Update go updates

[renovate]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Change	Age	Confidence	Type	Update
github.com/cenkalti/backoff/v4	v4.3.0 → v5.0.3			indirect	major
github.com/docker/docker	v28.3.3+incompatible → v28.5.2+incompatible			indirect	minor
github.com/fxamacker/cbor/v2	v2.9.0 → v2.9.1			indirect	patch
github.com/go-openapi/jsonpointer	v0.21.2 → v0.22.5			indirect	minor
github.com/go-openapi/jsonreference	v0.21.0 → v0.21.5			indirect	patch
github.com/go-openapi/swag	v0.23.1 → v0.25.5			indirect	minor
github.com/google/gnostic-models	v0.7.0 → v0.7.1			indirect	patch
github.com/mailru/easyjson	v0.9.0 → v0.9.2			indirect	patch
go.opentelemetry.io/auto/sdk	v1.1.0 → v1.2.1			indirect	minor
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp	v0.62.0 → v0.67.0			indirect	minor
go.opentelemetry.io/otel	v1.37.0 → v1.43.0			indirect	minor
go.opentelemetry.io/otel/exporters/otlp/otlptrace	v1.37.0 → v1.43.0			indirect	minor
go.opentelemetry.io/otel/metric	v1.37.0 → v1.43.0			indirect	minor
go.opentelemetry.io/otel/trace	v1.37.0 → v1.43.0			indirect	minor
go.opentelemetry.io/proto/otlp	v1.7.1 → v1.10.0			indirect	minor
go.yaml.in/yaml/v2	v2.4.2 → v3.0.4			indirect	major
golang.org/x/net	v0.43.0 → v0.52.0			indirect	minor
golang.org/x/oauth2	v0.30.0 → v0.36.0			indirect	minor
golang.org/x/sys	v0.35.0 → v0.42.0			indirect	minor
golang.org/x/term	v0.34.0 → v0.41.0			indirect	minor
golang.org/x/text	v0.28.0 → v0.35.0			indirect	minor
golang.org/x/time	v0.12.0 → v0.15.0			indirect	minor
google.golang.org/protobuf	v1.36.8 → v1.36.11			indirect	patch
gopkg.in/evanphx/json-patch.v4	v4.12.0 → v5.9.11			indirect	major
k8s.io/api	v0.34.0 → v0.35.3			indirect	minor
k8s.io/apimachinery	v0.34.0 → v0.35.3			indirect	minor
k8s.io/client-go	v0.34.0 → v0.35.3			indirect	minor
k8s.io/klog/v2	v2.130.1 → v2.140.0			indirect	minor
k8s.io/kube-openapi	d7b6acb → 16be699			indirect	digest
k8s.io/utils	0af2bda → 28399d8			indirect	digest
sigs.k8s.io/structured-merge-diff/v6	v6.3.0 → v6.3.2			indirect	patch

---

Release Notes

cenkalti/backoff (github.com/cenkalti/backoff/v4)

v5.0.3

Compare Source

v5.0.2

Compare Source

v5.0.1

Compare Source

v5.0.0

Compare Source

docker/docker (github.com/docker/docker)

v28.5.2+incompatible

Compare Source

v28.5.1+incompatible

Compare Source

v28.5.0+incompatible

Compare Source

v28.4.0+incompatible

Compare Source

fxamacker/cbor (github.com/fxamacker/cbor/v2)

v2.9.1

Compare Source

This release includes important bugfixes, defensive checks, improved code quality, and more tests. Although not public, the fuzzer was also improved by adding more fuzz tests.

🐞 Bug fixes related to the keyasint feature

These changes only affect Go struct fields tagged with keyasint:

• [Decoding] Reject integer keys that exceed math.MaxInt64 when decoding CBOR map to a struct with keyasint field (PR #​757)
• [Decoding] Prevent string representation of an integer key from matching the struct field tagged by keyasint (PR #​757)
• [Encoding & Decoding] Deduplicate struct fields with the same normalized keyasint tag values (PR #​757)

🐞 Other bug fixes and defensive checks

Some of the bugs fixed are related to decoding extreme values that cannot be encoded with this library. For example, the decoder checks if epoch time encoded as CBOR float value representing hundreds of billions of years overflows int64(seconds).

NOTE: It is generally good practice to avoid using floating point to store epoch time (even when not using CBOR).

• [Decoding] Reject decoding epoch time encoded as floats that overflow int64 (PR #​753)
• [Encoding] Return a cloned slice for an empty RawMessage from RawMessage.MarshalCBOR (PR #​753)
• [Encoding] Reject encoding nil inside indefinite-length strings (PR #​750)
• [Diagnostic] Accept valid U+FFFD replacement character (PR #​753)

What's Changed

• 🆕 Add TimeMode encoding option TimeRFC3339NanoUTC by @​fxamacker in #​688
• Use actual negative zero in tests by @​makew0rld in #​708
• Reject encoding nil inside CBOR indefinite-length string by @​fxamacker in #​750
• Refactor and add tests by @​fxamacker in #​752
• Small bugfixes, defensive checks, and improvements by @​fxamacker in #​753
• Refactor parseMapToStruct(), getDecodingStructType(), getEncodingStructType(), and field struct by @​fxamacker in #​754
• Fix several issues related to keyasint tag option by @​fxamacker in #​757

CI / GitHub Actions and Docs

🔎 Details...

• Bump github/codeql-action from 3.29.2 to 3.29.4 by @​dependabot[bot] in #​690
• Bump github/codeql-action from 3.29.4 to 3.29.5 by @​dependabot[bot] in #​691
• Bump actions/checkout from 4.2.2 to 5.0.0 by @​dependabot[bot] in #​696
• Bump github/codeql-action from 3.29.7 to 3.29.9 by @​dependabot[bot] in #​697
• Bump github/codeql-action from 3.29.9 to 3.29.11 by @​dependabot[bot] in #​700
• Bump github/codeql-action from 3.29.11 to 3.30.0 by @​dependabot[bot] in #​702
• Bump actions/setup-go from 5.5.0 to 6.0.0 by @​dependabot[bot] in #​703
• Bump github/codeql-action from 3.30.0 to 3.30.3 by @​dependabot[bot] in #​706
• Bump github/codeql-action from 3.30.3 to 3.30.4 by @​dependabot[bot] in #​710
• Bump github/codeql-action from 3.30.4 to 3.30.6 by @​dependabot[bot] in #​712
• Bump github/codeql-action from 3.30.6 to 4.30.7 by @​dependabot[bot] in #​713
• Bump github/codeql-action from 4.30.7 to 4.30.8 by @​dependabot[bot] in #​716
• Bump github/codeql-action from 4.30.8 to 4.30.9 by @​dependabot[bot] in #​718
• Bump github/codeql-action from 4.30.9 to 4.31.2 by @​dependabot[bot] in #​720
• Bump github/codeql-action from 4.31.2 to 4.31.3 by @​dependabot[bot] in #​721
• Bump github/codeql-action from 4.31.3 to 4.31.4 by @​dependabot[bot] in #​724
• Bump actions/setup-go from 6.0.0 to 6.1.0 by @​dependabot[bot] in #​725
• Bump actions/checkout from 5.0.0 to 6.0.0 by @​dependabot[bot] in #​726
• Bump github/codeql-action from 4.31.4 to 4.31.5 by @​dependabot[bot] in #​727
• Bump github/codeql-action from 4.31.5 to 4.31.6 by @​dependabot[bot] in #​728
• Bump actions/checkout from 6.0.0 to 6.0.1 by @​dependabot[bot] in #​729
• Bump github/codeql-action from 4.31.6 to 4.31.8 by @​dependabot[bot] in #​732
• Bump github/codeql-action from 4.31.8 to 4.31.9 by @​dependabot[bot] in #​733
• Bump github/codeql-action from 4.31.9 to 4.31.10 by @​dependabot[bot] in #​738
• Bump actions/setup-go from 6.1.0 to 6.2.0 by @​dependabot[bot] in #​739
• Bump actions/checkout from 6.0.1 to 6.0.2 by @​dependabot[bot] in #​740
• Bump github/codeql-action from 4.31.10 to 4.32.0 by @​dependabot[bot] in #​742
• Bump github/codeql-action from 4.32.0 to 4.32.3 by @​dependabot[bot] in #​745
• Bump actions/setup-go from 6.2.0 to 6.3.0 by @​dependabot[bot] in #​746
• Bump github/codeql-action from 4.32.3 to 4.32.4 by @​dependabot[bot] in #​747
• Bump github/codeql-action from 4.32.4 to 4.32.6 by @​dependabot[bot] in #​748
• Bump github/codeql-action from 4.32.6 to 4.34.0 by @​dependabot[bot] in #​749
• Bump github/codeql-action from 4.34.0 to 4.34.1 by @​dependabot[bot] in #​751
• Update README status section by @​fxamacker in #​758

New Contributors

• @​makew0rld made their first contributihttps://github.com/fxamacker/cbor/pull/708ll/708

Full Changelog: fxamacker/cbor@v2.9.0...v2.9.1

go-openapi/jsonpointer (github.com/go-openapi/jsonpointer)

v0.22.5

Compare Source

0.22.5 - 2026-03-02

Full Changelog: go-openapi/jsonpointer@v0.22.4...v0.22.5

15 commits in this release.

---

Documentation

• doc: updated contributors file by @​bot-go-openapi[bot] in #​97 ...
• doc: announced new discord channel by @​fredbi in #​96 ...
• doc: updated contributors file by @​bot-go-openapi[bot] in #​92 ...

Code quality

• chore: doc, test, lint update by @​fredbi in #​105 ...

Miscellaneous tasks

• ci: upgraded bump-release workflow (new input format) by @​fredbi in #​106 ...
• ci: updated workflows by @​fredbi in #​95 ...
• chore: fixed missing license headers in new files by @​fredbi in #​94 ...
• ci: removed duplicate workflow remaining after refactoring by @​fredbi in #​93 ...

Updates

• chore(deps): bump github.com/go-openapi/testify/v2 from 2.3.0 to 2.4.0 in the go-openapi-dependencies group by @​dependabot[bot] in #​104 ...
• chore(deps): bump github.com/go-openapi/testify/v2 from 2.2.0 to 2.3.0 in the go-openapi-dependencies group by @​dependabot[bot] in #​102 ...
• chore(deps): bump the development-dependencies group with 7 updates by @​dependabot[bot] in #​103 ...
• chore(deps): bump the development-dependencies group with 7 updates by @​dependabot[bot] in #​101 ...
• chore(deps): bump github.com/go-openapi/testify/v2 from 2.1.8 to 2.2.0 in the go-openapi-dependencies group by @​dependabot[bot] in #​100 ...
• chore(deps): bump github.com/go-openapi/testify/v2 from 2.0.2 to 2.1.8 in the go-openapi-dependencies group by @​dependabot[bot] in #​98 ...
• chore(deps): bump the development-dependencies group with 7 updates by @​dependabot[bot] in #​99 ...

---

People who contributed to this release

• @​bot-go-openapi[bot]
• @​fredbi

---

New Contributors

• @​bot-go-openapi[bot] made their first contribution
  in #​97

---

jsonpointer license terms

v0.22.4

Compare Source

0.22.4 - 2025-12-06

Full Changelog: go-openapi/jsonpointer@v0.22.3...v0.22.4

1 commits in this release.

---

Miscellaneous tasks

• ci: aligned CI to use shared workflows by @​fredbi in #​91 ...

---

People who contributed to this release

• @​fredbi

---

jsonpointer license terms

v0.22.3

Compare Source

0.22.3 - 2025-11-17

Full Changelog: go-openapi/jsonpointer@v0.22.2...v0.22.3

8 commits in this release.

---

Documentation

• doc: updated contributors file by @​github-actions[bot] in #​76 ...
• doc: automated a record of all-time contributors by @​fredbi in #​75 ...
• doc: release badge in README by @​fredbi in #​73 ...

Code quality

• docs: added maintainer's doc and style guide by @​fredbi in #​77 ...
• doc: improved documentation by @​fredbi in #​70 ...
• chore(lint): more linting by @​fredbi in #​71 ...

Miscellaneous tasks

• test: added tests for edge cases by @​fredbi in #​74 ...
• ci: run fuzz test in ci by @​fredbi in #​72 ...

---

People who contributed to this release

• @​fredbi
• @​github-actions[bot]

---

New Contributors

• @​github-actions[bot] made their first contribution
  in #​76

---

jsonpointer license terms

v0.22.2

Compare Source

0.22.2 - 2025-11-14

Full Changelog: go-openapi/jsonpointer@v0.22.1...v0.22.2

12 commits in this release.

---

Documentation

• ci: fixed typo by @​fredbi ...
• docs: fixed typo in NOTICE by @​fredbi in #​62 ...
• Licensing: added NOTICE by @​fredbi in #​61 ...

Code quality

• chore(lint): code quality by @​fredbi in #​64 ...

Testing

• test: added fuzz test for parsing by @​fredbi in #​69 ...
• test: improved test coverage by @​fredbi in #​68 ...

Miscellaneous tasks

• ci: fixed sarif file by @​fredbi ...
• chore(deps): removed indirect test dependencies by @​fredbi in #​60 ...

Security

• ci: added govulscan security scanner tool by @​fredbi in #​67 ...
• doc: added examples to document simple use cases by @​fredbi in #​65 ...
• ci: added workflows by @​fredbi in #​63 ...

Updates

• chore(deps): bump the development-dependencies group with 5 updates by @​dependabot[bot] in #​66 ...

---

People who contributed to this release

• @​fredbi

---

jsonpointer license terms

v0.22.1

Compare Source

v0.22.0

Compare Source

go-openapi/jsonreference (github.com/go-openapi/jsonreference)

v0.21.5

Compare Source

0.21.5 - 2026-03-02

Full Changelog: go-openapi/jsonreference@v0.21.4...v0.21.5

14 commits in this release.

---

Documentation

• doc: updated contributors file by @​bot-go-openapi[bot] in #​71 ...
• doc: announced new discord channel by @​fredbi in #​70 ...
• doc: added basic usage in readme and testable examples by @​fredbi in #​69 ...
• doc: fixed copy-paste errors with jsonpointer by @​fredbi in #​67 ...

Code quality

• chore: doc, lint, tests by @​fredbi in #​79 ...

Testing

• test: added fuzz test for reference parser by @​fredbi in #​68 ...

Miscellaneous tasks

• ci: remove duplicate release worflow by @​fredbi in #​66 ...

Updates

• build(deps): bump the development-dependencies group with 7 updates by @​dependabot[bot] in #​78 ...
• build(deps): bump the development-dependencies group with 7 updates by @​dependabot[bot] in #​76 ...
• build(deps): bump github.com/go-openapi/testify/v2 from 2.1.8 to 2.2.0 in the go-openapi-dependencies group by @​dependabot[bot] in #​75 ...
• build(deps): bump github.com/go-openapi/testify/v2 from 2.1.1 to 2.1.8 in the go-openapi-dependencies group by @​dependabot[bot] in #​74 ...
• build(deps): bump the development-dependencies group with 7 updates by @​dependabot[bot] in #​73 ...
• build(deps): bump github.com/go-openapi/testify/v2 from 2.0.2 to 2.1.1 in the go-openapi-dependencies group by @​dependabot[bot] in #​72 ...
• build(deps): bump the development-dependencies group with 7 updates by @​dependabot[bot] in #​65 ...

---

People who contributed to this release

• @​fredbi

---

jsonreference license terms

v0.21.4

Compare Source

0.21.4 - 2025-12-08

Full Changelog: go-openapi/jsonreference@v0.21.3...v0.21.4

1 commits in this release.

---

Documentation

• doc: updated contributors file by @​bot-go-openapi[bot] in #​64 ...

---

People who contributed to this release

• @​bot-go-openapi[bot]

---

New Contributors

• @​bot-go-openapi[bot] made their first contribution
  in #​64

---

jsonreference license terms

v0.21.3

Compare Source

v0.21.2

Compare Source

v0.21.1

Compare Source

go-openapi/swag (github.com/go-openapi/swag)

v0.25.5

Compare Source

0.25.5 - 2026-03-02

Full Changelog: go-openapi/swag@v0.25.4...v0.25.5

16 commits in this release.

---

Documentation

• doc: updated contributors file by @​bot-go-openapi[bot] in #​177 ...

Code quality

• Doc/discord invite by @​fredbi in #​180 ...

Testing

• test: upgraded tests to use generics by @​fredbi in #​176 ...
• test: upgraded to go-openapi/testify@​v2.3.0 by @​fredbi in #​175 ...

Miscellaneous tasks

• chore: prepare release v0.25.5 by @​bot-go-openapi[bot] in #​181 ...
• ci: updated ci workflows by @​fredbi in #​179 ...
• ci: upgraded shared workflows (fixed secret propagation, fuzz matrix) by @​fredbi in #​174 ...
• ci: upgraded shared workflows (fixes mono-repo releases) by @​fredbi in #​173 ...

Updates

• build(deps): bump the go-openapi-dependencies group across 15 directories with 2 updates by @​dependabot[bot] in #​178 ...
• build(deps): bump the development-dependencies group across 2 directories with 1 update by @​dependabot[bot] in #​172 ...
• build(deps): bump the development-dependencies group across 2 directories with 1 update by @​dependabot[bot] in #​170 ...
• build(deps): bump the development-dependencies group across 2 directories with 1 update by @​dependabot[bot] in #​168 ...
• build(deps): bump the development-dependencies group across 2 directories with 2 updates by @​dependabot[bot] in #​167 ...
• build(deps): bump the development-dependencies group across 2 directories with 1 update by @​dependabot[bot] in #​166 ...
• build(deps): bump the development-dependencies group across 2 directories with 2 updates by @​dependabot[bot] in #​165 ...
• build(deps): bump the development-dependencies group across 2 directories with 1 update by @​dependabot[bot] in #​164 ...

---

People who contributed to this release

• @​fredbi

---

New Contributors

---

swag license terms

Per-module changes

---

cmdutils (0.25.5)

Testing

• test: upgraded to go-openapi/testify@​v2.3.0 by @​fredbi in #​175 ...

---

conv (0.25.5)

Testing

• test: upgraded tests to use generics by @​fredbi in #​176 ...
• test: upgraded to go-openapi/testify@​v2.3.0 by @​fredbi in #​175 ...

Miscellaneous tasks

• chore: prepare release v0.25.5 by @​bot-go-openapi[bot] in #​181 ...

Updates

• build(deps): bump the go-openapi-dependencies group across 15 directories with 2 updates by @​dependabot[bot] in #​178 ...

---

fileutils (0.25.5)

Testing

• test: upgraded tests to use generics by @​fredbi in #​176 ...
• test: upgraded to go-openapi/testify@​v2.3.0 by @​fredbi in #​175 ...

Updates

• build(deps): bump the go-openapi-dependencies group across 15 directories with 2 updates by @​dependabot[bot] in #​178 ...

---

jsonname (0.25.5)

Testing

• test: upgraded tests to use generics by @​fredbi in #​176 ...
• test: upgraded to go-openapi/testify@​v2.3.0 by @​fredbi in #​175 ...

Updates

• build(deps): bump the go-openapi-dependencies group across 15 directories with 2 updates by @​dependabot[bot] in #​178 ...

---

jsonutils/adapters/easyjson (0.25.5)

Testing

• test: upgraded to go-openapi/testify@​v2.3.0 by @​fredbi in #​175 ...

Miscellaneous tasks

• chore: prepare release v0.25.5 by @​bot-go-openapi[bot] in #​181 ...

Updates

• build(deps): bump th

---

Configuration

📅 Schedule: Branch creation - Between 12:00 AM and 03:59 AM, only on Monday ( * 0-3 * * 1 ) (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[renovate]

ℹ️ Artifact update notice

File name: go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

• The go directive was updated for compatibility reasons

Details:

Package	Change
go	1.24.3 -> 1.25.0