Bump the gomod group with 20 updates

[dependabot]

Bumps the gomod group with 20 updates:

Package	From	To
github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring	0.85.0	0.87.0
go.uber.org/zap	1.27.0	1.27.1
github.com/cyphar/filepath-securejoin	0.6.0	0.6.1
github.com/go-openapi/swag	0.25.1	0.25.3
github.com/go-openapi/swag/cmdutils	0.25.1	0.25.3
github.com/go-openapi/swag/conv	0.25.1	0.25.3
github.com/go-openapi/swag/fileutils	0.25.1	0.25.3
github.com/go-openapi/swag/jsonname	0.25.1	0.25.3
github.com/go-openapi/swag/jsonutils	0.25.1	0.25.3
github.com/go-openapi/swag/loading	0.25.1	0.25.3
github.com/go-openapi/swag/mangling	0.25.1	0.25.3
github.com/go-openapi/swag/netutils	0.25.1	0.25.3
github.com/go-openapi/swag/stringutils	0.25.1	0.25.3
github.com/go-openapi/swag/typeutils	0.25.1	0.25.3
github.com/go-openapi/swag/yamlutils	0.25.1	0.25.3
github.com/google/gnostic-models	0.6.9	0.7.0
github.com/prometheus/common	0.67.2	0.67.4
golang.org/x/crypto	0.44.0	0.45.0
google.golang.org/grpc	1.76.0	1.77.0
helm.sh/helm/v3	3.18.6	3.19.1

Updates github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring from 0.85.0 to 0.87.0

Release notes

Sourced from github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring's releases.

0.87.0 / 2025-11-20

• [FEATURE] Add status subresource for PrometheusRule custom resources (requires the StatusForConfigurationResources feature gate). #8069 #8086 #8024 #8005
• [ENHANCEMENT] Avoid statefulset's rollout due to changes in the number of rule configmaps for Prometheus and ThanosRuler. #8010
• [ENHANCEMENT] Support Azure system-assigned managed identities for remote-write configuration. #7815
• [ENHANCEMENT] Add monospace field to to pushoverConfig receiver in AlertmanagerConfig CRD. #8018
• [BUGFIX] Propagate Certificate Authority updates for HTTP configuration in Alertmanager's global configuration. #8089

0.86.2 / 2025-11-07

• [CHANGE/BUGFIX] Fix operator's permissions to emit Kubernetes events. #8077

0.86.1 / 2025-10-13

• [BUGFIX] Fix formatting of Kubernetes events. #8015

0.86.0 / 2025-10-07

[!NOTE] This release introduces the status subresource (behind the StatusForConfigurationResources feature gate) for ServiceMonitor, PodMonitor, Probe and Scrapeconfig custom resources. It is only supported for Prometheus resources.

[!IMPORTANT] This release enables automatic UTF-8 character support in label names, metric names and PrometheusRule expressions for Prometheus/PrometheusAgent resources running with version >= 3.0.0.

To preserve backward compatibility, the admission webhook service validates PrometheusRule resources against the legacy Prometheus scheme by default (but it can be changed with the --name-validation-scheme flag).

• [CHANGE] Remove automatic addition of the metadata-wal-records feature flag for Prometheus versions >= 3.4. #7893
• [CHANGE] Add miscellaneous validations to the ScrapeConfig CRD. #7856 #7823 #7835 #7838 #7838 ##7966
• [CHANGE/FEATURE] Add support for UTF-8 characters to label names and metric names in PrometheusRule resources and relabel configurations. #7637 #7985
• [FEATURE] Add the flag --name-validation-scheme to admission webhook to select between utf8 and legacy validations. #7985
• [FEATURE] Add status subresource for ServiceMonitor custom resources (requires the StatusForConfigurationResources feature gate). #7767 #7836 #7827 #7795
• [FEATURE] Add status subresource for PodMonitor custom resources (requires the StatusForConfigurationResources feature gate). #7929 #7914 #7936
• [FEATURE] Add status subresource for ScrapeConfig custom resources (requires the StatusForConfigurationResources feature gate). #7958 #7964 #7969
• [FEATURE] Add status subresource for Probe custom resources (requires the StatusForConfigurationResources feature gate). #7933 #7934 #7980
• [FEATURE] Add serviceDiscoveryRole field to ServiceMonitor. #7982
• [FEATURE] Add useFIPSSTSEndpoint field to Sigv4 config. #7987
• [FEATURE] Add UnderscoreEscapingWithoutSuffixes to the translationStrategy field for the Prometheus and PrometheusAgent CRDs. #7947
• [FEATURE] Add promoteScopeMetadata field to the Prometheus and PrometheusAgent CRDs. #7803
• [FEATURE] Add enableHttp2 field to Alertmanager and AlertmanagerConfig CRDs. #7963
• [ENHANCEMENT] Add the related object to the events emitted by the operator. #7867 #7953
• [ENHANCEMENT] Add webhook validation for the MSTeams V2 receiver of AlertmanagerConfig CRD. #7906
• [ENHANCEMENT] Add app.kubernetes.io/managed-by: prometheus-operator label to all managed resources. #7939
• [BUGFIX] Prevent duplicate authentication settings in PodMonitor. #7975
• [BUGFIX] Use distinct port name for the config-reloader init container to avoid duplicate port name warnings. #7904
• [BUGFIX] Validate the PagerDuty URL in the Alertmanager's global configuration. #7945

Changelog

Sourced from github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring's changelog.

0.87.0 / 2025-11-20

• [FEATURE] Add status subresource for PrometheusRule custom resources (requires the StatusForConfigurationResources feature gate). #8069 #8086 #8024 #8005
• [ENHANCEMENT] Avoid statefulset's rollout due to changes in the number of rule configmaps for Prometheus and ThanosRuler. #8010
• [ENHANCEMENT] Support Azure system-assigned managed identities for remote-write configuration. #7815
• [ENHANCEMENT] Add monospace field to to pushoverConfig receiver in AlertmanagerConfig CRD. #8018
• [BUGFIX] Propagate Certificate Authority updates for HTTP configuration in Alertmanager's global configuration. #8089

0.86.2 / 2025-11-07

• [CHANGE/BUGFIX] Fix operator's permissions to emit Kubernetes events. #8077

0.86.1 / 2025-10-13

• [BUGFIX] Fix formatting of Kubernetes events. #8015

0.86.0 / 2025-10-07

[!NOTE] This release introduces the status subresource (behind the StatusForConfigurationResources feature gate) for ServiceMonitor, PodMonitor, Probe and Scrapeconfig custom resources. It is only supported for Prometheus resources.

[!IMPORTANT] This release enables automatic UTF-8 character support in label names, metric names and PrometheusRule expressions for Prometheus/PrometheusAgent resources running with version >= 3.0.0.

To preserve backward compatibility, the admission webhook service validates PrometheusRule resources against the legacy Prometheus scheme by default (but it can be changed with the --name-validation-scheme flag).

• [CHANGE] Remove automatic addition of the metadata-wal-records feature flag for Prometheus versions >= 3.4. #7893
• [CHANGE] Add miscellaneous validations to the ScrapeConfig CRD. #7856 #7823 #7835 #7838 #7838 #7966
• [CHANGE/FEATURE] Add support for UTF-8 characters to label names and metric names in PrometheusRule resources and relabel configurations. #7637 #7985
• [FEATURE] Add the flag --name-validation-scheme to admission webhook to select between utf8 and legacy validations. #7985
• [FEATURE] Add status subresource for ServiceMonitor custom resources (requires the StatusForConfigurationResources feature gate). #7767 #7836 #7827 #7795
• [FEATURE] Add status subresource for PodMonitor custom resources (requires the StatusForConfigurationResources feature gate). #7929 #7914 #7936
• [FEATURE] Add status subresource for ScrapeConfig custom resources (requires the StatusForConfigurationResources feature gate). #7958 #7964 #7969
• [FEATURE] Add status subresource for Probe custom resources (requires the StatusForConfigurationResources feature gate). #7933 #7934 #7980
• [FEATURE] Add serviceDiscoveryRole field to ServiceMonitor. #7982
• [FEATURE] Add useFIPSSTSEndpoint field to Sigv4 config. #7987
• [FEATURE] Add UnderscoreEscapingWithoutSuffixes to the translationStrategy field for the Prometheus and PrometheusAgent CRDs. #7947
• [FEATURE] Add promoteScopeMetadata field to the Prometheus and PrometheusAgent CRDs. #7803
• [FEATURE] Add enableHttp2 field to Alertmanager and AlertmanagerConfig CRDs. #7963
• [ENHANCEMENT] Add the related object to the events emitted by the operator. #7867 #7953
• [ENHANCEMENT] Add webhook validation for the MSTeams V2 receiver of AlertmanagerConfig CRD. #7906
• [ENHANCEMENT] Add app.kubernetes.io/managed-by: prometheus-operator label to all managed resources. #7939
• [BUGFIX] Prevent duplicate authentication settings in PodMonitor. #7975
• [BUGFIX] Use distinct port name for the config-reloader init container to avoid duplicate port name warnings. #7904
• [BUGFIX] Validate the PagerDuty URL in the Alertmanager's global configuration. #7945

Commits

• 0ff52b3 Cut 0.87.0 (#8109)
• ddbbdf4 chore: cut v0.87.0
• d4e674c Skip medium.com links in mdox configuration
• d1ff82e feat: add support for monospace in pushoverConfig (#8018)
• df692bf Feat: set Azure Manage Identity Client ID default to empty value (#7815)
• 3f31a1d Merge pull request #8105 from prometheus-operator/dependabot/go_modules/githu...
• 5be255a build(deps): bump github.com/prometheus/common from 0.67.2 to 0.67.3
• b128cbb chore: bump k8s dependencies to v0.34.2 (#8096)
• 7300032 chore: bump k8s dependencies to v0.34.2
• c8c9492 chore: update golangci-lint version to v2.6.1 (#8093)
• Additional commits viewable in compare view

Updates go.uber.org/zap from 1.27.0 to 1.27.1

Release notes

Sourced from go.uber.org/zap's releases.

v1.27.1

Enhancements:

• #1501[]: prevent Object from panicking on nils
• #1511[]: Fix a race condition in WithLazy.

Thanks to @​rabbbit, @​alshopov, @​jquirke, @​arukiidou for their contributions to this release.

#1501: uber-go/zap#1501 #1511: uber-go/zap#1511

Changelog

Sourced from go.uber.org/zap's changelog.

1.27.1 (19 Nov 2025)

Enhancements:

• #1501[]: prevent Object from panicking on nils
• #1511[]: Fix a race condition in WithLazy.

Thanks to @​rabbbit, @​alshopov, @​jquirke, @​arukiidou for their contributions to this release.

#1501: uber-go/zap#1501 #1511: uber-go/zap#1511

Commits

• 7b755a3 release 1.27.1 (#1521)
• d6b395b Update lazy logger not to materialize unless it's being written to (#1519)
• 4b9cea0 ci: Test with Go 1.24, Go 1.25 (#1508)
• 7c80d7b Fix race condition in WithLazy implementation (#1426) (#1511)
• 07077a6 Prevent zap.Object from panicing on nils (#1501)
• a6afd05 Fix lint check name (#1502)
• 6d48253 chore: fix typo (#1482)
• 32f2ec1 Fix the field test for bool type (#1480)
• fe16eb5 Upgrade grpc in zapgrc test package & bump go version (#1478)
• 5f00c34 test(AtomicLevel): demonstrate Handler is not vulnerable to XSS (#1477)
• Additional commits viewable in compare view

Updates github.com/cyphar/filepath-securejoin from 0.6.0 to 0.6.1

Changelog

Sourced from github.com/cyphar/filepath-securejoin's changelog.

[0.6.1] - 2025-11-19

At last up jumped the cunning spider, and fiercely held her fast.

Fixed

• Our logic for deciding whether to use openat2(2) or fallback to an O_PATH resolver would cache the result to avoid doing needless test runs of openat2(2). However, this causes issues when pathrs-lite is being used by a program that applies new seccomp-bpf filters onto itself -- if the filter denies openat2(2) then we would return that error rather than falling back to the O_PATH resolver. To resolve this issue, we no longer cache the result if openat2(2) was successful, only if there was an error.
• A file descriptor leak in our openat2 wrapper (when doing the necessary dup for RESOLVE_IN_ROOT) has been removed.

[0.5.2] - 2025-11-19

"Will you walk into my parlour?" said a spider to a fly.

Fixed

• Our logic for deciding whether to use openat2(2) or fallback to an O_PATH resolver would cache the result to avoid doing needless test runs of openat2(2). However, this causes issues when pathrs-lite is being used by a program that applies new seccomp-bpf filters onto itself -- if the filter denies openat2(2) then we would return that error rather than falling back to the O_PATH resolver. To resolve this issue, we no longer cache the result if openat2(2) was successful, only if there was an error.
• A file descriptor leak in our openat2 wrapper (when doing the necessary dup for RESOLVE_IN_ROOT) has been removed.

Commits

• 9c4135b VERSION: release 0.6.1
• d952bef merge v0.5.x branch into main
• deb72a4 CHANGELOG: fix unreleased links
• 336bf8f merge #87 into cyphar/filepath-securejoin:v0.5.x
• 23c6e21 VERSION: back to development
• 6311ca8 VERSION: release v0.5.2
• 91da803 merge #86 into cyphar/filepath-securejoin:v0.5.x
• 4dbce7c gopathrs: close the fd after dup in openat2
• 1eaadd6 merge #85 into cyphar/filepath-securejoin:main
• c1c2a53 gopathrs: close the fd after dup in openat2
• Additional commits viewable in compare view

Updates github.com/go-openapi/swag from 0.25.1 to 0.25.3

Commits

• 4db976a prepare v0.25.3
• c65e588 fix(mangler): name mangler panics on trailing pluralized initialisms
• 47cac45 ci: lint now runs in 1 single job, not a matrix
• 5434c90 lint: fix modernize issues
• ca4d1dd build(deps): bump the development-dependencies group across 2 directories wit...
• 8e10796 fix(typo): correct typos in funcs, comments, and docs
• 274f279 build(deps): bump the development-dependencies group across 2 directories wit...
• 23684ce build(deps): bump the development-dependencies group across 2 directories wit...
• 48179bd fixup dependabot.yaml
• 59456ad ci: pinned github actions used with their sha...
• Additional commits viewable in compare view

Updates github.com/go-openapi/swag/cmdutils from 0.25.1 to 0.25.3

Commits

• 4db976a prepare v0.25.3
• c65e588 fix(mangler): name mangler panics on trailing pluralized initialisms
• 47cac45 ci: lint now runs in 1 single job, not a matrix
• 5434c90 lint: fix modernize issues
• ca4d1dd build(deps): bump the development-dependencies group across 2 directories wit...
• 8e10796 fix(typo): correct typos in funcs, comments, and docs
• 274f279 build(deps): bump the development-dependencies group across 2 directories wit...
• 23684ce build(deps): bump the development-dependencies group across 2 directories wit...
• 48179bd fixup dependabot.yaml
• 59456ad ci: pinned github actions used with their sha...
• Additional commits viewable in compare view

Updates github.com/go-openapi/swag/conv from 0.25.1 to 0.25.3

Commits

• 4db976a prepare v0.25.3
• c65e588 fix(mangler): name mangler panics on trailing pluralized initialisms
• 47cac45 ci: lint now runs in 1 single job, not a matrix
• 5434c90 lint: fix modernize issues
• ca4d1dd build(deps): bump the development-dependencies group across 2 directories wit...
• 8e10796 fix(typo): correct typos in funcs, comments, and docs
• 274f279 build(deps): bump the development-dependencies group across 2 directories wit...
• 23684ce build(deps): bump the development-dependencies group across 2 directories wit...
• 48179bd fixup dependabot.yaml
• 59456ad ci: pinned github actions used with their sha...
• Additional commits viewable in compare view

Updates github.com/go-openapi/swag/fileutils from 0.25.1 to 0.25.3

Commits

• 4db976a prepare v0.25.3
• c65e588 fix(mangler): name mangler panics on trailing pluralized initialisms
• 47cac45 ci: lint now runs in 1 single job, not a matrix
• 5434c90 lint: fix modernize issues
• ca4d1dd build(deps): bump the development-dependencies group across 2 directories wit...
• 8e10796 fix(typo): correct typos in funcs, comments, and docs
• 274f279 build(deps): bump the development-dependencies group across 2 directories wit...
• 23684ce build(deps): bump the development-dependencies group across 2 directories wit...
• 48179bd fixup dependabot.yaml
• 59456ad ci: pinned github actions used with their sha...
• Additional commits viewable in compare view

Updates github.com/go-openapi/swag/jsonname from 0.25.1 to 0.25.3

Commits

• 4db976a prepare v0.25.3
• c65e588 fix(mangler): name mangler panics on trailing pluralized initialisms
• 47cac45 ci: lint now runs in 1 single job, not a matrix
• 5434c90 lint: fix modernize issues
• ca4d1dd build(deps): bump the development-dependencies group across 2 directories wit...
• 8e10796 fix(typo): correct typos in funcs, comments, and docs
• 274f279 build(deps): bump the development-dependencies group across 2 directories wit...
• 23684ce build(deps): bump the development-dependencies group across 2 directories wit...
• 48179bd fixup dependabot.yaml
• 59456ad ci: pinned github actions used with their sha...
• Additional commits viewable in compare view

Updates github.com/go-openapi/swag/jsonutils from 0.25.1 to 0.25.3

Commits

• 4db976a prepare v0.25.3
• c65e588 fix(mangler): name mangler panics on trailing pluralized initialisms
• 47cac45 ci: lint now runs in 1 single job, not a matrix
• 5434c90 lint: fix modernize issues
• ca4d1dd build(deps): bump the development-dependencies group across 2 directories wit...
• 8e10796 fix(typo): correct typos in funcs, comments, and docs
• 274f279 build(deps): bump the development-dependencies group across 2 directories wit...
• 23684ce build(deps): bump the development-dependencies group across 2 directories wit...
• 48179bd fixup dependabot.yaml
• 59456ad ci: pinned github actions used with their sha...
• Additional commits viewable in compare view

Updates github.com/go-openapi/swag/loading from 0.25.1 to 0.25.3

Commits

• 4db976a prepare v0.25.3
• c65e588 fix(mangler): name mangler panics on trailing pluralized initialisms
• 47cac45 ci: lint now runs in 1 single job, not a matrix
• 5434c90 lint: fix modernize issues
• ca4d1dd build(deps): bump the development-dependencies group across 2 directories wit...
• 8e10796 fix(typo): correct typos in funcs, comments, and docs
• 274f279 build(deps): bump the development-dependencies group across 2 directories wit...
• 23684ce build(deps): bump the development-dependencies group across 2 directories wit...
• 48179bd fixup dependabot.yaml
• 59456ad ci: pinned github actions used with their sha...
• Additional commits viewable in compare view

Updates github.com/go-openapi/swag/mangling from 0.25.1 to 0.25.3

Commits

• 4db976a prepare v0.25.3
• c65e588 fix(mangler): name mangler panics on trailing pluralized initialisms
• 47cac45 ci: lint now runs in 1 single job, not a matrix
• 5434c90 lint: fix modernize issues
• ca4d1dd build(deps): bump the development-dependencies group across 2 directories wit...
• 8e10796 fix(typo): correct typos in funcs, comments, and docs
• 274f279 build(deps): bump the development-dependencies group across 2 directories wit...
• 23684ce build(deps): bump the development-dependencies group across 2 directories wit...
• 48179bd fixup dependabot.yaml
• 59456ad ci: pinned github actions used with their sha...
• Additional commits viewable in compare view

Updates github.com/go-openapi/swag/netutils from 0.25.1 to 0.25.3

Commits

• 4db976a prepare v0.25.3
• c65e588 fix(mangler): name mangler panics on trailing pluralized initialisms
• 47cac45 ci: lint now runs in 1 single job, not a matrix
• 5434c90 lint: fix modernize issues
• ca4d1dd build(deps): bump the development-dependencies group across 2 directories wit...
• 8e10796 fix(typo): correct typos in funcs, comments, and docs
• 274f279 build(deps): bump the development-dependencies group across 2 directories wit...
• 23684ce build(deps): bump the development-dependencies group across 2 directories wit...
• 48179bd fixup dependabot.yaml
• 59456ad ci: pinned github actions used with their sha...
• Additional commits viewable in compare view

Updates github.com/go-openapi/swag/stringutils from 0.25.1 to 0.25.3

Commits

• 4db976a prepare v0.25.3
• c65e588 fix(mangler): name mangler panics on trailing pluralized initialisms
• 47cac45 ci: lint now runs in 1 single job, not a matrix
• 5434c90 lint: fix modernize issues
• ca4d1dd build(deps): bump the development-dependencies group across 2 directories wit...
• 8e10796 fix(typo): correct typos in funcs, comments, and docs
• 274f279 build(deps): bump the development-dependencies group across 2 directories wit...
• 23684ce build(deps): bump the development-dependencies group across 2 directories wit...
• 48179bd fixup dependabot.yaml
• 59456ad ci: pinned github actions used with their sha...
• Additional commits viewable in compare view

Updates github.com/go-openapi/swag/typeutils from 0.25.1 to 0.25.3

Commits

• 4db976a prepare v0.25.3
• c65e588 fix(mangler): name mangler panics on trailing pluralized initialisms
• 47cac45 ci: lint now runs in 1 single job, not a matrix
• 5434c90 lint: fix modernize issues
• ca4d1dd build(deps): bump the development-dependencies group across 2 directories wit...
• 8e10796 fix(typo): correct typos in funcs, comments, and docs
• 274f279 build(deps): bump the development-dependencies group across 2 directories wit...
• 23684ce build(deps): bump the development-dependencies group across 2 directories wit...
• 48179bd fixup dependabot.yaml
• 59456ad ci: pinned github actions used with their sha...
• Additional commits viewable in compare view

Updates github.com/go-openapi/swag/yamlutils from 0.25.1 to 0.25.3

Commits

• 4db976a prepare v0.25.3
• c65e588 fix(mangler): name mangler panics on trailing pluralized initialisms
• 47cac45 ci: lint now runs in 1 single job, not a matrix
• 5434c90 lint: fix modernize issues
• ca4d1dd build(deps): bump the development-dependencies group across 2 directories wit...
• 8e10796 fix(typo): correct typos in funcs, comments, and docs
• 274f279 build(deps): bump the development-dependencies group across 2 directories wit...
• 23684ce build(deps): bump the development-dependencies group across 2 directories wit...
• 48179bd fixup dependabot.yaml
• 59456ad ci: pinned github actions used with their sha...
• Additional commits viewable in compare view

Updates github.com/google/gnostic-models from 0.6.9 to 0.7.0

Commits

• 82b4ba0 Fix go.mod
• 1214835 update yaml library to go.yaml.in/yaml
• 511df6b update README to 2025
• fbe822a Update README to 2024
• d9cde49 chore: omit comparison to bool constant
• 8f45726 chore: unnecessary use of fmt.Sprintf
• d47ab80 add manual trigger github actions
• 164b47f Disable protoc download in CI
• See full diff in compare view

Updates github.com/prometheus/common from 0.67.2 to 0.67.4

Release notes

Sourced from github.com/prometheus/common's releases.

v0.67.4 / 2025-11-18

What's Changed

• chore: clean up golangci-lint configuration by @​mmorel-35 in prometheus/common#782
• chore: 'omitempty' to Oauth2 fields with type Secret to avoid requiring them by @​JorTurFer in prometheus/common#864
• chore: Add omitempty tag to all config fields by @​JorTurFer in prometheus/common#865

Full Changelog: prometheus/common@v0.67.3...v0.67.4

v0.67.3 / 2025-11-18

What's Changed

• Support JWT Profile for Authorization Grant (RFC 7523 3.1) by @​JorTurFer in prometheus/common#862
• Config: remove outdated comment about HTTP/2 issues by @​bboreham in prometheus/common#863

New Contributors

• @​JorTurFer made their first contribution in prometheus/common#862

Full Changelog: prometheus/common@v0.67.2...v0.67.3

Changelog

Sourced from github.com/prometheus/common's changelog.

Changelog

main / unreleased

What's Changed

Commits

• d80d854 chore: Add omitempty tag to all config fields (#865)
• 04686b2 chore: 'omitempty' to Oauth2 fields with type Secret to avoid requiring them ...
• 0b2fbf3 chore: clean up golangci-lint configuration (#782)
• b2cdb07 Merge pull request #863 from prometheus/remove-http2-comment
• cd1ab56 Config: remove outdated comment about HTTP/2 issues
• f4c0aea Support JWT Profile for Authorization Grant (RFC 7523 3.1) (#862)
• See full diff in compare view

Updates golang.org/x/crypto from 0.44.0 to 0.45.0

Commits

• 4e0068c go.mod: update golang.org/x dependencies
• e79546e ssh: curb GSSAPI DoS risk by limiting number of specified OIDs
• f91f7a7 ssh/agent: prevent panic on malformed constraint
• 2df4153 acme/autocert: let automatic renewal work with short lifetime certs
• bcf6a84 acme: pass context to request
• b4f2b62 ssh: fix error message on unsupported cipher
• 79ec3a5 ssh: allow to bind to a hostname in remote forwarding
• See full diff in compare view

Updates google.golang.org/grpc from 1.76.0 to 1.77.0

Release notes

Sourced from google.golang.org/grpc's releases.

Release 1.77.0

API Changes

• mem: Replace the Reader interface with a struct for better performance and maintainability. (#8669)

Behavior Changes

• balancer/pickfirst: Remove support for the old pick_first LB policy via the environment variable GRPC_EXPERIMENTAL_ENABLE_NEW_PICK_FIRST=false. The new pick_first has been the default since v1.71.0. (#8672)

Bug Fixes

• xdsclient: Fix a race condition in the ADS stream implementation that could result in resource-not-found errors, causing the gRPC client channel to move to TransientFailure. (#8605)
• client: Ignore HTTP status header for gRPC streams. (#8548)
• client: Set a read deadline when closing a transport to prevent it from blocking indefinitely on a broken connection. (#8534)
  • Special Thanks: @​jgold2-stripe
• client: Fix a bug where default port 443 was not automatically added to addresses without a specified port ...

  Description has been truncated

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: dependabot[bot]
Once this PR has been reviewed and has the lgtm label, please assign dhaiducek for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment