fix(deps): update non-k8s-go-dependencies

[red-hat-konflux]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Change	Age	Confidence	Type	Update
github.com/emicklei/go-restful/v3	v3.12.2 → v3.13.0			indirect	minor
github.com/fatih/color	v1.18.0 → v1.19.0			indirect	minor
github.com/fsnotify/fsnotify	v1.9.0 → v1.10.1			indirect	minor
github.com/fxamacker/cbor/v2	v2.9.0 → v2.9.2			indirect	patch
github.com/go-openapi/jsonpointer	v0.21.1 → v0.23.1			indirect	minor
github.com/go-openapi/jsonreference	v0.21.0 → v0.21.6			indirect	patch
github.com/go-openapi/swag	v0.23.1 → v0.26.0			indirect	minor
github.com/google/gnostic-models	v0.7.0 → v0.7.1			indirect	patch
github.com/hashicorp/go-hclog	v0.14.1 → v0.16.2			indirect	minor
github.com/hashicorp/go-plugin	v1.6.0 → v1.8.0			indirect	minor
github.com/hashicorp/yamux	v0.1.1 → v0.1.2			indirect	patch
github.com/kubernetes-csi/external-snapshotter/client/v8	v8.2.0 → v8.6.0			require	minor
github.com/mailru/easyjson	v0.9.0 → v0.9.2			indirect	patch
github.com/mattn/go-colorable	v0.1.14 → v0.1.15			indirect	patch
github.com/mattn/go-isatty	v0.0.20 → v0.0.22			indirect	patch
github.com/mitchellh/go-testing-interface	v1.0.0 → v1.14.1			indirect	minor
github.com/oklog/run	v1.0.0 → v1.2.0			indirect	minor
github.com/onsi/gomega	v1.38.2 → v1.41.0			require	minor
github.com/openshift/api	68ce3d9 → 1194f4c			indirect	digest
github.com/openshift/hive/apis	3f49f26 → cb3fb8a			require	digest
github.com/openshift/hypershift/api	d345a6a → f13c62d			require	digest
github.com/prometheus/client_golang	v1.22.0 → v1.23.2			indirect	minor
github.com/prometheus/common	v0.65.0 → v0.68.1			indirect	minor
github.com/prometheus/procfs	v0.16.1 → v0.20.1			indirect	minor
github.com/sirupsen/logrus	v1.9.3 → v1.9.4			require	patch
github.com/spf13/cobra	v1.9.1 → v1.10.2			indirect	minor
github.com/spf13/pflag	v1.0.7 → v1.0.10			indirect	patch
github.com/vmware-tanzu/velero	v1.14.0 → v1.18.1			require	minor
go (source)	1.25.8 → 1.26.4			toolchain	minor
go.yaml.in/yaml/v2	v2.4.2 → v2.4.4			indirect	patch
golang.org/x/net	v0.52.0 → v0.55.0			indirect	minor
golang.org/x/oauth2	v0.30.0 → v0.36.0			indirect	minor
golang.org/x/sys	v0.42.0 → v0.45.0			indirect	minor
golang.org/x/term	v0.41.0 → v0.43.0			indirect	minor
golang.org/x/text	v0.35.0 → v0.37.0			indirect	minor
golang.org/x/time	v0.11.0 → v0.15.0			indirect	minor
google.golang.org/genproto/googleapis/rpc	a0af3ef → 3dc84a4			indirect	digest
google.golang.org/grpc	v1.72.1 → v1.81.1			indirect	minor
google.golang.org/protobuf	v1.36.7 → v1.36.11			indirect	patch
gopkg.in/evanphx/json-patch.v4	v4.12.0 → v4.13.0			indirect	minor

---

Warning

Some dependencies could not be looked up. Check the warning logs for more information.

---

Release Notes

emicklei/go-restful (github.com/emicklei/go-restful/v3)

v3.13.0

Compare Source

• optimize performance of path matching in CurlyRouter ( thanks @​wenhuang, Wen Huang)

fatih/color (github.com/fatih/color)

v1.19.0

Compare Source

What's Changed

• Bump golang.org/x/sys from 0.25.0 to 0.28.0 by @​dependabot[bot] in #​246
• Fix for issue #​230 set/unsetwriter symmetric wrt color support detection by @​ataypamart in #​243
• chore: go mod cleanup by @​sashamelentyev in #​244
• Bump golang.org/x/sys from 0.28.0 to 0.30.0 by @​dependabot[bot] in #​249
• Bump github.com/mattn/go-colorable from 0.1.13 to 0.1.14 by @​dependabot[bot] in #​248
• Update CI and go deps by @​fatih in #​254
• Bump golang.org/x/sys from 0.31.0 to 0.37.0 by @​dependabot[bot] in #​268
• fix: include escape codes in byte counts from Fprint, Fprintf by @​qualidafial in #​282
• Bump golang.org/x/sys from 0.37.0 to 0.40.0 by @​dependabot[bot] in #​277
• fix: add nil check for os.Stdout to prevent panic on Windows services by @​majiayu000 in #​275
• Bump dominikh/staticcheck-action from 1.3.1 to 1.4.0 by @​dependabot[bot] in #​259
• Bump actions/checkout from 4 to 6 by @​dependabot[bot] in #​273
• Optimize Color.Equals performance (O(n²) → O(n)) by @​UnSubble in #​269
• Bump actions/setup-go from 5 to 6 by @​dependabot[bot] in #​266

New Contributors

• @​ataypamart made their first contribution in #​243
• @​sashamelentyev made their first contribution in #​244
• @​qualidafial made their first contribution in #​282
• @​majiayu000 made their first contribution in #​275
• @​UnSubble made their first contribution in #​269

Full Changelog: fatih/color@v1.18.0...v1.19.0

fsnotify/fsnotify (github.com/fsnotify/fsnotify)

v1.10.1

Compare Source

Changes and fixes

• inotify: don't remove sibling watches sharing a path prefix (#​754)

• inotify, windows: don't rename sibling watches sharing a path prefix
  (#​755)

v1.10.0

Compare Source

This version of fsnotify needs Go 1.23.

Changes and fixes

• inotify: improve initialization error message (#​731)

• inotify: send Rename event if recursive watch is renamed (#​696)

• inotify: avoid copying event buffers when reading names (#​741)

• kqueue: skip dangling symlinks (ENOENT) in watchDirectoryFiles, so a bad entry no longer aborts Watcher.Add for the whole directory (#​748)

• kqueue: drop watches directly in Close() to fix a file descriptor leak when recycling watchers (#​740)

• windows: fix nil pointer dereference in remWatch (#​736)

• windows: lock watch field updates against concurrent WatchList to fix a race introduced in v1.9.0 (#​709, #​749)

fxamacker/cbor (github.com/fxamacker/cbor/v2)

v2.9.2

Compare Source

This release refactors and hardens the streaming encoder by adding stricter checks for encoding CBOR indefinite-length data. Other changes include minor bugfixes, defensive checks, and more tests.

Projects that don't use CBOR indefinite-length data may also want to upgrade (summary of prior releases).

The stricter checks in the encoder prevent improper use of the library and bad inputs from producing malformed CBOR indefinite-length data that would be rejected by the decoder.

This release passed fuzz tests (billions of execs) and it is production quality.

What's Changed

• Reject encoding indefinite-length map with odd item count by @​fxamacker in #​764
• Reject encoding indefinite-length data item as a chunk inside indefinite-length byte string or text string by @​fxamacker in #​765
• Make TagSet.Remove a no-op when contentType is nil by @​fxamacker in #​766
• Refactor indefinite-length encoding and improve chunk validation during encoding by @​fxamacker in #​767
• Add more tests, fix a nit in unreachable panic message, update docs & ci by @​fxamacker in #​768

CI / GitHub Actions and Docs

🔎 Details...

• Bump actions/setup-go from 6.3.0 to 6.4.0 by @​dependabot[bot] in #​760
• Bump github/codeql-action from 4.34.1 to 4.35.1 by @​dependabot[bot] in #​761
• Bump github/codeql-action from 4.35.1 to 4.35.2 by @​dependabot[bot] in #​763
• Update README for v2.9.2 release by @​fxamacker in #​769

Full Changelog: fxamacker/cbor@v2.9.1...v2.9.2

v2.9.1

Compare Source

This release includes important bugfixes, defensive checks, improved code quality, and more tests. Although not public, the fuzzer was also improved by adding more fuzz tests.

🐞 Bug fixes related to the keyasint feature

These changes only affect Go struct fields tagged with keyasint:

• [Decoding] Reject integer keys that exceed math.MaxInt64 when decoding CBOR map to a struct with keyasint field (PR #​757)
• [Decoding] Prevent string representation of an integer key from matching the struct field tagged by keyasint (PR #​757)
• [Encoding & Decoding] Deduplicate struct fields with the same normalized keyasint tag values (PR #​757)

🐞 Other bug fixes and defensive checks

Some of the bugs fixed are related to decoding extreme values that cannot be encoded with this library. For example, the decoder checks if epoch time encoded as CBOR float value representing hundreds of billions of years overflows int64(seconds).

NOTE: It is generally good practice to avoid using floating point to store epoch time (even when not using CBOR).

• [Decoding] Reject decoding epoch time encoded as floats that overflow int64 (PR #​753)
• [Encoding] Return a cloned slice for an empty RawMessage from RawMessage.MarshalCBOR (PR #​753)
• [Encoding] Reject encoding nil inside indefinite-length strings (PR #​750)
• [Diagnostic] Accept valid U+FFFD replacement character (PR #​753)

What's Changed

• 🆕 Add TimeMode encoding option TimeRFC3339NanoUTC by @​fxamacker in #​688
• Use actual negative zero in tests by @​makew0rld in #​708
• Reject encoding nil inside CBOR indefinite-length string by @​fxamacker in #​750
• Refactor and add tests by @​fxamacker in #​752
• Small bugfixes, defensive checks, and improvements by @​fxamacker in #​753
• Refactor parseMapToStruct(), getDecodingStructType(), getEncodingStructType(), and field struct by @​fxamacker in #​754
• Fix several issues related to keyasint tag option by @​fxamacker in #​757

CI / GitHub Actions and Docs

🔎 Details...

• Bump github/codeql-action from 3.29.2 to 3.29.4 by @​dependabot[bot] in #​690
• Bump github/codeql-action from 3.29.4 to 3.29.5 by @​dependabot[bot] in #​691
• Bump actions/checkout from 4.2.2 to 5.0.0 by @​dependabot[bot] in #​696
• Bump github/codeql-action from 3.29.7 to 3.29.9 by @​dependabot[bot] in #​697
• Bump github/codeql-action from 3.29.9 to 3.29.11 by @​dependabot[bot] in #​700
• Bump github/codeql-action from 3.29.11 to 3.30.0 by @​dependabot[bot] in #​702
• Bump actions/setup-go from 5.5.0 to 6.0.0 by @​dependabot[bot] in #​703
• Bump github/codeql-action from 3.30.0 to 3.30.3 by @​dependabot[bot] in #​706
• Bump github/codeql-action from 3.30.3 to 3.30.4 by @​dependabot[bot] in #​710
• Bump github/codeql-action from 3.30.4 to 3.30.6 by @​dependabot[bot] in #​712
• Bump github/codeql-action from 3.30.6 to 4.30.7 by @​dependabot[bot] in #​713
• Bump github/codeql-action from 4.30.7 to 4.30.8 by @​dependabot[bot] in #​716
• Bump github/codeql-action from 4.30.8 to 4.30.9 by @​dependabot[bot] in #​718
• Bump github/codeql-action from 4.30.9 to 4.31.2 by @​dependabot[bot] in #​720
• Bump github/codeql-action from 4.31.2 to 4.31.3 by @​dependabot[bot] in #​721
• Bump github/codeql-action from 4.31.3 to 4.31.4 by @​dependabot[bot] in #​724
• Bump actions/setup-go from 6.0.0 to 6.1.0 by @​dependabot[bot] in #​725
• Bump actions/checkout from 5.0.0 to 6.0.0 by @​dependabot[bot] in #​726
• Bump github/codeql-action from 4.31.4 to 4.31.5 by @​dependabot[bot] in #​727
• Bump github/codeql-action from 4.31.5 to 4.31.6 by @​dependabot[bot] in #​728
• Bump actions/checkout from 6.0.0 to 6.0.1 by @​dependabot[bot] in #​729
• Bump github/codeql-action from 4.31.6 to 4.31.8 by @​dependabot[bot] in #​732
• Bump github/codeql-action from 4.31.8 to 4.31.9 by @​dependabot[bot] in #​733
• Bump github/codeql-action from 4.31.9 to 4.31.10 by @​dependabot[bot] in #​738
• Bump actions/setup-go from 6.1.0 to 6.2.0 by @​dependabot[bot] in #​739
• Bump actions/checkout from 6.0.1 to 6.0.2 by @​dependabot[bot] in #​740
• Bump github/codeql-action from 4.31.10 to 4.32.0 by @​dependabot[bot] in #​742
• Bump github/codeql-action from 4.32.0 to 4.32.3 by @​dependabot[bot] in #​745
• Bump actions/setup-go from 6.2.0 to 6.3.0 by @​dependabot[bot] in #​746
• Bump github/codeql-action from 4.32.3 to 4.32.4 by @​dependabot[bot] in #​747
• Bump github/codeql-action from 4.32.4 to 4.32.6 by @​dependabot[bot] in #​748
• Bump github/codeql-action from 4.32.6 to 4.34.0 by @​dependabot[bot] in #​749
• Bump github/codeql-action from 4.34.0 to 4.34.1 by @​dependabot[bot] in #​751
• Update README status section by @​fxamacker in #​758

New Contributors

• @​makew0rld made their first contributihttps://github.com/fxamacker/cbor/pull/708ll/708

Full Changelog: fxamacker/cbor@v2.9.0...v2.9.1

go-openapi/jsonpointer (github.com/go-openapi/jsonpointer)

v0.23.1

Compare Source

0.23.1 - 2026-04-18

Full Changelog: go-openapi/jsonpointer@v0.23.0...v0.23.1

5 commits in this release.

---

Fixed bugs

• fix(offset): in Offset method, fixed index of value of array element. by @​fredbi in #​128 ...

Documentation

• doc: project status update by @​fredbi in #​127 ...
• docs: point to organization-wide documentations, added missing godocs by @​fredbi in #​126 ...
• doc: updated contributors file by @​bot-go-openapi[bot] in #​125 ...

Updates

• chore(deps): bump the development-dependencies group with 7 updates by @​dependabot[bot] in #​124 ...

---

People who contributed to this release

• @​fredbi

---

jsonpointer license terms

v0.23.0

Compare Source

0.23.0 - 2026-04-15

Support for known limitations

Full Changelog: go-openapi/jsonpointer@v0.22.5...v0.23.0

16 commits in this release.

---

Implemented enhancements

• feat: added alternate json name provider by @​fredbi in #​123 ...
• feat: added optional support for non-default json name provider by @​fredbi in #​122 ...
• feat: the RFC 6901 "-" array suffix is now supported by @​fredbi in #​121 ...

Fixed bugs

• fix(errors): correct error message for invalid JSON pointer start by @​alexandear in #​118 ...

Documentation

• doc: updated contributors file by @​bot-go-openapi[bot] in #​119 ...
• doc: updated contributors file by @​bot-go-openapi[bot] in #​116 ...
• doc: add portable agentic instructions by @​fredbi in #​114 ...
• doc: update discord link by @​fredbi in #​113 ...
• doc: updated contributors file by @​bot-go-openapi[bot] in #​112 ...
• doc: updated contributors file by @​bot-go-openapi[bot] in #​108 ...

Miscellaneous tasks

• chore: bump go directive to 1.25.0 by @​fredbi in #​115 ...
• chore: removed unnecessary git-cliff config (uses shared) by @​fredbi in #​109 ...

Updates

• chore(deps): bump github.com/go-openapi/testify/v2 from 2.4.1 to 2.4.2 in the go-openapi-dependencies group by @​dependabot[bot] in #​117 ...
• chore(deps): bump github.com/go-openapi/testify/v2 from 2.4.0 to 2.4.1 in the go-openapi-dependencies group by @​dependabot[bot] in #​110 ...
• chore(deps): bump the development-dependencies group with 7 updates by @​dependabot[bot] in #​111 ...
• chore(deps): bump the development-dependencies group with 7 updates by @​dependabot[bot] in #​107 ...

---

People who contributed to this release

• @​alexandear
• @​fredbi

---

New Contributors

• @​alexandear made their first contribution
  in #​118

---

jsonpointer license terms

v0.22.5

Compare Source

0.22.5 - 2026-03-02

Full Changelog: go-openapi/jsonpointer@v0.22.4...v0.22.5

15 commits in this release.

---

Documentation

• doc: updated contributors file by @​bot-go-openapi[bot] in #​97 ...
• doc: announced new discord channel by @​fredbi in #​96 ...
• doc: updated contributors file by @​bot-go-openapi[bot] in #​92 ...

Code quality

• chore: doc, test, lint update by @​fredbi in #​105 ...

Miscellaneous tasks

• ci: upgraded bump-release workflow (new input format) by @​fredbi in #​106 ...
• ci: updated workflows by @​fredbi in #​95 ...
• chore: fixed missing license headers in new files by @​fredbi in #​94 ...
• ci: removed duplicate workflow remaining after refactoring by @​fredbi in #​93 ...

Updates

• chore(deps): bump github.com/go-openapi/testify/v2 from 2.3.0 to 2.4.0 in the go-openapi-dependencies group by @​dependabot[bot] in #​104 ...
• chore(deps): bump github.com/go-openapi/testify/v2 from 2.2.0 to 2.3.0 in the go-openapi-dependencies group by @​dependabot[bot] in #​102 ...
• chore(deps): bump the development-dependencies group with 7 updates by @​dependabot[bot] in #​103 ...
• chore(deps): bump the development-dependencies group with 7 updates by @​dependabot[bot] in #​101 ...
• chore(deps): bump github.com/go-openapi/testify/v2 from 2.1.8 to 2.2.0 in the go-openapi-dependencies group by @​dependabot[bot] in #​100 ...
• chore(deps): bump github.com/go-openapi/testify/v2 from 2.0.2 to 2.1.8 in the go-openapi-dependencies group by @​dependabot[bot] in #​98 ...
• chore(deps): bump the development-dependencies group with 7 updates by @​dependabot[bot] in #​99 ...

---

People who contributed to this release

• @​bot-go-openapi[bot]
• @​fredbi

---

New Contributors

• @​bot-go-openapi[bot] made their first contribution
  in #​97

---

jsonpointer license terms

v0.22.4

Compare Source

0.22.4 - 2025-12-06

Full Changelog: go-openapi/jsonpointer@v0.22.3...v0.22.4

1 commits in this release.

---

Miscellaneous tasks

• ci: aligned CI to use shared workflows by @​fredbi in #​91 ...

---

People who contributed to this release

• @​fredbi

---

jsonpointer license terms

v0.22.3

Compare Source

0.22.3 - 2025-11-17

Full Changelog: go-openapi/jsonpointer@v0.22.2...v0.22.3

8 commits in this release.

---

Documentation

• doc: updated contributors file by @​github-actions[bot] in #​76 ...
• doc: automated a record of all-time contributors by @​fredbi in #​75 ...
• doc: release badge in README by @​fredbi in #​73 ...

Code quality

• docs: added maintainer's doc and style guide by @​fredbi in #​77 ...
• doc: improved documentation by @​fredbi in #​70 ...
• chore(lint): more linting by @​fredbi in #​71 ...

Miscellaneous tasks

• test: added tests for edge cases by @​fredbi in #​74 ...
• ci: run fuzz test in ci by @​fredbi in #​72 ...

---

People who contributed to this release

• @​fredbi
• @​github-actions[bot]

---

New Contributors

• @​github-actions[bot] made their first contribution
  in #​76

---

jsonpointer license terms

v0.22.2

Compare Source

0.22.2 - 2025-11-14

Full Changelog: go-openapi/jsonpointer@v0.22.1...v0.22.2

12 commits in this release.

---

Documentation

• ci: fixed typo by @​fredbi ...
• docs: fixed typo in NOTICE by @​fredbi in #​62 ...
• Licensing: added NOTICE by @​fredbi in #​61 ...

Code quality

• chore(lint): code quality by @​fredbi in #​64 ...

Testing

• test: added fuzz test for parsing by @​fredbi in #​69 ...
• test: improved test coverage by @​fredbi in #​68 ...

Miscellaneous tasks

• ci: fixed sarif file by @​fredbi ...
• chore(deps): removed indirect test dependencies by @​fredbi in #​60 ...

Security

• ci: added govulscan security scanner tool by @​fredbi in #​67 ...
• doc: added examples to document simple use cases by [@​fredbi](h

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

To execute skipped test pipelines write comment /ok-to-test.

---

Documentation

Find out how to configure dependency updates in MintMaker documentation or see all available configuration options in Renovate documentation.

[coderabbitai]

Important

Review skipped

Auto reviews are disabled on base/target branches other than the default branch.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 3d2f6ff5-b1f7-4782-947d-5237f738a3c6

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch konflux/mintmaker/oadp-1.5/non-k8s-go-dependencies

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[openshift-ci]

Hi @red-hat-konflux[bot]. Thanks for your PR.

I'm waiting for a openshift member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work.

Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: red-hat-konflux[bot]
Once this PR has been reviewed and has the lgtm label, please assign muraee for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[openshift-ci]

@red-hat-konflux[bot]: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/unit	1c0171e	link	true	/test unit
ci/prow/verify	1c0171e	link	true	/test verify
ci/prow/build	1c0171e	link	true	/test build
ci/prow/images	1c0171e	link	true	/test images

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.