Update Go Dependencies

[red-hat-konflux]

This PR contains the following updates:

Package	Type	Update	Change
github.com/containerd/stargz-snapshotter/estargz	indirect	minor	v0.16.3 -> v0.17.0
github.com/go-chi/cors	require	patch	v1.2.1 -> v1.2.2
github.com/go-sql-driver/mysql	require	patch	v1.9.1 -> v1.9.3
github.com/google/go-containerregistry	require	patch	v0.20.3 -> v0.20.6
github.com/letsencrypt/boulder	indirect	minor	v0.0.0-20240620165639-de9c06129bec -> v0.20250929.0
github.com/oapi-codegen/runtime	require	patch	v1.1.1 -> v1.1.2
github.com/rogpeppe/go-internal	indirect	minor	v1.13.1 -> v1.14.1
github.com/secure-systems-lab/go-securesystemslib	indirect	patch	v0.9.0 -> v0.9.1
github.com/sigstore/protobuf-specs	indirect	minor	v0.4.1 -> v0.5.0
github.com/sigstore/sigstore	indirect	patch	v1.9.4 -> v1.9.5
github.com/sigstore/sigstore-go	require	minor	v1.0.0 -> v1.1.3
go.uber.org/atomic	indirect	minor	v1.7.0 -> v1.11.0
golang.org/x/crypto	indirect	minor	v0.39.0 -> v0.42.0
golang.org/x/sync	indirect	minor	v0.15.0 -> v0.17.0
golang.org/x/sys	indirect	minor	v0.33.0 -> v0.36.0
golang.org/x/term	indirect	minor	v0.32.0 -> v0.35.0
google.golang.org/genproto/googleapis/api	indirect	digest	f936aa4 -> 57b25ae
google.golang.org/genproto/googleapis/rpc	indirect	digest	513f239 -> 57b25ae

---

Warning

Some dependencies could not be looked up. Check the warning logs for more information.

---

Release Notes

containerd/stargz-snapshotter (github.com/containerd/stargz-snapshotter/estargz)

v0.17.0

Compare Source

Notable Changes

• New features
  • Added support for FUSE passthourgh (#​1868, #​1870, #​1874, #​1876, #​1881, #​1923, #​1987, #​2012, #​2045, #​2068), thanks to @​wswsmao
  • Added support for detaching FUSE server as a separated processs (FUSE manager), thanks to @​wswsmao (#​1892, #​1912, #​1905) and @​ilyee (#​1892)
  • Expanded support for graceful restarting of Stargz Snapshotter (#​2077)
  • Added arm64 KIND node image (ghcr.io/containerd/stargz-snapshotter:0.17.0-kind) (#​1983)
• Fixes and changes
  • Set maximum filename length to 255 bytes (#​2024), thanks to @​wswsmao
  • Fixed EOPNOTSUPP issue on getdents64 (#​2063), thanks to @​wswsmao
  • Fixed TTLCache failed to release resources on exit (#​2076)
  • Fixed the configuration and docs to prevent GC failures in CRI plugin (#​1893)
  • Refactored blob manipulation logic to make it more modular (#​1955), thanks to @​ChengyuZhu6
  • Fix zstd:chunked converter error on duplicated blobs (#​1885), thanks to @​apostasie
• Document updates
  • Added docs about how to use Stargz Snapshotter on Lima (#​1967)
  • Added docs about how to use Stargz Snapshotter with Transfer Service (#​2084)
  • Improved legibility in docs/overview.md (#​2061), thanks to @​soulshake
• CI updates
  • Added tests for wider configrations (FUSE passthrough and FUSE manager) (#​2074, #​2083, #​1914)
  • Fixed dependabot's configuration to avoid CI failures in gomod PRs (#​1920, #​1941), thanks to @​djdongjin
  • Bump up containerd/project-checks to v1.2.2 (#​2004), thanks to @​wswsmao
• Dependencies
  • Replace harshicorp/multierror with errors.Join (#​1921), thanks to @​djdongjin
  • Bump up Kubernetes to v1.33 (#​2078)
  • go.mod dependency updates (#​1936, #​1942), thanks to @​thaJeztah

For other changes, refer to the full diff: containerd/stargz-snapshotter@v0.16.3...v0.17.0

go-chi/cors (github.com/go-chi/cors)

v1.2.2

Compare Source

What's Changed

• Update README with install by @​Uyutaka in #​22
• Fix broken credits link by @​lordidiot in #​25
• fix test_default error message #​28 by @​ablankz in #​29
• Update Go version in CI by @​VojtechVitek in #​32
• Fix Origin header check by @​c2h5oh in #​38

New Contributors

• @​Uyutaka made their first contribution in #​22
• @​lordidiot made their first contribution in #​25
• @​ablankz made their first contribution in #​29
• @​VojtechVitek made their first contribution in #​32
• @​c2h5oh made their first contribution in #​38

Full Changelog: go-chi/cors@v1.2.1...v1.2.2

go-sql-driver/mysql (github.com/go-sql-driver/mysql)

v1.9.3

Compare Source

What's Changed

• [1.9] test stability improvement. by @​methane in #​1699
• [1.9] Transaction Commit/Rollback returns conn's cached error by @​methane in #​1702
• backport benchmark_test by @​methane in #​1706
• [1.9] optimize readPacket (#​1705) by @​methane in #​1707
• [1.9] fix PING on compressed connections by @​methane in #​1723
• release v1.9.3 by @​methane in #​1725

Full Changelog: go-sql-driver/mysql@v1.9.2...v1.9.3

v1.9.2

Compare Source

v1.9.2 is a re-release of v1.9.1 due to a release process issue; no changes were made to the content.

google/go-containerregistry (github.com/google/go-containerregistry)

v0.20.6

Compare Source

What's Changed

• Ensure that tag name is not empty if name contains colon by @​SaschaSchwarze0 in #​2094
• Bump some deps by @​jonjohnsonjr in #​2110

New Contributors

• @​SaschaSchwarze0 made their first contribution in #​2094

Full Changelog: google/go-containerregistry@v0.20.4...v0.20.6

v0.20.5

Compare Source

What's Changed

• build(deps): bump docker/docker to v28.0.0+incompatible by @​luhring in #​2071
• Migrate linter to v2 by @​Subserial in #​2096
• bump go version + bump deps by @​Subserial in #​2093
• implement TextMarshaler/JSONMarshaler more consistently by @​imjasonh in #​2097
• Update CodeQL permissions by @​Subserial in #​2103
• Update goreleaser permissions by @​Subserial in #​2104
• Update provenance action in release by @​Subserial in #​2105
• Update validator action by @​Subserial in #​2106

New Contributors

• @​luhring made their first contribution in #​2071
• @​Subserial made their first contribution in #​2096

Full Changelog: google/go-containerregistry@v0.20.3...v0.20.5

v0.20.4: - Not usable as a go module

Compare Source

🚨 This release was published to the Go module proxy and then re-tagged with a different commit. This means it's not usable as a Go module (#​2107) -- please us v0.20.5 instead.

What's Changed

• build(deps): bump docker/docker to v28.0.0+incompatible by @​luhring in #​2071
• Migrate linter to v2 by @​Subserial in #​2096
• bump go version + bump deps by @​Subserial in #​2093
• implement TextMarshaler/JSONMarshaler more consistently by @​imjasonh in #​2097
• Update CodeQL permissions by @​Subserial in #​2103
• Update goreleaser permissions by @​Subserial in #​2104
• Update provenance action in release by @​Subserial in #​2105
• Update validator action by @​Subserial in #​2106

New Contributors

• @​luhring made their first contribution in #​2071
• @​Subserial made their first contribution in #​2096

Full Changelog: google/go-containerregistry@v0.20.3...v0.20.4

letsencrypt/boulder (github.com/letsencrypt/boulder)

v0.20250929.0

Compare Source

What's Changed

• CA: Stop using OCSP status NotReady by @​aarongable in #​8394
• Remove support for temporally-sharded CRLs by @​aarongable in #​8400
• wfe: Permit Transfer-Encoding: chunked HTTP request bodies by @​benburkert in #​8403
• build(deps): bump the aws group with 4 updates by @​dependabot[bot] in #​8392
• Use GetRevocationStatus instead of GetCertificateStatus by @​aarongable in #​8402
• Start accepting a new log checksum format by @​mcpherrinm in #​8413

New Contributors

• @​benburkert made their first contribution in #​8403

Full Changelog: letsencrypt/boulder@v0.20250922.0...v0.20250929.0

v0.20250922.0

Compare Source

What's Changed

• Remove '-tags "integration"' from build by @​jsha in #​8383
• feat: Support for dns-account-01 Challenge by @​sheurich in #​8149
• test: Work around integration failures & flake by @​jprenken in #​8393
• Delete akamai-purger by @​aarongable in #​8352
• Upload releases to GHCR by @​jprenken in #​8386
• Move //revocation/reasons.go into the post-OCSP world by @​aarongable in #​8355
• Remove "ocsp-response" Ceremony type by @​aarongable in #​8396
• Ceremony: remove support for AIA OCSP URIs by @​aarongable in #​8397
• issuance: Remove last vestiges of OCSP support by @​aarongable in #​8398
• Recognize, but do not process, issuevmc CAA tags by @​BartG95 in #​8374
• Fix location of release.md by @​pgporada in #​8404

New Contributors

• @​BartG95 made their first contribution in #​8374

Full Changelog: letsencrypt/boulder@v0.20250908.0...v0.20250922.0

v0.20250908.0

Compare Source

What's Changed

• Upgrade to latest publicsuffix-go by @​mcpherrinm in #​8376
• sfe: Export emails to mailing list at submission time by @​beautifulentropy in #​8378
• sfe: Periodically import approved rate limit override tickets by @​beautifulentropy in #​8372
• build(deps): bump docker/login-action from 3.4.0 to 3.5.0 by @​dependabot[bot] in #​8375

Full Changelog: letsencrypt/boulder@v0.20250902.0...v0.20250908.0

v0.20250902.0

Compare Source

What's Changed

• test: Enable optional coverage reporting by @​akshithg in #​8306
• sfe: Add rate limit override request portal Web UI and endpoints by @​beautifulentropy in #​8365
• Run go's modernize tool by @​mcpherrinm in #​8371
• sfe: Add per IP rate limits to the overrides request form submissions by @​beautifulentropy in #​8366

New Contributors

• @​akshithg made their first contribution in #​8306

Full Changelog: letsencrypt/boulder@v0.20250825.0...v0.20250902.0

v0.20250825.0

Compare Source

What's Changed

• test: rewrite CAA integration test in Go by @​jsha in #​8340
• test: Remove go1.24.x by @​beautifulentropy in #​8364
• RA: remove dependency on akamai-purger by @​aarongable in #​8353
• CA: delete GenerateOCSP method by @​aarongable in #​8351
• Ceremony: allow CRL ceremonies to skip certain lints by @​aarongable in #​8368
• sfe/zendesk: Add support for status to Zendesk client by @​beautifulentropy in #​8367

Full Changelog: letsencrypt/boulder@v0.20250819.0...v0.20250825.0

v0.20250819.0

Compare Source

What's Changed

• Add --generate-notes flag to gh release create by @​mcpherrinm in #​8337
• admin: Add tooling to support rate limit overrides in the database by @​beautifulentropy in #​8281
• Remove GO111MODULE and GOFLAGS. by @​jsha in #​8333
• Add tool to generate, verify, and output a list of CRLDPs by @​aarongable in #​8329
• Build Boulder in a container for release by @​jsha in #​8331
• Restrict permissions of merged-to-main workflow by @​aarongable in #​8347
• sfe/zendesk: Add a Zendesk API client implementation by @​beautifulentropy in #​8320
• grpc: remove serverIPAddresses config option by @​jsha in #​8339
• Remove ocsp-responder by @​aarongable in #​8344
• Remove python integration test in-the-past scaffolding by @​aarongable in #​8086
• go: Add go1.25.0 to the test suite by @​beautifulentropy in #​8357
• sfe/test: Configure SFE to use a zendesk-test-srv by @​beautifulentropy in #​8354
• RA: delete GenerateOCSP method by @​aarongable in #​8350
• Remove Boulder's understanding of FAKECLOCK by @​aarongable in #​8356

Full Changelog: letsencrypt/boulder@v0.20250812.0...v0.20250819.0

v0.20250812.0

Compare Source

v0.20250805.0

Compare Source

v0.20250728.0

Compare Source

v0.20250721.0

Compare Source

v0.20250714.0

Compare Source

v0.20250707.0

Compare Source

v0.20250701.0

Compare Source

oapi-codegen/runtime (github.com/oapi-codegen/runtime)

v1.1.2: : fixes for maps and x-go-type-skip-optional-pointer

Compare Source

🐛 Bug fixes

• Fix #​70: Use %w formatting directives when fmt.Error'ing an error. (#​71) @​constantoine
• Fix BindQueryParameter for optional parameters (#​48) @​TelpeNight
• fix: make BindQueryParameter play along with x-go-type-skip-optional-pointer (#​47) @​swistakm
• fix: correctly handle maps with different value types when binding (#​38) @​andnow873

👻 Maintenance

• docs(sponsors): add FUNDING.yml (#​46) @​jamietanna
• Simplify CI build matrix + build against Go 1.22 (#​33) @​jamietanna

📦 Dependency updates

• chore(deps): pin dependencies (#​63) @​renovate

Sponsors

We would like to thank our sponsors for their support during this release.

rogpeppe/go-internal (github.com/rogpeppe/go-internal)

v1.14.1

Compare Source

What's Changed

• testscript: remove temp dirs when finishing once again by @​mvdan in #​290

Full Changelog: rogpeppe/go-internal@v1.14.0...v1.14.1

v1.14.0

Compare Source

What's Changed

• Bump Go dependencies by @​lucacome in #​266
• diff,misspell: fix typos in comments by @​alexandear in #​282
• testscript: phase out func() int in RunMain by @​mvdan in #​281
• add Go 1.24.x, drop 1.22.x by @​mvdan in #​288

New Contributors

• @​lucacome made their first contribution in #​266
• @​alexandear made their first contribution in #​282

Full Changelog: rogpeppe/go-internal@v1.13.1...v1.14.0

secure-systems-lab/go-securesystemslib (github.com/secure-systems-lab/go-securesystemslib)

v0.9.1

Compare Source

sigstore/protobuf-specs (github.com/sigstore/protobuf-specs)

v0.5.0

Compare Source

Added

• Introduce v0.2 TrustedRoot, un-deprecate log ID. Checkpoint key ID and
  Operator for TrustedRoot are only set for v0.2 TrustedRoot.
  (#​690)

Changed

• Remove service-proto codegen for Go
  (#​676)

v0.4.3

Compare Source

v0.4.2

Compare Source

sigstore/sigstore (github.com/sigstore/sigstore)

v1.9.5

Compare Source

What's Changed

• Add context from opts to Azure signer in #​2070
• add RWMutex around providerMap to protect concurrent ops in #​2077

Full Changelog: sigstore/sigstore@v1.9.4...v1.9.5

sigstore/sigstore-go (github.com/sigstore/sigstore-go)

v1.1.3

Compare Source

What's Changed

• Set user agent for TUF and Rekor v2 clients in #​525

Full Changelog: sigstore/sigstore-go@v1.1.2...v1.1.3

v1.1.2

Compare Source

What's Changed

• Allow no timestamps to be provided when verifying a key in #​510
• Support other key algorithms for Rekor v2 in #​520

Full Changelog: sigstore/sigstore-go@v1.1.1...v1.1.2

v1.1.1

Compare Source

What's Changed

• Make conformance compatible with rekor v2 in #​505
• Update GetSigningConfig to use signing_config.v0.2.json in #​506
• Refactor SelectService to return Service rather than URL, add supported API versions in #​503
• Remove noisy log message in #​507

Full Changelog: sigstore/sigstore-go@v1.1.0...v1.1.1

v1.1.0

Compare Source

sigstore-go v1.1.0 introduces support for Rekor v2, a redesigned and modernized transparency log that's cheaper to operate, easier to scale, and simpler to maintain.

What's Changed

• Error Wrapping in TUF by @​lukehinds in #​482
• Avoid naked errors from other modules by @​kommendorkapten in #​484
• Added a parameter to the TUF options for live refresh. by @​kommendorkapten in #​485
• Add end to end tests by @​cmurphy in #​489
• Fail SigstoreTimestampingAuthority Verify early with nil Root by @​dmitris in #​490
• Add support for Rekor V2 for signing and verification by @​cmurphy in #​481
• Allow public keys to sign hashedrekord by @​cmurphy in #​497
• Add support for operator in SigningConfig by @​haydentherapper in #​494
• Add MarshalJSON to SigningConfig, fix marshaling bug by @​haydentherapper in #​498
• Select highest API version for SigningConfig services always by @​haydentherapper in #​499

Full Changelog: sigstore/sigstore-go@v1.0.0...v1.1.0

uber-go/atomic (go.uber.org/atomic)

v1.11.0

Compare Source

Fixed

• Fix Swap and CompareAndSwap for Value wrappers without initialization.

Added

• Add String method to atomic.Pointer[T] type allowing users to safely print
  underlying values of pointers.

v1.10.0

Compare Source

Added

• Add atomic.Float32 type for atomic operations on float32.
• Add CompareAndSwap and Swap methods to atomic.String, atomic.Error,
  and atomic.Value.
• Add generic atomic.Pointer[T] type for atomic operations on pointers of any
  type. This is present only for Go 1.18 or higher, and is a drop-in for
  replacement for the standard library's sync/atomic.Pointer type.

Changed

• Deprecate CAS methods on all types in favor of corresponding
  CompareAndSwap methods.

Thanks to @​eNV25 and @​icpd for their contributions to this release.

v1.9.0

Compare Source

Added

• Add Float64.Swap to match int atomic operations.
• Add atomic.Time type for atomic operations on time.Time values.

v1.8.0

Compare Source

Added

• Add atomic.Uintptr type for atomic operations on uintptr values.
• Add atomic.UnsafePointer type for atomic operations on unsafe.Pointer values.

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

To execute skipped test pipelines write comment /ok-to-test.

This PR has been generated by MintMaker (powered by Renovate Bot).

[red-hat-konflux]

ℹ Artifact update notice

File name: go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

• 6 additional dependencies were updated
• The go directive was updated for compatibility reasons

Details:

Package	Change
go	1.23.0 -> 1.25.0
github.com/go-chi/chi/v5	v5.2.1 -> v5.2.3
github.com/theupdateframework/go-tuf/v2	v2.1.1 -> v2.2.0
github.com/cenkalti/backoff/v5	v5.0.2 -> v5.0.3
github.com/go-jose/go-jose/v4	v4.0.5 -> v4.1.2
google.golang.org/grpc	v1.73.0 -> v1.75.0
google.golang.org/protobuf	v1.36.6 -> v1.36.9