build(deps): bump the go-dependencies group across 1 directory with 17 updates

[dependabot]

Bumps the go-dependencies group with 10 updates in the /controller directory:

Package	From	To
github.com/gin-gonic/gin	1.10.0	1.12.0
github.com/go-jose/go-jose/v4	4.1.3	4.1.4
github.com/grpc-ecosystem/go-grpc-middleware/v2	2.2.0	2.3.3
github.com/grpc-ecosystem/grpc-gateway/v2	2.24.0	2.29.0
github.com/onsi/ginkgo/v2	2.22.2	2.28.3
github.com/zitadel/oidc/v3	3.34.1	3.47.5
google.golang.org/grpc	1.80.0	1.81.0
k8s.io/api	0.33.0	0.36.0
k8s.io/apiserver	0.33.0	0.36.0
sigs.k8s.io/controller-runtime	0.21.0	0.24.0

Updates github.com/gin-gonic/gin from 1.10.0 to 1.12.0

Release notes

Sourced from github.com/gin-gonic/gin's releases.

v1.12.0

Changelog

Features

• 192ac89eefc1c30f7c97ae48a9ffb1c6f1c8c8bc: feat(binding): add support for encoding.UnmarshalText in uri/query binding (#4203) (@​takanuva15)
• 53410d2e07054369e0960fbe2eed97e1b9966f12: feat(context): add GetError and GetErrorSlice methods for error retrieval (#4502) (@​raju-mechatronics)
• acc55e049e33b401e810dbd8c0d6dcb6b3ba2b05: feat(context): add Protocol Buffers support to content negotiation (#4423) (@​1911860538)
• 38e765119241d990705169bedb5002a29ae0cbd1: feat(context): implemented Delete method (@​Spyder01)
• 771dcc6476d7bc6abb9ec0235ecefa4d38fe6fb0: feat(gin): add option to use escaped path (#4420) (@​ldesauw)
• 4dec17afdff48e8018c83618fbbe69fceeb2b41d: feat(logger): color latency (#4146) (@​wsyqn6)
• d7776de7d444935ea4385999711bd6331a98fecb: feat(render): add bson protocol (#4145) (@​laurentcau)

Bug fixes

• b917b14ff9d189f16a7492be79d123a47806ee19: fix(binding): empty value error (#2169) (@​guonaihong)
• c3d1092b3b48addf6f9cd00fe274ec3bd14650eb: fix(binding): improve empty slice/array handling in form binding (#4380) (@​1911860538)
• 9914178584e42458ff7d23891463a880f58c9d86: fix(context): ClientIP handling for multiple X-Forwarded-For header values (#4472) (@​Nurysso)
• 2a794cd0b0faa7d829291375b27a3467ea972b0d: fix(debug): version mismatch (#4403) (@​zeek0x)
• c3d5a28ed6d3849da820195b6774d212bcc038a9: fix(gin): close os.File in RunFd to prevent resource leak (#4422) (@​1911860538)
• 5fad976b372e381312f8de69f0969f1284d229d3: fix(gin): literal colon routes not working with engine.Handler() (#4415) (@​pawannn)
• 63dd3e60cab89c27fb66bce1423bd268d52abad1: fix(recover): suppress http.ErrAbortHandler in recover (#4336) (@​MondayCha)
• 5c00df8afadd06cc5be530dde00fe6d9fa4a2e4a: fix(render): write content length in Data.Render (#4206) (@​dengaleev)
• 234a6d4c00cb77af9852aca0b8289745d5529b4b: fix(response): refine hijack behavior for response lifecycle (#4373) (@​appleboy)
• 472d086af2acd924cb4b9d7be0525f7d790f69bc: fix(tree): panic in findCaseInsensitivePathRec with RedirectFixedPath (#4535) (@​veeceey)
• 8e07d37c63e5536eb25f4af4c91eabeee4011fba: fix: Correct typos, improve documentation clarity, and remove dead code (#4511) (@​mahanadh)

Enhancements

• ba093d19477b896ac89a7fc3246af23d290b8e26: chore(binding): upgrade bson dependency to mongo-driver v2 (#4549) (@​BobDu)
• b2b489dbf4826c2c630717a77fd5e42774625410: chore(context): always trust xff headers from unix socket (#3359) (@​WeidiDeng)
• ecb3f7b5e2f3915bf1db240ed5eee572f8dbea36: chore(deps): upgrade golang.org/x/crypto to v0.45.0 (#4449) (@​appleboy)
• af6e8b70b8261bb0c99ad094fe552ab92991620a: chore(deps): upgrade quic-go to v0.57.1 (@​appleboy)
• db309081bc5c137b2aa15701ef53f7f19788da25: chore(logger): allow skipping query string output (#4547) (@​USA-RedDragon)
• 26c3a628655cad2388380cb8102d6ce7d4875f3b: chore(response): prevent Flush() panic when http.Flusher (#4479) (@​Twacqwq)
• 5dd833f1f26de0eb30eae47b17e05ced2482dc41: chore: bump minimum Go version to 1.24 and update workflows (#4388) (@​appleboy)

Refactor

• 39858a0859c914bd26948fa950477e11bd8d3823: refactor(binding): use maps.Copy for cleaner map handling (#4352) (@​russcoss)
• c0048f645ee945c4db30593afdea10123e2c30a6: refactor(context): omit the return value names (#4395) (@​wanghaolong613)
• 915e4c90d28ec4cffc6eb146e208ab5a65eac772: refactor(context): replace hardcoded localhost IPs with constants (#4481) (@​pauloappbr)
• 414de60574449457f3192a7a1d5528940db2836d: refactor(context): using maps.Clone (#4333) (@​cuiweixie)
• 59e9d4a794f12c4f9a6c7bed441b9644e5f6d99b: refactor(ginS): use sync.OnceValue to simplify engine function (#4314) (@​1911860538)
• 3ab698dc5110af1977d57226e4995c57dd34c233: refactor(recovery): smart error comparison (#4142) (@​zeek0x)
• d1a15347b1e45a8ee816193d3578a93bfd73b70f: refactor(utils): move util functions to utils.go (#4467) (@​zeek0x)
• e3118cc378d263454098924ebbde7e8d1dd2e904: refactor: for loop can be modernized using range over int (#4392) (@​wanghaolong613)
• 488f8c3ffa579a8d19beb2bae95ff8ef36b3d53f: refactor: replace magic numbers with named constants in bodyAllowedForStatus (#4529) (@​veeceey)
• 9968c4bf9d5a99edc3eee2c068a4c9160ece8915: refactor: use b.Loop() to simplify the code and improve performance (#4389) (@​reddaisyy)
• a85ef5ce4d0cda8834c59c855068ed48b51192d1: refactor: use b.Loop() to simplify the code and improve performance (#4432) (@​efcking)

Build process updates

• 61b67de522a189b568aced4c5c16917c558e3387: ci(bot): increase frequency and group updates for dependencies (#4367) (@​appleboy)
• fb27ef26c2fdfe25344b4c039d8a53551f9e912c: ci(lint): refactor test assertions and linter configuration (#4436) (@​appleboy)
• 93ff771e6dbf10e432864b30f3719ac5c84a4d4a: ci(sec): improve type safety and server organization in HTTP middleware (#4437) (@​appleboy)
• e88fc8927a52b74f55bec0351604a56ac0aa1c51: ci(sec): schedule Trivy security scans to run daily at midnight UTC (#4439) (@​appleboy)
• 5e5ff3ace496a31b138b0820136a146bfb5de0ef: ci: replace vulnerability scanning workflow with Trivy integration (#4421) (@​appleboy)
• 00900fb3e1ea9dde33985a0e4f6afec793d5e786: ci: update CI workflows and standardize Trivy config quotes (#4531) (@​appleboy)
• ae3f524974fc4f55d18c9e7fae4614503c015226: ci: update Go version support to 1.25+ across CI and docs (#4550) (@​appleboy)

... (truncated)

Changelog

Sourced from github.com/gin-gonic/gin's changelog.

Gin v1.12.0

Features

• feat(render): add bson protocol (#4145)
• feat(context): add GetError and GetErrorSlice methods for error retrieval (#4502)
• feat(binding): add support for encoding.UnmarshalText in uri/query binding (#4203)
• feat(gin): add option to use escaped path (#4420)
• feat(context): add Protocol Buffers support to content negotiation (#4423)
• feat(context): implemented Delete method (#38e7651)
• feat(logger): color latency (#4146)

Enhancements

• perf(tree): reduce allocations in findCaseInsensitivePath (#4417)
• perf(recovery): optimize line reading in stack function (#4466)
• perf(path): replace regex with custom functions in redirectTrailingSlash (#4414)
• perf(tree): optimize path parsing using strings.Count (#4246)
• chore(logger): allow skipping query string output (#4547)
• chore(context): always trust xff headers from unix socket (#3359)
• chore(response): prevent Flush() panic when the underlying ResponseWriter does not implement http.Flusher (#4479)
• refactor(recovery): smart error comparison (#4142)
• refactor(context): replace hardcoded localhost IPs with constants (#4481)
• refactor(utils): move util functions to utils.go (#4467)
• refactor(binding): use maps.Copy for cleaner map handling (#4352)
• refactor(context): using maps.Clone (#4333)
• refactor(ginS): use sync.OnceValue to simplify engine function (#4314)
• refactor: replace magic numbers with named constants in bodyAllowedForStatus (#4529)
• refactor: for loop can be modernized using range over int (#4392)

Bug Fixes

• fix(tree): panic in findCaseInsensitivePathRec with RedirectFixedPath (#4535)
• fix(render): write content length in Data.Render (#4206)
• fix(context): ClientIP handling for multiple X-Forwarded-For header values (#4472)
• fix(binding): empty value error (#2169)
• fix(recover): suppress http.ErrAbortHandler in recover (#4336)
• fix(gin): literal colon routes not working with engine.Handler() (#4415)
• fix(gin): close os.File in RunFd to prevent resource leak (#4422)
• fix(response): refine hijack behavior for response lifecycle (#4373)
• fix(binding): improve empty slice/array handling in form binding (#4380)
• fix(debug): version mismatch (#4403)
• fix: correct typos, improve documentation clarity, and remove dead code (#4511)

Build process updates / CI

• ci: update Go version support to 1.25+ across CI and docs (#4550)
• chore(binding): upgrade bson dependency to mongo-driver v2 (#4549)

Gin v1.11.0

... (truncated)

Commits

• 73726dc docs: update documentation to reflect Go version changes (#4552)
• e292e5c docs: document and finalize Gin v1.12.0 release (#4551)
• ae3f524 ci: update Go version support to 1.25+ across CI and docs (#4550)
• 38534e2 chore(deps): bump golang.org/x/net from 0.50.0 to 0.51.0 (#4548)
• 472d086 fix(tree): panic in findCaseInsensitivePathRec with RedirectFixedPath (#4535)
• fb25834 test(context): use http.StatusContinue constant instead of magic number 100 (...
• 6f1d5fe test(render): add comprehensive error handling tests (#4541)
• 5c00df8 fix(render): write content length in Data.Render (#4206)
• db30908 chore(logger): allow skipping query string output (#4547)
• ba093d1 chore(binding): upgrade bson dependency to mongo-driver v2 (#4549)
• Additional commits viewable in compare view

Updates github.com/go-jose/go-jose/v4 from 4.1.3 to 4.1.4

Release notes

Sourced from github.com/go-jose/go-jose/v4's releases.

v4.1.4

What's Changed

Fixes Panic in JWE decryption. See GHSA-78h2-9frx-2jm8

Full Changelog: go-jose/go-jose@v4.1.3...v4.1.4

Commits

• 0e59876 Merge commit from fork
• ddffdbc Bump actions/checkout from 5 to 6 (#213)
• See full diff in compare view

Updates github.com/grpc-ecosystem/go-grpc-middleware/v2 from 2.2.0 to 2.3.3

Release notes

Sourced from github.com/grpc-ecosystem/go-grpc-middleware/v2's releases.

v2.3.3

What's Changed

• add WithLabelsFromContext prometheus interceptor option by @​benjibuiltit in grpc-ecosystem/go-grpc-middleware#758
• fix: correct comment typo in StreamServerInterceptor function by @​haru-256 in grpc-ecosystem/go-grpc-middleware#760
• Minor refactor to remove duplication by @​nwnt in grpc-ecosystem/go-grpc-middleware#761
• chore: migrate golangci-lint to v2.3.0 by @​mmorel-35 in grpc-ecosystem/go-grpc-middleware#765
• chore: enable misspell linter with golangci-lint by @​mmorel-35 in grpc-ecosystem/go-grpc-middleware#768
• chore: enable errorlint by @​mmorel-35 in grpc-ecosystem/go-grpc-middleware#774
• chore: update buf to v1.55.1 by @​mmorel-35 in grpc-ecosystem/go-grpc-middleware#767
• chore: update dependabot configuration for gomod and github-actions by @​mmorel-35 in grpc-ecosystem/go-grpc-middleware#775
• chore: enable testifylint linter by @​mmorel-35 in grpc-ecosystem/go-grpc-middleware#769
• chore: enable several rules from go-critic by @​mmorel-35 in grpc-ecosystem/go-grpc-middleware#766
• chore: enable several rules from govet by @​mmorel-35 in grpc-ecosystem/go-grpc-middleware#773
• chore: enable contextcheck and fatcontext linters by @​mmorel-35 in grpc-ecosystem/go-grpc-middleware#770
• chore: enable usestdlibvars linter by @​mmorel-35 in grpc-ecosystem/go-grpc-middleware#772
• chore: enable promlinter linter by @​mmorel-35 in grpc-ecosystem/go-grpc-middleware#771
• chore: enable usetesting linter by @​mmorel-35 in grpc-ecosystem/go-grpc-middleware#784
• build(deps): bump google.golang.org/grpc from 1.67.1 to 1.74.2 by @​mmorel-35 in grpc-ecosystem/go-grpc-middleware#785
• chore: enable hugeParam rule from go-critic by @​mmorel-35 in grpc-ecosystem/go-grpc-middleware#786
• chore: use actions/setup-go native cache by @​mmorel-35 in grpc-ecosystem/go-grpc-middleware#787
• fix(#794): Wrapping codes.OK should not cause panic by @​floppyzedolfin in grpc-ecosystem/go-grpc-middleware#795
• feat(prometheus): add ContextLabels to ClientMetrics by @​ArtARTs36 in grpc-ecosystem/go-grpc-middleware#798
• fix(ci): tidy module before linting by @​manute in grpc-ecosystem/go-grpc-middleware#808
• [Prometheus] Fix pre-registration of handled metrics with context labels by @​t-bowcock in grpc-ecosystem/go-grpc-middleware#810
• avoid unnecessary logging field creation when payload logging is disabled by @​dbeneker in grpc-ecosystem/go-grpc-middleware#809

New Contributors

• @​benjibuiltit made their first contribution in grpc-ecosystem/go-grpc-middleware#758
• @​haru-256 made their first contribution in grpc-ecosystem/go-grpc-middleware#760
• @​nwnt made their first contribution in grpc-ecosystem/go-grpc-middleware#761
• @​mmorel-35 made their first contribution in grpc-ecosystem/go-grpc-middleware#765
• @​floppyzedolfin made their first contribution in grpc-ecosystem/go-grpc-middleware#795
• @​ArtARTs36 made their first contribution in grpc-ecosystem/go-grpc-middleware#798
• @​manute made their first contribution in grpc-ecosystem/go-grpc-middleware#808
• @​t-bowcock made their first contribution in grpc-ecosystem/go-grpc-middleware#810
• @​dbeneker made their first contribution in grpc-ecosystem/go-grpc-middleware#809

Full Changelog: grpc-ecosystem/go-grpc-middleware@v2.3.2...v2.3.3

v2.3.2

What's Changed

• chore: fix some typos by @​dockercui in grpc-ecosystem/go-grpc-middleware#755
• update module for protovalidate by @​calmh in grpc-ecosystem/go-grpc-middleware#757

New Contributors

• @​dockercui made their first contribution in grpc-ecosystem/go-grpc-middleware#755
• @​calmh made their first contribution in grpc-ecosystem/go-grpc-middleware#757

Full Changelog: grpc-ecosystem/go-grpc-middleware@v2.3.1...v2.3.2

... (truncated)

Commits

• 390bcef avoid unnecessary logging field creation when payload logging is disabled (#809)
• 748e2b2 fix metric label initialize (#810)
• af451d0 fix(ci): tidy module before linting (#808)
• 2dc9821 feat: add ContextLabels to ClientMetrics (#798)
• 2338d5a fix(#794): Wrapping codes.OK should not cause panic (#795)
• 6ec6dd3 chore: use actions/setup-go native cache (#787)
• f7911cc chore: enable hugeParam rule from go-critic (#786)
• e2d5773 build(deps): bump google.golang.org/grpc from 1.67.1 to 1.74.2 (#785)
• d75e7d9 chore: enable usetesting linter (#784)
• c8a612b chore: enable promlinter linter (#771)
• Additional commits viewable in compare view

Updates github.com/grpc-ecosystem/grpc-gateway/v2 from 2.24.0 to 2.29.0

Release notes

Sourced from github.com/grpc-ecosystem/grpc-gateway/v2's releases.

v2.29.0

What's Changed

• fix: use proto.Merge to avoid copylocks with use_opaque_api=true by @​emahiro in grpc-ecosystem/grpc-gateway#6383
• fix: allow proto3 optional fields in path parameters by @​susanachl in grpc-ecosystem/grpc-gateway#6416
• Add option to disable HTTP method override by @​achew22 in grpc-ecosystem/grpc-gateway#6447
• Add Go documentation badge to README by @​achew22 in grpc-ecosystem/grpc-gateway#6448
• fix: add missing return statements in error handler paths by @​jet-go in grpc-ecosystem/grpc-gateway#6561
• Deprecate fields and methods if file is deprecated by @​aidandj in grpc-ecosystem/grpc-gateway#6613
• Add edition 2024 support by @​printfn in grpc-ecosystem/grpc-gateway#6622

New Contributors

• @​emahiro made their first contribution in grpc-ecosystem/grpc-gateway#6383
• @​susanachl made their first contribution in grpc-ecosystem/grpc-gateway#6416
• @​jet-go made their first contribution in grpc-ecosystem/grpc-gateway#6561
• @​aidandj made their first contribution in grpc-ecosystem/grpc-gateway#6613
• @​printfn made their first contribution in grpc-ecosystem/grpc-gateway#6622

Full Changelog: grpc-ecosystem/grpc-gateway@v2.28.0...v2.29.0

v2.28.0

What's Changed

• feat: add option to disable chunked headers by @​irenarindos in grpc-ecosystem/grpc-gateway#6354
• fix(protoc-gen-openapiv2): fix panic on enum resolution in nested messages by @​franchb in grpc-ecosystem/grpc-gateway#6367

New Contributors

• @​irenarindos made their first contribution in grpc-ecosystem/grpc-gateway#6354

Full Changelog: grpc-ecosystem/grpc-gateway@v2.27.8...v2.28.0

v2.27.8

What's Changed

• Fix opaque missing imports casing by @​kellen-miller in grpc-ecosystem/grpc-gateway#6304
• Revert "fix(protoc-gen-openapiv2): prevent panic when generating OpenAPI for multiple files" by @​johanbrandhorst in grpc-ecosystem/grpc-gateway#6309
• fix(protoc-gen-openapiv2): fix naming cache for multi-file generation by @​franchb in grpc-ecosystem/grpc-gateway#6315
• fix(openapiv2): exclude oneof fields from required with proto3 field semantics by @​sessa in grpc-ecosystem/grpc-gateway#6335

New Contributors

• @​sessa made their first contribution in grpc-ecosystem/grpc-gateway#6335

Full Changelog: grpc-ecosystem/grpc-gateway@v2.27.7...v2.27.8

v2.27.7

Re-release of v2.26.7 as v2.27.7 for correct semver ordering.

v2.27.6

What's Changed

• feat(generator): harden opaque imports and fix snake case to go casing by @​kellen-miller in grpc-ecosystem/grpc-gateway#6279
• fix(protoc-gen-openapiv2): prevent panic when generating OpenAPI for multiple files by @​franchb in grpc-ecosystem/grpc-gateway#6275

... (truncated)

Commits

• ba9b55c chore(deps): update dependency rules_shell to v0.8.0 (#6626)
• 284a82e chore(deps): update googleapis digest to bcfcbda (#6625)
• f74bc7f chore(deps): update google/oss-fuzz digest to d58fd64 (#6624)
• efb665d Add edition 2024 support (#6622)
• c58da15 chore(deps): update google/oss-fuzz digest to 32b8df7 (#6621)
• 42997a1 Deprecate fields and methods if file is deprecated (#6613)
• 6f4af8b chore(deps): update googleapis digest to bf85cad (#6620)
• 68fde5f chore(deps): update google/oss-fuzz digest to 7b814a1 (#6619)
• 6da2a46 chore(deps): update googleapis digest to 898f25c (#6617)
• c9c7ad4 chore(deps): update googleapis digest to fc96870 (#6616)
• Additional commits viewable in compare view

Updates github.com/onsi/ginkgo/v2 from 2.22.2 to 2.28.3

Release notes

Sourced from github.com/onsi/ginkgo/v2's releases.

v2.28.3

2.28.3

Maintenance

Bump all dependencies

v2.28.2

2.28.2

• Add ArtifactDir() to support Go 1.26 testing.TB interface [f3a36b6]
• Implement shell completion [94151c8]
• Add asan CLI option mirroring msan implementation [4d21dbb]
• Bump uri from 1.0.3 to 1.0.4 in /docs (#1630) [c102161]
• fix aspect ratio [9619647]
• update logos [5779304]

v2.28.1

2.28.1

Update all dependencies. This auto-updated the required version of Go to 1.24, consistent with the fact that Go 1.23 has been out of support for almost six months.

v2.28.0

2.28.0

Ginkgo's SemVer filter now supports filtering multiple components by SemVer version:

It("should work in a specific version range (1.0.0, 2.0.0) and third-party dependency redis in [8.0.0, ~)", SemVerConstraint(">= 3.2.0"), ComponentSemVerConstraint("redis", ">= 8.0.0") func() {
    // This test will only run when version is between 1.0.0 (exclusive) and 2.0.0 (exclusive) and redis version is >= 8.0.0
})

can be filtered in or out with an invocation like:

ginkgo --sem-ver-filter="2.1.1, redis=8.2.0"

Huge thanks to @​Icarus9913 for working on this!

v2.27.5

2.27.5

Fixes

Don't make a new formatter for each GinkgoT(); that's just silly and uses precious memory

v2.27.4

2.27.4

Fixes

... (truncated)

Changelog

Sourced from github.com/onsi/ginkgo/v2's changelog.

2.28.3

Maintenance

Bump all dependencies

2.28.2

• Add ArtifactDir() to support Go 1.26 testing.TB interface [f3a36b6]
• Implement shell completion [94151c8]
• Add asan CLI option mirroring msan implementation [4d21dbb]
• Bump uri from 1.0.3 to 1.0.4 in /docs (#1630) [c102161]
• fix aspect ratio [9619647]
• update logos [5779304]

2.28.1

Update all dependencies. This auto-updated the required version of Go to 1.24, consistent with the fact that Go 1.23 has been out of support for almost six months.

2.28.0

Ginkgo's SemVer filter now supports filtering multiple components by SemVer version:

It("should work in a specific version range (1.0.0, 2.0.0) and third-party dependency redis in [8.0.0, ~)", SemVerConstraint(">= 3.2.0"), ComponentSemVerConstraint("redis", ">= 8.0.0") func() {
    // This test will only run when version is between 1.0.0 (exclusive) and 2.0.0 (exclusive) and redis version is >= 8.0.0
})

can be filtered in or out with an invocation like:

ginkgo --sem-ver-filter="2.1.1, redis=8.2.0"

Huge thanks to @​Icarus9913 for working on this!

2.27.5

Fixes

Don't make a new formatter for each GinkgoT(); that's just silly and uses precious memory

2.27.4

Fixes

• CurrentTreeConstructionNodeReport: fix for nested container nodes [59bc751]

2.27.3

Fixes

report exit result in case of failure [1c9f356]

... (truncated)

Commits

• 5de9c15 v2.28.3
• 7e2fa19 bump dependencies
• 1a81912 v2.28.2
• f3a36b6 Add ArtifactDir() to support Go 1.26 testing.TB interface
• 94151c8 Implement shell completion
• 4d21dbb Add asan CLI option mirroring msan implementation
• c102161 Bump uri from 1.0.3 to 1.0.4 in /docs (#1630)
• 9619647 fix aspect ratio
• 5779304 update logos
• 5d1d628 v2.28.1
• Additional commits viewable in compare view

Updates github.com/onsi/gomega from 1.36.2 to 1.40.0

Release notes

Sourced from github.com/onsi/gomega's releases.

v1.40.0

1.40.0

We're adopting a new release strategy to minimize dependency bloat in projects that consume Gomega. It is a limitation of the go mod toolchain that test subdependencies of your project's direct dependencies get pulled in as indirect dependencies. In the case of Gomega, this ends up pulling in all of Ginkgo into your go.mod even if you are only using Gomega (Gomega uses Ginkgo for its own tests).

Going forward, releases will strip out all tests, tidy up the go.mod and then push this stripped down version to a new master-lite branch. These stripped-down versions will receive the vx.y.z git tag and will be picked up by the go toolchain.

Please open an issue if this new release process causes unexpected changes for your projects.

v1.39.1

1.39.1

Update all dependencies. This auto-updated the required version of Go to 1.24, consistent with the fact that Go 1.23 has been out of support for almost six months.

v1.39.0

1.39.0

Features

Add MatchErrorStrictly which only passes if errors.Is(actual, expected) returns true. MatchError, by contrast, will fallback to string comparison.

v1.38.3

1.38.3

Fixes

make string formatitng more consistent for users who use format.Object directly

v1.38.2

1.38.2

• roll back to go 1.23.0 [c404969]

v1.38.1

1.38.1

Fixes

Numerous minor fixes and dependency bumps

v1.38.0

1.38.0

Features

• gstruct handles extra unexported fields [4ee7ed0]

Fixes

• support [] in IgnoringTopFunction function signatures (#851) [36bbf72]

Maintenance

• Bump golang.org/x/net from 0.40.0 to 0.41.0 (#846) [529d408]

... (truncated)

Changelog

Sourced from github.com/onsi/gomega's changelog.

1.40.0

We're adopting a new release strategy to minimize dependency bloat in projects that consume Gomega. It is a limitation of the go mod toolchain that test subdependencies of your project's direct dependencies get pulled in as indirect dependencies. In the case of Gomega, this ends up pulling in all of Ginkgo into your go.mod even if you are only using Gomega (Gomega uses Ginkgo for its own tests).

Going forward, releases will strip out all tests, tidy up the go.mod and then push this stripped down version to a new master-lite branch. These stripped-down versions will receive the vx.y.z git tag and will be picked up by the go toolchain.

Please open an issue if this new release process causes unexpected changes for your projects.

1.39.1

Update all dependencies. This auto-updated the required version of Go to 1.24, consistent with the fact that Go 1.23 has been out of support for almost six months.

1.39.0

Features

Add MatchErrorStrictly which only passes if errors.Is(actual, expected) returns true. MatchError, by contrast, will fallback to string comparison.

1.38.3

Fixes

make string formatitng more consistent for users who use format.Object directly

1.38.2

• roll back to go 1.23.0 [c404969]

1.38.1

Fixes

Numerous minor fixes and dependency bumps

1.38.0

Features

• gstruct handles extra unexported fields [4ee7ed0]

Fixes

• support [] in IgnoringTopFunction function signatures (#851) [36bbf72]

Maintenance

• Bump golang.org/x/net from 0.40.0 to 0.41.0 (#846) [529d408]
• Fix typo [acd1f55]
• Bump google.golang.org/protobuf from 1.36.5 to 1.36.6 (#835) [bae65a0]
• Bump nokogiri from 1.18.4 to 1.18.8 in /docs (#842) [8dda91f]
• Bump golang.org/x/net from 0.39.0 to 0.40.0 (#843) [212d812]
• Bump github.com/onsi/ginkgo/v2 from 2.23.3 to 2.23.4 (#839) [59bd7f9]
• Bump nokogiri from 1.18.1 to 1.18.4 in /docs (#834) [328c729]
• Bump uri from 1.0.2 to 1.0.3 in /docs (#826) [9a798a1]

... (truncated)

Commits

• 87ee9d3 v1.40.0
• ea66027 v1.40.0 (full)
• e3fd789 update docs to reflect new versioning strategy
• 7d4ee30 first push to master-lite
• e4a82d1 Bump github/codeql-action from 3 to 4 (#875)
• af62723 Bump rexml from 3.4.0 to 3.4.2 in /docs (#870)
• e164221 Bump github.com/onsi/ginkgo/v2 from 2.28.0 to 2.28.1 (#895)
• 334a282 Bump faraday from 2.12.2 to 2.14.1 in /docs (#896)
• 1a25a36 v1.39.1
• 406faee bump all deps
• Additional commits viewable in compare view

Updates github.com/zitadel/oidc/v3 from 3.34.1 to 3.47.5

Release notes

Sourced from github.com/zitadel/oidc/v3's releases.

v3.47.5

3.47.5 (2026-04-20)

Bug Fixes

• op: allow dynamic loopback ports in post_logout_redirect_uri per RFC 8252 §7.3 (#875) (fb9fbfe), closes /datatracker.ietf.org/doc/html/rfc8252#section-7 zitadel/zitadel#6615

v3.47.4

3.47.4 (2026-04-17)

Bug Fixes

• URL-encode client credentials in Basic Auth per RFC 6749 §2.3.1 (#873) (178e018), closes /datatracker.ietf.org/doc/html/rfc6749#section-2 #857 #858

v3.47.3

3.47.3 (2026-04-15)

Bug Fixes

• propagate signature verification errors correctly (#872) (49664bf)

v3.47.2

3.47.2 (2026-04-10)

Bug Fixes

• tolerate string amr claims from external providers (#855) (5f70eff)

v3.47.1

3.47.1 (2026-04-09)

Bug Fixes

• oidc server error to http status mapping (#865) (d118dd7)

v3.47.0

This release adds signing of opaque tokens. By secure default, all existing opaque access tokens emitted by OP implementations, will be invalid. Users will need to re-login. If you want a more gradual upgrade use the op.WithCrypto() option to pass a op.NewCompositeCrypto(). Use aop.NewAESCrypto() in the Decrypter slice with the existing master key.

This change does not affect client / RP / RS libraries.

What's Changed

• feat: use jose for bearer-token encryption by @​wim07101993 in zitadel/oidc@b4cf422
• chore: package upgrades by @​wim07101993 in zitadel/oidc#866

... (truncated)

Commits

• fb9fbfe fix(op): allow dynamic loopback ports in post_logout_redirect_uri per RFC 825...
• 178e018 fix: URL-encode client credentials in Basic Auth per RFC 6749 §2.3.1 (#873)
• 49664bf fix: propagate signature verification errors correctly (#872)
• 5f70eff fix: tolerate string amr claims from external providers (#855)
• 97b71d3 chore(deps): bump golang.org/x/text from 0.35.0 to 0.36.0 (#869)
• d118dd7 fix: oidc server error to http status mapping (#865)
• 2534f81 docs: update semantic title requirements (#863)
• d016375 example: set device cookie httpOnly (#868)
• b4cf422 Merge commit from fork
• 0bf0ade chore: package upgrades (#866)
• Additional commits viewable in compare view

Updates golang.org/x/sync from 0.19.0 to 0.20.0

Commits

• ec11c4a errgroup: fix a typo in the documentation
• 1a58307 all: modernize interface{} -> any
• 3172ca5 all: upgrade go directive to at least 1.25.0 [generated]
• See full diff in compare view

Updates google.golang.org/genproto/googleapis/api from 0.0.0-20260120221211-b8f7ae30c516 to 0.0.0-20260414002931-afd174a4e478

Commits

• See full diff in compare view

Updates google.golang.org/grpc from 1.80.0 to 1.81.0

Release notes

Sourced from google.golang.org/grpc's releas...

Description has been truncated

[coderabbitai]

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 49017749-7d98-4409-b7a1-7bed75e2c88d

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch dependabot/go_modules/controller/go-dependencies-a3853ca711

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}