Update go modules (main) (patch) by renovate[bot] · Pull Request #3130 · conforma/cli

renovate · 2026-02-27T01:15:43Z

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
cuelang.org/go	`v0.16.0` → `v0.16.1`
github.com/conforma/crds/api	`v0.1.7` → `v0.1.11`
github.com/cucumber/godog	`v0.15.0` → `v0.15.1`
github.com/gkampitakis/go-snaps	`v0.5.19` → `v0.5.22`
github.com/go-openapi/runtime	`v0.29.2` → `v0.29.5`
github.com/go-openapi/strfmt	`v0.26.1` → `v0.26.3`
github.com/google/go-containerregistry	`v0.21.5` → `v0.21.6`
github.com/mattn/go-isatty	`v0.0.20` → `v0.0.22`
github.com/otiai10/copy	`v1.14.0` → `v1.14.1`
github.com/package-url/packageurl-go	`v0.1.3` → `v0.1.6`
github.com/sigstore/cosign/v3	`v3.0.4` → `v3.0.6`
github.com/sigstore/rekor	`v1.5.0` → `v1.5.2`
github.com/sigstore/sigstore	`v1.10.5` → `v1.10.8`
github.com/tektoncd/chains	`v0.26.2` → `v0.26.4`
github.com/testcontainers/testcontainers-go	`v0.34.0` → `v0.34.1`
gotest.tools/gotestsum	`v1.12.1` → `v1.12.3`
k8s.io/api	`v0.35.4` → `v0.35.5`
k8s.io/apiextensions-apiserver	`v0.35.4` → `v0.35.5`
k8s.io/apimachinery	`v0.35.4` → `v0.35.5`
k8s.io/client-go	`v0.35.4` → `v0.35.5`
k8s.io/kubernetes	`v1.34.2` → `v1.34.8`
oras.land/oras-go/v2	`v2.6.0` → `v2.6.1`

Release Notes

cue-lang/cue (cuelang.org/go)

`v0.16.1`

Compare Source

Language

The fallback keyword in the aliasv2 experiment is replaced by otherwise, which is clearer. cue fmt or cue fix can be used to rewrite existing code.

Evaluator

Fix a regression where the compiler could add comments to the input AST value, which could lead to increased memory usage.

Fix a bug where exporting certain schemas could result in "cannot have both alias and field in same scope" errors.

`cmd/cue`

Fix a panic which could occur when using non-label expressions in the --path flag.

Teach cue login to give helpful errors when used with OCI registries which don't support the OAuth2 device flow.

Go API

Fix a regression where cue.Context.Encode could panic on custom marshaler types with pointer receivers.

Full list of changes since v0.16.0

internal/cueversion: bump to v0.16.1 by @mvdan in 6d609d7
internal/ci: build releases with Go 1.26.2 by @mvdan in cedf4c8
update all golang.org/x/... dependencies by @mvdan in b4efeef
all: rename fallback keyword to otherwise by @mpvl in f813811
lsp/cache: improve rename by @cuematthew in 8e47027
integration/workspace: add test showing bad behaviour by @cuematthew in a5e0ef5
cmd/cue: suggest docker/podman login when OAuth2 device flow is unsupported by @mvdan in c169605
cmd/cue: add testscript for cue login when device code endpoint is unsupported by @mvdan in d7c882a
cmd/cue: clarify how to authenticate with standard OCI registries by @mvdan in 2613edf
internal/core/compile: avoid mutating AST by @rogpeppe in e4b0516
internal/core/export: fix alias/field name conflict in pattern constraints by @mvdan in 1e46409
internal/core/export: add regression test for alias/field name conflict by @mvdan in 1654f66
pkg: fix godoc mistakes across several packages by @mvdan in eae9aaf
internal/core/convert: fix panic when encoding pointer-receiver marshalers by @mvdan in 8e39aec
cmd/cue: return an error for non-label --path expressions instead of panicking by @mvdan in 5a55849
encoding: add godoc hints for cue/ast result types by @mvdan in 682c663

cucumber/godog (github.com/cucumber/godog)

`v0.15.1`

Compare Source

Added

Step text is added to "step is undefined" error - (669 - vearutop)
Localisation support by @MegaGrindStone in #665
feat: support uint types by @chengxilo in #695

Changed

Replace deprecated ::set-output - (681 - nodeg)

Fixed

fix(errors): fix(errors): Fix expected Step argument count for steps with context.Context (679 - tigh-latte)
fix(formatter): On concurrent execution, execute formatter at end of Scenario - (645 - tigh-latte)
Pretty printing results now prints the line where the step is declared instead of the line where the handler is declared. (668 - spencerc)
Update honnef.co/go/tools/cmd/staticcheck version in Makefile by @RezaZareiii in #670
fix: verify dogT exists in the context before using it by @cakoolen in #692
fix: change bang to being in README by @nahomEagleLion in #687
Mark junit test cases as skipped if no pickle step results available by @mrsheepuk in #597
Print step declaration line instead of handler declaration line by @SpencerC in #668

gkampitakis/go-snaps (github.com/gkampitakis/go-snaps)

`v0.5.22`

Compare Source

What's Changed

Enhance README with additional Any matcher example by @MoritzHeld in #157
fix: create snapshot files with 0644 instead of os.ModePerm by @gkampitakis in #159

New Contributors

@MoritzHeld made their first contribution in #157

Full Changelog: gkampitakis/go-snaps@v0.5.21...v0.5.22

`v0.5.21`

Compare Source

What's Changed

support nested arrays in json matchers by @gkampitakis in #145

Full Changelog: gkampitakis/go-snaps@v0.5.20...v0.5.21

`v0.5.20`

Compare Source

What's Changed

feat: support setting serializer on config by @gkampitakis in #154

Full Changelog: gkampitakis/go-snaps@v0.5.19...v0.5.20

go-openapi/runtime (github.com/go-openapi/runtime)

`v0.29.5`

Compare Source

0.29.5 - 2026-05-04

Full Changelog: go-openapi/runtime@v0.29.4...v0.29.5

10 commits in this release.

Implemented enhancements

feat(client): prefer multipart and support url-encoded file uploads by @fredbi in #428 ...

Fixed bugs

fix(statuses): align http status text with current standard by @fredbi in #427 ...
fix(validation): match content-type with MIME parameters by @fredbi in #426 ...
fix(auth): detect nil interface vs nil interface by @fredbi in #425 ...
fix: handle literal colons in URL paths for denco router by @KuaaMU in #422 ...

Documentation

doc: aligned docs with org-level docs by @fredbi in #424 ...
doc: updated contributors file by @bot-go-openapi[bot] in #423 ...
doc: updated contributors file by @bot-go-openapi[bot] in #420 ...

Miscellaneous tasks

chore: prepare release v0.29.5 by @bot-go-openapi[bot] in #429 ...

Updates

build(deps): bump the go-openapi-dependencies group across 2 directories with 3 updates by @dependabot[bot] in #421 ...

People who contributed to this release

New Contributors

@KuaaMU made their first contribution
in #422

runtime license terms

Per-module changes

client-middleware/opentracing (0.29.5)

Fixed bugs

fix(auth): detect nil interface vs nil interface by @fredbi in #425 ...

Miscellaneous tasks

chore: prepare release v0.29.5 by @bot-go-openapi[bot] in #429 ...

Updates

build(deps): bump the go-openapi-dependencies group across 2 directories with 3 updates by @dependabot[bot] in #421 ...

`v0.29.4`

Compare Source

0.29.4 - 2026-04-18

Security update

Full Changelog: go-openapi/runtime@v0.29.3...v0.29.4

16 commits in this release.

Documentation

doc: updated contributors file by @bot-go-openapi[bot] in #414 ...
doc: updated contributors file by @bot-go-openapi[bot] in #412 ...
doc: add portable agentic instructions by @fredbi in #409 ...
doc: update discord link by @fredbi in #408 ...
doc: updated contributors file by @bot-go-openapi[bot] in #406 ...

Testing

test: removed static testing TLS material (replaced by test helper) by @fredbi in #413 ...

Miscellaneous tasks

chore: prepare release v0.29.4 by @bot-go-openapi[bot] in #419 ...
chore: bump go directive to 1.25.0 by @fredbi in #410 ...
ci: fixed dependabot path by @fredbi in #407 ...

Updates

build(deps): bump go.opentelemetry.io/otel/sdk from 1.42.0 to 1.43.0 by @dependabot[bot] in #415 ...
build(deps): bump the go-openapi-dependencies group across 1 directory with 4 updates by @dependabot[bot] in #418 ...
build(deps): bump the development-dependencies group with 7 updates by @dependabot[bot] in #417 ...
build(deps): bump the go-openapi-dependencies group across 2 directories with 4 updates by @dependabot[bot] in #411 ...
build(deps): bump the other-dependencies group across 1 directory with 3 updates by @dependabot[bot] in #401 ...
build(deps): bump golang.org/x/sync from 0.19.0 to 0.20.0 in the golang-org-dependencies group across 1 directory by @dependabot[bot] in #400 ...
build(deps): bump the development-dependencies group across 2 directories with 7 updates by @dependabot[bot] in #405 ...

People who contributed to this release

@fredbi

runtime license terms

Per-module changes

client-middleware/opentracing (0.29.4)

Miscellaneous tasks

chore: prepare release v0.29.4 by @bot-go-openapi[bot] in #419 ...
chore: bump go directive to 1.25.0 by @fredbi in #410 ...

Updates

build(deps): bump the go-openapi-dependencies group across 1 directory with 4 updates by @dependabot[bot] in #418 ...
build(deps): bump the go-openapi-dependencies group across 2 directories with 4 updates by @dependabot[bot] in #411 ...
build(deps): bump the other-dependencies group across 1 directory with 3 updates by @dependabot[bot] in #401 ...
build(deps): bump golang.org/x/sync from 0.19.0 to 0.20.0 in the golang-org-dependencies group across 1 directory by @dependabot[bot] in #400 ...

`v0.29.3`

Compare Source

0.29.3 - 2026-03-08

Full Changelog: go-openapi/runtime@v0.29.2...v0.29.3

27 commits in this release.

Fixed bugs

fix: Content-Type of 404 & 405 responses by @maxatome in #373 ...

Documentation

docs: add FAQ from resolved GitHub issues by @fredbi in #403 ...
doc: fixup README (pending CI update for a complete rendering) by @fredbi ...
doc: announced new discord channel by @fredbi in #390 ...
Chore/attribute original code by @fredbi in #384 ...

Code quality

chore: updated dependencies (removed mongodb indirect dependency) by @fredbi in #399 ...

Miscellaneous tasks

chore: prepare release v0.29.3 by @bot-go-openapi[bot] in #404 ...
ci: fixed dropped trivy release - updated shared workflow by @fredbi ...
chore(code quality): replace TODO comments with issue references by @fredbi in #388 ...
chore(licensing): added correct code attribution for the denco middleware by @fredbi ...
chore: fixed code quality issues in shells used for preparing releases by @fredbi in #383 ...

Updates

build(deps): bump the development-dependencies group across 2 directories with 7 updates by @dependabot[bot] in #402 ...
build(deps): bump the other-dependencies group with 3 updates by @dependabot[bot] in #394 ...
build(deps): bump the go-openapi-dependencies group with 6 updates by @dependabot[bot] in #398 ...
build(deps): bump the go-openapi-dependencies group with 2 updates by @dependabot[bot] in #396 ...
build(deps): bump the go-openapi-dependencies group with 2 updates by @dependabot[bot] in #395 ...
build(deps): bump the go-openapi-dependencies group with 2 updates by @dependabot[bot] in #393 ...
build(deps): bump the go-openapi-dependencies group with 2 updates by @dependabot[bot] in #392 ...
build(deps): bump the go-openapi-dependencies group with 2 updates by @dependabot[bot] in #391 ...
build(deps): bump github.com/go-openapi/analysis from 0.24.1 to 0.24.2 in the go-openapi-dependencies group by @dependabot[bot] in #389 ...
build(deps): bump the other-dependencies group with 3 updates by @dependabot[bot] in #382 ...
build(deps): bump golang.org/x/sync from 0.18.0 to 0.19.0 in the golang-org-dependencies group by @dependabot[bot] in #380 ...
build(deps): bump the go-openapi-dependencies group with 2 updates by @dependabot[bot] in #381 ...
build(deps): bump the go-openapi-dependencies group with 4 updates by @dependabot[bot] in #379 ...
build(deps): bump the go-openapi-dependencies group with 4 updates by @dependabot[bot] in #377 ...
build(deps): bump actions/checkout from 5 to 6 in the development-dependencies group by @dependabot[bot] in #378 ...
build(deps): bump golangci/golangci-lint-action from 8 to 9 in the development-dependencies group by @dependabot[bot] in #374 ...

People who contributed to this release

New Contributors

@maxatome made their first contribution
in #373

runtime license terms

Per-module changes

client-middleware/opentracing (0.29.3)

Documentation

Chore/attribute original code by @fredbi in #384 ...

Code quality

chore: updated dependencies (removed mongodb indirect dependency) by @fredbi in #399 ...

Miscellaneous tasks

chore: prepare release v0.29.3 by @bot-go-openapi[bot] in #404 ...

go-openapi/strfmt (github.com/go-openapi/strfmt)

`v0.26.3`

Compare Source

0.26.3 - 2026-05-31

Full Changelog: go-openapi/strfmt@v0.26.2...v0.26.3

15 commits in this release.

Documentation

fix(ci): typo in sha by @fredbi ...
doc: updated contributors file by @bot-go-openapi[bot] in #258 ...
doc: updated contributors file by @bot-go-openapi[bot] in #251 ...

Miscellaneous tasks

chore: prepare release v0.26.3 by @bot-go-openapi[bot] in #260 ...
fix(ci): monitor - work around dependabot identity requirements by @fredbi ...
fix(ci): updated shared ci worflows (fix monitor-bot identity) by @fredbi ...
fix(ci): updated shared ci worflows (fix monitor-bot permissions) by @fredbi ...
fix(ci): updated shared ci worflows (fix monitor-bot filter) by @fredbi in #259 ...
ci: schedule bot PR monitoring by @fredbi in #257 ...

Updates

build(deps): bump the other-dependencies group across 3 directories with 2 updates by @dependabot[bot] in #252 ...
build(deps): bump golang.org/x/net from 0.54.0 to 0.55.0 in the golang-org-dependencies group across 1 directory by @dependabot[bot] in #255 ...
build(deps): bump the go-openapi-dependencies group across 2 directories with 1 update by @dependabot[bot] in #256 ...
build(deps): bump the development-dependencies group with 8 updates by @dependabot[bot] in #254 ...
build(deps): bump golang.org/x/net from 0.53.0 to 0.54.0 in the golang-org-dependencies group across 1 directory by @dependabot[bot] in #253 ...
build(deps): bump the go-openapi-dependencies group across 2 directories with 1 update by @dependabot[bot] in #249 ...

People who contributed to this release

@fredbi

strfmt license terms

Per-module changes

enable/mongodb (0.26.3)

Miscellaneous tasks

chore: prepare release v0.26.3 by @bot-go-openapi[bot] in #260 ...

Updates

build(deps): bump the other-dependencies group across 3 directories with 2 updates by @dependabot[bot] in #252 ...

internal/testintegration (0.26.3)

Miscellaneous tasks

chore: prepare release v0.26.3 by @bot-go-openapi[bot] in #260 ...

Updates

build(deps): bump the other-dependencies group across 3 directories with 2 updates by @dependabot[bot] in #252 ...
build(deps): bump golang.org/x/net from 0.54.0 to 0.55.0 in the golang-org-dependencies group across 1 directory by @dependabot[bot] in #255 ...
build(deps): bump the go-openapi-dependencies group across 2 directories with 1 update by @dependabot[bot] in #256 ...
build(deps): bump golang.org/x/net from 0.53.0 to 0.54.0 in the golang-org-dependencies group across 1 directory by @dependabot[bot] in #253 ...
build(deps): bump the go-openapi-dependencies group across 2 directories with 1 update by @dependabot[bot] in #249 ...

`v0.26.2`

Compare Source

0.26.2 - 2026-04-29

Full Changelog: go-openapi/strfmt@v0.26.1...v0.26.2

13 commits in this release.

Documentation

doc: aligned docs with org-wide documentation. by @fredbi in #247 ...
doc: updated contributors file by @bot-go-openapi[bot] in #239 ...
doc: add portable agentic instructions by @fredbi in #236 ...
doc: added portable agentic instructions by @fredbi in #235 ...

Performance

perf(duration): faster and stricter ParseDuration. by @fredbi in #246 ...

Miscellaneous tasks

chore: prepare release v0.26.2 by @bot-go-openapi[bot] in #248 ...
chore: bump go directive to 1.25.0 by @fredbi in #237 ...

Updates

build(deps): bump the other-dependencies group across 2 directories with 2 updates by @dependabot[bot] in #245 ...
build(deps): bump the development-dependencies group with 8 updates by [@dependa

✂ Note

PR body was truncated to here.

Configuration

📅 Schedule: (UTC)

Branch creation
- Between 12:00 AM and 03:59 AM (* 0-3 * * *)
Automerge
- At any time (no schedule defined)

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

renovate · 2026-02-27T01:15:46Z

ℹ️ Artifact update notice

File name: acceptance/go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

39 additional dependencies were updated

Details:

Package	Change
`github.com/secure-systems-lab/go-securesystemslib`	`v0.10.0` -> `v0.11.0`
`golang.org/x/exp`	`v0.0.0-20250911091902-df9299821621` -> `v0.0.0-20251023183803-a4bb9ffd2546`
`k8s.io/klog/v2`	`v2.130.1` -> `v2.140.0`
`github.com/gkampitakis/ciinfo`	`v0.3.2` -> `v0.3.4`
`github.com/go-chi/chi/v5`	`v5.2.4` -> `v5.2.5`
`github.com/go-openapi/analysis`	`v0.24.3` -> `v0.25.0`
`github.com/go-openapi/runtime`	`v0.29.2` -> `v0.29.4`
`github.com/go-openapi/swag`	`v0.25.4` -> `v0.26.0`
`github.com/go-openapi/swag/cmdutils`	`v0.25.4` -> `v0.26.0`
`github.com/go-openapi/swag/conv`	`v0.25.5` -> `v0.26.0`
`github.com/go-openapi/swag/fileutils`	`v0.25.5` -> `v0.26.0`
`github.com/go-openapi/swag/jsonname`	`v0.25.5` -> `v0.26.0`
`github.com/go-openapi/swag/jsonutils`	`v0.25.5` -> `v0.26.0`
`github.com/go-openapi/swag/loading`	`v0.25.5` -> `v0.26.0`
`github.com/go-openapi/swag/mangling`	`v0.25.5` -> `v0.26.0`
`github.com/go-openapi/swag/netutils`	`v0.25.4` -> `v0.26.0`
`github.com/go-openapi/swag/stringutils`	`v0.25.5` -> `v0.26.0`
`github.com/go-openapi/swag/typeutils`	`v0.25.5` -> `v0.26.0`
`github.com/go-openapi/swag/yamlutils`	`v0.25.5` -> `v0.26.0`
`github.com/goccy/go-yaml`	`v1.18.0` -> `v1.19.2`
`github.com/google/certificate-transparency-go`	`v1.3.2` -> `v1.3.3`
`github.com/letsencrypt/boulder`	`v0.20251110.0` -> `v0.20260223.0`
`github.com/maruel/natural`	`v1.1.1` -> `v1.3.0`
`github.com/prometheus/procfs`	`v0.17.0` -> `v0.19.2`
`github.com/sigstore/protobuf-specs`	`v0.5.0` -> `v0.5.1`
`github.com/sigstore/rekor-tiles/v2`	`v2.0.1` -> `v2.2.1`
`github.com/sigstore/timestamp-authority/v2`	`v2.0.4` -> `v2.0.5`
`github.com/tidwall/gjson`	`v1.18.0` -> `v1.19.0`
`go.uber.org/zap`	`v1.27.1` -> `v1.28.0`
`golang.org/x/crypto`	`v0.49.0` -> `v0.50.0`
`golang.org/x/mod`	`v0.33.0` -> `v0.34.0`
`golang.org/x/net`	`v0.52.0` -> `v0.53.0`
`golang.org/x/sys`	`v0.42.0` -> `v0.43.0`
`golang.org/x/term`	`v0.41.0` -> `v0.42.0`
`golang.org/x/text`	`v0.35.0` -> `v0.36.0`
`google.golang.org/api`	`v0.271.0` -> `v0.274.0`
`google.golang.org/genproto/googleapis/api`	`v0.0.0-20260203192932-546029d2fa20` -> `v0.0.0-20260401024825-9d38bb4040a9`
`google.golang.org/genproto/googleapis/rpc`	`v0.0.0-20260226221140-a57be14db171` -> `v0.0.0-20260401024825-9d38bb4040a9`
`google.golang.org/grpc`	`v1.79.3` -> `v1.80.0`

File name: go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

78 additional dependencies were updated

Details:

Package	Change
`github.com/go-git/go-git/v5`	`v5.17.1` -> `v5.18.0`
`github.com/secure-systems-lab/go-securesystemslib`	`v0.10.0` -> `v0.11.0`
`golang.org/x/exp`	`v0.0.0-20250911091902-df9299821621` -> `v0.0.0-20251023183803-a4bb9ffd2546`
`golang.org/x/net`	`v0.52.0` -> `v0.53.0`
`k8s.io/klog/v2`	`v2.130.1` -> `v2.140.0`
`golang.org/x/text`	`v0.35.0` -> `v0.36.0`
`cloud.google.com/go/auth`	`v0.18.2` -> `v0.19.0`
`cloud.google.com/go/iam`	`v1.5.3` -> `v1.7.0`
`cloud.google.com/go/storage`	`v1.61.3` -> `v1.62.0`
`github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp`	`v1.30.0` -> `v1.31.0`
`github.com/aws/aws-sdk-go-v2`	`v1.41.4` -> `v1.41.6`
`github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream`	`v1.7.7` -> `v1.7.8`
`github.com/aws/aws-sdk-go-v2/config`	`v1.32.12` -> `v1.32.14`
`github.com/aws/aws-sdk-go-v2/credentials`	`v1.19.12` -> `v1.19.14`
`github.com/aws/aws-sdk-go-v2/feature/ec2/imds`	`v1.18.20` -> `v1.18.21`
`github.com/aws/aws-sdk-go-v2/internal/configsources`	`v1.4.20` -> `v1.4.22`
`github.com/aws/aws-sdk-go-v2/internal/endpoints/v2`	`v2.7.20` -> `v2.7.22`
`github.com/aws/aws-sdk-go-v2/internal/v4a`	`v1.4.21` -> `v1.4.22`
`github.com/aws/aws-sdk-go-v2/service/ecr`	`v1.51.2` -> `v1.55.3`
`github.com/aws/aws-sdk-go-v2/service/ecrpublic`	`v1.38.2` -> `v1.38.10`
`github.com/aws/aws-sdk-go-v2/service/internal/checksum`	`v1.9.12` -> `v1.9.13`
`github.com/aws/aws-sdk-go-v2/service/internal/presigned-url`	`v1.13.20` -> `v1.13.21`
`github.com/aws/aws-sdk-go-v2/service/internal/s3shared`	`v1.19.20` -> `v1.19.21`
`github.com/aws/aws-sdk-go-v2/service/s3`	`v1.97.1` -> `v1.97.3`
`github.com/aws/aws-sdk-go-v2/service/signin`	`v1.0.8` -> `v1.0.9`
`github.com/aws/aws-sdk-go-v2/service/sso`	`v1.30.13` -> `v1.30.15`
`github.com/aws/aws-sdk-go-v2/service/ssooidc`	`v1.35.17` -> `v1.35.19`
`github.com/aws/aws-sdk-go-v2/service/sts`	`v1.41.9` -> `v1.41.10`
`github.com/aws/smithy-go`	`v1.24.2` -> `v1.25.0`
`github.com/awslabs/amazon-ecr-credential-helper/ecr-login`	`v0.11.0` -> `v0.12.0`
`github.com/clipperhouse/displaywidth`	`v0.6.0` -> `v0.10.0`
`github.com/clipperhouse/uax29/v2`	`v2.3.0` -> `v2.6.0`
`github.com/gkampitakis/ciinfo`	`v0.3.2` -> `v0.3.4`
`github.com/go-chi/chi/v5`	`v5.2.4` -> `v5.2.5`
`github.com/go-openapi/analysis`	`v0.24.3` -> `v0.25.0`
`github.com/go-openapi/swag`	`v0.25.4` -> `v0.26.0`
`github.com/go-openapi/swag/cmdutils`	`v0.25.4` -> `v0.26.0`
`github.com/go-openapi/swag/conv`	`v0.25.5` -> `v0.26.0`
`github.com/go-openapi/swag/fileutils`	`v0.25.5` -> `v0.26.0`
`github.com/go-openapi/swag/jsonname`	`v0.25.5` -> `v0.26.0`
`github.com/go-openapi/swag/jsonutils`	`v0.25.5` -> `v0.26.0`
`github.com/go-openapi/swag/loading`	`v0.25.5` -> `v0.26.0`
`github.com/go-openapi/swag/mangling`	`v0.25.5` -> `v0.26.0`
`github.com/go-openapi/swag/netutils`	`v0.25.4` -> `v0.26.0`
`github.com/go-openapi/swag/stringutils`	`v0.25.5` -> `v0.26.0`
`github.com/go-openapi/swag/typeutils`	`v0.25.5` -> `v0.26.0`
`github.com/go-openapi/swag/yamlutils`	`v0.25.5` -> `v0.26.0`
`github.com/goccy/go-yaml`	`v1.18.0` -> `v1.19.2`
`github.com/google/certificate-transparency-go`	`v1.3.2` -> `v1.3.3`
`github.com/googleapis/gax-go/v2`	`v2.17.0` -> `v2.22.0`
`github.com/letsencrypt/boulder`	`v0.20251110.0` -> `v0.20260223.0`
`github.com/maruel/natural`	`v1.1.1` -> `v1.3.0`
`github.com/miekg/pkcs11`	`v1.1.1` -> `v1.1.2`
`github.com/olekukonko/errors`	`v1.1.0` -> `v1.2.0`
`github.com/olekukonko/ll`	`v0.1.3` -> `v0.1.6`
`github.com/olekukonko/tablewriter`	`v1.1.2` -> `v1.1.4`
`github.com/prometheus/common`	`v0.67.4` -> `v0.67.5`
`github.com/prometheus/procfs`	`v0.17.0` -> `v0.19.2`
`github.com/sigstore/fulcio`	`v1.8.4` -> `v1.8.5`
`github.com/sigstore/protobuf-specs`	`v0.5.0` -> `v0.5.1`
`github.com/sigstore/rekor-tiles/v2`	`v2.0.1` -> `v2.2.1`
`github.com/sigstore/timestamp-authority/v2`	`v2.0.4` -> `v2.0.5`
`github.com/tidwall/gjson`	`v1.18.0` -> `v1.19.0`
`gitlab.com/gitlab-org/api/client-go`	`v1.11.0` -> `v1.46.0`
`go.opentelemetry.io/contrib/detectors/gcp`	`v1.39.0` -> `v1.40.0`
`go.uber.org/zap`	`v1.27.1` -> `v1.28.0`
`golang.org/x/crypto`	`v0.49.0` -> `v0.50.0`
`golang.org/x/mod`	`v0.33.0` -> `v0.34.0`
`golang.org/x/sys`	`v0.42.0` -> `v0.43.0`
`golang.org/x/term`	`v0.41.0` -> `v0.42.0`
`golang.org/x/tools`	`v0.42.0` -> `v0.43.0`
`google.golang.org/api`	`v0.271.0` -> `v0.274.0`
`google.golang.org/genproto`	`v0.0.0-20260128011058-8636f8732409` -> `v0.0.0-20260319201613-d00831a3d3e7`
`google.golang.org/genproto/googleapis/api`	`v0.0.0-20260203192932-546029d2fa20` -> `v0.0.0-20260401024825-9d38bb4040a9`
`google.golang.org/genproto/googleapis/rpc`	`v0.0.0-20260226221140-a57be14db171` -> `v0.0.0-20260401024825-9d38bb4040a9`
`google.golang.org/grpc`	`v1.79.3` -> `v1.80.0`
`gopkg.in/ini.v1`	`v1.67.1` -> `v1.67.2`
`sigs.k8s.io/release-utils`	`v0.12.3` -> `v0.12.4`

File name: tools/go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

2 additional dependencies were updated

Details:

Package	Change
`github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp`	`v1.30.0` -> `v1.31.0`
`google.golang.org/grpc`	`v1.79.3` -> `v1.80.0`

renovate · 2026-05-28T08:38:53Z

⚠️ Artifact update problem

Renovate failed to update artifacts related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

any of the package files in this branch needs updating, or
the branch becomes conflicted, or
you click the rebase/retry checkbox if found above, or
you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: acceptance/go.sum

Command failed: go mod tidy
go: downloading github.com/onsi/ginkgo v1.16.5
go: downloading github.com/onsi/gomega v1.38.2
go: downloading github.com/yudai/pp v2.0.1+incompatible
go: downloading gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c
go: downloading github.com/go-git/go-git-fixtures/v4 v4.3.2-0.20231010084843-55a94097c399
go: downloading go.uber.org/goleak v1.3.0
go: downloading gotest.tools/v3 v3.5.2
go: downloading gotest.tools v2.2.0+incompatible
go: downloading github.com/go-openapi/testify/v2 v2.5.1
go: downloading github.com/AdamKorcz/go-fuzz-headers-1 v0.0.0-20230919221257-8b5d3ce2d11d
go: downloading github.com/codahale/rfc6979 v0.0.0-20141003034818-6a90f24967eb
go: downloading github.com/elazarl/goproxy v1.7.2
go: downloading github.com/creack/pty v1.1.24
go: downloading github.com/stretchr/objx v0.5.2
go: downloading github.com/hashicorp/go-hclog v1.6.3
go: downloading github.com/onsi/ginkgo/v2 v2.27.2
go: downloading k8s.io/apiserver v0.35.4
go: downloading k8s.io/component-base v0.35.4
go: downloading github.com/tektoncd/triggers v0.35.0
go: downloading github.com/sassoftware/relic/v7 v7.6.2
go: downloading github.com/go-quicktest/qt v1.101.0
go: downloading golang.org/x/tools v0.44.0
go: downloading github.com/nxadm/tail v1.4.11
go: downloading github.com/go-openapi/swag/jsonutils/fixtures_test v0.26.0
go: downloading github.com/go-openapi/testify/enable/yaml/v2 v2.4.2
go: downloading github.com/google/trillian v1.7.3
go: downloading github.com/go-sql-driver/mysql v1.9.3
go: downloading github.com/jackc/pgx/v5 v5.8.0
go: downloading github.com/sigstore/sigstore/pkg/signature/kms/aws v1.10.6
go: downloading github.com/sigstore/sigstore/pkg/signature/kms/azure v1.10.6
go: downloading github.com/sigstore/sigstore/pkg/signature/kms/gcp v1.10.6
go: downloading github.com/sigstore/sigstore/pkg/signature/kms/hashivault v1.10.6
go: downloading github.com/tink-crypto/tink-go-awskms/v2 v2.1.0
go: downloading github.com/tink-crypto/tink-go-gcpkms/v2 v2.2.0
go: downloading github.com/tink-crypto/tink-go-hcvault/v2 v2.4.0
go: downloading github.com/tink-crypto/tink-go/v2 v2.6.0
go: downloading go.step.sm/crypto v0.77.7
go: downloading github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5
go: downloading github.com/gliderlabs/ssh v0.3.8
go: downloading github.com/AdaLogics/go-fuzz-headers v0.0.0-20240806141605-e8a1dd7889d6
go: downloading github.com/go-rod/rod v0.116.2
go: downloading k8s.io/cli-runtime v0.34.2
go: downloading knative.dev/serving v0.39.4
go: downloading github.com/blendle/zapdriver v1.3.1
go: downloading software.sslmate.com/src/go-pkcs12 v0.4.0
go: downloading github.com/cloudevents/sdk-go/v2 v2.16.2
go: downloading github.com/google/gofuzz v1.2.0
go: downloading github.com/lib/pq v1.10.9
go: downloading github.com/hashicorp/go-uuid v1.0.3
go: downloading gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7
go: downloading github.com/grpc-ecosystem/go-grpc-middleware v1.4.0
go: downloading github.com/tink-crypto/tink-go-awskms/v3 v3.0.0
go: downloading google.golang.org/api v0.274.0
go: downloading github.com/kylelemons/godebug v1.1.0
go: downloading filippo.io/edwards25519 v1.2.0
go: downloading github.com/jackc/pgpassfile v1.0.0
go: downloading github.com/jackc/pgservicefile v0.0.0-20240606120523-5a60cdf6a761
go: downloading github.com/jmhodges/clock v1.2.0
go: downloading github.com/aws/aws-sdk-go-v2 v1.41.6
go: downloading github.com/aws/aws-sdk-go-v2/config v1.32.14
go: downloading github.com/aws/aws-sdk-go-v2/service/kms v1.50.5
go: downloading github.com/jellydator/ttlcache/v3 v3.4.0
go: downloading github.com/Azure/azure-sdk-for-go/sdk/azcore v1.21.0
go: downloading github.com/Azure/azure-sdk-for-go v68.0.0+incompatible
go: downloading github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.13.1
go: downloading github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azkeys v1.4.0
go: downloading cloud.google.com/go/kms v1.28.0
go: downloading cloud.google.com/go v0.123.0
go: downloading github.com/hashicorp/vault/api v1.22.0
go: downloading github.com/aws/aws-sdk-go v1.55.8
go: downloading github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be
go: downloading github.com/moby/sys/atomicwriter v0.1.0
go: downloading github.com/ysmood/goob v0.4.0
go: downloading github.com/ysmood/got v0.40.0
go: downloading github.com/ysmood/gson v0.7.3
go: downloading github.com/ysmood/fetchup v0.2.3
go: downloading github.com/ysmood/leakless v0.9.0
go: downloading github.com/Masterminds/semver/v3 v3.4.0
go: downloading github.com/Masterminds/semver v1.5.0
go: downloading github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0
go: downloading go.etcd.io/etcd/client/pkg/v3 v3.6.8
go: downloading go.etcd.io/etcd/client/v3 v3.6.8
go: downloading go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.63.0
go: downloading github.com/google/btree v1.1.3
go: downloading github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de
go: downloading knative.dev/eventing v0.30.3
go: downloading knative.dev/networking v0.0.0-20231017124814-2a7676e912b7
go: downloading github.com/howeyc/gopass v0.0.0-20210920133722-c8aef6fb66ef
go: downloading github.com/zalando/go-keyring v0.2.3
go: downloading github.com/allegro/bigcache/v3 v3.1.0
go: downloading github.com/kelseyhightower/envconfig v1.4.0
go: downloading github.com/fsnotify/fsnotify v1.9.0
go: downloading github.com/aws/aws-sdk-go-v2/credentials v1.19.14
go: downloading cloud.google.com/go/auth v0.19.0
go: downloading github.com/golang/protobuf v1.5.4
go: downloading github.com/hashicorp/golang-lru/v2 v2.0.7
go: downloading github.com/aws/smithy-go v1.25.0
go: downloading github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.21
go: downloading github.com/aws/aws-sdk-go-v2/internal/ini v1.8.6
go: downloading github.com/aws/aws-sdk-go-v2/service/signin v1.0.9
go: downloading github.com/aws/aws-sdk-go-v2/service/sso v1.30.15
go: downloading github.com/aws/aws-sdk-go-v2/service/ssooidc v1.35.19
go: downloading github.com/aws/aws-sdk-go-v2/service/sts v1.41.10
go: downloading github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.22
go: downloading github.com/Azure/azure-sdk-for-go/sdk/internal v1.11.2
go: downloading github.com/AzureAD/microsoft-authentication-library-for-go v1.6.0
go: downloading github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/internal v1.2.0
go: downloading cloud.google.com/go/iam v1.7.0
go: downloading cloud.google.com/go/longrunning v0.9.0
go: downloading github.com/googleapis/gax-go/v2 v2.22.0
go: downloading google.golang.org/genproto v0.0.0-20260319201613-d00831a3d3e7
go: downloading github.com/hashicorp/errwrap v1.1.0
go: downloading github.com/hashicorp/go-multierror v1.1.1
go: downloading github.com/hashicorp/go-rootcerts v1.0.2
go: downloading github.com/hashicorp/go-secure-stdlib/parseutil v0.2.0
go: downloading github.com/hashicorp/go-secure-stdlib/strutil v0.1.2
go: downloading github.com/hashicorp/hcl v1.0.1-vault-7
go: downloading github.com/mitchellh/mapstructure v1.5.1-0.20231216201459-8508981c8b6c
go: downloading github.com/shoenig/test v0.6.4
go: downloading github.com/go-task/slim-sprig/v3 v3.0.0
go: downloading github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0
go: downloading sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.31.2
go: downloading go.etcd.io/etcd/api/v3 v3.6.8
go: downloading github.com/coreos/go-systemd/v22 v22.7.0
go: downloading github.com/coreos/go-semver v0.3.1
go: downloading github.com/danieljoos/wincred v1.2.3
go: downloading github.com/godbus/dbus/v5 v5.1.0
go: downloading cuelabs.dev/go/oci/ociregistry v0.0.0-20251212221603-3adeb8663819
go: downloading github.com/pelletier/go-toml/v2 v2.2.4
go: downloading cloud.google.com/go/compute/metadata v0.9.0
go: downloading cloud.google.com/go/auth/oauth2adapt v0.2.8
go: downloading github.com/google/s2a-go v0.1.9
go: downloading github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.7
go: downloading github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.21
go: downloading github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.22
go: downloading github.com/hashicorp/go-sockaddr v1.0.7
go: downloading github.com/ryanuber/go-glob v1.0.0
go: downloading github.com/natefinch/atomic v1.0.1
go: downloading github.com/jmespath/go-jmespath v0.4.1-0.20220621161143-b0104c826a24
go: downloading github.com/google/pprof v0.0.0-20260402051712-545e8a4df936
go: downloading github.com/gogo/protobuf v1.3.2
go: downloading github.com/emicklei/proto v1.14.3
go: downloading github.com/protocolbuffers/txtpbfmt v0.0.0-20260217160748-a481f6a22f94
go: downloading github.com/googleapis/enterprise-certificate-proxy v0.3.14
go: downloading gonum.org/v1/gonum v0.17.0
go: downloading github.com/jackc/puddle/v2 v2.2.2
go: downloading github.com/golang-jwt/jwt/v5 v5.3.0
go: downloading github.com/mitchellh/go-wordwrap v1.0.1
go: finding module for package knative.dev/pkg/metrics
go: downloading knative.dev/pkg v0.0.0-20260602142205-ac97e43f6622
go: finding module for package knative.dev/pkg/tracing/config
go: github.com/conforma/cli/acceptance/kubernetes/kind imports
	github.com/tektoncd/cli/pkg/formatted tested by
	github.com/tektoncd/cli/pkg/formatted.test imports
	github.com/tektoncd/cli/pkg/test imports
	github.com/tektoncd/triggers/test imports
	github.com/tektoncd/triggers/pkg/reconciler/eventlistener/resources imports
	knative.dev/eventing/pkg/reconciler/source imports
	knative.dev/pkg/metrics: module knative.dev/pkg@latest found (v0.0.0-20260602142205-ac97e43f6622), but does not contain package knative.dev/pkg/metrics
go: github.com/conforma/cli/acceptance/kubernetes/kind imports
	github.com/tektoncd/cli/pkg/formatted tested by
	github.com/tektoncd/cli/pkg/formatted.test imports
	github.com/tektoncd/cli/pkg/test imports
	github.com/tektoncd/triggers/test imports
	github.com/tektoncd/triggers/pkg/reconciler/eventlistener/resources imports
	knative.dev/eventing/pkg/reconciler/source imports
	knative.dev/pkg/tracing/config: module knative.dev/pkg@latest found (v0.0.0-20260602142205-ac97e43f6622), but does not contain package knative.dev/pkg/tracing/config

File name: tools/go.sum

Command failed: go mod tidy
go: downloading github.com/mattn/go-shellwords v1.0.12
go: downloading github.com/distribution/distribution/v3 v3.0.0
go: downloading github.com/DATA-DOG/go-sqlmock v1.5.2
go: downloading github.com/go-openapi/testify/v2 v2.4.1
go: downloading github.com/Netflix/go-expect v0.0.0-20220104043353-73e0943537d2
go: downloading github.com/onsi/ginkgo/v2 v2.28.1
go: downloading github.com/onsi/gomega v1.39.1
go: downloading github.com/redis/go-redis/v9 v9.17.2
go: downloading gopkg.in/yaml.v2 v2.4.0
go: downloading github.com/bshuster-repo/logrus-logstash-hook v1.0.0
go: downloading github.com/docker/go-metrics v0.0.1
go: downloading github.com/gorilla/handlers v1.5.2
go: downloading github.com/miekg/dns v1.1.61
go: downloading github.com/mattn/go-sqlite3 v1.14.28
go: downloading github.com/go-openapi/swag/jsonutils/fixtures_test v0.25.5
go: downloading github.com/go-openapi/testify/enable/yaml/v2 v2.4.1
go: downloading github.com/google/trillian v1.7.2
go: downloading github.com/jackc/pgx/v5 v5.7.5
go: downloading github.com/tink-crypto/tink-go-hcvault/v2 v2.3.0
go: downloading github.com/Azure/azure-sdk-for-go/sdk/azidentity/cache v0.3.2
go: downloading go.opentelemetry.io/otel/exporters/stdout/stdoutmetric v1.40.0
go: downloading cloud.google.com/go/pubsub v1.50.1
go: downloading github.com/hinshun/vt10x v0.0.0-20220228203356-1ab2cad5fd82
go: downloading gopkg.in/h2non/gock.v1 v1.1.2
go: downloading github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f
go: downloading github.com/gorilla/mux v1.8.1
go: downloading github.com/docker/go-events v0.0.0-20190806004212-e31b211e4f1c
go: downloading github.com/redis/go-redis/extra/redisotel/v9 v9.5.3
go: downloading go.opentelemetry.io/contrib/exporters/autoexport v0.57.0
go: downloading github.com/poy/onpar v1.1.2
go: downloading github.com/go-logr/zapr v1.3.0
go: downloading github.com/alecthomas/assert/v2 v2.11.0
go: downloading github.com/alecthomas/repr v0.5.2
go: downloading github.com/gostaticanalysis/testutil v0.5.0
go: downloading go-simpler.org/assert v0.9.0
go: downloading golang.org/x/tools/go/expect v0.1.1-deprecated
go: downloading github.com/matryer/is v1.4.0
go: downloading github.com/AzureAD/microsoft-authentication-extensions-for-go/cache v0.1.1
go: downloading github.com/google/go-replayers/grpcreplay v1.3.0
go: downloading github.com/google/go-replayers/httpreplay v1.2.0
go: downloading cloud.google.com/go/pubsub/v2 v2.3.0
go: downloading github.com/tidwall/gjson v1.18.0
go: downloading github.com/h2non/parth v0.0.0-20190131123155-b4df798d6542
go: downloading github.com/hashicorp/golang-lru/arc/v2 v2.0.5
go: downloading github.com/redis/go-redis/extra/rediscmd/v9 v9.5.3
go: downloading go.opentelemetry.io/contrib/bridges/prometheus v0.57.0
go: downloading go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc v0.8.0
go: downloading go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp v0.8.0
go: downloading go.opentelemetry.io/otel/exporters/stdout/stdoutlog v0.8.0
go: downloading go.opentelemetry.io/otel/sdk/log v0.8.0
go: downloading golang.org/x/tools/go/packages/packagestest v0.1.1-deprecated
go: downloading github.com/otiai10/copy v1.14.0
go: downloading github.com/tenntenn/modver v1.0.1
go: downloading github.com/tenntenn/text/transform v0.0.0-20200319021203-7eef512accb3
go: downloading github.com/go-toolsmith/pkgload v1.2.2
go: downloading github.com/keybase/go-keychain v0.0.1
go: downloading cloud.google.com/go/logging v1.13.1
go: downloading github.com/jcmturner/goidentity/v6 v6.0.1
go: downloading github.com/ActiveState/vt10x v1.3.1
go: downloading go.opentelemetry.io/otel/log v0.8.0
go: downloading github.com/dave/jennifer v1.7.1
go: downloading github.com/jmespath/go-jmespath/internal/testify v1.5.1
go: downloading github.com/kr/pty v1.1.8
go: downloading github.com/google/pprof v0.0.0-20260115054156-294ebfa9ad83
go: finding module for package knative.dev/pkg/metrics
go: finding module for package knative.dev/pkg/tracing/config
go: github.com/conforma/cli/tools imports
	github.com/tektoncd/cli/cmd/tkn imports
	github.com/tektoncd/cli/pkg/cmd imports
	github.com/tektoncd/cli/pkg/cmd/clustertriggerbinding tested by
	github.com/tektoncd/cli/pkg/cmd/clustertriggerbinding.test imports
	github.com/tektoncd/triggers/test imports
	github.com/tektoncd/triggers/pkg/reconciler/eventlistener/resources imports
	knative.dev/eventing/pkg/reconciler/source imports
	knative.dev/pkg/metrics: module knative.dev/pkg@latest found (v0.0.0-20260602142205-ac97e43f6622), but does not contain package knative.dev/pkg/metrics
go: github.com/conforma/cli/tools imports
	github.com/tektoncd/cli/cmd/tkn imports
	github.com/tektoncd/cli/pkg/cmd imports
	github.com/tektoncd/cli/pkg/cmd/clustertriggerbinding tested by
	github.com/tektoncd/cli/pkg/cmd/clustertriggerbinding.test imports
	github.com/tektoncd/triggers/test imports
	github.com/tektoncd/triggers/pkg/reconciler/eventlistener/resources imports
	knative.dev/eventing/pkg/reconciler/source imports
	knative.dev/pkg/tracing/config: module knative.dev/pkg@latest found (v0.0.0-20260602142205-ac97e43f6622), but does not contain package knative.dev/pkg/tracing/config

fullsend-ai-review · 2026-06-03T14:12:50Z

Review

Findings

Info

[sub-agent-failure] N/A — The style-conventions sub-agent did not return findings: model claude-sonnet-4-5@20250929 unavailable on vertex deployment. This is a mechanical dependency version bump that would have triggered the sub-agent's early exit criteria (no style findings expected).

No blocking findings. This is a standard automated Renovate bot dependency update affecting only go.mod and go.sum files across four Go modules. All version bumps are patch or minor level. Key observations:

Security-critical dependencies (sigstore/cosign, sigstore/rekor, golang.org/x/crypto, golang.org/x/net) are updated to newer patch versions — recommended for security hygiene.
go-securesystemslib minor bump (v0.10.0 → v0.11.0) verified safe: only dsse and encrypted subpackages are used, with stable API surface.
conforma/crds/api (v0.1.7 → v0.1.11) consistently updated across both modules that use it.
Transitive dependency changes (removal of clipperhouse/stringish, addition of youmark/pkcs8, gitlab.com/gitlab-org/api/client-go version jump) are all indirect with no direct imports in source code.
No protected paths, no code changes, no workflow changes.

Previous run

Review

Findings

Low

[version consistency] go.mod:33 — The PR updates go-securesystemslib from v0.10.0 to v0.11.0 in go.mod but leaves it at v0.10.0 in acceptance/go.mod. These are separate Go modules so this is technically valid, but since go-securesystemslib is pre-v1 (minor bumps may include breaking changes), verify the v0.11.0 update does not break the dsse.Envelope, dsse.Verifier, or dsse.Sign interfaces used in internal/validate/vsa/ and related packages.

Info

[version consistency] go.mod:19 — The PR bumps google/go-containerregistry from v0.21.5 to v0.21.6 in the require directive, but the replace directive still pins to conforma/go-containerregistry v0.20.7-*. The require change has no runtime effect in go.mod and acceptance/go.mod (fork is used), but tools/go.mod has no replace directive and will use upstream v0.21.6. This is the existing pattern.
[dependency removal] go.mod:155 — The PR removes clipperhouse/stringish as an indirect dependency. No Go source files import this package directly; it was a transitive dependency no longer required by updated upstream libraries.
[sub-agent-failure] N/A — The style-conventions sub-agent did not return findings: model unavailable. This dimension applies early-exit criteria for mechanical dependency bumps, so no coverage gap.

Previous run (2)

Review

Findings

Low

[api-contract] go.mod:33 — The PR updates go-securesystemslib from v0.10.0 to v0.11.0 in go.mod (direct dependency) but leaves it at v0.10.0 in acceptance/go.mod. For v0.x Go modules, a minor version bump can include breaking changes per semver. The main module uses the dsse package while acceptance uses the encrypted package. Since these are separate Go modules without a go.work file, they resolve independently, but integration testing could surface subtle incompatibilities if the v0.11.0 release changed API behavior.

Info

[api-contract] acceptance/go.mod — Several dependency versions in acceptance/go.mod lag behind go.mod (e.g., k8s.io/client-go v0.35.4 vs v0.35.5, golang.org/x/exp date difference). This is typical for multi-module repos with independent Renovate updates and poses minimal risk at the patch level.
[api-contract] go.mod — The PR title says "patch" but includes minor version bumps for v0.x modules (go-securesystemslib v0.10→v0.11, packageurl-go v0.1.3→v0.1.6, go-openapi/swag v0.25→v0.26) and a large jump for gitlab.com/gitlab-org/api/client-go (v1.11→v1.46). For v0.x modules, minor bumps can contain breaking changes per Go semver conventions. CI should catch any incompatibilities.
[sub-agent-failure] N/A — The style-conventions sub-agent did not return findings: model unavailable. This PR is a mechanical dependency version bump that would have triggered the early exit criteria, so no style findings are expected.

Previous run (3)

Review

Findings

Low

[breaking change risk] go.mod — go-securesystemslib is bumped from v0.10.0 to v0.11.0, a minor version bump on a pre-v1.0 module which may contain breaking API changes under Go semver conventions. The codebase uses the dsse and encrypted sub-packages across ~13 source files. Review of the v0.11.0 changelog indicates backward compatibility for the DSSE package APIs in use. Low risk but worth monitoring CI results.

Info

[dependency update] go.mod — The go-containerregistry version bump (v0.21.5→v0.21.6) is a no-op because the replace directive on line 63 overrides it with the conforma fork at a pinned pseudo-version. The same applies to acceptance/go.mod. Not a bug, but the nominal version in the require block will never be used.
[version consistency] tools/go.mod, tools/kubectl/go.mod — k8s.io/kubernetes bumped from v1.34.2→v1.34.8 consistently across both modules. Patch-level bump, safe.
[sub-agent-failure] N/A — The style-conventions sub-agent did not return findings due to model unavailability. For a purely mechanical dependency version bump, this dimension has no meaningful surface area.

Previous run (4)

Review

Findings

No findings.

Previous run (5)

Review

Findings

Low

[api-contract] go.mod — conforma/crds/api is bumped from v0.1.7 to v0.1.11, skipping 3 patch releases in a pre-v1 module where semver permits breaking changes. The codebase uses types from this module extensively (EnterpriseContractPolicySpec, Source, etc. across 40+ files). CI compilation and tests should confirm compatibility. Low risk given same-org ownership and patch-level increments.
[api-contract] go.mod — go-securesystemslib is bumped from v0.10.0 to v0.11.0 in the main module but remains at v0.10.0 in acceptance/go.mod. This is a direct dependency used across 13 files for signature verification (DSSE, in-toto attestation handling). Since these are separate Go modules with independent resolution, this is not a build issue, but version consistency across modules is worth tracking.

Info

[api-contract] go.mod — k8s.io/klog/v2 v2.130.1 → v2.140.0 uses calver-like build numbers, not semver minor versions. The APIs used (klog.SetLogger, klog.InitFlags, etc.) are stable. No breaking change risk.
[api-contract] go.mod — gitlab.com/gitlab-org/api/client-go v1.11.0 → v1.46.0 is an indirect dependency not imported by any Go source file in this repository. Breaking changes cannot affect this codebase.
[api-contract] go.mod — go-containerregistry version bump from v0.21.5 to v0.21.6 is cosmetic — a replace directive overrides it to conforma/go-containerregistry v0.20.7-*. The require version is not used at build time.
[api-contract] go.mod — Removed transitive dep clipperhouse/stringish and added youmark/pkcs8 are upstream dependency graph shifts. Neither is directly imported by any Go source file.
[sub-agent-failure] N/A — The style-conventions sub-agent did not return findings: model not available on vertex deployment. This is a sonnet-tier agent; findings from this dimension are not safety-critical.

Previous run (6)

Review

Findings

Low

[version-consistency] acceptance/go.mod — The PR bumps github.com/secure-systems-lab/go-securesystemslib from v0.10.0 to v0.11.0 in go.mod but leaves acceptance/go.mod at v0.10.0. Since these are separate Go modules, this only matters if v0.11.0 introduces breaking changes to types shared across the module boundary at runtime. Worth confirming in a follow-up.

Info

[version-consistency] go.mod — The go-containerregistry bump from v0.21.5 to v0.21.6 is cosmetic since the replace directive overrides it with the conforma fork pinned at v0.20.7. The two go.mod files use different fork commits — this is a pre-existing inconsistency, not introduced by this PR.
[version-consistency] go.mod — k8s.io/klog/v2 jump from v2.130.1 to v2.140.0 appears large but klog uses date-based versioning (v2.YYMM0.patch), so this is a normal catch-up. No API breaking changes expected within v2.
[sub-agent-failure] N/A — The style-conventions sub-agent did not return findings: model unavailable. This is a dependency-only PR modifying only go.mod/go.sum files, so style findings would be minimal.

Previous run (7)

Review

Findings

Medium

[api-contract] go.mod:10 — conforma/crds/api is bumped from v0.1.7 to v0.1.11, a 4-version jump in 0.x semver where any release can include breaking changes. This library is imported by 46 source files across the main module and acceptance tests, covering core evaluation, policy, VSA validation, and snapshot logic. While compilation breakage will be caught by CI, subtle behavioral changes (new fields, changed defaults, altered validation logic in CRD types) may not be caught without adequate integration test coverage. Verify CI passes and review the conforma/crds/api changelog between v0.1.7 and v0.1.11 for behavioral changes in types used by this project.

Low

[api-contract] go.mod:19 — google/go-containerregistry is declared as v0.21.6, but the replace directive on line 63 pins it to conforma/go-containerregistry v0.20.7-... (a fork based on v0.20.7). The replace takes precedence so there is no functional issue, but the widening gap between the declared and actual version is worth noting. Pre-existing, not introduced by this PR.

Info

[pattern-violation] acceptance/go.mod — The acceptance module's replace directive for go-containerregistry points to a different fork commit than the main module's replace directive. Pre-existing inconsistency, not introduced by this PR.
[sub-agent-failure] The style-conventions sub-agent did not return findings: model unavailable. This dimension covers naming, error handling idioms, and code organization — not applicable for a dependency-only update.

Previous run (8)

Review

Findings

Medium

[api-contract] acceptance/go.mod:24 — go-securesystemslib remains pinned at v0.10.0 in acceptance/go.mod while go.mod updates it to v0.11.0. Under pre-1.0 semver conventions, a minor version bump (0.10 → 0.11) may contain breaking changes. Both modules directly depend on this library across 13 Go files (including acceptance/rekor/rekor.go and internal/validate/vsa/*.go). If v0.11.0 changes type signatures or function parameters, the acceptance tests will exercise the older API while production uses the newer one, potentially masking integration failures.
Remediation: Update acceptance/go.mod to also use github.com/secure-systems-lab/go-securesystemslib v0.11.0, or add a comment explaining why the version is intentionally pinned.

Low / Info

[version-consistency] acceptance/go.mod:42 — k8s.io/klog/v2 is a direct dependency at v2.130.1 in acceptance/go.mod while go.mod bumps it to v2.140.0. klog's API is generally stable, so practical risk is low.
[version-consistency] tools/go.mod — k8s.io/api, apimachinery, and client-go remain at v0.35.4 as indirect dependencies in tools/ while go.mod bumps them to v0.35.5. This is expected behavior for separate Go modules with patch-level indirect dependency differences.
[replace-directive] go.mod:63 — The replace directive for go-containerregistry (→ conforma/go-containerregistry) is unchanged and remains valid. The declared version bump from v0.21.5 to v0.21.6 is irrelevant since the replace redirects all imports to the fork at a pinned pseudo-version.
[sub-agent-failure] N/A — The style-conventions sub-agent did not return findings due to model unavailability. Given this PR only modifies go.mod/go.sum files with no production code changes, this gap has no practical impact.

Previous run (9)

Review

Findings

Low

[api-contract] go.mod:10 — conforma/crds/api is bumped from v0.1.7 to v0.1.11 (4 patch versions). This is a pre-1.0 dependency where breaking changes are permitted by semver. The codebase uses this package extensively across ~46 files, relying on types like EnterpriseContractPolicySpec, Source, VolatileSourceConfig, and others. Since this is an internal team dependency (conforma org controls both sides), the risk of unintentional breakage is low. CI build and test suite should catch any incompatibility.

Info

[api-contract] go.mod:33 — secure-systems-lab/go-securesystemslib bumped from v0.10.0 to v0.11.0 (minor version). The codebase uses only stable, specification-aligned DSSE types (Envelope, Signature, NewEnvelopeVerifier) and encrypted.Decrypt. No risk expected.
[api-contract] go.mod — go-openapi/swag and sub-packages bumped from v0.25.x to v0.26.0. This is a purely transitive dependency — not directly imported in any Go source file.
[edge-case] go.mod:56 — k8s.io/klog/v2 bumped from v2.130.1 to v2.140.0. Despite the large version number gap, klog v2 uses an unconventional versioning scheme where these are effectively patch releases within the v2 major version. Only stable APIs (SetLogger, InitFlags) are used.
[edge-case] go.mod — clipperhouse/stringish removed as indirect dependency. Not imported in any Go source — purely transitive via clipperhouse/uax29/v2. Expected consequence of upstream update.
[sub-agent-failure] N/A — The style-conventions sub-agent did not return findings: model unavailability. No style concerns are applicable to a dependency-only update.

Previous run (10)

Review

Findings

Info

[dependency-version-consistency] go.mod — conforma/crds/api jumps from v0.1.7 to v0.1.11, skipping three intermediate versions. While within semver compatibility expectations, the gap suggests rapid upstream releases. Both go.mod and acceptance/go.mod are updated consistently.
[dependency-version-consistency] go.mod — gitlab.com/gitlab-org/api/client-go (indirect) jumps from v1.11.0 to v1.46.0. This is a large version increase for an indirect dependency, but the version is dictated by the transitive dependency graph and is not directly controllable.
[dependency-management] go.mod — secure-systems-lab/go-securesystemslib is updated from v0.10.0 to v0.11.0, which is a minor version bump rather than the patch-level update stated in the PR title. Minor bumps should maintain backward compatibility per semver.
[sub-agent-failure] N/A — The style-conventions sub-agent did not return findings due to model unavailability. This dimension is low-risk for a dependency-only PR.

Previous run (11)

Review

Findings

Low

[version skew] acceptance/go.mod:24 — go-securesystemslib remains at v0.10.0 in the acceptance module while the main go.mod updates it to v0.11.0. The acceptance module directly imports the encrypted sub-package for key encryption/decryption in acceptance/rekor/rekor.go. Since the encrypted sub-package is a stable utility, the practical risk is low, but it creates an inconsistency where acceptance tests may not exercise v0.11.0 code paths.

Info

[dependency consistency] go.mod:47 — The main go.mod pins testcontainers-go to a pseudo-version (v0.34.1-0.20241204123437-72be13940122) with a comment referencing an unreleased fix. The acceptance module now bumps to v0.34.1. If v0.34.1 is officially released and includes the referenced fix, the pseudo-version pin in the main module may be stale.
[sub-agent-failure] N/A — The style-conventions sub-agent did not return findings: model unavailability (sonnet-tier, non-blocking).

Previous run (12)

Review

Findings

Low / Info

[scope-mismatch] go.mod — PR title claims "patch" updates only, but several transitive/indirect dependencies include minor version bumps (e.g., go-securesystemslib v0.10.0→v0.11.0, gitlab.com/gitlab-org/api/client-go v1.11.0→v1.46.0, k8s.io/klog/v2 v2.130.1→v2.140.0). This is standard Renovate bot grouping behavior where indirect dependency bumps are pulled in by direct patch-level updates. No action needed for this PR, but consider reviewing Renovate's grouping configuration if precise tier labeling is desired.
[scope-mismatch] go.mod — go-securesystemslib v0.10.0→v0.11.0 is a minor version bump on a v0.x module, which under semver conventions may indicate breaking API changes. This library is a direct dependency used for secure systems/signing operations. The bump is likely driven by the sigstore ecosystem patch updates (cosign v3.0.4→v3.0.6, rekor v1.5.0→v1.5.2). Since go.sum resolved without errors, the API surface used by this project appears compatible.

Previous run (13)

Review

Findings

Medium

[version skew across modules] go.mod:33 / acceptance/go.mod:24 — This PR updates secure-systems-lab/go-securesystemslib from v0.10.0 to v0.11.0 in the main go.mod, but leaves it at v0.10.0 in acceptance/go.mod. This is a minor version bump which may include API or behavioral changes. Both modules directly import this library (used in acceptance/rekor/rekor.go, internal/validate/vsa/ and related test files), so the version skew means acceptance tests will validate behavior against v0.10.0 while the production CLI uses v0.11.0. Consider aligning the version across both modules.

Info

[dependency consistency] go.mod — golang.org/x/exp diverges between go.mod (updated to v0.0.0-20251023183803) and acceptance/go.mod (stays at v0.0.0-20250911091902). Since golang.org/x/exp is experimental with unstable APIs, the risk is low but worth noting for future alignment.

Previous run (14)

Review

Findings

Low

[data-exposure] acceptance/go.mod:14 — acceptance/go.mod retains go-git/go-git/v5 v5.17.1 while go.mod bumps to v5.18.0. The go-gather v1.1.5 changelog explicitly tags the v5.18.0 update as a security fix. The acceptance module may run with a version that has known security issues. This is mitigated by the fact that acceptance tests run in CI (not production), and these are separate Go modules where Renovate intentionally splits minor vs patch updates — this PR is scoped to patch-level bumps only, and v5.17→v5.18 is a minor version change. Renovate will likely issue a separate minor-bump PR for the acceptance module.
Remediation: Consider bumping go-git to v5.18.0 in acceptance/go.mod in a follow-up PR, or verify the security issue does not affect test-time usage patterns.

Info

[pattern-violation] go.mod — go-securesystemslib is bumped from v0.10.0 to v0.11.0 (minor) in go.mod but stays at v0.10.0 in acceptance/go.mod. This is expected cross-module version skew in a multi-module repo with Renovate's patch-only grouping. No immediate correctness risk since no production code is changed in this PR.

Previous run (15)

Review

Findings

Low

[version consistency] acceptance/go.mod:40 — After this update, k8s.io/api and k8s.io/client-go are bumped to v0.35.5 in acceptance/go.mod, but k8s.io/apimachinery remains at v0.35.4. The k8s.io packages are designed to be used at consistent versions. Go's minimum version selection will resolve this safely at runtime (apimachinery v0.35.5 will be pulled in transitively if required by api or client-go), so this is cosmetic and will likely be resolved in the next update cycle.
[API compatibility] go.mod:33 — github.com/secure-systems-lab/go-securesystemslib is updated from v0.10.0 to v0.11.0. This is a minor version bump on a v0.x module, which per Go semver conventions does not guarantee backward compatibility. This library is a direct dependency used in production code (internal/validate/vsa/). Since no source code changes accompany this update, compatibility should be verified by CI pipeline success before merging.

Info

[sub-agent-failure] N/A — The style-conventions sub-agent did not return findings: model unavailability. This dimension is non-critical for a dependency-only update.

fullsend-ai-review · 2026-06-03T14:12:52Z

 	gopkg.in/go-jose/go-jose.v2 v2.6.3
-	k8s.io/api v0.35.4
+	k8s.io/api v0.35.5
 	k8s.io/apimachinery v0.35.4


[low] version consistency

After this update, k8s.io/api and k8s.io/client-go are bumped to v0.35.5 but k8s.io/apimachinery remains at v0.35.4. The k8s.io packages are designed to be used at consistent versions. Go's MVS resolves this safely, but the inconsistency is worth noting.

fullsend-ai-review · 2026-06-03T14:12:52Z

-	github.com/sigstore/cosign/v3 v3.0.4
-	github.com/sigstore/rekor v1.5.0
-	github.com/sigstore/sigstore v1.10.5
+	github.com/secure-systems-lab/go-securesystemslib v0.11.0


[low] API compatibility

github.com/secure-systems-lab/go-securesystemslib is updated from v0.10.0 to v0.11.0, a minor version bump on a v0.x module which does not guarantee backward compatibility per Go semver. Verify CI passes before merging.

fullsend-ai-review · 2026-06-03T15:09:41Z

-	github.com/gkampitakis/go-snaps v0.5.19
+	github.com/gkampitakis/go-snaps v0.5.22
 	github.com/go-git/go-billy/v5 v5.8.0
 	github.com/go-git/go-git/v5 v5.17.1


[low] data-exposure

acceptance/go.mod retains go-git/go-git/v5 v5.17.1 while go.mod bumps to v5.18.0. The go-gather v1.1.5 changelog explicitly tags the v5.18.0 update as a security fix. The acceptance module may run with a version that has known security issues. Mitigated by CI-only usage and separate module scope.

Suggested fix: Consider bumping go-git to v5.18.0 in acceptance/go.mod in a follow-up PR, or verify the security issue does not affect test-time usage patterns.

fullsend-ai-review · 2026-06-04T02:43:58Z

 	github.com/phayes/freeport v0.0.0-20220201140144-74d24b5ae9f5
 	github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e
 	github.com/pkg/errors v0.9.1
 	github.com/secure-systems-lab/go-securesystemslib v0.10.0


[low] version skew

go-securesystemslib remains at v0.10.0 in the acceptance module while the main go.mod updates it to v0.11.0. The acceptance module directly imports the encrypted sub-package for key encryption/decryption. Since the encrypted sub-package is a stable utility, the practical risk is low, but it creates an inconsistency where acceptance tests may not exercise v0.11.0 code paths.

Suggested fix: Consider updating acceptance/go.mod to use go-securesystemslib v0.11.0 for consistency with the main module.

fullsend-ai-review · 2026-06-08T11:32:59Z

-	github.com/sigstore/cosign/v3 v3.0.4
-	github.com/sigstore/rekor v1.5.0
-	github.com/sigstore/sigstore v1.10.5
+	github.com/secure-systems-lab/go-securesystemslib v0.11.0


[low] api-contract

The PR updates go-securesystemslib from v0.10.0 to v0.11.0 in go.mod but leaves it at v0.10.0 in acceptance/go.mod. For v0.x Go modules, a minor version bump can include breaking changes per semver. These are separate Go modules without a go.work file, so they resolve independently, but integration testing could surface subtle incompatibilities.

fullsend-ai-review · 2026-06-08T16:10:39Z

🤖 Finished Review · ✅ Success · Started 4:10 PM UTC · Completed 4:16 PM UTC
Commit: 47d3320 · View workflow run →

fullsend-ai-review · 2026-06-08T16:16:07Z

-	github.com/sigstore/cosign/v3 v3.0.4
-	github.com/sigstore/rekor v1.5.0
-	github.com/sigstore/sigstore v1.10.5
+	github.com/secure-systems-lab/go-securesystemslib v0.11.0


[low] version consistency

The PR updates go-securesystemslib from v0.10.0 to v0.11.0 in go.mod but leaves it at v0.10.0 in acceptance/go.mod. These are separate Go modules so this is technically valid, but since go-securesystemslib is pre-v1, a minor bump may include breaking API changes to the dsse package used extensively in internal/validate/vsa/ and related packages.

fullsend-ai-review · 2026-06-08T16:16:07Z

+	github.com/go-openapi/strfmt v0.26.3
 	github.com/google/go-cmp v0.7.0
-	github.com/google/go-containerregistry v0.21.5
+	github.com/google/go-containerregistry v0.21.6


[info] version consistency

The PR bumps google/go-containerregistry from v0.21.5 to v0.21.6 in the require directive, but the replace directive still pins to conforma/go-containerregistry v0.20.7. The require change has no runtime effect in go.mod (fork is used), but tools/go.mod has no replace directive and will use upstream v0.21.6.

fullsend-ai-review · 2026-06-08T22:43:34Z

🤖 Finished Review · ✅ Success · Started 10:43 PM UTC · Completed 10:49 PM UTC
Commit: 47d3320 · View workflow run →

renovate Bot added main renovate labels Feb 27, 2026

renovate Bot enabled auto-merge February 27, 2026 01:15

github-actions Bot added the size: XL label Feb 27, 2026

renovate Bot force-pushed the renovate/main-patch-go-modules branch 14 times, most recently from 2a265d3 to a650df7 Compare March 6, 2026 00:43

renovate Bot force-pushed the renovate/main-patch-go-modules branch 4 times, most recently from 5fde2e2 to 0d4d965 Compare March 9, 2026 23:05

github-actions Bot added size: XXL and removed size: XL labels Mar 9, 2026

renovate Bot force-pushed the renovate/main-patch-go-modules branch 5 times, most recently from afe86d8 to 9a0b95c Compare March 15, 2026 01:16

renovate Bot force-pushed the renovate/main-patch-go-modules branch 10 times, most recently from 1d6391b to 1166813 Compare April 14, 2026 18:58

renovate Bot force-pushed the renovate/main-patch-go-modules branch 2 times, most recently from 68c7ba1 to e62576d Compare April 16, 2026 19:20

fullsend-ai-review Bot approved these changes Jun 3, 2026

View reviewed changes

fullsend-ai-review Bot approved these changes Jun 4, 2026

View reviewed changes

fullsend-ai-review Bot approved these changes Jun 5, 2026

View reviewed changes

fullsend-ai-review Bot approved these changes Jun 8, 2026

View reviewed changes

Update go modules

3b63a9c

fullsend-ai-review Bot approved these changes Jun 8, 2026

View reviewed changes

Conversation

renovate Bot commented Feb 27, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Release Notes

Language

Evaluator

cmd/cue

Go API

Added

Changed

Fixed

What's Changed

New Contributors

What's Changed

What's Changed

0.29.5 - 2026-05-04

Implemented enhancements

Fixed bugs

Documentation

Miscellaneous tasks

Updates

People who contributed to this release

New Contributors

Per-module changes

client-middleware/opentracing (0.29.5)

Fixed bugs

Miscellaneous tasks

Updates

0.29.4 - 2026-04-18

Documentation

Testing

Miscellaneous tasks

Updates

People who contributed to this release

Per-module changes

client-middleware/opentracing (0.29.4)

Miscellaneous tasks

Updates

0.29.3 - 2026-03-08

Fixed bugs

Documentation

Code quality

Miscellaneous tasks

Updates

People who contributed to this release

New Contributors

Per-module changes

client-middleware/opentracing (0.29.3)

Documentation

Code quality

Miscellaneous tasks

0.26.3 - 2026-05-31

Documentation

Miscellaneous tasks

Updates

People who contributed to this release

Per-module changes

enable/mongodb (0.26.3)

Miscellaneous tasks

Updates

internal/testintegration (0.26.3)

Miscellaneous tasks

Updates

0.26.2 - 2026-04-29

Documentation

Performance

Miscellaneous tasks

Updates

Configuration

Uh oh!

renovate Bot commented Feb 27, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

ℹ️ Artifact update notice

File name: acceptance/go.mod

File name: go.mod

File name: tools/go.mod

Uh oh!

renovate Bot commented May 28, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

⚠️ Artifact update problem

renovate Bot commented Feb 27, 2026 •

edited

Loading

`cmd/cue`

renovate Bot commented Feb 27, 2026 •

edited

Loading

renovate Bot commented May 28, 2026 •

edited

Loading

fullsend-ai-review Bot commented Jun 3, 2026 •

edited

Loading