003e\u003ccode\u003e08ab454\u003c/code\u003e\u003c/a\u003e Regenerated Clients\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/b50999bacbf780bf55d5c2b051c96e5c4467a5f6\"\u003e\u003ccode\u003eb50999b\u003c/code\u003e\u003c/a\u003e Update SDK's smithy-go dependency to v1.14.2\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/aws/aws-sdk-go-v2/compare/v1.7.0...service/m2/v1.7.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/buger/jsonparser` from 1.1.1 to 1.1.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/buger/jsonparser/releases\"\u003egithub.com/buger/jsonparser's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.1.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdated travis to build for 1.13 to 1.15 by \u003ca href=\"https://github.com/janreggie\"\u003e\u003ccode\u003e@​janreggie\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/buger/jsonparser/pull/225\"\u003ebuger/jsonparser#225\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\n\u003cul\u003e\n\u003cli\u003eeliminate 2 allocations in EachKey() by \u003ca href=\"https://github.com/Villenny\"\u003e\u003ccode\u003e@​Villenny\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/buger/jsonparser/pull/223\"\u003ebuger/jsonparser#223\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003efix issue \u003ca href=\"https://redirect.github.com/buger/jsonparser/issues/150\"\u003e#150\u003c/a\u003e (in deleting case) by \u003ca href=\"https://github.com/daria-kay\"\u003e\u003ccode\u003e@​daria-kay\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/buger/jsonparser/pull/226\"\u003ebuger/jsonparser#226\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efixing the oss-fuzz issue by \u003ca href=\"https://github.com/daria-kay\"\u003e\u003ccode\u003e@​daria-kay\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/buger/jsonparser/pull/227\"\u003ebuger/jsonparser#227\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix parseInt overflow check false negative by \u003ca href=\"https://github.com/carsonip\"\u003e\u003ccode\u003e@​carsonip\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/buger/jsonparser/pull/231\"\u003ebuger/jsonparser#231\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded bespoke error for null cases by \u003ca href=\"https://github.com/jonomacd\"\u003e\u003ccode\u003e@​jonomacd\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/buger/jsonparser/pull/228\"\u003ebuger/jsonparser#228\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFuzzing: Add CIFuzz by \u003ca href=\"https://github.com/AdamKorcz\"\u003e\u003ccode\u003e@​AdamKorcz\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/buger/jsonparser/pull/239\"\u003ebuger/jsonparser#239\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded latest versions of go to tests by \u003ca href=\"https://github.com/moredure\"\u003e\u003ccode\u003e@​moredure\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/buger/jsonparser/pull/244\"\u003ebuger/jsonparser#244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix EachKey pIdxFlags allocation by \u003ca href=\"https://github.com/unxcepted\"\u003e\u003ccode\u003e@​unxcepted\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/buger/jsonparser/pull/241\"\u003ebuger/jsonparser#241\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: prevent panic on negative slice index in Delete with malformed JSON (GO-2026-4514) by \u003ca href=\"https://github.com/dbarrosop\"\u003e\u003ccode\u003e@​dbarrosop\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/buger/jsonparser/pull/276\"\u003ebuger/jsonparser#276\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/janreggie\"\u003e\u003ccode\u003e@​janreggie\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/buger/jsonparser/pull/225\"\u003ebuger/jsonparser#225\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Villenny\"\u003e\u003ccode\u003e@​Villenny\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/buger/jsonparser/pull/223\"\u003ebuger/jsonparser#223\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/daria-kay\"\u003e\u003ccode\u003e@​daria-kay\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/buger/jsonparser/pull/226\"\u003ebuger/jsonparser#226\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/carsonip\"\u003e\u003ccode\u003e@​carsonip\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/buger/jsonparser/pull/231\"\u003ebuger/jsonparser#231\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jonomacd\"\u003e\u003ccode\u003e@​jonomacd\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/buger/jsonparser/pull/228\"\u003ebuger/jsonparser#228\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moredure\"\u003e\u003ccode\u003e@​moredure\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/buger/jsonparser/pull/244\"\u003ebuger/jsonparser#244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/unxcepted\"\u003e\u003ccode\u003e@​unxcepted\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/buger/jsonparser/pull/241\"\u003ebuger/jsonparser#241\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dbarrosop\"\u003e\u003ccode\u003e@​dbarrosop\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/buger/jsonparser/pull/276\"\u003ebuger/jsonparser#276\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/buger/jsonparser/compare/v1.1.1...v1.1.2\"\u003ehttps://github.com/buger/jsonparser/compare/v1.1.1...v1.1.2\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/buger/jsonparser/commit/a69e7e01cd4ad67bdfd3ac2c080b9212af16f4b0\"\u003e\u003ccode\u003ea69e7e0\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/buger/jsonparser/issues/276\"\u003e#276\u003c/a\u003e from dbarrosop/master\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/buger/jsonparser/commit/d3eacc0bab779d6cf98221f5268828fff287876e\"\u003e\u003ccode\u003ed3eacc0\u003c/code\u003e\u003c/a\u003e fix: prevent panic on negative slice index in Delete with malformed JSON (GO-...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/buger/jsonparser/commit/61b32cfdfa0f5d368ef7c7daef28ce12d538740f\"\u003e\u003ccode\u003e61b32cf\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/buger/jsonparser/issues/241\"\u003e#241\u003c/a\u003e from unxcepted/master\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/buger/jsonparser/commit/2181e8398f18397c9cacbaea9889314bb585e868\"\u003e\u003ccode\u003e2181e83\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/buger/jsonparser/issues/244\"\u003e#244\u003c/a\u003e from ScaleChamp/patch-2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/buger/jsonparser/commit/1510b5194182fc2fb898f28cdbceb42fd7258bfa\"\u003e\u003ccode\u003e1510b51\u003c/code\u003e\u003c/a\u003e Added latest versions of go to tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/buger/jsonparser/commit/6fc2e488ed3cc4f1f1debec3b0c70715bd7be6fd\"\u003e\u003ccode\u003e6fc2e48\u003c/code\u003e\u003c/a\u003e fix: eachkey allocation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/buger/jsonparser/commit/a6f867eb7787e4ec54536b77b5d628ddf5c4f73d\"\u003e\u003ccode\u003ea6f867e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/buger/jsonparser/issues/239\"\u003e#239\u003c/a\u003e from AdamKorcz/cifuzz1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/buger/jsonparser/commit/cbc01fdbbe131706e89eeaaf0cd917760d8d3949\"\u003e\u003ccode\u003ecbc01fd\u003c/code\u003e\u003c/a\u003e Fuzzing: Add CIFuzz\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/buger/jsonparser/commit/dc92d6932a1272b4d8f485f798a88c3a75106256\"\u003e\u003ccode\u003edc92d69\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/buger/jsonparser/issues/228\"\u003e#228\u003c/a\u003e from jonomacd/null-handling\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/buger/jsonparser/commit/2d9d6343e8621ddc18c70749663f74bc584c0de4\"\u003e\u003ccode\u003e2d9d634\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/buger/jsonparser/issues/231\"\u003e#231\u003c/a\u003e from carsonip/fix-parseint-overflow-check\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/buger/jsonparser/compare/v1.1.1...v1.1.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/cloudflare/circl` from 1.6.1 to 1.6.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/cloudflare/circl/releases\"\u003egithub.com/cloudflare/circl's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eCIRCL v1.6.3\u003c/h2\u003e\n\u003cp\u003eFix a bug on ecc/p384 scalar multiplication.\u003c/p\u003e\n\u003ch3\u003eWhat's Changed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003esign/mldsa: Check opts for nil value  by \u003ca href=\"https://github.com/armfazh\"\u003e\u003ccode\u003e@​armfazh\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/cloudflare/circl/pull/582\"\u003ecloudflare/circl#582\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eecc/p384: Point addition must handle point doubling case. by \u003ca href=\"https://github.com/armfazh\"\u003e\u003ccode\u003e@​armfazh\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/cloudflare/circl/pull/583\"\u003ecloudflare/circl#583\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRelease CIRCL v1.6.3 by \u003ca href=\"https://github.com/armfazh\"\u003e\u003ccode\u003e@​armfazh\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/cloudflare/circl/pull/584\"\u003ecloudflare/circl#584\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/cloudflare/circl/compare/v1.6.2...v1.6.3\"\u003ehttps://github.com/cloudflare/circl/compare/v1.6.2...v1.6.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eCIRCL v1.6.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNew SLH-DSA, improvements in ML-DSA for arm64.\u003c/li\u003e\n\u003cli\u003eTested compilation on WASM.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eOptimize pairing product computation by moving exponentiations to G1. by \u003ca href=\"https://github.com/dfaranha\"\u003e\u003ccode\u003e@​dfaranha\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/cloudflare/circl/pull/547\"\u003ecloudflare/circl#547\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003esign: Adding SLH-DSA signature by \u003ca href=\"https://github.com/armfazh\"\u003e\u003ccode\u003e@​armfazh\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/cloudflare/circl/pull/512\"\u003ecloudflare/circl#512\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate code generators to CIRCL v1.6.1. by \u003ca href=\"https://github.com/armfazh\"\u003e\u003ccode\u003e@​armfazh\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/cloudflare/circl/pull/548\"\u003ecloudflare/circl#548\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eML-DSA: Add preliminary Wycheproof test vectors by \u003ca href=\"https://github.com/bwesterb\"\u003e\u003ccode\u003e@​bwesterb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/cloudflare/circl/pull/552\"\u003ecloudflare/circl#552\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ego fmt by \u003ca href=\"https://github.com/bwesterb\"\u003e\u003ccode\u003e@​bwesterb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/cloudflare/circl/pull/554\"\u003ecloudflare/circl#554\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003egz-compressing test vectors, use of HexBytes and ReadGzip functions. b...\n\n_Description has been truncated_\n\n\u003c!-- This is an auto-generated description by cubic. --\u003e\n---\n## Summary by cubic\nUpdate Go dependencies across the repo to pick up security fixes and performance improvements. Notable changes include gRPC and Helm security patches and a major `github.com/agentgateway/agentgateway` upgrade with faster CEL evaluation.\n\n- **Dependencies**\n  - `google.golang.org/grpc` → 1.79.3: fixes an auth bypass by rejecting malformed :path headers.\n  - `helm.sh/helm/v3` → 3.20.2: security patch for chart extraction path handling.\n  - `github.com/agentgateway/agentgateway` → 0.12.0: CEL rewrite with large perf gains and minor behavior tweaks.\n  - `github.com/buger/jsonparser` → 1.1.2: fixes panic on malformed JSON.\n  - `github.com/cloudflare/circl` → 1.6.3: bug fix in P-384 scalar multiplication.\n  - `github.com/sigstore/cosign/v2` → 2.6.2 and related `sigstore/*` bumps: supply chain signing updates.\n  - `github.com/moby/spdystream` → 0.5.1: patch applied in root and `hack/utils/applier`.\n  - Tooling/libs: Go 1.25.5, k8s libs v0.35.1, OpenTelemetry 1.39.0, `helm.sh/helm/v3` 3.20.2.\n\n- **Migration**\n  - Review CEL policies with `agentgateway` v0.12.0 (e.g., `base64.encode` naming and stricter variable lookups).\n  - Run an end-to-end smoke test to confirm routes with path-based auth still pass with gRPC’s stricter path validation.\n\n\u003csup\u003eWritten for commit f2d9194e186a8d9e9e41df92f41d5245e7adaa82. Summary will update on new commits.\u003c/sup\u003e\n\n\u003ca href=\"https://cubic.dev/pr/EmilynnJ/kgateway/pull/2?utm_source=github\" target=\"_blank\" rel=\"noopener noreferrer\" data-no-image-dialog=\"true\"\u003e\u003cpicture\u003e\u003csource media=\"(prefers-color-scheme: dark)\" srcset=\"https://cubic.dev/buttons/review-in-cubic-dark.svg\"\u003e\u003csource media=\"(prefers-color-scheme: light)\" srcset=\"https://cubic.dev/buttons/review-in-cubic-light.svg\"\u003e\u003cimg alt=\"Review in cubic\" src=\"https://cubic.dev/buttons/review-in-cubic-dark.svg\"\u003e\u003c/picture\u003e\u003c/a\u003e\n\n\u003c!-- End of auto-generated description by cubic. --\u003e\n\n\n\n\u003c!-- Macroscope's pull request summary starts here --\u003e\n\u003c!-- Macroscope will only edit the content between these invisible markers, and the markers themselves will not be visible in the GitHub rendered markdown. --\u003e\n\u003c!-- If you delete either of the start / end markers from your PR's description, Macroscope will append its summary at the bottom of the description. --\u003e\n\u003e [!NOTE]\n\u003e ### Bump Go dependencies across root and applier modules with 25 updates\n\u003e Updates [go.mod](https://github.com/EmilynnJ/kgateway/pull/2/files#diff-33ef32bf6c23acb95f5902d7097b7a1d5128ca061167ec0716715b0b9eeaa5f6) and [hack/utils/applier/go.mod](https://github.com/EmilynnJ/kgateway/pull/2/files#diff-7d16860419c22926d06b08ae9b67f33b83236c49e7008e3b4c652e3c87df9748) to their latest versions. Key upgrades include Kubernetes libraries to v0.35.1, Helm v3 to v3.20.2, agentgateway to v0.12.0, gRPC/protobuf, and extensive AWS SDK v1/v2 updates. Several indirect dependencies are removed (e.g. `go-chi/chi`, `mitchellh/mapstructure`, `sourcegraph/conc`) and new ones added (e.g. `moby/moby`, `coreos/go-oidc/v3`). Risk: transitive dependency additions and removals may surface unexpected build or runtime behavior in modules that relied on removed packages.\n\u003e\n\u003e \u003c!-- Macroscope's review summary starts here --\u003e\n\u003e\n\u003e \u003csup\u003e\u003ca href=\"https://app.macroscope.com\"\u003eMacroscope\u003c/a\u003e summarized f2d9194.\u003c/sup\u003e\n\u003e \u003c!-- Macroscope's review summary ends here --\u003e\n\u003e\n\u003c!-- macroscope-ui-refresh --\u003e\n\u003c!-- Macroscope's pull request summary ends here --\u003e","html_url":"https://github.com/EmilynnJ/kgateway/pull/2","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/EmilynnJ%2Fkgateway/issues/2","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/2/packages"}},{"old_version":"0.5.0","new_version":"0.5.1","update_type":"patch","path":null,"pr_created_at":"2026-05-16T16:03:07.000Z","version_change":"0.5.0 → 0.5.1","issue":{"uuid":"4460468457","node_id":"PR_kwDOCQaX7s7cPDvC","number":2338,"state":"open","title":"CLOUD-727: Bump the go_modules group across 1 directory with 2 updates","user":"dependabot[bot]","labels":["size/S","dependencies"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-16T16:03:07.000Z","updated_at":"2026-05-16T20:22:13.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"CLOUD-727: Bump","group_name":"go_modules","update_count":2,"packages":[{"name":"github.com/Azure/go-ntlmssp","old_version":"0.0.0-20221128193559-754e69321358","new_version":"0.1.1","repository_url":"https://github.com/Azure/go-ntlmssp"},{"name":"github.com/moby/spdystream","old_version":"0.5.0","new_version":"0.5.1","repository_url":"https://github.com/moby/spdystream"}],"path":null,"ecosystem":"go"},"body":"Bumps the go_modules group with 2 updates in the / directory: [github.com/Azure/go-ntlmssp](https://github.com/Azure/go-ntlmssp) and [github.com/moby/spdystream](https://github.com/moby/spdystream).\n\nUpdates `github.com/Azure/go-ntlmssp` from 0.0.0-20221128193559-754e69321358 to 0.1.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Azure/go-ntlmssp/releases\"\u003egithub.com/Azure/go-ntlmssp's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.1.1\u003c/h2\u003e\n\u003cp\u003eFix CVE-2026-32952: A malicious NTLM challenge message can causes an slice out of bounds panic, which can crash any Go process using ntlmssp.Negotiator as an HTTP transport.\u003c/p\u003e\n\u003ch2\u003ev0.1.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump minimum required version to Go 1.24 by \u003ca href=\"https://github.com/qmuntal\"\u003e\u003ccode\u003e@​qmuntal\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Azure/go-ntlmssp/pull/53\"\u003eAzure/go-ntlmssp#53\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix OOM in NTLM negotiator by avoiding buffering of seekable request bodies by \u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Azure/go-ntlmssp/pull/54\"\u003eAzure/go-ntlmssp#54\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDon't modify the rountripped request by \u003ca href=\"https://github.com/qmuntal\"\u003e\u003ccode\u003e@​qmuntal\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Azure/go-ntlmssp/pull/57\"\u003eAzure/go-ntlmssp#57\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix a race occurring when the wrapped Rountripper closes the request body in another goroutine by \u003ca href=\"https://github.com/qmuntal\"\u003e\u003ccode\u003e@​qmuntal\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Azure/go-ntlmssp/pull/58\"\u003eAzure/go-ntlmssp#58\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix a race occurring when the wrapped Rountripper reads request fields in another goroutine by \u003ca href=\"https://github.com/qmuntal\"\u003e\u003ccode\u003e@​qmuntal\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Azure/go-ntlmssp/pull/59\"\u003eAzure/go-ntlmssp#59\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eOnly perform basic auth if requested by the server by \u003ca href=\"https://github.com/qmuntal\"\u003e\u003ccode\u003e@​qmuntal\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Azure/go-ntlmssp/pull/60\"\u003eAzure/go-ntlmssp#60\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDon't pass the original body in the client handshake request by \u003ca href=\"https://github.com/qmuntal\"\u003e\u003ccode\u003e@​qmuntal\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Azure/go-ntlmssp/pull/61\"\u003eAzure/go-ntlmssp#61\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReturn latest server response in case there is an error processing the handshake by \u003ca href=\"https://github.com/qmuntal\"\u003e\u003ccode\u003e@​qmuntal\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Azure/go-ntlmssp/pull/63\"\u003eAzure/go-ntlmssp#63\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSend body on client NTLM handshake  by \u003ca href=\"https://github.com/qmuntal\"\u003e\u003ccode\u003e@​qmuntal\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Azure/go-ntlmssp/pull/64\"\u003eAzure/go-ntlmssp#64\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport user accounts not living in server's domain by \u003ca href=\"https://github.com/qmuntal\"\u003e\u003ccode\u003e@​qmuntal\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Azure/go-ntlmssp/pull/65\"\u003eAzure/go-ntlmssp#65\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImplement NewAuthenticateMessage and deprecate ProcessChallenge by \u003ca href=\"https://github.com/qmuntal\"\u003e\u003ccode\u003e@​qmuntal\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Azure/go-ntlmssp/pull/67\"\u003eAzure/go-ntlmssp#67\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMake basic authentication support opt-in by \u003ca href=\"https://github.com/qmuntal\"\u003e\u003ccode\u003e@​qmuntal\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Azure/go-ntlmssp/pull/66\"\u003eAzure/go-ntlmssp#66\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAllow passing custom client domain and workstation name by \u003ca href=\"https://github.com/qmuntal\"\u003e\u003ccode\u003e@​qmuntal\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Azure/go-ntlmssp/pull/68\"\u003eAzure/go-ntlmssp#68\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eset NEGOTIATE_NTLM and NEGOTIATE_ALWAYS_SIGN capabilities by \u003ca href=\"https://github.com/qmuntal\"\u003e\u003ccode\u003e@​qmuntal\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Azure/go-ntlmssp/pull/69\"\u003eAzure/go-ntlmssp#69\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etesting: add e2e tests by \u003ca href=\"https://github.com/gdams\"\u003e\u003ccode\u003e@​gdams\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Azure/go-ntlmssp/pull/56\"\u003eAzure/go-ntlmssp#56\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qmuntal\"\u003e\u003ccode\u003e@​qmuntal\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/Azure/go-ntlmssp/pull/53\"\u003eAzure/go-ntlmssp#53\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/Azure/go-ntlmssp/pull/54\"\u003eAzure/go-ntlmssp#54\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Azure/go-ntlmssp/compare/v0.0.1...v0.1.0\"\u003ehttps://github.com/Azure/go-ntlmssp/compare/v0.0.1...v0.1.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev0.0.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCommit to Go 1.6 by \u003ca href=\"https://github.com/boumenot\"\u003e\u003ccode\u003e@​boumenot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Azure/go-ntlmssp/pull/5\"\u003eAzure/go-ntlmssp#5\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eHandle http redirect by \u003ca href=\"https://github.com/nqv\"\u003e\u003ccode\u003e@​nqv\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Azure/go-ntlmssp/pull/4\"\u003eAzure/go-ntlmssp#4\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edrain request body for connection reuse by \u003ca href=\"https://github.com/paulmey\"\u003e\u003ccode\u003e@​paulmey\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Azure/go-ntlmssp/pull/6\"\u003eAzure/go-ntlmssp#6\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd CoC notice by \u003ca href=\"https://github.com/paulmey\"\u003e\u003ccode\u003e@​paulmey\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Azure/go-ntlmssp/pull/7\"\u003eAzure/go-ntlmssp#7\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport for auth when server responds with Www-Authenticate: NTLM by \u003ca href=\"https://github.com/lafriks\"\u003e\u003ccode\u003e@​lafriks\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Azure/go-ntlmssp/pull/8\"\u003eAzure/go-ntlmssp#8\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupdate README with example by \u003ca href=\"https://github.com/PaluMacil\"\u003e\u003ccode\u003e@​PaluMacil\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Azure/go-ntlmssp/pull/11\"\u003eAzure/go-ntlmssp#11\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eadd version, domain and workstation fields by \u003ca href=\"https://github.com/justdan96\"\u003e\u003ccode\u003e@​justdan96\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Azure/go-ntlmssp/pull/13\"\u003eAzure/go-ntlmssp#13\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003emove to a current version of Go by \u003ca href=\"https://github.com/boumenot\"\u003e\u003ccode\u003e@​boumenot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Azure/go-ntlmssp/pull/19\"\u003eAzure/go-ntlmssp#19\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e(BUG) Negotiation fails for servers where 'NTLMv2 session security' i… by \u003ca href=\"https://github.com/davejohnston\"\u003e\u003ccode\u003e@​davejohnston\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Azure/go-ntlmssp/pull/18\"\u003eAzure/go-ntlmssp#18\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate negotiator.go by \u003ca href=\"https://github.com/mszuyev\"\u003e\u003ccode\u003e@​mszuyev\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Azure/go-ntlmssp/pull/24\"\u003eAzure/go-ntlmssp#24\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix golint import path by \u003ca href=\"https://github.com/paulmey\"\u003e\u003ccode\u003e@​paulmey\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Azure/go-ntlmssp/pull/25\"\u003eAzure/go-ntlmssp#25\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eadd ProcessChallengeWithHash function by \u003ca href=\"https://github.com/ropnop\"\u003e\u003ccode\u003e@​ropnop\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Azure/go-ntlmssp/pull/27\"\u003eAzure/go-ntlmssp#27\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSet workstation to empty string in authenticate_message.go by \u003ca href=\"https://github.com/Catbuttes\"\u003e\u003ccode\u003e@​Catbuttes\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Azure/go-ntlmssp/pull/30\"\u003eAzure/go-ntlmssp#30\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eChange of the negociator working, to handle several identical header by \u003ca href=\"https://github.com/Resousse\"\u003e\u003ccode\u003e@​Resousse\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Azure/go-ntlmssp/pull/31\"\u003eAzure/go-ntlmssp#31\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport for UPN by \u003ca href=\"https://github.com/tirupatibg\"\u003e\u003ccode\u003e@​tirupatibg\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Azure/go-ntlmssp/pull/32\"\u003eAzure/go-ntlmssp#32\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdding Microsoft SECURITY.MD by \u003ca href=\"https://github.com/microsoft-github-policy-service\"\u003e\u003ccode\u003e@​microsoft-github-policy-service\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/Azure/go-ntlmssp/pull/39\"\u003eAzure/go-ntlmssp#39\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eHandle 3rd return value from GetDomain by \u003ca href=\"https://github.com/opoplawski\"\u003e\u003ccode\u003e@​opoplawski\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Azure/go-ntlmssp/pull/41\"\u003eAzure/go-ntlmssp#41\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003einitial refactor by \u003ca href=\"https://github.com/gdams\"\u003e\u003ccode\u003e@​gdams\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Azure/go-ntlmssp/pull/48\"\u003eAzure/go-ntlmssp#48\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix linter errors by \u003ca href=\"https://github.com/gdams\"\u003e\u003ccode\u003e@​gdams\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Azure/go-ntlmssp/pull/49\"\u003eAzure/go-ntlmssp#49\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eadd dependabot/codeowners + installation instructions by \u003ca href=\"https://github.com/gdams\"\u003e\u003ccode\u003e@​gdams\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Azure/go-ntlmssp/pull/50\"\u003eAzure/go-ntlmssp#50\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/Azure/go-ntlmssp/commits/v0.1.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/moby/spdystream` from 0.5.0 to 0.5.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/moby/spdystream/releases\"\u003egithub.com/moby/spdystream's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.5.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cp\u003eFix memory amplification in SPDY frame parsing leads to denial of service (\u003ca href=\"https://github.com/moby/spdystream/security/advisories/GHSA-pc3f-x583-g7j2\"\u003eCVE-2026-35469\u003c/a\u003e / \u003ca href=\"https://github.com/moby/spdystream/security/advisories/GHSA-pc3f-x583-g7j2\"\u003eGHSA-pc3f-x583-g7j2\u003c/a\u003e)\u003c/p\u003e\n\u003ch3\u003eChanges\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003espdy: fix duplicate license headers, add LICENSE, PATENTS, and update NOTICE \u003ca href=\"https://redirect.github.com/moby/spdystream/pull/106\"\u003emoby/spdystream#106\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: update actions and test against latest Go versions \u003ca href=\"https://redirect.github.com/moby/spdystream/pull/107\"\u003emoby/spdystream#107\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003euse ioutil.Discard for go1.13 compatibility \u003ca href=\"https://redirect.github.com/moby/spdystream/pull/109\"\u003emoby/spdystream#109\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/moby/spdystream/compare/v0.5.0...v0.5.1\"\u003ehttps://github.com/moby/spdystream/compare/v0.5.0...v0.5.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/c59e5d73daa301bde452ea77545bdf51e32554a2\"\u003e\u003ccode\u003ec59e5d7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/moby/spdystream/issues/109\"\u003e#109\u003c/a\u003e from thaJeztah/use_ioutil\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/2fd0155e904f1f9b834b8460e8fdb8522bb59f84\"\u003e\u003ccode\u003e2fd0155\u003c/code\u003e\u003c/a\u003e use ioutil.Discard for go1.13 compatibility\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/ef6121f62c730110bf5ae604a865a8613bfb787f\"\u003e\u003ccode\u003eef6121f\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/241cec95b8f02919845dc4758f1f5310fc886739\"\u003e\u003ccode\u003e241cec9\u003c/code\u003e\u003c/a\u003e compare with signed Int for 32-bit Arm\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/21c38640c8c8f43173b17e5bc6690a5fa25d6935\"\u003e\u003ccode\u003e21c3864\u003c/code\u003e\u003c/a\u003e Add options to customize limits\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/acf9b456d06816c5cf23bf3892e13441f947d5fd\"\u003e\u003ccode\u003eacf9b45\u003c/code\u003e\u003c/a\u003e spdy: update godoc for MaxDataLength\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/eb6360582bf1343f485ca87b76efc9e72b49d690\"\u003e\u003ccode\u003eeb63605\u003c/code\u003e\u003c/a\u003e spdy: limit header-size and header-count\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/2f21da42eaab90f03a82fb03d0de8e91eb1d0fc6\"\u003e\u003ccode\u003e2f21da4\u003c/code\u003e\u003c/a\u003e spdy: fix header block byte accounting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/5976b6612f07a27f2e9a4de875485defb43b5d50\"\u003e\u003ccode\u003e5976b66\u003c/code\u003e\u003c/a\u003e spdy: enforce 24-bit frame length limits\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/cf0ec5d0fe4dbb2f3525f733946e0d0ddbfd5b13\"\u003e\u003ccode\u003ecf0ec5d\u003c/code\u003e\u003c/a\u003e Guard against oversized SPDY frames\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/moby/spdystream/compare/v0.5.0...v0.5.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/percona/percona-server-mongodb-operator/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/percona/percona-server-mongodb-operator/pull/2338","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/percona%2Fpercona-server-mongodb-operator/issues/2338","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/2338/packages"}},{"old_version":"0.5.0","new_version":"0.5.1","update_type":"patch","path":"the go_modules group across 1 directory","pr_created_at":"2026-05-14T07:35:29.000Z","version_change":"0.5.0 → 0.5.1","issue":{"uuid":"4444111915","node_id":"PR_kwDOQVEF4s7bbLuv","number":2,"state":"open","title":"Bump github.com/moby/spdystream from 0.5.0 to 0.5.1 in the go_modules group across 1 directory","user":"dependabot[bot]","labels":["dependencies","go"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-14T07:35:29.000Z","updated_at":"2026-05-15T00:18:40.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"github.com/moby/spdystream","old_version":"0.5.0","new_version":"0.5.1","repository_url":"https://github.com/moby/spdystream"}],"path":"the go_modules group across 1 directory","ecosystem":"go"},"body":"Bumps the go_modules group with 1 update in the / directory: [github.com/moby/spdystream](https://github.com/moby/spdystream).\n\nUpdates `github.com/moby/spdystream` from 0.5.0 to 0.5.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/moby/spdystream/releases\"\u003egithub.com/moby/spdystream's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.5.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cp\u003eFix memory amplification in SPDY frame parsing leads to denial of service (\u003ca href=\"https://github.com/moby/spdystream/security/advisories/GHSA-pc3f-x583-g7j2\"\u003eCVE-2026-35469\u003c/a\u003e / \u003ca href=\"https://github.com/moby/spdystream/security/advisories/GHSA-pc3f-x583-g7j2\"\u003eGHSA-pc3f-x583-g7j2\u003c/a\u003e)\u003c/p\u003e\n\u003ch3\u003eChanges\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003espdy: fix duplicate license headers, add LICENSE, PATENTS, and update NOTICE \u003ca href=\"https://redirect.github.com/moby/spdystream/pull/106\"\u003emoby/spdystream#106\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: update actions and test against latest Go versions \u003ca href=\"https://redirect.github.com/moby/spdystream/pull/107\"\u003emoby/spdystream#107\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003euse ioutil.Discard for go1.13 compatibility \u003ca href=\"https://redirect.github.com/moby/spdystream/pull/109\"\u003emoby/spdystream#109\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/moby/spdystream/compare/v0.5.0...v0.5.1\"\u003ehttps://github.com/moby/spdystream/compare/v0.5.0...v0.5.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/c59e5d73daa301bde452ea77545bdf51e32554a2\"\u003e\u003ccode\u003ec59e5d7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/moby/spdystream/issues/109\"\u003e#109\u003c/a\u003e from thaJeztah/use_ioutil\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/2fd0155e904f1f9b834b8460e8fdb8522bb59f84\"\u003e\u003ccode\u003e2fd0155\u003c/code\u003e\u003c/a\u003e use ioutil.Discard for go1.13 compatibility\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/ef6121f62c730110bf5ae604a865a8613bfb787f\"\u003e\u003ccode\u003eef6121f\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/241cec95b8f02919845dc4758f1f5310fc886739\"\u003e\u003ccode\u003e241cec9\u003c/code\u003e\u003c/a\u003e compare with signed Int for 32-bit Arm\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/21c38640c8c8f43173b17e5bc6690a5fa25d6935\"\u003e\u003ccode\u003e21c3864\u003c/code\u003e\u003c/a\u003e Add options to customize limits\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/acf9b456d06816c5cf23bf3892e13441f947d5fd\"\u003e\u003ccode\u003eacf9b45\u003c/code\u003e\u003c/a\u003e spdy: update godoc for MaxDataLength\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/eb6360582bf1343f485ca87b76efc9e72b49d690\"\u003e\u003ccode\u003eeb63605\u003c/code\u003e\u003c/a\u003e spdy: limit header-size and header-count\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/2f21da42eaab90f03a82fb03d0de8e91eb1d0fc6\"\u003e\u003ccode\u003e2f21da4\u003c/code\u003e\u003c/a\u003e spdy: fix header block byte accounting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/5976b6612f07a27f2e9a4de875485defb43b5d50\"\u003e\u003ccode\u003e5976b66\u003c/code\u003e\u003c/a\u003e spdy: enforce 24-bit frame length limits\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/cf0ec5d0fe4dbb2f3525f733946e0d0ddbfd5b13\"\u003e\u003ccode\u003ecf0ec5d\u003c/code\u003e\u003c/a\u003e Guard against oversized SPDY frames\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/moby/spdystream/compare/v0.5.0...v0.5.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/moby/spdystream\u0026package-manager=go_modules\u0026previous-version=0.5.0\u0026new-version=0.5.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/GlacierEQ/k8z/network/alerts).\n\n\u003c/details\u003e\n\n---\n\n🔒 This PR updates the `github.com/moby/spdystream` dependency from version 0.5.0 to 0.5.1, addressing a critical security vulnerability (CVE-2026-35469) that could lead to denial of service attacks through memory amplification in SPDY frame parsing. This is an automated dependency update managed by Dependabot that requires no code changes but provides important security improvements.\n\n\u003cdetails\u003e\n\u003csummary\u003e🔍 \u003cstrong\u003eDetailed Analysis\u003c/strong\u003e\u003c/summary\u003e\n\n### Key Changes\n- **Security Update**: Fixes memory amplification vulnerability in SPDY frame parsing (CVE-2026-35469/GHSA-pc3f-x583-g7j2)\n- **Dependency Management**: Updates indirect dependency from v0.5.0 to v0.5.1 in go.mod\n- **Compatibility**: Maintains Go 1.13 compatibility with ioutil.Discard usage\n\n### Technical Implementation\n```mermaid\nflowchart TD\n    A[Dependabot Scan] --\u003e B[Vulnerability Detected]\n    B --\u003e C[CVE-2026-35469: Memory Amplification]\n    C --\u003e D[Update spdystream v0.5.0 → v0.5.1]\n    D --\u003e E[Security Fix Applied]\n    E --\u003e F[DoS Protection Enabled]\n    \n    G[SPDY Frame Parsing] --\u003e H[Frame Length Limits]\n    H --\u003e I[Header Size Limits]\n    I --\u003e J[Memory Usage Control]\n```\n\n### Impact\n- **Security Enhancement**: Eliminates denial of service vulnerability through improved frame parsing limits\n- **Stability Improvement**: Adds proper bounds checking for SPDY frame lengths and header sizes\n- **Zero Breaking Changes**: Indirect dependency update with no API changes or compatibility issues\n\n\u003c/details\u003e\n\n_Created with [Palmier](https://www.palmier.io)_","html_url":"https://github.com/GlacierEQ/k8z/pull/2","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/GlacierEQ%2Fk8z/issues/2","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/2/packages"}},{"old_version":"0.5.0","new_version":"0.5.1","update_type":"patch","path":"/cluster-autoscaler/e2e","pr_created_at":"2026-05-08T13:07:40.000Z","version_change":"0.5.0 → 0.5.1","issue":{"uuid":"4406616632","node_id":"PR_kwDOCAWh-M7Ziv3C","number":434,"state":"closed","title":"Bump github.com/moby/spdystream from 0.5.0 to 0.5.1 in /cluster-autoscaler/e2e","user":"dependabot[bot]","labels":["size/XS","dependencies","go","cla: yes","do-not-merge/needs-kind"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":"2026-05-11T11:08:53.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-08T13:07:40.000Z","updated_at":"2026-05-11T11:09:03.000Z","time_to_close":252073,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"github.com/moby/spdystream","old_version":"0.5.0","new_version":"0.5.1","repository_url":"https://github.com/moby/spdystream"}],"path":"/cluster-autoscaler/e2e","ecosystem":"go"},"body":"Bumps [github.com/moby/spdystream](https://github.com/moby/spdystream) from 0.5.0 to 0.5.1.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/moby/spdystream/releases\"\u003egithub.com/moby/spdystream's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.5.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cp\u003eFix memory amplification in SPDY frame parsing leads to denial of service (\u003ca href=\"https://github.com/moby/spdystream/security/advisories/GHSA-pc3f-x583-g7j2\"\u003eCVE-2026-35469\u003c/a\u003e / \u003ca href=\"https://github.com/moby/spdystream/security/advisories/GHSA-pc3f-x583-g7j2\"\u003eGHSA-pc3f-x583-g7j2\u003c/a\u003e)\u003c/p\u003e\n\u003ch3\u003eChanges\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003espdy: fix duplicate license headers, add LICENSE, PATENTS, and update NOTICE \u003ca href=\"https://redirect.github.com/moby/spdystream/pull/106\"\u003emoby/spdystream#106\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: update actions and test against latest Go versions \u003ca href=\"https://redirect.github.com/moby/spdystream/pull/107\"\u003emoby/spdystream#107\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003euse ioutil.Discard for go1.13 compatibility \u003ca href=\"https://redirect.github.com/moby/spdystream/pull/109\"\u003emoby/spdystream#109\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/moby/spdystream/compare/v0.5.0...v0.5.1\"\u003ehttps://github.com/moby/spdystream/compare/v0.5.0...v0.5.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/c59e5d73daa301bde452ea77545bdf51e32554a2\"\u003e\u003ccode\u003ec59e5d7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/moby/spdystream/issues/109\"\u003e#109\u003c/a\u003e from thaJeztah/use_ioutil\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/2fd0155e904f1f9b834b8460e8fdb8522bb59f84\"\u003e\u003ccode\u003e2fd0155\u003c/code\u003e\u003c/a\u003e use ioutil.Discard for go1.13 compatibility\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/ef6121f62c730110bf5ae604a865a8613bfb787f\"\u003e\u003ccode\u003eef6121f\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/241cec95b8f02919845dc4758f1f5310fc886739\"\u003e\u003ccode\u003e241cec9\u003c/code\u003e\u003c/a\u003e compare with signed Int for 32-bit Arm\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/21c38640c8c8f43173b17e5bc6690a5fa25d6935\"\u003e\u003ccode\u003e21c3864\u003c/code\u003e\u003c/a\u003e Add options to customize limits\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/acf9b456d06816c5cf23bf3892e13441f947d5fd\"\u003e\u003ccode\u003eacf9b45\u003c/code\u003e\u003c/a\u003e spdy: update godoc for MaxDataLength\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/eb6360582bf1343f485ca87b76efc9e72b49d690\"\u003e\u003ccode\u003eeb63605\u003c/code\u003e\u003c/a\u003e spdy: limit header-size and header-count\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/2f21da42eaab90f03a82fb03d0de8e91eb1d0fc6\"\u003e\u003ccode\u003e2f21da4\u003c/code\u003e\u003c/a\u003e spdy: fix header block byte accounting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/5976b6612f07a27f2e9a4de875485defb43b5d50\"\u003e\u003ccode\u003e5976b66\u003c/code\u003e\u003c/a\u003e spdy: enforce 24-bit frame length limits\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/cf0ec5d0fe4dbb2f3525f733946e0d0ddbfd5b13\"\u003e\u003ccode\u003ecf0ec5d\u003c/code\u003e\u003c/a\u003e Guard against oversized SPDY frames\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/moby/spdystream/compare/v0.5.0...v0.5.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/moby/spdystream\u0026package-manager=go_modules\u0026previous-version=0.5.0\u0026new-version=0.5.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/gardener/autoscaler/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/gardener/autoscaler/pull/434","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/gardener%2Fautoscaler/issues/434","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/434/packages"}},{"old_version":"0.5.0","new_version":"0.5.1","update_type":"patch","path":null,"pr_created_at":"2026-05-01T18:46:23.000Z","version_change":"0.5.0 → 0.5.1","issue":{"uuid":"4366094588","node_id":"PR_kwDOCtTBt87XgN2U","number":827,"state":"closed","title":"chore(deps): bump github.com/moby/spdystream from 0.5.0 to 0.5.1","user":"dependabot[bot]","labels":["lgtm","cncf-cla: yes","size/L","approved","ok-to-test","dependencies","go"],"assignees":["cheftako"],"locked":false,"comments_count":4,"pull_request":true,"closed_at":"2026-05-01T20:40:37.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-01T18:46:23.000Z","updated_at":"2026-05-01T20:40:44.000Z","time_to_close":6854,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps)","packages":[{"name":"github.com/moby/spdystream","old_version":"0.5.0","new_version":"0.5.1","repository_url":"https://github.com/moby/spdystream"}],"path":null,"ecosystem":"go"},"body":"Bumps [github.com/moby/spdystream](https://github.com/moby/spdystream) from 0.5.0 to 0.5.1.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/moby/spdystream/releases\"\u003egithub.com/moby/spdystream's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.5.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cp\u003eFix memory amplification in SPDY frame parsing leads to denial of service (\u003ca href=\"https://github.com/moby/spdystream/security/advisories/GHSA-pc3f-x583-g7j2\"\u003eCVE-2026-35469\u003c/a\u003e / \u003ca href=\"https://github.com/moby/spdystream/security/advisories/GHSA-pc3f-x583-g7j2\"\u003eGHSA-pc3f-x583-g7j2\u003c/a\u003e)\u003c/p\u003e\n\u003ch3\u003eChanges\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003espdy: fix duplicate license headers, add LICENSE, PATENTS, and update NOTICE \u003ca href=\"https://redirect.github.com/moby/spdystream/pull/106\"\u003emoby/spdystream#106\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: update actions and test against latest Go versions \u003ca href=\"https://redirect.github.com/moby/spdystream/pull/107\"\u003emoby/spdystream#107\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003euse ioutil.Discard for go1.13 compatibility \u003ca href=\"https://redirect.github.com/moby/spdystream/pull/109\"\u003emoby/spdystream#109\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/moby/spdystream/compare/v0.5.0...v0.5.1\"\u003ehttps://github.com/moby/spdystream/compare/v0.5.0...v0.5.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/c59e5d73daa301bde452ea77545bdf51e32554a2\"\u003e\u003ccode\u003ec59e5d7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/moby/spdystream/issues/109\"\u003e#109\u003c/a\u003e from thaJeztah/use_ioutil\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/2fd0155e904f1f9b834b8460e8fdb8522bb59f84\"\u003e\u003ccode\u003e2fd0155\u003c/code\u003e\u003c/a\u003e use ioutil.Discard for go1.13 compatibility\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/ef6121f62c730110bf5ae604a865a8613bfb787f\"\u003e\u003ccode\u003eef6121f\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/241cec95b8f02919845dc4758f1f5310fc886739\"\u003e\u003ccode\u003e241cec9\u003c/code\u003e\u003c/a\u003e compare with signed Int for 32-bit Arm\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/21c38640c8c8f43173b17e5bc6690a5fa25d6935\"\u003e\u003ccode\u003e21c3864\u003c/code\u003e\u003c/a\u003e Add options to customize limits\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/acf9b456d06816c5cf23bf3892e13441f947d5fd\"\u003e\u003ccode\u003eacf9b45\u003c/code\u003e\u003c/a\u003e spdy: update godoc for MaxDataLength\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/eb6360582bf1343f485ca87b76efc9e72b49d690\"\u003e\u003ccode\u003eeb63605\u003c/code\u003e\u003c/a\u003e spdy: limit header-size and header-count\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/2f21da42eaab90f03a82fb03d0de8e91eb1d0fc6\"\u003e\u003ccode\u003e2f21da4\u003c/code\u003e\u003c/a\u003e spdy: fix header block byte accounting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/5976b6612f07a27f2e9a4de875485defb43b5d50\"\u003e\u003ccode\u003e5976b66\u003c/code\u003e\u003c/a\u003e spdy: enforce 24-bit frame length limits\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/cf0ec5d0fe4dbb2f3525f733946e0d0ddbfd5b13\"\u003e\u003ccode\u003ecf0ec5d\u003c/code\u003e\u003c/a\u003e Guard against oversized SPDY frames\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/moby/spdystream/compare/v0.5.0...v0.5.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/moby/spdystream\u0026package-manager=go_modules\u0026previous-version=0.5.0\u0026new-version=0.5.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/kubernetes-sigs/apiserver-network-proxy/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/kubernetes-sigs/apiserver-network-proxy/pull/827","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/kubernetes-sigs%2Fapiserver-network-proxy/issues/827","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/827/packages"}},{"old_version":"0.5.0","new_version":"0.5.1","update_type":"patch","path":null,"pr_created_at":"2026-04-28T08:11:50.000Z","version_change":"0.5.0 → 0.5.1","issue":{"uuid":"4341574735","node_id":"PR_kwDORp3ETc7WQEH4","number":1,"state":"open","title":"Bump github.com/moby/spdystream from 0.5.0 to 0.5.1","user":"dependabot[bot]","labels":["dependencies","go"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-04-28T08:11:50.000Z","updated_at":"2026-04-28T08:12:11.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"github.com/moby/spdystream","old_version":"0.5.0","new_version":"0.5.1","repository_url":"https://github.com/moby/spdystream"}],"path":null,"ecosystem":"go"},"body":"Bumps [github.com/moby/spdystream](https://github.com/moby/spdystream) from 0.5.0 to 0.5.1.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/moby/spdystream/releases\"\u003egithub.com/moby/spdystream's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.5.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cp\u003eFix memory amplification in SPDY frame parsing leads to denial of service (\u003ca href=\"https://github.com/moby/spdystream/security/advisories/GHSA-pc3f-x583-g7j2\"\u003eCVE-2026-35469\u003c/a\u003e / \u003ca href=\"https://github.com/moby/spdystream/security/advisories/GHSA-pc3f-x583-g7j2\"\u003eGHSA-pc3f-x583-g7j2\u003c/a\u003e)\u003c/p\u003e\n\u003ch3\u003eChanges\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003espdy: fix duplicate license headers, add LICENSE, PATENTS, and update NOTICE \u003ca href=\"https://redirect.github.com/moby/spdystream/pull/106\"\u003emoby/spdystream#106\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: update actions and test against latest Go versions \u003ca href=\"https://redirect.github.com/moby/spdystream/pull/107\"\u003emoby/spdystream#107\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003euse ioutil.Discard for go1.13 compatibility \u003ca href=\"https://redirect.github.com/moby/spdystream/pull/109\"\u003emoby/spdystream#109\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/moby/spdystream/compare/v0.5.0...v0.5.1\"\u003ehttps://github.com/moby/spdystream/compare/v0.5.0...v0.5.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/c59e5d73daa301bde452ea77545bdf51e32554a2\"\u003e\u003ccode\u003ec59e5d7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/moby/spdystream/issues/109\"\u003e#109\u003c/a\u003e from thaJeztah/use_ioutil\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/2fd0155e904f1f9b834b8460e8fdb8522bb59f84\"\u003e\u003ccode\u003e2fd0155\u003c/code\u003e\u003c/a\u003e use ioutil.Discard for go1.13 compatibility\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/ef6121f62c730110bf5ae604a865a8613bfb787f\"\u003e\u003ccode\u003eef6121f\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/241cec95b8f02919845dc4758f1f5310fc886739\"\u003e\u003ccode\u003e241cec9\u003c/code\u003e\u003c/a\u003e compare with signed Int for 32-bit Arm\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/21c38640c8c8f43173b17e5bc6690a5fa25d6935\"\u003e\u003ccode\u003e21c3864\u003c/code\u003e\u003c/a\u003e Add options to customize limits\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/acf9b456d06816c5cf23bf3892e13441f947d5fd\"\u003e\u003ccode\u003eacf9b45\u003c/code\u003e\u003c/a\u003e spdy: update godoc for MaxDataLength\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/eb6360582bf1343f485ca87b76efc9e72b49d690\"\u003e\u003ccode\u003eeb63605\u003c/code\u003e\u003c/a\u003e spdy: limit header-size and header-count\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/2f21da42eaab90f03a82fb03d0de8e91eb1d0fc6\"\u003e\u003ccode\u003e2f21da4\u003c/code\u003e\u003c/a\u003e spdy: fix header block byte accounting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/5976b6612f07a27f2e9a4de875485defb43b5d50\"\u003e\u003ccode\u003e5976b66\u003c/code\u003e\u003c/a\u003e spdy: enforce 24-bit frame length limits\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/cf0ec5d0fe4dbb2f3525f733946e0d0ddbfd5b13\"\u003e\u003ccode\u003ecf0ec5d\u003c/code\u003e\u003c/a\u003e Guard against oversized SPDY frames\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/moby/spdystream/compare/v0.5.0...v0.5.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/moby/spdystream\u0026package-manager=go_modules\u0026previous-version=0.5.0\u0026new-version=0.5.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/alialobidm/kubectl/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/alialobidm/kubectl/pull/1","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/alialobidm%2Fkubectl/issues/1","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/1/packages"}},{"old_version":"0.5.0","new_version":"0.5.1","update_type":"patch","path":null,"pr_created_at":"2026-04-25T20:14:46.000Z","version_change":"0.5.0 → 0.5.1","issue":{"uuid":"4329118832","node_id":"PR_kwDOOMU3Kc7Vo60l","number":233,"state":"open","title":"chore(deps): bump the go_modules group across 17 directories with 20 updates","user":"dependabot[bot]","labels":["dependencies","go"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-04-25T20:14:46.000Z","updated_at":"2026-04-25T20:14:50.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"go_modules","update_count":20,"packages":[{"name":"google.golang.org/grpc","old_version":"1.78.0","new_version":"1.79.3","repository_url":"https://github.com/grpc/grpc-go"},{"name":"github.com/buger/jsonparser","old_version":"1.1.1","new_version":"1.1.2","repository_url":"https://github.com/buger/jsonparser"},{"name":"github.com/docker/cli","old_version":"28.1.1+incompatible","new_version":"29.2.0+incompatible","repository_url":"https://github.com/docker/cli"},{"name":"github.com/go-jose/go-jose/v4","old_version":"4.1.3","new_version":"4.1.4","repository_url":"https://github.com/go-jose/go-jose"},{"name":"github.com/moby/spdystream","old_version":"0.5.0","new_version":"0.5.1","repository_url":"https://github.com/moby/spdystream"}],"path":null,"ecosystem":"go"},"body":"Bumps the go_modules group with 5 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [google.golang.org/grpc](https://github.com/grpc/grpc-go) | `1.78.0` | `1.79.3` |\n| [github.com/buger/jsonparser](https://github.com/buger/jsonparser) | `1.1.1` | `1.1.2` |\n| [github.com/docker/cli](https://github.com/docker/cli) | `28.1.1+incompatible` | `29.2.0+incompatible` |\n| [github.com/go-jose/go-jose/v4](https://github.com/go-jose/go-jose) | `4.1.3` | `4.1.4` |\n| [github.com/moby/spdystream](https://github.com/moby/spdystream) | `0.5.0` | `0.5.1` |\n\nBumps the go_modules group with 7 updates in the /hgctl directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [google.golang.org/grpc](https://github.com/grpc/grpc-go) | `1.78.0` | `1.79.3` |\n| [github.com/go-jose/go-jose/v4](https://github.com/go-jose/go-jose) | `4.1.3` | `4.1.4` |\n| [github.com/moby/spdystream](https://github.com/moby/spdystream) | `0.5.0` | `0.5.1` |\n| [helm.sh/helm/v3](https://github.com/helm/helm) | `3.18.5` | `3.20.2` |\n| [github.com/getkin/kin-openapi](https://github.com/getkin/kin-openapi) | `0.118.0` | `0.131.0` |\n| [github.com/opencontainers/runc](https://github.com/opencontainers/runc) | `1.1.9` | `1.2.8` |\n| [go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp](https://github.com/open-telemetry/opentelemetry-go) | `1.38.0` | `1.43.0` |\n\nBumps the go_modules group with 5 updates in the /plugins/golang-filter directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [golang.org/x/net](https://github.com/golang/net) | `0.34.0` | `0.38.0` |\n| [google.golang.org/grpc](https://github.com/grpc/grpc-go) | `1.59.0` | `1.79.3` |\n| [github.com/buger/jsonparser](https://github.com/buger/jsonparser) | `1.1.1` | `1.1.2` |\n| [github.com/ClickHouse/ch-go](https://github.com/ClickHouse/ch-go) | `0.61.5` | `0.65.0` |\n| [github.com/jackc/pgx/v5](https://github.com/jackc/pgx) | `5.5.5` | `5.9.2` |\n\nBumps the go_modules group with 2 updates in the /plugins/golang-filter/mcp-server/servers/higress/nginx-migration directory: [golang.org/x/net](https://github.com/golang/net) and [github.com/envoyproxy/envoy](https://github.com/envoyproxy/envoy).\nBumps the go_modules group with 1 update in the /plugins/wasm-go/extensions/ai-search directory: [github.com/antchfx/xpath](https://github.com/antchfx/xpath).\nBumps the go_modules group with 2 updates in the /plugins/wasm-go/extensions/jsonrpc-converter directory: [github.com/buger/jsonparser](https://github.com/buger/jsonparser) and [golang.org/x/crypto](https://github.com/golang/crypto).\nBumps the go_modules group with 1 update in the /plugins/wasm-go/extensions/jwt-auth directory: [golang.org/x/crypto](https://github.com/golang/crypto).\nBumps the go_modules group with 2 updates in the /plugins/wasm-go/extensions/mcp-router directory: [github.com/buger/jsonparser](https://github.com/buger/jsonparser) and [golang.org/x/crypto](https://github.com/golang/crypto).\nBumps the go_modules group with 2 updates in the /plugins/wasm-go/extensions/mcp-server directory: [github.com/buger/jsonparser](https://github.com/buger/jsonparser) and [golang.org/x/crypto](https://github.com/golang/crypto).\nBumps the go_modules group with 2 updates in the /plugins/wasm-go/extensions/oidc directory: [github.com/go-jose/go-jose/v4](https://github.com/go-jose/go-jose) and [golang.org/x/crypto](https://github.com/golang/crypto).\nBumps the go_modules group with 1 update in the /plugins/wasm-go/extensions/waf directory: [golang.org/x/net](https://github.com/golang/net).\nBumps the go_modules group with 2 updates in the /plugins/wasm-go/mcp-servers/amap-tools directory: [github.com/buger/jsonparser](https://github.com/buger/jsonparser) and [golang.org/x/crypto](https://github.com/golang/crypto).\nBumps the go_modules group with 2 updates in the /plugins/wasm-go/mcp-servers/quark-search directory: [github.com/buger/jsonparser](https://github.com/buger/jsonparser) and [golang.org/x/crypto](https://github.com/golang/crypto).\nBumps the go_modules group with 2 updates in the /plugins/wasm-go/pkg/mcp directory: [github.com/buger/jsonparser](https://github.com/buger/jsonparser) and [golang.org/x/crypto](https://github.com/golang/crypto).\nBumps the go_modules group with 1 update in the /tools/src/controller-gen directory: [golang.org/x/net](https://github.com/golang/net).\nBumps the go_modules group with 1 update in the /tools/src/golangci-lint directory: [github.com/sirupsen/logrus](https://github.com/sirupsen/logrus).\nBumps the go_modules group with 2 updates in the /tools/src/kustomize directory: [golang.org/x/net](https://github.com/golang/net) and [github.com/ulikunitz/xz](https://github.com/ulikunitz/xz).\n\nUpdates `google.golang.org/grpc` from 1.78.0 to 1.79.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/grpc/grpc-go/releases\"\u003egoogle.golang.org/grpc's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRelease 1.79.3\u003c/h2\u003e\n\u003ch1\u003eSecurity\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eserver: fix an authorization bypass where malformed :path headers (missing the leading slash) could bypass path-based restricted \u0026quot;deny\u0026quot; rules in interceptors like \u003ccode\u003egrpc/authz\u003c/code\u003e. Any request with a non-canonical path is now immediately rejected with an \u003ccode\u003eUnimplemented\u003c/code\u003e error. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8981\"\u003e#8981\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eRelease 1.79.2\u003c/h2\u003e\n\u003ch1\u003eBug Fixes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003estats: Prevent redundant error logging in health/ORCA producers by skipping stats/tracing processing when no stats handler is configured. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/pull/8874\"\u003egrpc/grpc-go#8874\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eRelease 1.79.1\u003c/h2\u003e\n\u003ch1\u003eBug Fixes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003egrpc: Remove the \u003ccode\u003e-dev\u003c/code\u003e suffix from the User-Agent header. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/pull/8902\"\u003egrpc/grpc-go#8902\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eRelease 1.79.0\u003c/h2\u003e\n\u003ch1\u003eAPI Changes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003emem: Add experimental API \u003ccode\u003eSetDefaultBufferPool\u003c/code\u003e to change the default buffer pool. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8806\"\u003e#8806\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eSpecial Thanks: \u003ca href=\"https://github.com/vanja-p\"\u003e\u003ccode\u003e@​vanja-p\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eexperimental/stats: Update \u003ccode\u003eMetricsRecorder\u003c/code\u003e to require embedding the new \u003ccode\u003eUnimplementedMetricsRecorder\u003c/code\u003e (a no-op struct) in all implementations for forward compatibility. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8780\"\u003e#8780\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eBehavior Changes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003ebalancer/weightedtarget: Remove handling of \u003ccode\u003eAddresses\u003c/code\u003e and only handle \u003ccode\u003eEndpoints\u003c/code\u003e in resolver updates. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8841\"\u003e#8841\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eNew Features\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eexperimental/stats: Add support for asynchronous gauge metrics through the new \u003ccode\u003eAsyncMetricReporter\u003c/code\u003e and \u003ccode\u003eRegisterAsyncReporter\u003c/code\u003e APIs. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8780\"\u003e#8780\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003epickfirst: Add support for weighted random shuffling of endpoints, as described in \u003ca href=\"https://redirect.github.com/grpc/proposal/pull/535\"\u003egRFC A113\u003c/a\u003e.\n\u003cul\u003e\n\u003cli\u003eThis is enabled by default, and can be turned off using the environment variable \u003ccode\u003eGRPC_EXPERIMENTAL_PF_WEIGHTED_SHUFFLING\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8864\"\u003e#8864\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003exds: Implement \u003ccode\u003e:authority\u003c/code\u003e rewriting, as specified in \u003ca href=\"https://github.com/grpc/proposal/blob/master/A81-xds-authority-rewriting.md\"\u003egRFC A81\u003c/a\u003e. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8779\"\u003e#8779\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ebalancer/randomsubsetting: Implement the \u003ccode\u003erandom_subsetting\u003c/code\u003e LB policy, as specified in \u003ca href=\"https://github.com/grpc/proposal/blob/master/A68-random-subsetting.md\"\u003egRFC A68\u003c/a\u003e. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8650\"\u003e#8650\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eSpecial Thanks: \u003ca href=\"https://github.com/marek-szews\"\u003e\u003ccode\u003e@​marek-szews\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eBug Fixes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003ecredentials/tls: Fix a bug where the port was not stripped from the authority override before validation. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8726\"\u003e#8726\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eSpecial Thanks: \u003ca href=\"https://github.com/Atul1710\"\u003e\u003ccode\u003e@​Atul1710\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003exds/priority: Fix a bug causing delayed failover to lower-priority clusters when a higher-priority cluster is stuck in \u003ccode\u003eCONNECTING\u003c/code\u003e state. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8813\"\u003e#8813\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ehealth: Fix a bug where health checks failed for clients using legacy compression options (\u003ccode\u003eWithDecompressor\u003c/code\u003e or \u003ccode\u003eRPCDecompressor\u003c/code\u003e). (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8765\"\u003e#8765\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eSpecial Thanks: \u003ca href=\"https://github.com/sanki92\"\u003e\u003ccode\u003e@​sanki92\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003etransport: Fix an issue where the HTTP/2 server could skip header size checks when terminating a stream early. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8769\"\u003e#8769\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eSpecial Thanks: \u003ca href=\"https://github.com/joybestourous\"\u003e\u003ccode\u003e@​joybestourous\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eserver: Propagate status detail headers, if available, when terminating a stream during request header processing. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8754\"\u003e#8754\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eSpecial Thanks: \u003ca href=\"https://github.com/joybestourous\"\u003e\u003ccode\u003e@​joybestourous\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003ePerformance Improvements\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003ecredentials/alts: Optimize read buffer alignment to reduce copies. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8791\"\u003e#8791\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003emem: Optimize pooling and creation of \u003ccode\u003ebuffer\u003c/code\u003e objects.  (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8784\"\u003e#8784\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003etransport: Reduce slice re-allocations by reserving slice capacity. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8797\"\u003e#8797\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/dda86dbd9cecb8b35b58c73d507d81d67761205f\"\u003e\u003ccode\u003edda86db\u003c/code\u003e\u003c/a\u003e Change version to 1.79.3 (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8983\"\u003e#8983\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/72186f163e75a065c39e6f7df9b6dea07fbdeff5\"\u003e\u003ccode\u003e72186f1\u003c/code\u003e\u003c/a\u003e grpc: enforce strict path checking for incoming requests on the server (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8981\"\u003e#8981\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/97ca3522b239edf6813e2b1106924e9d55e89d43\"\u003e\u003ccode\u003e97ca352\u003c/code\u003e\u003c/a\u003e Changing version to 1.79.3-dev (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8954\"\u003e#8954\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/8902ab6efea590f5b3861126559eaa26fa9783b2\"\u003e\u003ccode\u003e8902ab6\u003c/code\u003e\u003c/a\u003e Change the version to release 1.79.2 (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8947\"\u003e#8947\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/a9286705aa689bee321ec674323b6896284f3e02\"\u003e\u003ccode\u003ea928670\u003c/code\u003e\u003c/a\u003e Cherry-pick \u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8874\"\u003e#8874\u003c/a\u003e to v1.79.x (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8904\"\u003e#8904\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/06df3638c0bcee88197b1033b3ba83e1eb8bc010\"\u003e\u003ccode\u003e06df363\u003c/code\u003e\u003c/a\u003e Change version to 1.79.2-dev (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8903\"\u003e#8903\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/782f2de44f597af18a120527e7682a6670d84289\"\u003e\u003ccode\u003e782f2de\u003c/code\u003e\u003c/a\u003e Change version to 1.79.1 (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8902\"\u003e#8902\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/850eccbb2257bd2de6ac28ee88a7172ab6175629\"\u003e\u003ccode\u003e850eccb\u003c/code\u003e\u003c/a\u003e Change version to 1.79.1-dev (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8851\"\u003e#8851\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/765ff056b6890f6c8341894df4e9668e9bfc18ef\"\u003e\u003ccode\u003e765ff05\u003c/code\u003e\u003c/a\u003e Change version to 1.79.0 (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8850\"\u003e#8850\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/68804be0e78ed0365bb5a576dedc12e2168ed63e\"\u003e\u003ccode\u003e68804be\u003c/code\u003e\u003c/a\u003e Cherry pick \u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8864\"\u003e#8864\u003c/a\u003e to v1.79.x (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8896\"\u003e#8896\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/grpc/grpc-go/compare/v1.78.0...v1.79.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/buger/jsonparser` from 1.1.1 to 1.1.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/buger/jsonparser/releases\"\u003egithub.com/buger/jsonparser's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.1.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdated travis to build for 1.13 to 1.15 by \u003ca href=\"https://github.com/janreggie\"\u003e\u003ccode\u003e@​janreggie\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/buger/jsonparser/pull/225\"\u003ebuger/jsonparser#225\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\n\u003cul\u003e\n\u003cli\u003eeliminate 2 allocations in EachKey() by \u003ca href=\"https://github.com/Villenny\"\u003e\u003ccode\u003e@​Villenny\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/buger/jsonparser/pull/223\"\u003ebuger/jsonparser#223\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003efix issue \u003ca href=\"https://redirect.github.com/buger/jsonparser/issues/150\"\u003e#150\u003c/a\u003e (in deleting case) by \u003ca href=\"https://github.com/daria-kay\"\u003e\u003ccode\u003e@​daria-kay\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/buger/jsonparser/pull/226\"\u003ebuger/jsonparser#226\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efixing the oss-fuzz issue by \u003ca href=\"https://github.com/daria-kay\"\u003e\u003ccode\u003e@​daria-kay\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/buger/jsonparser/pull/227\"\u003ebuger/jsonparser#227\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix parseInt overflow check false negative by \u003ca href=\"https://github.com/carsonip\"\u003e\u003ccode\u003e@​carsonip\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/buger/jsonparser/pull/231\"\u003ebuger/jsonparser#231\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded bespoke error for null cases by \u003ca href=\"https://github.com/jonomacd\"\u003e\u003ccode\u003e@​jonomacd\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/buger/jsonparser/pull/228\"\u003ebuger/jsonparser#228\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFuzzing: Add CIFuzz by \u003ca href=\"https://github.com/AdamKorcz\"\u003e\u003ccode\u003e@​AdamKorcz\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/buger/jsonparser/pull/239\"\u003ebuger/jsonparser#239\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded latest versions of go to tests by \u003ca href=\"https://github.com/moredure\"\u003e\u003ccode\u003e@​moredure\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/buger/jsonparser/pull/244\"\u003ebuger/jsonparser#244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix EachKey pIdxFlags allocation by \u003ca href=\"https://github.com/unxcepted\"\u003e\u003ccode\u003e@​unxcepted\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/buger/jsonparser/pull/241\"\u003ebuger/jsonparser#241\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: prevent panic on negative slice index in Delete with malformed JSON (GO-2026-4514) by \u003ca href=\"https://github.com/dbarrosop\"\u003e\u003ccode\u003e@​dbarrosop\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/buger/jsonparser/pull/276\"\u003ebuger/jsonparser#276\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/janreggie\"\u003e\u003ccode\u003e@​janreggie\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/buger/jsonparser/pull/225\"\u003ebuger/jsonparser#225\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Villenny\"\u003e\u003ccode\u003e@​Villenny\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/buger/jsonparser/pull/223\"\u003ebuger/jsonparser#223\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/daria-kay\"\u003e\u003ccode\u003e@​daria-kay\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/buger/jsonparser/pull/226\"\u003ebuger/jsonparser#226\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/carsonip\"\u003e\u003ccode\u003e@​carsonip\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/buger/jsonparser/pull/231\"\u003ebuger/jsonparser#231\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jonomacd\"\u003e\u003ccode\u003e@​jonomacd\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/buger/jsonparser/pull/228\"\u003ebuger/jsonparser#228\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moredure\"\u003e\u003ccode\u003e@​moredure\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/buger/jsonparser/pull/244\"\u003ebuger/jsonparser#244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/unxcepted\"\u003e\u003ccode\u003e@​unxcepted\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/buger/jsonparser/pull/241\"\u003ebuger/jsonparser#241\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dbarrosop\"\u003e\u003ccode\u003e@​dbarrosop\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/buger/jsonparser/pull/276\"\u003ebuger/jsonparser#276\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/buger/jsonparser/compare/v1.1.1...v1.1.2\"\u003ehttps://github.com/buger/jsonparser/compare/v1.1.1...v1.1.2\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/buger/jsonparser/commit/a69e7e01cd4ad67bdfd3ac2c080b9212af16f4b0\"\u003e\u003ccode\u003ea69e7e0\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/buger/jsonparser/issues/276\"\u003e#276\u003c/a\u003e from dbarrosop/master\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/buger/jsonparser/commit/d3eacc0bab779d6cf98221f5268828fff287876e\"\u003e\u003ccode\u003ed3eacc0\u003c/code\u003e\u003c/a\u003e fix: prevent panic on negative slice index in Delete with malformed JSON (GO-...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/buger/jsonparser/commit/61b32cfdfa0f5d368ef7c7daef28ce12d538740f\"\u003e\u003ccode\u003e61b32cf\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/buger/jsonparser/issues/241\"\u003e#241\u003c/a\u003e from unxcepted/master\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/buger/jsonparser/commit/2181e8398f18397c9cacbaea9889314bb585e868\"\u003e\u003ccode\u003e2181e83\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/buger/jsonparser/issues/244\"\u003e#244\u003c/a\u003e from ScaleChamp/patch-2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/buger/jsonparser/commit/1510b5194182fc2fb898f28cdbceb42fd7258bfa\"\u003e\u003ccode\u003e1510b51\u003c/code\u003e\u003c/a\u003e Added latest versions of go to tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/buger/jsonparser/commit/6fc2e488ed3cc4f1f1debec3b0c70715bd7be6fd\"\u003e\u003ccode\u003e6fc2e48\u003c/code\u003e\u003c/a\u003e fix: eachkey allocation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/buger/jsonparser/commit/a6f867eb7787e4ec54536b77b5d628ddf5c4f73d\"\u003e\u003ccode\u003ea6f867e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/buger/jsonparser/issues/239\"\u003e#239\u003c/a\u003e from AdamKorcz/cifuzz1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/buger/jsonparser/commit/cbc01fdbbe131706e89eeaaf0cd917760d8d3949\"\u003e\u003ccode\u003ecbc01fd\u003c/code\u003e\u003c/a\u003e Fuzzing: Add CIFuzz\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/buger/jsonparser/commit/dc92d6932a1272b4d8f485f798a88c3a75106256\"\u003e\u003ccode\u003edc92d69\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/buger/jsonparser/issues/228\"\u003e#228\u003c/a\u003e from jonomacd/null-handling\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/buger/jsonparser/commit/2d9d6343e8621ddc18c70749663f74bc584c0de4\"\u003e\u003ccode\u003e2d9d634\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/buger/jsonparser/issues/231\"\u003e#231\u003c/a\u003e from carsonip/fix-parseint-overflow-check\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/buger/jsonparser/compare/v1.1.1...v1.1.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/docker/cli` from 28.1.1+incompatible to 29.2.0+incompatible\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/cli/commit/0b9d1985dbf919678745f122b12b46f730b97d87\"\u003e\u003ccode\u003e0b9d198\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/cli/issues/6764\"\u003e#6764\u003c/a\u003e from vvoland/update-docker\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/cli/commit/9c9ec7358833bb3e5622a166673744fca7fefac4\"\u003e\u003ccode\u003e9c9ec73\u003c/code\u003e\u003c/a\u003e vendor: github.com/moby/moby/client v0.2.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/cli/commit/bab3e81e1d8874a2d4f26afc02225ee537d0b15d\"\u003e\u003ccode\u003ebab3e81\u003c/code\u003e\u003c/a\u003e vendor: github.com/moby/moby/api v1.53.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/cli/commit/2e64fc162ab632a530f7191cc6af65c22356ea0d\"\u003e\u003ccode\u003e2e64fc1\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/cli/issues/6367\"\u003e#6367\u003c/a\u003e from thaJeztah/template_slicejoin\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/cli/commit/1f2ba2ac9d8c92870f7cce89dfa17d89d3375c19\"\u003e\u003ccode\u003e1f2ba2a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/cli/issues/6760\"\u003e#6760\u003c/a\u003e from thaJeztah/container_create_fix_error\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/cli/commit/e34a3422cc32c808d2e8b0e0ef51112d53fa896d\"\u003e\u003ccode\u003ee34a342\u003c/code\u003e\u003c/a\u003e templates: make \u0026quot;join\u0026quot; work with non-string slices and map values\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/cli/commit/a86356d42f918968579e670b51bc85dc45982a33\"\u003e\u003ccode\u003ea86356d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/cli/issues/6763\"\u003e#6763\u003c/a\u003e from thaJeztah/bump_mapstructure\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/cli/commit/771660a17e56116eb32677a6d83c5210e5092194\"\u003e\u003ccode\u003e771660a\u003c/code\u003e\u003c/a\u003e vendor: github.com/go-viper/mapstructure/v2 v2.5.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/cli/commit/9cff36b35a828be8d137bc5de4983b7e3fef1614\"\u003e\u003ccode\u003e9cff36b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/cli/issues/6762\"\u003e#6762\u003c/a\u003e from thaJeztah/bump_x_deps\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/cli/commit/08ed2bc6e8bc49ad988ecd44633620a48fb10967\"\u003e\u003ccode\u003e08ed2bc\u003c/code\u003e\u003c/a\u003e cli/command/container: make injecting config.json failures a warning\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/docker/cli/compare/v28.1.1...v29.2.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/go-jose/go-jose/v4` from 4.1.3 to 4.1.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/go-jose/go-jose/releases\"\u003egithub.com/go-jose/go-jose/v4's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.1.4\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cp\u003eFixes Panic in JWE decryption. See \u003ca href=\"https://github.com/go-jose/go-jose/security/advisories/GHSA-78h2-9frx-2jm8\"\u003ehttps://github.com/go-jose/go-jose/security/advisories/GHSA-78h2-9frx-2jm8\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/go-jose/go-jose/compare/v4.1.3...v4.1.4\"\u003ehttps://github.com/go-jose/go-jose/compare/v4.1.3...v4.1.4\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-jose/go-jose/commit/0e59876635f3dbf46d7b5e97b52bb75a3f96e7d9\"\u003e\u003ccode\u003e0e59876\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-jose/go-jose/commit/ddffdbcec8bdadea8e02a20bdf19239878228215\"\u003e\u003ccode\u003eddffdbc\u003c/code\u003e\u003c/a\u003e Bump actions/checkout from 5 to 6 (\u003ca href=\"https://redirect.github.com/go-jose/go-jose/issues/213\"\u003e#213\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/go-jose/go-jose/compare/v4.1.3...v4.1.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/moby/spdystream` from 0.5.0 to 0.5.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/moby/spdystream/releases\"\u003egithub.com/moby/spdystream's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.5.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cp\u003eFix memory amplification in SPDY frame parsing leads to denial of service (\u003ca href=\"https://github.com/moby/spdystream/security/advisories/GHSA-pc3f-x583-g7j2\"\u003eCVE-2026-35469\u003c/a\u003e / \u003ca href=\"https://github.com/moby/spdystream/security/advisories/GHSA-pc3f-x583-g7j2\"\u003eGHSA-pc3f-x583-g7j2\u003c/a\u003e)\u003c/p\u003e\n\u003ch3\u003eChanges\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003espdy: fix duplicate license headers, add LICENSE, PATENTS, and update NOTICE \u003ca href=\"https://redirect.github.com/moby/spdystream/pull/106\"\u003emoby/spdystream#106\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: update actions and test against latest Go versions \u003ca href=\"https://redirect.github.com/moby/spdystream/pull/107\"\u003emoby/spdystream#107\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003euse ioutil.Discard for go1.13 compatibility \u003ca href=\"https://redirect.github.com/moby/spdystream/pull/109\"\u003emoby/spdystream#109\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/moby/spdystream/compare/v0.5.0...v0.5.1\"\u003ehttps://github.com/moby/spdystream/compare/v0.5.0...v0.5.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/c59e5d73daa301bde452ea77545bdf51e32554a2\"\u003e\u003ccode\u003ec59e5d7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/moby/spdystream/issues/109\"\u003e#109\u003c/a\u003e from thaJeztah/use_ioutil\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/2fd0155e904f1f9b834b8460e8fdb8522bb59f84\"\u003e\u003ccode\u003e2fd0155\u003c/code\u003e\u003c/a\u003e use ioutil.Discard for go1.13 compatibility\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/ef6121f62c730110bf5ae604a865a8613bfb787f\"\u003e\u003ccode\u003eef6121f\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/241cec95b8f02919845dc4758f1f5310fc886739\"\u003e\u003ccode\u003e241cec9\u003c/code\u003e\u003c/a\u003e compare with signed Int for 32-bit Arm\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/21c38640c8c8f43173b17e5bc6690a5fa25d6935\"\u003e\u003ccode\u003e21c3864\u003c/code\u003e\u003c/a\u003e Add options to customize limits\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/acf9b456d06816c5cf23bf3892e13441f947d5fd\"\u003e\u003ccode\u003eacf9b45\u003c/code\u003e\u003c/a\u003e spdy: update godoc for MaxDataLength\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/eb6360582bf1343f485ca87b76efc9e72b49d690\"\u003e\u003ccode\u003eeb63605\u003c/code\u003e\u003c/a\u003e spdy: limit header-size and header-count\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/2f21da42eaab90f03a82fb03d0de8e91eb1d0fc6\"\u003e\u003ccode\u003e2f21da4\u003c/code\u003e\u003c/a\u003e spdy: fix header block byte accounting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/5976b6612f07a27f2e9a4de875485defb43b5d50\"\u003e\u003ccode\u003e5976b66\u003c/code\u003e\u003c/a\u003e spdy: enforce 24-bit frame length limits\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/cf0ec5d0fe4dbb2f3525f733946e0d0ddbfd5b13\"\u003e\u003ccode\u003ecf0ec5d\u003c/code\u003e\u003c/a\u003e Guard against oversized SPDY frames\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/moby/spdystream/compare/v0.5.0...v0.5.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `go.opentelemetry.io/otel` from 1.38.0 to 1.39.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md\"\u003ego.opentelemetry.io/otel's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[1.39.0/0.61.0/0.15.0/0.0.14] 2025-12-05\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eGreatly reduce the cost of recording metrics in \u003ccode\u003ego.opentelemetry.io/otel/sdk/metric\u003c/code\u003e using hashing for map keys. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7175\"\u003e#7175\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eWithInstrumentationAttributeSet\u003c/code\u003e option to \u003ccode\u003ego.opentelemetry.io/otel/log\u003c/code\u003e, \u003ccode\u003ego.opentelemetry.io/otel/metric\u003c/code\u003e, and \u003ccode\u003ego.opentelemetry.io/otel/trace\u003c/code\u003e packages.\nThis provides a concurrent-safe and performant alternative to \u003ccode\u003eWithInstrumentationAttributes\u003c/code\u003e by accepting a pre-constructed \u003ccode\u003eattribute.Set\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7287\"\u003e#7287\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd experimental observability for the Prometheus exporter in \u003ccode\u003ego.opentelemetry.io/otel/exporters/prometheus\u003c/code\u003e.\nCheck the \u003ccode\u003ego.opentelemetry.io/otel/exporters/prometheus/internal/x\u003c/code\u003e package documentation for more information. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7345\"\u003e#7345\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd experimental observability metrics in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7353\"\u003e#7353\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd temporality selector functions \u003ccode\u003eDeltaTemporalitySelector\u003c/code\u003e, \u003ccode\u003eCumulativeTemporalitySelector\u003c/code\u003e, \u003ccode\u003eLowMemoryTemporalitySelector\u003c/code\u003e to \u003ccode\u003ego.opentelemetry.io/otel/sdk/metric\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7434\"\u003e#7434\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd experimental observability metrics for simple log processor in \u003ccode\u003ego.opentelemetry.io/otel/sdk/log\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7548\"\u003e#7548\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd experimental observability metrics in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7459\"\u003e#7459\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd experimental observability metrics in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7486\"\u003e#7486\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd experimental observability metrics for simple span processor in \u003ccode\u003ego.opentelemetry.io/otel/sdk/trace\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7374\"\u003e#7374\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd experimental observability metrics in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7512\"\u003e#7512\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd experimental observability metrics for manual reader in \u003ccode\u003ego.opentelemetry.io/otel/sdk/metric\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7524\"\u003e#7524\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd experimental observability metrics for periodic reader in \u003ccode\u003ego.opentelemetry.io/otel/sdk/metric\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7571\"\u003e#7571\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport \u003ccode\u003eOTEL_EXPORTER_OTLP_LOGS_INSECURE\u003c/code\u003e and \u003ccode\u003eOTEL_EXPORTER_OTLP_INSECURE\u003c/code\u003e environmental variables in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7608\"\u003e#7608\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eEnabled\u003c/code\u003e method to the \u003ccode\u003eProcessor\u003c/code\u003e interface in \u003ccode\u003ego.opentelemetry.io/otel/sdk/log\u003c/code\u003e.\nAll \u003ccode\u003eProcessor\u003c/code\u003e implementations now include an \u003ccode\u003eEnabled\u003c/code\u003e method. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7639\"\u003e#7639\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003ego.opentelemetry.io/otel/semconv/v1.38.0\u003c/code\u003e package.\nThe package contains semantic conventions from the \u003ccode\u003ev1.38.0\u003c/code\u003e version of the OpenTelemetry Semantic Conventions.\nSee the \u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/blob/main/semconv/v1.38.0/MIGRATION.md\"\u003emigration documentation\u003c/a\u003e for information on how to upgrade from \u003ccode\u003ego.opentelemetry.io/otel/semconv/v1.37.0.\u003c/code\u003e(\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7648\"\u003e#7648\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eDistinct\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/attribute\u003c/code\u003e is no longer guaranteed to uniquely identify an attribute set.\nCollisions between \u003ccode\u003eDistinct\u003c/code\u003e values for different Sets are possible with extremely high cardinality (billions of series per instrument), but are highly unlikely. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7175\"\u003e#7175\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eWithInstrumentationAttributes\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/trace\u003c/code\u003e synchronously de-duplicates the passed attributes instead of delegating it to the returned \u003ccode\u003eTracerOption\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7266\"\u003e#7266\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eWithInstrumentationAttributes\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/meter\u003c/code\u003e synchronously de-duplicates the passed attributes instead of delegating it to the returned \u003ccode\u003eMeterOption\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7266\"\u003e#7266\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eWithInstrumentationAttributes\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/log\u003c/code\u003e synchronously de-duplicates the passed attributes instead of delegating it to the returned \u003ccode\u003eLoggerOption\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7266\"\u003e#7266\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRename the \u003ccode\u003eOTEL_GO_X_SELF_OBSERVABILITY\u003c/code\u003e environment variable to \u003ccode\u003eOTEL_GO_X_OBSERVABILITY\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/sdk/trace\u003c/code\u003e, \u003ccode\u003ego.opentelemetry.io/otel/sdk/log\u003c/code\u003e, and \u003ccode\u003ego.opentelemetry.io/otel/exporters/stdout/stdouttrace\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7302\"\u003e#7302\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImprove performance of histogram \u003ccode\u003eRecord\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/sdk/metric\u003c/code\u003e when min and max are disabled using \u003ccode\u003eNoMinMax\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7306\"\u003e#7306\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImprove error handling for dropped data during translation by using \u003ccode\u003eprometheus.NewInvalidMetric\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/exporters/prometheus\u003c/code\u003e.\n⚠️ \u003cstrong\u003eBreaking Change:\u003c/strong\u003e Previously, these cases were only logged and scrapes succeeded.\nNow, when translation would drop data (e.g., invalid label/value), the exporter emits a \u003ccode\u003eNewInvalidMetric\u003c/code\u003e, and Prometheus scrapes \u003cstrong\u003efail with HTTP 500\u003c/strong\u003e by default.\nTo preserve the prior behavior (scrapes succeed while errors are logged), configure your Prometheus HTTP handler with: \u003ccode\u003epromhttp.HandlerOpts{ ErrorHandling: promhttp.ContinueOnError }\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7363\"\u003e#7363\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReplace fnv hash with xxhash in \u003ccode\u003ego.opentelemetry.io/otel/attribute\u003c/code\u003e for better performance. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7371\"\u003e#7371\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eThe default \u003ccode\u003eTranslationStrategy\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/exporters/prometheus\u003c/code\u003e is changed from \u003ccode\u003eotlptranslator.NoUTF8EscapingWithSuffixes\u003c/code\u003e to \u003ccode\u003eotlptranslator.UnderscoreEscapingWithSuffixes\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7421\"\u003e#7421\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImprove performance of concurrent measurements in \u003ccode\u003ego.opentelemetry.io/otel/sdk/metric\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7427\"\u003e#7427\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eInclude W3C TraceFlags (bits 0–7) in the OTLP \u003ccode\u003eSpan.Flags\u003c/code\u003e field in \u003ccode\u003ego.opentelemetry.io/exporters/otlp/otlptrace/otlptracehttp\u003c/code\u003e and \u003ccode\u003ego.opentelemetry.io/exporters/otlp/otlptrace/otlptracegrpc\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7438\"\u003e#7438\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003eErrorType\u003c/code\u003e function in \u003ccode\u003ego.opentelemetry.io/otel/semconv/v1.37.0\u003c/code\u003e now handles custom error types.\nIf an error implements an \u003ccode\u003eErrorType() string\u003c/code\u003e method, the return value of that method will be used as the error type. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7442\"\u003e#7442\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003eWithInstrumentationAttributes\u003c/code\u003e options in \u003ccode\u003ego.opentelemetry.io/otel/trace\u003c/code\u003e, \u003ccode\u003ego.opentelemetry.io/otel/metric\u003c/code\u003e, and \u003ccode\u003ego.opentelemetry.io/otel/log\u003c/code\u003e to properly merge attributes when passed multiple times instead of replacing them.\nAttributes with duplicate keys will use the last value passed. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7300\"\u003e#7300\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eThe equality of \u003ccode\u003eattribute.Set\u003c/code\u003e when using the \u003ccode\u003eEqual\u003c/code\u003e method is not affected by the user overriding the empty set pointed to by \u003ccode\u003eattribute.EmptySet\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/attribute\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7357\"\u003e#7357\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/6ce14298b9d58647295280560205307768400496\"\u003e\u003ccode\u003e6ce1429\u003c/code\u003e\u003c/a\u003e Release v1.39.0 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7676\"\u003e#7676\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/12e421a7061c1ab5c25a1851ca168e1c3ac11bbb\"\u003e\u003ccode\u003e12e421a\u003c/code\u003e\u003c/a\u003e sdk/log: move Enabled method from FilterProcessor to Processor (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7639\"\u003e#7639\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/5982f16d244fafebffcfc92b4673dbeb565b4e7b\"\u003e\u003ccode\u003e5982f16\u003c/code\u003e\u003c/a\u003e fix(deps): update module golang.org/x/sys to v0.39.0 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7684\"\u003e#7684\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/928837830da34dea636b48a468149d480cc41058\"\u003e\u003ccode\u003e9288378\u003c/code\u003e\u003c/a\u003e chore(deps): update module golang.org/x/sync to v0.19.0 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7683\"\u003e#7683\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/ee3dfef45d9462e209d92e0651a58d2417c1305f\"\u003e\u003ccode\u003eee3dfef\u003c/code\u003e\u003c/a\u003e chore(deps): update github.com/securego/gosec/v2 digest to 41f28e2 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7682\"\u003e#7682\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/9345d1f64d874fa8df5f6ca4e14acaeb44532cd3\"\u003e\u003ccode\u003e9345d1f\u003c/code\u003e\u003c/a\u003e fix(deps): update module github.com/golangci/golangci-lint/v2 to v2.7.2 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7680\"\u003e#7680\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/d03b03395dc9436d79d5ba7b5ea77053b18a9915\"\u003e\u003ccode\u003ed03b033\u003c/code\u003e\u003c/a\u003e Check context prior to delaying retry in OTLP exporters (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7678\"\u003e#7678\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/61765e78a620994b5922e34e776e029da1a2b983\"\u003e\u003ccode\u003e61765e7\u003c/code\u003e\u003c/a\u003e Fix flaky \u003ccode\u003eTestClientInstrumentation\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7677\"\u003e#7677\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/a54721cc8052fcd497d6f637a463d1aba787012c\"\u003e\u003ccode\u003ea54721c\u003c/code\u003e\u003c/a\u003e chore(deps): update module github.com/go-git/go-billy/v5 to v5.7.0 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7679\"\u003e#7679\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/746d0860d70bb9c1e875afe1c7e41e9060387d46\"\u003e\u003ccode\u003e746d086\u003c/code\u003e\u003c/a\u003e chore(deps): update github/codeql-action action to v4.31.7 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7675\"\u003e#7675\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/compare/v1.38.0...v1.39.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `go.opentelemetry.io/otel/sdk` from 1.38.0 to 1.39.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md\"\u003ego.opentelemetry.io/otel/sdk's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[1.39.0/0.61.0/0.15.0/0.0.14] 2025-12-05\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eGreatly reduce the cost of recording metrics in \u003ccode\u003ego.opentelemetry.io/otel/sdk/metric\u003c/code\u003e using hashing for map keys. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7175\"\u003e#7175\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eWithInstrumentationAttributeSet\u003c/code\u003e option to \u003ccode\u003ego.opentelemetry.io/otel/log\u003c/code\u003e, \u003ccode\u003ego.opentelemetry.io/otel/metric\u003c/code\u003e, and \u003ccode\u003ego.opentelemetry.io/otel/trace\u003c/code\u003e packages.\nThis provides a concurrent-safe and performant alternative to \u003ccode\u003eWithInstrumentationAttributes\u003c/code\u003e by accepting a pre-constructed \u003ccode\u003eattribute.Set\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7287\"\u003e#7287\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd experimental observability for the Prometheus exporter in \u003ccode\u003ego.opentelemetry.io/otel/exporters/prometheus\u003c/code\u003e.\nCheck the \u003ccode\u003ego.opentelemetry.io/otel/exporters/prometheus/internal/x\u003c/code\u003e package documentation for more information. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7345\"\u003e#7345\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd experimental observability metrics in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7353\"\u003e#7353\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd temporality selector functions \u003ccode\u003eDeltaTemporalitySelector\u003c/code\u003e, \u003ccode\u003eCumulativeTemporalitySelector\u003c/code\u003e, \u003ccode\u003eLowMemoryTemporalitySelector\u003c/code\u003e to \u003ccode\u003ego.opentelemetry.io/otel/sdk/metric\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7434\"\u003e#7434\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd experimental observability metrics for simple log processor in \u003ccode\u003ego.opentelemetry.io/otel/sdk/log\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7548\"\u003e#7548\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd experimental observability metrics in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7459\"\u003e#7459\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd experimental observability metrics in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7486\"\u003e#7486\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd experimental observability metrics for simple span processor in \u003ccode\u003ego.opentelemetry.io/otel/sdk/trace\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7374\"\u003e#7374\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd experimental observability metrics in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7512\"\u003e#7512\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd experimental observability metrics for manual reader in \u003ccode\u003ego.opentelemetry.io/otel/sdk/metric\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7524\"\u003e#7524\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd experimental observability metrics for periodic reader in \u003ccode\u003ego.opentelemetry.io/otel/sdk/metric\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7571\"\u003e#7571\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport \u003ccode\u003eOTEL_EXPORTER_OTLP_LOGS_INSECURE\u003c/code\u003e and \u003ccode\u003eOTEL_EXPORTER_OTLP_INSECURE\u003c/code\u003e environmental variables in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7608\"\u003e#7608\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eEnabled\u003c/code\u003e method to the \u003ccode\u003eProcessor\u003c/code\u003e interface in \u003ccode\u003ego.opentelemetry.io/otel/sdk/log\u003c/code\u003e.\nAll \u003ccode\u003eProcessor\u003c/code\u003e implementations now include an \u003ccode\u003eEnabled\u003c/code\u003e method. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7639\"\u003e#7639\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003ego.opentelemetry.io/otel/semconv/v1.38.0\u003c/code\u003e package.\nThe package contains semantic conventions from the \u003ccode\u003ev1.38.0\u003c/code\u003e version of the OpenTelemetry Semantic Conventions.\nSee the \u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/blob/main/semconv/v1.38.0/MIGRATION.md\"\u003emigration documentation\u003c/a\u003e for information on how to upgrade from \u003ccode\u003ego.opentelemetry.io/otel/semconv/v1.37.0.\u003c/code\u003e(\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7648\"\u003e#7648\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eDistinct\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/attribute\u003c/code\u003e is no longer guaranteed to uniquely identify an attribute set.\nCollisions between \u003ccode\u003eDistinct\u003c/code\u003e values for different Sets are possible with extremely high cardinality (billions of series per instrument), but are highly unlikely. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7175\"\u003e#7175\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eWithInstrumentationAttributes\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/trace\u003c/code\u003e synchronously de-duplicates the passed attributes instead of delegating it to the returned \u003ccode\u003eTracerOption\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7266\"\u003e#7266\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eWithInstrumentationAttributes\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/meter\u003c/code\u003e synchronously de-duplicates the passed attributes instead of delegating it to the returned \u003ccode\u003eMeterOption\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7266\"\u003e#7266\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eWithInstrumentationAttributes\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/log\u003c/code\u003e synchronously de-duplicates the passed attributes instead of delegating it to the returned \u003ccode\u003eLoggerOption\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7266\"\u003e#7266\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRename the \u003ccode\u003eOTEL_GO_X_SELF_OBSERVABILITY\u003c/code\u003e environment variable to \u003ccode\u003eOTEL_GO_X_OBSERVABILITY\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/sdk/trace\u003c/code\u003e, \u003ccode\u003ego.opentelemetry.io/otel/sdk/log\u003c/code\u003e, and \u003ccode\u003ego.opentelemetry.io/otel/exporters/stdout/stdouttrace\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7302\"\u003e#7302\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImprove performance of histogram \u003ccode\u003eRecord\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/sdk/metric\u003c/code\u003e when min and max are disabled using \u003ccode\u003eNoMinMax\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7306\"\u003e#7306\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImprove error handling for dropped data during translation by using \u003ccode\u003eprometheus.NewInvalidMetric\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/exporters/prometheus\u003c/code\u003e.\n⚠️ \u003cstrong\u003eBreaking Change:\u003c/strong\u003e Previously, these cases were only logged and scrapes succeeded.\nNow, when translation would drop data (e.g., invalid label/value), the exporter emits a \u003ccode\u003eNewInvalidMetric\u003c/code\u003e, and Prometheus scrapes \u003cstrong\u003efail with HTTP 500\u003c/strong\u003e by default.\nTo preserve the prior behavior (scrapes succeed while errors are logged), configure your Prometheus HTTP handler with: \u003ccode\u003epromhttp.HandlerOpts{ ErrorHandling: promhttp.ContinueOnError }\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7363\"\u003e#7363\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReplace fnv hash with xxhash in \u003ccode\u003ego.opentelemetry.io/otel/attribute\u003c/code\u003e for better performance. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7371\"\u003e#7371\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eThe default \u003ccode\u003eTranslationStrategy\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/exporters/prometheus\u003c/code\u003e is changed from \u003ccode\u003eotlptranslator.NoUTF8EscapingWithSuffixes\u003c/code\u003e to \u003ccode\u003eotlptranslator.UnderscoreEscapingWithSuffixes\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7421\"\u003e#7421\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImprove performance of concurrent measurements in \u003ccode\u003ego.opentelemetry.io/otel/sdk/metric\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7427\"\u003e#7427\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eInclude W3C TraceFlags (bits 0–7) in the OTLP \u003ccode\u003eSpan.Flags\u003c/code\u003e field in \u003ccode\u003ego.opentelemetry.io/exporters/otlp/otlptrace/otlptracehttp\u003c/code\u003e and \u003ccode\u003ego.opentelemetry.io/exporters/otlp/otlptrace/otlptracegrpc\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7438\"\u003e#7438\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003eErrorType\u003c/code\u003e function in \u003ccode\u003ego.opentelemetry.io/otel/semconv/v1.37.0\u003c/code\u003e now handles custom error types.\nIf an error implements an \u003ccode\u003eErrorType() string\u003c/code\u003e method, the return value of that method will be used as the error type. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7442\"\u003e#7442\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003eWithInstrumentationAttributes\u003c/code\u003e options in \u003ccode\u003ego.opentelemetry.io/otel/trace\u003c/code\u003e, \u003ccode\u003ego.opentelemetry.io/otel/metric\u003c/code\u003e, and \u003ccode\u003ego.opentelemetry.io/otel/log\u003c/code\u003e to properly merge attributes when passed multiple times instead of replacing them.\nAttributes with duplicate keys will use the last value passed. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7300\"\u003e#7300\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eThe equality of \u003ccode\u003eattribute.Set\u003c/code\u003e when using the \u003ccode\u003eEqual\u003c/code\u003e method is not affected by the user overriding the empty set pointed to by \u003ccode\u003eattribute.EmptySet\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/attribute\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7357\"\u003e#7357\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/6ce14298b9d58647295280560205307768400496\"\u003e\u003ccode\u003e6ce1429\u003c/code\u003e\u003c/a\u003e Release v1.39.0 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7676\"\u003e#7676\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/12e421a7061c1ab5c25a1851ca168e1c3ac11bbb\"\u003e\u003ccode\u003e12e421a\u003c/code\u003e\u003c/a\u003e sdk/log: move Enabled method from FilterProcessor to Processor (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7639\"\u003e#7639\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/5982f16d244fafebffcfc92b4673dbeb565b4e7b\"\u003e\u003ccode\u003e5982f16\u003c/code\u003e\u003c/a\u003e fix(deps): update module golang.org/x/sys to v0.39.0 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7684\"\u003e#7684\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/928837830da34dea636b48a468149d480cc41058\"\u003e\u003ccode\u003e9288378\u003c/code\u003e\u003c/a\u003e chore(deps): update module golang.org/x/sync to v0.19.0 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7683\"\u003e#7683\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/ee3dfef45d9462e209d92e0651a58d2417c1305f\"\u003e\u003ccode\u003eee3dfef\u003c/code\u003e\u003c/a\u003e chore(deps): update github.com/securego/gosec/v2 digest to 41f28e2 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7682\"\u003e#7682\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/9345d1f64d874fa8df5f6ca4e14acaeb44532cd3\"\u003e\u003ccode\u003e9345d1f\u003c/code\u003e\u003c/a\u003e fix(deps): update module github.com/golangci/golangci-lint/v2 to v2.7.2 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7680\"\u003e#7680\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/d03b03395dc9436d79d5ba7b5ea77053b18a9915\"\u003e\u003ccode\u003ed03b033\u003c/code\u003e\u003c/a\u003e Check context prior to delaying retry in OTLP exporters (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7678\"\u003e#7678\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/61765e78a620994b5922e34e776e029da1a2b983\"\u003e\u003ccode\u003e61765e7\u003c/code\u003e\u003c/a\u003e Fix flaky \u003ccode\u003eTestClientInstrumentation\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7677\"\u003e#7677\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/a54721cc8052fcd497d6f637a463d1aba787012c\"\u003e\u003ccode\u003ea54721c\u003c/code\u003e\u003c/a\u003e chore(deps): update module github.com/go-git/go-billy/v5 to v5.7.0 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7679\"\u003e#7679\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/746d0860d70bb9c1e875afe1c7e41e9060387d46\"\u003e\u003ccode\u003e746d086\u003c/code\u003e\u003c/a\u003e chore(deps): update github/codeql-action action to v4.31.7 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7675\"\u003e#7675\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/compare/v1.38.0...v1.39.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `golang.org/x/crypto` from 0.44.0 to 0.50.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/4e0068c0098be10d7025c99ab7c50ce454c1f0f9\"\u003e\u003ccode\u003e4e0068c\u003c/code\u003e\u003c/a\u003e go.mod: update golang.org/x dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/e79546e28b85ea53dd37afe1c4102746ef553b9c\"\u003e\u003ccode\u003ee79546e\u003c/code\u003e\u003c/a\u003e ssh: curb GSSAPI DoS risk by limiting number of specified OIDs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/f91f7a7c31bf90b39c1de895ad116a2bacc88748\"\u003e\u003ccode\u003ef91f7a7\u003c/code\u003e\u003c/a\u003e ssh/agent: prevent panic on malformed constraint\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/2df4153a0311bdfea44376e0eb6ef2faefb0275b\"\u003e\u003ccode\u003e2df4153\u003c/code\u003e\u003c/a\u003e acme/autocert: let automatic renewal work with short lifetime certs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/bcf6a849efcf4702fa5172cb0998b46c3da1e989\"\u003e\u003ccode\u003ebcf6a84\u003c/code\u003e\u003c/a\u003e acme: pass context to request\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/b4f2b62076abeee4e43fb59544dac565715fbf1e\"\u003e\u003ccode\u003eb4f2b62\u003c/code\u003e\u003c/a\u003e ssh: fix error message on unsupported cipher\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/79ec3a51fcc7fbd2691d56155d578225ccc542e2\"\u003e\u003ccode\u003e79ec3a5\u003c/code\u003e\u003c/a\u003e ssh: allow to bind to a hostname in remote forwarding\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/122a78f140d9d3303ed3261bc374bbbca149140f\"\u003e\u003ccode\u003e122a78f\u003c/code\u003e\u003c/a\u003e go.mod: update golang.org/x dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/c0531f9c34514ad5c5551e2d6ce569ca673a8afd\"\u003e\u003ccode\u003ec0531f9\u003c/code\u003e\u003c/a\u003e all: eliminate vet diagnostics\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/0997000b45e3a40598272081bcad03ffd21b8adb\"\u003e\u003ccode\u003e0997000\u003c/code\u003e\u003c/a\u003e all: fix some comments\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/golang/crypto/compare/v0.26.0...v0.45.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `google.golang.org/grpc` from 1.78.0 to 1.79.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/grpc/grpc-go/releases\"\u003egoogle.golang.org/grpc's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRelease 1.79.3\u003c/h2\u003e\n\u003ch1\u003eSecurity\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eserver: fix an authorization bypass where malformed :path headers (missing the leading slash) could bypass path-based restricted \u0026quot;deny\u0026quot; rules in interceptors like \u003ccode\u003egrpc/authz\u003c/code\u003e. Any request with a non-canonical path is now immediately rejected with an \u003ccode\u003eUnimplemented\u003c/code\u003e error. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8981\"\u003e#8981\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eRelease 1.79.2\u003c/h2\u003e\n\u003ch1\u003eBug Fixes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003estats: Prevent redundant error logging in health/ORCA producers by skipping stats/tracing processing when no stats handler is configured. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/pull/8874\"\u003egrpc/grpc-go#8874\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eRelease 1.79.1\u003c/h2\u003e\n\u003ch1\u003eBug Fixes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003egrpc: Remove the \u003ccode\u003e-dev\u003c/code\u003e suffix from the User-Agent header. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/pull/8902\"\u003egrpc/grpc-go#8902\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eRelease 1.79.0\u003c/h2\u003e\n\u003ch1\u003eAPI Changes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003emem: Add experimental API \u003ccode\u003eSetDefaultBufferPool\u003c/code\u003e to change the default buffer pool. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8806\"\u003e#8806\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eSpecial Thanks: \u003ca href=\"https://github.com/vanja-p\"\u003e\u003ccode\u003e@​vanja-p\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eexperimental/stats: Update \u003ccode\u003eMetricsRecorder\u003c/code\u003e to require embedding the new \u003ccode\u003eUnimplementedMetricsRecorder\u003c/code\u003e (a no-op struct) in all implementations for forward compatibility. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8780\"\u003e#8780\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eBehavior Changes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003ebalancer/weightedtarget: Remove handling of \u003ccode\u003eAddresses\u003c/code\u003e and only handle \u003ccode\u003eEndpoints\u003c/code\u003e in resolver updates. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8841\"\u003e#8841\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eNew Features\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eexperimental/stats: Add support for asynchronous gauge metrics through the new \u003ccode\u003eAsyncMetricReporter\u003c/code\u003e and \u003ccode\u003eRegisterAsyncReporter\u003c/code\u003e APIs. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8780\"\u003e#8780\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003epickfirst: Add support for weighted random shuffling of endpoints, as described in \u003ca href=\"https://redirect.github.com/grpc/proposal/pull/535\"\u003egRFC A113\u003c/a\u003e.\n\u003cul\u003e\n\u003cli\u003eThis is enabled by default, and can be turned off using the environment variable \u003ccode\u003eGRPC_EXPERIMENTAL_PF_WEIGHTED_SHUFFLING\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8864\"\u003e#8864\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003exds: Implement \u003ccode\u003e:authority\u003c/code\u003e rewriting, as specified in \u003ca href=\"https://github.com/grpc/proposal/blob/master/A81-xds-authority-rewriting.md\"\u003egRFC A81\u003c/a\u003e. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8779\"\u003e#8779\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ebalancer/randomsubsetting: Implement the \u003ccode\u003erandom_subsetting\u003c/code\u003e LB policy, as specified in \u003ca href=\"https://github.com/grpc/proposal/blob/master/A68-random-subsetting.md\"\u003egRFC A68\u003c/a\u003e. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8650\"\u003e#8650\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eSpecial Thanks: \u003ca href=\"https://github.com/marek-szews\"\u003e\u003ccode\u003e@​marek-szews\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eBug Fixes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003ecredentials/tls: Fix a bug where the port was not stripped from the authority override before validation. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8726\"\u003e#8726\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eSpecial Thanks: \u003ca href=\"https://github.com/Atul1710\"\u003e\u003ccode\u003e@​Atul1710\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003exds/priority: Fix a bug causing delayed failover to lower-priority clusters when a higher-priority cluster is stuck in \u003ccode\u003eCONNECTING\u003c/code\u003e state. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8813\"\u003e#8813\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ehealth: Fix a bug where health checks failed for clients using legacy compression options (\u003ccode\u003eWithDecompressor\u003c/code\u003e or \u003ccode\u003eRPCDecompressor\u003c/code\u003e). (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8765\"\u003e#8765\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eSpecial Thanks: \u003ca href=\"https://github.com/sanki92\"\u003e\u003ccode\u003e@​sanki92\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003etransport: Fix an issue where the HTTP/2 server could skip header size checks when terminating a stream early. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8769\"\u003e#8769\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eSpecial Thanks: \u003ca href=\"https://github.com/joybestourous\"\u003e\u003ccode\u003e@​joybestourous\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eserver: Propagate status detail headers, if available, when terminating a stream during request header processing. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8754\"\u003e#8754\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eSpecial Thanks: \u003ca href=\"https://github.com/joybestourous\"\u003e\u003ccode\u003e@​joybestourous\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003ePerformance Improvements\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003ecredentials/alts: Optimize read buffer alignment to reduce copies. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8791\"\u003e#8791\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003emem: Optimize pooling and creation of \u003ccode\u003ebuffer\u003c/code\u003e objects.  (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8784\"\u003e#8784\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003etransport: Reduce slice re-allocations by reserving slice capacity. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8797\"\u003e#8797\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/dda86dbd9cecb8b35b58c73d507d81d67761205f\"\u003e\u003ccode\u003edda86db\u003c/code\u003e\u003c/a\u003e Change version to 1.79.3 (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8983\"\u003e#8983\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/72186f163e75a065c39e6f7df9b6dea07fbdeff5\"\u003e\u003ccode\u003e72186f1\u003c/code\u003e\u003c/a\u003e grpc: enforce strict path checking for incoming requests on the server (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8981\"\u003e#8981\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/97ca3522b239edf6813e2b1106924e9d55e89d43\"\u003e\u003ccode\u003e97ca352\u003c/code\u003e\u003c/a\u003e Changing version to 1.79.3-dev (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8954\"\u003e#8954\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/8902ab6efea590f5b3861126559eaa26fa9783b2\"\u003e\u003ccode\u003e8902ab6\u003c/code\u003e\u003c/a\u003e Change the version to release 1.79.2 (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8947\"\u003e#8947\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/a9286705aa689bee321ec674323b6896284f3e02\"\u003e\u003ccode\u003ea928670\u003c/code\u003e\u003c/a\u003e Cherry-pick \u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8874\"\u003e#8874\u003c/a\u003e to v1.79.x (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8904\"\u003e#8904\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/06df3638c0bcee88197b1033b3ba83e1eb8bc010\"\u003e\u003ccode\u003e06df363\u003c/code\u003e\u003c/a\u003e Change version to 1.79.2-dev (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8903\"\u003e#8903\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/782f2de44f597af18a120527e7682a6670d84289\"\u003e\u003ccode\u003e782f2de\u003c/code\u003e\u003c/a\u003e Change version to 1.79.1 (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8902\"\u003e#8902\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/850eccbb2257bd2de6ac28ee88a7172ab6175629\"\u003e\u003ccode\u003e850eccb\u003c/code\u003e\u003c/a\u003e Change version to 1.79.1-dev (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8851\"\u003e#8851\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/765ff056b6890f6c8341894df4e9668e9bfc18ef\"\u003e\u003ccode\u003e765ff05\u003c/code\u003e\u003c/a\u003e Change version to 1.79.0 (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8850\"\u003e#8850\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/68804be0e78ed0365bb5a576dedc12e2168ed63e\"\u003e\u003ccode\u003e68804be\u003c/code\u003e\u003c/a\u003e Cherry pick \u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8864\"\u003e#8864\u003c/a\u003e to v1.79.x (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8896\"\u003e#8896\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/grpc/grpc-go/compare/v1.78.0...v1.79.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/go-jose/go-jose/v4` from 4.1.3 to 4.1.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/go-jose/go-jose/releases\"\u003egithub.com/go-jose/go-jose/v4's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.1.4\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cp\u003eFixes Panic in JWE decryption. See \u003ca href=\"https://github.com/go-jose/go-jose/security/advisories/GHSA-78h2-9frx-2jm8\"\u003ehttps://github.com/go-jose/go-jose/security/advisories/GHSA-78h2-9frx-2jm8\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/go-jose/go-jose/compare/v4.1.3...v4.1.4\"\u003ehttps://github.com/go-jose/go-jose/compare/v4.1.3...v4.1.4\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-jose/go-jose/commit/0e59876635f3dbf46d7b5e97b52bb75a3f96e7d9\"\u003e\u003ccode\u003e0e59876\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-jose/go-jose/commit/ddffdbcec8bdadea8e02a20bdf19239878228215\"\u003e\u003ccode\u003eddffdbc\u003c/code\u003e\u003c/a\u003e Bump actions/checkout from 5 to 6 (\u003ca href=\"https://redirect.github.com/go-jose/go-jose/issues/213\"\u003e#213\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/go-jose/go-jose/compare/v4.1.3...v4.1.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/moby/spdystream` from 0.5.0 to 0.5.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/moby/spdystream/releases\"\u003egithub.com/moby/spdystream's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.5.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cp\u003eFix memory amplification in SPDY frame parsing leads to denial of service (\u003ca href=\"https://github.com/moby/spdystream/security/advisories/GHSA-pc3f-x583-g7j2\"\u003eCVE-2026-35469\u003c/a\u003e / \u003ca href=\"https://github.com/moby/spdystream/security/advisories/GHSA-pc3f-x583-g7j2\"\u003eGHSA-pc3f-x583-g7j2\u003c/a\u003e)\u003c/p\u003e\n\u003ch3\u003eChanges\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003espdy: fix duplicate license headers, add LICENSE, PATENTS, and update NOTICE \u003ca href=\"https://redirect.github.com/moby/spdystream/pull/106\"\u003emoby/spdystream#106\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: update actions and test against latest Go versions \u003ca href=\"https://redirect.github.com/moby/spdystream/pull/107\"\u003emoby/spdystream#107\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003euse ioutil.Discard for go1.13 compatibility \u003ca href=\"https://redirect.github.com/moby/spdystream/pull/109\"\u003emoby/spdystream#109\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/moby/spdystream/compare/v0.5.0...v0.5.1\"\u003ehttps://github.com/moby/spdystream/compare/v0.5.0...v0.5.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/c59e5d73daa301bde452ea77545bdf51e32554a2\"\u003e\u003ccode\u003ec59e5d7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/moby/spdystream/issues/109\"\u003e#109\u003c/a\u003e from thaJeztah/use_ioutil\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/2fd0155e904f1f9b834b8460e8fdb8522bb59f84\"\u003e\u003ccode\u003e2fd0155\u003c/code\u003e\u003c/a\u003e use ioutil.Discard for go1.13 compatibility\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/ef6121f62c730110bf5ae604a865a8613bfb787f\"\u003e\u003ccode\u003eef6121f\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/241cec95b8f02919845dc4758f1f5310fc886739\"\u003e\u003ccode\u003e241cec9\u003c/code\u003e\u003c/a\u003e compare with signed Int for 32-bit Arm\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/21c38640c8c8f43173b17e5bc6690a5fa25d6935\"\u003e\u003ccode\u003e21c3864\u003c/code\u003e\u003c/a\u003e Add options to customize limits\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/acf9b456d06816c5cf23bf3892e13441f947d5fd\"\u003e\u003ccode\u003eacf9b45\u003c/code\u003e\u003c/a\u003e spdy: update god...\n\n_Description has been truncated_","html_url":"https://github.com/AKJUS/higress/pull/233","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/AKJUS%2Fhigress/issues/233","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/233/packages"}},{"old_version":"0.5.0","new_version":"0.5.1","update_type":"patch","path":null,"pr_created_at":"2026-04-24T20:35:24.000Z","version_change":"0.5.0 → 0.5.1","issue":{"uuid":"4325443956","node_id":"PR_kwDOQzBTb87VdhzY","number":13,"state":"open","title":"Bump the go_modules group across 20 directories with 6 updates","user":"dependabot[bot]","labels":["dependencies","go"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-04-24T20:35:24.000Z","updated_at":"2026-04-24T20:35:51.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"go_modules","update_count":6,"packages":[{"name":"github.com/go-viper/mapstructure/v2","old_version":"2.3.0","new_version":"2.4.0","repository_url":"https://github.com/go-viper/mapstructure"},{"name":"github.com/golang/glog","old_version":"1.2.2","new_version":"1.2.4","repository_url":"https://github.com/golang/glog"},{"name":"go.opentelemetry.io/otel","old_version":"1.38.0","new_version":"1.41.0","repository_url":"https://github.com/open-telemetry/opentelemetry-go"},{"name":"go.opentelemetry.io/otel/sdk","old_version":"1.38.0","new_version":"1.43.0","repository_url":"https://github.com/open-telemetry/opentelemetry-go"},{"name":"google.golang.org/grpc","old_version":"1.75.0","new_version":"1.79.3","repository_url":"https://github.com/grpc/grpc-go"},{"name":"github.com/moby/spdystream","old_version":"0.5.0","new_version":"0.5.1","repository_url":"https://github.com/moby/spdystream"},{"name":"github.com/moby/spdystream","old_version":"0.5.0","new_version":"0.5.1","repository_url":"https://github.com/moby/spdystream"},{"name":"go.opentelemetry.io/otel","old_version":"1.38.0","new_version":"1.41.0","repository_url":"https://github.com/open-telemetry/opentelemetry-go"},{"name":"go.opentelemetry.io/otel/sdk","old_version":"1.38.0","new_version":"1.43.0","repository_url":"https://github.com/open-telemetry/opentelemetry-go"}],"path":null,"ecosystem":"go"},"body":"Bumps the go_modules group with 2 updates in the /hack/tools directory: [github.com/go-viper/mapstructure/v2](https://github.com/go-viper/mapstructure) and [github.com/golang/glog](https://github.com/golang/glog).\nBumps the go_modules group with 4 updates in the /staging/src/k8s.io/apiextensions-apiserver directory: [go.opentelemetry.io/otel](https://github.com/open-telemetry/opentelemetry-go), [go.opentelemetry.io/otel/sdk](https://github.com/open-telemetry/opentelemetry-go), [google.golang.org/grpc](https://github.com/grpc/grpc-go) and [github.com/moby/spdystream](https://github.com/moby/spdystream).\nBumps the go_modules group with 1 update in the /staging/src/k8s.io/apimachinery directory: [github.com/moby/spdystream](https://github.com/moby/spdystream).\nBumps the go_modules group with 4 updates in the /staging/src/k8s.io/apiserver directory: [go.opentelemetry.io/otel](https://github.com/open-telemetry/opentelemetry-go), [go.opentelemetry.io/otel/sdk](https://github.com/open-telemetry/opentelemetry-go), [google.golang.org/grpc](https://github.com/grpc/grpc-go) and [github.com/moby/spdystream](https://github.com/moby/spdystream).\nBumps the go_modules group with 1 update in the /staging/src/k8s.io/client-go directory: [github.com/moby/spdystream](https://github.com/moby/spdystream).\nBumps the go_modules group with 3 updates in the /staging/src/k8s.io/cloud-provider directory: [go.opentelemetry.io/otel](https://github.com/open-telemetry/opentelemetry-go), [go.opentelemetry.io/otel/sdk](https://github.com/open-telemetry/opentelemetry-go) and [google.golang.org/grpc](https://github.com/grpc/grpc-go).\nBumps the go_modules group with 3 updates in the /staging/src/k8s.io/component-base directory: [go.opentelemetry.io/otel](https://github.com/open-telemetry/opentelemetry-go), [go.opentelemetry.io/otel/sdk](https://github.com/open-telemetry/opentelemetry-go) and [google.golang.org/grpc](https://github.com/grpc/grpc-go).\nBumps the go_modules group with 3 updates in the /staging/src/k8s.io/controller-manager directory: [go.opentelemetry.io/otel](https://github.com/open-telemetry/opentelemetry-go), [go.opentelemetry.io/otel/sdk](https://github.com/open-telemetry/opentelemetry-go) and [google.golang.org/grpc](https://github.com/grpc/grpc-go).\nBumps the go_modules group with 2 updates in the /staging/src/k8s.io/cri-api directory: [go.opentelemetry.io/otel](https://github.com/open-telemetry/opentelemetry-go) and [google.golang.org/grpc](https://github.com/grpc/grpc-go).\nBumps the go_modules group with 3 updates in the /staging/src/k8s.io/cri-client directory: [go.opentelemetry.io/otel](https://github.com/open-telemetry/opentelemetry-go), [go.opentelemetry.io/otel/sdk](https://github.com/open-telemetry/opentelemetry-go) and [google.golang.org/grpc](https://github.com/grpc/grpc-go).\nBumps the go_modules group with 2 updates in the /staging/src/k8s.io/dynamic-resource-allocation directory: [go.opentelemetry.io/otel](https://github.com/open-telemetry/opentelemetry-go) and [google.golang.org/grpc](https://github.com/grpc/grpc-go).\nBumps the go_modules group with 1 update in the /staging/src/k8s.io/endpointslice directory: [go.opentelemetry.io/otel](https://github.com/open-telemetry/opentelemetry-go).\nBumps the go_modules group with 2 updates in the /staging/src/k8s.io/externaljwt directory: [go.opentelemetry.io/otel](https://github.com/open-telemetry/opentelemetry-go) and [google.golang.org/grpc](https://github.com/grpc/grpc-go).\nBumps the go_modules group with 2 updates in the /staging/src/k8s.io/kms directory: [go.opentelemetry.io/otel](https://github.com/open-telemetry/opentelemetry-go) and [google.golang.org/grpc](https://github.com/grpc/grpc-go).\nBumps the go_modules group with 1 update in the /staging/src/k8s.io/kms/internal/plugins/_mock directory: [google.golang.org/grpc](https://github.com/grpc/grpc-go).\nBumps the go_modules group with 4 updates in the /staging/src/k8s.io/kube-aggregator directory: [go.opentelemetry.io/otel](https://github.com/open-telemetry/opentelemetry-go), [go.opentelemetry.io/otel/sdk](https://github.com/open-telemetry/opentelemetry-go), [google.golang.org/grpc](https://github.com/grpc/grpc-go) and [github.com/moby/spdystream](https://github.com/moby/spdystream).\nBumps the go_modules group with 1 update in the /staging/src/k8s.io/kubectl directory: [github.com/moby/spdystream](https://github.com/moby/spdystream).\nBumps the go_modules group with 3 updates in the /staging/src/k8s.io/kubelet directory: [go.opentelemetry.io/otel](https://github.com/open-telemetry/opentelemetry-go), [google.golang.org/grpc](https://github.com/grpc/grpc-go) and [github.com/moby/spdystream](https://github.com/moby/spdystream).\nBumps the go_modules group with 3 updates in the /staging/src/k8s.io/pod-security-admission directory: [go.opentelemetry.io/otel](https://github.com/open-telemetry/opentelemetry-go), [go.opentelemetry.io/otel/sdk](https://github.com/open-telemetry/opentelemetry-go) and [google.golang.org/grpc](https://github.com/grpc/grpc-go).\nBumps the go_modules group with 3 updates in the /staging/src/k8s.io/sample-apiserver directory: [go.opentelemetry.io/otel](https://github.com/open-telemetry/opentelemetry-go), [go.opentelemetry.io/otel/sdk](https://github.com/open-telemetry/opentelemetry-go) and [google.golang.org/grpc](https://github.com/grpc/grpc-go).\n\nUpdates `github.com/go-viper/mapstructure/v2` from 2.3.0 to 2.4.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/go-viper/mapstructure/releases\"\u003egithub.com/go-viper/mapstructure/v2's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.4.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003erefactor: replace interface{} with any by \u003ca href=\"https://github.com/sagikazarmark\"\u003e\u003ccode\u003e@​sagikazarmark\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-viper/mapstructure/pull/115\"\u003ego-viper/mapstructure#115\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github/codeql-action from 3.29.0 to 3.29.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/go-viper/mapstructure/pull/114\"\u003ego-viper/mapstructure#114\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eGeneric tests by \u003ca href=\"https://github.com/sagikazarmark\"\u003e\u003ccode\u003e@​sagikazarmark\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-viper/mapstructure/pull/118\"\u003ego-viper/mapstructure#118\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix godoc reference link in README.md by \u003ca href=\"https://github.com/peczenyj\"\u003e\u003ccode\u003e@​peczenyj\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-viper/mapstructure/pull/107\"\u003ego-viper/mapstructure#107\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: add StringToTimeLocationHookFunc to convert strings to *time.Location by \u003ca href=\"https://github.com/ErfanMomeniii\"\u003e\u003ccode\u003e@​ErfanMomeniii\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-viper/mapstructure/pull/117\"\u003ego-viper/mapstructure#117\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: add back previous StringToSlice as a weak function by \u003ca href=\"https://github.com/sagikazarmark\"\u003e\u003ccode\u003e@​sagikazarmark\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-viper/mapstructure/pull/119\"\u003ego-viper/mapstructure#119\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ErfanMomeniii\"\u003e\u003ccode\u003e@​ErfanMomeniii\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-viper/mapstructure/pull/117\"\u003ego-viper/mapstructure#117\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/go-viper/mapstructure/compare/v2.3.0...v2.4.0\"\u003ehttps://github.com/go-viper/mapstructure/compare/v2.3.0...v2.4.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-viper/mapstructure/commit/b9794a5f0e73d425210d6614ed833067029155f5\"\u003e\u003ccode\u003eb9794a5\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/go-viper/mapstructure/issues/119\"\u003e#119\u003c/a\u003e from go-viper/string-to-weak-slice\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-viper/mapstructure/commit/17cdcb0741054e2a33938adf6bd1f2a5c0aa8f30\"\u003e\u003ccode\u003e17cdcb0\u003c/code\u003e\u003c/a\u003e feat: add back previous StringToSlice as a weak function\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-viper/mapstructure/commit/3caca3614c3ab2c5b5d359c44fdcd72058887b19\"\u003e\u003ccode\u003e3caca36\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/go-viper/mapstructure/issues/117\"\u003e#117\u003c/a\u003e from ErfanMomeniii/main\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-viper/mapstructure/commit/9a861bc115f2b54ed4e494662f29c172d9ef046a\"\u003e\u003ccode\u003e9a861bc\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/go-viper/mapstructure/issues/107\"\u003e#107\u003c/a\u003e from peczenyj/patch-2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-viper/mapstructure/commit/86ed5b59da0615fb8c3a413f401cdf0231f1234c\"\u003e\u003ccode\u003e86ed5b5\u003c/code\u003e\u003c/a\u003e refactor: update\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-viper/mapstructure/commit/ace5b4e8b3dec99468ffa9498e42fb09d177b0a6\"\u003e\u003ccode\u003eace5b4e\u003c/code\u003e\u003c/a\u003e chore: add interface any linter\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-viper/mapstructure/commit/1a4f1aef38bfa8549762aaf42c7c18a5d268e76e\"\u003e\u003ccode\u003e1a4f1ae\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/go-viper/mapstructure/issues/118\"\u003e#118\u003c/a\u003e from go-viper/generic-tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-viper/mapstructure/commit/a2689090ed4348033c36724d866faf1f911a9f63\"\u003e\u003ccode\u003ea268909\u003c/code\u003e\u003c/a\u003e fix: lint\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-viper/mapstructure/commit/17f1fd44eb7606b109c9bb017c0a1c6d3e93b5cd\"\u003e\u003ccode\u003e17f1fd4\u003c/code\u003e\u003c/a\u003e test: add more comments\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-viper/mapstructure/commit/b48c8566836bf291bfee2b217d51fc36e8e61f6f\"\u003e\u003ccode\u003eb48c856\u003c/code\u003e\u003c/a\u003e test: expand tests\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/go-viper/mapstructure/compare/v2.3.0...v2.4.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/golang/glog` from 1.2.2 to 1.2.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/golang/glog/releases\"\u003egithub.com/golang/glog's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.2.4\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFail if log file already exists by \u003ca href=\"https://github.com/chressie\"\u003e\u003ccode\u003e@​chressie\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/golang/glog/pull/74\"\u003egolang/glog#74\u003c/a\u003e:\n\u003cul\u003e\n\u003cli\u003eglog: Don't try to create/rotate a given syncBuffer twice in the same second\u003c/li\u003e\n\u003cli\u003eglog: introduce createInDir function as in internal version\u003c/li\u003e\n\u003cli\u003eglog: have createInDir fail if the file already exists\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/golang/glog/compare/v1.2.3...v1.2.4\"\u003ehttps://github.com/golang/glog/compare/v1.2.3...v1.2.4\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.2.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eglog: check that stderr is valid before using it by default by \u003ca href=\"https://github.com/chressie\"\u003e\u003ccode\u003e@​chressie\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/golang/glog/pull/72\"\u003egolang/glog#72\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eglog: fix typo by \u003ca href=\"https://github.com/chressie\"\u003e\u003ccode\u003e@​chressie\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/golang/glog/pull/73\"\u003egolang/glog#73\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/golang/glog/compare/v1.2.2...v1.2.3\"\u003ehttps://github.com/golang/glog/compare/v1.2.2...v1.2.3\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/glog/commit/a0e3c40a0ed0cecc58c84e7684d9ce55a54044ee\"\u003e\u003ccode\u003ea0e3c40\u003c/code\u003e\u003c/a\u003e glog: have createInDir fail if the file already exists\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/glog/commit/7139da234346c23dba05a8c588284c379b9c0bf8\"\u003e\u003ccode\u003e7139da2\u003c/code\u003e\u003c/a\u003e glog: introduce createInDir function as in internal version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/glog/commit/dd58629ba6ced28322bcb149ed86016fb1ec9a5b\"\u003e\u003ccode\u003edd58629\u003c/code\u003e\u003c/a\u003e glog: Don't try to create/rotate a given syncBuffer twice in the same second\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/glog/commit/04dbec0df8d03d5c187beaf5ce8e6c58e9fc82b5\"\u003e\u003ccode\u003e04dbec0\u003c/code\u003e\u003c/a\u003e glog: fix typo (\u003ca href=\"https://redirect.github.com/golang/glog/issues/73\"\u003e#73\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/glog/commit/459cf3b8151dcfd8aa971077774eaf0c804119e4\"\u003e\u003ccode\u003e459cf3b\u003c/code\u003e\u003c/a\u003e glog: check that stderr is valid before using it by default (\u003ca href=\"https://redirect.github.com/golang/glog/issues/72\"\u003e#72\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/golang/glog/compare/v1.2.2...v1.2.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `go.opentelemetry.io/otel` from 1.38.0 to 1.41.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md\"\u003ego.opentelemetry.io/otel's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[1.41.0/0.63.0/0.17.0/0.0.15] 2026-03-02\u003c/h2\u003e\n\u003cp\u003eThis release is the last to support [Go 1.24].\nThe next release will require at least [Go 1.25].\u003c/p\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSupport testing of [Go 1.26]. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7902\"\u003e#7902\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate \u003ccode\u003eBaggage\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/propagation\u003c/code\u003e and \u003ccode\u003eParse\u003c/code\u003e and \u003ccode\u003eNew\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/baggage\u003c/code\u003e to comply with W3C Baggage specification limits.\n\u003ccode\u003eNew\u003c/code\u003e and \u003ccode\u003eParse\u003c/code\u003e now return partial baggage along with an error when limits are exceeded.\nErrors from baggage extraction are reported to the global error handler. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7880\"\u003e#7880\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReturn an error when the endpoint is configured as insecure and with TLS configuration in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7914\"\u003e#7914\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReturn an error when the endpoint is configured as insecure and with TLS configuration in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7914\"\u003e#7914\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReturn an error when the endpoint is configured as insecure and with TLS configuration in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7914\"\u003e#7914\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[1.40.0/0.62.0/0.16.0] 2026-02-02\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eAlwaysRecord\u003c/code\u003e sampler in \u003ccode\u003ego.opentelemetry.io/otel/sdk/trace\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7724\"\u003e#7724\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eEnabled\u003c/code\u003e method to all synchronous instrument interfaces (\u003ccode\u003eFloat64Counter\u003c/code\u003e, \u003ccode\u003eFloat64UpDownCounter\u003c/code\u003e, \u003ccode\u003eFloat64Histogram\u003c/code\u003e, \u003ccode\u003eFloat64Gauge\u003c/code\u003e, \u003ccode\u003eInt64Counter\u003c/code\u003e, \u003ccode\u003eInt64UpDownCounter\u003c/code\u003e, \u003ccode\u003eInt64Histogram\u003c/code\u003e, \u003ccode\u003eInt64Gauge\u003c/code\u003e,) in \u003ccode\u003ego.opentelemetry.io/otel/metric\u003c/code\u003e.\nThis stabilizes the synchronous instrument enabled feature, allowing users to check if an instrument will process measurements before performing computationally expensive operations. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7763\"\u003e#7763\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003ego.opentelemetry.io/otel/semconv/v1.39.0\u003c/code\u003e package.\nThe package contains semantic conventions from the \u003ccode\u003ev1.39.0\u003c/code\u003e version of the OpenTelemetry Semantic Conventions.\nSee the \u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/blob/main/semconv/v1.39.0/MIGRATION.md\"\u003emigration documentation\u003c/a\u003e for information on how to upgrade from \u003ccode\u003ego.opentelemetry.io/otel/semconv/v1.38.0.\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7783\"\u003e#7783\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7789\"\u003e#7789\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eImprove the concurrent performance of \u003ccode\u003eHistogramReservoir\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/sdk/metric/exemplar\u003c/code\u003e by 4x. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7443\"\u003e#7443\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImprove the concurrent performance of \u003ccode\u003eFixedSizeReservoir\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/sdk/metric/exemplar\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7447\"\u003e#7447\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImprove performance of concurrent histogram measurements in \u003ccode\u003ego.opentelemetry.io/otel/sdk/metric\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7474\"\u003e#7474\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImprove performance of concurrent synchronous gauge measurements in \u003ccode\u003ego.opentelemetry.io/otel/sdk/metric\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7478\"\u003e#7478\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd experimental observability metrics in \u003ccode\u003ego.opentelemetry.io/otel/exporters/stdout/stdoutmetric\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7492\"\u003e#7492\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eExporter\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/exporters/prometheus\u003c/code\u003e ignores metrics with the scope \u003ccode\u003ego.opentelemetry.io/contrib/bridges/prometheus\u003c/code\u003e.\nThis prevents scrape failures when the Prometheus exporter is misconfigured to get data from the Prometheus bridge. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7688\"\u003e#7688\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImprove performance of concurrent exponential histogram measurements in \u003ccode\u003ego.opentelemetry.io/otel/sdk/metric\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7702\"\u003e#7702\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003erpc.grpc.status_code\u003c/code\u003e attribute in the experimental metrics emitted from \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc\u003c/code\u003e is replaced with the \u003ccode\u003erpc.response.status_code\u003c/code\u003e attribute to align with the semantic conventions. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7854\"\u003e#7854\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003erpc.grpc.status_code\u003c/code\u003e attribute in the experimental metrics emitted from \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc\u003c/code\u003e is replaced with the \u003ccode\u003erpc.response.status_code\u003c/code\u003e attribute to align with the semantic conventions. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7854\"\u003e#7854\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix bad log message when key-value pairs are dropped because of key duplication in \u003ccode\u003ego.opentelemetry.io/otel/sdk/log\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7662\"\u003e#7662\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eDroppedAttributes\u003c/code\u003e on \u003ccode\u003eRecord\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/sdk/log\u003c/code\u003e to not count the non-attribute key-value pairs dropped because of key duplication. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7662\"\u003e#7662\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eSetAttributes\u003c/code\u003e on \u003ccode\u003eRecord\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/sdk/log\u003c/code\u003e to not log that attributes are dropped when they are actually not dropped. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7662\"\u003e#7662\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix missing \u003ccode\u003erequest.GetBody\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp\u003c/code\u003e to correctly handle HTTP/2 \u003ccode\u003eGOAWAY\u003c/code\u003e frame. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7794\"\u003e#7794\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eWithHostID\u003c/code\u003e detector in \u003ccode\u003ego.opentelemetry.io/otel/sdk/resource\u003c/code\u003e to use full path for \u003ccode\u003eioreg\u003c/code\u003e command on Darwin (macOS). (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7818\"\u003e#7818\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/4575a9774dd9415ffc858dd34955493b0031065a\"\u003e\u003ccode\u003e4575a97\u003c/code\u003e\u003c/a\u003e Release 1.41.0/0.63.0/0.17.0/0.0.15 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7977\"\u003e#7977\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/66fc10d9dff9653c65bcca111b965137d06f09aa\"\u003e\u003ccode\u003e66fc10d\u003c/code\u003e\u003c/a\u003e fix: add error handling for insecure HTTP endpoints with TLS client configura...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/76e6eec88f186f06a0708b5620324d2b002d9a97\"\u003e\u003ccode\u003e76e6eec\u003c/code\u003e\u003c/a\u003e chore(deps): update github/codeql-action action to v4.32.5 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7980\"\u003e#7980\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/0d50f9008c8c93fe49a7caa45c88c30370479d27\"\u003e\u003ccode\u003e0d50f90\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Generate semconv/v1.40.0\u0026quot; (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7978\"\u003e#7978\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/c38a4a57c320b6098ca5c92f0a85201034780b1f\"\u003e\u003ccode\u003ec38a4a5\u003c/code\u003e\u003c/a\u003e Generate semconv/v1.40.0 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7929\"\u003e#7929\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/0f1a22484ec52d6beb1efdb0fa1b63a31e7405af\"\u003e\u003ccode\u003e0f1a224\u003c/code\u003e\u003c/a\u003e chore(deps): update module github.com/securego/gosec/v2 to v2.23.0 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7899\"\u003e#7899\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/c79ebf43eb1cff6dd76a33bb1549f2c082dab604\"\u003e\u003ccode\u003ec79ebf4\u003c/code\u003e\u003c/a\u003e chore(deps): update module github.com/daixiang0/gci to v0.14.0 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7973\"\u003e#7973\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/f75815746541d0d4ac84e1c5955bdcd1a2df2d7d\"\u003e\u003ccode\u003ef758157\u003c/code\u003e\u003c/a\u003e chore(deps): update module github.com/sonatard/noctx to v0.5.0 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7968\"\u003e#7968\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/92a11645724515630187def073ae39f1b6cb3c69\"\u003e\u003ccode\u003e92a1164\u003c/code\u003e\u003c/a\u003e fix(deps): update github.com/opentracing-contrib/go-grpc/test digest to d566b...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/3cd7c27e840ea3114115459db2e299a27fffaff8\"\u003e\u003ccode\u003e3cd7c27\u003c/code\u003e\u003c/a\u003e chore(deps): update module github.com/protonmail/go-crypto to v1.4.0 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7969\"\u003e#7969\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/compare/v1.38.0...v1.41.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `go.opentelemetry.io/otel/sdk` from 1.38.0 to 1.43.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md\"\u003ego.opentelemetry.io/otel/sdk's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[1.43.0/0.65.0/0.19.0] 2026-04-02\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eIsRandom\u003c/code\u003e and \u003ccode\u003eWithRandom\u003c/code\u003e on \u003ccode\u003eTraceFlags\u003c/code\u003e, and \u003ccode\u003eIsRandom\u003c/code\u003e on \u003ccode\u003eSpanContext\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/trace\u003c/code\u003e for \u003ca href=\"https://www.w3.org/TR/trace-context-2/#random-trace-id-flag\"\u003eW3C Trace Context Level 2 Random Trace ID Flag\u003c/a\u003e support. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8012\"\u003e#8012\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd service detection with \u003ccode\u003eWithService\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/sdk/resource\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7642\"\u003e#7642\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eDefaultWithContext\u003c/code\u003e and \u003ccode\u003eEnvironmentWithContext\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/sdk/resource\u003c/code\u003e to support plumbing \u003ccode\u003econtext.Context\u003c/code\u003e through default and environment detectors. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8051\"\u003e#8051\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport attributes with empty value (\u003ccode\u003eattribute.EMPTY\u003c/code\u003e) in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport attributes with empty value (\u003ccode\u003eattribute.EMPTY\u003c/code\u003e) in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport attributes with empty value (\u003ccode\u003eattribute.EMPTY\u003c/code\u003e) in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport attributes with empty value (\u003ccode\u003eattribute.EMPTY\u003c/code\u003e) in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport attributes with empty value (\u003ccode\u003eattribute.EMPTY\u003c/code\u003e) in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport attributes with empty value (\u003ccode\u003eattribute.EMPTY\u003c/code\u003e) in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport attributes with empty value (\u003ccode\u003eattribute.EMPTY\u003c/code\u003e) in \u003ccode\u003ego.opentelemetry.io/otel/sdk/metric/metricdata/metricdatatest\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd support for per-series start time tracking for cumulative metrics in \u003ccode\u003ego.opentelemetry.io/otel/sdk/metric\u003c/code\u003e.\nSet \u003ccode\u003eOTEL_GO_X_PER_SERIES_START_TIMESTAMPS=true\u003c/code\u003e to enable. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8060\"\u003e#8060\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eWithCardinalityLimitSelector\u003c/code\u003e for metric reader for configuring cardinality limits specific to the instrument kind. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7855\"\u003e#7855\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eIntroduce the \u003ccode\u003eEMPTY\u003c/code\u003e Type in \u003ccode\u003ego.opentelemetry.io/otel/attribute\u003c/code\u003e to reflect that an empty value is now a valid value, with \u003ccode\u003eINVALID\u003c/code\u003e remaining as a deprecated alias of \u003ccode\u003eEMPTY\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImprove slice handling in \u003ccode\u003ego.opentelemetry.io/otel/attribute\u003c/code\u003e to optimize short slice values with fixed-size fast paths. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8039\"\u003e#8039\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImprove performance of span metric recording in \u003ccode\u003ego.opentelemetry.io/otel/sdk/trace\u003c/code\u003e by returning early if self-observability is not enabled. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8067\"\u003e#8067\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImprove formatting of metric data diffs in \u003ccode\u003ego.opentelemetry.io/otel/sdk/metric/metricdata/metricdatatest\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8073\"\u003e#8073\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDeprecated\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDeprecate \u003ccode\u003eINVALID\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/attribute\u003c/code\u003e. Use \u003ccode\u003eEMPTY\u003c/code\u003e instead. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eReturn spec-compliant \u003ccode\u003eTraceIdRatioBased\u003c/code\u003e description. This is a breaking behavioral change, but it is necessary to\nmake the implementation \u003ca href=\"https://opentelemetry.io/docs/specs/otel/trace/sdk/#traceidratiobased\"\u003espec-compliant\u003c/a\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8027\"\u003e#8027\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix a race condition in \u003ccode\u003ego.opentelemetry.io/otel/sdk/metric\u003c/code\u003e where the lastvalue aggregation could collect the value 0 even when no zero-value measurements were recorded. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8056\"\u003e#8056\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eLimit HTTP response body to 4 MiB in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp\u003c/code\u003e to mitigate excessive memory usage caused by a misconfigured or malicious server.\nResponses exceeding the limit are treated as non-retryable errors. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8108\"\u003e#8108\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eLimit HTTP response body to 4 MiB in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp\u003c/code\u003e to mitigate excessive memory usage caused by a misconfigured or malicious server.\nResponses exceeding the limit are treated as non-retryable errors. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8108\"\u003e#8108\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eLimit HTTP response body to 4 MiB in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp\u003c/code\u003e to mitigate excessive memory usage caused by a misconfigured or malicious server.\nResponses exceeding the limit are treated as non-retryable errors. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8108\"\u003e#8108\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eWithHostID\u003c/code\u003e detector in \u003ccode\u003ego.opentelemetry.io/otel/sdk/resource\u003c/code\u003e to use full path for \u003ccode\u003ekenv\u003c/code\u003e command on BSD. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8113\"\u003e#8113\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix missing \u003ccode\u003erequest.GetBody\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp\u003c/code\u003e to correctly handle HTTP2 GOAWAY frame. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8096\"\u003e#8096\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[1.42.0/0.64.0/0.18.0/0.0.16] 2026-03-06\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003ego.opentelemetry.io/otel/semconv/v1.40.0\u003c/code\u003e package.\nThe package contains semantic conventions from the \u003ccode\u003ev1.40.0\u003c/code\u003e version of the OpenTelemetry Semantic Conventions.\nSee the \u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/blob/main/semconv/v1.40.0/MIGRATION.md\"\u003emigration documentation\u003c/a\u003e for information on how to upgrade from \u003ccode\u003ego.opentelemetry.io/otel/semconv/v1.39.0\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7985\"\u003e#7985\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/9276201a64b623606e3eaa0d61ae8ee6d62756c0\"\u003e\u003ccode\u003e9276201\u003c/code\u003e\u003c/a\u003e Release v1.43.0 / v0.65.0 / v0.19.0 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8128\"\u003e#8128\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/61b8c9466c4e6b17e69b622279fe9b63fb15c89a\"\u003e\u003ccode\u003e61b8c94\u003c/code\u003e\u003c/a\u003e chore(deps): update module github.com/mattn/go-runewidth to v0.0.22 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8131\"\u003e#8131\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/97a086e82ffe01502f4c620e9c447efa229e2a23\"\u003e\u003ccode\u003e97a086e\u003c/code\u003e\u003c/a\u003e chore(deps): update github.com/golangci/dupl digest to c99c5cf (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8122\"\u003e#8122\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/5e363de517dba6db62736b2f5cdef0e0929b4cd0\"\u003e\u003ccode\u003e5e363de\u003c/code\u003e\u003c/a\u003e limit response body size for OTLP HTTP exporters (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8108\"\u003e#8108\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/35214b60138eac8dec97a2d2b851d8c8471680c7\"\u003e\u003ccode\u003e35214b6\u003c/code\u003e\u003c/a\u003e Use an absolute path when calling bsd kenv (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8113\"\u003e#8113\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/290024ceaf695f9cdbf29a0c6731a317d92bc361\"\u003e\u003ccode\u003e290024c\u003c/code\u003e\u003c/a\u003e fix(deps): update module google.golang.org/grpc to v1.80.0 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8121\"\u003e#8121\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/e70658e098033d6bb5ec1b399de16bbb2642f6dc\"\u003e\u003ccode\u003ee70658e\u003c/code\u003e\u003c/a\u003e fix: support getBody in otelploghttp (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8096\"\u003e#8096\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/4afe468e3b4859c949a1c1e8d92684d43d86ef8a\"\u003e\u003ccode\u003e4afe468\u003c/code\u003e\u003c/a\u003e fix(deps): update googleapis to 9d38bb4 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8117\"\u003e#8117\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/b9ca729776309e3c08fe700c131797a3b4d10634\"\u003e\u003ccode\u003eb9ca729\u003c/code\u003e\u003c/a\u003e chore(deps): update module github.com/go-git/go-git/v5 to v5.17.2 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8115\"\u003e#8115\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/69472ec56cb7674d55ca2e2bcb04dea73228ab79\"\u003e\u003ccode\u003e69472ec\u003c/code\u003e\u003c/a\u003e chore(deps): update fossas/fossa-action action to v1.9.0 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8118\"\u003e#8118\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/compare/v1.38.0...v1.43.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `google.golang.org/grpc` from 1.75.0 to 1.79.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/grpc/grpc-go/releases\"\u003egoogle.golang.org/grpc's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRelease 1.79.3\u003c/h2\u003e\n\u003ch1\u003eSecurity\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eserver: fix an authorization bypass where malformed :path headers (missing the leading slash) could bypass path-based restricted \u0026quot;deny\u0026quot; rules in interceptors like \u003ccode\u003egrpc/authz\u003c/code\u003e. Any request with a non-canonical path is now immediately rejected with an \u003ccode\u003eUnimplemented\u003c/code\u003e error. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8981\"\u003e#8981\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eRelease 1.79.2\u003c/h2\u003e\n\u003ch1\u003eBug Fixes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003estats: Prevent redundant error logging in health/ORCA producers by skipping stats/tracing processing when no stats handler is configured. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/pull/8874\"\u003egrpc/grpc-go#8874\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eRelease 1.79.1\u003c/h2\u003e\n\u003ch1\u003eBug Fixes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003egrpc: Remove the \u003ccode\u003e-dev\u003c/code\u003e suffix from the User-Agent header. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/pull/8902\"\u003egrpc/grpc-go#8902\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eRelease 1.79.0\u003c/h2\u003e\n\u003ch1\u003eAPI Changes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003emem: Add experimental API \u003ccode\u003eSetDefaultBufferPool\u003c/code\u003e to change the default buffer pool. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8806\"\u003e#8806\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eSpecial Thanks: \u003ca href=\"https://github.com/vanja-p\"\u003e\u003ccode\u003e@​vanja-p\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eexperimental/stats: Update \u003ccode\u003eMetricsRecorder\u003c/code\u003e to require embedding the new \u003ccode\u003eUnimplementedMetricsRecorder\u003c/code\u003e (a no-op struct) in all implementations for forward compatibility. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8780\"\u003e#8780\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eBehavior Changes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003ebalancer/weightedtarget: Remove handling of \u003ccode\u003eAddresses\u003c/code\u003e and only handle \u003ccode\u003eEndpoints\u003c/code\u003e in resolver updates. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8841\"\u003e#8841\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eNew Features\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eexperimental/stats: Add support for asynchronous gauge metrics through the new \u003ccode\u003eAsyncMetricReporter\u003c/code\u003e and \u003ccode\u003eRegisterAsyncReporter\u003c/code\u003e APIs. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8780\"\u003e#8780\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003epickfirst: Add support for weighted random shuffling of endpoints, as described in \u003ca href=\"https://redirect.github.com/grpc/proposal/pull/535\"\u003egRFC A113\u003c/a\u003e.\n\u003cul\u003e\n\u003cli\u003eThis is enabled by default, and can be turned off using the environment variable \u003ccode\u003eGRPC_EXPERIMENTAL_PF_WEIGHTED_SHUFFLING\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8864\"\u003e#8864\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003exds: Implement \u003ccode\u003e:authority\u003c/code\u003e rewriting, as specified in \u003ca href=\"https://github.com/grpc/proposal/blob/master/A81-xds-authority-rewriting.md\"\u003egRFC A81\u003c/a\u003e. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8779\"\u003e#8779\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ebalancer/randomsubsetting: Implement the \u003ccode\u003erandom_subsetting\u003c/code\u003e LB policy, as specified in \u003ca href=\"https://github.com/grpc/proposal/blob/master/A68-random-subsetting.md\"\u003egRFC A68\u003c/a\u003e. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8650\"\u003e#8650\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eSpecial Thanks: \u003ca href=\"https://github.com/marek-szews\"\u003e\u003ccode\u003e@​marek-szews\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eBug Fixes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003ecredentials/tls: Fix a bug where the port was not stripped from the authority override before validation. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8726\"\u003e#8726\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eSpecial Thanks: \u003ca href=\"https://github.com/Atul1710\"\u003e\u003ccode\u003e@​Atul1710\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003exds/priority: Fix a bug causing delayed failover to lower-priority clusters when a higher-priority cluster is stuck in \u003ccode\u003eCONNECTING\u003c/code\u003e state. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8813\"\u003e#8813\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ehealth: Fix a bug where health checks failed for clients using legacy compression options (\u003ccode\u003eWithDecompressor\u003c/code\u003e or \u003ccode\u003eRPCDecompressor\u003c/code\u003e). (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8765\"\u003e#8765\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eSpecial Thanks: \u003ca href=\"https://github.com/sanki92\"\u003e\u003ccode\u003e@​sanki92\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003etransport: Fix an issue where the HTTP/2 server could skip header size checks when terminating a stream early. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8769\"\u003e#8769\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eSpecial Thanks: \u003ca href=\"https://github.com/joybestourous\"\u003e\u003ccode\u003e@​joybestourous\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eserver: Propagate status detail headers, if available, when terminating a stream during request header processing. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8754\"\u003e#8754\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eSpecial Thanks: \u003ca href=\"https://github.com/joybestourous\"\u003e\u003ccode\u003e@​joybestourous\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003ePerformance Improvements\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003ecredentials/alts: Optimize read buffer alignment to reduce copies. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8791\"\u003e#8791\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003emem: Optimize pooling and creation of \u003ccode\u003ebuffer\u003c/code\u003e objects.  (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8784\"\u003e#8784\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003etransport: Reduce slice re-allocations by reserving slice capacity. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8797\"\u003e#8797\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/dda86dbd9cecb8b35b58c73d507d81d67761205f\"\u003e\u003ccode\u003edda86db\u003c/code\u003e\u003c/a\u003e Change version to 1.79.3 (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8983\"\u003e#8983\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/72186f163e75a065c39e6f7df9b6dea07fbdeff5\"\u003e\u003ccode\u003e72186f1\u003c/code\u003e\u003c/a\u003e grpc: enforce strict path checking for incoming requests on the server (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8981\"\u003e#8981\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/97ca3522b239edf6813e2b1106924e9d55e89d43\"\u003e\u003ccode\u003e97ca352\u003c/code\u003e\u003c/a\u003e Changing version to 1.79.3-dev (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8954\"\u003e#8954\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/8902ab6efea590f5b3861126559eaa26fa9783b2\"\u003e\u003ccode\u003e8902ab6\u003c/code\u003e\u003c/a\u003e Change the version to release 1.79.2 (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8947\"\u003e#8947\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/a9286705aa689bee321ec674323b6896284f3e02\"\u003e\u003ccode\u003ea928670\u003c/code\u003e\u003c/a\u003e Cherry-pick \u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8874\"\u003e#8874\u003c/a\u003e to v1.79.x (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8904\"\u003e#8904\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/06df3638c0bcee88197b1033b3ba83e1eb8bc010\"\u003e\u003ccode\u003e06df363\u003c/code\u003e\u003c/a\u003e Change version to 1.79.2-dev (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8903\"\u003e#8903\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/782f2de44f597af18a120527e7682a6670d84289\"\u003e\u003ccode\u003e782f2de\u003c/code\u003e\u003c/a\u003e Change version to 1.79.1 (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8902\"\u003e#8902\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/850eccbb2257bd2de6ac28ee88a7172ab6175629\"\u003e\u003ccode\u003e850eccb\u003c/code\u003e\u003c/a\u003e Change version to 1.79.1-dev (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8851\"\u003e#8851\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/765ff056b6890f6c8341894df4e9668e9bfc18ef\"\u003e\u003ccode\u003e765ff05\u003c/code\u003e\u003c/a\u003e Change version to 1.79.0 (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8850\"\u003e#8850\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/68804be0e78ed0365bb5a576dedc12e2168ed63e\"\u003e\u003ccode\u003e68804be\u003c/code\u003e\u003c/a\u003e Cherry pick \u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8864\"\u003e#8864\u003c/a\u003e to v1.79.x (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8896\"\u003e#8896\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/grpc/grpc-go/compare/v1.75.0...v1.79.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/moby/spdystream` from 0.5.0 to 0.5.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/moby/spdystream/releases\"\u003egithub.com/moby/spdystream's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.5.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cp\u003eFix memory amplification in SPDY frame parsing leads to denial of service (\u003ca href=\"https://github.com/moby/spdystream/security/advisories/GHSA-pc3f-x583-g7j2\"\u003eCVE-2026-35469\u003c/a\u003e / \u003ca href=\"https://github.com/moby/spdystream/security/advisories/GHSA-pc3f-x583-g7j2\"\u003eGHSA-pc3f-x583-g7j2\u003c/a\u003e)\u003c/p\u003e\n\u003ch3\u003eChanges\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003espdy: fix duplicate license headers, add LICENSE, PATENTS, and update NOTICE \u003ca href=\"https://redirect.github.com/moby/spdystream/pull/106\"\u003emoby/spdystream#106\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: update actions and test against latest Go versions \u003ca href=\"https://redirect.github.com/moby/spdystream/pull/107\"\u003emoby/spdystream#107\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003euse ioutil.Discard for go1.13 compatibility \u003ca href=\"https://redirect.github.com/moby/spdystream/pull/109\"\u003emoby/spdystream#109\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/moby/spdystream/compare/v0.5.0...v0.5.1\"\u003ehttps://github.com/moby/spdystream/compare/v0.5.0...v0.5.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/c59e5d73daa301bde452ea77545bdf51e32554a2\"\u003e\u003ccode\u003ec59e5d7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/moby/spdystream/issues/109\"\u003e#109\u003c/a\u003e from thaJeztah/use_ioutil\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/2fd0155e904f1f9b834b8460e8fdb8522bb59f84\"\u003e\u003ccode\u003e2fd0155\u003c/code\u003e\u003c/a\u003e use ioutil.Discard for go1.13 compatibility\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/ef6121f62c730110bf5ae604a865a8613bfb787f\"\u003e\u003ccode\u003eef6121f\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/241cec95b8f02919845dc4758f1f5310fc886739\"\u003e\u003ccode\u003e241cec9\u003c/code\u003e\u003c/a\u003e compare with signed Int for 32-bit Arm\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/21c38640c8c8f43173b17e5bc6690a5fa25d6935\"\u003e\u003ccode\u003e21c3864\u003c/code\u003e\u003c/a\u003e Add options to customize limits\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/acf9b456d06816c5cf23bf3892e13441f947d5fd\"\u003e\u003ccode\u003eacf9b45\u003c/code\u003e\u003c/a\u003e spdy: update godoc for MaxDataLength\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/eb6360582bf1343f485ca87b76efc9e72b49d690\"\u003e\u003ccode\u003eeb63605\u003c/code\u003e\u003c/a\u003e spdy: limit header-size and header-count\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/2f21da42eaab90f03a82fb03d0de8e91eb1d0fc6\"\u003e\u003ccode\u003e2f21da4\u003c/code\u003e\u003c/a\u003e spdy: fix header block byte accounting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/5976b6612f07a27f2e9a4de875485defb43b5d50\"\u003e\u003ccode\u003e5976b66\u003c/code\u003e\u003c/a\u003e spdy: enforce 24-bit frame length limits\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/cf0ec5d0fe4dbb2f3525f733946e0d0ddbfd5b13\"\u003e\u003ccode\u003ecf0ec5d\u003c/code\u003e\u003c/a\u003e Guard against oversized SPDY frames\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/moby/spdystream/compare/v0.5.0...v0.5.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/moby/spdystream` from 0.5.0 to 0.5.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/moby/spdystream/releases\"\u003egithub.com/moby/spdystream's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.5.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cp\u003eFix memory amplification in SPDY frame parsing leads to denial of service (\u003ca href=\"https://github.com/moby/spdystream/security/advisories/GHSA-pc3f-x583-g7j2\"\u003eCVE-2026-35469\u003c/a\u003e / \u003ca href=\"https://github.com/moby/spdystream/security/advisories/GHSA-pc3f-x583-g7j2\"\u003eGHSA-pc3f-x583-g7j2\u003c/a\u003e)\u003c/p\u003e\n\u003ch3\u003eChanges\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003espdy: fix duplicate license headers, add LICENSE, PATENTS, and update NOTICE \u003ca href=\"https://redirect.github.com/moby/spdystream/pull/106\"\u003emoby/spdystream#106\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: update actions and test against latest Go versions \u003ca href=\"https://redirect.github.com/moby/spdystream/pull/107\"\u003emoby/spdystream#107\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003euse ioutil.Discard for go1.13 compatibility \u003ca href=\"https://redirect.github.com/moby/spdystream/pull/109\"\u003emoby/spdystream#109\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/moby/spdystream/compare/v0.5.0...v0.5.1\"\u003ehttps://github.com/moby/spdystream/compare/v0.5.0...v0.5.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/c59e5d73daa301bde452ea77545bdf51e32554a2\"\u003e\u003ccode\u003ec59e5d7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/moby/spdystream/issues/109\"\u003e#109\u003c/a\u003e from thaJeztah/use_ioutil\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/2fd0155e904f1f9b834b8460e8fdb8522bb59f84\"\u003e\u003ccode\u003e2fd0155\u003c/code\u003e\u003c/a\u003e use ioutil.Discard for go1.13 compatibility\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/ef6121f62c730110bf5ae604a865a8613bfb787f\"\u003e\u003ccode\u003eef6121f\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/241cec95b8f02919845dc4758f1f5310fc886739\"\u003e\u003ccode\u003e241cec9\u003c/code\u003e\u003c/a\u003e compare with signed Int for 32-bit Arm\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/21c38640c8c8f43173b17e5bc6690a5fa25d6935\"\u003e\u003ccode\u003e21c3864\u003c/code\u003e\u003c/a\u003e Add options to customize limits\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/acf9b456d06816c5cf23bf3892e13441f947d5fd\"\u003e\u003ccode\u003eacf9b45\u003c/code\u003e\u003c/a\u003e spdy: update godoc for MaxDataLength\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/eb6360582bf1343f485ca87b76efc9e72b49d690\"\u003e\u003ccode\u003eeb63605\u003c/code\u003e\u003c/a\u003e spdy: limit header-size and header-count\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/2f21da42eaab90f03a82fb03d0de8e91eb1d0fc6\"\u003e\u003ccode\u003e2f21da4\u003c/code\u003e\u003c/a\u003e spdy: fix header block byte accounting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/5976b6612f07a27f2e9a4de875485defb43b5d50\"\u003e\u003ccode\u003e5976b66\u003c/code\u003e\u003c/a\u003e spdy: enforce 24-bit frame length limits\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/cf0ec5d0fe4dbb2f3525f733946e0d0ddbfd5b13\"\u003e\u003ccode\u003ecf0ec5d\u003c/code\u003e\u003c/a\u003e Guard against oversized SPDY frames\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/moby/spdystream/compare/v0.5.0...v0.5.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `go.opentelemetry.io/otel` from 1.38.0 to 1.41.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md\"\u003ego.opentelemetry.io/otel's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[1.41.0/0.63.0/0.17.0/0.0.15] 2026-03-02\u003c/h2\u003e\n\u003cp\u003eThis release is the last to support [Go 1.24].\nThe next release will require at least [Go 1.25].\u003c/p\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSupport testing of [Go 1.26]. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7902\"\u003e#7902\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate \u003ccode\u003eBaggage\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/propagation\u003c/code\u003e and \u003ccode\u003eParse\u003c/code\u003e and \u003ccode\u003eNew\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/baggage\u003c/code\u003e to comply with W3C Baggage specification limits.\n\u003ccode\u003eNew\u003c/code\u003e and \u003ccode\u003eParse\u003c/code\u003e now return partial baggage along with an error when limits are exceeded.\nErrors from baggage extraction are reported to the global error handler. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7880\"\u003e#7880\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReturn an error when the endpoint is configured as insecure and with TLS configuration in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7914\"\u003e#7914\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReturn an error when the endpoint is configured as insecure and with TLS configuration in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7914\"\u003e#7914\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReturn an error when the endpoint is configured as insecure and with TLS configuration in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7914\"\u003e#7914\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[1.40.0/0.62.0/0.16.0] 2026-02-02\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eAlwaysRecord\u003c/code\u003e sampler in \u003ccode\u003ego.opentelemetry.io/otel/sdk/trace\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7724\"\u003e#7724\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eEnabled\u003c/code\u003e method to all synchronous instrument interfaces (\u003ccode\u003eFloat64Counter\u003c/code\u003e, \u003ccode\u003eFloat64UpDownCounter\u003c/code\u003e, \u003ccode\u003eFloat64Histogram\u003c/code\u003e, \u003ccode\u003eFloat64Gauge\u003c/code\u003e, \u003ccode\u003eInt64Counter\u003c/code\u003e, \u003ccode\u003eInt64UpDownCounter\u003c/code\u003e, \u003ccode\u003eInt64Histogram\u003c/code\u003e, \u003ccode\u003eInt64Gauge\u003c/code\u003e,) in \u003ccode\u003ego.opentelemetry.io/otel/metric\u003c/code\u003e.\nThis stabilizes the synchronous instrument enabled feature, allowing users to check if an instrument will process measurements before performing computationally expensive operations. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7763\"\u003e#7763\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003ego.opentelemetry.io/otel/semconv/v1.39.0\u003c/code\u003e package.\nThe package contains semantic conventions from the \u003ccode\u003ev1.39.0\u003c/code\u003e version of the OpenTelemetry Semantic Conventions.\nSee the \u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/blob/main/semconv/v1.39.0/MIGRATION.md\"\u003emigration documentation\u003c/a\u003e for information on how to upgrade from \u003ccode\u003ego.opentelemetry.io/otel/semconv/v1.38.0.\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7783\"\u003e#7783\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7789\"\u003e#7789\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eImprove the concurrent performance of \u003ccode\u003eHistogramReservoir\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/sdk/metric/exemplar\u003c/code\u003e by 4x. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7443\"\u003e#7443\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImprove the concurrent performance of \u003ccode\u003eFixedSizeReservoir\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/sdk/metric/exemplar\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7447\"\u003e#7447\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImprove performance of concurrent histogram measurements in \u003ccode\u003ego.opentelemetry.io/otel/sdk/metric\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7474\"\u003e#7474\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImprove performance of concurrent synchronous gauge measurements in \u003ccode\u003ego.opentelemetry.io/otel/sdk/metric\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7478\"\u003e#7478\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd experimental observability metrics in \u003ccode\u003ego.opentelemetry.io/otel/exporters/stdout/stdoutmetric\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7492\"\u003e#7492\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eExporter\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/exporters/prometheus\u003c/code\u003e ignores metrics with the scope \u003ccode\u003ego.opentelemetry.io/contrib/bridges/prometheus\u003c/code\u003e.\nThis prevents scrape failures when the Prometheus exporter is misconfigured to get data from the Prometheus bridge. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7688\"\u003e#7688\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImprove performance of concurrent exponential histogram measurements in \u003ccode\u003ego.opentelemetry.io/otel/sdk/metric\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7702\"\u003e#7702\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003erpc.grpc.status_code\u003c/code\u003e attribute in the experimental metrics emitted from \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc\u003c/code\u003e is replaced with the \u003ccode\u003erpc.response.status_code\u003c/code\u003e attribute to align with the semantic conventions. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7854\"\u003e#7854\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003erpc.grpc.status_code\u003c/code\u003e attribute in the experimental metrics emitted from \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc\u003c/code\u003e is replaced with the \u003ccode\u003erpc.response.status_code\u003c/code\u003e attribute to align with the semantic conventions. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7854\"\u003e#7854\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix bad log message when key-value pairs are dropped because of key duplication in \u003ccode\u003ego.opentelemetry.io/otel/sdk/log\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7662\"\u003e#7662\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eDroppedAttributes\u003c/code\u003e on \u003ccode\u003eRecord\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/sdk/log\u003c/code\u003e to not count the non-attribute key-value pairs dropped because of key duplication. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7662\"\u003e#7662\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eSetAttributes\u003c/code\u003e on \u003ccode\u003eRecord\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/sdk/log\u003c/code\u003e to not log that attributes are dropped when they are actually not dropped. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7662\"\u003e#7662\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix missing \u003ccode\u003erequest.GetBody\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp\u003c/code\u003e to correctly handle HTTP/2 \u003ccode\u003eGOAWAY\u003c/code\u003e frame. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7794\"\u003e#7794\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eWithHostID\u003c/code\u003e detector in \u003ccode\u003ego.opentelemetry.io/otel/sdk/resource\u003c/code\u003e to use full path for \u003ccode\u003eioreg\u003c/code\u003e command on Darwin (macOS). (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7818\"\u003e#7818\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/4575a9774dd9415ffc858dd34955493b0031065a\"\u003e\u003ccode\u003e4575a97\u003c/code\u003e\u003c/a\u003e Release 1.41.0/0.63.0/0.17.0/0.0.15 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7977\"\u003e#7977\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/66fc10d9dff9653c65bcca111b965137d06f09aa\"\u003e\u003ccode\u003e66fc10d\u003c/code\u003e\u003c/a\u003e fix: add error handling for insecure HTTP endpoints with TLS client configura...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/76e6eec88f186f06a0708b5620324d2b002d9a97\"\u003e\u003ccode\u003e76e6eec\u003c/code\u003e\u003c/a\u003e chore(deps): update github/codeql-action action to v4.32.5 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7980\"\u003e#7980\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/0d50f9008c8c93fe49a7caa45c88c30370479d27\"\u003e\u003ccode\u003e0d50f90\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Generate semconv/v1.40.0\u0026quot; (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7978\"\u003e#7978\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/c38a4a57c320b6098ca5c92f0a85201034780b1f\"\u003e\u003ccode\u003ec38a4a5\u003c/code\u003e\u003c/a\u003e Generate semconv/v1.40.0 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7929\"\u003e#7929\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/0f1a22484ec52d6beb1efdb0fa1b63a31e7405af\"\u003e\u003ccode\u003e0f1a224\u003c/code\u003e\u003c/a\u003e chore(deps): update module github.com/securego/gosec/v2 to v2.23.0 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7899\"\u003e#7899\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/c79ebf43eb1cff6dd76a33bb1549f2c082dab604\"\u003e\u003ccode\u003ec79ebf4\u003c/code\u003e\u003c/a\u003e chore(deps): update module github.com/daixiang0/gci to v0.14.0 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7973\"\u003e#7973\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/f75815746541d0d4ac84e1c5955bdcd1a2df2d7d\"\u003e\u003ccode\u003ef758157\u003c/code\u003e\u003c/a\u003e chore(deps): update module github.com/sonatard/noctx to v0.5.0 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7968\"\u003e#7968\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/92a11645724515630187def073ae39f1b6cb3c69\"\u003e\u003ccode\u003e92a1164\u003c/code\u003e\u003c/a\u003e fix(deps): update github.com/opentracing-contrib/go-grpc/test digest to d566b...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/3cd7c27e840ea3114115459db2e299a27fffaff8\"\u003e\u003ccode\u003e3cd7c27\u003c/code\u003e\u003c/a\u003e chore(deps): update module github.com/protonmail/go-crypto to v1.4.0 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7969\"\u003e#7969\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/compare/v1.38.0...v1.41.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `go.opentelemetry.io/otel/sdk` from 1.38.0 to 1.43.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md\"\u003ego.opentelemetry.io/otel/sdk's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[1.43.0/0.65.0/0.19.0] 2026-04-02\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eIsRandom\u003c/code\u003e and \u003ccode\u003eWithRandom\u003c/code\u003e on \u003ccode\u003eTraceFlags\u003c/code\u003e, and \u003ccode\u003eIsRandom\u003c/code\u003e on \u003ccode\u003eSpanContext\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/trace\u003c/code\u003e for \u003ca href=\"https://www.w3.org/TR/trace-context-2/#random-trace-id-flag\"\u003eW3C Trace Context Level 2 Random Trace ID Flag\u003c/a\u003e support. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8012\"\u003e#8012\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd service detection with \u003ccode\u003eWithService\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/sdk/resource\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7642\"\u003e#7642\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eDefaultWithContext\u003c/code\u003e and \u003ccode\u003eEnvironmentWithContext\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/sdk/resource\u003c/code\u003e to support plumbing \u003ccode\u003econtext.Context\u003c/code\u003e through default and environment detectors. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8051\"\u003e#8051\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport attributes with empty value (\u003ccode\u003eattribute.EMPTY\u003c/code\u003e) in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport attributes with empty value (\u003ccode\u003eattribute.EMPTY\u003c/code\u003e) in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport attributes with empty value (\u003ccode\u003eattribute.EMPTY\u003c/code\u003e) in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport attributes with empty value (\u003ccode\u003eattribute.EMPTY\u003c/code\u003e) in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport attributes with empty value (\u003ccode\u003eattribute.EMPTY\u003c/code\u003e) in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport attributes with empty value (\u003ccode\u003eattribute.EMPTY\u003c/code\u003e) in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport attributes with empty value (\u003ccode\u003eattribute.EMPTY\u003c/code\u003e) in \u003ccode\u003ego.opentelemetry.io/otel/sdk/metric/metricdata/metricdatatest\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd support for per-series start time tracking for cumulative metrics in \u003ccode\u003ego.opentelemetry.io/otel/sdk/metric\u003c/code\u003e.\nSet \u003ccode\u003eOTEL_GO_X_PER_SERIES_START_TIMESTAMPS=true\u003c/code\u003e to enable. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8060\"\u003e#8060\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eWithCardinalityLimitSelector\u003c/code\u003e for metric reader for configuring cardinality limits specific to the instrument kind. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7855\"\u003e#7855\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eIntroduce the \u003ccode\u003eEMPTY\u003c/code\u003e Type in \u003ccode\u003ego.opentelemetry.io/otel/attribute\u003c/code\u003e to reflect that an empty value is now a valid value, with \u003ccode\u003eINVALID\u003c/code\u003e remaining as a deprecated alias of \u003ccode\u003eEMPTY\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImprove slice handling in \u003ccode\u003ego.opentelemetry.io/otel/attribute\u003c/code\u003e to optimize short slice values with fixed-size fast paths. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8039\"\u003e#8039\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImprove performance of span metric recording in \u003ccode\u003ego.opentelemetry.io/otel/sdk/trace\u003c/code\u003e by returning early if self-observability is not enabled. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8067\"\u003e#8067\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImprove formatting of metric data diffs in \u003ccode\u003ego.opentelemetry.io/otel/sdk/metric/metricdata/metricdatatest\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8073\"\u003e#8073\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDeprecated\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDeprecate \u003ccode\u003eINVALID\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/attribute\u003c/code\u003e. Use \u003ccode\u003eEMPTY\u003c/code\u003e instead. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eReturn spec-compliant \u003ccode\u003eTraceIdRatioBased\u003c/code\u003e description. This is a breaking behavioral change, but it is necessary to\nmake the implementation \u003ca href=\"https://opentelemetry.io/docs/specs/otel/trace/sdk/#traceidratiobased\"\u003espec-compliant\u003c/a\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8027\"\u003e#8027\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix a race condition in \u003ccode\u003ego.opentelemetry.io/otel/sdk/metric\u003c/code\u003e where the lastvalue aggregation could collect the value 0 even when no zero-value measurements were recorded. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8056\"\u003e#8056\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eLimit HTTP response body to 4 MiB in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp\u003c/code\u003e to mitigate excessive memory usage caused by a misconfigured or malicious server.\nResponses exceeding the limit are treated as non-retryable errors. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8108\"\u003e#8108\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eLimit HTTP response body to 4 MiB in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp\u003c/code\u003e to mitigate excessive memory usage caused by a misconfigured or malicious server.\nResponses exceeding the limit are treated as non-retryable errors. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8108\"\u003e#8108\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eLimit HTTP response body to 4 MiB in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp\u003c/code\u003e to mitigate excessive memory usage caused by a misconfigured or malicious server.\nResponses exceeding the limit are treated as non-retryable errors. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8108\"\u003e#8108\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eWithHostID\u003c/code\u003e detector in \u003ccode\u003ego.opentelemetry.io/otel/sdk/resource\u003c/code\u003e to use full path for \u003ccode\u003ekenv\u003c/code\u003e command on BSD. (\u003ca href=\"https://redirect.github.com/open-telemetry/open...\n\n_Description has been truncated_\n\n---\n\n🔄 This PR updates Go module dependencies across 20 directories in the Kubernetes codebase, bumping 6 key packages including OpenTelemetry, gRPC, and security-related libraries to their latest versions.\n\n\u003cdetails\u003e\n\u003csummary\u003e🔍 \u003cstrong\u003eDetailed Analysis\u003c/strong\u003e\u003c/summary\u003e\n\n### Key Changes\n- **OpenTelemetry Updates**: Upgraded `go.opentelemetry.io/otel` from 1.38.0 to 1.41.0/1.43.0 and related SDK packages, bringing performance improvements and new features like synchronous instrument enabled checks\n- **gRPC Security Update**: Updated `google.golang.org/grpc` from 1.75.0 to 1.79.3, including critical security fixes for authorization bypass vulnerabilities (CVE-2026-35469)\n- **SPDY Stream Security Fix**: Bumped `github.com/moby/spdystream` from 0.5.0 to 0.5.1, addressing memory amplification DoS vulnerability in SPDY frame parsing\n- **Utility Libraries**: Minor updates to `github.com/go-viper/mapstructure/v2` (2.3.0→2.4.0) and `github.com/golang/glog` (1.2.2→1.2.4) with bug fixes and improvements\n\n### Technical Implementation\n```mermaid\nflowchart TD\n    A[Dependabot Scan] --\u003e B[Identify 6 Core Dependencies]\n    B --\u003e C[Update across 20 Directories]\n    C --\u003e D[OpenTelemetry 1.38→1.41/1.43]\n    C --\u003e E[gRPC 1.75→1.79.3]\n    C --\u003e F[spdystream 0.5.0→0.5.1]\n    C --\u003e G[mapstructure 2.3→2.4]\n    C --\u003e H[glog 1.2.2→1.2.4]\n    D --\u003e I[Performance Improvements]\n    E --\u003e J[Security Fixes]\n    F --\u003e K[DoS Protection]\n    G --\u003e L[API Enhancements]\n    H --\u003e M[Bug Fixes]\n```\n\n### Impact\n- **Security Enhancement**: Addresses critical authorization bypass in gRPC and memory amplification DoS in SPDY stream processing\n- **Performance Optimization**: OpenTelemetry updates bring 4x performance improvements in histogram operations and better concurrent measurement handling\n- **Observability Improvements**: Enhanced metrics, tracing capabilities, and better error handling across the telemetry stack\n- **Maintenance**: Keeps dependencies current with latest bug fixes and stability improvements while maintaining backward compatibility\n\n\u003c/details\u003e\n\n_Created with [Palmier](https://www.palmier.io)_","html_url":"https://github.com/GlacierEQ/kubernetes/pull/13","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/GlacierEQ%2Fkubernetes/issues/13","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/13/packages"}},{"old_version":"0.5.0","new_version":"0.5.1","update_type":"patch","path":null,"pr_created_at":"2026-04-24T20:34:32.000Z","version_change":"0.5.0 → 0.5.1","issue":{"uuid":"4325440154","node_id":"PR_kwDOQzBTb87Vdg_b","number":10,"state":"open","title":"Bump the go_modules group across 22 directories with 6 updates","user":"dependabot[bot]","labels":["dependencies","go"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-04-24T20:34:32.000Z","updated_at":"2026-04-24T20:35:34.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"go_modules","update_count":6,"packages":[{"name":"github.com/go-viper/mapstructure/v2","old_version":"2.3.0","new_version":"2.4.0","repository_url":"https://github.com/go-viper/mapstructure"},{"name":"github.com/golang/glog","old_version":"1.2.2","new_version":"1.2.4","repository_url":"https://github.com/golang/glog"},{"name":"go.opentelemetry.io/otel","old_version":"1.38.0","new_version":"1.41.0","repository_url":"https://github.com/open-telemetry/opentelemetry-go"},{"name":"go.opentelemetry.io/otel/sdk","old_version":"1.38.0","new_version":"1.43.0","repository_url":"https://github.com/open-telemetry/opentelemetry-go"},{"name":"google.golang.org/grpc","old_version":"1.75.0","new_version":"1.79.3","repository_url":"https://github.com/grpc/grpc-go"},{"name":"github.com/moby/spdystream","old_version":"0.5.0","new_version":"0.5.1","repository_url":"https://github.com/moby/spdystream"},{"name":"github.com/moby/spdystream","old_version":"0.5.0","new_version":"0.5.1","repository_url":"https://github.com/moby/spdystream"},{"name":"go.opentelemetry.io/otel","old_version":"1.38.0","new_version":"1.41.0","repository_url":"https://github.com/open-telemetry/opentelemetry-go"},{"name":"go.opentelemetry.io/otel/sdk","old_version":"1.38.0","new_version":"1.43.0","repository_url":"https://github.com/open-telemetry/opentelemetry-go"}],"path":null,"ecosystem":"go"},"body":"Bumps the go_modules group with 2 updates in the /hack/tools directory: [github.com/go-viper/mapstructure/v2](https://github.com/go-viper/mapstructure) and [github.com/golang/glog](https://github.com/golang/glog).\nBumps the go_modules group with 4 updates in the /staging/src/k8s.io/apiextensions-apiserver directory: [go.opentelemetry.io/otel](https://github.com/open-telemetry/opentelemetry-go), [go.opentelemetry.io/otel/sdk](https://github.com/open-telemetry/opentelemetry-go), [google.golang.org/grpc](https://github.com/grpc/grpc-go) and [github.com/moby/spdystream](https://github.com/moby/spdystream).\nBumps the go_modules group with 1 update in the /staging/src/k8s.io/apimachinery directory: [github.com/moby/spdystream](https://github.com/moby/spdystream).\nBumps the go_modules group with 4 updates in the /staging/src/k8s.io/apiserver directory: [go.opentelemetry.io/otel](https://github.com/open-telemetry/opentelemetry-go), [go.opentelemetry.io/otel/sdk](https://github.com/open-telemetry/opentelemetry-go), [google.golang.org/grpc](https://github.com/grpc/grpc-go) and [github.com/moby/spdystream](https://github.com/moby/spdystream).\nBumps the go_modules group with 1 update in the /staging/src/k8s.io/client-go directory: [github.com/moby/spdystream](https://github.com/moby/spdystream).\nBumps the go_modules group with 3 updates in the /staging/src/k8s.io/cloud-provider directory: [go.opentelemetry.io/otel](https://github.com/open-telemetry/opentelemetry-go), [go.opentelemetry.io/otel/sdk](https://github.com/open-telemetry/opentelemetry-go) and [google.golang.org/grpc](https://github.com/grpc/grpc-go).\nBumps the go_modules group with 3 updates in the /staging/src/k8s.io/component-base directory: [go.opentelemetry.io/otel](https://github.com/open-telemetry/opentelemetry-go), [go.opentelemetry.io/otel/sdk](https://github.com/open-telemetry/opentelemetry-go) and [google.golang.org/grpc](https://github.com/grpc/grpc-go).\nBumps the go_modules group with 3 updates in the /staging/src/k8s.io/controller-manager directory: [go.opentelemetry.io/otel](https://github.com/open-telemetry/opentelemetry-go), [go.opentelemetry.io/otel/sdk](https://github.com/open-telemetry/opentelemetry-go) and [google.golang.org/grpc](https://github.com/grpc/grpc-go).\nBumps the go_modules group with 2 updates in the /staging/src/k8s.io/cri-api directory: [go.opentelemetry.io/otel](https://github.com/open-telemetry/opentelemetry-go) and [google.golang.org/grpc](https://github.com/grpc/grpc-go).\nBumps the go_modules group with 3 updates in the /staging/src/k8s.io/cri-client directory: [go.opentelemetry.io/otel](https://github.com/open-telemetry/opentelemetry-go), [go.opentelemetry.io/otel/sdk](https://github.com/open-telemetry/opentelemetry-go) and [google.golang.org/grpc](https://github.com/grpc/grpc-go).\nBumps the go_modules group with 2 updates in the /staging/src/k8s.io/dynamic-resource-allocation directory: [go.opentelemetry.io/otel](https://github.com/open-telemetry/opentelemetry-go) and [google.golang.org/grpc](https://github.com/grpc/grpc-go).\nBumps the go_modules group with 1 update in the /staging/src/k8s.io/endpointslice directory: [go.opentelemetry.io/otel](https://github.com/open-telemetry/opentelemetry-go).\nBumps the go_modules group with 2 updates in the /staging/src/k8s.io/externaljwt directory: [go.opentelemetry.io/otel](https://github.com/open-telemetry/opentelemetry-go) and [google.golang.org/grpc](https://github.com/grpc/grpc-go).\nBumps the go_modules group with 2 updates in the /staging/src/k8s.io/kms directory: [go.opentelemetry.io/otel](https://github.com/open-telemetry/opentelemetry-go) and [google.golang.org/grpc](https://github.com/grpc/grpc-go).\nBumps the go_modules group with 1 update in the /staging/src/k8s.io/kms/internal/plugins/_mock directory: [google.golang.org/grpc](https://github.com/grpc/grpc-go).\nBumps the go_modules group with 4 updates in the /staging/src/k8s.io/kube-aggregator directory: [go.opentelemetry.io/otel](https://github.com/open-telemetry/opentelemetry-go), [go.opentelemetry.io/otel/sdk](https://github.com/open-telemetry/opentelemetry-go), [google.golang.org/grpc](https://github.com/grpc/grpc-go) and [github.com/moby/spdystream](https://github.com/moby/spdystream).\nBumps the go_modules group with 1 update in the /staging/src/k8s.io/kube-proxy directory: [go.opentelemetry.io/otel](https://github.com/open-telemetry/opentelemetry-go).\nBumps the go_modules group with 1 update in the /staging/src/k8s.io/kube-scheduler directory: [go.opentelemetry.io/otel](https://github.com/open-telemetry/opentelemetry-go).\nBumps the go_modules group with 1 update in the /staging/src/k8s.io/kubectl directory: [github.com/moby/spdystream](https://github.com/moby/spdystream).\nBumps the go_modules group with 3 updates in the /staging/src/k8s.io/kubelet directory: [go.opentelemetry.io/otel](https://github.com/open-telemetry/opentelemetry-go), [google.golang.org/grpc](https://github.com/grpc/grpc-go) and [github.com/moby/spdystream](https://github.com/moby/spdystream).\nBumps the go_modules group with 3 updates in the /staging/src/k8s.io/pod-security-admission directory: [go.opentelemetry.io/otel](https://github.com/open-telemetry/opentelemetry-go), [go.opentelemetry.io/otel/sdk](https://github.com/open-telemetry/opentelemetry-go) and [google.golang.org/grpc](https://github.com/grpc/grpc-go).\nBumps the go_modules group with 3 updates in the /staging/src/k8s.io/sample-apiserver directory: [go.opentelemetry.io/otel](https://github.com/open-telemetry/opentelemetry-go), [go.opentelemetry.io/otel/sdk](https://github.com/open-telemetry/opentelemetry-go) and [google.golang.org/grpc](https://github.com/grpc/grpc-go).\n\nUpdates `github.com/go-viper/mapstructure/v2` from 2.3.0 to 2.4.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/go-viper/mapstructure/releases\"\u003egithub.com/go-viper/mapstructure/v2's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.4.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003erefactor: replace interface{} with any by \u003ca href=\"https://github.com/sagikazarmark\"\u003e\u003ccode\u003e@​sagikazarmark\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-viper/mapstructure/pull/115\"\u003ego-viper/mapstructure#115\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github/codeql-action from 3.29.0 to 3.29.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/go-viper/mapstructure/pull/114\"\u003ego-viper/mapstructure#114\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eGeneric tests by \u003ca href=\"https://github.com/sagikazarmark\"\u003e\u003ccode\u003e@​sagikazarmark\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-viper/mapstructure/pull/118\"\u003ego-viper/mapstructure#118\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix godoc reference link in README.md by \u003ca href=\"https://github.com/peczenyj\"\u003e\u003ccode\u003e@​peczenyj\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-viper/mapstructure/pull/107\"\u003ego-viper/mapstructure#107\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: add StringToTimeLocationHookFunc to convert strings to *time.Location by \u003ca href=\"https://github.com/ErfanMomeniii\"\u003e\u003ccode\u003e@​ErfanMomeniii\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-viper/mapstructure/pull/117\"\u003ego-viper/mapstructure#117\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: add back previous StringToSlice as a weak function by \u003ca href=\"https://github.com/sagikazarmark\"\u003e\u003ccode\u003e@​sagikazarmark\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-viper/mapstructure/pull/119\"\u003ego-viper/mapstructure#119\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ErfanMomeniii\"\u003e\u003ccode\u003e@​ErfanMomeniii\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-viper/mapstructure/pull/117\"\u003ego-viper/mapstructure#117\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/go-viper/mapstructure/compare/v2.3.0...v2.4.0\"\u003ehttps://github.com/go-viper/mapstructure/compare/v2.3.0...v2.4.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-viper/mapstructure/commit/b9794a5f0e73d425210d6614ed833067029155f5\"\u003e\u003ccode\u003eb9794a5\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/go-viper/mapstructure/issues/119\"\u003e#119\u003c/a\u003e from go-viper/string-to-weak-slice\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-viper/mapstructure/commit/17cdcb0741054e2a33938adf6bd1f2a5c0aa8f30\"\u003e\u003ccode\u003e17cdcb0\u003c/code\u003e\u003c/a\u003e feat: add back previous StringToSlice as a weak function\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-viper/mapstructure/commit/3caca3614c3ab2c5b5d359c44fdcd72058887b19\"\u003e\u003ccode\u003e3caca36\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/go-viper/mapstructure/issues/117\"\u003e#117\u003c/a\u003e from ErfanMomeniii/main\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-viper/mapstructure/commit/9a861bc115f2b54ed4e494662f29c172d9ef046a\"\u003e\u003ccode\u003e9a861bc\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/go-viper/mapstructure/issues/107\"\u003e#107\u003c/a\u003e from peczenyj/patch-2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-viper/mapstructure/commit/86ed5b59da0615fb8c3a413f401cdf0231f1234c\"\u003e\u003ccode\u003e86ed5b5\u003c/code\u003e\u003c/a\u003e refactor: update\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-viper/mapstructure/commit/ace5b4e8b3dec99468ffa9498e42fb09d177b0a6\"\u003e\u003ccode\u003eace5b4e\u003c/code\u003e\u003c/a\u003e chore: add interface any linter\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-viper/mapstructure/commit/1a4f1aef38bfa8549762aaf42c7c18a5d268e76e\"\u003e\u003ccode\u003e1a4f1ae\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/go-viper/mapstructure/issues/118\"\u003e#118\u003c/a\u003e from go-viper/generic-tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-viper/mapstructure/commit/a2689090ed4348033c36724d866faf1f911a9f63\"\u003e\u003ccode\u003ea268909\u003c/code\u003e\u003c/a\u003e fix: lint\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-viper/mapstructure/commit/17f1fd44eb7606b109c9bb017c0a1c6d3e93b5cd\"\u003e\u003ccode\u003e17f1fd4\u003c/code\u003e\u003c/a\u003e test: add more comments\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-viper/mapstructure/commit/b48c8566836bf291bfee2b217d51fc36e8e61f6f\"\u003e\u003ccode\u003eb48c856\u003c/code\u003e\u003c/a\u003e test: expand tests\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/go-viper/mapstructure/compare/v2.3.0...v2.4.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/golang/glog` from 1.2.2 to 1.2.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/golang/glog/releases\"\u003egithub.com/golang/glog's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.2.4\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFail if log file already exists by \u003ca href=\"https://github.com/chressie\"\u003e\u003ccode\u003e@​chressie\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/golang/glog/pull/74\"\u003egolang/glog#74\u003c/a\u003e:\n\u003cul\u003e\n\u003cli\u003eglog: Don't try to create/rotate a given syncBuffer twice in the same second\u003c/li\u003e\n\u003cli\u003eglog: introduce createInDir function as in internal version\u003c/li\u003e\n\u003cli\u003eglog: have createInDir fail if the file already exists\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/golang/glog/compare/v1.2.3...v1.2.4\"\u003ehttps://github.com/golang/glog/compare/v1.2.3...v1.2.4\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.2.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eglog: check that stderr is valid before using it by default by \u003ca href=\"https://github.com/chressie\"\u003e\u003ccode\u003e@​chressie\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/golang/glog/pull/72\"\u003egolang/glog#72\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eglog: fix typo by \u003ca href=\"https://github.com/chressie\"\u003e\u003ccode\u003e@​chressie\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/golang/glog/pull/73\"\u003egolang/glog#73\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/golang/glog/compare/v1.2.2...v1.2.3\"\u003ehttps://github.com/golang/glog/compare/v1.2.2...v1.2.3\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/glog/commit/a0e3c40a0ed0cecc58c84e7684d9ce55a54044ee\"\u003e\u003ccode\u003ea0e3c40\u003c/code\u003e\u003c/a\u003e glog: have createInDir fail if the file already exists\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/glog/commit/7139da234346c23dba05a8c588284c379b9c0bf8\"\u003e\u003ccode\u003e7139da2\u003c/code\u003e\u003c/a\u003e glog: introduce createInDir function as in internal version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/glog/commit/dd58629ba6ced28322bcb149ed86016fb1ec9a5b\"\u003e\u003ccode\u003edd58629\u003c/code\u003e\u003c/a\u003e glog: Don't try to create/rotate a given syncBuffer twice in the same second\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/glog/commit/04dbec0df8d03d5c187beaf5ce8e6c58e9fc82b5\"\u003e\u003ccode\u003e04dbec0\u003c/code\u003e\u003c/a\u003e glog: fix typo (\u003ca href=\"https://redirect.github.com/golang/glog/issues/73\"\u003e#73\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/glog/commit/459cf3b8151dcfd8aa971077774eaf0c804119e4\"\u003e\u003ccode\u003e459cf3b\u003c/code\u003e\u003c/a\u003e glog: check that stderr is valid before using it by default (\u003ca href=\"https://redirect.github.com/golang/glog/issues/72\"\u003e#72\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/golang/glog/compare/v1.2.2...v1.2.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `go.opentelemetry.io/otel` from 1.38.0 to 1.41.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md\"\u003ego.opentelemetry.io/otel's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[1.41.0/0.63.0/0.17.0/0.0.15] 2026-03-02\u003c/h2\u003e\n\u003cp\u003eThis release is the last to support [Go 1.24].\nThe next release will require at least [Go 1.25].\u003c/p\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSupport testing of [Go 1.26]. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7902\"\u003e#7902\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate \u003ccode\u003eBaggage\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/propagation\u003c/code\u003e and \u003ccode\u003eParse\u003c/code\u003e and \u003ccode\u003eNew\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/baggage\u003c/code\u003e to comply with W3C Baggage specification limits.\n\u003ccode\u003eNew\u003c/code\u003e and \u003ccode\u003eParse\u003c/code\u003e now return partial baggage along with an error when limits are exceeded.\nErrors from baggage extraction are reported to the global error handler. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7880\"\u003e#7880\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReturn an error when the endpoint is configured as insecure and with TLS configuration in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7914\"\u003e#7914\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReturn an error when the endpoint is configured as insecure and with TLS configuration in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7914\"\u003e#7914\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReturn an error when the endpoint is configured as insecure and with TLS configuration in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7914\"\u003e#7914\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[1.40.0/0.62.0/0.16.0] 2026-02-02\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eAlwaysRecord\u003c/code\u003e sampler in \u003ccode\u003ego.opentelemetry.io/otel/sdk/trace\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7724\"\u003e#7724\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eEnabled\u003c/code\u003e method to all synchronous instrument interfaces (\u003ccode\u003eFloat64Counter\u003c/code\u003e, \u003ccode\u003eFloat64UpDownCounter\u003c/code\u003e, \u003ccode\u003eFloat64Histogram\u003c/code\u003e, \u003ccode\u003eFloat64Gauge\u003c/code\u003e, \u003ccode\u003eInt64Counter\u003c/code\u003e, \u003ccode\u003eInt64UpDownCounter\u003c/code\u003e, \u003ccode\u003eInt64Histogram\u003c/code\u003e, \u003ccode\u003eInt64Gauge\u003c/code\u003e,) in \u003ccode\u003ego.opentelemetry.io/otel/metric\u003c/code\u003e.\nThis stabilizes the synchronous instrument enabled feature, allowing users to check if an instrument will process measurements before performing computationally expensive operations. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7763\"\u003e#7763\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003ego.opentelemetry.io/otel/semconv/v1.39.0\u003c/code\u003e package.\nThe package contains semantic conventions from the \u003ccode\u003ev1.39.0\u003c/code\u003e version of the OpenTelemetry Semantic Conventions.\nSee the \u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/blob/main/semconv/v1.39.0/MIGRATION.md\"\u003emigration documentation\u003c/a\u003e for information on how to upgrade from \u003ccode\u003ego.opentelemetry.io/otel/semconv/v1.38.0.\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7783\"\u003e#7783\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7789\"\u003e#7789\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eImprove the concurrent performance of \u003ccode\u003eHistogramReservoir\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/sdk/metric/exemplar\u003c/code\u003e by 4x. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7443\"\u003e#7443\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImprove the concurrent performance of \u003ccode\u003eFixedSizeReservoir\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/sdk/metric/exemplar\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7447\"\u003e#7447\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImprove performance of concurrent histogram measurements in \u003ccode\u003ego.opentelemetry.io/otel/sdk/metric\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7474\"\u003e#7474\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImprove performance of concurrent synchronous gauge measurements in \u003ccode\u003ego.opentelemetry.io/otel/sdk/metric\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7478\"\u003e#7478\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd experimental observability metrics in \u003ccode\u003ego.opentelemetry.io/otel/exporters/stdout/stdoutmetric\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7492\"\u003e#7492\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eExporter\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/exporters/prometheus\u003c/code\u003e ignores metrics with the scope \u003ccode\u003ego.opentelemetry.io/contrib/bridges/prometheus\u003c/code\u003e.\nThis prevents scrape failures when the Prometheus exporter is misconfigured to get data from the Prometheus bridge. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7688\"\u003e#7688\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImprove performance of concurrent exponential histogram measurements in \u003ccode\u003ego.opentelemetry.io/otel/sdk/metric\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7702\"\u003e#7702\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003erpc.grpc.status_code\u003c/code\u003e attribute in the experimental metrics emitted from \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc\u003c/code\u003e is replaced with the \u003ccode\u003erpc.response.status_code\u003c/code\u003e attribute to align with the semantic conventions. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7854\"\u003e#7854\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003erpc.grpc.status_code\u003c/code\u003e attribute in the experimental metrics emitted from \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc\u003c/code\u003e is replaced with the \u003ccode\u003erpc.response.status_code\u003c/code\u003e attribute to align with the semantic conventions. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7854\"\u003e#7854\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix bad log message when key-value pairs are dropped because of key duplication in \u003ccode\u003ego.opentelemetry.io/otel/sdk/log\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7662\"\u003e#7662\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eDroppedAttributes\u003c/code\u003e on \u003ccode\u003eRecord\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/sdk/log\u003c/code\u003e to not count the non-attribute key-value pairs dropped because of key duplication. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7662\"\u003e#7662\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eSetAttributes\u003c/code\u003e on \u003ccode\u003eRecord\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/sdk/log\u003c/code\u003e to not log that attributes are dropped when they are actually not dropped. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7662\"\u003e#7662\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix missing \u003ccode\u003erequest.GetBody\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp\u003c/code\u003e to correctly handle HTTP/2 \u003ccode\u003eGOAWAY\u003c/code\u003e frame. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7794\"\u003e#7794\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eWithHostID\u003c/code\u003e detector in \u003ccode\u003ego.opentelemetry.io/otel/sdk/resource\u003c/code\u003e to use full path for \u003ccode\u003eioreg\u003c/code\u003e command on Darwin (macOS). (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7818\"\u003e#7818\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/4575a9774dd9415ffc858dd34955493b0031065a\"\u003e\u003ccode\u003e4575a97\u003c/code\u003e\u003c/a\u003e Release 1.41.0/0.63.0/0.17.0/0.0.15 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7977\"\u003e#7977\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/66fc10d9dff9653c65bcca111b965137d06f09aa\"\u003e\u003ccode\u003e66fc10d\u003c/code\u003e\u003c/a\u003e fix: add error handling for insecure HTTP endpoints with TLS client configura...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/76e6eec88f186f06a0708b5620324d2b002d9a97\"\u003e\u003ccode\u003e76e6eec\u003c/code\u003e\u003c/a\u003e chore(deps): update github/codeql-action action to v4.32.5 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7980\"\u003e#7980\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/0d50f9008c8c93fe49a7caa45c88c30370479d27\"\u003e\u003ccode\u003e0d50f90\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Generate semconv/v1.40.0\u0026quot; (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7978\"\u003e#7978\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/c38a4a57c320b6098ca5c92f0a85201034780b1f\"\u003e\u003ccode\u003ec38a4a5\u003c/code\u003e\u003c/a\u003e Generate semconv/v1.40.0 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7929\"\u003e#7929\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/0f1a22484ec52d6beb1efdb0fa1b63a31e7405af\"\u003e\u003ccode\u003e0f1a224\u003c/code\u003e\u003c/a\u003e chore(deps): update module github.com/securego/gosec/v2 to v2.23.0 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7899\"\u003e#7899\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/c79ebf43eb1cff6dd76a33bb1549f2c082dab604\"\u003e\u003ccode\u003ec79ebf4\u003c/code\u003e\u003c/a\u003e chore(deps): update module github.com/daixiang0/gci to v0.14.0 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7973\"\u003e#7973\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/f75815746541d0d4ac84e1c5955bdcd1a2df2d7d\"\u003e\u003ccode\u003ef758157\u003c/code\u003e\u003c/a\u003e chore(deps): update module github.com/sonatard/noctx to v0.5.0 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7968\"\u003e#7968\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/92a11645724515630187def073ae39f1b6cb3c69\"\u003e\u003ccode\u003e92a1164\u003c/code\u003e\u003c/a\u003e fix(deps): update github.com/opentracing-contrib/go-grpc/test digest to d566b...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/3cd7c27e840ea3114115459db2e299a27fffaff8\"\u003e\u003ccode\u003e3cd7c27\u003c/code\u003e\u003c/a\u003e chore(deps): update module github.com/protonmail/go-crypto to v1.4.0 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7969\"\u003e#7969\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/compare/v1.38.0...v1.41.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `go.opentelemetry.io/otel/sdk` from 1.38.0 to 1.43.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md\"\u003ego.opentelemetry.io/otel/sdk's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[1.43.0/0.65.0/0.19.0] 2026-04-02\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eIsRandom\u003c/code\u003e and \u003ccode\u003eWithRandom\u003c/code\u003e on \u003ccode\u003eTraceFlags\u003c/code\u003e, and \u003ccode\u003eIsRandom\u003c/code\u003e on \u003ccode\u003eSpanContext\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/trace\u003c/code\u003e for \u003ca href=\"https://www.w3.org/TR/trace-context-2/#random-trace-id-flag\"\u003eW3C Trace Context Level 2 Random Trace ID Flag\u003c/a\u003e support. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8012\"\u003e#8012\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd service detection with \u003ccode\u003eWithService\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/sdk/resource\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7642\"\u003e#7642\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eDefaultWithContext\u003c/code\u003e and \u003ccode\u003eEnvironmentWithContext\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/sdk/resource\u003c/code\u003e to support plumbing \u003ccode\u003econtext.Context\u003c/code\u003e through default and environment detectors. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8051\"\u003e#8051\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport attributes with empty value (\u003ccode\u003eattribute.EMPTY\u003c/code\u003e) in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport attributes with empty value (\u003ccode\u003eattribute.EMPTY\u003c/code\u003e) in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport attributes with empty value (\u003ccode\u003eattribute.EMPTY\u003c/code\u003e) in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport attributes with empty value (\u003ccode\u003eattribute.EMPTY\u003c/code\u003e) in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport attributes with empty value (\u003ccode\u003eattribute.EMPTY\u003c/code\u003e) in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport attributes with empty value (\u003ccode\u003eattribute.EMPTY\u003c/code\u003e) in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport attributes with empty value (\u003ccode\u003eattribute.EMPTY\u003c/code\u003e) in \u003ccode\u003ego.opentelemetry.io/otel/sdk/metric/metricdata/metricdatatest\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd support for per-series start time tracking for cumulative metrics in \u003ccode\u003ego.opentelemetry.io/otel/sdk/metric\u003c/code\u003e.\nSet \u003ccode\u003eOTEL_GO_X_PER_SERIES_START_TIMESTAMPS=true\u003c/code\u003e to enable. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8060\"\u003e#8060\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eWithCardinalityLimitSelector\u003c/code\u003e for metric reader for configuring cardinality limits specific to the instrument kind. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7855\"\u003e#7855\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eIntroduce the \u003ccode\u003eEMPTY\u003c/code\u003e Type in \u003ccode\u003ego.opentelemetry.io/otel/attribute\u003c/code\u003e to reflect that an empty value is now a valid value, with \u003ccode\u003eINVALID\u003c/code\u003e remaining as a deprecated alias of \u003ccode\u003eEMPTY\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImprove slice handling in \u003ccode\u003ego.opentelemetry.io/otel/attribute\u003c/code\u003e to optimize short slice values with fixed-size fast paths. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8039\"\u003e#8039\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImprove performance of span metric recording in \u003ccode\u003ego.opentelemetry.io/otel/sdk/trace\u003c/code\u003e by returning early if self-observability is not enabled. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8067\"\u003e#8067\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImprove formatting of metric data diffs in \u003ccode\u003ego.opentelemetry.io/otel/sdk/metric/metricdata/metricdatatest\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8073\"\u003e#8073\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDeprecated\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDeprecate \u003ccode\u003eINVALID\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/attribute\u003c/code\u003e. Use \u003ccode\u003eEMPTY\u003c/code\u003e instead. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eReturn spec-compliant \u003ccode\u003eTraceIdRatioBased\u003c/code\u003e description. This is a breaking behavioral change, but it is necessary to\nmake the implementation \u003ca href=\"https://opentelemetry.io/docs/specs/otel/trace/sdk/#traceidratiobased\"\u003espec-compliant\u003c/a\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8027\"\u003e#8027\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix a race condition in \u003ccode\u003ego.opentelemetry.io/otel/sdk/metric\u003c/code\u003e where the lastvalue aggregation could collect the value 0 even when no zero-value measurements were recorded. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8056\"\u003e#8056\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eLimit HTTP response body to 4 MiB in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp\u003c/code\u003e to mitigate excessive memory usage caused by a misconfigured or malicious server.\nResponses exceeding the limit are treated as non-retryable errors. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8108\"\u003e#8108\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eLimit HTTP response body to 4 MiB in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp\u003c/code\u003e to mitigate excessive memory usage caused by a misconfigured or malicious server.\nResponses exceeding the limit are treated as non-retryable errors. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8108\"\u003e#8108\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eLimit HTTP response body to 4 MiB in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp\u003c/code\u003e to mitigate excessive memory usage caused by a misconfigured or malicious server.\nResponses exceeding the limit are treated as non-retryable errors. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8108\"\u003e#8108\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eWithHostID\u003c/code\u003e detector in \u003ccode\u003ego.opentelemetry.io/otel/sdk/resource\u003c/code\u003e to use full path for \u003ccode\u003ekenv\u003c/code\u003e command on BSD. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8113\"\u003e#8113\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix missing \u003ccode\u003erequest.GetBody\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp\u003c/code\u003e to correctly handle HTTP2 GOAWAY frame. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8096\"\u003e#8096\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[1.42.0/0.64.0/0.18.0/0.0.16] 2026-03-06\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003ego.opentelemetry.io/otel/semconv/v1.40.0\u003c/code\u003e package.\nThe package contains semantic conventions from the \u003ccode\u003ev1.40.0\u003c/code\u003e version of the OpenTelemetry Semantic Conventions.\nSee the \u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/blob/main/semconv/v1.40.0/MIGRATION.md\"\u003emigration documentation\u003c/a\u003e for information on how to upgrade from \u003ccode\u003ego.opentelemetry.io/otel/semconv/v1.39.0\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7985\"\u003e#7985\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/9276201a64b623606e3eaa0d61ae8ee6d62756c0\"\u003e\u003ccode\u003e9276201\u003c/code\u003e\u003c/a\u003e Release v1.43.0 / v0.65.0 / v0.19.0 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8128\"\u003e#8128\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/61b8c9466c4e6b17e69b622279fe9b63fb15c89a\"\u003e\u003ccode\u003e61b8c94\u003c/code\u003e\u003c/a\u003e chore(deps): update module github.com/mattn/go-runewidth to v0.0.22 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8131\"\u003e#8131\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/97a086e82ffe01502f4c620e9c447efa229e2a23\"\u003e\u003ccode\u003e97a086e\u003c/code\u003e\u003c/a\u003e chore(deps): update github.com/golangci/dupl digest to c99c5cf (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8122\"\u003e#8122\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/5e363de517dba6db62736b2f5cdef0e0929b4cd0\"\u003e\u003ccode\u003e5e363de\u003c/code\u003e\u003c/a\u003e limit response body size for OTLP HTTP exporters (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8108\"\u003e#8108\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/35214b60138eac8dec97a2d2b851d8c8471680c7\"\u003e\u003ccode\u003e35214b6\u003c/code\u003e\u003c/a\u003e Use an absolute path when calling bsd kenv (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8113\"\u003e#8113\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/290024ceaf695f9cdbf29a0c6731a317d92bc361\"\u003e\u003ccode\u003e290024c\u003c/code\u003e\u003c/a\u003e fix(deps): update module google.golang.org/grpc to v1.80.0 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8121\"\u003e#8121\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/e70658e098033d6bb5ec1b399de16bbb2642f6dc\"\u003e\u003ccode\u003ee70658e\u003c/code\u003e\u003c/a\u003e fix: support getBody in otelploghttp (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8096\"\u003e#8096\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/4afe468e3b4859c949a1c1e8d92684d43d86ef8a\"\u003e\u003ccode\u003e4afe468\u003c/code\u003e\u003c/a\u003e fix(deps): update googleapis to 9d38bb4 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8117\"\u003e#8117\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/b9ca729776309e3c08fe700c131797a3b4d10634\"\u003e\u003ccode\u003eb9ca729\u003c/code\u003e\u003c/a\u003e chore(deps): update module github.com/go-git/go-git/v5 to v5.17.2 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8115\"\u003e#8115\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/69472ec56cb7674d55ca2e2bcb04dea73228ab79\"\u003e\u003ccode\u003e69472ec\u003c/code\u003e\u003c/a\u003e chore(deps): update fossas/fossa-action action to v1.9.0 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8118\"\u003e#8118\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/compare/v1.38.0...v1.43.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `google.golang.org/grpc` from 1.75.0 to 1.79.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/grpc/grpc-go/releases\"\u003egoogle.golang.org/grpc's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRelease 1.79.3\u003c/h2\u003e\n\u003ch1\u003eSecurity\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eserver: fix an authorization bypass where malformed :path headers (missing the leading slash) could bypass path-based restricted \u0026quot;deny\u0026quot; rules in interceptors like \u003ccode\u003egrpc/authz\u003c/code\u003e. Any request with a non-canonical path is now immediately rejected with an \u003ccode\u003eUnimplemented\u003c/code\u003e error. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8981\"\u003e#8981\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eRelease 1.79.2\u003c/h2\u003e\n\u003ch1\u003eBug Fixes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003estats: Prevent redundant error logging in health/ORCA producers by skipping stats/tracing processing when no stats handler is configured. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/pull/8874\"\u003egrpc/grpc-go#8874\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eRelease 1.79.1\u003c/h2\u003e\n\u003ch1\u003eBug Fixes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003egrpc: Remove the \u003ccode\u003e-dev\u003c/code\u003e suffix from the User-Agent header. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/pull/8902\"\u003egrpc/grpc-go#8902\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eRelease 1.79.0\u003c/h2\u003e\n\u003ch1\u003eAPI Changes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003emem: Add experimental API \u003ccode\u003eSetDefaultBufferPool\u003c/code\u003e to change the default buffer pool. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8806\"\u003e#8806\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eSpecial Thanks: \u003ca href=\"https://github.com/vanja-p\"\u003e\u003ccode\u003e@​vanja-p\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eexperimental/stats: Update \u003ccode\u003eMetricsRecorder\u003c/code\u003e to require embedding the new \u003ccode\u003eUnimplementedMetricsRecorder\u003c/code\u003e (a no-op struct) in all implementations for forward compatibility. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8780\"\u003e#8780\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eBehavior Changes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003ebalancer/weightedtarget: Remove handling of \u003ccode\u003eAddresses\u003c/code\u003e and only handle \u003ccode\u003eEndpoints\u003c/code\u003e in resolver updates. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8841\"\u003e#8841\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eNew Features\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eexperimental/stats: Add support for asynchronous gauge metrics through the new \u003ccode\u003eAsyncMetricReporter\u003c/code\u003e and \u003ccode\u003eRegisterAsyncReporter\u003c/code\u003e APIs. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8780\"\u003e#8780\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003epickfirst: Add support for weighted random shuffling of endpoints, as described in \u003ca href=\"https://redirect.github.com/grpc/proposal/pull/535\"\u003egRFC A113\u003c/a\u003e.\n\u003cul\u003e\n\u003cli\u003eThis is enabled by default, and can be turned off using the environment variable \u003ccode\u003eGRPC_EXPERIMENTAL_PF_WEIGHTED_SHUFFLING\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8864\"\u003e#8864\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003exds: Implement \u003ccode\u003e:authority\u003c/code\u003e rewriting, as specified in \u003ca href=\"https://github.com/grpc/proposal/blob/master/A81-xds-authority-rewriting.md\"\u003egRFC A81\u003c/a\u003e. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8779\"\u003e#8779\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ebalancer/randomsubsetting: Implement the \u003ccode\u003erandom_subsetting\u003c/code\u003e LB policy, as specified in \u003ca href=\"https://github.com/grpc/proposal/blob/master/A68-random-subsetting.md\"\u003egRFC A68\u003c/a\u003e. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8650\"\u003e#8650\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eSpecial Thanks: \u003ca href=\"https://github.com/marek-szews\"\u003e\u003ccode\u003e@​marek-szews\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eBug Fixes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003ecredentials/tls: Fix a bug where the port was not stripped from the authority override before validation. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8726\"\u003e#8726\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eSpecial Thanks: \u003ca href=\"https://github.com/Atul1710\"\u003e\u003ccode\u003e@​Atul1710\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003exds/priority: Fix a bug causing delayed failover to lower-priority clusters when a higher-priority cluster is stuck in \u003ccode\u003eCONNECTING\u003c/code\u003e state. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8813\"\u003e#8813\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ehealth: Fix a bug where health checks failed for clients using legacy compression options (\u003ccode\u003eWithDecompressor\u003c/code\u003e or \u003ccode\u003eRPCDecompressor\u003c/code\u003e). (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8765\"\u003e#8765\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eSpecial Thanks: \u003ca href=\"https://github.com/sanki92\"\u003e\u003ccode\u003e@​sanki92\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003etransport: Fix an issue where the HTTP/2 server could skip header size checks when terminating a stream early. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8769\"\u003e#8769\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eSpecial Thanks: \u003ca href=\"https://github.com/joybestourous\"\u003e\u003ccode\u003e@​joybestourous\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eserver: Propagate status detail headers, if available, when terminating a stream during request header processing. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8754\"\u003e#8754\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eSpecial Thanks: \u003ca href=\"https://github.com/joybestourous\"\u003e\u003ccode\u003e@​joybestourous\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003ePerformance Improvements\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003ecredentials/alts: Optimize read buffer alignment to reduce copies. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8791\"\u003e#8791\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003emem: Optimize pooling and creation of \u003ccode\u003ebuffer\u003c/code\u003e objects.  (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8784\"\u003e#8784\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003etransport: Reduce slice re-allocations by reserving slice capacity. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8797\"\u003e#8797\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/dda86dbd9cecb8b35b58c73d507d81d67761205f\"\u003e\u003ccode\u003edda86db\u003c/code\u003e\u003c/a\u003e Change version to 1.79.3 (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8983\"\u003e#8983\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/72186f163e75a065c39e6f7df9b6dea07fbdeff5\"\u003e\u003ccode\u003e72186f1\u003c/code\u003e\u003c/a\u003e grpc: enforce strict path checking for incoming requests on the server (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8981\"\u003e#8981\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/97ca3522b239edf6813e2b1106924e9d55e89d43\"\u003e\u003ccode\u003e97ca352\u003c/code\u003e\u003c/a\u003e Changing version to 1.79.3-dev (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8954\"\u003e#8954\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/8902ab6efea590f5b3861126559eaa26fa9783b2\"\u003e\u003ccode\u003e8902ab6\u003c/code\u003e\u003c/a\u003e Change the version to release 1.79.2 (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8947\"\u003e#8947\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/a9286705aa689bee321ec674323b6896284f3e02\"\u003e\u003ccode\u003ea928670\u003c/code\u003e\u003c/a\u003e Cherry-pick \u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8874\"\u003e#8874\u003c/a\u003e to v1.79.x (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8904\"\u003e#8904\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/06df3638c0bcee88197b1033b3ba83e1eb8bc010\"\u003e\u003ccode\u003e06df363\u003c/code\u003e\u003c/a\u003e Change version to 1.79.2-dev (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8903\"\u003e#8903\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/782f2de44f597af18a120527e7682a6670d84289\"\u003e\u003ccode\u003e782f2de\u003c/code\u003e\u003c/a\u003e Change version to 1.79.1 (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8902\"\u003e#8902\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/850eccbb2257bd2de6ac28ee88a7172ab6175629\"\u003e\u003ccode\u003e850eccb\u003c/code\u003e\u003c/a\u003e Change version to 1.79.1-dev (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8851\"\u003e#8851\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/765ff056b6890f6c8341894df4e9668e9bfc18ef\"\u003e\u003ccode\u003e765ff05\u003c/code\u003e\u003c/a\u003e Change version to 1.79.0 (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8850\"\u003e#8850\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/68804be0e78ed0365bb5a576dedc12e2168ed63e\"\u003e\u003ccode\u003e68804be\u003c/code\u003e\u003c/a\u003e Cherry pick \u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8864\"\u003e#8864\u003c/a\u003e to v1.79.x (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8896\"\u003e#8896\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/grpc/grpc-go/compare/v1.75.0...v1.79.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/moby/spdystream` from 0.5.0 to 0.5.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/moby/spdystream/releases\"\u003egithub.com/moby/spdystream's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.5.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cp\u003eFix memory amplification in SPDY frame parsing leads to denial of service (\u003ca href=\"https://github.com/moby/spdystream/security/advisories/GHSA-pc3f-x583-g7j2\"\u003eCVE-2026-35469\u003c/a\u003e / \u003ca href=\"https://github.com/moby/spdystream/security/advisories/GHSA-pc3f-x583-g7j2\"\u003eGHSA-pc3f-x583-g7j2\u003c/a\u003e)\u003c/p\u003e\n\u003ch3\u003eChanges\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003espdy: fix duplicate license headers, add LICENSE, PATENTS, and update NOTICE \u003ca href=\"https://redirect.github.com/moby/spdystream/pull/106\"\u003emoby/spdystream#106\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: update actions and test against latest Go versions \u003ca href=\"https://redirect.github.com/moby/spdystream/pull/107\"\u003emoby/spdystream#107\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003euse ioutil.Discard for go1.13 compatibility \u003ca href=\"https://redirect.github.com/moby/spdystream/pull/109\"\u003emoby/spdystream#109\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/moby/spdystream/compare/v0.5.0...v0.5.1\"\u003ehttps://github.com/moby/spdystream/compare/v0.5.0...v0.5.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/c59e5d73daa301bde452ea77545bdf51e32554a2\"\u003e\u003ccode\u003ec59e5d7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/moby/spdystream/issues/109\"\u003e#109\u003c/a\u003e from thaJeztah/use_ioutil\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/2fd0155e904f1f9b834b8460e8fdb8522bb59f84\"\u003e\u003ccode\u003e2fd0155\u003c/code\u003e\u003c/a\u003e use ioutil.Discard for go1.13 compatibility\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/ef6121f62c730110bf5ae604a865a8613bfb787f\"\u003e\u003ccode\u003eef6121f\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/241cec95b8f02919845dc4758f1f5310fc886739\"\u003e\u003ccode\u003e241cec9\u003c/code\u003e\u003c/a\u003e compare with signed Int for 32-bit Arm\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/21c38640c8c8f43173b17e5bc6690a5fa25d6935\"\u003e\u003ccode\u003e21c3864\u003c/code\u003e\u003c/a\u003e Add options to customize limits\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/acf9b456d06816c5cf23bf3892e13441f947d5fd\"\u003e\u003ccode\u003eacf9b45\u003c/code\u003e\u003c/a\u003e spdy: update godoc for MaxDataLength\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/eb6360582bf1343f485ca87b76efc9e72b49d690\"\u003e\u003ccode\u003eeb63605\u003c/code\u003e\u003c/a\u003e spdy: limit header-size and header-count\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/2f21da42eaab90f03a82fb03d0de8e91eb1d0fc6\"\u003e\u003ccode\u003e2f21da4\u003c/code\u003e\u003c/a\u003e spdy: fix header block byte accounting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/5976b6612f07a27f2e9a4de875485defb43b5d50\"\u003e\u003ccode\u003e5976b66\u003c/code\u003e\u003c/a\u003e spdy: enforce 24-bit frame length limits\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/cf0ec5d0fe4dbb2f3525f733946e0d0ddbfd5b13\"\u003e\u003ccode\u003ecf0ec5d\u003c/code\u003e\u003c/a\u003e Guard against oversized SPDY frames\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/moby/spdystream/compare/v0.5.0...v0.5.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/moby/spdystream` from 0.5.0 to 0.5.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/moby/spdystream/releases\"\u003egithub.com/moby/spdystream's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.5.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cp\u003eFix memory amplification in SPDY frame parsing leads to denial of service (\u003ca href=\"https://github.com/moby/spdystream/security/advisories/GHSA-pc3f-x583-g7j2\"\u003eCVE-2026-35469\u003c/a\u003e / \u003ca href=\"https://github.com/moby/spdystream/security/advisories/GHSA-pc3f-x583-g7j2\"\u003eGHSA-pc3f-x583-g7j2\u003c/a\u003e)\u003c/p\u003e\n\u003ch3\u003eChanges\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003espdy: fix duplicate license headers, add LICENSE, PATENTS, and update NOTICE \u003ca href=\"https://redirect.github.com/moby/spdystream/pull/106\"\u003emoby/spdystream#106\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: update actions and test against latest Go versions \u003ca href=\"https://redirect.github.com/moby/spdystream/pull/107\"\u003emoby/spdystream#107\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003euse ioutil.Discard for go1.13 compatibility \u003ca href=\"https://redirect.github.com/moby/spdystream/pull/109\"\u003emoby/spdystream#109\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/moby/spdystream/compare/v0.5.0...v0.5.1\"\u003ehttps://github.com/moby/spdystream/compare/v0.5.0...v0.5.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/c59e5d73daa301bde452ea77545bdf51e32554a2\"\u003e\u003ccode\u003ec59e5d7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/moby/spdystream/issues/109\"\u003e#109\u003c/a\u003e from thaJeztah/use_ioutil\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/2fd0155e904f1f9b834b8460e8fdb8522bb59f84\"\u003e\u003ccode\u003e2fd0155\u003c/code\u003e\u003c/a\u003e use ioutil.Discard for go1.13 compatibility\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/ef6121f62c730110bf5ae604a865a8613bfb787f\"\u003e\u003ccode\u003eef6121f\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/241cec95b8f02919845dc4758f1f5310fc886739\"\u003e\u003ccode\u003e241cec9\u003c/code\u003e\u003c/a\u003e compare with signed Int for 32-bit Arm\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/21c38640c8c8f43173b17e5bc6690a5fa25d6935\"\u003e\u003ccode\u003e21c3864\u003c/code\u003e\u003c/a\u003e Add options to customize limits\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/acf9b456d06816c5cf23bf3892e13441f947d5fd\"\u003e\u003ccode\u003eacf9b45\u003c/code\u003e\u003c/a\u003e spdy: update godoc for MaxDataLength\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/eb6360582bf1343f485ca87b76efc9e72b49d690\"\u003e\u003ccode\u003eeb63605\u003c/code\u003e\u003c/a\u003e spdy: limit header-size and header-count\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/2f21da42eaab90f03a82fb03d0de8e91eb1d0fc6\"\u003e\u003ccode\u003e2f21da4\u003c/code\u003e\u003c/a\u003e spdy: fix header block byte accounting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/5976b6612f07a27f2e9a4de875485defb43b5d50\"\u003e\u003ccode\u003e5976b66\u003c/code\u003e\u003c/a\u003e spdy: enforce 24-bit frame length limits\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/cf0ec5d0fe4dbb2f3525f733946e0d0ddbfd5b13\"\u003e\u003ccode\u003ecf0ec5d\u003c/code\u003e\u003c/a\u003e Guard against oversized SPDY frames\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/moby/spdystream/compare/v0.5.0...v0.5.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `go.opentelemetry.io/otel` from 1.38.0 to 1.41.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md\"\u003ego.opentelemetry.io/otel's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[1.41.0/0.63.0/0.17.0/0.0.15] 2026-03-02\u003c/h2\u003e\n\u003cp\u003eThis release is the last to support [Go 1.24].\nThe next release will require at least [Go 1.25].\u003c/p\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSupport testing of [Go 1.26]. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7902\"\u003e#7902\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate \u003ccode\u003eBaggage\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/propagation\u003c/code\u003e and \u003ccode\u003eParse\u003c/code\u003e and \u003ccode\u003eNew\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/baggage\u003c/code\u003e to comply with W3C Baggage specification limits.\n\u003ccode\u003eNew\u003c/code\u003e and \u003ccode\u003eParse\u003c/code\u003e now return partial baggage along with an error when limits are exceeded.\nErrors from baggage extraction are reported to the global error handler. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7880\"\u003e#7880\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReturn an error when the endpoint is configured as insecure and with TLS configuration in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7914\"\u003e#7914\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReturn an error when the endpoint is configured as insecure and with TLS configuration in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7914\"\u003e#7914\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReturn an error when the endpoint is configured as insecure and with TLS configuration in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7914\"\u003e#7914\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[1.40.0/0.62.0/0.16.0] 2026-02-02\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eAlwaysRecord\u003c/code\u003e sampler in \u003ccode\u003ego.opentelemetry.io/otel/sdk/trace\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7724\"\u003e#7724\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eEnabled\u003c/code\u003e method to all synchronous instrument interfaces (\u003ccode\u003eFloat64Counter\u003c/code\u003e, \u003ccode\u003eFloat64UpDownCounter\u003c/code\u003e, \u003ccode\u003eFloat64Histogram\u003c/code\u003e, \u003ccode\u003eFloat64Gauge\u003c/code\u003e, \u003ccode\u003eInt64Counter\u003c/code\u003e, \u003ccode\u003eInt64UpDownCounter\u003c/code\u003e, \u003ccode\u003eInt64Histogram\u003c/code\u003e, \u003ccode\u003eInt64Gauge\u003c/code\u003e,) in \u003ccode\u003ego.opentelemetry.io/otel/metric\u003c/code\u003e.\nThis stabilizes the synchronous instrument enabled feature, allowing users to check if an instrument will process measurements before performing computationally expensive operations. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7763\"\u003e#7763\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003ego.opentelemetry.io/otel/semconv/v1.39.0\u003c/code\u003e package.\nThe package contains semantic conventions from the \u003ccode\u003ev1.39.0\u003c/code\u003e version of the OpenTelemetry Semantic Conventions.\nSee the \u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/blob/main/semconv/v1.39.0/MIGRATION.md\"\u003emigration documentation\u003c/a\u003e for information on how to upgrade from \u003ccode\u003ego.opentelemetry.io/otel/semconv/v1.38.0.\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7783\"\u003e#7783\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7789\"\u003e#7789\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eImprove the concurrent performance of \u003ccode\u003eHistogramReservoir\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/sdk/metric/exemplar\u003c/code\u003e by 4x. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7443\"\u003e#7443\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImprove the concurrent performance of \u003ccode\u003eFixedSizeReservoir\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/sdk/metric/exemplar\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7447\"\u003e#7447\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImprove performance of concurrent histogram measurements in \u003ccode\u003ego.opentelemetry.io/otel/sdk/metric\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7474\"\u003e#7474\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImprove performance of concurrent synchronous gauge measurements in \u003ccode\u003ego.opentelemetry.io/otel/sdk/metric\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7478\"\u003e#7478\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd experimental observability metrics in \u003ccode\u003ego.opentelemetry.io/otel/exporters/stdout/stdoutmetric\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7492\"\u003e#7492\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eExporter\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/exporters/prometheus\u003c/code\u003e ignores metrics with the scope \u003ccode\u003ego.opentelemetry.io/contrib/bridges/prometheus\u003c/code\u003e.\nThis prevents scrape failures when the Prometheus exporter is misconfigured to get data from the Prometheus bridge. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7688\"\u003e#7688\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImprove performance of concurrent exponential histogram measurements in \u003ccode\u003ego.opentelemetry.io/otel/sdk/metric\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7702\"\u003e#7702\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003erpc.grpc.status_code\u003c/code\u003e attribute in the experimental metrics emitted from \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc\u003c/code\u003e is replaced with the \u003ccode\u003erpc.response.status_code\u003c/code\u003e attribute to align with the semantic conventions. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7854\"\u003e#7854\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003erpc.grpc.status_code\u003c/code\u003e attribute in the experimental metrics emitted from \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc\u003c/code\u003e is replaced with the \u003ccode\u003erpc.response.status_code\u003c/code\u003e attribute to align with the semantic conventions. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7854\"\u003e#7854\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix bad log message when key-value pairs are dropped because of key duplication in \u003ccode\u003ego.opentelemetry.io/otel/sdk/log\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7662\"\u003e#7662\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eDroppedAttributes\u003c/code\u003e on \u003ccode\u003eRecord\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/sdk/log\u003c/code\u003e to not count the non-attribute key-value pairs dropped because of key duplication. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7662\"\u003e#7662\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eSetAttributes\u003c/code\u003e on \u003ccode\u003eRecord\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/sdk/log\u003c/code\u003e to not log that attributes are dropped when they are actually not dropped. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7662\"\u003e#7662\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix missing \u003ccode\u003erequest.GetBody\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp\u003c/code\u003e to correctly handle HTTP/2 \u003ccode\u003eGOAWAY\u003c/code\u003e frame. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7794\"\u003e#7794\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eWithHostID\u003c/code\u003e detector in \u003ccode\u003ego.opentelemetry.io/otel/sdk/resource\u003c/code\u003e to use full path for \u003ccode\u003eioreg\u003c/code\u003e command on Darwin (macOS). (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7818\"\u003e#7818\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/4575a9774dd9415ffc858dd34955493b0031065a\"\u003e\u003ccode\u003e4575a97\u003c/code\u003e\u003c/a\u003e Release 1.41.0/0.63.0/0.17.0/0.0.15 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7977\"\u003e#7977\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/66fc10d9dff9653c65bcca111b965137d06f09aa\"\u003e\u003ccode\u003e66fc10d\u003c/code\u003e\u003c/a\u003e fix: add error handling for insecure HTTP endpoints with TLS client configura...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/76e6eec88f186f06a0708b5620324d2b002d9a97\"\u003e\u003ccode\u003e76e6eec\u003c/code\u003e\u003c/a\u003e chore(deps): update github/codeql-action action to v4.32.5 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7980\"\u003e#7980\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/0d50f9008c8c93fe49a7caa45c88c30370479d27\"\u003e\u003ccode\u003e0d50f90\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Generate semconv/v1.40.0\u0026quot; (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7978\"\u003e#7978\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/c38a4a57c320b6098ca5c92f0a85201034780b1f\"\u003e\u003ccode\u003ec38a4a5\u003c/code\u003e\u003c/a\u003e Generate semconv/v1.40.0 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7929\"\u003e#7929\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/0f1a22484ec52d6beb1efdb0fa1b63a31e7405af\"\u003e\u003ccode\u003e0f1a224\u003c/code\u003e\u003c/a\u003e chore(deps): update module github.com/securego/gosec/v2 to v2.23.0 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7899\"\u003e#7899\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/c79ebf43eb1cff6dd76a33bb1549f2c082dab604\"\u003e\u003ccode\u003ec79ebf4\u003c/code\u003e\u003c/a\u003e chore(deps): update module github.com/daixiang0/gci to v0.14.0 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7973\"\u003e#7973\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/f75815746541d0d4ac84e1c5955bdcd1a2df2d7d\"\u003e\u003ccode\u003ef758157\u003c/code\u003e\u003c/a\u003e chore(deps): update module github.com/sonatard/noctx to v0.5.0 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7968\"\u003e#7968\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/92a11645724515630187def073ae39f1b6cb3c69\"\u003e\u003ccode\u003e92a1164\u003c/code\u003e\u003c/a\u003e fix(deps): update github.com/opentracing-contrib/go-grpc/test digest to d566b...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/3cd7c27e840ea3114115459db2e299a27fffaff8\"\u003e\u003ccode\u003e3cd7c27\u003c/code\u003e\u003c/a\u003e chore(deps): update module github.com/protonmail/go-crypto to v1.4.0 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7969\"\u003e#7969\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/compare/v1.38.0...v1.41.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `go.opentelemetry.io/otel/sdk` from 1.38.0 to 1.43.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md\"\u003ego.opentelemetry.io/otel/sdk's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[1.43.0/0.65.0/0.19.0] 2026-04-02\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eIsRandom\u003c/code\u003e and \u003ccode\u003eWithRandom\u003c/code\u003e on \u003ccode\u003eTraceFlags\u003c/code\u003e, and \u003ccode\u003eIsRandom\u003c/code\u003e on \u003ccode\u003eSpanContext\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/trace\u003c/code\u003e for \u003ca href=\"https://www.w3.org/TR/trace-context-2/#random-trace-id-flag\"\u003eW3C Trace Context Level 2 Random Trace ID Flag\u003c/a\u003e support. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8012\"\u003e#8012\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd service detection with \u003ccode\u003eWithService\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/sdk/resource\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7642\"\u003e#7642\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eDefaultWithContext\u003c/code\u003e and \u003ccode\u003eEnvironmentWithContext\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/sdk/resource\u003c/code\u003e to support plumbing \u003ccode\u003econtext.Context\u003c/code\u003e through default and environment detectors. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8051\"\u003e#8051\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport attributes with empty value (\u003ccode\u003eattribute.EMPTY\u003c/code\u003e) in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport attributes with empty value (\u003ccode\u003eattribute.EMPTY\u003c/code\u003e) in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport attributes with empty value (\u003ccode\u003eattribute.EMPTY\u003c/code\u003e) in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport attributes with empty value (\u003ccode\u003eattribute.EMPTY\u003c/code\u003e) in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport attributes with empty value (\u003ccode\u003eattribute.EMPTY\u003c/code\u003e) in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport attributes with empty value (\u003ccode\u003eattribute.EMPTY\u003c/code\u003e) in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport attributes with empty value (\u003ccode\u003eattribute.EMPTY\u003c/code\u003e) in \u003ccode\u003ego.opentelemetry.io/otel/sdk/metric/metricdata/metricdatatest\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd support for per-series start time tracking for cumulative metrics in \u003ccode\u003ego.opentelemetry.io/otel/sdk/metric\u003c/code\u003e.\nSet \u003ccode\u003eOTEL_GO_X_PER_SERIES_START_TIMESTAMPS=true\u003c/code\u003e to enable. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8060\"\u003e#8060\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eWithCardinalityLimitSelector\u003c/code\u003e for metric reader for configuring cardinality limits specific to the instrument kind. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7855\"\u003e#7855\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eIntroduce the \u003ccode\u003eEMPTY\u003c/code\u003e Type in \u003ccode\u003ego.opentelemetry.io/otel/attribute\u003c/code\u003e to reflect that an empty value is now a valid value, with \u003ccode\u003eINVALID\u003c/code\u003e remaining as a deprecated alias of \u003ccode\u003eEMPTY\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImprove slice handling in \u003ccode\u003ego.opentelemetry.io/otel/attribute\u003c/code\u003e to optimize short slice values with fixed-size fast paths. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8039\"\u003e#8039\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImprove performance of span metric recording in \u003ccode\u003ego.opentelemetry.io/otel/sdk/trace\u003c/code\u003e by returning early if self-observability is not enabled. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8067\"\u003e#8067\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImprove formatting of metric data diffs in \u003ccode\u003ego.opentelemetry.io/otel/sdk/metric/metricdata/metricdatatest\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8073\"\u003e#8073\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDeprecated\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDeprecate \u003ccode\u003eINVALID\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/attribute\u003c/code\u003e. Use \u003ccode\u003eEMPTY\u003c/code\u003e instead. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eReturn spec-compliant \u003ccode\u003eTraceIdRatioBased\u003c/code\u003e description. This is a breaking behavioral change, but it is necessary to\nmake the implementation \u003ca href=\"https://opentelemetry.io/docs/specs/otel/trace/sdk/#traceidratiobased\"\u003espec-compliant\u003c/a\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8027\"\u003e#8027\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix a race condition in \u003ccode\u003ego.opentelemetry.io/otel/sdk/metric\u003c/code\u003e where the lastvalue aggregation could collect the value 0 even when no zero-value measurements were recorded. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8056\"\u003e#8056\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eLimit HTTP response body to 4 MiB in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp\u003c/code\u003e to mitigate excessive memory usage caused by a misconfigured or malicious server.\nResponses exceeding the limit are treated as non-retryable errors. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8108\"\u003e#8108\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eLimit HTTP response body to 4 MiB in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp\u003c/code\u003e to mitigate excessive memory usage caused by a misconfigured or malicious server.\nResponses exceeding the limit are treated as non-retryable errors. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8108\"\u003e#8108\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eLimit HTTP response body to 4 MiB in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp\u003c/code\u003e to mitigate excessive memory usage caused by a misconfigured or malicious server.\nResponses exceeding the l...\n\n_Description has been truncated_\n\n---\n\n🔄 This PR updates Go module dependencies across 22 directories in the Kubernetes codebase, bumping 6 key packages including OpenTelemetry libraries, gRPC, and security-critical components to their latest versions.\n\n\u003cdetails\u003e\n\u003csummary\u003e🔍 \u003cstrong\u003eDetailed Analysis\u003c/strong\u003e\u003c/summary\u003e\n\n### Key Changes\n- **OpenTelemetry Updates**: Upgraded `go.opentelemetry.io/otel` from 1.38.0 to 1.41.0/1.43.0 and related SDK components, bringing performance improvements and new features like synchronous instrument enabled checks\n- **gRPC Security Update**: Updated `google.golang.org/grpc` from 1.75.0 to 1.79.3, including critical security fixes for authorization bypass vulnerabilities\n- **SPDY Stream Security Fix**: Bumped `github.com/moby/spdystream` from 0.5.0 to 0.5.1, addressing CVE-2026-35469 for memory amplification DoS protection\n- **Utility Libraries**: Minor updates to `github.com/go-viper/mapstructure/v2` (2.3.0→2.4.0) and `github.com/golang/glog` (1.2.2→1.2.4)\n\n### Technical Implementation\n```mermaid\nflowchart TD\n    A[Dependabot Scan] --\u003e B[22 Directories Analyzed]\n    B --\u003e C[6 Core Dependencies Identified]\n    C --\u003e D[Security Updates]\n    C --\u003e E[Performance Updates]\n    C --\u003e F[Feature Updates]\n    D --\u003e G[gRPC Auth Bypass Fix]\n    D --\u003e H[SPDY DoS Protection]\n    E --\u003e I[OpenTelemetry Performance]\n    F --\u003e J[New OTel Features]\n    G --\u003e K[go.mod Updates]\n    H --\u003e K\n    I --\u003e K\n    J --\u003e K\n    K --\u003e L[go.sum Regeneration]\n```\n\n### Impact\n- **Security Enhancement**: Addresses critical authorization bypass in gRPC and memory amplification DoS in SPDY stream parsing\n- **Performance Improvements**: OpenTelemetry updates provide 4x better concurrent performance for histogram reservoirs and optimized metric measurements\n- **Observability Features**: New synchronous instrument enabled checks and improved baggage handling with W3C specification compliance\n- **Maintenance**: Automated dependency management across the entire Kubernetes staging area ensures consistent versions and reduces technical debt\n\n\u003c/details\u003e\n\n_Created with [Palmier](https://www.palmier.io)_","html_url":"https://github.com/GlacierEQ/kubernetes/pull/10","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/GlacierEQ%2Fkubernetes/issues/10","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/10/packages"}},{"old_version":"0.5.0","new_version":"0.5.1","update_type":"patch","path":null,"pr_created_at":"2026-04-23T00:15:46.000Z","version_change":"0.5.0 → 0.5.1","issue":{"uuid":"4312535806","node_id":"PR_kwDOHuLMr87UzOpY","number":552,"state":"closed","title":"chore(deps): bump the go_modules group across 1 directory with 2 updates","user":"dependabot[bot]","labels":["dependencies","go"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":"2026-04-23T20:26:57.000Z","author_association":null,"state_reason":null,"created_at":"2026-04-23T00:15:46.000Z","updated_at":"2026-04-23T20:27:08.000Z","time_to_close":72671,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"go_modules","update_count":2,"packages":[{"name":"github.com/jackc/pgx/v5","old_version":"5.7.4","new_version":"5.9.2","repository_url":"https://github.com/jackc/pgx"},{"name":"github.com/moby/spdystream","old_version":"0.5.0","new_version":"0.5.1","repository_url":"https://github.com/moby/spdystream"}],"path":null,"ecosystem":"go"},"body":"Bumps the go_modules group with 2 updates in the /tests directory: [github.com/jackc/pgx/v5](https://github.com/jackc/pgx) and [github.com/moby/spdystream](https://github.com/moby/spdystream).\n\nUpdates `github.com/jackc/pgx/v5` from 5.7.4 to 5.9.2\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jackc/pgx/blob/master/CHANGELOG.md\"\u003egithub.com/jackc/pgx/v5's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e5.9.2 (April 18, 2026)\u003c/h1\u003e\n\u003cp\u003eFix SQL Injection via placeholder confusion with dollar quoted string literals (GHSA-j88v-2chj-qfwx)\u003c/p\u003e\n\u003cp\u003eSQL injection can occur when:\u003c/p\u003e\n\u003col\u003e\n\u003cli\u003eThe non-default simple protocol is used.\u003c/li\u003e\n\u003cli\u003eA dollar quoted string literal is used in the SQL query.\u003c/li\u003e\n\u003cli\u003eThat query contains text that would be would be interpreted outside as a placeholder outside of a string literal.\u003c/li\u003e\n\u003cli\u003eThe value of that placeholder is controllable by the attacker.\u003c/li\u003e\n\u003c/ol\u003e\n\u003cp\u003ee.g.\u003c/p\u003e\n\u003cpre lang=\"go\"\u003e\u003ccode\u003eattackValue := `$tag$; drop table canary; --`\n_, err = tx.Exec(ctx, `select $tag$ $1 $tag$, $1`, pgx.QueryExecModeSimpleProtocol, attackValue)\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eThis is unlikely to occur outside of a contrived scenario.\u003c/p\u003e\n\u003ch1\u003e5.9.1 (March 22, 2026)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFix: batch result format corruption when using cached prepared statements (reported by Dirkjan Bussink)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e5.9.0 (March 21, 2026)\u003c/h1\u003e\n\u003cp\u003eThis release includes a number of new features such as SCRAM-SHA-256-PLUS support, OAuth authentication support, and\nPostgreSQL protocol 3.2 support.\u003c/p\u003e\n\u003cp\u003eIt significantly reduces the amount of network traffic when using prepared statements (which are used automatically by\ndefault) by avoiding unnecessary Describe Portal messages. This also reduces local memory usage.\u003c/p\u003e\n\u003cp\u003eIt also includes multiple fixes for potential DoS due to panic or OOM if connected to a malicious server that sends\ndeliberately malformed messages.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eRequire Go 1.25+\u003c/li\u003e\n\u003cli\u003eAdd SCRAM-SHA-256-PLUS support (Adam Brightwell)\u003c/li\u003e\n\u003cli\u003eAdd OAuth authentication support for PostgreSQL 18 (David Schneider)\u003c/li\u003e\n\u003cli\u003eAdd PostgreSQL protocol 3.2 support (Dirkjan Bussink)\u003c/li\u003e\n\u003cli\u003eAdd tsvector type support (Adam Brightwell)\u003c/li\u003e\n\u003cli\u003eSkip Describe Portal for cached prepared statements reducing network round trips\u003c/li\u003e\n\u003cli\u003eMake LoadTypes query easier to support on \u0026quot;postgres-like\u0026quot; servers (Jelte Fennema-Nio)\u003c/li\u003e\n\u003cli\u003eDefault empty user to current OS user matching libpq behavior (ShivangSrivastava)\u003c/li\u003e\n\u003cli\u003eOptimize LRU statement cache with custom linked list and node pooling (Mathias Bogaert)\u003c/li\u003e\n\u003cli\u003eOptimize date scanning by replacing regex with manual parsing (Mathias Bogaert)\u003c/li\u003e\n\u003cli\u003eOptimize pgio append/set functions with direct byte shifts (Mathias Bogaert)\u003c/li\u003e\n\u003cli\u003eMake RowsAffected faster (Abhishek Chanda)\u003c/li\u003e\n\u003cli\u003eFix: Pipeline.Close panic when server sends multiple FATAL errors (Varun Chawla)\u003c/li\u003e\n\u003cli\u003eFix: ContextWatcher goroutine leak (Hank Donnay)\u003c/li\u003e\n\u003cli\u003eFix: stdlib discard connections with open transactions in ResetSession (Jeremy Schneider)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jackc/pgx/commit/0aeabbcf11d859229c1f0b20e710d3596c76bf27\"\u003e\u003ccode\u003e0aeabbc\u003c/code\u003e\u003c/a\u003e Release v5.9.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jackc/pgx/commit/60644f84918a8af66d14a4b0d865d4edafd955da\"\u003e\u003ccode\u003e60644f8\u003c/code\u003e\u003c/a\u003e Fix SQL sanitizer bugs with dollar-quoted strings and placeholder overflow\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jackc/pgx/commit/a5680bc945aa7c6ebac2778d859ee7b4ba86db60\"\u003e\u003ccode\u003ea5680bc\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/jackc/pgx/issues/2531\"\u003e#2531\u003c/a\u003e from dolmen-go/godoc-add-links\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jackc/pgx/commit/e34e4524007062710c6a4fb9c8655b75a486b5cd\"\u003e\u003ccode\u003ee34e452\u003c/code\u003e\u003c/a\u003e doc: Add godoc links\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jackc/pgx/commit/08c9bb1f0d8fa6cc10ed8c713e68b1baa64dfe2c\"\u003e\u003ccode\u003e08c9bb1\u003c/code\u003e\u003c/a\u003e Fix Stringer types encoded as text instead of numeric value in composite fields\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jackc/pgx/commit/96b4dbdfd0458cb425bf8454d292a23978872cc8\"\u003e\u003ccode\u003e96b4dbd\u003c/code\u003e\u003c/a\u003e Remove unstable test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jackc/pgx/commit/acf88e0065682e8948696d26fa6438669c4cabee\"\u003e\u003ccode\u003eacf88e0\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/jackc/pgx/issues/2526\"\u003e#2526\u003c/a\u003e from abrightwell/abrightwell-min-proto\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jackc/pgx/commit/2f81f1fc03bef99593e92c64ad9cac954c00e8e6\"\u003e\u003ccode\u003e2f81f1f\u003c/code\u003e\u003c/a\u003e Update \u003ccode\u003emax_protocol_version\u003c/code\u003e and \u003ccode\u003emin_protocol_version\u003c/code\u003e defaults\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jackc/pgx/commit/4e4eaedb47b7b3cfba0a1b0a9e6a3f015764f046\"\u003e\u003ccode\u003e4e4eaed\u003c/code\u003e\u003c/a\u003e Release v5.9.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jackc/pgx/commit/62731882651a90348febb43b2119b5f8bd9272de\"\u003e\u003ccode\u003e6273188\u003c/code\u003e\u003c/a\u003e Fix batch result format corruption when using cached prepared statements\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/jackc/pgx/compare/v5.7.4...v5.9.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/moby/spdystream` from 0.5.0 to 0.5.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/moby/spdystream/releases\"\u003egithub.com/moby/spdystream's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.5.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cp\u003eFix memory amplification in SPDY frame parsing leads to denial of service (\u003ca href=\"https://github.com/moby/spdystream/security/advisories/GHSA-pc3f-x583-g7j2\"\u003eCVE-2026-35469\u003c/a\u003e / \u003ca href=\"https://github.com/moby/spdystream/security/advisories/GHSA-pc3f-x583-g7j2\"\u003eGHSA-pc3f-x583-g7j2\u003c/a\u003e)\u003c/p\u003e\n\u003ch3\u003eChanges\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003espdy: fix duplicate license headers, add LICENSE, PATENTS, and update NOTICE \u003ca href=\"https://redirect.github.com/moby/spdystream/pull/106\"\u003emoby/spdystream#106\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: update actions and test against latest Go versions \u003ca href=\"https://redirect.github.com/moby/spdystream/pull/107\"\u003emoby/spdystream#107\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003euse ioutil.Discard for go1.13 compatibility \u003ca href=\"https://redirect.github.com/moby/spdystream/pull/109\"\u003emoby/spdystream#109\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/moby/spdystream/compare/v0.5.0...v0.5.1\"\u003ehttps://github.com/moby/spdystream/compare/v0.5.0...v0.5.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/c59e5d73daa301bde452ea77545bdf51e32554a2\"\u003e\u003ccode\u003ec59e5d7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/moby/spdystream/issues/109\"\u003e#109\u003c/a\u003e from thaJeztah/use_ioutil\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/2fd0155e904f1f9b834b8460e8fdb8522bb59f84\"\u003e\u003ccode\u003e2fd0155\u003c/code\u003e\u003c/a\u003e use ioutil.Discard for go1.13 compatibility\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/ef6121f62c730110bf5ae604a865a8613bfb787f\"\u003e\u003ccode\u003eef6121f\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/241cec95b8f02919845dc4758f1f5310fc886739\"\u003e\u003ccode\u003e241cec9\u003c/code\u003e\u003c/a\u003e compare with signed Int for 32-bit Arm\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/21c38640c8c8f43173b17e5bc6690a5fa25d6935\"\u003e\u003ccode\u003e21c3864\u003c/code\u003e\u003c/a\u003e Add options to customize limits\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/acf9b456d06816c5cf23bf3892e13441f947d5fd\"\u003e\u003ccode\u003eacf9b45\u003c/code\u003e\u003c/a\u003e spdy: update godoc for MaxDataLength\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/eb6360582bf1343f485ca87b76efc9e72b49d690\"\u003e\u003ccode\u003eeb63605\u003c/code\u003e\u003c/a\u003e spdy: limit header-size and header-count\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/2f21da42eaab90f03a82fb03d0de8e91eb1d0fc6\"\u003e\u003ccode\u003e2f21da4\u003c/code\u003e\u003c/a\u003e spdy: fix header block byte accounting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/5976b6612f07a27f2e9a4de875485defb43b5d50\"\u003e\u003ccode\u003e5976b66\u003c/code\u003e\u003c/a\u003e spdy: enforce 24-bit frame length limits\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/cf0ec5d0fe4dbb2f3525f733946e0d0ddbfd5b13\"\u003e\u003ccode\u003ecf0ec5d\u003c/code\u003e\u003c/a\u003e Guard against oversized SPDY frames\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/moby/spdystream/compare/v0.5.0...v0.5.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/voxel51/fiftyone-teams-app-deploy/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/voxel51/fiftyone-teams-app-deploy/pull/552","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/voxel51%2Ffiftyone-teams-app-deploy/issues/552","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/552/packages"}},{"old_version":"0.5.0","new_version":"0.5.1","update_type":"patch","path":"/test/integration","pr_created_at":"2026-04-22T14:29:56.000Z","version_change":"0.5.0 → 0.5.1","issue":{"uuid":"4309713879","node_id":"PR_kwDORsmrI87UqFN-","number":2,"state":"closed","title":"build(deps): Bump github.com/moby/spdystream from 0.5.0 to 0.5.1 in /test/integration","user":"dependabot[bot]","labels":["dependencies","go"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-08T23:38:32.000Z","author_association":null,"state_reason":null,"created_at":"2026-04-22T14:29:56.000Z","updated_at":"2026-05-08T23:38:34.000Z","time_to_close":1415316,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps): Bump","packages":[{"name":"github.com/moby/spdystream","old_version":"0.5.0","new_version":"0.5.1","repository_url":"https://github.com/moby/spdystream"}],"path":"/test/integration","ecosystem":"go"},"body":"Bumps [github.com/moby/spdystream](https://github.com/moby/spdystream) from 0.5.0 to 0.5.1.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/moby/spdystream/releases\"\u003egithub.com/moby/spdystream's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.5.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cp\u003eFix memory amplification in SPDY frame parsing leads to denial of service (\u003ca href=\"https://github.com/moby/spdystream/security/advisories/GHSA-pc3f-x583-g7j2\"\u003eCVE-2026-35469\u003c/a\u003e / \u003ca href=\"https://github.com/moby/spdystream/security/advisories/GHSA-pc3f-x583-g7j2\"\u003eGHSA-pc3f-x583-g7j2\u003c/a\u003e)\u003c/p\u003e\n\u003ch3\u003eChanges\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003espdy: fix duplicate license headers, add LICENSE, PATENTS, and update NOTICE \u003ca href=\"https://redirect.github.com/moby/spdystream/pull/106\"\u003emoby/spdystream#106\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: update actions and test against latest Go versions \u003ca href=\"https://redirect.github.com/moby/spdystream/pull/107\"\u003emoby/spdystream#107\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003euse ioutil.Discard for go1.13 compatibility \u003ca href=\"https://redirect.github.com/moby/spdystream/pull/109\"\u003emoby/spdystream#109\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/moby/spdystream/compare/v0.5.0...v0.5.1\"\u003ehttps://github.com/moby/spdystream/compare/v0.5.0...v0.5.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/c59e5d73daa301bde452ea77545bdf51e32554a2\"\u003e\u003ccode\u003ec59e5d7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/moby/spdystream/issues/109\"\u003e#109\u003c/a\u003e from thaJeztah/use_ioutil\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/2fd0155e904f1f9b834b8460e8fdb8522bb59f84\"\u003e\u003ccode\u003e2fd0155\u003c/code\u003e\u003c/a\u003e use ioutil.Discard for go1.13 compatibility\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/ef6121f62c730110bf5ae604a865a8613bfb787f\"\u003e\u003ccode\u003eef6121f\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/241cec95b8f02919845dc4758f1f5310fc886739\"\u003e\u003ccode\u003e241cec9\u003c/code\u003e\u003c/a\u003e compare with signed Int for 32-bit Arm\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/21c38640c8c8f43173b17e5bc6690a5fa25d6935\"\u003e\u003ccode\u003e21c3864\u003c/code\u003e\u003c/a\u003e Add options to customize limits\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/acf9b456d06816c5cf23bf3892e13441f947d5fd\"\u003e\u003ccode\u003eacf9b45\u003c/code\u003e\u003c/a\u003e spdy: update godoc for MaxDataLength\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/eb6360582bf1343f485ca87b76efc9e72b49d690\"\u003e\u003ccode\u003eeb63605\u003c/code\u003e\u003c/a\u003e spdy: limit header-size and header-count\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/2f21da42eaab90f03a82fb03d0de8e91eb1d0fc6\"\u003e\u003ccode\u003e2f21da4\u003c/code\u003e\u003c/a\u003e spdy: fix header block byte accounting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/5976b6612f07a27f2e9a4de875485defb43b5d50\"\u003e\u003ccode\u003e5976b66\u003c/code\u003e\u003c/a\u003e spdy: enforce 24-bit frame length limits\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/cf0ec5d0fe4dbb2f3525f733946e0d0ddbfd5b13\"\u003e\u003ccode\u003ecf0ec5d\u003c/code\u003e\u003c/a\u003e Guard against oversized SPDY frames\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/moby/spdystream/compare/v0.5.0...v0.5.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/moby/spdystream\u0026package-manager=go_modules\u0026previous-version=0.5.0\u0026new-version=0.5.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/eagle19900203-boop/flagd/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/eagle19900203-boop/flagd/pull/2","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/eagle19900203-boop%2Fflagd/issues/2","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/2/packages"}},{"old_version":"0.5.0","new_version":"0.5.1","update_type":"patch","path":"/deployment","pr_created_at":"2026-04-21T00:10:10.000Z","version_change":"0.5.0 → 0.5.1","issue":{"uuid":"4299428652","node_id":"PR_kwDOGWmxQ87UI1f6","number":1724,"state":"closed","title":"build(deps): bump github.com/moby/spdystream from 0.5.0 to 0.5.1 in /deployment","user":"dependabot[bot]","labels":["dependencies","go"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":"2026-04-21T23:40:25.000Z","author_association":null,"state_reason":null,"created_at":"2026-04-21T00:10:10.000Z","updated_at":"2026-04-21T23:40:27.000Z","time_to_close":84615,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps)","packages":[{"name":"github.com/moby/spdystream","old_version":"0.5.0","new_version":"0.5.1","repository_url":"https://github.com/moby/spdystream"}],"path":"/deployment","ecosystem":"go"},"body":"Bumps [github.com/moby/spdystream](https://github.com/moby/spdystream) from 0.5.0 to 0.5.1.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/moby/spdystream/releases\"\u003egithub.com/moby/spdystream's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.5.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cp\u003eFix memory amplification in SPDY frame parsing leads to denial of service (\u003ca href=\"https://github.com/moby/spdystream/security/advisories/GHSA-pc3f-x583-g7j2\"\u003eCVE-2026-35469\u003c/a\u003e / \u003ca href=\"https://github.com/moby/spdystream/security/advisories/GHSA-pc3f-x583-g7j2\"\u003eGHSA-pc3f-x583-g7j2\u003c/a\u003e)\u003c/p\u003e\n\u003ch3\u003eChanges\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003espdy: fix duplicate license headers, add LICENSE, PATENTS, and update NOTICE \u003ca href=\"https://redirect.github.com/moby/spdystream/pull/106\"\u003emoby/spdystream#106\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: update actions and test against latest Go versions \u003ca href=\"https://redirect.github.com/moby/spdystream/pull/107\"\u003emoby/spdystream#107\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003euse ioutil.Discard for go1.13 compatibility \u003ca href=\"https://redirect.github.com/moby/spdystream/pull/109\"\u003emoby/spdystream#109\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/moby/spdystream/compare/v0.5.0...v0.5.1\"\u003ehttps://github.com/moby/spdystream/compare/v0.5.0...v0.5.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/c59e5d73daa301bde452ea77545bdf51e32554a2\"\u003e\u003ccode\u003ec59e5d7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/moby/spdystream/issues/109\"\u003e#109\u003c/a\u003e from thaJeztah/use_ioutil\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/2fd0155e904f1f9b834b8460e8fdb8522bb59f84\"\u003e\u003ccode\u003e2fd0155\u003c/code\u003e\u003c/a\u003e use ioutil.Discard for go1.13 compatibility\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/ef6121f62c730110bf5ae604a865a8613bfb787f\"\u003e\u003ccode\u003eef6121f\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/241cec95b8f02919845dc4758f1f5310fc886739\"\u003e\u003ccode\u003e241cec9\u003c/code\u003e\u003c/a\u003e compare with signed Int for 32-bit Arm\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/21c38640c8c8f43173b17e5bc6690a5fa25d6935\"\u003e\u003ccode\u003e21c3864\u003c/code\u003e\u003c/a\u003e Add options to customize limits\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/acf9b456d06816c5cf23bf3892e13441f947d5fd\"\u003e\u003ccode\u003eacf9b45\u003c/code\u003e\u003c/a\u003e spdy: update godoc for MaxDataLength\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/eb6360582bf1343f485ca87b76efc9e72b49d690\"\u003e\u003ccode\u003eeb63605\u003c/code\u003e\u003c/a\u003e spdy: limit header-size and header-count\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/2f21da42eaab90f03a82fb03d0de8e91eb1d0fc6\"\u003e\u003ccode\u003e2f21da4\u003c/code\u003e\u003c/a\u003e spdy: fix header block byte accounting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/5976b6612f07a27f2e9a4de875485defb43b5d50\"\u003e\u003ccode\u003e5976b66\u003c/code\u003e\u003c/a\u003e spdy: enforce 24-bit frame length limits\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/cf0ec5d0fe4dbb2f3525f733946e0d0ddbfd5b13\"\u003e\u003ccode\u003ecf0ec5d\u003c/code\u003e\u003c/a\u003e Guard against oversized SPDY frames\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/moby/spdystream/compare/v0.5.0...v0.5.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/moby/spdystream\u0026package-manager=go_modules\u0026previous-version=0.5.0\u0026new-version=0.5.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/mikeyhodl/chainlink/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/mikeyhodl/chainlink/pull/1724","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/mikeyhodl%2Fchainlink/issues/1724","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/1724/packages"}},{"old_version":"0.5.0","new_version":"0.5.1","update_type":"patch","path":null,"pr_created_at":"2026-04-20T10:20:51.000Z","version_change":"0.5.0 → 0.5.1","issue":{"uuid":"4294926001","node_id":"PR_kwDOQuMk587T6ItP","number":102,"state":"closed","title":"chore(deps)(deps): bump github.com/moby/spdystream from 0.5.0 to 0.5.1","user":"dependabot[bot]","labels":[],"assignees":["eightynine01"],"locked":false,"comments_count":2,"pull_request":true,"closed_at":"2026-04-30T02:16:29.000Z","author_association":null,"state_reason":null,"created_at":"2026-04-20T10:20:51.000Z","updated_at":"2026-04-30T02:16:31.000Z","time_to_close":834938,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps)(deps)","packages":[{"name":"github.com/moby/spdystream","old_version":"0.5.0","new_version":"0.5.1","repository_url":"https://github.com/moby/spdystream"}],"path":null,"ecosystem":"go"},"body":"Bumps [github.com/moby/spdystream](https://github.com/moby/spdystream) from 0.5.0 to 0.5.1.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/moby/spdystream/releases\"\u003egithub.com/moby/spdystream's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.5.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cp\u003eFix memory amplification in SPDY frame parsing leads to denial of service (\u003ca href=\"https://github.com/moby/spdystream/security/advisories/GHSA-pc3f-x583-g7j2\"\u003eCVE-2026-35469\u003c/a\u003e / \u003ca href=\"https://github.com/moby/spdystream/security/advisories/GHSA-pc3f-x583-g7j2\"\u003eGHSA-pc3f-x583-g7j2\u003c/a\u003e)\u003c/p\u003e\n\u003ch3\u003eChanges\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003espdy: fix duplicate license headers, add LICENSE, PATENTS, and update NOTICE \u003ca href=\"https://redirect.github.com/moby/spdystream/pull/106\"\u003emoby/spdystream#106\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: update actions and test against latest Go versions \u003ca href=\"https://redirect.github.com/moby/spdystream/pull/107\"\u003emoby/spdystream#107\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003euse ioutil.Discard for go1.13 compatibility \u003ca href=\"https://redirect.github.com/moby/spdystream/pull/109\"\u003emoby/spdystream#109\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/moby/spdystream/compare/v0.5.0...v0.5.1\"\u003ehttps://github.com/moby/spdystream/compare/v0.5.0...v0.5.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/c59e5d73daa301bde452ea77545bdf51e32554a2\"\u003e\u003ccode\u003ec59e5d7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/moby/spdystream/issues/109\"\u003e#109\u003c/a\u003e from thaJeztah/use_ioutil\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/2fd0155e904f1f9b834b8460e8fdb8522bb59f84\"\u003e\u003ccode\u003e2fd0155\u003c/code\u003e\u003c/a\u003e use ioutil.Discard for go1.13 compatibility\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/ef6121f62c730110bf5ae604a865a8613bfb787f\"\u003e\u003ccode\u003eef6121f\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/241cec95b8f02919845dc4758f1f5310fc886739\"\u003e\u003ccode\u003e241cec9\u003c/code\u003e\u003c/a\u003e compare with signed Int for 32-bit Arm\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/21c38640c8c8f43173b17e5bc6690a5fa25d6935\"\u003e\u003ccode\u003e21c3864\u003c/code\u003e\u003c/a\u003e Add options to customize limits\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/acf9b456d06816c5cf23bf3892e13441f947d5fd\"\u003e\u003ccode\u003eacf9b45\u003c/code\u003e\u003c/a\u003e spdy: update godoc for MaxDataLength\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/eb6360582bf1343f485ca87b76efc9e72b49d690\"\u003e\u003ccode\u003eeb63605\u003c/code\u003e\u003c/a\u003e spdy: limit header-size and header-count\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/2f21da42eaab90f03a82fb03d0de8e91eb1d0fc6\"\u003e\u003ccode\u003e2f21da4\u003c/code\u003e\u003c/a\u003e spdy: fix header block byte accounting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/5976b6612f07a27f2e9a4de875485defb43b5d50\"\u003e\u003ccode\u003e5976b66\u003c/code\u003e\u003c/a\u003e spdy: enforce 24-bit frame length limits\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/cf0ec5d0fe4dbb2f3525f733946e0d0ddbfd5b13\"\u003e\u003ccode\u003ecf0ec5d\u003c/code\u003e\u003c/a\u003e Guard against oversized SPDY frames\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/moby/spdystream/compare/v0.5.0...v0.5.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e","html_url":"https://github.com/keiailab/mongodb-operator/pull/102","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/keiailab%2Fmongodb-operator/issues/102","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/102/packages"}},{"old_version":"0.5.0","new_version":"0.5.1","update_type":"patch","path":"/test/anp","pr_created_at":"2026-04-18T22:04:40.000Z","version_change":"0.5.0 → 0.5.1","issue":{"uuid":"4289300671","node_id":"PR_kwDOCo3boc7TpGQd","number":6648,"state":"open","title":"chore(deps): bump github.com/moby/spdystream from 0.5.0 to 0.5.1 in /test/anp","user":"dependabot[bot]","labels":["dependencies","go","size:XS"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-04-18T22:04:40.000Z","updated_at":"2026-04-18T22:10:54.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps)","packages":[{"name":"github.com/moby/spdystream","old_version":"0.5.0","new_version":"0.5.1","repository_url":"https://github.com/moby/spdystream"}],"path":"/test/anp","ecosystem":"go"},"body":"Bumps [github.com/moby/spdystream](https://github.com/moby/spdystream) from 0.5.0 to 0.5.1.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/moby/spdystream/releases\"\u003egithub.com/moby/spdystream's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.5.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003espdy: fix duplicate license headers, add LICENSE, PATENTS, and update NOTICE \u003ca href=\"https://redirect.github.com/moby/spdystream/pull/106\"\u003emoby/spdystream#106\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: update actions and test against latest Go versions \u003ca href=\"https://redirect.github.com/moby/spdystream/pull/107\"\u003emoby/spdystream#107\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003euse ioutil.Discard for go1.13 compatibility \u003ca href=\"https://redirect.github.com/moby/spdystream/pull/109\"\u003emoby/spdystream#109\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/moby/spdystream/compare/v0.5.0...v0.5.1\"\u003ehttps://github.com/moby/spdystream/compare/v0.5.0...v0.5.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/c59e5d73daa301bde452ea77545bdf51e32554a2\"\u003e\u003ccode\u003ec59e5d7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/moby/spdystream/issues/109\"\u003e#109\u003c/a\u003e from thaJeztah/use_ioutil\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/2fd0155e904f1f9b834b8460e8fdb8522bb59f84\"\u003e\u003ccode\u003e2fd0155\u003c/code\u003e\u003c/a\u003e use ioutil.Discard for go1.13 compatibility\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/ef6121f62c730110bf5ae604a865a8613bfb787f\"\u003e\u003ccode\u003eef6121f\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/241cec95b8f02919845dc4758f1f5310fc886739\"\u003e\u003ccode\u003e241cec9\u003c/code\u003e\u003c/a\u003e compare with signed Int for 32-bit Arm\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/21c38640c8c8f43173b17e5bc6690a5fa25d6935\"\u003e\u003ccode\u003e21c3864\u003c/code\u003e\u003c/a\u003e Add options to customize limits\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/acf9b456d06816c5cf23bf3892e13441f947d5fd\"\u003e\u003ccode\u003eacf9b45\u003c/code\u003e\u003c/a\u003e spdy: update godoc for MaxDataLength\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/eb6360582bf1343f485ca87b76efc9e72b49d690\"\u003e\u003ccode\u003eeb63605\u003c/code\u003e\u003c/a\u003e spdy: limit header-size and header-count\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/2f21da42eaab90f03a82fb03d0de8e91eb1d0fc6\"\u003e\u003ccode\u003e2f21da4\u003c/code\u003e\u003c/a\u003e spdy: fix header block byte accounting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/5976b6612f07a27f2e9a4de875485defb43b5d50\"\u003e\u003ccode\u003e5976b66\u003c/code\u003e\u003c/a\u003e spdy: enforce 24-bit frame length limits\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/cf0ec5d0fe4dbb2f3525f733946e0d0ddbfd5b13\"\u003e\u003ccode\u003ecf0ec5d\u003c/code\u003e\u003c/a\u003e Guard against oversized SPDY frames\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/moby/spdystream/compare/v0.5.0...v0.5.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/moby/spdystream\u0026package-manager=go_modules\u0026previous-version=0.5.0\u0026new-version=0.5.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/kubeovn/kube-ovn/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/kubeovn/kube-ovn/pull/6648","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/kubeovn%2Fkube-ovn/issues/6648","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/6648/packages"}},{"old_version":"0.5.0","new_version":"0.5.1","update_type":"patch","path":"/devenv","pr_created_at":"2026-04-18T03:13:21.000Z","version_change":"0.5.0 → 0.5.1","issue":{"uuid":"4286492584","node_id":"PR_kwDOGWmxQ87TglbB","number":1722,"state":"open","title":"build(deps): bump github.com/moby/spdystream from 0.5.0 to 0.5.1 in /devenv","user":"dependabot[bot]","labels":["dependencies","go"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-04-18T03:13:21.000Z","updated_at":"2026-04-22T00:10:07.189Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps)","packages":[{"name":"github.com/moby/spdystream","old_version":"0.5.0","new_version":"0.5.1","repository_url":"https://github.com/moby/spdystream"}],"path":"/devenv","ecosystem":"go"},"body":"Bumps [github.com/moby/spdystream](https://github.com/moby/spdystream) from 0.5.0 to 0.5.1.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/moby/spdystream/releases\"\u003egithub.com/moby/spdystream's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.5.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003espdy: fix duplicate license headers, add LICENSE, PATENTS, and update NOTICE \u003ca href=\"https://redirect.github.com/moby/spdystream/pull/106\"\u003emoby/spdystream#106\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: update actions and test against latest Go versions \u003ca href=\"https://redirect.github.com/moby/spdystream/pull/107\"\u003emoby/spdystream#107\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003euse ioutil.Discard for go1.13 compatibility \u003ca href=\"https://redirect.github.com/moby/spdystream/pull/109\"\u003emoby/spdystream#109\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/moby/spdystream/compare/v0.5.0...v0.5.1\"\u003ehttps://github.com/moby/spdystream/compare/v0.5.0...v0.5.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/c59e5d73daa301bde452ea77545bdf51e32554a2\"\u003e\u003ccode\u003ec59e5d7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/moby/spdystream/issues/109\"\u003e#109\u003c/a\u003e from thaJeztah/use_ioutil\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/2fd0155e904f1f9b834b8460e8fdb8522bb59f84\"\u003e\u003ccode\u003e2fd0155\u003c/code\u003e\u003c/a\u003e use ioutil.Discard for go1.13 compatibility\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/ef6121f62c730110bf5ae604a865a8613bfb787f\"\u003e\u003ccode\u003eef6121f\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/241cec95b8f02919845dc4758f1f5310fc886739\"\u003e\u003ccode\u003e241cec9\u003c/code\u003e\u003c/a\u003e compare with signed Int for 32-bit Arm\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/21c38640c8c8f43173b17e5bc6690a5fa25d6935\"\u003e\u003ccode\u003e21c3864\u003c/code\u003e\u003c/a\u003e Add options to customize limits\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/acf9b456d06816c5cf23bf3892e13441f947d5fd\"\u003e\u003ccode\u003eacf9b45\u003c/code\u003e\u003c/a\u003e spdy: update godoc for MaxDataLength\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/eb6360582bf1343f485ca87b76efc9e72b49d690\"\u003e\u003ccode\u003eeb63605\u003c/code\u003e\u003c/a\u003e spdy: limit header-size and header-count\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/2f21da42eaab90f03a82fb03d0de8e91eb1d0fc6\"\u003e\u003ccode\u003e2f21da4\u003c/code\u003e\u003c/a\u003e spdy: fix header block byte accounting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/5976b6612f07a27f2e9a4de875485defb43b5d50\"\u003e\u003ccode\u003e5976b66\u003c/code\u003e\u003c/a\u003e spdy: enforce 24-bit frame length limits\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/cf0ec5d0fe4dbb2f3525f733946e0d0ddbfd5b13\"\u003e\u003ccode\u003ecf0ec5d\u003c/code\u003e\u003c/a\u003e Guard against oversized SPDY frames\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/moby/spdystream/compare/v0.5.0...v0.5.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/moby/spdystream\u0026package-manager=go_modules\u0026previous-version=0.5.0\u0026new-version=0.5.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/mikeyhodl/chainlink/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/mikeyhodl/chainlink/pull/1722","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/mikeyhodl%2Fchainlink/issues/1722","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/1722/packages"}},{"old_version":"0.2.0","new_version":"0.5.1","update_type":"minor","path":null,"pr_created_at":"2026-04-17T22:48:05.000Z","version_change":"0.2.0 → 0.5.1","issue":{"uuid":"4285720329","node_id":"PR_kwDOKRBotc7TeDqD","number":20,"state":"open","title":"Bump github.com/moby/spdystream from 0.2.0 to 0.5.1","user":"dependabot[bot]","labels":["dependencies","go"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-04-17T22:48:05.000Z","updated_at":"2026-04-17T22:48:14.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"github.com/moby/spdystream","old_version":"0.2.0","new_version":"0.5.1","repository_url":"https://github.com/moby/spdystream"}],"path":null,"ecosystem":"go"},"body":"Bumps [github.com/moby/spdystream](https://github.com/moby/spdystream) from 0.2.0 to 0.5.1.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/moby/spdystream/releases\"\u003egithub.com/moby/spdystream's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.5.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003espdy: fix duplicate license headers, add LICENSE, PATENTS, and update NOTICE \u003ca href=\"https://redirect.github.com/moby/spdystream/pull/106\"\u003emoby/spdystream#106\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: update actions and test against latest Go versions \u003ca href=\"https://redirect.github.com/moby/spdystream/pull/107\"\u003emoby/spdystream#107\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003euse ioutil.Discard for go1.13 compatibility \u003ca href=\"https://redirect.github.com/moby/spdystream/pull/109\"\u003emoby/spdystream#109\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/moby/spdystream/compare/v0.5.0...v0.5.1\"\u003ehttps://github.com/moby/spdystream/compare/v0.5.0...v0.5.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e[v0.5.0] Avoid leaking timeout timer channels and update github actions\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eremove empty go.sum by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/moby/spdystream/pull/100\"\u003emoby/spdystream#100\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003egha: update actions and go versions  by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/moby/spdystream/pull/102\"\u003emoby/spdystream#102\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAvoid leaking goroutines on close by \u003ca href=\"https://github.com/liggitt\"\u003e\u003ccode\u003e@​liggitt\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/moby/spdystream/pull/101\"\u003emoby/spdystream#101\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/moby/spdystream/compare/v0.4.0...v0.5.0\"\u003ehttps://github.com/moby/spdystream/compare/v0.4.0...v0.5.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e[v0.4.0] fix goroutine leak and remove unused code\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAvoid 10 minute goroutine leak in error case for handled errors by \u003ca href=\"https://github.com/liggitt\"\u003e\u003ccode\u003e@​liggitt\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/moby/spdystream/pull/99\"\u003emoby/spdystream#99\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove unused websocket package by \u003ca href=\"https://github.com/dmcgowan\"\u003e\u003ccode\u003e@​dmcgowan\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/moby/spdystream/pull/98\"\u003emoby/spdystream#98\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/liggitt\"\u003e\u003ccode\u003e@​liggitt\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/moby/spdystream/pull/99\"\u003emoby/spdystream#99\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/moby/spdystream/compare/v0.3.0...v0.4.0\"\u003ehttps://github.com/moby/spdystream/compare/v0.3.0...v0.4.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e[v0.3.0] Release with fixes for a race condition\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003egha: update go versions by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/moby/spdystream/pull/90\"\u003emoby/spdystream#90\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix Ping data-race by \u003ca href=\"https://github.com/tigrato\"\u003e\u003ccode\u003e@​tigrato\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/moby/spdystream/pull/91\"\u003emoby/spdystream#91\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix unit test races (carry \u003ca href=\"https://redirect.github.com/moby/spdystream/issues/48\"\u003e#48\u003c/a\u003e) by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/moby/spdystream/pull/89\"\u003emoby/spdystream#89\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed data race in Stream.IsFInished()  by \u003ca href=\"https://github.com/code-qote\"\u003e\u003ccode\u003e@​code-qote\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/moby/spdystream/pull/96\"\u003emoby/spdystream#96\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tigrato\"\u003e\u003ccode\u003e@​tigrato\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/moby/spdystream/pull/91\"\u003emoby/spdystream#91\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/code-qote\"\u003e\u003ccode\u003e@​code-qote\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/moby/spdystream/pull/96\"\u003emoby/spdystream#96\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/moby/spdystream/compare/v0.2.0...v0.3.0\"\u003ehttps://github.com/moby/spdystream/compare/v0.2.0...v0.3.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/c59e5d73daa301bde452ea77545bdf51e32554a2\"\u003e\u003ccode\u003ec59e5d7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/moby/spdystream/issues/109\"\u003e#109\u003c/a\u003e from thaJeztah/use_ioutil\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/2fd0155e904f1f9b834b8460e8fdb8522bb59f84\"\u003e\u003ccode\u003e2fd0155\u003c/code\u003e\u003c/a\u003e use ioutil.Discard for go1.13 compatibility\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/ef6121f62c730110bf5ae604a865a8613bfb787f\"\u003e\u003ccode\u003eef6121f\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/241cec95b8f02919845dc4758f1f5310fc886739\"\u003e\u003ccode\u003e241cec9\u003c/code\u003e\u003c/a\u003e compare with signed Int for 32-bit Arm\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/21c38640c8c8f43173b17e5bc6690a5fa25d6935\"\u003e\u003ccode\u003e21c3864\u003c/code\u003e\u003c/a\u003e Add options to customize limits\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/acf9b456d06816c5cf23bf3892e13441f947d5fd\"\u003e\u003ccode\u003eacf9b45\u003c/code\u003e\u003c/a\u003e spdy: update godoc for MaxDataLength\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/eb6360582bf1343f485ca87b76efc9e72b49d690\"\u003e\u003ccode\u003eeb63605\u003c/code\u003e\u003c/a\u003e spdy: limit header-size and header-count\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/2f21da42eaab90f03a82fb03d0de8e91eb1d0fc6\"\u003e\u003ccode\u003e2f21da4\u003c/code\u003e\u003c/a\u003e spdy: fix header block byte accounting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/5976b6612f07a27f2e9a4de875485defb43b5d50\"\u003e\u003ccode\u003e5976b66\u003c/code\u003e\u003c/a\u003e spdy: enforce 24-bit frame length limits\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/cf0ec5d0fe4dbb2f3525f733946e0d0ddbfd5b13\"\u003e\u003ccode\u003ecf0ec5d\u003c/code\u003e\u003c/a\u003e Guard against oversized SPDY frames\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/moby/spdystream/compare/v0.2.0...v0.5.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/moby/spdystream\u0026package-manager=go_modules\u0026previous-version=0.2.0\u0026new-version=0.5.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/kluster-api/cluster-api/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/kluster-api/cluster-api/pull/20","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/kluster-api%2Fcluster-api/issues/20","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/20/packages"}},{"old_version":"0.5.0","new_version":"0.5.1","update_type":"patch","path":null,"pr_created_at":"2026-04-17T22:42:30.000Z","version_change":"0.5.0 → 0.5.1","issue":{"uuid":"4285700711","node_id":"PR_kwDOA_lnj87Td_kE","number":697,"state":"closed","title":"build(deps): bump the go_modules group across 1 directory with 3 updates","user":"dependabot[bot]","labels":["dependencies","go"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-04-22T00:35:28.000Z","author_association":null,"state_reason":null,"created_at":"2026-04-17T22:42:30.000Z","updated_at":"2026-04-22T00:35:30.000Z","time_to_close":352378,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps): bump","group_name":"go_modules","update_count":3,"packages":[{"name":"github.com/go-git/go-git/v5","old_version":"5.17.1","new_version":"5.18.0","repository_url":"https://github.com/go-git/go-git"},{"name":"github.com/jackc/pgx/v5","old_version":"5.8.0","new_version":"5.9.0","repository_url":"https://github.com/jackc/pgx"},{"name":"github.com/moby/spdystream","old_version":"0.5.0","new_version":"0.5.1","repository_url":"https://github.com/moby/spdystream"}],"path":null,"ecosystem":"go"},"body":"Bumps the go_modules group with 3 updates in the / directory: [github.com/go-git/go-git/v5](https://github.com/go-git/go-git), [github.com/jackc/pgx/v5](https://github.com/jackc/pgx) and [github.com/moby/spdystream](https://github.com/moby/spdystream).\n\nUpdates `github.com/go-git/go-git/v5` from 5.17.1 to 5.18.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/go-git/go-git/releases\"\u003egithub.com/go-git/go-git/v5's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.18.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eplumbing: transport/http, Add support for followRedirects policy by \u003ca href=\"https://github.com/pjbgf\"\u003e\u003ccode\u003e@​pjbgf\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-git/go-git/pull/2004\"\u003ego-git/go-git#2004\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/go-git/go-git/compare/v5.17.2...v5.18.0\"\u003ehttps://github.com/go-git/go-git/compare/v5.17.2...v5.18.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.17.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ebuild: Update module github.com/go-git/go-git/v5 to v5.17.1 [SECURITY] (releases/v5.x) by \u003ca href=\"https://github.com/go-git-renovate\"\u003e\u003ccode\u003e@​go-git-renovate\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/go-git/go-git/pull/1941\"\u003ego-git/go-git#1941\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edotgit: skip writing pack files that already exist on disk by \u003ca href=\"https://github.com/pjbgf\"\u003e\u003ccode\u003e@​pjbgf\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-git/go-git/pull/1944\"\u003ego-git/go-git#1944\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e:warning: This release fixes a bug (\u003ca href=\"https://redirect.github.com/go-git/go-git/issues/1942\"\u003ego-git/go-git#1942\u003c/a\u003e) that blocked some users from upgrading to \u003ccode\u003ev5.17.1\u003c/code\u003e. Thanks \u003ca href=\"https://github.com/pskrbasu\"\u003e\u003ccode\u003e@​pskrbasu\u003c/code\u003e\u003c/a\u003e for reporting it. :bow:\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/go-git/go-git/compare/v5.17.1...v5.17.2\"\u003ehttps://github.com/go-git/go-git/compare/v5.17.1...v5.17.2\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-git/go-git/commit/ea3e7ec9dfc54f577a01afb4dd601c0284604264\"\u003e\u003ccode\u003eea3e7ec\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/go-git/go-git/issues/2004\"\u003e#2004\u003c/a\u003e from go-git/v5-http-hardening\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-git/go-git/commit/bcd20a9c525826081262a06a9ed9c3167abfcd53\"\u003e\u003ccode\u003ebcd20a9\u003c/code\u003e\u003c/a\u003e plumbing: transport/http, Add support for followRedirects policy\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-git/go-git/commit/45ae193b3a60aa8ec8a3e373f7265a7819473d5f\"\u003e\u003ccode\u003e45ae193\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/go-git/go-git/issues/1944\"\u003e#1944\u003c/a\u003e from go-git/fix-perms\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-git/go-git/commit/fda4f7464b597ff33d2dea1c026482a5e900037c\"\u003e\u003ccode\u003efda4f74\u003c/code\u003e\u003c/a\u003e storage: filesystem/dotgit, Skip writing pack files that already exist on disk\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-git/go-git/commit/2212dc7caeb2a389fe2129923811ef63f75a557a\"\u003e\u003ccode\u003e2212dc7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/go-git/go-git/issues/1941\"\u003e#1941\u003c/a\u003e from go-git/renovate/releases/v5.x-go-github.com-go-...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-git/go-git/commit/ebb2d7da7f5d5aebeaa0b5e13276d72d602c1ae3\"\u003e\u003ccode\u003eebb2d7d\u003c/code\u003e\u003c/a\u003e build: Update module github.com/go-git/go-git/v5 to v5.17.1 [SECURITY]\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/go-git/go-git/compare/v5.17.1...v5.18.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/jackc/pgx/v5` from 5.8.0 to 5.9.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jackc/pgx/blob/master/CHANGELOG.md\"\u003egithub.com/jackc/pgx/v5's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e5.9.0 (March 21, 2026)\u003c/h1\u003e\n\u003cp\u003eThis release includes a number of new features such as SCRAM-SHA-256-PLUS support, OAuth authentication support, and\nPostgreSQL protocol 3.2 support.\u003c/p\u003e\n\u003cp\u003eIt significantly reduces the amount of network traffic when using prepared statements (which are used automatically by\ndefault) by avoiding unnecessary Describe Portal messages. This also reduces local memory usage.\u003c/p\u003e\n\u003cp\u003eIt also includes multiple fixes for potential DoS due to panic or OOM if connected to a malicious server that sends\ndeliberately malformed messages.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eRequire Go 1.25+\u003c/li\u003e\n\u003cli\u003eAdd SCRAM-SHA-256-PLUS support (Adam Brightwell)\u003c/li\u003e\n\u003cli\u003eAdd OAuth authentication support for PostgreSQL 18 (David Schneider)\u003c/li\u003e\n\u003cli\u003eAdd PostgreSQL protocol 3.2 support (Dirkjan Bussink)\u003c/li\u003e\n\u003cli\u003eAdd tsvector type support (Adam Brightwell)\u003c/li\u003e\n\u003cli\u003eSkip Describe Portal for cached prepared statements reducing network round trips\u003c/li\u003e\n\u003cli\u003eMake LoadTypes query easier to support on \u0026quot;postgres-like\u0026quot; servers (Jelte Fennema-Nio)\u003c/li\u003e\n\u003cli\u003eDefault empty user to current OS user matching libpq behavior (ShivangSrivastava)\u003c/li\u003e\n\u003cli\u003eOptimize LRU statement cache with custom linked list and node pooling (Mathias Bogaert)\u003c/li\u003e\n\u003cli\u003eOptimize date scanning by replacing regex with manual parsing (Mathias Bogaert)\u003c/li\u003e\n\u003cli\u003eOptimize pgio append/set functions with direct byte shifts (Mathias Bogaert)\u003c/li\u003e\n\u003cli\u003eMake RowsAffected faster (Abhishek Chanda)\u003c/li\u003e\n\u003cli\u003eFix: Pipeline.Close panic when server sends multiple FATAL errors (Varun Chawla)\u003c/li\u003e\n\u003cli\u003eFix: ContextWatcher goroutine leak (Hank Donnay)\u003c/li\u003e\n\u003cli\u003eFix: stdlib discard connections with open transactions in ResetSession (Jeremy Schneider)\u003c/li\u003e\n\u003cli\u003eFix: pipelineBatchResults.Exec silently swallowing lastRows error\u003c/li\u003e\n\u003cli\u003eFix: ColumnTypeLength using BPCharArrayOID instead of BPCharOID\u003c/li\u003e\n\u003cli\u003eFix: TSVector text encoding returning nil for valid empty tsvector\u003c/li\u003e\n\u003cli\u003eFix: wrong error messages for Int2 and Int4 underflow\u003c/li\u003e\n\u003cli\u003eFix: Numeric nil Int pointer dereference with Valid: true\u003c/li\u003e\n\u003cli\u003eFix: reversed strings.ContainsAny arguments in Numeric.ScanScientific\u003c/li\u003e\n\u003cli\u003eFix: message length parsing on 32-bit platforms\u003c/li\u003e\n\u003cli\u003eFix: FunctionCallResponse.Decode mishandling of signed result size\u003c/li\u003e\n\u003cli\u003eFix: returning wrong error in configTLS when DecryptPEMBlock fails (Maxim Motyshen)\u003c/li\u003e\n\u003cli\u003eFix: misleading ParseConfig error when default_query_exec_mode is invalid (Skarm)\u003c/li\u003e\n\u003cli\u003eFix: missed Unwatch in Pipeline error paths\u003c/li\u003e\n\u003cli\u003eClarify too many failed acquire attempts error message\u003c/li\u003e\n\u003cli\u003eBetter error wrapping with context and SQL statement (Aneesh Makala)\u003c/li\u003e\n\u003cli\u003eEnable govet and ineffassign linters (Federico Guerinoni)\u003c/li\u003e\n\u003cli\u003eGuard against various malformed binary messages (arrays, hstore, multirange, protocol messages)\u003c/li\u003e\n\u003cli\u003eFix various godoc comments (ferhat elmas)\u003c/li\u003e\n\u003cli\u003eFix typos in comments (Oleksandr Redko)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jackc/pgx/commit/b4d8e62b6616d0c09c5021500363de0c56e01631\"\u003e\u003ccode\u003eb4d8e62\u003c/code\u003e\u003c/a\u003e Release v5.9.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jackc/pgx/commit/c227cd4f76fa2b1a47c0156621e05c076f4cf5c9\"\u003e\u003ccode\u003ec227cd4\u003c/code\u003e\u003c/a\u003e Bump minimum Go version from 1.24 to 1.25\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jackc/pgx/commit/f492c14836d7d442e8103b09f2c0c74a80c56347\"\u003e\u003ccode\u003ef492c14\u003c/code\u003e\u003c/a\u003e Use reflect.TypeFor instead of reflect.TypeOf for static types\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jackc/pgx/commit/ad8fb08d3f1a36c0e475c9f80dc9bb19d075d8e2\"\u003e\u003ccode\u003ead8fb08\u003c/code\u003e\u003c/a\u003e Use sync.WaitGroup.Go to simplify goroutine spawning\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jackc/pgx/commit/303377376df43ba3d1a99728eaa9f9a6bcaab767\"\u003e\u003ccode\u003e3033773\u003c/code\u003e\u003c/a\u003e Remove go1.26 build tag from synctest test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jackc/pgx/commit/83ffb3c2220737cf11c7dd88c80be9166753102f\"\u003e\u003ccode\u003e83ffb3c\u003c/code\u003e\u003c/a\u003e Validate multirange element count against source length before allocating\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jackc/pgx/commit/828f2147a2d4355e5cf4beac0f542f9c6bbd6709\"\u003e\u003ccode\u003e828f214\u003c/code\u003e\u003c/a\u003e Fix message length parsing on 32-bit platforms\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jackc/pgx/commit/e196a39add04a887b20a0aac58b7be333273a03a\"\u003e\u003ccode\u003ee196a39\u003c/code\u003e\u003c/a\u003e Add fuzz test for SQL lexer in sanitize package\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jackc/pgx/commit/7f969f8da50be0dba69f509f9a30f1084d0feabf\"\u003e\u003ccode\u003e7f969f8\u003c/code\u003e\u003c/a\u003e Rename TraceQueryute to traceExecute\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jackc/pgx/commit/ab523919740a5d83f7613adc3604192f5f653bc4\"\u003e\u003ccode\u003eab52391\u003c/code\u003e\u003c/a\u003e Use single Stat snapshot in checkMinConns\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/jackc/pgx/compare/v5.8.0...v5.9.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/moby/spdystream` from 0.5.0 to 0.5.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/moby/spdystream/releases\"\u003egithub.com/moby/spdystream's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.5.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003espdy: fix duplicate license headers, add LICENSE, PATENTS, and update NOTICE \u003ca href=\"https://redirect.github.com/moby/spdystream/pull/106\"\u003emoby/spdystream#106\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: update actions and test against latest Go versions \u003ca href=\"https://redirect.github.com/moby/spdystream/pull/107\"\u003emoby/spdystream#107\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003euse ioutil.Discard for go1.13 compatibility \u003ca href=\"https://redirect.github.com/moby/spdystream/pull/109\"\u003emoby/spdystream#109\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/moby/spdystream/compare/v0.5.0...v0.5.1\"\u003ehttps://github.com/moby/spdystream/compare/v0.5.0...v0.5.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/c59e5d73daa301bde452ea77545bdf51e32554a2\"\u003e\u003ccode\u003ec59e5d7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/moby/spdystream/issues/109\"\u003e#109\u003c/a\u003e from thaJeztah/use_ioutil\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/2fd0155e904f1f9b834b8460e8fdb8522bb59f84\"\u003e\u003ccode\u003e2fd0155\u003c/code\u003e\u003c/a\u003e use ioutil.Discard for go1.13 compatibility\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/ef6121f62c730110bf5ae604a865a8613bfb787f\"\u003e\u003ccode\u003eef6121f\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/241cec95b8f02919845dc4758f1f5310fc886739\"\u003e\u003ccode\u003e241cec9\u003c/code\u003e\u003c/a\u003e compare with signed Int for 32-bit Arm\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/21c38640c8c8f43173b17e5bc6690a5fa25d6935\"\u003e\u003ccode\u003e21c3864\u003c/code\u003e\u003c/a\u003e Add options to customize limits\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/acf9b456d06816c5cf23bf3892e13441f947d5fd\"\u003e\u003ccode\u003eacf9b45\u003c/code\u003e\u003c/a\u003e spdy: update godoc for MaxDataLength\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/eb6360582bf1343f485ca87b76efc9e72b49d690\"\u003e\u003ccode\u003eeb63605\u003c/code\u003e\u003c/a\u003e spdy: limit header-size and header-count\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/2f21da42eaab90f03a82fb03d0de8e91eb1d0fc6\"\u003e\u003ccode\u003e2f21da4\u003c/code\u003e\u003c/a\u003e spdy: fix header block byte accounting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/5976b6612f07a27f2e9a4de875485defb43b5d50\"\u003e\u003ccode\u003e5976b66\u003c/code\u003e\u003c/a\u003e spdy: enforce 24-bit frame length limits\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/cf0ec5d0fe4dbb2f3525f733946e0d0ddbfd5b13\"\u003e\u003ccode\u003ecf0ec5d\u003c/code\u003e\u003c/a\u003e Guard against oversized SPDY frames\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/moby/spdystream/compare/v0.5.0...v0.5.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/replicatedhq/replicated/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/replicatedhq/replicated/pull/697","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/replicatedhq%2Freplicated/issues/697","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/697/packages"}},{"old_version":"0.5.0","new_version":"0.5.1","update_type":"patch","path":"/packages/autorag/bff","pr_created_at":"2026-04-17T17:10:37.000Z","version_change":"0.5.0 → 0.5.1","issue":{"uuid":"4284189731","node_id":"PR_kwDOEAWiEc7TZH1w","number":7303,"state":"open","title":"chore(deps): bump github.com/moby/spdystream from 0.5.0 to 0.5.1 in /packages/autorag/bff","user":"dependabot[bot]","labels":["dependencies","needs-ok-to-test","go","area/autorag","area/components"],"assignees":[],"locked":false,"comments_count":3,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-04-17T17:10:37.000Z","updated_at":"2026-04-21T21:58:48.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps)","packages":[{"name":"github.com/moby/spdystream","old_version":"0.5.0","new_version":"0.5.1","repository_url":"https://github.com/moby/spdystream"}],"path":"/packages/autorag/bff","ecosystem":"go"},"body":"Bumps [github.com/moby/spdystream](https://github.com/moby/spdystream) from 0.5.0 to 0.5.1.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/moby/spdystream/releases\"\u003egithub.com/moby/spdystream's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.5.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003espdy: fix duplicate license headers, add LICENSE, PATENTS, and update NOTICE \u003ca href=\"https://redirect.github.com/moby/spdystream/pull/106\"\u003emoby/spdystream#106\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: update actions and test against latest Go versions \u003ca href=\"https://redirect.github.com/moby/spdystream/pull/107\"\u003emoby/spdystream#107\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003euse ioutil.Discard for go1.13 compatibility \u003ca href=\"https://redirect.github.com/moby/spdystream/pull/109\"\u003emoby/spdystream#109\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/moby/spdystream/compare/v0.5.0...v0.5.1\"\u003ehttps://github.com/moby/spdystream/compare/v0.5.0...v0.5.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/c59e5d73daa301bde452ea77545bdf51e32554a2\"\u003e\u003ccode\u003ec59e5d7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/moby/spdystream/issues/109\"\u003e#109\u003c/a\u003e from thaJeztah/use_ioutil\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/2fd0155e904f1f9b834b8460e8fdb8522bb59f84\"\u003e\u003ccode\u003e2fd0155\u003c/code\u003e\u003c/a\u003e use ioutil.Discard for go1.13 compatibility\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/ef6121f62c730110bf5ae604a865a8613bfb787f\"\u003e\u003ccode\u003eef6121f\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/241cec95b8f02919845dc4758f1f5310fc886739\"\u003e\u003ccode\u003e241cec9\u003c/code\u003e\u003c/a\u003e compare with signed Int for 32-bit Arm\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/21c38640c8c8f43173b17e5bc6690a5fa25d6935\"\u003e\u003ccode\u003e21c3864\u003c/code\u003e\u003c/a\u003e Add options to customize limits\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/acf9b456d06816c5cf23bf3892e13441f947d5fd\"\u003e\u003ccode\u003eacf9b45\u003c/code\u003e\u003c/a\u003e spdy: update godoc for MaxDataLength\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/eb6360582bf1343f485ca87b76efc9e72b49d690\"\u003e\u003ccode\u003eeb63605\u003c/code\u003e\u003c/a\u003e spdy: limit header-size and header-count\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/2f21da42eaab90f03a82fb03d0de8e91eb1d0fc6\"\u003e\u003ccode\u003e2f21da4\u003c/code\u003e\u003c/a\u003e spdy: fix header block byte accounting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/5976b6612f07a27f2e9a4de875485defb43b5d50\"\u003e\u003ccode\u003e5976b66\u003c/code\u003e\u003c/a\u003e spdy: enforce 24-bit frame length limits\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/cf0ec5d0fe4dbb2f3525f733946e0d0ddbfd5b13\"\u003e\u003ccode\u003ecf0ec5d\u003c/code\u003e\u003c/a\u003e Guard against oversized SPDY frames\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/moby/spdystream/compare/v0.5.0...v0.5.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/moby/spdystream\u0026package-manager=go_modules\u0026previous-version=0.5.0\u0026new-version=0.5.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/opendatahub-io/odh-dashboard/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/opendatahub-io/odh-dashboard/pull/7303","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/opendatahub-io%2Fodh-dashboard/issues/7303","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/7303/packages"}},{"old_version":"0.2.0","new_version":"0.5.1","update_type":"minor","path":null,"pr_created_at":"2026-04-17T08:06:40.000Z","version_change":"0.2.0 → 0.5.1","issue":{"uuid":"4281117277","node_id":"PR_kwDOKLUTNs7TPLh6","number":97,"state":"open","title":"feat(deps): bump the gomod-deps group with 22 updates","user":"dependabot[bot]","labels":[],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-04-17T08:06:40.000Z","updated_at":"2026-04-17T08:06:41.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"feat(deps): bump","group_name":"gomod-deps","update_count":22,"packages":[{"name":"github.com/evanphx/json-patch","old_version":"5.6.0+incompatible","new_version":"5.9.11+incompatible","repository_url":"https://github.com/evanphx/json-patch"},{"name":"github.com/gin-gonic/gin","old_version":"1.9.1","new_version":"1.12.0","repository_url":"https://github.com/gin-gonic/gin"},{"name":"github.com/go-playground/validator/v10","old_version":"10.15.1","new_version":"10.30.1","repository_url":"https://github.com/go-playground/validator"},{"name":"github.com/google/go-cmp","old_version":"0.5.9","new_version":"0.7.0","repository_url":"https://github.com/google/go-cmp"},{"name":"github.com/google/uuid","old_version":"1.3.1","new_version":"1.6.0","repository_url":"https://github.com/google/uuid"},{"name":"github.com/moby/spdystream","old_version":"0.2.0","new_version":"0.5.1","repository_url":"https://github.com/moby/spdystream"},{"name":"github.com/moby/term","old_version":"0.5.0","new_version":"0.5.2","repository_url":"https://github.com/moby/term"},{"name":"github.com/sony/sonyflake","old_version":"1.2.0","new_version":"1.3.0","repository_url":"https://github.com/sony/sonyflake"},{"name":"github.com/spf13/pflag","old_version":"1.0.5","new_version":"1.0.10","repository_url":"https://github.com/spf13/pflag"},{"name":"github.com/stretchr/testify","old_version":"1.8.4","new_version":"1.11.1","repository_url":"https://github.com/stretchr/testify"},{"name":"golang.org/x/crypto","old_version":"0.12.0","new_version":"0.48.0","repository_url":"https://github.com/golang/crypto"},{"name":"golang.org/x/net","old_version":"0.14.0","new_version":"0.51.0","repository_url":"https://github.com/golang/net"},{"name":"golang.org/x/sync","old_version":"0.3.0","new_version":"0.19.0","repository_url":"https://github.com/golang/sync"},{"name":"golang.org/x/time","old_version":"0.3.0","new_version":"0.15.0","repository_url":"https://github.com/golang/time"},{"name":"gorm.io/gorm","old_version":"1.25.4","new_version":"1.31.1","repository_url":"https://github.com/go-gorm/gorm"},{"name":"k8s.io/apimachinery","old_version":"0.28.1","new_version":"0.35.4","repository_url":"https://github.com/kubernetes/apimachinery"},{"name":"k8s.io/klog/v2","old_version":"2.100.1","new_version":"2.130.1","repository_url":"https://github.com/kubernetes/klog"},{"name":"k8s.io/kube-openapi","old_version":"0.0.0-20230816210353-14e408962443","new_version":"0.0.0-20250910181357-589584f1c912","repository_url":"https://github.com/kubernetes/kube-openapi"},{"name":"k8s.io/utils","old_version":"0.0.0-20230726121419-3b25d923346b","new_version":"0.0.0-20251002143259-bc988d571ff4","repository_url":"https://github.com/kubernetes/utils"},{"name":"sigs.k8s.io/json","old_version":"0.0.0-20221116044647-bc3834ca7abd","new_version":"0.0.0-20250730193827-2d320260d730","repository_url":"https://github.com/kubernetes-sigs/json"},{"name":"sigs.k8s.io/structured-merge-diff/v4","old_version":"4.3.0","new_version":"4.7.0","repository_url":"https://github.com/kubernetes-sigs/structured-merge-diff"},{"name":"sigs.k8s.io/yaml","old_version":"1.3.0","new_version":"1.6.0","repository_url":"https://github.com/kubernetes-sigs/yaml"}],"path":null,"ecosystem":"go"},"body":"Bumps the gomod-deps group with 22 updates:\n\n| Package | From | To |\n| --- | --- | --- |\n| [github.com/evanphx/json-patch](https://github.com/evanphx/json-patch) | `5.6.0+incompatible` | `5.9.11+incompatible` |\n| [github.com/gin-gonic/gin](https://github.com/gin-gonic/gin) | `1.9.1` | `1.12.0` |\n| [github.com/go-playground/validator/v10](https://github.com/go-playground/validator) | `10.15.1` | `10.30.1` |\n| [github.com/google/go-cmp](https://github.com/google/go-cmp) | `0.5.9` | `0.7.0` |\n| [github.com/google/uuid](https://github.com/google/uuid) | `1.3.1` | `1.6.0` |\n| [github.com/moby/spdystream](https://github.com/moby/spdystream) | `0.2.0` | `0.5.1` |\n| [github.com/moby/term](https://github.com/moby/term) | `0.5.0` | `0.5.2` |\n| [github.com/sony/sonyflake](https://github.com/sony/sonyflake) | `1.2.0` | `1.3.0` |\n| [github.com/spf13/pflag](https://github.com/spf13/pflag) | `1.0.5` | `1.0.10` |\n| [github.com/stretchr/testify](https://github.com/stretchr/testify) | `1.8.4` | `1.11.1` |\n| [golang.org/x/crypto](https://github.com/golang/crypto) | `0.12.0` | `0.48.0` |\n| [golang.org/x/net](https://github.com/golang/net) | `0.14.0` | `0.51.0` |\n| [golang.org/x/sync](https://github.com/golang/sync) | `0.3.0` | `0.19.0` |\n| [golang.org/x/time](https://github.com/golang/time) | `0.3.0` | `0.15.0` |\n| [gorm.io/gorm](https://github.com/go-gorm/gorm) | `1.25.4` | `1.31.1` |\n| [k8s.io/apimachinery](https://github.com/kubernetes/apimachinery) | `0.28.1` | `0.35.4` |\n| [k8s.io/klog/v2](https://github.com/kubernetes/klog) | `2.100.1` | `2.130.1` |\n| [k8s.io/kube-openapi](https://github.com/kubernetes/kube-openapi) | `0.0.0-20230816210353-14e408962443` | `0.0.0-20250910181357-589584f1c912` |\n| [k8s.io/utils](https://github.com/kubernetes/utils) | `0.0.0-20230726121419-3b25d923346b` | `0.0.0-20251002143259-bc988d571ff4` |\n| [sigs.k8s.io/json](https://github.com/kubernetes-sigs/json) | `0.0.0-20221116044647-bc3834ca7abd` | `0.0.0-20250730193827-2d320260d730` |\n| [sigs.k8s.io/structured-merge-diff/v4](https://github.com/kubernetes-sigs/structured-merge-diff) | `4.3.0` | `4.7.0` |\n| [sigs.k8s.io/yaml](https://github.com/kubernetes-sigs/yaml) | `1.3.0` | `1.6.0` |\n\nUpdates `github.com/evanphx/json-patch` from 5.6.0+incompatible to 5.9.11+incompatible\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/evanphx/json-patch/releases\"\u003egithub.com/evanphx/json-patch's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.9.11\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eExport errBadJSONDoc and errBadJSONPatch errors by \u003ca href=\"https://github.com/skitt\"\u003e\u003ccode\u003e@​skitt\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/evanphx/json-patch/pull/209\"\u003eevanphx/json-patch#209\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/evanphx/json-patch/compare/v5.9.10...v5.9.11\"\u003ehttps://github.com/evanphx/json-patch/compare/v5.9.10...v5.9.11\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.9.10\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDrop the reference to gopkg.in for v5 by \u003ca href=\"https://github.com/skitt\"\u003e\u003ccode\u003e@​skitt\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/evanphx/json-patch/pull/203\"\u003eevanphx/json-patch#203\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eremove unmaintained errors pkg(github.com/pkg/errors) by \u003ca href=\"https://github.com/koba1t\"\u003e\u003ccode\u003e@​koba1t\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/evanphx/json-patch/pull/206\"\u003eevanphx/json-patch#206\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/skitt\"\u003e\u003ccode\u003e@​skitt\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/evanphx/json-patch/pull/203\"\u003eevanphx/json-patch#203\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/koba1t\"\u003e\u003ccode\u003e@​koba1t\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/evanphx/json-patch/pull/206\"\u003eevanphx/json-patch#206\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/evanphx/json-patch/compare/v5.9.0...v5.9.10\"\u003ehttps://github.com/evanphx/json-patch/compare/v5.9.0...v5.9.10\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.9.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eValidate that the partialDoc is decoded correctly by \u003ca href=\"https://github.com/evanphx\"\u003e\u003ccode\u003e@​evanphx\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/evanphx/json-patch/pull/201\"\u003eevanphx/json-patch#201\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd option to control if the output is HTMLEscaped by \u003ca href=\"https://github.com/evanphx\"\u003e\u003ccode\u003e@​evanphx\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/evanphx/json-patch/pull/202\"\u003eevanphx/json-patch#202\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/evanphx/json-patch/compare/v5.8.1...v5.9.0\"\u003ehttps://github.com/evanphx/json-patch/compare/v5.8.1...v5.9.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eFix API breakage\u003c/h2\u003e\n\u003cp\u003eThis PR fixes Operation containing a reference to internal/json and breaking the ability to manually compose one. This restores that ability using a type alias.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/evanphx/json-patch/compare/v5.8.0...v5.8.1\"\u003ehttps://github.com/evanphx/json-patch/compare/v5.8.0...v5.8.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eBlargh Phixs and Empathyprovements\u003c/h2\u003e\n\u003cp\u003eThis release fixes a few stray panics, addresses large number accuracy, and improves performance!\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCompare strings after decoding them to handle unicode correctly. Fixes \u003ca href=\"https://redirect.github.com/evanphx/json-patch/issues/172\"\u003e#172\u003c/a\u003e by \u003ca href=\"https://github.com/evanphx\"\u003e\u003ccode\u003e@​evanphx\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/evanphx/json-patch/pull/195\"\u003eevanphx/json-patch#195\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAlways use UseNumber() to avoid float64 lossyness by \u003ca href=\"https://github.com/evanphx\"\u003e\u003ccode\u003e@​evanphx\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/evanphx/json-patch/pull/194\"\u003eevanphx/json-patch#194\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eHandle null correctly when introduced by replace. Fixes \u003ca href=\"https://redirect.github.com/evanphx/json-patch/issues/171\"\u003e#171\u003c/a\u003e by \u003ca href=\"https://github.com/evanphx\"\u003e\u003ccode\u003e@​evanphx\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/evanphx/json-patch/pull/196\"\u003eevanphx/json-patch#196\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eHandle from=\u0026quot;\u0026quot; more properly. Fixes \u003ca href=\"https://redirect.github.com/evanphx/json-patch/issues/192\"\u003e#192\u003c/a\u003e by \u003ca href=\"https://github.com/evanphx\"\u003e\u003ccode\u003e@​evanphx\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/evanphx/json-patch/pull/193\"\u003eevanphx/json-patch#193\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImprove performance by \u003ca href=\"https://github.com/evanphx\"\u003e\u003ccode\u003e@​evanphx\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/evanphx/json-patch/pull/197\"\u003eevanphx/json-patch#197\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/evanphx/json-patch/compare/v5.7.0...v5.8.0\"\u003ehttps://github.com/evanphx/json-patch/compare/v5.7.0...v5.8.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eThe 2023 Release\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix invalid sprintf by \u003ca href=\"https://github.com/howardjohn\"\u003e\u003ccode\u003e@​howardjohn\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/evanphx/json-patch/pull/152\"\u003eevanphx/json-patch#152\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd CIFuzz GitHub action by \u003ca href=\"https://github.com/DavidKorczynski\"\u003e\u003ccode\u003e@​DavidKorczynski\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/evanphx/json-patch/pull/167\"\u003eevanphx/json-patch#167\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eREADME: Remove Travis by \u003ca href=\"https://github.com/ohkinozomu\"\u003e\u003ccode\u003e@​ohkinozomu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/evanphx/json-patch/pull/164\"\u003eevanphx/json-patch#164\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdated min supported version to go 1.18 by \u003ca href=\"https://github.com/Neo2308\"\u003e\u003ccode\u003e@​Neo2308\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/evanphx/json-patch/pull/181\"\u003eevanphx/json-patch#181\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded dependabot by \u003ca href=\"https://github.com/Neo2308\"\u003e\u003ccode\u003e@​Neo2308\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/evanphx/json-patch/pull/182\"\u003eevanphx/json-patch#182\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanphx/json-patch/commit/84a4bb100ade42a86fce2647c95a7dbcbf569cb2\"\u003e\u003ccode\u003e84a4bb1\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/evanphx/json-patch/issues/209\"\u003e#209\u003c/a\u003e from skitt/export-errs-v5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanphx/json-patch/commit/7a7a88a24da9cb98ad9c90c91e2a50ab9943f84f\"\u003e\u003ccode\u003e7a7a88a\u003c/code\u003e\u003c/a\u003e Export errBadJSONDoc and errBadJSONPatch errors\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanphx/json-patch/commit/bd18525ff3c7e480b7004a90e7b37248fdb21006\"\u003e\u003ccode\u003ebd18525\u003c/code\u003e\u003c/a\u003e Upgrade go-flags\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanphx/json-patch/commit/42f26cb0cc22ff3a1136ae2ae803692044b59849\"\u003e\u003ccode\u003e42f26cb\u003c/code\u003e\u003c/a\u003e Fix spacing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanphx/json-patch/commit/0a3482b56b0cfd50e8cd430a893dbf1bff4b7a7f\"\u003e\u003ccode\u003e0a3482b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/evanphx/json-patch/issues/206\"\u003e#206\u003c/a\u003e from koba1t/remove_unmaintained_error_pkg\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanphx/json-patch/commit/106306d7fea7e067cf9aaf297f98f9c34a918074\"\u003e\u003ccode\u003e106306d\u003c/code\u003e\u003c/a\u003e remove unmaintained errors pkg\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanphx/json-patch/commit/e7cfbbbcc6e301d230bd304f4996348a4ea33191\"\u003e\u003ccode\u003ee7cfbbb\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/evanphx/json-patch/issues/203\"\u003e#203\u003c/a\u003e from skitt/drop-gopkgin-v5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanphx/json-patch/commit/61e1ad78ab35800ee5e25ed36bf2dc5a0a4c1a73\"\u003e\u003ccode\u003e61e1ad7\u003c/code\u003e\u003c/a\u003e Drop the reference to gopkg.in for v5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanphx/json-patch/commit/b7a4e4a87a35414cd02460dac07e879df729df37\"\u003e\u003ccode\u003eb7a4e4a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/evanphx/json-patch/issues/202\"\u003e#202\u003c/a\u003e from evanphx/f-html-escape\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanphx/json-patch/commit/7eef36c732df996ab6508bfb5cee17a7763097f1\"\u003e\u003ccode\u003e7eef36c\u003c/code\u003e\u003c/a\u003e Guard using options to avoid a crash bug\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/evanphx/json-patch/compare/v5.6.0...v5.9.11\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/gin-gonic/gin` from 1.9.1 to 1.12.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/gin-gonic/gin/releases\"\u003egithub.com/gin-gonic/gin's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.12.0\u003c/h2\u003e\n\u003ch2\u003eChangelog\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e192ac89eefc1c30f7c97ae48a9ffb1c6f1c8c8bc: feat(binding): add support for encoding.UnmarshalText in uri/query binding (\u003ca href=\"https://redirect.github.com/gin-gonic/gin/issues/4203\"\u003e#4203\u003c/a\u003e) (\u003ca href=\"https://github.com/takanuva15\"\u003e\u003ccode\u003e@​takanuva15\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e53410d2e07054369e0960fbe2eed97e1b9966f12: feat(context): add GetError and GetErrorSlice methods for error retrieval (\u003ca href=\"https://redirect.github.com/gin-gonic/gin/issues/4502\"\u003e#4502\u003c/a\u003e) (\u003ca href=\"https://github.com/raju-mechatronics\"\u003e\u003ccode\u003e@​raju-mechatronics\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eacc55e049e33b401e810dbd8c0d6dcb6b3ba2b05: feat(context): add Protocol Buffers support to content negotiation (\u003ca href=\"https://redirect.github.com/gin-gonic/gin/issues/4423\"\u003e#4423\u003c/a\u003e) (\u003ca href=\"https://github.com/1911860538\"\u003e\u003ccode\u003e@​1911860538\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e38e765119241d990705169bedb5002a29ae0cbd1: feat(context): implemented Delete method (\u003ca href=\"https://github.com/Spyder01\"\u003e\u003ccode\u003e@​Spyder01\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e771dcc6476d7bc6abb9ec0235ecefa4d38fe6fb0: feat(gin): add option to use escaped path (\u003ca href=\"https://redirect.github.com/gin-gonic/gin/issues/4420\"\u003e#4420\u003c/a\u003e) (\u003ca href=\"https://github.com/ldesauw\"\u003e\u003ccode\u003e@​ldesauw\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e4dec17afdff48e8018c83618fbbe69fceeb2b41d: feat(logger): color latency (\u003ca href=\"https://redirect.github.com/gin-gonic/gin/issues/4146\"\u003e#4146\u003c/a\u003e) (\u003ca href=\"https://github.com/wsyqn6\"\u003e\u003ccode\u003e@​wsyqn6\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ed7776de7d444935ea4385999711bd6331a98fecb: feat(render): add bson protocol (\u003ca href=\"https://redirect.github.com/gin-gonic/gin/issues/4145\"\u003e#4145\u003c/a\u003e) (\u003ca href=\"https://github.com/laurentcau\"\u003e\u003ccode\u003e@​laurentcau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eb917b14ff9d189f16a7492be79d123a47806ee19: fix(binding): empty value error (\u003ca href=\"https://redirect.github.com/gin-gonic/gin/issues/2169\"\u003e#2169\u003c/a\u003e) (\u003ca href=\"https://github.com/guonaihong\"\u003e\u003ccode\u003e@​guonaihong\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ec3d1092b3b48addf6f9cd00fe274ec3bd14650eb: fix(binding): improve empty slice/array handling in form binding (\u003ca href=\"https://redirect.github.com/gin-gonic/gin/issues/4380\"\u003e#4380\u003c/a\u003e) (\u003ca href=\"https://github.com/1911860538\"\u003e\u003ccode\u003e@​1911860538\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e9914178584e42458ff7d23891463a880f58c9d86: fix(context): ClientIP handling for multiple X-Forwarded-For header values (\u003ca href=\"https://redirect.github.com/gin-gonic/gin/issues/4472\"\u003e#4472\u003c/a\u003e) (\u003ca href=\"https://github.com/Nurysso\"\u003e\u003ccode\u003e@​Nurysso\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e2a794cd0b0faa7d829291375b27a3467ea972b0d: fix(debug): version mismatch (\u003ca href=\"https://redirect.github.com/gin-gonic/gin/issues/4403\"\u003e#4403\u003c/a\u003e) (\u003ca href=\"https://github.com/zeek0x\"\u003e\u003ccode\u003e@​zeek0x\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ec3d5a28ed6d3849da820195b6774d212bcc038a9: fix(gin): close os.File in RunFd to prevent resource leak (\u003ca href=\"https://redirect.github.com/gin-gonic/gin/issues/4422\"\u003e#4422\u003c/a\u003e) (\u003ca href=\"https://github.com/1911860538\"\u003e\u003ccode\u003e@​1911860538\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e5fad976b372e381312f8de69f0969f1284d229d3: fix(gin): literal colon routes not working with engine.Handler() (\u003ca href=\"https://redirect.github.com/gin-gonic/gin/issues/4415\"\u003e#4415\u003c/a\u003e) (\u003ca href=\"https://github.com/pawannn\"\u003e\u003ccode\u003e@​pawannn\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e63dd3e60cab89c27fb66bce1423bd268d52abad1: fix(recover): suppress http.ErrAbortHandler in recover (\u003ca href=\"https://redirect.github.com/gin-gonic/gin/issues/4336\"\u003e#4336\u003c/a\u003e) (\u003ca href=\"https://github.com/MondayCha\"\u003e\u003ccode\u003e@​MondayCha\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e5c00df8afadd06cc5be530dde00fe6d9fa4a2e4a: fix(render): write content length in Data.Render (\u003ca href=\"https://redirect.github.com/gin-gonic/gin/issues/4206\"\u003e#4206\u003c/a\u003e) (\u003ca href=\"https://github.com/dengaleev\"\u003e\u003ccode\u003e@​dengaleev\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e234a6d4c00cb77af9852aca0b8289745d5529b4b: fix(response): refine hijack behavior for response lifecycle (\u003ca href=\"https://redirect.github.com/gin-gonic/gin/issues/4373\"\u003e#4373\u003c/a\u003e) (\u003ca href=\"https://github.com/appleboy\"\u003e\u003ccode\u003e@​appleboy\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e472d086af2acd924cb4b9d7be0525f7d790f69bc: fix(tree): panic in findCaseInsensitivePathRec with RedirectFixedPath (\u003ca href=\"https://redirect.github.com/gin-gonic/gin/issues/4535\"\u003e#4535\u003c/a\u003e) (\u003ca href=\"https://github.com/veeceey\"\u003e\u003ccode\u003e@​veeceey\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e8e07d37c63e5536eb25f4af4c91eabeee4011fba: fix: Correct typos, improve documentation clarity, and remove dead code (\u003ca href=\"https://redirect.github.com/gin-gonic/gin/issues/4511\"\u003e#4511\u003c/a\u003e) (\u003ca href=\"https://github.com/mahanadh\"\u003e\u003ccode\u003e@​mahanadh\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eEnhancements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eba093d19477b896ac89a7fc3246af23d290b8e26: chore(binding): upgrade bson dependency to mongo-driver v2 (\u003ca href=\"https://redirect.github.com/gin-gonic/gin/issues/4549\"\u003e#4549\u003c/a\u003e) (\u003ca href=\"https://github.com/BobDu\"\u003e\u003ccode\u003e@​BobDu\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eb2b489dbf4826c2c630717a77fd5e42774625410: chore(context): always trust xff headers from unix socket (\u003ca href=\"https://redirect.github.com/gin-gonic/gin/issues/3359\"\u003e#3359\u003c/a\u003e) (\u003ca href=\"https://github.com/WeidiDeng\"\u003e\u003ccode\u003e@​WeidiDeng\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eecb3f7b5e2f3915bf1db240ed5eee572f8dbea36: chore(deps): upgrade golang.org/x/crypto to v0.45.0 (\u003ca href=\"https://redirect.github.com/gin-gonic/gin/issues/4449\"\u003e#4449\u003c/a\u003e) (\u003ca href=\"https://github.com/appleboy\"\u003e\u003ccode\u003e@​appleboy\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eaf6e8b70b8261bb0c99ad094fe552ab92991620a: chore(deps): upgrade quic-go to v0.57.1 (\u003ca href=\"https://github.com/appleboy\"\u003e\u003ccode\u003e@​appleboy\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edb309081bc5c137b2aa15701ef53f7f19788da25: chore(logger): allow skipping query string output (\u003ca href=\"https://redirect.github.com/gin-gonic/gin/issues/4547\"\u003e#4547\u003c/a\u003e) (\u003ca href=\"https://github.com/USA-RedDragon\"\u003e\u003ccode\u003e@​USA-RedDragon\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e26c3a628655cad2388380cb8102d6ce7d4875f3b: chore(response): prevent Flush() panic when \u003ccode\u003ehttp.Flusher\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/gin-gonic/gin/issues/4479\"\u003e#4479\u003c/a\u003e) (\u003ca href=\"https://github.com/Twacqwq\"\u003e\u003ccode\u003e@​Twacqwq\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e5dd833f1f26de0eb30eae47b17e05ced2482dc41: chore: bump minimum Go version to 1.24 and update workflows (\u003ca href=\"https://redirect.github.com/gin-gonic/gin/issues/4388\"\u003e#4388\u003c/a\u003e) (\u003ca href=\"https://github.com/appleboy\"\u003e\u003ccode\u003e@​appleboy\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eRefactor\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e39858a0859c914bd26948fa950477e11bd8d3823: refactor(binding): use maps.Copy for cleaner map handling (\u003ca href=\"https://redirect.github.com/gin-gonic/gin/issues/4352\"\u003e#4352\u003c/a\u003e) (\u003ca href=\"https://github.com/russcoss\"\u003e\u003ccode\u003e@​russcoss\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ec0048f645ee945c4db30593afdea10123e2c30a6: refactor(context): omit the return value names (\u003ca href=\"https://redirect.github.com/gin-gonic/gin/issues/4395\"\u003e#4395\u003c/a\u003e) (\u003ca href=\"https://github.com/wanghaolong613\"\u003e\u003ccode\u003e@​wanghaolong613\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e915e4c90d28ec4cffc6eb146e208ab5a65eac772: refactor(context): replace hardcoded localhost IPs with constants (\u003ca href=\"https://redirect.github.com/gin-gonic/gin/issues/4481\"\u003e#4481\u003c/a\u003e) (\u003ca href=\"https://github.com/pauloappbr\"\u003e\u003ccode\u003e@​pauloappbr\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e414de60574449457f3192a7a1d5528940db2836d: refactor(context): using maps.Clone (\u003ca href=\"https://redirect.github.com/gin-gonic/gin/issues/4333\"\u003e#4333\u003c/a\u003e) (\u003ca href=\"https://github.com/cuiweixie\"\u003e\u003ccode\u003e@​cuiweixie\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e59e9d4a794f12c4f9a6c7bed441b9644e5f6d99b: refactor(ginS): use sync.OnceValue to simplify engine function (\u003ca href=\"https://redirect.github.com/gin-gonic/gin/issues/4314\"\u003e#4314\u003c/a\u003e) (\u003ca href=\"https://github.com/1911860538\"\u003e\u003ccode\u003e@​1911860538\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e3ab698dc5110af1977d57226e4995c57dd34c233: refactor(recovery): smart error comparison (\u003ca href=\"https://redirect.github.com/gin-gonic/gin/issues/4142\"\u003e#4142\u003c/a\u003e) (\u003ca href=\"https://github.com/zeek0x\"\u003e\u003ccode\u003e@​zeek0x\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ed1a15347b1e45a8ee816193d3578a93bfd73b70f: refactor(utils): move util functions to utils.go (\u003ca href=\"https://redirect.github.com/gin-gonic/gin/issues/4467\"\u003e#4467\u003c/a\u003e) (\u003ca href=\"https://github.com/zeek0x\"\u003e\u003ccode\u003e@​zeek0x\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ee3118cc378d263454098924ebbde7e8d1dd2e904: refactor: for loop can be modernized using range over int (\u003ca href=\"https://redirect.github.com/gin-gonic/gin/issues/4392\"\u003e#4392\u003c/a\u003e) (\u003ca href=\"https://github.com/wanghaolong613\"\u003e\u003ccode\u003e@​wanghaolong613\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e488f8c3ffa579a8d19beb2bae95ff8ef36b3d53f: refactor: replace magic numbers with named constants in bodyAllowedForStatus (\u003ca href=\"https://redirect.github.com/gin-gonic/gin/issues/4529\"\u003e#4529\u003c/a\u003e) (\u003ca href=\"https://github.com/veeceey\"\u003e\u003ccode\u003e@​veeceey\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e9968c4bf9d5a99edc3eee2c068a4c9160ece8915: refactor: use b.Loop() to simplify the code and improve performance (\u003ca href=\"https://redirect.github.com/gin-gonic/gin/issues/4389\"\u003e#4389\u003c/a\u003e) (\u003ca href=\"https://github.com/reddaisyy\"\u003e\u003ccode\u003e@​reddaisyy\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ea85ef5ce4d0cda8834c59c855068ed48b51192d1: refactor: use b.Loop() to simplify the code and improve performance (\u003ca href=\"https://redirect.github.com/gin-gonic/gin/issues/4432\"\u003e#4432\u003c/a\u003e) (\u003ca href=\"https://github.com/efcking\"\u003e\u003ccode\u003e@​efcking\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBuild process updates\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e61b67de522a189b568aced4c5c16917c558e3387: ci(bot): increase frequency and group updates for dependencies (\u003ca href=\"https://redirect.github.com/gin-gonic/gin/issues/4367\"\u003e#4367\u003c/a\u003e) (\u003ca href=\"https://github.com/appleboy\"\u003e\u003ccode\u003e@​appleboy\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efb27ef26c2fdfe25344b4c039d8a53551f9e912c: ci(lint): refactor test assertions and linter configuration (\u003ca href=\"https://redirect.github.com/gin-gonic/gin/issues/4436\"\u003e#4436\u003c/a\u003e) (\u003ca href=\"https://github.com/appleboy\"\u003e\u003ccode\u003e@​appleboy\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e93ff771e6dbf10e432864b30f3719ac5c84a4d4a: ci(sec): improve type safety and server organization in HTTP middleware (\u003ca href=\"https://redirect.github.com/gin-gonic/gin/issues/4437\"\u003e#4437\u003c/a\u003e) (\u003ca href=\"https://github.com/appleboy\"\u003e\u003ccode\u003e@​appleboy\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ee88fc8927a52b74f55bec0351604a56ac0aa1c51: ci(sec): schedule Trivy security scans to run daily at midnight UTC (\u003ca href=\"https://redirect.github.com/gin-gonic/gin/issues/4439\"\u003e#4439\u003c/a\u003e) (\u003ca href=\"https://github.com/appleboy\"\u003e\u003ccode\u003e@​appleboy\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e5e5ff3ace496a31b138b0820136a146bfb5de0ef: ci: replace vulnerability scanning workflow with Trivy integration (\u003ca href=\"https://redirect.github.com/gin-gonic/gin/issues/4421\"\u003e#4421\u003c/a\u003e) (\u003ca href=\"https://github.com/appleboy\"\u003e\u003ccode\u003e@​appleboy\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e00900fb3e1ea9dde33985a0e4f6afec793d5e786: ci: update CI workflows and standardize Trivy config quotes (\u003ca href=\"https://redirect.github.com/gin-gonic/gin/issues/4531\"\u003e#4531\u003c/a\u003e) (\u003ca href=\"https://github.com/appleboy\"\u003e\u003ccode\u003e@​appleboy\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eae3f524974fc4f55d18c9e7fae4614503c015226: ci: update Go version support to 1.25+ across CI and docs (\u003ca href=\"https://redirect.github.com/gin-gonic/gin/issues/4550\"\u003e#4550\u003c/a\u003e) (\u003ca href=\"https://github.com/appleboy\"\u003e\u003ccode\u003e@​appleboy\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/gin-gonic/gin/blob/master/CHANGELOG.md\"\u003egithub.com/gin-gonic/gin's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eGin v1.12.0\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efeat(render): add bson protocol (\u003ca href=\"https://redirect.github.com/gin-gonic/gin/pull/4145\"\u003e#4145\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efeat(context): add GetError and GetErrorSlice methods for error retrieval (\u003ca href=\"https://redirect.github.com/gin-gonic/gin/pull/4502\"\u003e#4502\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efeat(binding): add support for encoding.UnmarshalText in uri/query binding (\u003ca href=\"https://redirect.github.com/gin-gonic/gin/pull/4203\"\u003e#4203\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efeat(gin): add option to use escaped path (\u003ca href=\"https://redirect.github.com/gin-gonic/gin/pull/4420\"\u003e#4420\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efeat(context): add Protocol Buffers support to content negotiation (\u003ca href=\"https://redirect.github.com/gin-gonic/gin/pull/4423\"\u003e#4423\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efeat(context): implemented Delete method (\u003ca href=\"https://github.com/gin-gonic/gin/commit/38e7651\"\u003e#38e7651\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efeat(logger): color latency (\u003ca href=\"https://redirect.github.com/gin-gonic/gin/pull/4146\"\u003e#4146\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eEnhancements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eperf(tree): reduce allocations in findCaseInsensitivePath (\u003ca href=\"https://redirect.github.com/gin-gonic/gin/pull/4417\"\u003e#4417\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eperf(recovery): optimize line reading in stack function (\u003ca href=\"https://redirect.github.com/gin-gonic/gin/pull/4466\"\u003e#4466\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eperf(path): replace regex with custom functions in redirectTrailingSlash (\u003ca href=\"https://redirect.github.com/gin-gonic/gin/pull/4414\"\u003e#4414\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eperf(tree): optimize path parsing using strings.Count (\u003ca href=\"https://redirect.github.com/gin-gonic/gin/pull/4246\"\u003e#4246\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore(logger): allow skipping query string output (\u003ca href=\"https://redirect.github.com/gin-gonic/gin/pull/4547\"\u003e#4547\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore(context): always trust xff headers from unix socket (\u003ca href=\"https://redirect.github.com/gin-gonic/gin/pull/3359\"\u003e#3359\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore(response): prevent Flush() panic when the underlying ResponseWriter does not implement \u003ccode\u003ehttp.Flusher\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/gin-gonic/gin/pull/4479\"\u003e#4479\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003erefactor(recovery): smart error comparison (\u003ca href=\"https://redirect.github.com/gin-gonic/gin/pull/4142\"\u003e#4142\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003erefactor(context): replace hardcoded localhost IPs with constants (\u003ca href=\"https://redirect.github.com/gin-gonic/gin/pull/4481\"\u003e#4481\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003erefactor(utils): move util functions to utils.go (\u003ca href=\"https://redirect.github.com/gin-gonic/gin/pull/4467\"\u003e#4467\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003erefactor(binding): use maps.Copy for cleaner map handling (\u003ca href=\"https://redirect.github.com/gin-gonic/gin/pull/4352\"\u003e#4352\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003erefactor(context): using maps.Clone (\u003ca href=\"https://redirect.github.com/gin-gonic/gin/pull/4333\"\u003e#4333\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003erefactor(ginS): use sync.OnceValue to simplify engine function (\u003ca href=\"https://redirect.github.com/gin-gonic/gin/pull/4314\"\u003e#4314\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003erefactor: replace magic numbers with named constants in bodyAllowedForStatus (\u003ca href=\"https://redirect.github.com/gin-gonic/gin/pull/4529\"\u003e#4529\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003erefactor: for loop can be modernized using range over int (\u003ca href=\"https://redirect.github.com/gin-gonic/gin/pull/4392\"\u003e#4392\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efix(tree): panic in findCaseInsensitivePathRec with RedirectFixedPath (\u003ca href=\"https://redirect.github.com/gin-gonic/gin/pull/4535\"\u003e#4535\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix(render): write content length in Data.Render (\u003ca href=\"https://redirect.github.com/gin-gonic/gin/pull/4206\"\u003e#4206\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix(context): ClientIP handling for multiple X-Forwarded-For header values (\u003ca href=\"https://redirect.github.com/gin-gonic/gin/pull/4472\"\u003e#4472\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix(binding): empty value error (\u003ca href=\"https://redirect.github.com/gin-gonic/gin/pull/2169\"\u003e#2169\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix(recover): suppress http.ErrAbortHandler in recover (\u003ca href=\"https://redirect.github.com/gin-gonic/gin/pull/4336\"\u003e#4336\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix(gin): literal colon routes not working with engine.Handler() (\u003ca href=\"https://redirect.github.com/gin-gonic/gin/pull/4415\"\u003e#4415\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix(gin): close os.File in RunFd to prevent resource leak (\u003ca href=\"https://redirect.github.com/gin-gonic/gin/pull/4422\"\u003e#4422\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix(response): refine hijack behavior for response lifecycle (\u003ca href=\"https://redirect.github.com/gin-gonic/gin/pull/4373\"\u003e#4373\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix(binding): improve empty slice/array handling in form binding (\u003ca href=\"https://redirect.github.com/gin-gonic/gin/pull/4380\"\u003e#4380\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix(debug): version mismatch (\u003ca href=\"https://redirect.github.com/gin-gonic/gin/pull/4403\"\u003e#4403\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix: correct typos, improve documentation clarity, and remove dead code (\u003ca href=\"https://redirect.github.com/gin-gonic/gin/pull/4511\"\u003e#4511\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBuild process updates / CI\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eci: update Go version support to 1.25+ across CI and docs (\u003ca href=\"https://redirect.github.com/gin-gonic/gin/pull/4550\"\u003e#4550\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore(binding): upgrade bson dependency to mongo-driver v2 (\u003ca href=\"https://redirect.github.com/gin-gonic/gin/pull/4549\"\u003e#4549\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eGin v1.11.0\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gin-gonic/gin/commit/73726dc606796a025971fe451f0aa6f1b9b847f6\"\u003e\u003ccode\u003e73726dc\u003c/code\u003e\u003c/a\u003e docs: update documentation to reflect Go version changes (\u003ca href=\"https://redirect.github.com/gin-gonic/gin/issues/4552\"\u003e#4552\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gin-gonic/gin/commit/e292e5caa777bce70b66fe08c94cbe9cef3e2ec9\"\u003e\u003ccode\u003ee292e5c\u003c/code\u003e\u003c/a\u003e docs: document and finalize Gin v1.12.0 release (\u003ca href=\"https://redirect.github.com/gin-gonic/gin/issues/4551\"\u003e#4551\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gin-gonic/gin/commit/ae3f524974fc4f55d18c9e7fae4614503c015226\"\u003e\u003ccode\u003eae3f524\u003c/code\u003e\u003c/a\u003e ci: update Go version support to 1.25+ across CI and docs (\u003ca href=\"https://redirect.github.com/gin-gonic/gin/issues/4550\"\u003e#4550\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gin-gonic/gin/commit/38534e2bf98a06e1f62d6b24384e90b5f78699bf\"\u003e\u003ccode\u003e38534e2\u003c/code\u003e\u003c/a\u003e chore(deps): bump golang.org/x/net from 0.50.0 to 0.51.0 (\u003ca href=\"https://redirect.github.com/gin-gonic/gin/issues/4548\"\u003e#4548\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gin-gonic/gin/commit/472d086af2acd924cb4b9d7be0525f7d790f69bc\"\u003e\u003ccode\u003e472d086\u003c/code\u003e\u003c/a\u003e fix(tree): panic in findCaseInsensitivePathRec with RedirectFixedPath (\u003ca href=\"https://redirect.github.com/gin-gonic/gin/issues/4535\"\u003e#4535\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gin-gonic/gin/commit/fb2583442c4d9bccb75e6d26f1aa6e7c01950db6\"\u003e\u003ccode\u003efb25834\u003c/code\u003e\u003c/a\u003e test(context): use http.StatusContinue constant instead of magic number 100 (...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gin-gonic/gin/commit/6f1d5fe3cdb171a08928c3c9dd3fbcfc9ee1b521\"\u003e\u003ccode\u003e6f1d5fe\u003c/code\u003e\u003c/a\u003e test(render): add comprehensive error handling tests (\u003ca href=\"https://redirect.github.com/gin-gonic/gin/issues/4541\"\u003e#4541\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gin-gonic/gin/commit/5c00df8afadd06cc5be530dde00fe6d9fa4a2e4a\"\u003e\u003ccode\u003e5c00df8\u003c/code\u003e\u003c/a\u003e fix(render): write content length in Data.Render (\u003ca href=\"https://redirect.github.com/gin-gonic/gin/issues/4206\"\u003e#4206\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gin-gonic/gin/commit/db309081bc5c137b2aa15701ef53f7f19788da25\"\u003e\u003ccode\u003edb30908\u003c/code\u003e\u003c/a\u003e chore(logger): allow skipping query string output (\u003ca href=\"https://redirect.github.com/gin-gonic/gin/issues/4547\"\u003e#4547\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gin-gonic/gin/commit/ba093d19477b896ac89a7fc3246af23d290b8e26\"\u003e\u003ccode\u003eba093d1\u003c/code\u003e\u003c/a\u003e chore(binding): upgrade bson dependency to mongo-driver v2 (\u003ca href=\"https://redirect.github.com/gin-gonic/gin/issues/4549\"\u003e#4549\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/gin-gonic/gin/compare/v1.9.1...v1.12.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/go-playground/validator/v10` from 10.15.1 to 10.30.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/go-playground/validator/releases\"\u003egithub.com/go-playground/validator/v10's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRelease 10.30.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFeat: uds_exists validator by \u003ca href=\"https://github.com/barash-asenov\"\u003e\u003ccode\u003e@​barash-asenov\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-playground/validator/pull/1482\"\u003ego-playground/validator#1482\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Revert min limit of e164 regex by \u003ca href=\"https://github.com/zemzale\"\u003e\u003ccode\u003e@​zemzale\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-playground/validator/pull/1516\"\u003ego-playground/validator#1516\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix 1513 update ISO 3166-2 codes by \u003ca href=\"https://github.com/xyz27900\"\u003e\u003ccode\u003e@​xyz27900\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-playground/validator/pull/1514\"\u003ego-playground/validator#1514\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/barash-asenov\"\u003e\u003ccode\u003e@​barash-asenov\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-playground/validator/pull/1482\"\u003ego-playground/validator#1482\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xyz27900\"\u003e\u003ccode\u003e@​xyz27900\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-playground/validator/pull/1514\"\u003ego-playground/validator#1514\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/go-playground/validator/compare/v10.30.0...v10.30.1\"\u003ehttps://github.com/go-playground/validator/compare/v10.30.0...v10.30.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eRelease 10.30.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump golang.org/x/crypto from 0.45.0 to 0.46.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/go-playground/validator/pull/1504\"\u003ego-playground/validator#1504\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump github.com/gabriel-vasile/mimetype from 1.4.11 to 1.4.12 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/go-playground/validator/pull/1505\"\u003ego-playground/validator#1505\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: document omitzero by \u003ca href=\"https://github.com/minoritea\"\u003e\u003ccode\u003e@​minoritea\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-playground/validator/pull/1509\"\u003ego-playground/validator#1509\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: add missing translations for alpha validators by \u003ca href=\"https://github.com/shindonghwi\"\u003e\u003ccode\u003e@​shindonghwi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-playground/validator/pull/1510\"\u003ego-playground/validator#1510\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: resolve panic when using aliases with OR operator by \u003ca href=\"https://github.com/shindonghwi\"\u003e\u003ccode\u003e@​shindonghwi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-playground/validator/pull/1507\"\u003ego-playground/validator#1507\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: resolve panic when using cross-field validators with ValidateMap by \u003ca href=\"https://github.com/shindonghwi\"\u003e\u003ccode\u003e@​shindonghwi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-playground/validator/pull/1508\"\u003ego-playground/validator#1508\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/minoritea\"\u003e\u003ccode\u003e@​minoritea\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-playground/validator/pull/1509\"\u003ego-playground/validator#1509\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shindonghwi\"\u003e\u003ccode\u003e@​shindonghwi\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-playground/validator/pull/1510\"\u003ego-playground/validator#1510\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/go-playground/validator/compare/v10.29.0...v10.30.0\"\u003ehttps://github.com/go-playground/validator/compare/v10.29.0...v10.30.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev10.29.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: minor spelling fix in docs by \u003ca href=\"https://github.com/Perfect5th\"\u003e\u003ccode\u003e@​Perfect5th\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-playground/validator/pull/1472\"\u003ego-playground/validator#1472\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump golang.org/x/text from 0.29.0 to 0.30.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/go-playground/validator/pull/1473\"\u003ego-playground/validator#1473\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump golang.org/x/crypto from 0.42.0 to 0.43.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/go-playground/validator/pull/1474\"\u003ego-playground/validator#1474\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix integer overflows in test when run on 32bit systems by \u003ca href=\"https://github.com/gibmat\"\u003e\u003ccode\u003e@​gibmat\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-playground/validator/pull/1479\"\u003ego-playground/validator#1479\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: exclude modernize linter by \u003ca href=\"https://github.com/nodivbyzero\"\u003e\u003ccode\u003e@​nodivbyzero\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-playground/validator/pull/1487\"\u003ego-playground/validator#1487\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump golangci/golangci-lint-action from 8 to 9 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/go-playground/validator/pull/1490\"\u003ego-playground/validator#1490\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump github.com/gabriel-vasile/mimetype from 1.4.10 to 1.4.11 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/go-playground/validator/pull/1485\"\u003ego-playground/validator#1485\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport for ISO 9362:2022 BIC (SWIFT) codes by \u003ca href=\"https://github.com/fira42073\"\u003e\u003ccode\u003e@​fira42073\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-playground/validator/pull/1478\"\u003ego-playground/validator#1478\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump golang.org/x/crypto from 0.43.0 to 0.44.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/go-playground/validator/pull/1492\"\u003ego-playground/validator#1492\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix: validation now rejects phone codes starting with +0 by \u003ca href=\"https://github.com/nodivbyzero\"\u003e\u003ccode\u003e@​nodivbyzero\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-playground/validator/pull/1476\"\u003ego-playground/validator#1476\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump golang.org/x/crypto from 0.44.0 to 0.45.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/go-playground/validator/pull/1495\"\u003ego-playground/validator#1495\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/checkout from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/go-playground/validator/pull/1497\"\u003ego-playground/validator#1497\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix/1500:Update Sierra Leone currency code from SLL to SLE by \u003ca href=\"https://github.com/princekm096\"\u003e\u003ccode\u003e@​princekm096\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-playground/validator/pull/1501\"\u003ego-playground/validator#1501\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix/1481 skip invalid type validations by \u003ca href=\"https://github.com/KaranLathiya\"\u003e\u003ccode\u003e@​KaranLathiya\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-playground/validator/pull/1498\"\u003ego-playground/validator#1498\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix 1502 update ccy codes by \u003ca href=\"https://github.com/princekm096\"\u003e\u003ccode\u003e@​princekm096\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-playground/validator/pull/1503\"\u003ego-playground/validator#1503\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded alphanumspace string validator by \u003ca href=\"https://github.com/haribabuk113\"\u003e\u003ccode\u003e@​haribabuk113\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-playground/validator/pull/1484\"\u003ego-playground/validator#1484\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eexcluded_unless\u003c/code\u003e bug fix by \u003ca href=\"https://github.com/chargraves85\"\u003e\u003ccode\u003e@​chargraves85\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-playground/validator/pull/1307\"\u003ego-playground/validator#1307\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Perfect5th\"\u003e\u003ccode\u003e@​Perfect5th\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-playground/validator/pull/1472\"\u003ego-playground/validator#1472\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gibmat\"\u003e\u003ccode\u003e@​gibmat\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-playground/validator/pull/1479\"\u003ego-playground/validator#1479\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-playground/validator/commit/5010f83a6354aa3eac70826f74b87f73837ea10f\"\u003e\u003ccode\u003e5010f83\u003c/code\u003e\u003c/a\u003e Fix 1513 update ISO 3166-2 codes (\u003ca href=\"https://redirect.github.com/go-playground/validator/issues/1514\"\u003e#1514\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-playground/validator/commit/e8627a1e5f44830d04ff2e23d29182e2fc116936\"\u003e\u003ccode\u003ee8627a1\u003c/code\u003e\u003c/a\u003e fix: Revert min limit of e164 regex (\u003ca href=\"https://redirect.github.com/go-playground/validator/issues/1516\"\u003e#1516\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-playground/validator/commit/65b1bcc086b87a632009d8fc79f103dbff6f0cb2\"\u003e\u003ccode\u003e65b1bcc\u003c/code\u003e\u003c/a\u003e Feat: uds_exists validator (\u003ca href=\"https://redirect.github.com/go-playground/validator/issues/1482\"\u003e#1482\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-playground/validator/commit/e9b900c8d62465f85de0713979d929d770f5ce49\"\u003e\u003ccode\u003ee9b900c\u003c/code\u003e\u003c/a\u003e fix: resolve panic when using cross-field validators with ValidateMap (\u003ca href=\"https://redirect.github.com/go-playground/validator/issues/1508\"\u003e#1508\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-playground/validator/commit/7aba81cf8ee5359d19ac8a199f71e6183fb8b180\"\u003e\u003ccode\u003e7aba81c\u003c/code\u003e\u003c/a\u003e fix: resolve panic when using aliases with OR operator (\u003ca href=\"https://redirect.github.com/go-playground/validator/issues/1507\"\u003e#1507\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-playground/validator/commit/4d600befdd2c5ff437025b3d022fbc0ca7e90f17\"\u003e\u003ccode\u003e4d600be\u003c/code\u003e\u003c/a\u003e fix: add missing translations for alpha validators (\u003ca href=\"https://redirect.github.com/go-playground/validator/issues/1510\"\u003e#1510\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-playground/validator/commit/b0e4ba2e690d26c3f0866c34ca49b4b9776c87f4\"\u003e\u003ccode\u003eb0e4ba2\u003c/code\u003e\u003c/a\u003e docs: document omitzero (\u003ca href=\"https://redirect.github.com/go-playground/validator/issues/1509\"\u003e#1509\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-playground/validator/commit/79fba72b00b11aa90ede835b66afcb74ee182488\"\u003e\u003ccode\u003e79fba72\u003c/code\u003e\u003c/a\u003e Bump github.com/gabriel-vasile/mimetype from 1.4.11 to 1.4.12 (\u003ca href=\"https://redirect.github.com/go-playground/validator/issues/1505\"\u003e#1505\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-playground/validator/commit/c3c9084f6fef2685d7bbf6482a38f1345cd1771b\"\u003e\u003ccode\u003ec3c9084\u003c/code\u003e\u003c/a\u003e Bump golang.org/x/crypto from 0.45.0 to 0.46.0 (\u003ca href=\"https://redirect.github.com/go-playground/validator/issues/1504\"\u003e#1504\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-playground/validator/commit/afce000d4f55c2721c8bd568a614b169fa191b39\"\u003e\u003ccode\u003eafce000\u003c/code\u003e\u003c/a\u003e \u003ccode\u003eexcluded_unless\u003c/code\u003e bug fix (\u003ca href=\"https://redirect.github.com/go-playground/validator/issues/1307\"\u003e#1307\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/go-playground/validator/compare/v10.15.1...v10.30.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/google/go-cmp` from 0.5.9 to 0.7.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/google/go-cmp/releases\"\u003egithub.com/google/go-cmp's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.7.0\u003c/h2\u003e\n\u003cp\u003eNew API:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e(\u003ca href=\"https://redirect.github.com/google/go-cmp/issues/367\"\u003e#367\u003c/a\u003e) Support compare functions with SortSlices and SortMaps\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003ePanic messaging:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e(\u003ca href=\"https://redirect.github.com/google/go-cmp/issues/370\"\u003e#370\u003c/a\u003e) Detect proto.Message types when failing to export a field\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev0.6.0\u003c/h2\u003e\n\u003cp\u003eNew API:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e(\u003ca href=\"https://redirect.github.com/google/go-cmp/issues/340\"\u003e#340\u003c/a\u003e) Add \u003ccode\u003ecmpopts.EquateComparable\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eDocumentation changes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e(\u003ca href=\"https://redirect.github.com/google/go-cmp/issues/337\"\u003e#337\u003c/a\u003e) Use of hotlinking of Go identifiers\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eBuild changes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e(\u003ca href=\"https://redirect.github.com/google/go-cmp/issues/325\"\u003e#325\u003c/a\u003e) Remove purego fallbacks\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eTesting changes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e(\u003ca href=\"https://redirect.github.com/google/go-cmp/issues/322\"\u003e#322\u003c/a\u003e) Run tests for Go 1.20 version\u003c/li\u003e\n\u003cli\u003e(\u003ca href=\"https://redirect.github.com/google/go-cmp/issues/332\"\u003e#332\u003c/a\u003e) Pin GitHub action versions\u003c/li\u003e\n\u003cli\u003e(\u003ca href=\"https://redirect.github.com/google/go-cmp/issues/327\"\u003e#327\u003c/a\u003e) set workflow permission to read-only\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/google/go-cmp/commit/9b12f366a942ebc7254abc7f32ca05068b455fb7\"\u003e\u003ccode\u003e9b12f36\u003c/code\u003e\u003c/a\u003e Detect proto.Message types when failing to export a field (\u003ca href=\"https://redirect.github.com/google/go-cmp/issues/370\"\u003e#370\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/google/go-cmp/commit/4dd3d63d6987c0f84fce8e1d1c5bb59f0badc220\"\u003e\u003ccode\u003e4dd3d63\u003c/code\u003e\u003c/a\u003e fix: type 'aribica' =\u0026gt; 'arabica' (\u003ca href=\"https://redirect.github.com/google/go-cmp/issues/368\"\u003e#368\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/google/go-cmp/commit/391980c4b2e1cc2c30d2bfae6039815350490495\"\u003e\u003ccode\u003e391980c\u003c/code\u003e\u003c/a\u003e Support compare functions with SortSlices and SortMaps (\u003ca href=\"https://redirect.github.com/google/go-cmp/issues/367\"\u003e#367\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/google/go-cmp/commit/c3ad8435e7bef96af35732bc0789e5a2278c6d5f\"\u003e\u003ccode\u003ec3ad843\u003c/code\u003e\u003c/a\u003e Add cmpopts.EquateComparable (\u003ca href=\"https://redirect.github.com/google/go-cmp/issues/340\"\u003e#340\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/google/go-cmp/commit/e250a55e913727afa4a4ccf87d716232288d9b5f\"\u003e\u003ccode\u003ee250a55\u003c/code\u003e\u003c/a\u003e Use of hotlinking of Go identifiers (\u003ca href=\"https://redirect.github.com/google/go-cmp/issues/337\"\u003e#337\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/google/go-cmp/commit/8a3e8dd7458e5d9ba6b4317a4b1423b4910d4014\"\u003e\u003ccode\u003e8a3e8dd\u003c/code\u003e\u003c/a\u003e set workflow permission to read-only (\u003ca href=\"https://redirect.github.com/google/go-cmp/issues/327\"\u003e#327\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/google/go-cmp/commit/8cea5de50d284888e0abcdab4c2c65b6e73acb32\"\u003e\u003ccode\u003e8cea5de\u003c/code\u003e\u003c/a\u003e Pin GitHub action versions (\u003ca href=\"https://redirect.github.com/google/go-cmp/issues/332\"\u003e#332\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/google/go-cmp/commit/3bb304a85447513e496f9784afc52189e5bf41e9\"\u003e\u003ccode\u003e3bb304a\u003c/code\u003e\u003c/a\u003e Run tests for Go 1.20 version (\u003ca href=\"https://redirect.github.com/google/go-cmp/issues/322\"\u003e#322\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/google/go-cmp/commit/571a56ba783fe6ec6c9f3aa12166e8e33652e4c5\"\u003e\u003ccode\u003e571a56b\u003c/code\u003e\u003c/a\u003e Remove purego fallbacks (\u003ca href=\"https://redirect.github.com/google/go-cmp/issues/325\"\u003e#325\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/google/go-cmp/compare/v0.5.9...v0.7.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/google/uuid` from 1.3.1 to 1.6.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/google/uuid/releases\"\u003egithub.com/google/uuid's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.6.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/google/uuid/compare/v1.5.0...v1.6.0\"\u003e1.6.0\u003c/a\u003e (2024-01-16)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd Max UUID constant (\u003ca href=\"https://redirect.github.com/google/uuid/issues/149\"\u003e#149\u003c/a\u003e) (\u003ca href=\"https://github.com/google/uuid/commit/c58770eb495f55fe2ced6284f93c5158a62e53e3\"\u003ec58770e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efix typo in version 7 uuid documentation (\u003ca href=\"https://redirect.github.com/google/uuid/issues/153\"\u003e#153\u003c/a\u003e) (\u003ca href=\"https://github.com/google/uuid/commit/016b199544692f745ffc8867b914129ecb47ef06\"\u003e016b199\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMonotonicity in UUIDv7 (\u003ca href=\"https://redirect.github.com/google/uuid/issues/150\"\u003e#150\u003c/a\u003e) (\u003ca href=\"https://github.com/google/uuid/commit/a2b2b32373ff0b1a312b7fdf6d38a977099698a6\"\u003ea2b2b32\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.5.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/google/uuid/compare/v1.4.0...v1.5.0\"\u003e1.5.0\u003c/a\u003e (2023-12-12)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eValidate UUID without creating new UUID (\u003ca href=\"https://redirect.github.com/google/uuid/issues/141\"\u003e#141\u003c/a\u003e) (\u003ca href=\"https://github.com/google/uuid/commit/9ee7366e66c9ad96bab89139418a713dc584ae29\"\u003e9ee7366\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.4.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/google/uuid/compare/v1.3.1...v1.4.0\"\u003e1.4.0\u003c/a\u003e (2023-10-26)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUUIDs slice type with Strings() convenience method (\u003ca href=\"https://redirect.github.com/google/uuid/issues/133\"\u003e#133\u003c/a\u003e) (\u003ca href=\"https://github.com/google/uuid/commit/cd5fbbdd02f3e3467ac18940e07e062be1f864b4\"\u003ecd5fbbd\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eClarify that Parse's job is to parse but not necessarily validate strings. (Documents current behavior)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/google/uuid/blob/master/CHANGELOG.md\"\u003egithub.com/google/uuid's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/google/uuid/compare/v1.5.0...v1.6.0\"\u003e1.6.0\u003c/a\u003e (2024-01-16)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd Max UUID constant (\u003ca href=\"https://redirect.github.com/google/uuid/issues/149\"\u003e#149\u003c/a\u003e) (\u003ca href=\"https://github.com/google/uuid/commit/c58770eb495f55fe2ced6284f93c5158a62e53e3\"\u003ec58770e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efix typo in version 7 uuid documentation (\u003ca href=\"https://redirect.github.com/google/uuid/issues/153\"\u003e#153\u003c/a\u003e) (\u003ca href=\"https://github.com/google/uuid/commit/016b199544692f745ffc8867b914129ecb47ef06\"\u003e016b199\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMonotonicity in UUIDv7 (\u003ca href=\"https://redirect.github.com/google/uuid/issues/150\"\u003e#150\u003c/a\u003e) (\u003ca href=\"https://github.com/google/uuid/commit/a2b2b32373ff0b1a312b7fdf6d38a977099698a6\"\u003ea2b2b32\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/google/uuid/compare/v1.4.0...v1.5.0\"\u003e1.5.0\u003c/a\u003e (2023-12-12)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eValidate UUID without creating new UUID (\u003ca href=\"https://redirect.github.com/google/uuid/issues/141\"\u003e#141\u003c/a\u003e) (\u003ca href=\"https://github.com/google/uuid/commit/9ee7366e66c9ad96bab89139418a713dc584ae29\"\u003e9ee7366\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/google/uuid/compare/v1.3.1...v1.4.0\"\u003e1.4.0\u003c/a\u003e (2023-10-26)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUUIDs slice type with Strings() convenience method (\u003ca href=\"https://redirect.github.com/google/uuid/issues/133\"\u003e#133\u003c/a\u003e) (\u003ca href=\"https://github.com/google/uuid/commit/cd5fbbdd02f3e3467ac18940e07e062be1f864b4\"\u003ecd5fbbd\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eClarify that Parse's job is to parse but not necessarily validate strings. (Documents current behavior)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/google/uuid/commit/0f11ee6918f41a04c201eceeadf612a377bc7fbc\"\u003e\u003ccode\u003e0f11ee6\u003c/code\u003e\u003c/a\u003e chore(master): release 1.6.0 (\u003ca href=\"https://redirect.github.com/google/uuid/issues/151\"\u003e#151\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/google/uuid/commit/16939dafc37a38d2743810a8bdf60fdad6a0f3a3\"\u003e\u003ccode\u003e16939da\u003c/code\u003e\u003c/a\u003e chore(tests):  add strict monotonicity test case for uuid v7. (\u003ca href=\"https://redirect.github.com/google/uuid/issues/154\"\u003e#154\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/google/uuid/commit/016b199544692f745ffc8867b914129ecb47ef06\"\u003e\u003ccode\u003e016b199\u003c/code\u003e\u003c/a\u003e fix: fix typo in version 7 uuid documentation (\u003ca href=\"https://redirect.github.com/google/uuid/issues/153\"\u003e#153\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/google/uuid/commit/1d8b6ea0990d688105843a9a67b1d07222350502\"\u003e\u003ccode\u003e1d8b6ea\u003c/code\u003e\u003c/a\u003e ci: set token permissions to github workflows (\u003ca href=\"https://redirect.github.com/google/uuid/issues/143\"\u003e#143\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/google/uuid/commit/a2b2b32373ff0b1a312b7fdf6d38a977099698a6\"\u003e\u003ccode\u003ea2b2b32\u003c/code\u003e\u003c/a\u003e fix: Monotonicity in UUIDv7 (\u003ca href=\"https://redirect.github.com/google/uuid/issues/150\"\u003e#150\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/google/uuid/commit/c58770eb495f55fe2ced6284f93c5158a62e53e3\"\u003e\u003ccode\u003ec58770e\u003c/code\u003e\u003c/a\u003e feat: add Max UUID constant (\u003ca href=\"https://redirect.github.com/google/uuid/issues/149\"\u003e#149\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/google/uuid/commit/4d47f8eb066f43cfaedd728a543479d9c9dfa8f6\"\u003e\u003ccode\u003e4d47f8e\u003c/code\u003e\u003c/a\u003e chore(master): release 1.5.0 (\u003ca href=\"https://redirect.github.com/google/uuid/issues/145\"\u003e#145\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/google/uuid/commit/9ee7366e66c9ad96bab89139418a713dc584ae29\"\u003e\u003ccode\u003e9ee7366\u003c/code\u003e\u003c/a\u003e feat: Validate UUID without creating new UUID (\u003ca href=\"https://redirect.github.com/google/uuid/issues/141\"\u003e#141\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/google/uuid/commit/b35aa6a595277504b1ec94c520d4091ec050b9d5\"\u003e\u003ccode\u003eb35aa6a\u003c/code\u003e\u003c/a\u003e add uuid version 6 and 7 (\u003ca href=\"https://redirect.github.com/google/uuid/issues/139\"\u003e#139\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/google/uuid/commit/8de8764e294f072b7a2f1a209e88fdcdb1ebc875\"\u003e\u003ccode\u003e8de8764\u003c/code\u003e\u003c/a\u003e chore(master): release 1.4.0 (\u003ca href=\"https://redirect.github.com/google/uuid/issues/134\"\u003e#134\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/google/uuid/compare/v1.3.1...v1.6.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/moby/spdystream` from 0.2.0 to 0.5.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/moby/spdystream/releases\"\u003egithub.com/moby/spdystream's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.5.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003espdy: fix duplicate license headers, add LICENSE, PATENTS, and update NOTICE \u003ca href=\"https://redirect.github.com/moby/spdystream/pull/106\"\u003emoby/spdystream#106\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: update actions and test against latest Go versions \u003ca href=\"https://redirect.github.com/moby/spdystream/pull/107\"\u003emoby/spdystream#107\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003euse ioutil.Discard for go1.13 compatibility \u003ca href=\"https://redirect.github.com/moby/spdystream/pull/109\"\u003emoby/spdystream#109\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/moby/spdystream/compare/v0.5.0...v0.5.1\"\u003ehttps://github.com/moby/spdystream/compare/v0.5.0...v0.5.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e[v0.5.0] Avoid leaking timeout timer channels and update github actions\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eremove empty go.sum by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/moby/spdystream/pull/100\"\u003emoby/spdystream#100\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003egha: update actions and go versions  by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/moby/spdystream/pull/102\"\u003emoby/spdystream#102\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAvoid leaking goroutines on close by \u003ca href=\"https://github.com/liggitt\"\u003e\u003ccode\u003e@​liggitt\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/moby/spdystream/pull/101\"\u003emoby/spdystream#101\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/moby/spdystream/compare/v0.4.0...v0.5.0\"\u003ehttps://github.com/moby/spdystream/compare/v0.4.0...v0.5.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e[v0.4.0] fix goroutine leak and remove unused code\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAvoid 10 minute goroutine leak in error case for handled errors by \u003ca href=\"https://github.com/liggitt\"\u003e\u003ccode\u003e@​liggitt\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/moby/spdystream/pull/99\"\u003emoby/spdystream#99\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove unused websocket package by \u003ca href=\"https://github.com/dmcgowan\"\u003e\u003ccode\u003e@​dmcgowan\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/moby/spdystream/pull/98\"\u003emoby/spdystream#98\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/liggitt\"\u003e\u003ccode\u003e@​liggitt\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/moby/spdystream/pull/99\"\u003emoby/spdystream#99\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/moby/spdystream/compare/v0.3.0...v0.4.0\"\u003ehttps://github.com/moby/spdystream/compare/v0.3.0...v0.4.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e[v0.3.0] Release with fixes for a race condition\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003egha: update go versions by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/moby/spdystream/pull/90\"\u003emoby/spdystream#90\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix Ping data-race by \u003ca href=\"https://github.com/tigrato\"\u003e\u003ccode\u003e@​tigrato\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/moby/spdystream/pull/91\"\u003emoby/spdystream#91\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix unit test races (carry \u003ca href=\"https://redirect.github.com/moby/spdystream/issues/48\"\u003e#48\u003c/a\u003e) by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/moby/spdystream/pull/89\"\u003emoby/spdystream#89\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed data race in Stream.IsFInished()  by \u003ca href=\"https://github.com/code-qote\"\u003e\u003ccode\u003e@​code-qote\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/moby/spdystream/pull/96\"\u003emoby/spdystream#96\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tigrato\"\u003e\u003ccode\u003e@​tigrato\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/moby/spdystream/pull/91\"\u003emoby/spdystream#91\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/code-qote\"\u003e\u003ccode\u003e@​code-qote\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/moby/spdystream/pull/96\"\u003emoby/spdystream#96\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/moby/spdystream/compare/v0.2.0...v0.3.0\"\u003ehttps://github.com/moby/spdystream/compare/v0.2.0...v0.3.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/c59e5d73daa301bde452ea77545bdf51e32554a2\"\u003e\u003ccode\u003ec59e5d7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/moby/spdystream/issues/109\"\u003e#109\u003c/a\u003e from thaJeztah/use_ioutil\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/2fd0155e904f1f9b834b8460e8fdb8522bb59f84\"\u003e\u003ccode\u003e2fd0155\u003c/code\u003e\u003c/a\u003e use ioutil.Discard for go1.13 compatibility\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/ef6121f62c730110bf5ae604a865a8613bfb787f\"\u003e\u003ccode\u003eef6121f\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/241cec95b8f02919845dc4758f1f5310fc886739\"\u003e\u003ccode\u003e241cec9\u003c/code\u003e\u003c/a\u003e compare with signed Int for 32-bit Arm\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/21c38640c8c8f43173b17e5bc6690a5fa25d6935\"\u003e\u003ccode\u003e21c3864\u003c/code\u003e\u003c/a\u003e Add options to customize limits\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/acf9b456d06816c5cf23bf3892e13441f947d5fd\"\u003e\u003ccode\u003eacf9b45\u003c/code\u003e\u003c/a\u003e spdy: update godoc for MaxDataLength\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/eb6360582bf1343f485ca87b76efc9e72b49d690\"\u003e\u003ccode\u003eeb63605\u003c/code\u003e\u003c/a\u003e spdy: limit header-size and header-count\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/2f21da42eaab90f03a82fb03d0de8e91eb1d0fc6\"\u003e\u003ccode\u003e2f21da4\u003c/code\u003e\u003c/a\u003e spdy: fix header block byte accounting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/5976b6612f07a27f2e9a4de875485defb43b5d50\"\u003e\u003ccode\u003e5976b66\u003c/code\u003e\u003c/a\u003e spdy: enforce 24-bit frame length limits\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/cf0ec5d0fe4dbb2f3525f733946e0d0ddbfd5b13\"\u003e\u003ccode\u003ecf0ec5d\u003c/code\u003e\u003c/a\u003e Guard against oversized SPDY frames\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/moby/spdystream/compare/v0.2.0...v0.5.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/moby/term` from 0.5.0 to 0.5.2\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/term/commit/6c1b69fecbac2753dcaf18718a7e9f9093c3760d\"\u003e\u003ccode\u003e6c1b69f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/moby/term/issues/47\"\u003e#47\u003c/a\u003e from thaJeztah/bump_ansiterm\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/term/commit/c3678795976124c4119d365cf947ebfbb9c0bec5\"\u003e\u003ccode\u003ec367879\u003c/code\u003e\u003c/a\u003e go.mod: github.com/Azure/go-ansiterm faa5f7b0171c\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/term/commit/31a7e4ea1cf40419c8ef5288bacc81e136edc436\"\u003e\u003ccode\u003e31a7e4e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/moby/term/issues/48\"\u003e#48\u003c/a\u003e from thaJeztah/gha_tweak\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/term/commit/1700fcb009fba7d7add9f50e2bef37f4347125de\"\u003e\u003ccode\u003e1700fcb\u003c/code\u003e\u003c/a\u003e Add security policy\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/term/commit/ca22ebc1e2bc1564b62ad2b063e24dac635a1227\"\u003e\u003ccode\u003eca22ebc\u003c/code\u003e\u003c/a\u003e gha: add concurrency check\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/term/commit/905a8aa03d4aad33ee2256a28e63c4bec8457f8e\"\u003e\u003ccode\u003e905a8aa\u003c/code\u003e\u003c/a\u003e gha: set default permissions to \u0026quot;read\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/term/commit/e3559a61c4e7f1f48a934096f1d54b81da84c26d\"\u003e\u003ccode\u003ee3559a6\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/moby/term/issues/46\"\u003e#46\u003c/a\u003e from thaJeztah/refresh_gha\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/term/commit/a86f03303976704c36f23f6f024aaa706ad6727e\"\u003e\u003ccode\u003ea86f033\u003c/code\u003e\u003c/a\u003e gha: test against go1.22, go1.23 (latest, latest -1)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/term/commit/ceff820967582be4bd657994f2a1f7bdb7693214\"\u003e\u003ccode\u003eceff820\u003c/code\u003e\u003c/a\u003e gha: update actions/checkout@v4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/term/commit/dfe80c748585cbda3462b01483a678fb695b19c7\"\u003e\u003ccode\u003edfe80c7\u003c/code\u003e\u003c/a\u003e gha: update actions/setup-go@v5\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/moby/term/compare/v0.5.0...v0.5.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/sony/sonyflake` from 1.2.0 to 1.3.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sony/sonyflake/commit/f167a9d53145b661d05ac28b5702b6f29ea9c502\"\u003e\u003ccode\u003ef167a9d\u003c/code\u003e\u003c/a\u003e Add Compose method and corresponding tests (\u003ca href=\"https://redirect.github.com/sony/sonyflake/issues/79\"\u003e#79\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sony/sonyflake/commit/5c401f9c06d65696ccc05069921197d6454ae718\"\u003e\u003ccode\u003e5c401f9\u003c/code\u003e\u003c/a\u003e Make unit tests stabler (\u003ca href=\"https://redirect.github.com/sony/sonyflake/issues/78\"\u003e#78\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sony/sonyflake/commit/0cdef9e4fefac16ba69eb0cdd035fff2a3df7dd1\"\u003e\u003ccode\u003e0cdef9e\u003c/code\u003e\u003c/a\u003e Update TimeUnit in ToTime test to use 100 milliseconds for improved accuracy ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sony/sonyflake/commit/114716564a650e3e7d686833e0e415bafded669d\"\u003e\u003ccode\u003e1147165\u003c/code\u003e\u003c/a\u003e Fix time duration comparison in ToTime test to ensure correct validation of g...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sony/sonyflake/commit/2343cac6764e32c756da0bea2b913a4ba188fc2d\"\u003e\u003ccode\u003e2343cac\u003c/code\u003e\u003c/a\u003e Check compose args (\u003ca href=\"https://redirect.github.com/sony/sonyflake/issues/74\"\u003e#74\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sony/sonyflake/commit/5347433c8caaf6d9083e6ffaa236bbda900cc0be\"\u003e\u003ccode\u003e5347433\u003c/code\u003e\u003c/a\u003e Enhance Sonyflake error handling by adding tests for invalid machine IDs, inc...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sony/sonyflake/commit/774342570aeeb24fd2964e898cbdab01b1468ae2\"\u003e\u003ccode\u003e7743425\u003c/code\u003e\u003c/a\u003e Add Compose method (\u003ca href=\"https://redirect.github.com/sony/sonyflake/issues/71\"\u003e#71\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sony/sonyflake/commit/59c47aeab18f714f485b4c731b2f1ae2a3389637\"\u003e\u003ccode\u003e59c47ae\u003c/code\u003e\u003c/a\u003e Fix lint errors (\u003ca href=\"https://redirect.github.com/sony/sonyflake/issues/70\"\u003e#70\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sony/sonyflake/commit/d764be18d534c29949a3f63b6fe7d7dab9f50187\"\u003e\u003ccode\u003ed764be1\u003c/code\u003e\u003c/a\u003e Update README.md (\u003ca href=\"https://redirect.github.com/sony/sonyflake/issues/69\"\u003e#69\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sony/sonyflake/commit/7ee8f154df0b7d832ac225f91c04e51ba5b791ed\"\u003e\u003ccode\u003e7ee8f15\u003c/code\u003e\u003c/a\u003e feat(v2): make bit assignment for time/sequence/machine customizable … (\u003ca href=\"https://redirect.github.com/sony/sonyflake/issues/68\"\u003e#68\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/sony/sonyflake/compare/v1.2.0...v1.3.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/spf13/pflag` from 1.0.5 to 1.0.10\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/spf13/pflag/releases\"\u003egithub.com/spf13/pflag's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.0.10\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix deprecation comment for (FlagSet.)ParseErrorsWhitelist by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/spf13/pflag/pull/447\"\u003espf13/pflag#447\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eremove uses of errors.Is, which requires go1.13, move go1.16/go1.21 tests to separate file by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/spf13/pflag/pull/448\"\u003espf13/pflag#448\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/spf13/pflag/pull/447\"\u003espf13/pflag#447\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/spf13/pflag/compare/v1.0.9...v1.0.10\"\u003ehttps://github.com/spf13/pflag/compare/v1.0.9...v1.0.10\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.0.9\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: Restore ParseErrorsWhitelist name for now by \u003ca href=\"https://github.com/tomasaschan\"\u003e\u003ccode\u003e@​tomasaschan\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/spf13/pflag/pull/446\"\u003espf13/pflag#446\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/spf13/pflag/compare/v1.0.8...v1.0.9\"\u003ehttps://github.com/spf13/pflag/compare/v1.0.8...v1.0.9\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.0.8\u003c/h2\u003e\n\u003ch2\u003e:warning: Breaking Change\u003c/h2\u003e\n\u003cp\u003eThis version, while only a patch bump, includes a (very minor) breaking change: the \u003ccode\u003eflag.ParseErrorsWhitelist\u003c/code\u003e struct and corresponding \u003ccode\u003eFlagSet.parseErrorsWhitelist\u003c/code\u003e field have been renamed to \u003ccode\u003eParseErrorsAllowlist\u003c/code\u003e.\u003c/p\u003e\n\u003cp\u003eThis should result in compilation errors in any code that uses these fields, which can be fixed by adjusting the names at call sites. There is no change in semantics or behavior of the struct or field referred to by these names. If your code compiles without errors after bumping to/past v1.0.8, you are not affected by this change.\u003c/p\u003e\n\u003cp\u003eThe breaking change was reverted in v1.0.9, by means of re-introducing the old names with deprecation warnings. The plan is still to remove them in a future release, so if your code does depend on the old names, please change them to use the new names at your earliest convenience.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemove Redundant \u0026quot;Unknown-Flag\u0026quot; Error by \u003ca href=\"https://github.com/vaguecoder\"\u003e\u003ccode\u003e@​vaguecoder\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/spf13/pflag/pull/364\"\u003espf13/pflag#364\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSwitching from whitelist to Allowlist terminology by \u003ca href=\"https://github.com/dubrie\"\u003e\u003ccode\u003e@​dubrie\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/spf13/pflag/pull/261\"\u003espf13/pflag#261\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eOmit zero time.Time default from usage line by \u003ca href=\"https://github.com/mologie\"\u003e\u003ccode\u003e@​mologie\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/spf13/pflag/pull/438\"\u003espf13/pflag#438\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eimplement CopyToGoFlagSet by \u003ca href=\"https://github.com/pohly\"\u003e\u003ccode\u003e@​pohly\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/spf13/pflag/pull/330\"\u003espf13/pflag#330\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eflag: Emulate stdlib behavior and do not print ErrHelp by \u003ca href=\"https://github.com/tmc\"\u003e\u003ccode\u003e@​tmc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/spf13/pflag/pull/407\"\u003espf13/pflag#407\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePrint Default Values of String-to-String in Sorted Order by \u003ca href=\"https://github.com/vaguecoder\"\u003e\u003ccode\u003e@​vaguecoder\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/spf13/pflag/pull/365\"\u003espf13/pflag#365\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Don't print ErrHelp in ParseAll by \u003ca href=\"https://github.com/tomasaschan\"\u003e\u003ccode\u003e@​tomasaschan\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/spf13/pflag/pull/443\"\u003espf13/pfl...\n\n_Description has been truncated_","html_url":"https://github.com/openim-sigs/component-base/pull/97","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/openim-sigs%2Fcomponent-base/issues/97","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/97/packages"}},{"old_version":"0.5.0","new_version":"0.5.1","update_type":"patch","path":"/system-tests/tests","pr_created_at":"2026-04-17T00:37:02.000Z","version_change":"0.5.0 → 0.5.1","issue":{"uuid":"4279360593","node_id":"PR_kwDOGWmxQ87TJlH-","number":1718,"state":"open","title":"build(deps): bump github.com/moby/spdystream from 0.5.0 to 0.5.1 in /system-tests/tests","user":"dependabot[bot]","labels":["dependencies"],"assignees":[],"locked":false,"comments_count":3,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-04-17T00:37:02.000Z","updated_at":"2026-04-22T00:09:56.637Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps)","packages":[{"name":"github.com/moby/spdystream","old_version":"0.5.0","new_version":"0.5.1","repository_url":"https://github.com/moby/spdystream"}],"path":"/system-tests/tests","ecosystem":"go"},"body":"Bumps [github.com/moby/spdystream](https://github.com/moby/spdystream) from 0.5.0 to 0.5.1.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/moby/spdystream/releases\"\u003egithub.com/moby/spdystream's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.5.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003espdy: fix duplicate license headers, add LICENSE, PATENTS, and update NOTICE \u003ca href=\"https://redirect.github.com/moby/spdystream/pull/106\"\u003emoby/spdystream#106\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: update actions and test against latest Go versions \u003ca href=\"https://redirect.github.com/moby/spdystream/pull/107\"\u003emoby/spdystream#107\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003euse ioutil.Discard for go1.13 compatibility \u003ca href=\"https://redirect.github.com/moby/spdystream/pull/109\"\u003emoby/spdystream#109\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/moby/spdystream/compare/v0.5.0...v0.5.1\"\u003ehttps://github.com/moby/spdystream/compare/v0.5.0...v0.5.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/c59e5d73daa301bde452ea77545bdf51e32554a2\"\u003e\u003ccode\u003ec59e5d7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/moby/spdystream/issues/109\"\u003e#109\u003c/a\u003e from thaJeztah/use_ioutil\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/2fd0155e904f1f9b834b8460e8fdb8522bb59f84\"\u003e\u003ccode\u003e2fd0155\u003c/code\u003e\u003c/a\u003e use ioutil.Discard for go1.13 compatibility\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/ef6121f62c730110bf5ae604a865a8613bfb787f\"\u003e\u003ccode\u003eef6121f\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/241cec95b8f02919845dc4758f1f5310fc886739\"\u003e\u003ccode\u003e241cec9\u003c/code\u003e\u003c/a\u003e compare with signed Int for 32-bit Arm\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/21c38640c8c8f43173b17e5bc6690a5fa25d6935\"\u003e\u003ccode\u003e21c3864\u003c/code\u003e\u003c/a\u003e Add options to customize limits\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/acf9b456d06816c5cf23bf3892e13441f947d5fd\"\u003e\u003ccode\u003eacf9b45\u003c/code\u003e\u003c/a\u003e spdy: update godoc for MaxDataLength\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/eb6360582bf1343f485ca87b76efc9e72b49d690\"\u003e\u003ccode\u003eeb63605\u003c/code\u003e\u003c/a\u003e spdy: limit header-size and header-count\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/2f21da42eaab90f03a82fb03d0de8e91eb1d0fc6\"\u003e\u003ccode\u003e2f21da4\u003c/code\u003e\u003c/a\u003e spdy: fix header block byte accounting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/5976b6612f07a27f2e9a4de875485defb43b5d50\"\u003e\u003ccode\u003e5976b66\u003c/code\u003e\u003c/a\u003e spdy: enforce 24-bit frame length limits\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/spdystream/commit/cf0ec5d0fe4dbb2f3525f733946e0d0ddbfd5b13\"\u003e\u003ccode\u003ecf0ec5d\u003c/code\u003e\u003c/a\u003e Guard against oversized SPDY frames\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/moby/spdystream/compare/v0.5.0...v0.5.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/moby/spdystream\u0026package-manager=go_modules\u0026previous-version=0.5.0\u0026new-version=0.5.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/mikeyhodl/chainlink/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/mikeyhodl/chainlink/pull/1718","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/mikeyhodl%2Fchainlink/issues/1718","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/1718/packages"}}]}