Update Go modules

[red-hat-konflux]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Change	Age	Confidence	Type	Update
github.com/bpfman/bpfman-operator	v0.5.7-0.20250702114755-642adfde5e43 → v0.6.0			require	minor
github.com/emicklei/go-restful/v3	v3.12.2 → v3.13.0			indirect	minor
github.com/fxamacker/cbor/v2	v2.9.0 → v2.9.1			indirect	patch
github.com/go-openapi/jsonpointer	v0.21.1 → v0.22.5			indirect	minor
github.com/go-openapi/jsonreference	v0.21.0 → v0.21.5			indirect	patch
github.com/go-openapi/swag	v0.23.1 → v0.25.5			indirect	minor
github.com/golang-jwt/jwt/v5	v5.3.0 → v5.3.1			indirect	patch
github.com/google/cel-go	v0.26.0 → v0.27.0			indirect	minor
github.com/google/gnostic-models	v0.7.0 → v0.7.1			indirect	patch
github.com/google/pprof	f64d9cf → 545e8a4			indirect	digest
github.com/grpc-ecosystem/grpc-gateway/v2	v2.27.3 → v2.28.0			indirect	minor
github.com/mailru/easyjson	v0.9.0 → v0.9.2			indirect	patch
github.com/netobserv/flowlogs-pipeline	v1.10.1-community.0.20260128081215-6575ca967373 → v1.11.3-community			require	minor
github.com/onsi/ginkgo/v2	v2.27.5 → v2.28.1			require	minor
github.com/onsi/gomega	v1.39.0 → v1.39.1			require	patch
github.com/openshift/api	2cd5821 → f50e695			require	digest
github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring	v0.87.0 → v0.90.1			require	minor
github.com/prometheus/procfs	v0.17.0 → v0.20.1			indirect	minor
github.com/stretchr/objx	v0.5.2 → v0.5.3			indirect	patch
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp	v0.62.0 → v0.68.0			indirect	minor
go.opentelemetry.io/otel	v1.39.0 → v1.43.0			indirect	minor
go.opentelemetry.io/otel/exporters/otlp/otlptrace	v1.39.0 → v1.43.0			indirect	minor
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc	v1.39.0 → v1.43.0			indirect	minor
go.opentelemetry.io/otel/sdk	v1.39.0 → v1.43.0			indirect	minor
go.opentelemetry.io/otel/trace	v1.39.0 → v1.43.0			indirect	minor
go.opentelemetry.io/proto/otlp	v1.9.0 → v1.10.0			indirect	minor
go.yaml.in/yaml/v2	v2.4.3 → v2.4.4			indirect	patch
golang.org/x/exp	b7579e2 → 7ab1446			indirect	digest
golang.org/x/mod	v0.32.0 → v0.34.0			indirect	minor
golang.org/x/net	v0.49.0 → v0.52.0			indirect	minor
golang.org/x/oauth2	v0.34.0 → v0.36.0			indirect	minor
golang.org/x/sync	v0.19.0 → v0.20.0			indirect	minor
golang.org/x/sys	v0.40.0 → v0.42.0			indirect	minor
golang.org/x/term	v0.39.0 → v0.41.0			indirect	minor
golang.org/x/text	v0.33.0 → v0.35.0			indirect	minor
golang.org/x/time	v0.12.0 → v0.15.0			indirect	minor
golang.org/x/tools	v0.41.0 → v0.43.0			indirect	minor
google.golang.org/genproto/googleapis/api	ff82c1b → 6f92a3b			indirect	digest
google.golang.org/genproto/googleapis/rpc	ff82c1b → 6f92a3b			indirect	digest
google.golang.org/grpc	v1.79.3 → v1.80.0			indirect	minor
k8s.io/api	v0.35.0 → v0.35.3			require	patch
k8s.io/apiextensions-apiserver	v0.35.0 → v0.35.3			require	patch
k8s.io/apimachinery	v0.35.0 → v0.35.3			require	patch
k8s.io/apiserver	v0.35.0 → v0.35.3			indirect	patch
k8s.io/client-go	v0.35.0 → v0.35.3			require	patch
k8s.io/component-base	v0.35.0 → v0.35.3			indirect	patch
k8s.io/klog/v2	v2.130.1 → v2.140.0			indirect	minor
k8s.io/kube-aggregator	v0.35.0 → v0.35.3			require	patch
k8s.io/kube-openapi	589584f → 16be699			indirect	digest
k8s.io/utils	bc988d5 → 28399d8			require	digest
sigs.k8s.io/apiserver-network-proxy/konnectivity-client	v0.33.0 → v0.34.0			indirect	minor
sigs.k8s.io/controller-runtime	v0.22.4 → v0.23.3			require	minor
sigs.k8s.io/structured-merge-diff/v6	v6.3.0 → v6.3.2			indirect	patch

---

Warning

Some dependencies could not be looked up. Check the warning logs for more information.

---

Release Notes

bpfman/bpfman-operator (github.com/bpfman/bpfman-operator)

v0.6.0

Compare Source

The v0.6.0 release is a minor release with significant changes to the bpfman-operator. The operator now supports the load/attach split introduced in bpfman v0.6.0, allowing finer-grained control over BPF programme lifecycle. A new Config custom resource has been added, enabling runtime configuration of operator and agent behaviour including component image overrides and health probe settings; the Config CR is now bootstrapped automatically by the operator on startup. The dependency on security-profiles-operator has been fully removed. Metrics collection has been decoupled from hostNetwork using a proxy DaemonSet, and kube-rbac-proxy has been replaced with controller-runtime's built-in TLS capabilities. Network interface autodiscovery with match and regex filtering has been added for TC, TCX, and XDP programmes. The operator now uses a native crictl implementation, removing the external dependency. BpfApplicationState spec fields have been moved to status, and ContainerSelector has been replaced with NetworkNamespaceSelector for network-attached programme types. Priority fields for TC, TCX, and XDP programmes have been changed from int32 to *int32. Build version information is now embedded in all binaries. OLM bundle deployment has been fixed for vanilla Kubernetes with runtime reconciliation of monitoring and RBAC resources. Container images have been switched from Docker Hub golang to Red Hat UBI go-toolset, and hard-coded imagePullPolicy values have been removed from deployment manifests. CI workflows have been updated to resolve Node.js 20 deprecation warnings and improve caching.

What's Changed

• bpfman-operator: Support Load/Attach Split by @​anfredette in #​347
• remove dependency on security-profiles-operator by @​Billy99 in #​373
• update openshift bundle containerfile by @​Billy99 in #​377
• rename bundle containerfile to Containerfile.bundle to be consistent by @​msherif1234 in #​378
• revert #​378 by @​Billy99 in #​379
• fix some warnings in community-operators-prod by @​Billy99 in #​380
• chore: Bump Go to 1.24 by @​dave-tucker in #​383
• Make sure changing bpfman configmap restart daemonset pods by @​msherif1234 in #​389
• remove xdp go counter intg test case by @​msherif1234 in #​406
• Add back xdp go counter by @​msherif1234 in #​407
• Add interfaces discovery to bpf agent process by @​msherif1234 in #​408
• Make the bpfman-operator report status of "Pending" instead of "Error" when appropriate by @​anfredette in #​409
• Change ContainerSelector to NetworkNamespaceSelector for XDP, TC, and TCX by @​anfredette in #​411
• Intial APIs review for bpfman-operator by @​msherif1234 in #​413
• revert back to go1.23 and pin cri-tool to v1.32.0 by @​msherif1234 in #​416
• 2nd round of APIs reviews by @​msherif1234 in #​417
• docs: fix broken link in README by @​Billy99 in #​418
• api review: update field descriptions by @​Billy99 in #​419
• Fix validation for EBPFProgType in BpfApplication/BpfApplicationState objects by @​anfredette in #​420
• Add intefaces match and regex filter to autodiscovery configs by @​msherif1234 in #​421
• Move BpfApplicationState Spec to Status by @​anfredette in #​423
• split out interface discovery processing by @​msherif1234 in #​424
• Check for Duplicate Network Namespace Inodes by @​anfredette in #​426
• Remove OpenShift-specific Containerfiles by @​frobware in #​430
• chore: Update to golang-ci-lint v2 by @​dave-tucker in #​431
• Makefile: wait for ConfigMap deletion before undeploy by @​frobware in #​436
• Replace kube-rbac-proxy with controller-runtime's built-in TLS capabilities by @​frobware in #​437
• Switch to Go 1.24 (again) by @​frobware in #​439
• Improve bundle versioning using VERSION file by @​frobware in #​440
• Add DeepWiki badge by @​anfredette in #​441
• Decouple metrics from hostNetwork using proxy DaemonSet by @​frobware in #​443
• BpfApplicationReconcilers: wrap loadRequest error by @​andreaskaris in #​448
• Complete removal of security-profiles-operator dependency by @​frobware in #​451
• Fix SEGV (nil pointer access) in getBpfAppState logging functions by @​frobware in #​452
• Replace external crictl dependency with native bpfman-crictl implementation by @​frobware in #​453
• Disable controller-runtime metrics server in bpfman-agent by @​frobware in #​455
• Disable profiling port in bpfman-agent to avoid host network conflicts by @​frobware in #​458
• bpfman-operator: Add Config resource and update reconciler and tests by @​andreaskaris in #​461
• Add make target to run operator locally by @​andreaskaris in #​466
• Daemonset: Move bidirectional mount from /run/bpfman to /run/bpfman/csi by @​andreaskaris in #​469
• Config follow-up: Implement component override functionality for Config resource by @​andreaskaris in #​475
• Makefile: Target run-local, ignore scaling issues by @​andreaskaris in #​476
• Fix overlaying bpf mount by @​nocturo in #​477
• Config: Change healthProbeAddr to healthProbePort by @​andreaskaris in #​478
• DaemonSet: Remove /var/lib/bpfman from mounts by @​andreaskaris in #​479
• Work around sigstore-rs rekor issue in integration tests by @​andreaskaris in #​482
• Revert "Work around sigstore-rs rekor issue in integration tests" by @​andreaskaris in #​483
• Convert the Priority field from int32 to *int32 across all BPF program types by @​andreaskaris in #​485
• Add configurable daemon images to Config API by @​frobware in #​488
• Add bpffs mount capability to bpfman-agent for init container use by @​frobware in #​490
• Remove BpffsInitImage configuration option by @​frobware in #​491
• Reverse program unload order to respect map ownership by @​frobware in #​493
• chore(deps): bump the production-dependencies group with 16 updates (with fixes) by @​frobware in #​494
• Wait for BPF program success before expecting userspace pods by @​frobware in #​495
• Bootstrap Config CR from operator on startup by @​frobware in #​498
• Fix OLM bundle deployment on vanilla Kubernetes by @​frobware in #​501
• Fix operator-sdk download check to use correct binary name by @​frobware in #​502
• Remove hard-coded imagePullPolicy from deployment manifests by @​frobware in #​503
• Manage kind as a versioned local dependency by @​frobware in #​505
• Embed build version information in all binaries by @​frobware in #​506
• Switch build images from Docker Hub golang to Red Hat UBI go-toolset by @​frobware in #​507
• Bump actions/* to resolve Node.js 20 deprecation warnings by @​frobware in #​508
• Improve CI workflow caching and job ordering by @​frobware in #​509

Full Changelog: bpfman/bpfman-operator@v0.5.6...v0.6.0

New Contributors

• @​andreaskaris made their first contribution in #​448
• @​nocturo made their first contribution in #​477

emicklei/go-restful (github.com/emicklei/go-restful/v3)

v3.13.0

Compare Source

• optimize performance of path matching in CurlyRouter ( thanks @​wenhuang, Wen Huang)

fxamacker/cbor (github.com/fxamacker/cbor/v2)

v2.9.1

Compare Source

This release includes important bugfixes, defensive checks, improved code quality, and more tests. Although not public, the fuzzer was also improved by adding more fuzz tests.

🐞 Bug fixes related to the keyasint feature

These changes only affect Go struct fields tagged with keyasint:

• [Decoding] Reject integer keys that exceed math.MaxInt64 when decoding CBOR map to a struct with keyasint field (PR #​757)
• [Decoding] Prevent string representation of an integer key from matching the struct field tagged by keyasint (PR #​757)
• [Encoding & Decoding] Deduplicate struct fields with the same normalized keyasint tag values (PR #​757)

🐞 Other bug fixes and defensive checks

Some of the bugs fixed are related to decoding extreme values that cannot be encoded with this library. For example, the decoder checks if epoch time encoded as CBOR float value representing hundreds of billions of years overflows int64(seconds).

NOTE: It is generally good practice to avoid using floating point to store epoch time (even when not using CBOR).

• [Decoding] Reject decoding epoch time encoded as floats that overflow int64 (PR #​753)
• [Encoding] Return a cloned slice for an empty RawMessage from RawMessage.MarshalCBOR (PR #​753)
• [Encoding] Reject encoding nil inside indefinite-length strings (PR #​750)
• [Diagnostic] Accept valid U+FFFD replacement character (PR #​753)

What's Changed

• 🆕 Add TimeMode encoding option TimeRFC3339NanoUTC by @​fxamacker in #​688
• Use actual negative zero in tests by @​makew0rld in #​708
• Reject encoding nil inside CBOR indefinite-length string by @​fxamacker in #​750
• Refactor and add tests by @​fxamacker in #​752
• Small bugfixes, defensive checks, and improvements by @​fxamacker in #​753
• Refactor parseMapToStruct(), getDecodingStructType(), getEncodingStructType(), and field struct by @​fxamacker in #​754
• Fix several issues related to keyasint tag option by @​fxamacker in #​757

CI / GitHub Actions and Docs

🔎 Details...

• Bump github/codeql-action from 3.29.2 to 3.29.4 by @​dependabot[bot] in #​690
• Bump github/codeql-action from 3.29.4 to 3.29.5 by @​dependabot[bot] in #​691
• Bump actions/checkout from 4.2.2 to 5.0.0 by @​dependabot[bot] in #​696
• Bump github/codeql-action from 3.29.7 to 3.29.9 by @​dependabot[bot] in #​697
• Bump github/codeql-action from 3.29.9 to 3.29.11 by @​dependabot[bot] in #​700
• Bump github/codeql-action from 3.29.11 to 3.30.0 by @​dependabot[bot] in #​702
• Bump actions/setup-go from 5.5.0 to 6.0.0 by @​dependabot[bot] in #​703
• Bump github/codeql-action from 3.30.0 to 3.30.3 by @​dependabot[bot] in #​706
• Bump github/codeql-action from 3.30.3 to 3.30.4 by @​dependabot[bot] in #​710
• Bump github/codeql-action from 3.30.4 to 3.30.6 by @​dependabot[bot] in #​712
• Bump github/codeql-action from 3.30.6 to 4.30.7 by @​dependabot[bot] in #​713
• Bump github/codeql-action from 4.30.7 to 4.30.8 by @​dependabot[bot] in #​716
• Bump github/codeql-action from 4.30.8 to 4.30.9 by @​dependabot[bot] in #​718
• Bump github/codeql-action from 4.30.9 to 4.31.2 by @​dependabot[bot] in #​720
• Bump github/codeql-action from 4.31.2 to 4.31.3 by @​dependabot[bot] in #​721
• Bump github/codeql-action from 4.31.3 to 4.31.4 by @​dependabot[bot] in #​724
• Bump actions/setup-go from 6.0.0 to 6.1.0 by @​dependabot[bot] in #​725
• Bump actions/checkout from 5.0.0 to 6.0.0 by @​dependabot[bot] in #​726
• Bump github/codeql-action from 4.31.4 to 4.31.5 by @​dependabot[bot] in #​727
• Bump github/codeql-action from 4.31.5 to 4.31.6 by @​dependabot[bot] in #​728
• Bump actions/checkout from 6.0.0 to 6.0.1 by @​dependabot[bot] in #​729
• Bump github/codeql-action from 4.31.6 to 4.31.8 by @​dependabot[bot] in #​732
• Bump github/codeql-action from 4.31.8 to 4.31.9 by @​dependabot[bot] in #​733
• Bump github/codeql-action from 4.31.9 to 4.31.10 by @​dependabot[bot] in #​738
• Bump actions/setup-go from 6.1.0 to 6.2.0 by @​dependabot[bot] in #​739
• Bump actions/checkout from 6.0.1 to 6.0.2 by @​dependabot[bot] in #​740
• Bump github/codeql-action from 4.31.10 to 4.32.0 by @​dependabot[bot] in #​742
• Bump github/codeql-action from 4.32.0 to 4.32.3 by @​dependabot[bot] in #​745
• Bump actions/setup-go from 6.2.0 to 6.3.0 by @​dependabot[bot] in #​746
• Bump github/codeql-action from 4.32.3 to 4.32.4 by @​dependabot[bot] in #​747
• Bump github/codeql-action from 4.32.4 to 4.32.6 by @​dependabot[bot] in #​748
• Bump github/codeql-action from 4.32.6 to 4.34.0 by @​dependabot[bot] in #​749
• Bump github/codeql-action from 4.34.0 to 4.34.1 by @​dependabot[bot] in #​751
• Update README status section by @​fxamacker in #​758

New Contributors

• @​makew0rld made their first contributihttps://github.com/fxamacker/cbor/pull/708ll/708

Full Changelog: fxamacker/cbor@v2.9.0...v2.9.1

go-openapi/jsonpointer (github.com/go-openapi/jsonpointer)

v0.22.5

Compare Source

0.22.5 - 2026-03-02

Full Changelog: go-openapi/jsonpointer@v0.22.4...v0.22.5

15 commits in this release.

---

Documentation

• doc: updated contributors file by @​bot-go-openapi[bot] in #​97 ...
• doc: announced new discord channel by @​fredbi in #​96 ...
• doc: updated contributors file by @​bot-go-openapi[bot] in #​92 ...

Code quality

• chore: doc, test, lint update by @​fredbi in #​105 ...

Miscellaneous tasks

• ci: upgraded bump-release workflow (new input format) by @​fredbi in #​106 ...
• ci: updated workflows by @​fredbi in #​95 ...
• chore: fixed missing license headers in new files by @​fredbi in #​94 ...
• ci: removed duplicate workflow remaining after refactoring by @​fredbi in #​93 ...

Updates

• chore(deps): bump github.com/go-openapi/testify/v2 from 2.3.0 to 2.4.0 in the go-openapi-dependencies group by @​dependabot[bot] in #​104 ...
• chore(deps): bump github.com/go-openapi/testify/v2 from 2.2.0 to 2.3.0 in the go-openapi-dependencies group by @​dependabot[bot] in #​102 ...
• chore(deps): bump the development-dependencies group with 7 updates by @​dependabot[bot] in #​103 ...
• chore(deps): bump the development-dependencies group with 7 updates by @​dependabot[bot] in #​101 ...
• chore(deps): bump github.com/go-openapi/testify/v2 from 2.1.8 to 2.2.0 in the go-openapi-dependencies group by @​dependabot[bot] in #​100 ...
• chore(deps): bump github.com/go-openapi/testify/v2 from 2.0.2 to 2.1.8 in the go-openapi-dependencies group by @​dependabot[bot] in #​98 ...
• chore(deps): bump the development-dependencies group with 7 updates by @​dependabot[bot] in #​99 ...

---

People who contributed to this release

• @​bot-go-openapi[bot]
• @​fredbi

---

New Contributors

• @​bot-go-openapi[bot] made their first contribution
  in #​97

---

jsonpointer license terms

v0.22.4

Compare Source

0.22.4 - 2025-12-06

Full Changelog: go-openapi/jsonpointer@v0.22.3...v0.22.4

1 commits in this release.

---

Miscellaneous tasks

• ci: aligned CI to use shared workflows by @​fredbi in #​91 ...

---

People who contributed to this release

• @​fredbi

---

jsonpointer license terms

v0.22.3

Compare Source

0.22.3 - 2025-11-17

Full Changelog: go-openapi/jsonpointer@v0.22.2...v0.22.3

8 commits in this release.

---

Documentation

• doc: updated contributors file by @​github-actions[bot] in #​76 ...
• doc: automated a record of all-time contributors by @​fredbi in #​75 ...
• doc: release badge in README by @​fredbi in #​73 ...

Code quality

• docs: added maintainer's doc and style guide by @​fredbi in #​77 ...
• doc: improved documentation by @​fredbi in #​70 ...
• chore(lint): more linting by @​fredbi in #​71 ...

Miscellaneous tasks

• test: added tests for edge cases by @​fredbi in #​74 ...
• ci: run fuzz test in ci by @​fredbi in #​72 ...

---

People who contributed to this release

• @​fredbi
• @​github-actions[bot]

---

New Contributors

• @​github-actions[bot] made their first contribution
  in #​76

---

jsonpointer license terms

---

Configuration

📅 Schedule: Branch creation - On day 7 of the month, every 3 months ( * * 7 */3 * ) (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

To execute skipped test pipelines write comment /ok-to-test.

---

Documentation

Find out how to configure dependency updates in MintMaker documentation or see all available configuration options in Renovate documentation.

[coderabbitai]

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: e05e5bfb-e82d-4892-8f16-7b2f91816e3f

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch konflux/mintmaker/release-1.11/go-modules

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign mffiedler for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• DOWNSTREAM_OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[openshift-ci]

Hi @red-hat-konflux[bot]. Thanks for your PR.

I'm waiting for a netobserv member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work.

Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[red-hat-konflux]

ℹ️ Artifact update notice

File name: go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

• 2 additional dependencies were updated

Details:

Package	Change
github.com/netobserv/netobserv-ebpf-agent	v1.10.1-community -> v1.11.2-community.0.20260401090122-7004f087530d
go.opentelemetry.io/otel/metric	v1.39.0 -> v1.43.0