Skip to content

Bump the go-dependencies group across 1 directory with 9 updates#61

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/go_modules/go-dependencies-6124081609
Open

Bump the go-dependencies group across 1 directory with 9 updates#61
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/go_modules/go-dependencies-6124081609

Conversation

@dependabot
Copy link

@dependabot dependabot bot commented on behalf of github Feb 23, 2026

Bumps the go-dependencies group with 8 updates in the / directory:

Package From To
github.com/argoproj/argo-cd/v3 3.3.0 3.3.2
github.com/argoproj/gitops-engine 0.7.1-0.20250908182407-97ad5b59a627 0.7.3
github.com/coreos/go-oidc/v3 3.14.1 3.17.0
github.com/go-chi/chi/v5 5.0.11 5.2.5
github.com/redis/go-redis/v9 9.14.1 9.18.0
gitlab.com/gitlab-org/api/client-go 1.28.1 1.41.0
golang.org/x/oauth2 0.34.0 0.35.0
k8s.io/apiextensions-apiserver 0.34.0 0.35.1

Updates github.com/argoproj/argo-cd/v3 from 3.3.0 to 3.3.2

Release notes

Sourced from github.com/argoproj/argo-cd/v3's releases.

v3.3.2

[!IMPORTANT] Before upgrading all types of Argo CD installations to this release, please read the upgrade guide first: https://argo-cd.readthedocs.io/en/stable/operator-manual/upgrading/3.2-3.3/#breaking-changes

Upgrading Argo CD which is managing itself

Users who have an Argo CD Application that manages their Argo CD installation, must enable ServerSideApply=true sync option on this Application in order for the upgrade to succeed.

The issue with failed to perform client-side apply migration that existed on version 3.3.0 and 3.3.1 has been solved in this release: argoproj/argo-cd#26279

For users who have previously upgraded to Argo CD 3.3.0or 3.3.1 and applied the temporary remediation of ClientSideApplyMigration=false sync option on the Application that manages their Argo CD, are required to remove this setting to restore the default behavior of performing the migration. The reason for removing the ClientSideApplyMigration=false sync option is that it may cause conflicts between Argo CD K8s field manager and other field managers at a later point in time.

More details here: https://argo-cd.readthedocs.io/en/stable/user-guide/sync-options/#client-side-apply-migration

Quick Start

Non-HA:

kubectl create namespace argocd
kubectl apply -n argocd --server-side --force-conflicts -f https://raw.githubusercontent.com/argoproj/argo-cd/v3.3.2/manifests/install.yaml

HA:

kubectl create namespace argocd
kubectl apply -n argocd --server-side --force-conflicts -f https://raw.githubusercontent.com/argoproj/argo-cd/v3.3.2/manifests/ha/install.yaml

Release Signatures and Provenance

All Argo CD container images are signed by cosign. A Provenance is generated for container images and CLI binaries which meet the SLSA Level 3 specifications. See the documentation on how to verify.

Release Notes Blog Post

For a detailed breakdown of the key changes and improvements in this release, check out the official blog post

Upgrading

If upgrading from a different minor version, be sure to read the upgrading documentation.

Changelog

Bug fixes

Documentation

... (truncated)

Commits
  • 8a3940d Bump version to 3.3.2 on release-3.3 branch (#26550)
  • 1bf62ae docs: instruct to enable ClientSideApplyMigration in 3.3.2 (cherry-pick #2654...
  • 67c2319 fix: use csapgrade to patch managedFields for client-side apply migration (ch...
  • 326a1db Bump version to 3.3.1 on release-3.3 branch (#26501)
  • d0b2a6c fix: Fix excessive ls-remote requests on monorepos with Auto Sync enabled a...
  • e464f6a fix: AppProject finalizer should consider apps in all allowed namespaces (#24...
  • 4b0a2c0 chore: bumps ubuntu base docker image to 25.10 (cherry-pick #25758 for 3.3) (...
  • 8449d9a fix(server): OIDC config via secrets fails (#18269) (cherry-pick #26214 for 3...
  • 92df21c chore(appset): cherry-pick basic progressive sync e2e tests (#26092) (#26191)
  • 2449314 test(e2e): add isolation by ensuring unique name (cherry-pick #25724 for 3.3)...
  • Additional commits viewable in compare view

Updates github.com/argoproj/gitops-engine from 0.7.1-0.20250908182407-97ad5b59a627 to 0.7.3

Commits

Updates github.com/coreos/go-oidc/v3 from 3.14.1 to 3.17.0

Release notes

Sourced from github.com/coreos/go-oidc/v3's releases.

v3.17.0

What's Changed

Full Changelog: coreos/go-oidc@v3.16.0...v3.17.0

v3.16.0

What's Changed

New Contributors

Full Changelog: coreos/go-oidc@v3.15.0...v3.16.0

v3.15.0

What's Changed

Full Changelog: coreos/go-oidc@v3.14.1...v3.15.0

Commits
  • 35b8e03 oidc: improve error message for mismatched issuer URLs
  • e958473 bump go to 1.24, remove 1.23 support, bump go-jose dependency, remove x/net d...
  • 69b1670 refactor: Remove unused time injection from RemoteKeySet
  • 8d1e57e oidc: verify the ID Token's signature before processing claims
  • See full diff in compare view

Updates github.com/go-chi/chi/v5 from 5.0.11 to 5.2.5

Release notes

Sourced from github.com/go-chi/chi/v5's releases.

v5.2.5

What's Changed

New Contributors

Full Changelog: go-chi/chi@v5.2.3...v5.2.5

v5.2.3

What's Changed

New Contributors

Full Changelog: go-chi/chi@v5.2.2...v5.2.3

v5.2.2

What's Changed

... (truncated)

Changelog

Sourced from github.com/go-chi/chi/v5's changelog.

Changelog

v5.0.12 (2024-02-16)

Commits
  • 05f1ef7 fix(middleware): add missing return in RouteHeaders empty check (#1045)
  • 6eb3588 middleware: harden RedirectSlashes handler (#1044)
  • de0d16e Update comment about min Go version (#1023)
  • 9fb4a15 update reverseMethodMap in RegisterMethod (#1022)
  • 51c977c Refactor to use atomic type (#1019)
  • 563ab11 Refactor graceful shutdown example (#994)
  • a52c582 Bump minimum Go and use new features (#1017)
  • 9b9fb55 Replace methodTypString func with reverseMethodMap (#1018)
  • 0265fcd refactor: iterative wildcard collapsing and add test for consecutive wildcard...
  • cf537d4 Optimize throttle middleware by avoiding unnecessary timer creation (#1011)
  • Additional commits viewable in compare view

Updates github.com/redis/go-redis/v9 from 9.14.1 to 9.18.0

Release notes

Sourced from github.com/redis/go-redis/v9's releases.

9.18.0

Redis 8.6 Support

Added support for Redis 8.6, including new commands and features for streams idempotent production and HOTKEYS.

Smart Client Handoff (Maintenance Notifications) for Cluster

note: Pending RS version release

This release introduces comprehensive support for Redis Enterprise Cluster maintenance notifications via SMIGRATING/SMIGRATED push notifications. The client now automatically handles slot migrations by:

  • Relaxing timeouts during migration (SMIGRATING) to prevent false failures
  • Triggering lazy cluster state reloads upon completion (SMIGRATED)
  • Enabling seamless operations during Redis Enterprise maintenance windows

(#3643) by @​ndyakov

OpenTelemetry Native Metrics Support

Added comprehensive OpenTelemetry metrics support following the OpenTelemetry Database Client Semantic Conventions. The implementation uses a Bridge Pattern to keep the core library dependency-free while providing optional metrics instrumentation through the new extra/redisotel-native package.

Metric groups include:

  • Command metrics: Operation duration with retry tracking
  • Connection basic: Connection count and creation time
  • Resiliency: Errors, handoffs, timeout relaxation
  • Connection advanced: Wait time and use time
  • Pubsub metrics: Published and received messages
  • Stream metrics: Processing duration and maintenance notifications

(#3637) by @​ofekshenawa

✨ New Features

  • HOTKEYS Commands: Added support for Redis HOTKEYS feature for identifying hot keys based on CPU consumption and network utilization (#3695) by @​ofekshenawa
  • Streams Idempotent Production: Added support for Redis 8.6+ Streams Idempotent Production with ProducerID, IdempotentID, IdempotentAuto in XAddArgs and new XCFGSET command (#3693) by @​ofekshenawa
  • NaN Values for TimeSeries: Added support for NaN (Not a Number) values in Redis time series commands (#3687) by @​ofekshenawa
  • DialerRetries Options: Added DialerRetries and DialerRetryTimeout to ClusterOptions, RingOptions, and FailoverOptions (#3686) by @​naveenchander30
  • ConnMaxLifetimeJitter: Added jitter configuration to distribute connection expiration times and prevent thundering herd (#3666) by @​cyningsun
  • Digest Helper Functions: Added DigestString and DigestBytes helper functions for client-side xxh3 hashing compatible with Redis DIGEST command (#3679) by @​ofekshenawa
  • SMIGRATED New Format: Updated SMIGRATED parser to support new format and remember original host:port (#3697) by @​ndyakov
  • Cluster State Reload Interval: Added cluster state reload interval option for maintenance notifications (#3663) by @​ndyakov

🐛 Bug Fixes

  • PubSub nil pointer dereference: Fixed nil pointer dereference in PubSub after WithTimeout() - pubSubPool is now properly cloned (#3710) by @​Copilot
  • MaintNotificationsConfig nil check: Guard against nil MaintNotificationsConfig in initConn (#3707) by @​veeceey
  • wantConnQueue zombie elements: Fixed zombie wantConn elements accumulation in wantConnQueue (#3680) by @​cyningsun
  • XADD/XTRIM approx flag: Fixed XADD and XTRIM to use = when approx is false (#3684) by @​ndyakov
  • Sentinel timeout retry: When connection to a sentinel times out, attempt to connect to other sentinels (#3654) by @​cxljs

... (truncated)

Changelog

Sourced from github.com/redis/go-redis/v9's changelog.

9.18.0 (2026-02-16)

🚀 Highlights

Redis 8.6 Support

Added support for Redis 8.6, including new commands and features for streams idempotent production and HOTKEYS.

Smart Client Handoff (Maintenance Notifications) for Cluster

This release introduces comprehensive support for Redis Cluster maintenance notifications via SMIGRATING/SMIGRATED push notifications. The client now automatically handles slot migrations by:

  • Relaxing timeouts during migration (SMIGRATING) to prevent false failures
  • Triggering lazy cluster state reloads upon completion (SMIGRATED)
  • Enabling seamless operations during Redis Enterprise maintenance windows

(#3643) by @​ndyakov

OpenTelemetry Native Metrics Support

Added comprehensive OpenTelemetry metrics support following the OpenTelemetry Database Client Semantic Conventions. The implementation uses a Bridge Pattern to keep the core library dependency-free while providing optional metrics instrumentation through the new extra/redisotel-native package.

Metric groups include:

  • Command metrics: Operation duration with retry tracking
  • Connection basic: Connection count and creation time
  • Resiliency: Errors, handoffs, timeout relaxation
  • Connection advanced: Wait time and use time
  • Pubsub metrics: Published and received messages
  • Stream metrics: Processing duration and maintenance notifications

(#3637) by @​ofekshenawa

✨ New Features

  • HOTKEYS Commands: Added support for Redis HOTKEYS feature for identifying hot keys based on CPU consumption and network utilization (#3695) by @​ofekshenawa
  • Streams Idempotent Production: Added support for Redis 8.6+ Streams Idempotent Production with ProducerID, IdempotentID, IdempotentAuto in XAddArgs and new XCFGSET command (#3693) by @​ofekshenawa
  • NaN Values for TimeSeries: Added support for NaN (Not a Number) values in Redis time series commands (#3687) by @​ofekshenawa
  • DialerRetries Options: Added DialerRetries and DialerRetryTimeout to ClusterOptions, RingOptions, and FailoverOptions (#3686) by @​naveenchander30
  • ConnMaxLifetimeJitter: Added jitter configuration to distribute connection expiration times and prevent thundering herd (#3666) by @​cyningsun
  • Digest Helper Functions: Added DigestString and DigestBytes helper functions for client-side xxh3 hashing compatible with Redis DIGEST command (#3679) by @​ofekshenawa
  • SMIGRATED New Format: Updated SMIGRATED parser to support new format and remember original host:port (#3697) by @​ndyakov
  • Cluster State Reload Interval: Added cluster state reload interval option for maintenance notifications (#3663) by @​ndyakov

🐛 Bug Fixes

  • PubSub nil pointer dereference: Fixed nil pointer dereference in PubSub after WithTimeout() - pubSubPool is now properly cloned (#3710) by @​Copilot
  • MaintNotificationsConfig nil check: Guard against nil MaintNotificationsConfig in initConn (#3707) by @​veeceey
  • wantConnQueue zombie elements: Fixed zombie wantConn elements accumulation in wantConnQueue (#3680) by @​cyningsun
  • XADD/XTRIM approx flag: Fixed XADD and XTRIM to use = when approx is false (#3684) by @​ndyakov
  • Sentinel timeout retry: When connection to a sentinel times out, attempt to connect to other sentinels (#3654) by @​cxljs

... (truncated)

Commits
  • 90faf06 chore(release): update versions in deps (#3712)
  • bf8e8e3 chore(release): v9.18.0 (#3711)
  • a881cd4 fix(clone): nil pointer dereference in PubSub after WithTimeout() (#3710)
  • ee6e9db feat(otel): Add OpenTelemetry Native Metrics Support (#3637)
  • b53f2b0 feat(sch): MaintNotifications for ClusterClient (#3643)
  • f25343d chore(tests): Add comprehensive TLS tests and example (#3681)
  • 33ca5cb feat(commands): Add support for Redis HOTKEYS commands (#3695)
  • 34f4568 fix(conn): guard against nil MaintNotificationsConfig in initConn (#3707)
  • 2fc030f perf(options): perf Fuzz Test Go File (#3692)
  • 63ed1fd Add support for Redis Streams Idempotent Production (#3693)
  • Additional commits viewable in compare view

Updates gitlab.com/gitlab-org/api/client-go from 1.28.1 to 1.41.0

Release notes

Sourced from gitlab.com/gitlab-org/api/client-go's releases.

v1.41.0

1.41.0

🚀 Features

🔄 Other Changes

1.41.0 (2026-02-22)

Features

  • Add missing event toggles to Group Slack integration (a4e84a2)

v1.40.1

1.40.1

🐛 Bug Fixes

1.40.1 (2026-02-21)

v1.40.0

1.40.0

🚀 Features

🔄 Other Changes

1.40.0 (2026-02-21)

Features

... (truncated)

Changelog

Sourced from gitlab.com/gitlab-org/api/client-go's changelog.

1.41.0

🚀 Features

🔄 Other Changes

1.41.0 (2026-02-22)

Features

  • Add missing event toggles to Group Slack integration (a4e84a2)

1.40.1

🐛 Bug Fixes

1.40.1 (2026-02-21)

1.40.0

🚀 Features

🔄 Other Changes

1.40.0 (2026-02-21)

Features

  • Add visibility option to listgroupoptions (ca08a62)

1.39.0

... (truncated)

Commits
  • d6859c7 chore(release): 1.41.0 [skip ci]
  • 85ca807 Merge branch 'add-event-for-set-slack-integ' into 'main'
  • a4e84a2 feat: Add missing event toggles to Group Slack integration
  • a6f0e5e Merge branch 'renovate/buf.build-go-protovalidate-1.x' into 'main'
  • 4f7e5e8 chore(deps): update module buf.build/go/protovalidate to v1.1.3
  • a9fc28c chore(release): 1.40.1 [skip ci]
  • bc698b7 Merge branch 'add-missing-group-params' into 'main'
  • 2e9756b Add missing group API parameters to Go SDK structs
  • f0bcb35 chore(release): 1.40.0 [skip ci]
  • e70aeea Merge branch 'tv/2026-02/cli-oauth-confirmation-2' into 'main'
  • Additional commits viewable in compare view

Updates golang.org/x/oauth2 from 0.34.0 to 0.35.0

Commits

Updates k8s.io/apiextensions-apiserver from 0.34.0 to 0.35.1

Commits

Updates k8s.io/apimachinery from 0.34.0 to 0.35.1

Commits
  • 72d71ea Merge remote-tracking branch 'origin/master' into release-1.35
  • e2a2dbc Bump golang.org/x/crypto to v0.45.0
  • 2e9c228 Merge pull request #135131 from Dev1622/sig-storage/mock-expand-flake-fix
  • f274aac vendor: update vendor and license metadata after replacing BeTrue usage in cs...
  • 9445443 Resolve lint restriction on BeTrue by introducing Succeed() with contextual e...
  • 52154f7 Update vendored dependencies
  • 5a348c5 KEP-5471: Extend tolerations operators (#134665)
  • 6f89492 Merge pull request #133648 from richabanker/merged-discovery
  • c77dde2 util/sort: Add MergePreservingRelativeOrder for topological sorting
  • 729c13d Merge pull request #134624 from yt2985/podcertificates-beta
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Bump the go-dependencies group across 1 directory with 9 updates
ede95cc 
Bumps the go-dependencies group with 8 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [github.com/argoproj/argo-cd/v3](https://github.com/argoproj/argo-cd) | `3.3.0` | `3.3.2` |
| [github.com/argoproj/gitops-engine](https://github.com/argoproj/gitops-engine) | `0.7.1-0.20250908182407-97ad5b59a627` | `0.7.3` |
| [github.com/coreos/go-oidc/v3](https://github.com/coreos/go-oidc) | `3.14.1` | `3.17.0` |
| [github.com/go-chi/chi/v5](https://github.com/go-chi/chi) | `5.0.11` | `5.2.5` |
| [github.com/redis/go-redis/v9](https://github.com/redis/go-redis) | `9.14.1` | `9.18.0` |
| [gitlab.com/gitlab-org/api/client-go](https://gitlab.com/gitlab-org/api/client-go) | `1.28.1` | `1.41.0` |
| [golang.org/x/oauth2](https://github.com/golang/oauth2) | `0.34.0` | `0.35.0` |
| [k8s.io/apiextensions-apiserver](https://github.com/kubernetes/apiextensions-apiserver) | `0.34.0` | `0.35.1` |



Updates `github.com/argoproj/argo-cd/v3` from 3.3.0 to 3.3.2
- [Release notes](https://github.com/argoproj/argo-cd/releases)
- [Changelog](https://github.com/argoproj/argo-cd/blob/master/CHANGELOG.md)
- [Commits](argoproj/argo-cd@v3.3.0...v3.3.2)

Updates `github.com/argoproj/gitops-engine` from 0.7.1-0.20250908182407-97ad5b59a627 to 0.7.3
- [Commits](https://github.com/argoproj/gitops-engine/commits/v0.7.3)

Updates `github.com/coreos/go-oidc/v3` from 3.14.1 to 3.17.0
- [Release notes](https://github.com/coreos/go-oidc/releases)
- [Commits](coreos/go-oidc@v3.14.1...v3.17.0)

Updates `github.com/go-chi/chi/v5` from 5.0.11 to 5.2.5
- [Release notes](https://github.com/go-chi/chi/releases)
- [Changelog](https://github.com/go-chi/chi/blob/master/CHANGELOG.md)
- [Commits](go-chi/chi@v5.0.11...v5.2.5)

Updates `github.com/redis/go-redis/v9` from 9.14.1 to 9.18.0
- [Release notes](https://github.com/redis/go-redis/releases)
- [Changelog](https://github.com/redis/go-redis/blob/master/RELEASE-NOTES.md)
- [Commits](redis/go-redis@v9.14.1...v9.18.0)

Updates `gitlab.com/gitlab-org/api/client-go` from 1.28.1 to 1.41.0
- [Release notes](https://gitlab.com/gitlab-org/api/client-go/tags)
- [Changelog](https://gitlab.com/gitlab-org/api/client-go/blob/main/CHANGELOG.md)
- [Commits](https://gitlab.com/gitlab-org/api/client-go/compare/v1.28.1...v1.41.0)

Updates `golang.org/x/oauth2` from 0.34.0 to 0.35.0
- [Commits](golang/oauth2@v0.34.0...v0.35.0)

Updates `k8s.io/apiextensions-apiserver` from 0.34.0 to 0.35.1
- [Release notes](https://github.com/kubernetes/apiextensions-apiserver/releases)
- [Commits](kubernetes/apiextensions-apiserver@v0.34.0...v0.35.1)

Updates `k8s.io/apimachinery` from 0.34.0 to 0.35.1
- [Commits](kubernetes/apimachinery@v0.34.0...v0.35.1)

---
updated-dependencies:
- dependency-name: github.com/argoproj/argo-cd/v3
  dependency-version: 3.3.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go-dependencies
- dependency-name: github.com/argoproj/gitops-engine
  dependency-version: 0.7.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go-dependencies
- dependency-name: github.com/coreos/go-oidc/v3
  dependency-version: 3.17.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-dependencies
- dependency-name: github.com/go-chi/chi/v5
  dependency-version: 5.2.5
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-dependencies
- dependency-name: github.com/redis/go-redis/v9
  dependency-version: 9.18.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-dependencies
- dependency-name: gitlab.com/gitlab-org/api/client-go
  dependency-version: 1.41.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-dependencies
- dependency-name: golang.org/x/oauth2
  dependency-version: 0.35.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-dependencies
- dependency-name: k8s.io/apiextensions-apiserver
  dependency-version: 0.35.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-dependencies
- dependency-name: k8s.io/apimachinery
  dependency-version: 0.35.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot @github
Copy link
Author

dependabot bot commented on behalf of github Feb 23, 2026

Labels

The following labels could not be found: dependencies, go. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants