fix(deps): update all non-major gomod dependencies

[red-hat-konflux]

This PR contains the following updates:

Package	Change	Age	Confidence
github.com/Masterminds/semver/v3	v3.2.1 -> v3.4.0
github.com/cenkalti/backoff/v4	v4.1.3 -> v4.3.0
github.com/cespare/xxhash/v2	v2.1.2 -> v2.3.0
github.com/fatih/color	v1.13.0 -> v1.18.0
github.com/golang-jwt/jwt/v4	v4.5.0 -> v4.5.2
github.com/golang/glog	v1.0.0 -> v1.2.5
github.com/golang/protobuf	v1.5.2 -> v1.5.4
github.com/google/uuid	v1.3.0 -> v1.6.0
github.com/gorilla/css	v1.0.0 -> v1.0.1
github.com/mattn/go-colorable	v0.1.13 -> v0.1.14
github.com/mattn/go-isatty	v0.0.16 -> v0.0.20
github.com/matttproud/golang_protobuf_extensions	v1.0.2 -> v1.0.4
github.com/microcosm-cc/bluemonday	v1.0.21 -> v1.0.27
github.com/nwidger/jsoncolor	v0.3.1 -> v0.3.2
github.com/openshift-online/ocm-cli	v0.1.66 -> v0.1.76
github.com/openshift-online/ocm-sdk-go	v0.1.338 -> v0.1.485
github.com/prometheus/client_golang	v1.13.0 -> v1.23.2
github.com/prometheus/client_model	v0.2.0 -> v0.6.2
github.com/prometheus/common	v0.37.0 -> v0.67.4
github.com/prometheus/procfs	v0.8.0 -> v0.19.2
github.com/spf13/cobra	v1.7.0 -> v1.10.1
github.com/spf13/pflag	v1.0.5 -> v1.0.10
golang.org/x/net	v0.7.0 -> v0.47.0
golang.org/x/sys	v0.5.0 -> v0.38.0
golang.org/x/term	v0.5.0 -> v0.37.0
golang.org/x/text	v0.7.0 -> v0.31.0
google.golang.org/protobuf	v1.28.1 -> v1.36.10

---

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

---

Release Notes

Masterminds/semver (github.com/Masterminds/semver/v3)

v3.4.0

Compare Source

There are a few changes in this release to highlight:

1. Constraints now has a property IncludePrerelease. When set to true the Check and Validate methods will include prereleases.
2. When an AND group has one constraint with a prerelease but more than one constraint then prereleases will be included. For example, >1.0.0-beta.1 < 2. In the past this would not have included prereleases because each constraint needed to have a prerelease. Now, only one constraint needs to have a prerelease. This is considered a long standing bug fix. Note, this does not carry across OR groups. For example, >1.0.0-beta.1 < 2 || > 3. In this case, prereleases will not be included when evaluating against >3.
3. NewVersion coercion with leading "0"'s is restored. This can be disabled by setting the package level property CoerceNewVersion to false.

What's Changed

• fix the CodeQL link by @​dmitris in #​257
• Restore detailed errors when failed to parse with NewVersion by @​mattfarina in #​262
• updating go version tested with by @​mattfarina in #​263
• Restore the ability to have leading 0's with NewVersion by @​mattfarina in #​266
• Handle pre-releases on all in an and group by @​mattfarina in #​267
• Add property to include prereleases by @​mattfarina in #​268
• Updating the error message handling by @​mattfarina in #​269
• Update the release notes and readme for new version by @​mattfarina in #​270

New Contributors

• @​dmitris made their first contribution in #​257

Full Changelog: Masterminds/semver@v3.3.1...v3.4.0

v3.3.1

Compare Source

What's Changed

• Fix for allowing some version that were invalid by @​mattfarina in #​253

Full Changelog: Masterminds/semver@v3.3.0...v3.3.1

v3.3.0

Compare Source

What's Changed

• Fix: bad package in README by @​sdelicata in #​226
• Updating the GitHub Actions and versions of Go used by @​mattfarina in #​229
• Fix spelling in README by @​robinschneider in #​222
• Adding go build cache to fuzz output by @​mattfarina in #​232
• Add caching to fuzz testing by @​mattfarina in #​234
• updating github actions by @​mattfarina in #​235
• feat: nil version equality by @​KnutZuidema in #​213
• add >= and <= by @​grosser in #​238
• doc: hyphen range constraint without whitespace by @​johnnychen94 in #​216
• Removing reference to vert by @​mattfarina in #​245
• simplify StrictNewVersion by @​grosser in #​241
• Updating the testing version of Go used by @​mattfarina in #​246
• bumping min version in go.mod based on what's tested by @​mattfarina in #​248
• Updating changelog for 3.3.0 by @​mattfarina in #​249

New Contributors

• @​sdelicata made their first contribution in #​226
• @​robinschneider made their first contribution in #​222
• @​KnutZuidema made their first contribution in #​213
• @​grosser made their first contribution in #​238
• @​johnnychen94 made their first contribution in #​216

Full Changelog: Masterminds/semver@v3.2.1...v3.3.0

cenkalti/backoff (github.com/cenkalti/backoff/v4)

v4.3.0

Compare Source

v4.2.1

Compare Source

v4.2.0

Compare Source

cespare/xxhash (github.com/cespare/xxhash/v2)

v2.3.0

Compare Source

v2.2.0

Compare Source

fatih/color (github.com/fatih/color)

v1.18.0

Compare Source

What's Changed

• Add RGB API support by @​fatih in #​225
• Bump GitHub workflow actions by @​deining in #​235
• Bump golang.org/x/sys from 0.18.0 to 0.24.0 by @​dependabot in #​236
• Bump golang.org/x/sys from 0.24.0 to 0.25.0 by @​dependabot in #​237

New Contributors

• @​deining made their first contribution in #​235

Full Changelog: fatih/color@v1.17.0...v1.18.0

v1.17.0

Compare Source

What's Changed

• Fix multi-parameter println spacing by @​klauspost in #​228
• ci: update Go and Staticcheck versions by @​fatih in #​222
• Bump golang.org/x/sys from 0.14.0 to 0.17.0 by @​dependabot in #​221
• Bump actions/setup-go from 4 to 5 by @​dependabot in #​217
• Bump golang.org/x/sys from 0.17.0 to 0.18.0 by @​dependabot in #​224

New Contributors

• @​klauspost made their first contribution in #​228

Full Changelog: fatih/color@v1.16.0...v1.17.0

v1.16.0

Compare Source

What's Changed

• Update dependabot.yml by @​ilyabrin in #​200
• color: add newline after wrapping text by @​fatih in #​192
• [Test] Nil check added by @​hyunsooda in #​203
• fixes #​206 (using underline with a different fg color breaks) by @​gregpoirson in #​210

Dependency updates

• Bump dominikh/staticcheck-action from 1.2.0 to 1.3.0 by @​dependabot in #​201
• Bump github.com/mattn/go-isatty from 0.0.17 to 0.0.18 by @​dependabot in #​193
• Bump golang.org/x/sys from 0.6.0 to 0.8.0 by @​dependabot in #​195
• Bump github.com/mattn/go-isatty from 0.0.18 to 0.0.19 by @​dependabot in #​196
• Bump golang.org/x/sys from 0.8.0 to 0.10.0 by @​dependabot in #​199
• Bump github.com/mattn/go-isatty from 0.0.19 to 0.0.20 by @​dependabot in #​212
• Bump golang.org/x/sys from 0.10.0 to 0.13.0 by @​dependabot in #​209
• Bump actions/setup-go from 3 to 4 by @​dependabot in #​202
• Bump actions/checkout from 3 to 4 by @​dependabot in #​208
• Bump golang.org/x/sys from 0.13.0 to 0.14.0 by @​dependabot in #​213

New Contributors

• @​ilyabrin made their first contribution in #​200
• @​hyunsooda made their first contribution in #​203
• @​gregpoirson made their first contribution in #​210

Full Changelog: fatih/color@v1.15.0...v1.16.0

v1.15.0

Compare Source

What's Changed

• windows: enable virtual terminal processing, fixes #​169 by @​martinlindhe in #​186
• ci: update dependencies by @​fatih in #​191
• Bump golang.org/x/sys from 0.5.0 to 0.6.0 by @​dependabot in #​189
• Refactor color_windows.go by @​pellared in #​188

New Contributors

• @​martinlindhe made their first contribution in #​186

Full Changelog: fatih/color@v1.14.1...v1.15.0

v1.14.1

Compare Source

What's Changed

• Update to Go 1.17 by @​pellared in #​184

Full Changelog: fatih/color@v1.14.0...v1.14.1

v1.14.0

Compare Source

What's Changed

• Bump github.com/mattn/go-colorable from 0.1.12 to 0.1.13 by @​dependabot in #​165
• Bump go-isatty from 0.0.16 to 0.0.17 by @​fatih in #​178
• Spelling and grammar fixes by @​pattmax00 in #​181
• NO_COLOR requires a non-empty string by @​pellared in #​171
• color: expose SetWriter and UnsetWriter by @​fatih in #​182

New Contributors

• @​pattmax00 made their first contribution in #​181
• @​pellared made their first contribution in #​171

Full Changelog: fatih/color@v1.13.0...v1.14.0

golang-jwt/jwt (github.com/golang-jwt/jwt/v4)

v4.5.2

Compare Source

See GHSA-mh63-6h87-95cp

Full Changelog: golang-jwt/jwt@v4.5.1...v4.5.2

v4.5.1

Compare Source

Security

Unclear documentation of the error behavior in ParseWithClaims in <= 4.5.0 could lead to situation where users are potentially not checking errors in the way they should be. Especially, if a token is both expired and invalid, the errors returned by ParseWithClaims return both error codes. If users only check for the jwt.ErrTokenExpired using error.Is, they will ignore the embedded jwt.ErrTokenSignatureInvalid and thus potentially accept invalid tokens.

This issue was documented in GHSA-29wx-vh33-7x7r and fixed in this release.

Note: v5 was not affected by this issue. So upgrading to this release version is also recommended.

What's Changed

• Back-ported error-handling logic in ParseWithClaims from v5 branch. This fixes GHSA-29wx-vh33-7x7r.

Full Changelog: golang-jwt/jwt@v4.5.0...v4.5.1

golang/glog (github.com/golang/glog)

v1.2.5

Compare Source

What's Changed

• glog: generate a Fatalf-like error message when writing to logsinks fails by @​chressie in #​76

Full Changelog: golang/glog@v1.2.4...v1.2.5

v1.2.4

Compare Source

What's Changed

• Fail if log file already exists by @​chressie in #​74:
  • glog: Don't try to create/rotate a given syncBuffer twice in the same second
  • glog: introduce createInDir function as in internal version
  • glog: have createInDir fail if the file already exists

Full Changelog: golang/glog@v1.2.3...v1.2.4

v1.2.3

Compare Source

What's Changed

• glog: check that stderr is valid before using it by default by @​chressie in #​72
• glog: fix typo by @​chressie in #​73

Full Changelog: golang/glog@v1.2.2...v1.2.3

v1.2.2

Compare Source

What's Changed

• glog: avoid calling user.Current() on windows by @​bentekkie in #​69

Full Changelog: golang/glog@v1.2.1...v1.2.2

v1.2.1

Compare Source

What's Changed

• glog: don't hold mutex when sync'ing by @​chressie in #​68

Full Changelog: golang/glog@v1.2.0...v1.2.1

v1.2.0

Compare Source

What's Changed

• glog: add context variants and logsink tests by @​chressie in #​66

Full Changelog: golang/glog@v1.1.2...v1.2.0

v1.1.2

Compare Source

Bugfix release.

What's Changed

• glog: populate symlinks -log_link directory by @​chressie in #​64

Full Changelog: golang/glog@v1.1.1...v1.1.2

v1.1.1

Compare Source

Bugfixes since the larger v1.1.0, which have been addressed.

v1.1.0

Compare Source

Tagging v1.1.0 after syncing glog with internal changes

golang/protobuf (github.com/golang/protobuf)

v1.5.4

Compare Source

Notable changes

• update descriptor.proto to latest version

v1.5.3

Compare Source

Notable changes

*( #​1363) jsonpb: accept 'null' as a valid representation of NullValue in unmarshal

google/uuid (github.com/google/uuid)

v1.6.0

Compare Source

Features

• add Max UUID constant (#​149) (c58770e)

Bug Fixes

• fix typo in version 7 uuid documentation (#​153) (016b199)
• Monotonicity in UUIDv7 (#​150) (a2b2b32)

v1.5.0

Compare Source

Features

• Validate UUID without creating new UUID (#​141) (9ee7366)

v1.4.0

Compare Source

Features

• UUIDs slice type with Strings() convenience method (#​133) (cd5fbbd)

Fixes

• Clarify that Parse's job is to parse but not necessarily validate strings. (Documents current behavior)

v1.3.1

Compare Source

Bug Fixes

• Use .EqualFold() to parse urn prefixed UUIDs (#​118) (574e687)

gorilla/css (github.com/gorilla/css)

v1.0.1

Compare Source

What's Changed

• Perform all preprocessing as per the spec. by @​alin04 in #​16
• Remove CR and FF that wouldn't appear after preprocessing. by @​alin04 in #​17
• Create config.yml by @​elithrar in #​18
• Update go version, add tools for verification and testing by @​coreydaley in #​19
• Update issues.yml by @​coreydaley in #​20
• update GitHub workflows by @​coreydaley in #​21

New Contributors

• @​alin04 made their first contribution in #​16
• @​elithrar made their first contribution in #​18
• @​coreydaley made their first contribution in #​19

Full Changelog: gorilla/css@v1.0.0...v1.0.1

mattn/go-colorable (github.com/mattn/go-colorable)

v0.1.14

Compare Source

mattn/go-isatty (github.com/mattn/go-isatty)

v0.0.20

Compare Source

v0.0.19

Compare Source

v0.0.18

Compare Source

v0.0.17

Compare Source

matttproud/golang_protobuf_extensions (github.com/matttproud/golang_protobuf_extensions)

v1.0.4

Compare Source

Summary: This is an emergency re-tag of v1.0.2 since v1.0.3 broke API
compatibility for legacy users. See the description of v1.0.2 for details.

v1.0.3

Compare Source

DO NOT USE: Use v1.0.4 instead. What is described in v1.0.3 will be
transitioned to a new major version.

Summary: Modernization of this package to Go standards in 2022, mostly
through internal cleanups.

New Features: None

The last time this package was significantly modified was 2016, which predates
cmp, subtests, the modern Protocol Buffer implementation, and numerous Go
practices that emerged in the intervening years. The new release is tested
against Go 1.19, though I expect it would work with Go 1.13 just fine.

Finally, I declared bankruptcy on the vendored test fixtures and opted for
creating my own. This is due to the underlying implementation of the generated
code in conjunction with working with a moving target that is an external data
model representation.

microcosm-cc/bluemonday (github.com/microcosm-cc/bluemonday)

v1.0.27

Compare Source

v1.0.26: Update golang.org/x/net to latest and force latest version

Compare Source

Bumping version and ensuring latest golang.org/x/net as the HTTP rapid reset is triggering primitive vuln scanners, we do not implement a HTTP2 server and are not vulnerable but a minor bump can still help reduce noise for those searching for what they need to upgrade and patch.

Nothing else is in this release aside from the dependency updates and some staticcheck messages being resolved that should not modify behaviour.

v1.0.25: Added src rewriter to allow for proxying inline assets.

Compare Source

What's Changed

• Bump golang.org/x/net from 0.10.0 to 0.12.0 by @​dependabot in #​178
• Prefer explicit rules over regexp by @​KN4CK3R in #​182
• Added src rewriter by @​yyewolf in #​179

New Contributors

• @​yyewolf made their first contribution in #​179

Full Changelog: microcosm-cc/bluemonday@v1.0.24...v1.0.25

v1.0.24: Added AllowURLSchemesMatching

Compare Source

This is a feature release, there are no security fixes in this release.

What's Changed

• Minor bug fix parsing style attribute with trailing spaces by @​sergeyfedotov in #​172
• Allow custom URL schemes by matching regex by @​yardenshoham in #​175
• Bump golang.org/x/net from 0.8.0 to 0.10.0 by @​dependabot in #​173

New Contributors

• @​sergeyfedotov made their first contribution in #​172
• @​yardenshoham made their first contribution in #​175

Full Changelog: microcosm-cc/bluemonday@v1.0.23...v1.0.24

v1.0.23: Resolve golang.org/x/net CVE-2022-41723

Compare Source

What's Changed

• Upgrade golang.org/x/net to 0.8.0 by @​barshociaj in #​165 to address CVE-2022-41723 which requires updating the x/net dependency

New Contributors

• @​barshociaj made their first contribution in #​165

Full Changelog: microcosm-cc/bluemonday@v1.0.22...v1.0.23

v1.0.22: Add picture to list of elements allowed without attributes

Compare Source

This is not a security update!

This is a usability update as some HTML elements are valid without attributes however the default behaviour is to strip these out of an abundance of caution. The picture element https://developer.mozilla.org/en-US/docs/Web/HTML/Element/picture is one such element where it merely changes the browser rendering such that one of the child elements will be rendered.

The picture element was not present in the allowlist when it should have been, and so this release fixes that as per #​161 .

nwidger/jsoncolor (github.com/nwidger/jsoncolor)

v0.3.2

Compare Source

• Fixed emitting unwanted leading space when printing JSON scalar values (thanks @​springcomp!)

openshift-online/ocm-cli (github.com/openshift-online/ocm-cli)

v0.1.76: Release 0.1.76

Compare Source

-e034b6b Update Konflux references to 2418e94
-5066ea0 Filter wif configs in interactive mode (#​660)
-878f5e3 Initial refactor to prepare to move the connection builder and config packages to ocm-common
-1ea2e05 lint
-2c66dc0 removes redundant api url
-65bf8cf Add role prefix flag on create wif-config (#​662)
-a39ce2e Grant access to support group during WifConfig creation (#​663)
-0275d67 Revert "Grant access to support group during WifConfig creation (#​663)" (#​664)
-7cddc94 Wif creation improvements, including logic to grant support access as part of wif creation. (#​666)
-7f41626 Update Konflux references
-b9a750c UpdatesToKonflux (#​668)
-e4aa770 OCM-10615 | Implement 'gcp wif-config update' command (#​667)
-cf6e500 Dry-run wif config delete before tearing down cloud resources (#​670)
-e18ea10 OCM-11842 | feat: Updates to support GCP-PSC clusters (#​672)
-893acd5 wif-enable gcp-inquiries (#​673)
-664b2c4 Replace wif dry-run flag with mode (#​671)
-df87894 Update Konflux references (#​669)

v0.1.75: Release 0.1.75

Compare Source

-416843e OSD-24332 Adding CNI Type to the printed output.
-ca71863 Introduce gcp WIF sub-commands to manage wif-configs (#​619)
-5f9697b multi arch release images (#​631)
-951d7cd Red Hat Konflux update ocm-cli (#​633)
-2604647 Limit Konflux Pipeline Runs (#​634)
-9645301 Update Konflux references (#​635)
-c797dfb Update Konflux references to 0dc3087
-28b521d support hermetic build (#​636)
-3117d6b Update Konflux references to 9eee3cf
-d228140 Update Konflux references to 71270c3
-0ff233b update konflux pipeline (#​641)
-ae2093b Update Konflux references
-2ae4aa0 Update Konflux references
-bdd172b Update Konflux references to f93024e
-d750acc Red Hat Konflux update ocm-cli Signed-off-by: red-hat-konflux konflux@no-reply.konflux-ci.dev
-0bbcf6e Update Konflux references
-21ff6b8 Replace wif models and client with sdk (#​643)
-c3d52e2 Update Konflux build (#​651)
-8073ef8 release_version (#​652)
-e9a014d Update Konflux references
-78317e9 Add 'wif-config' flag as cluster create option
-49f4e41 Set project number on wif config creation
-e441c1b Update Konflux references
-ca8d9db Support listing and parameters in 'gcp get wif-config' (#​656)

v0.1.74: Release 0.1.74

Compare Source

• 3423d52 OCM-1888: Add docs for ocm delete account subcommands and arguments
• 42a6c63 OCM-4965: Keyring configuration storage (#​600)
• 01c0241 OCM-6528 | feat: add describe ingress cmd
• debb035 OCM-8013| feat: Dockerfile for Konflux builds
• 79d7322 konflux-tekton build pipelines
• e79a4bf Red Hat Konflux update ocm-cli
• 5ea7344 Trigger pipeline only if event title starts with Konflux
• edd560c Bump ocm-sdk-go to v0.1.422 (#​620)
• 5e4c99b Adds ability to change api url via env var (#​621)
• 2a1f92e OCM-1398: support 'user' as variable for ocm config
• a248a57 Update Konflux references (#​617)
• 8448029 Update Konflux references to fa168cd (#​623)
• 441189f Red Hat Konflux purge ocm-cli (#​624)

v0.1.73: Release 0.1.73

Compare Source

• 165b90e OCM-4783 | feat: display warnings after cluster creation
• 0973f7b Display a cluster history URL in cluster describe
• ad98440 Fix minor formatting issue with cluster describe
• ea1c988 OCM-4962 | Feat | Add OAuth login using PKCE (#​590)
• 98944f7 OCM-5759 | feat: Add Device Code Flow (#​591)
• ff1c142 Display only platform-relevant field in cluster describe
• fab7ccf OCM-5281 | Feat | Add region validation from ocm-shards and list regions command (#​586)
• f279dc7 Use Hostname() to set --hosted-domain
• d0f8459 improving ocm login and ocm list rh-region url resolution to reuse the url saved in config before falling back to api.openshift.com
• d894c2a OCM-6407 | edit option sends an empty payload
• 9cf11ef OCM-6450 | No update cluster with empty config
• 1caf2d0 OCM-5941 | add enable delete protection parameter
• a056c70 OCM-6140 | feat: allow customization of the domain prefix when creating a cluster
• 5aa159f OCM-6030 | chore: bump sdk to v0.1.407
• 03500fe OCM-6140: make name width to be 54 chars to fix truncation issue in case of longer name > 28 chars
• 6d1fd05 OCM-6030 | feat: allow to edit component routes of ingress
• 383d362 Make auth and device

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

To execute skipped test pipelines write comment /ok-to-test.

---

Documentation

Find out how to configure dependency updates in MintMaker documentation or see all available configuration options in Renovate documentation.

[red-hat-konflux]

ℹ Artifact update notice

File name: go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

• The go directive was updated for compatibility reasons

Details:

Package	Change
go	1.24 -> 1.24.0