fix(deps): update all dependencies

[red-hat-konflux]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Change	Age	Confidence	Type	Update
github.com/caddyserver/caddy/v2	v2.11.3 → v2.11.4			require	patch
github.com/ccoveille/go-safecast/v2	v2.0.0 → v2.0.1			indirect	patch
github.com/cespare/xxhash	v1.1.0 → v2.3.0			indirect	major
github.com/dgraph-io/badger	v1.6.2 → v4.9.2			indirect	major
github.com/dgraph-io/badger/v2	v2.2007.4 → v4.9.2			indirect	major
github.com/dgraph-io/ristretto	v0.2.0 → v2.4.0			indirect	major
github.com/felixge/httpsnoop	v1.0.4 → v1.1.0			indirect	minor
github.com/go-ini/ini	v1.67.2 → v1.67.3			indirect	patch
github.com/go-jose/go-jose/v3	v3.0.5 → v4.1.4			indirect	major
github.com/go-openapi/jsonreference	v0.21.5 → v0.21.6			indirect	patch
github.com/go-openapi/swag	v0.26.0 → v0.26.1			indirect	patch
github.com/go-openapi/swag/cmdutils	v0.26.0 → v0.26.1			indirect	patch
github.com/go-openapi/swag/conv	v0.26.0 → v0.26.1			indirect	patch
github.com/go-openapi/swag/fileutils	v0.26.0 → v0.26.1			indirect	patch
github.com/go-openapi/swag/jsonname	v0.26.0 → v0.26.1			indirect	patch
github.com/go-openapi/swag/jsonutils	v0.26.0 → v0.26.1			indirect	patch
github.com/go-openapi/swag/loading	v0.26.0 → v0.26.1			indirect	patch
github.com/go-openapi/swag/mangling	v0.26.0 → v0.26.1			indirect	patch
github.com/go-openapi/swag/netutils	v0.26.0 → v0.26.1			indirect	patch
github.com/go-openapi/swag/stringutils	v0.26.0 → v0.26.1			indirect	patch
github.com/go-openapi/swag/typeutils	v0.26.0 → v0.26.1			indirect	patch
github.com/go-openapi/swag/yamlutils	v0.26.0 → v0.26.1			indirect	patch
github.com/golang-jwt/jwt/v4	v4.5.2 → v5.3.1			indirect	major
github.com/google/cel-go	v0.28.0 → v0.28.1			indirect	patch
github.com/googleapis/enterprise-certificate-proxy	v0.3.15 → v0.3.16			indirect	patch
github.com/grpc-ecosystem/grpc-gateway/v2	v2.28.0 → v2.29.0			indirect	minor
github.com/jackc/pgx/v5	v5.9.2 → v5.10.0			indirect	minor
github.com/kedacore/keda/v2	v2.19.0 → v2.20.1			require	minor
github.com/mattn/go-colorable	v0.1.14 → v0.1.15			indirect	patch
github.com/minio/minio-go/v7	v7.1.0 → v7.2.0			require	minor
github.com/onsi/ginkgo/v2	v2.28.3 → v2.31.0			require	minor
github.com/onsi/gomega	v1.40.0 → v1.42.0			require	minor
github.com/quic-go/quic-go	v0.59.1 → v0.60.0			indirect	minor
github.com/urfave/cli	v1.22.17 → v3.10.0			indirect	major
go	1.25.9 → 1.26.4			uses-with	minor
go.opentelemetry.io/contrib/bridges/prometheus	v0.68.0 → v0.69.0			indirect	minor
go.opentelemetry.io/contrib/exporters/autoexport	v0.65.0 → v0.69.0			indirect	minor
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp	v0.68.0 → v0.69.0			indirect	minor
go.opentelemetry.io/otel	v1.43.0 → v1.44.0			indirect	minor
go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc	v0.19.0 → v0.20.0			indirect	minor
go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp	v0.19.0 → v0.20.0			indirect	minor
go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc	v1.43.0 → v1.44.0			indirect	minor
go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp	v1.43.0 → v1.44.0			indirect	minor
go.opentelemetry.io/otel/exporters/otlp/otlptrace	v1.43.0 → v1.44.0			indirect	minor
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc	v1.43.0 → v1.44.0			indirect	minor
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp	v1.43.0 → v1.44.0			indirect	minor
go.opentelemetry.io/otel/exporters/prometheus	v0.65.0 → v0.66.0			indirect	minor
go.opentelemetry.io/otel/exporters/stdout/stdoutlog	v0.19.0 → v0.20.0			indirect	minor
go.opentelemetry.io/otel/exporters/stdout/stdoutmetric	v1.43.0 → v1.44.0			indirect	minor
go.opentelemetry.io/otel/exporters/stdout/stdouttrace	v1.43.0 → v1.44.0			indirect	minor
go.opentelemetry.io/otel/log	v0.19.0 → v0.20.0			indirect	minor
go.opentelemetry.io/otel/metric	v1.43.0 → v1.44.0			indirect	minor
go.opentelemetry.io/otel/sdk	v1.43.0 → v1.44.0			indirect	minor
go.opentelemetry.io/otel/sdk/log	v0.19.0 → v0.20.0			indirect	minor
go.opentelemetry.io/otel/sdk/metric	v1.43.0 → v1.44.0			indirect	minor
go.opentelemetry.io/otel/trace	v1.43.0 → v1.44.0			indirect	minor
go.step.sm/crypto	v0.79.0 → v0.83.0			indirect	minor
go.yaml.in/yaml/v2	v2.4.4 → v3.0.4			indirect	major
golang.org/x/crypto	v0.51.0 → v0.53.0			indirect	minor
golang.org/x/exp	74f9aab → c48552f			indirect	digest
golang.org/x/mod	v0.36.0 → v0.37.0			indirect	minor
golang.org/x/net	v0.54.0 → v0.56.0			indirect	minor
golang.org/x/sync	v0.20.0 → v0.21.0			indirect	minor
golang.org/x/sys	v0.44.0 → v0.46.0			indirect	minor
golang.org/x/term	v0.43.0 → v0.44.0			indirect	minor
golang.org/x/text	v0.37.0 → v0.38.0			indirect	minor
golang.org/x/tools	v0.45.0 → v0.46.0			indirect	minor
gomodules.xyz/jsonpatch/v2	v2.5.0 → v3.0.1			indirect	major
google.golang.org/api	v0.278.0 → v0.285.0			indirect	minor
google.golang.org/grpc	v1.81.0 → v1.81.1			indirect	patch
gopkg.in/evanphx/json-patch.v4	v4.13.0 → v5.9.11			indirect	major
gopkg.in/ini.v1	v1.67.2 → v1.67.3			replace	patch
gopkg.in/yaml.v2	v2.4.0 → v3.0.1			indirect	major
k8s.io/api	v0.35.3 → v0.36.2			replace	minor
k8s.io/api	v0.35.4 → v0.36.2			require	minor
k8s.io/apiextensions-apiserver	v0.35.3 → v0.36.2			replace	minor
k8s.io/apiextensions-apiserver	v0.35.4 → v0.36.2			require	minor
k8s.io/apimachinery	v0.35.3 → v0.36.2			replace	minor
k8s.io/apimachinery	v0.36.0-alpha.2 → v0.36.2			require	patch
k8s.io/client-go	v0.35.3 → v0.36.2			replace	minor
k8s.io/code-generator	v0.35.4 → v0.36.2			indirect	minor
knative.dev/pkg	df317a5 → 6300c57			indirect	digest
registry.access.redhat.com/ubi9/ubi-minimal	9.7-1778562320 → 9.8-1781496742			final	minor
sigs.k8s.io/cluster-api	v1.13.1 → v1.13.2			require	patch
sigs.k8s.io/controller-runtime/tools/setup-envtest	v0.0.0-20260318145839-6c9615a2a166 → v0.24.1			indirect	minor
sigs.k8s.io/controller-tools	v0.20.1 → v0.21.0			indirect	minor

---

Warning

Some dependencies could not be looked up. Check the warning logs for more information.

---

Release Notes

caddyserver/caddy (github.com/caddyserver/caddy/v2)

v2.11.4

Compare Source

This release patches more security, security-adjacent, and normal bugs. The FrankenPHP project has collaborated on PHP-adjacent patches, which we are grateful for.

The recent surge of patches is mostly attributed to token predictors. We have had to reject more than 75% of "security" reports because they were AI slop spam (or just lazy/incorrect). Please use LLMs and agents wisely to avoid wasting precious maintainer resources. We have started blocking offending accounts that spam slop reports. Thank you to all who submit responsible reports following our security policy to make the project better. We appreciate that the community deems the Caddy project worthy of contribution to improve the broader ecosystem!

Security-related patches:

• caddyhttp: Normalize Windows backslashes in path matcher (thanks @​Vincent550102)
• rewrite: Prevent placeholder re-expansion in injected query (thanks @​WhiskerEnt)
• templates: Improved stripHTML action to more reliably remove malformed HTML (thanks to @​jmrcsnchz)
• caddyhttp: Ignore header fields with underscores to prevent collisions (thanks @​Vincent550102 for the report and @​dunglas for the patch)

⚠️ These security patches may be breaking if your application relies on the buggy behaviors.

There are also several other various fixes and enhancements by many other contributors. Thank you everyone who participated!

What's Changed

• reverseproxy: further prevent body closes from dial errors by @​jameshartig in #​7715
• caddytls: Fix client auth (fix #​7724) by @​mholt in #​7727
• chore: deps upgrade by @​mohammed90 in #​7751
• caddyhttp: omit Last-Modified for unusable mod times by @​bb4242 in #​7740
• caddytls: fix TLS state races and ECH rotation retry by @​broady in #​7756
• chore: clean up wording and typo fixes by @​steadytao in #​7745
• reverseproxy: Add regression test for DialInfo network override by @​eyupcanakman in #​7758
• caddyauth: add candidate placeholders for rejected identities by @​steadytao in #​7698
• cmd: support caddy start on IPv6-only hosts by @​steadytao in #​7744
• caddyfile: preserve implicit TLS issuer semantics by @​steadytao in #​7743
• reverseproxy: wraps request body to prevent closing if not read by @​WeidiDeng in #​7719
• caddytls: match IDN SNI in connection policies by @​steadytao in #​7742
• build(deps): bump the all-updates group across 1 directory with 9 updates by @​dependabot[bot] in #​7752
• caddyhttp: normalize Windows backslashes in path matcher by @​Vincent550102 in #​7763
• go.mod: update x/net by @​steadytao in #​7767
• rewrite: prevent placeholder re-expansion in injected query by @​WhiskerEnt in #​7761
• perf(replacer): optimize memory allocation for file placeholders by @​Jualhosting in #​7773
• caddytls: skip idna.ToASCII for pure ASCII SNI values by @​sleet0922 in #​7770
• encode: prioritize zstd and br over gzip in content negotiation by @​Jualhosting in #​7772
• httpcaddyfile: fix incorrect error message on duplicate matchers by @​Brunotlps in #​7780
• Patch for GHSA-vcc4-2c75-vc9v by @​jmrcsnchz in #​7785

New Contributors

• @​jameshartig made their first contribution in #​7715
• @​bb4242 made their first contribution in #​7740
• @​broady made their first contribution in #​7756
• @​eyupcanakman made their first contribution in #​7758
• @​Vincent550102 made their first contribution in #​7763
• @​WhiskerEnt made their first contribution in #​7761
• @​Jualhosting made their first contribution in #​7773
• @​sleet0922 made their first contribution in #​7770
• @​Brunotlps made their first contribution in #​7780
• @​jmrcsnchz made their first contribution in #​7785

Full Changelog: caddyserver/caddy@v2.11.3...v2.11.4

ccoveille/go-safecast (github.com/ccoveille/go-safecast/v2)

v2.0.1

Compare Source

What's Changed

Fixes

• Fix issue #​144: Small floats are incorrectly rejected by @​FGasper in ccoVeille#145
• docs: Fix typo in comment by @​ccoVeille in ccoVeille#149

Minor

• build(deps): bump golangci/golangci-lint-action from 8 to 9 in the all group by @​dependabot[bot] in ccoVeille#130
• build(deps): bump the all group with 2 updates by @​dependabot[bot] in ccoVeille#131
• build(deps): bump actions/checkout from 5 to 6 in the all group by @​dependabot[bot] in ccoVeille#132
• build(deps): bump the all group across 1 directory with 3 updates by @​dependabot[bot] in ccoVeille#134
• build(deps): bump crate-ci/typos from 1.40.0 to 1.41.0 in the all group by @​dependabot[bot] in ccoVeille#135
• build(deps): bump the all group across 1 directory with 2 updates by @​dependabot[bot] in ccoVeille#137
• build(deps): bump crate-ci/typos from 1.42.3 to 1.43.3 in the all group by @​dependabot[bot] in ccoVeille#138
• build(deps): bump crate-ci/typos from 1.43.3 to 1.43.4 in the all group by @​dependabot[bot] in ccoVeille#139
• build(deps): bump crate-ci/typos from 1.43.4 to 1.44.0 in the all group by @​dependabot[bot] in ccoVeille#140
• build(deps): bump raven-actions/actionlint from 2.1.1 to 2.1.2 in the all group by @​dependabot[bot] in ccoVeille#141
• build(deps): bump the all group with 2 updates by @​dependabot[bot] in ccoVeille#142
• build(deps): bump crate-ci/typos from 1.44.0 to 1.45.0 in the all group by @​dependabot[bot] in ccoVeille#143
• build(deps): bump crate-ci/typos from 1.45.0 to 1.45.1 in the all group by @​dependabot[bot] in ccoVeille#146
• build(deps): bump the all group with 2 updates by @​dependabot[bot] in ccoVeille#147
• build(deps): bump the all group with 2 updates by @​dependabot[bot] in ccoVeille#150
• build(deps): bump crate-ci/typos from 1.46.2 to 1.46.3 in the all group by @​dependabot[bot] in ccoVeille#151

New Contributors

• @​FGasper made their first contribution in ccoVeille#145

Full Changelog: ccoVeille/go-safecast@v2.0.0...v2.0.1

cespare/xxhash (github.com/cespare/xxhash)

v2.3.0

Compare Source

v2.2.0

Compare Source

v2.1.2

Compare Source

v2.1.1

Compare Source

v2.1.0

Compare Source

v2.0.0

Compare Source

dgraph-io/badger (github.com/dgraph-io/badger)

v4.9.2

Compare Source

What's Changed

• chore(core): remove unused event log by @​xqqp in #​2257
• fix(cd): upload build artifacts to GitHub Release by @​matthewmcneely in #​2273
• fix: Prevent NPE on sync with inmemory DB by @​alpe in #​2264
• perf: skip lsm lookup for expired entries during value log rewrite by @​lamb007 in #​2269
• chore: update jemalloc to 5.3.1 by @​solracsf in #​2275
• fix : read only user should be able to open db on ReadOnly mode by @​Naelpuissant in #​2268
• fix(compaction): clamp baseLevel to >=1 to prevent L0->L0 panic on la… by @​shiva-istari in #​2296

New Contributors

• @​xqqp made their first contribution in #​2257
• @​alpe made their first contribution in #​2264
• @​lamb007 made their first contribution in #​2269
• @​Naelpuissant made their first contribution in #​2268
• @​shiva-istari made their first contribution in #​2296

Full Changelog: dgraph-io/badger@v4.9.1...v4.9.2

v4.9.1

Compare Source

What's Changed

• fix(aix): add aix directory synchronization support by @​pmur in #​2115
• fix: correct the comment on value size in skl.node by @​ahrtr in #​2250
• chore: Update changelog by @​matthewmcneely in #​2256
• chore(ci): update arm runner label by @​matthewmcneely in #​2248
• test: add checksum tests for package y by @​miladev95 in #​2246

New Contributors

• @​ahrtr made their first contribution in #​2250
• @​miladev95 made their first contribution in #​2246
• @​pmur made their first contribution in #​2115

Full Changelog: dgraph-io/badger@v4.9.0...v4.9.1

v4.9.0

Compare Source

What's Changed

• fix(docs): fix typos by @​kianmeng in #​2227
• fix(y): shall always return empty slice rather than nil by @​kooltuoehias in #​2245
• fix: test.sh error by @​kianmeng in #​2225
• fix: typo of abandoned by @​jas4711 in #​2222
• chore(deps): Update go minor and patch by @​renovate[bot] in #​2212
• chore(deps): Update dependency node to v22 by @​renovate[bot] in #​2219
• chore: update the trunk conf file by @​matthewmcneely in #​2217
• chore(deps): Update go minor and patch by @​renovate[bot] in #​2218
• chore(deps): Update actions/checkout action to v5 by @​renovate[bot] in #​2221
• chore(deps): Update actions (major) by @​renovate[bot] in #​2229
• move docs pages in the repo by @​raphael-istari in #​2232
• chore: configure renovate to leave go version as declared by @​matthewmcneely in #​2235
• chore: change renovate to maintain backwards compatible go version by @​matthewmcneely in #​2236
• chore: update README.md with correct links and badges by @​matthewmcneely in #​2239
• chore: add doc for encryption at rest by @​raphael-istari in #​2240
• chore(ci): restrict Dgraph test to core packages only by @​matthewmcneely in #​2242
• chore: prepare for v4.9.0 release by @​matthewmcneely in #​2247

New Contributors

• @​matthewmcneely made their first contribution in #​2217
• @​jas4711 made their first contribution in #​2222
• @​raphael-istari made their first contribution in #​2232
• @​kianmeng made their first contribution in #​2225
• @​kooltuoehias made their first contribution in #​2245

Full Changelog: dgraph-io/badger@v4.8.0...v4.9.0

v4.8.0

Compare Source

Fixed

• fix(y): y.SafeCopy shall always return empty slice rather than nil (#​2245)

  WARNING SafeCopy now returns an empty slice rather than nil. For those using our y utility
  package, this could be a breaking change. This has implications for empty slices stored in
  badger, specifically, upon retrieval the value stored with the key will be equal to what was set
  (an empty []byte). See #​2067 for more details.

• fix: test.sh error (#​2225)
• fix: typo of abandoned (#​2222)

Docs

• add doc for encryption at rest (#​2240)
• move docs pages in the repo (#​2232)

Chores

• chore(ci): restrict Dgraph test to core packages only ([#​2242](https://redirect.github.com/dgraph-io/badger/issues/2

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

To execute skipped test pipelines write comment /ok-to-test.

---

Documentation

Find out how to configure dependency updates in MintMaker documentation or see all available configuration options in Renovate documentation.

[red-hat-konflux]

ℹ️ Artifact update notice

File name: go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

• 2 additional dependencies were updated
• The go directive was updated for compatibility reasons

Details:

Package	Change
go	1.25.9 -> 1.26.0
google.golang.org/genproto/googleapis/api	v0.0.0-20260511170946-3700d4141b60 -> v0.0.0-20260526163538-3dc84a4a5aaa
google.golang.org/genproto/googleapis/rpc	v0.0.0-20260511170946-3700d4141b60 -> v0.0.0-20260610212136-7ab31c22f7ad