Skip to content

build(deps): bump the minor-and-patch group across 1 directory with 18 updates#592

Open
dependabot[bot] wants to merge 1 commit into
developfrom
dependabot/go_modules/minor-and-patch-f047f05fa0
Open

build(deps): bump the minor-and-patch group across 1 directory with 18 updates#592
dependabot[bot] wants to merge 1 commit into
developfrom
dependabot/go_modules/minor-and-patch-f047f05fa0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 22, 2026

Copy link
Copy Markdown
Contributor

Bumps the minor-and-patch group with 16 updates in the / directory:

Package From To
github.com/NVIDIA/go-nvml 0.13.1-0 0.13.2-0
github.com/aws/aws-sdk-go-v2/service/s3 1.78.2 1.104.0
github.com/blevesearch/bleve/v2 2.4.4 2.6.0
github.com/coreos/go-oidc 2.3.0+incompatible 2.5.0+incompatible
github.com/crewjam/saml 0.4.14 0.5.1
github.com/fsnotify/fsnotify 1.8.0 1.10.1
github.com/gin-gonic/gin 1.10.0 1.12.0
github.com/go-resty/resty/v2 2.16.3 2.17.2
github.com/gophercloud/gophercloud/v2 2.8.0 2.13.0
github.com/prometheus-community/pro-bing 0.7.0 0.9.0
github.com/shirou/gopsutil/v4 4.25.1 4.26.5
github.com/swaggo/gin-swagger 1.6.0 1.6.1
github.com/swaggo/swag 1.16.3 1.16.6
go.mongodb.org/mongo-driver 1.17.2 1.17.9
k8s.io/apimachinery 0.34.1 0.36.2
k8s.io/client-go 0.34.1 0.36.2

Updates github.com/NVIDIA/go-nvml from 0.13.1-0 to 0.13.2-0

Release notes

Sourced from github.com/NVIDIA/go-nvml's releases.

v0.13.2-0

What's Changed

Full Changelog: NVIDIA/go-nvml@v0.13.1-0...v0.13.2-0

Commits
  • a940d4c Merge pull request #184 from NVIDIA/upd-nvml-h-cuda-13.2
  • 2976179 sync nvml.h with CUDA version 13.2.1 and update go bindings
  • See full diff in compare view

Updates github.com/aws/aws-sdk-go-v2/service/s3 from 1.78.2 to 1.104.0

Commits

Updates github.com/blevesearch/bleve/v2 from 2.4.4 to 2.6.0

Release notes

Sourced from github.com/blevesearch/bleve/v2's releases.

v2.6.0

What's Changed

Introduced new file format - zapx@v17

Milestone: https://github.com/blevesearch/bleve/milestone/29 Full Changelog: blevesearch/bleve@v2.5.7...v2.6.0

v2.5.7

What's Changed

Milestone: https://github.com/blevesearch/bleve/milestone/33 Full Changelog: blevesearch/bleve@v2.5.6...v2.5.7

v2.5.6

... (truncated)

Commits

Updates github.com/coreos/go-oidc from 2.3.0+incompatible to 2.5.0+incompatible

Release notes

Sourced from github.com/coreos/go-oidc's releases.

v2.5.0

What's Changed

Full Changelog: coreos/go-oidc@v2.4.0...v2.5.0

v2.4.0

What's Changed

Full Changelog: coreos/go-oidc@v2.3.0...v2.4.0

Commits
  • 153fc73 *: add sanity check to avoid JWT over-allocation
  • eb183a9 *: format all files using newer Go versions
  • 752fcad oidc: verify signature before parsing token
  • See full diff in compare view

Updates github.com/crewjam/saml from 0.4.14 to 0.5.1

Commits
  • e3d0323 Revert "fix: Improper namespace application in elementToBytes (#580)"
  • e985226 ArtifactResolve: change order of elements to satisfy ADFS
  • 7c9cb20 CookieSessionProvider: add Path
  • 97deba2 tidy up AuthnRequest.Redirect
  • f051927 update readme
  • 7e8fef5 bump golang.org/x/crypto to v0.33.0 which is the highest version that support...
  • ed59954 properly set minimum go version to 1.22 (#604)
  • 5b2a7ec remove pointless dependency on github.com/stretchr/testify
  • 10fe88b remove pointless dependency on github.com/kr/pretty
  • 30fafb0 remove pointless dependency on github.com/dchest/uniuri
  • Additional commits viewable in compare view

Updates github.com/fsnotify/fsnotify from 1.8.0 to 1.10.1

Release notes

Sourced from github.com/fsnotify/fsnotify's releases.

v1.10.1

Changes and fixes

  • inotify: don't remove sibling watches sharing a path prefix (#754)

  • inotify, windows: don't rename sibling watches sharing a path prefix (#755)

#754: fsnotify/fsnotify#754 #755: fsnotify/fsnotify#755

v1.10.0

This version of fsnotify needs Go 1.23.

Changes and fixes

  • inotify: improve initialization error message (#731)

  • inotify: send Rename event if recursive watch is renamed (#696)

  • inotify: avoid copying event buffers when reading names (#741)

  • kqueue: skip dangling symlinks (ENOENT) in watchDirectoryFiles, so a bad entry no longer aborts Watcher.Add for the whole directory (#748)

  • kqueue: drop watches directly in Close() to fix a file descriptor leak when recycling watchers (#740)

  • windows: fix nil pointer dereference in remWatch (#736)

  • windows: lock watch field updates against concurrent WatchList to fix a race introduced in v1.9.0 (#709, #749)

#696: fsnotify/fsnotify#696 #709: fsnotify/fsnotify#709 #731: fsnotify/fsnotify#731 #736: fsnotify/fsnotify#736 #740: fsnotify/fsnotify#740 #741: fsnotify/fsnotify#741 #748: fsnotify/fsnotify#748 #749: fsnotify/fsnotify#749

v1.9.0

Changes and fixes

  • all: make BufferedWatcher buffered again (#657)

  • inotify: fix race when adding/removing watches while a watched path is being deleted (#678, #686)

  • inotify: don't send empty event if a watched path is unmounted (#655)

  • inotify: don't register duplicate watches when watching both a symlink and its target; previously that would get "half-added" and removing the second would panic (#679)

... (truncated)

Changelog

Sourced from github.com/fsnotify/fsnotify's changelog.

1.10.1 2026-05-04

Changes and fixes

  • inotify: don't remove sibling watches sharing a path prefix (#754)

  • inotify, windows: don't rename sibling watches sharing a path prefix (#755)

#754: fsnotify/fsnotify#754 #755: fsnotify/fsnotify#755

1.10.0 2026-04-30

This version of fsnotify needs Go 1.23.

Changes and fixes

  • inotify: improve initialization error message (#731)

  • inotify: send Rename event if recursive watch is renamed (#696)

  • inotify: avoid copying event buffers when reading names (#741)

  • kqueue: skip dangling symlinks (ENOENT) in watchDirectoryFiles, so a bad entry no longer aborts Watcher.Add for the whole directory (#748)

  • kqueue: drop watches directly in Close() to fix a file descriptor leak when recycling watchers (#740)

  • windows: fix nil pointer dereference in remWatch (#736)

  • windows: lock watch field updates against concurrent WatchList to fix a race introduced in v1.9.0 (#709, #749)

#696: fsnotify/fsnotify#696 #709: fsnotify/fsnotify#709 #731: fsnotify/fsnotify#731 #736: fsnotify/fsnotify#736 #740: fsnotify/fsnotify#740 #741: fsnotify/fsnotify#741 #748: fsnotify/fsnotify#748 #749: fsnotify/fsnotify#749

1.9.0 2024-04-04

... (truncated)

Commits
  • 76b01a6 Release 1.10.1
  • fec150b Update changelog
  • 162b421 inotify, windows: don't rename sibling watches sharing a path prefix (#755)
  • 224257f inotify: don't remove sibling watches sharing a path prefix (#754)
  • e0c956c windows: document directory Write events and stabilize tests (#745)
  • 8d01d7b Release 1.10.0
  • 602284e Update changelog
  • 7f03e59 kqueue: skip ENOENT entries in watchDirectoryFiles (#748)
  • dab9dde windows: lock watch field updates against concurrent WatchList (#709) (#749)
  • eadf267 kqueue: drop watches directly in Close() instead of going through remove() (#...
  • Additional commits viewable in compare view

Updates github.com/gin-gonic/gin from 1.10.0 to 1.12.0

Release notes

Sourced from github.com/gin-gonic/gin's releases.

v1.12.0

Changelog

Features

  • 192ac89eefc1c30f7c97ae48a9ffb1c6f1c8c8bc: feat(binding): add support for encoding.UnmarshalText in uri/query binding (#4203) (@​takanuva15)
  • 53410d2e07054369e0960fbe2eed97e1b9966f12: feat(context): add GetError and GetErrorSlice methods for error retrieval (#4502) (@​raju-mechatronics)
  • acc55e049e33b401e810dbd8c0d6dcb6b3ba2b05: feat(context): add Protocol Buffers support to content negotiation (#4423) (@​1911860538)
  • 38e765119241d990705169bedb5002a29ae0cbd1: feat(context): implemented Delete method (@​Spyder01)
  • 771dcc6476d7bc6abb9ec0235ecefa4d38fe6fb0: feat(gin): add option to use escaped path (#4420) (@​ldesauw)
  • 4dec17afdff48e8018c83618fbbe69fceeb2b41d: feat(logger): color latency (#4146) (@​wsyqn6)
  • d7776de7d444935ea4385999711bd6331a98fecb: feat(render): add bson protocol (#4145) (@​laurentcau)

Bug fixes

  • b917b14ff9d189f16a7492be79d123a47806ee19: fix(binding): empty value error (#2169) (@​guonaihong)
  • c3d1092b3b48addf6f9cd00fe274ec3bd14650eb: fix(binding): improve empty slice/array handling in form binding (#4380) (@​1911860538)
  • 9914178584e42458ff7d23891463a880f58c9d86: fix(context): ClientIP handling for multiple X-Forwarded-For header values (#4472) (@​Nurysso)
  • 2a794cd0b0faa7d829291375b27a3467ea972b0d: fix(debug): version mismatch (#4403) (@​zeek0x)
  • c3d5a28ed6d3849da820195b6774d212bcc038a9: fix(gin): close os.File in RunFd to prevent resource leak (#4422) (@​1911860538)
  • 5fad976b372e381312f8de69f0969f1284d229d3: fix(gin): literal colon routes not working with engine.Handler() (#4415) (@​pawannn)
  • 63dd3e60cab89c27fb66bce1423bd268d52abad1: fix(recover): suppress http.ErrAbortHandler in recover (#4336) (@​MondayCha)
  • 5c00df8afadd06cc5be530dde00fe6d9fa4a2e4a: fix(render): write content length in Data.Render (#4206) (@​dengaleev)
  • 234a6d4c00cb77af9852aca0b8289745d5529b4b: fix(response): refine hijack behavior for response lifecycle (#4373) (@​appleboy)
  • 472d086af2acd924cb4b9d7be0525f7d790f69bc: fix(tree): panic in findCaseInsensitivePathRec with RedirectFixedPath (#4535) (@​veeceey)
  • 8e07d37c63e5536eb25f4af4c91eabeee4011fba: fix: Correct typos, improve documentation clarity, and remove dead code (#4511) (@​mahanadh)

Enhancements

  • ba093d19477b896ac89a7fc3246af23d290b8e26: chore(binding): upgrade bson dependency to mongo-driver v2 (#4549) (@​BobDu)
  • b2b489dbf4826c2c630717a77fd5e42774625410: chore(context): always trust xff headers from unix socket (#3359) (@​WeidiDeng)
  • ecb3f7b5e2f3915bf1db240ed5eee572f8dbea36: chore(deps): upgrade golang.org/x/crypto to v0.45.0 (#4449) (@​appleboy)
  • af6e8b70b8261bb0c99ad094fe552ab92991620a: chore(deps): upgrade quic-go to v0.57.1 (@​appleboy)
  • db309081bc5c137b2aa15701ef53f7f19788da25: chore(logger): allow skipping query string output (#4547) (@​USA-RedDragon)
  • 26c3a628655cad2388380cb8102d6ce7d4875f3b: chore(response): prevent Flush() panic when http.Flusher (#4479) (@​Twacqwq)
  • 5dd833f1f26de0eb30eae47b17e05ced2482dc41: chore: bump minimum Go version to 1.24 and update workflows (#4388) (@​appleboy)

Refactor

  • 39858a0859c914bd26948fa950477e11bd8d3823: refactor(binding): use maps.Copy for cleaner map handling (#4352) (@​russcoss)
  • c0048f645ee945c4db30593afdea10123e2c30a6: refactor(context): omit the return value names (#4395) (@​wanghaolong613)
  • 915e4c90d28ec4cffc6eb146e208ab5a65eac772: refactor(context): replace hardcoded localhost IPs with constants (#4481) (@​pauloappbr)
  • 414de60574449457f3192a7a1d5528940db2836d: refactor(context): using maps.Clone (#4333) (@​cuiweixie)
  • 59e9d4a794f12c4f9a6c7bed441b9644e5f6d99b: refactor(ginS): use sync.OnceValue to simplify engine function (#4314) (@​1911860538)
  • 3ab698dc5110af1977d57226e4995c57dd34c233: refactor(recovery): smart error comparison (#4142) (@​zeek0x)
  • d1a15347b1e45a8ee816193d3578a93bfd73b70f: refactor(utils): move util functions to utils.go (#4467) (@​zeek0x)
  • e3118cc378d263454098924ebbde7e8d1dd2e904: refactor: for loop can be modernized using range over int (#4392) (@​wanghaolong613)
  • 488f8c3ffa579a8d19beb2bae95ff8ef36b3d53f: refactor: replace magic numbers with named constants in bodyAllowedForStatus (#4529) (@​veeceey)
  • 9968c4bf9d5a99edc3eee2c068a4c9160ece8915: refactor: use b.Loop() to simplify the code and improve performance (#4389) (@​reddaisyy)
  • a85ef5ce4d0cda8834c59c855068ed48b51192d1: refactor: use b.Loop() to simplify the code and improve performance (#4432) (@​efcking)

Build process updates

  • 61b67de522a189b568aced4c5c16917c558e3387: ci(bot): increase frequency and group updates for dependencies (#4367) (@​appleboy)
  • fb27ef26c2fdfe25344b4c039d8a53551f9e912c: ci(lint): refactor test assertions and linter configuration (#4436) (@​appleboy)
  • 93ff771e6dbf10e432864b30f3719ac5c84a4d4a: ci(sec): improve type safety and server organization in HTTP middleware (#4437) (@​appleboy)
  • e88fc8927a52b74f55bec0351604a56ac0aa1c51: ci(sec): schedule Trivy security scans to run daily at midnight UTC (#4439) (@​appleboy)
  • 5e5ff3ace496a31b138b0820136a146bfb5de0ef: ci: replace vulnerability scanning workflow with Trivy integration (#4421) (@​appleboy)
  • 00900fb3e1ea9dde33985a0e4f6afec793d5e786: ci: update CI workflows and standardize Trivy config quotes (#4531) (@​appleboy)
  • ae3f524974fc4f55d18c9e7fae4614503c015226: ci: update Go version support to 1.25+ across CI and docs (#4550) (@​appleboy)

... (truncated)

Changelog

Sourced from github.com/gin-gonic/gin's changelog.

Gin v1.12.0

Features

  • feat(render): add bson protocol (#4145)
  • feat(context): add GetError and GetErrorSlice methods for error retrieval (#4502)
  • feat(binding): add support for encoding.UnmarshalText in uri/query binding (#4203)
  • feat(gin): add option to use escaped path (#4420)
  • feat(context): add Protocol Buffers support to content negotiation (#4423)
  • feat(context): implemented Delete method (#38e7651)
  • feat(logger): color latency (#4146)

Enhancements

  • perf(tree): reduce allocations in findCaseInsensitivePath (#4417)
  • perf(recovery): optimize line reading in stack function (#4466)
  • perf(path): replace regex with custom functions in redirectTrailingSlash (#4414)
  • perf(tree): optimize path parsing using strings.Count (#4246)
  • chore(logger): allow skipping query string output (#4547)
  • chore(context): always trust xff headers from unix socket (#3359)
  • chore(response): prevent Flush() panic when the underlying ResponseWriter does not implement http.Flusher (#4479)
  • refactor(recovery): smart error comparison (#4142)
  • refactor(context): replace hardcoded localhost IPs with constants (#4481)
  • refactor(utils): move util functions to utils.go (#4467)
  • refactor(binding): use maps.Copy for cleaner map handling (#4352)
  • refactor(context): using maps.Clone (#4333)
  • refactor(ginS): use sync.OnceValue to simplify engine function (#4314)
  • refactor: replace magic numbers with named constants in bodyAllowedForStatus (#4529)
  • refactor: for loop can be modernized using range over int (#4392)

Bug Fixes

  • fix(tree): panic in findCaseInsensitivePathRec with RedirectFixedPath (#4535)
  • fix(render): write content length in Data.Render (#4206)
  • fix(context): ClientIP handling for multiple X-Forwarded-For header values (#4472)
  • fix(binding): empty value error (#2169)
  • fix(recover): suppress http.ErrAbortHandler in recover (#4336)
  • fix(gin): literal colon routes not working with engine.Handler() (#4415)
  • fix(gin): close os.File in RunFd to prevent resource leak (#4422)
  • fix(response): refine hijack behavior for response lifecycle (#4373)
  • fix(binding): improve empty slice/array handling in form binding (#4380)
  • fix(debug): version mismatch (#4403)
  • fix: correct typos, improve documentation clarity, and remove dead code (#4511)

Build process updates / CI

  • ci: update Go version support to 1.25+ across CI and docs (#4550)
  • chore(binding): upgrade bson dependency to mongo-driver v2 (#4549)

Gin v1.11.0

... (truncated)

Commits
  • 73726dc docs: update documentation to reflect Go version changes (#4552)
  • e292e5c docs: document and finalize Gin v1.12.0 release (#4551)
  • ae3f524 ci: update Go version support to 1.25+ across CI and docs (#4550)
  • 38534e2 chore(deps): bump golang.org/x/net from 0.50.0 to 0.51.0 (#4548)
  • 472d086 fix(tree): panic in findCaseInsensitivePathRec with RedirectFixedPath (#4535)
  • fb25834 test(context): use http.StatusContinue constant instead of magic number 100 (...
  • 6f1d5fe test(render): add comprehensive error handling tests (#4541)
  • 5c00df8 fix(render): write content length in Data.Render (#4206)
  • db30908 chore(logger): allow skipping query string output (#4547)
  • ba093d1 chore(binding): upgrade bson dependency to mongo-driver v2 (#4549)
  • Additional commits viewable in compare view

Updates github.com/go-resty/resty/v2 from 2.16.3 to 2.17.2

Release notes

Sourced from github.com/go-resty/resty/v2's releases.

v2.17.2

Release Notes

Backport

Release

Full Changelog: go-resty/resty@v2.17.1...v2.17.2

v2.17.1

Release Notes

Bug Fixes

Full Changelog: go-resty/resty@v2.17.0...v2.17.1

v2.17.0

Release Notes

Bug Fixes

Backport

Release Updates

New Contributors

Full Changelog: go-resty/resty@v2.16.5...v2.17.0

v2.16.5

Release Notes

Bug Fixes

Documentation

... (truncated)

Commits
  • b1b3aaa release: version bump to v2.17.2 and readme update (#1112)
  • fb4a091 backport: header deepcopy fix (#1110)
  • 52f3f39 Merge pull request #1079 from go-resty/fix-cnt-type-hdr-on-emptybody
  • 16e2701 release: v2.17.1 readme update
  • 203bf14 fix: content type request header on http.NoBody type #1074
  • 061e449 chore: version bump to v2.17.1
  • d4c3576 Merge pull request #1066 from go-resty/for-v2.17.0-release
  • 6452271 chore: update readme for release v2.17.0
  • 2eab959 ci: update go version 1.23.0
  • 795d6c2 chore: update go.mod package versions
  • Additional commits viewable in compare view

Updates github.com/gophercloud/gophercloud/v2 from 2.8.0 to 2.13.0

Release notes

Sourced from github.com/gophercloud/gophercloud/v2's releases.

v2.13.0

What's Changed

Full Changelog: gophercloud/gophercloud@v2.12.0...v2.13.0

v2.12.0

What's Changed

  • [v2] Fix cl...

    Description has been truncated

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update go code labels Jun 22, 2026
@dependabot dependabot Bot requested a review from traviswu-bigstack as a code owner June 22, 2026 01:07
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update go code labels Jun 22, 2026
@github-actions

github-actions Bot commented Jun 22, 2026

Copy link
Copy Markdown

⚠️ Deprecation Warning: The deny-licenses option is deprecated for possible removal in the next major release. For more information, see issue 997.

Dependency Review

The following issues were found:
  • ❌ 2 vulnerable package(s)
  • ✅ 0 package(s) with incompatible licenses
  • ✅ 0 package(s) with invalid SPDX license definitions
  • ⚠️ 53 package(s) with unknown licenses.
  • ⚠️ 1 packages with OpenSSF Scorecard issues.
See the Details below.

Vulnerabilities

go.mod

NameVersionVulnerabilitySeverity
github.com/russellhaering/goxmldsig1.4.0validateSignature Loop Variable Capture Signature Bypass in goxmldsighigh
github.com/quic-go/quic-go0.59.0quic-go: HTTP/3 QPACK Trailer Expansion Memory Exhaustion moderate
Only included vulnerabilities with severity moderate or higher.

License Issues

go.mod

PackageVersionLicenseIssue Type
github.com/quic-go/quic-go0.59.0NullUnknown License
github.com/NVIDIA/go-nvml0.13.2-0NullUnknown License
github.com/RoaringBitmap/roaring/v22.14.5NullUnknown License
github.com/aws/aws-sdk-go-v21.42.0NullUnknown License
github.com/aws/aws-sdk-go-v2/internal/configsources1.4.29NullUnknown License
github.com/aws/aws-sdk-go-v2/internal/endpoints/v22.7.29NullUnknown License
github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding1.13.12NullUnknown License
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url1.13.29NullUnknown License
github.com/aws/aws-sdk-go-v2/service/internal/s3shared1.19.29NullUnknown License
github.com/aws/aws-sdk-go-v2/service/s31.104.0NullUnknown License
github.com/aws/smithy-go1.27.1NullUnknown License
github.com/beevik/etree1.5.0NullUnknown License
github.com/bits-and-blooms/bitset1.24.2NullUnknown License
github.com/blevesearch/bleve/v22.6.0NullUnknown License
github.com/blevesearch/bleve_index_api1.3.11NullUnknown License
github.com/blevesearch/geo0.2.5NullUnknown License
github.com/blevesearch/vellum1.2.0NullUnknown License
github.com/bytedance/gopkg0.1.3NullUnknown License
github.com/bytedance/sonic1.15.0NullUnknown License
github.com/cloudwego/base64x0.1.6NullUnknown License
github.com/coreos/go-oidc2.5.0+incompatibleNullUnknown License
github.com/crewjam/saml0.5.1NullUnknown License
github.com/ebitengine/purego0.10.0NullUnknown License
github.com/emicklei/go-restful/v33.13.0NullUnknown License
github.com/fsnotify/fsnotify1.10.1NullUnknown License
github.com/gabriel-vasile/mimetype1.4.12NullUnknown License
github.com/gin-contrib/sse1.1.0NullUnknown License
github.com/gin-gonic/gin1.12.0NullUnknown License
github.com/go-logr/logr1.4.3NullUnknown License
github.com/go-playground/validator/v1010.30.1NullUnknown License
github.com/go-resty/resty/v22.17.2NullUnknown License
github.com/goccy/go-json0.10.5NullUnknown License
github.com/goccy/go-yaml1.19.2NullUnknown License
github.com/golang/snappy1.0.0NullUnknown License
github.com/klauspost/cpuid/v22.3.0NullUnknown License
github.com/pelletier/go-toml/v22.2.4NullUnknown License
github.com/shirou/gopsutil/v44.26.5NullUnknown License
github.com/spf13/pflag1.0.9NullUnknown License
github.com/swaggo/gin-swagger1.6.1NullUnknown License
github.com/swaggo/swag1.16.6NullUnknown License
github.com/tklauser/numcpus0.11.0NullUnknown License
github.com/ugorji/go/codec1.3.1NullUnknown License
golang.org/x/crypto0.52.0NullUnknown License
golang.org/x/net0.55.0NullUnknown License
golang.org/x/sync0.21.0NullUnknown License
golang.org/x/sys0.45.0NullUnknown License
google.golang.org/protobuf1.36.12-0.20260120151049-f2248ac996afNullUnknown License
k8s.io/api0.36.2NullUnknown License
k8s.io/apimachinery0.36.2NullUnknown License
k8s.io/client-go0.36.2NullUnknown License
k8s.io/klog/v22.140.0NullUnknown License
sigs.k8s.io/json0.0.0-20250730193827-2d320260d730NullUnknown License
github.com/gophercloud/gophercloud/v22.13.0NullUnknown License
Denied Licenses: GPL-1.0-or-later, LGPL-2.0-or-later

OpenSSF Scorecard

Scorecard details
PackageVersionScoreDetails
gomod/github.com/russellhaering/goxmldsig 1.4.0 🟢 6.9
Details
CheckScoreReason
Binary-Artifacts🟢 10no binaries found in the repo
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
CI-Tests⚠️ 12 out of 15 merged PRs checked by a CI test -- score normalized to 1
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Code-Review⚠️ 0found 10 unreviewed changesets out of 10 -- score normalized to 0
Contributors🟢 103 different organizations found -- score normalized to 10
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Dependency-Update-Tool🟢 10update tool detected
Fuzzing🟢 10project is fuzzed
License🟢 10license file detected
Maintained⚠️ 00 commit(s) out of 30 and 0 issue activity out of 30 found in the last 90 days -- score normalized to 0
Packaging⚠️ -1no published package detected
Pinned-Dependencies🟢 7dependency not pinned by hash detected -- score normalized to 7
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Security-Policy🟢 10security policy file detected
Signed-Releases⚠️ -1no releases found
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
Vulnerabilities🟢 10no vulnerabilities detected
gomod/github.com/quic-go/quic-go 0.59.0 UnknownUnknown
gomod/github.com/NVIDIA/go-nvml 0.13.2-0 UnknownUnknown
gomod/github.com/RoaringBitmap/roaring/v2 2.14.5 UnknownUnknown
gomod/github.com/aws/aws-sdk-go-v2 1.42.0 UnknownUnknown
gomod/github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream 1.7.13 🟢 5.8
Details
CheckScoreReason
Code-Review⚠️ 0Found 0/30 approved changesets -- score normalized to 0
Maintained🟢 1030 commit(s) and 18 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Packaging⚠️ -1packaging workflow not detected
License🟢 10license file detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions🟢 9detected GitHub workflow tokens with excessive permissions
Branch-Protection🟢 5branch protection is not maximal on development and all release branches
Signed-Releases⚠️ -1no releases found
Security-Policy🟢 10security policy file detected
Fuzzing⚠️ 0project is not fuzzed
SAST⚠️ 0no SAST tool detected
Binary-Artifacts🟢 9binaries present in source code
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
gomod/github.com/aws/aws-sdk-go-v2/internal/configsources 1.4.29 UnknownUnknown
gomod/github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 2.7.29 UnknownUnknown
gomod/github.com/aws/aws-sdk-go-v2/internal/v4a 1.4.30 🟢 5.8
Details
CheckScoreReason
Code-Review⚠️ 0Found 0/30 approved changesets -- score normalized to 0
Maintained🟢 1030 commit(s) and 18 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Packaging⚠️ -1packaging workflow not detected
License🟢 10license file detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions🟢 9detected GitHub workflow tokens with excessive permissions
Branch-Protection🟢 5branch protection is not maximal on development and all release branches
Signed-Releases⚠️ -1no releases found
Security-Policy🟢 10security policy file detected
Fuzzing⚠️ 0project is not fuzzed
SAST⚠️ 0no SAST tool detected
Binary-Artifacts🟢 9binaries present in source code
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
gomod/github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding 1.13.12 UnknownUnknown
gomod/github.com/aws/aws-sdk-go-v2/service/internal/checksum 1.9.22 🟢 5.8
Details
CheckScoreReason
Code-Review⚠️ 0Found 0/30 approved changesets -- score normalized to 0
Maintained🟢 1030 commit(s) and 18 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Packaging⚠️ -1packaging workflow not detected
License🟢 10license file detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions🟢 9detected GitHub workflow tokens with excessive permissions
Branch-Protection🟢 5branch protection is not maximal on development and all release branches
Signed-Releases⚠️ -1no releases found
Security-Policy🟢 10security policy file detected
Fuzzing⚠️ 0project is not fuzzed
SAST⚠️ 0no SAST tool detected
Binary-Artifacts🟢 9binaries present in source code
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
gomod/github.com/aws/aws-sdk-go-v2/service/internal/presigned-url 1.13.29 UnknownUnknown
gomod/github.com/aws/aws-sdk-go-v2/service/internal/s3shared 1.19.29 UnknownUnknown
gomod/github.com/aws/aws-sdk-go-v2/service/s3 1.104.0 UnknownUnknown
gomod/github.com/aws/smithy-go 1.27.1 UnknownUnknown
gomod/github.com/beevik/etree 1.5.0 UnknownUnknown
gomod/github.com/bits-and-blooms/bitset 1.24.2 UnknownUnknown
gomod/github.com/blevesearch/bleve/v2 2.6.0 UnknownUnknown
gomod/github.com/blevesearch/bleve_index_api 1.3.11 UnknownUnknown
gomod/github.com/blevesearch/geo 0.2.5 UnknownUnknown
gomod/github.com/blevesearch/go-faiss 1.1.0 🟢 5.7
Details
CheckScoreReason
Maintained🟢 1020 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Code-Review🟢 9Found 28/30 approved changesets -- score normalized to 9
Dangerous-Workflow⚠️ -1no workflows found
Token-Permissions⚠️ -1No tokens found
Packaging⚠️ -1packaging workflow not detected
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies⚠️ -1no dependencies found
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Security-Policy⚠️ 0security policy file not detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
gomod/github.com/blevesearch/mmap-go 1.2.0 🟢 3.1
Details
CheckScoreReason
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Packaging⚠️ -1packaging workflow not detected
Maintained⚠️ 00 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Code-Review⚠️ 0Found 2/29 approved changesets -- score normalized to 0
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Security-Policy⚠️ 0security policy file not detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
gomod/github.com/blevesearch/scorch_segment_api/v2 2.4.7 🟢 4.1
Details
CheckScoreReason
Code-Review🟢 5Found 15/30 approved changesets -- score normalized to 5
Binary-Artifacts🟢 10no binaries found in the repo
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Maintained🟢 45 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 4
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Packaging⚠️ -1packaging workflow not detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Security-Policy⚠️ 0security policy file not detected
Fuzzing⚠️ 0project is not fuzzed
Signed-Releases⚠️ -1no releases found
License🟢 10license file detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
gomod/github.com/blevesearch/vellum 1.2.0 UnknownUnknown
gomod/github.com/blevesearch/zapx/v11 11.4.3 🟢 5.4
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Packaging⚠️ -1packaging workflow not detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Maintained🟢 1030 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Security-Policy⚠️ 0security policy file not detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection🟢 6branch protection is not maximal on development and all release branches
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
gomod/github.com/blevesearch/zapx/v12 12.4.3 🟢 5.4
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Packaging⚠️ -1packaging workflow not detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Maintained🟢 1030 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Security-Policy⚠️ 0security policy file not detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection🟢 6branch protection is not maximal on development and all release branches
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
gomod/github.com/blevesearch/zapx/v13 13.4.3 🟢 5.4
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Packaging⚠️ -1packaging workflow not detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Maintained🟢 1030 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Security-Policy⚠️ 0security policy file not detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection🟢 6branch protection is not maximal on development and all release branches
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
gomod/github.com/blevesearch/zapx/v14 14.4.3 🟢 5.4
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Packaging⚠️ -1packaging workflow not detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Maintained🟢 1030 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Security-Policy⚠️ 0security policy file not detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection🟢 6branch protection is not maximal on development and all release branches
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
gomod/github.com/blevesearch/zapx/v15 15.4.3 🟢 5.4
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Packaging⚠️ -1packaging workflow not detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Maintained🟢 1030 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Security-Policy⚠️ 0security policy file not detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection🟢 6branch protection is not maximal on development and all release branches
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
gomod/github.com/blevesearch/zapx/v16 16.3.4 🟢 5.4
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Packaging⚠️ -1packaging workflow not detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Maintained🟢 1030 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Security-Policy⚠️ 0security policy file not detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection🟢 6branch protection is not maximal on development and all release branches
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
gomod/github.com/blevesearch/zapx/v17 17.1.2 🟢 5.4
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Packaging⚠️ -1packaging workflow not detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Maintained🟢 1030 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Security-Policy⚠️ 0security policy file not detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection🟢 6branch protection is not maximal on development and all release branches
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
gomod/github.com/bytedance/gopkg 0.1.3 UnknownUnknown
gomod/github.com/bytedance/sonic 1.15.0 UnknownUnknown
gomod/github.com/bytedance/sonic/loader 0.5.0 🟢 6.5
Details
CheckScoreReason
Maintained🟢 1015 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Code-Review🟢 10all changesets reviewed
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Packaging⚠️ -1packaging workflow not detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Security-Policy⚠️ 0security policy file not detected
Fuzzing🟢 10project is fuzzed
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
SAST🟢 5SAST tool is not run on all commits -- score normalized to 5
gomod/github.com/cloudwego/base64x 0.1.6 UnknownUnknown
gomod/github.com/coreos/go-oidc 2.5.0+incompatible UnknownUnknown
gomod/github.com/crewjam/saml 0.5.1 UnknownUnknown
gomod/github.com/ebitengine/purego 0.10.0 UnknownUnknown
gomod/github.com/emicklei/go-restful/v3 3.13.0 UnknownUnknown
gomod/github.com/fsnotify/fsnotify 1.10.1 UnknownUnknown
gomod/github.com/gabriel-vasile/mimetype 1.4.12 UnknownUnknown
gomod/github.com/gin-contrib/sse 1.1.0 UnknownUnknown
gomod/github.com/gin-gonic/gin 1.12.0 UnknownUnknown
gomod/github.com/go-logr/logr 1.4.3 UnknownUnknown
gomod/github.com/go-playground/validator/v10 10.30.1 UnknownUnknown
gomod/github.com/go-resty/resty/v2 2.17.2 UnknownUnknown
gomod/github.com/goccy/go-json 0.10.5 UnknownUnknown
gomod/github.com/goccy/go-yaml 1.19.2 UnknownUnknown
gomod/github.com/golang/snappy 1.0.0 UnknownUnknown
gomod/github.com/gophercloud/gophercloud/v2 2.13.0 🟢 6.7
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Maintained🟢 1030 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Security-Policy⚠️ 0security policy file not detected
License🟢 9license file detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Packaging⚠️ -1packaging workflow not detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Signed-Releases⚠️ -1no releases found
Fuzzing⚠️ 0project is not fuzzed
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies🟢 9dependency not pinned by hash detected -- score normalized to 9
SAST🟢 9SAST tool detected but not run on all commits
gomod/github.com/klauspost/cpuid/v2 2.3.0 UnknownUnknown
gomod/github.com/pelletier/go-toml/v2 2.2.4 UnknownUnknown
gomod/github.com/power-devops/perfstat 0.0.0-20240221224432-82ca36839d55 ⚠️ 2
Details
CheckScoreReason
Code-Review⚠️ 0Found 1/28 approved changesets -- score normalized to 0
Dangerous-Workflow⚠️ -1no workflows found
Packaging⚠️ -1packaging workflow not detected
Maintained⚠️ 00 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Token-Permissions⚠️ -1No tokens found
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies⚠️ -1no dependencies found
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Security-Policy⚠️ 0security policy file not detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
gomod/github.com/prometheus-community/pro-bing 0.9.0 🟢 7.1
Details
CheckScoreReason
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Security-Policy🟢 9security policy file detected
Binary-Artifacts🟢 10no binaries found in the repo
Code-Review🟢 9Found 15/16 approved changesets -- score normalized to 9
Maintained🟢 1021 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Packaging⚠️ -1packaging workflow not detected
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
Pinned-Dependencies🟢 10all dependencies are pinned
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
gomod/github.com/quic-go/qpack 0.6.0 🟢 5
Details
CheckScoreReason
Maintained🟢 68 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 6
Binary-Artifacts🟢 10no binaries found in the repo
Code-Review⚠️ 0Found 1/23 approved changesets -- score normalized to 0
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Pinned-Dependencies🟢 6dependency not pinned by hash detected -- score normalized to 6
Fuzzing🟢 10project is fuzzed
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Security-Policy⚠️ 0security policy file not detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
gomod/github.com/shirou/gopsutil/v4 4.26.5 UnknownUnknown
gomod/github.com/spf13/pflag 1.0.9 UnknownUnknown
gomod/github.com/swaggo/gin-swagger 1.6.1 UnknownUnknown
gomod/github.com/swaggo/swag 1.16.6 UnknownUnknown
gomod/github.com/tklauser/go-sysconf 0.3.16 🟢 4.8
Details
CheckScoreReason
Maintained🟢 1030 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10
Packaging⚠️ -1packaging workflow not detected
Code-Review⚠️ 0Found 0/10 approved changesets -- score normalized to 0
Binary-Artifacts🟢 10no binaries found in the repo
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Pinned-Dependencies🟢 8dependency not pinned by hash detected -- score normalized to 8
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Security-Policy⚠️ 0security policy file not detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
gomod/github.com/tklauser/numcpus 0.11.0 UnknownUnknown
gomod/github.com/ugorji/go/codec 1.3.1 UnknownUnknown
gomod/github.com/xdg-go/scram 1.2.0 🟢 4
Details
CheckScoreReason
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Code-Review⚠️ 0Found 1/30 approved changesets -- score normalized to 0
Packaging⚠️ -1packaging workflow not detected
Token-Permissions🟢 9detected GitHub workflow tokens with excessive permissions
Maintained⚠️ 00 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Binary-Artifacts🟢 10no binaries found in the repo
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Security-Policy⚠️ 0security policy file not detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection🟢 3branch protection is not maximal on development and all release branches
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
gomod/go.etcd.io/bbolt 1.4.0 🟢 7.3
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Maintained🟢 1030 commit(s) and 5 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Binary-Artifacts🟢 10no binaries found in the repo
Packaging⚠️ -1packaging workflow not detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Pinned-Dependencies🟢 10all dependencies are pinned
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
Security-Policy⚠️ 0security policy file not detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
gomod/go.mongodb.org/mongo-driver 1.17.9 🟢 7.5
Details
CheckScoreReason
Dependency-Update-Tool🟢 10update tool detected
Security-Policy🟢 10security policy file detected
Code-Review🟢 8Found 18/22 approved changesets -- score normalized to 8
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Packaging⚠️ -1packaging workflow not detected
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
Maintained🟢 1030 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies🟢 8dependency not pinned by hash detected -- score normalized to 8
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
Vulnerabilities⚠️ 029 existing vulnerabilities detected
SAST🟢 10SAST tool is run on all commits
Fuzzing🟢 10project is fuzzed
Branch-Protection🟢 4branch protection is not maximal on development and all release branches
CI-Tests🟢 1025 out of 25 merged PRs checked by a CI test -- score normalized to 10
Contributors🟢 10project has 23 contributing companies or organizations
gomod/go.mongodb.org/mongo-driver/v2 2.5.0 UnknownUnknown
gomod/go.yaml.in/yaml/v2 2.4.3 UnknownUnknown
gomod/golang.org/x/arch 0.22.0 UnknownUnknown
gomod/golang.org/x/crypto 0.52.0 UnknownUnknown
gomod/golang.org/x/mod 0.35.0 UnknownUnknown
gomod/golang.org/x/net 0.55.0 UnknownUnknown
gomod/golang.org/x/oauth2 0.34.0 UnknownUnknown
gomod/golang.org/x/sync 0.21.0 UnknownUnknown
gomod/golang.org/x/sys 0.45.0 UnknownUnknown
gomod/golang.org/x/term 0.43.0 UnknownUnknown
gomod/golang.org/x/text 0.37.0 UnknownUnknown
gomod/golang.org/x/time 0.14.0 UnknownUnknown
gomod/golang.org/x/tools 0.44.0 UnknownUnknown
gomod/google.golang.org/protobuf 1.36.12-0.20260120151049-f2248ac996af UnknownUnknown
gomod/gopkg.in/evanphx/json-patch.v4 4.13.0 UnknownUnknown
gomod/k8s.io/api 0.36.2 UnknownUnknown
gomod/k8s.io/apimachinery 0.36.2 UnknownUnknown
gomod/k8s.io/client-go 0.36.2 UnknownUnknown
gomod/k8s.io/klog/v2 2.140.0 UnknownUnknown
gomod/k8s.io/kube-openapi 0.0.0-20260317180543-43fb72c5454a 🟢 7.5
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Maintained🟢 1030 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Security-Policy🟢 10security policy file detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Packaging⚠️ -1packaging workflow not detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies🟢 8dependency not pinned by hash detected -- score normalized to 8
Fuzzing🟢 10project is fuzzed
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
gomod/k8s.io/utils 0.0.0-20260210185600-b8788abfbbc2 🟢 5.6
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Maintained⚠️ 23 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 2
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Binary-Artifacts🟢 10no binaries found in the repo
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Pinned-Dependencies🟢 5dependency not pinned by hash detected -- score normalized to 5
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Security-Policy🟢 10security policy file detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
gomod/sigs.k8s.io/json 0.0.0-20250730193827-2d320260d730 UnknownUnknown
gomod/sigs.k8s.io/structured-merge-diff/v6 6.3.2 🟢 6.3
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow⚠️ -1no workflows found
Token-Permissions⚠️ -1No tokens found
Maintained🟢 1018 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Security-Policy🟢 10security policy file detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0

Scanned Files

  • go.mod

…8 updates

Bumps the minor-and-patch group with 16 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [github.com/NVIDIA/go-nvml](https://github.com/NVIDIA/go-nvml) | `0.13.1-0` | `0.13.2-0` |
| [github.com/aws/aws-sdk-go-v2/service/s3](https://github.com/aws/aws-sdk-go-v2) | `1.78.2` | `1.104.0` |
| [github.com/blevesearch/bleve/v2](https://github.com/blevesearch/bleve) | `2.4.4` | `2.6.0` |
| [github.com/coreos/go-oidc](https://github.com/coreos/go-oidc) | `2.3.0+incompatible` | `2.5.0+incompatible` |
| [github.com/crewjam/saml](https://github.com/crewjam/saml) | `0.4.14` | `0.5.1` |
| [github.com/fsnotify/fsnotify](https://github.com/fsnotify/fsnotify) | `1.8.0` | `1.10.1` |
| [github.com/gin-gonic/gin](https://github.com/gin-gonic/gin) | `1.10.0` | `1.12.0` |
| [github.com/go-resty/resty/v2](https://github.com/go-resty/resty) | `2.16.3` | `2.17.2` |
| [github.com/gophercloud/gophercloud/v2](https://github.com/gophercloud/gophercloud) | `2.8.0` | `2.13.0` |
| [github.com/prometheus-community/pro-bing](https://github.com/prometheus-community/pro-bing) | `0.7.0` | `0.9.0` |
| [github.com/shirou/gopsutil/v4](https://github.com/shirou/gopsutil) | `4.25.1` | `4.26.5` |
| [github.com/swaggo/gin-swagger](https://github.com/swaggo/gin-swagger) | `1.6.0` | `1.6.1` |
| [github.com/swaggo/swag](https://github.com/swaggo/swag) | `1.16.3` | `1.16.6` |
| [go.mongodb.org/mongo-driver](https://github.com/mongodb/mongo-go-driver) | `1.17.2` | `1.17.9` |
| [k8s.io/apimachinery](https://github.com/kubernetes/apimachinery) | `0.34.1` | `0.36.2` |
| [k8s.io/client-go](https://github.com/kubernetes/client-go) | `0.34.1` | `0.36.2` |



Updates `github.com/NVIDIA/go-nvml` from 0.13.1-0 to 0.13.2-0
- [Release notes](https://github.com/NVIDIA/go-nvml/releases)
- [Commits](NVIDIA/go-nvml@v0.13.1-0...v0.13.2-0)

Updates `github.com/aws/aws-sdk-go-v2/service/s3` from 1.78.2 to 1.104.0
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](aws/aws-sdk-go-v2@service/s3/v1.78.2...service/s3/v1.104.0)

Updates `github.com/blevesearch/bleve/v2` from 2.4.4 to 2.6.0
- [Release notes](https://github.com/blevesearch/bleve/releases)
- [Commits](blevesearch/bleve@v2.4.4...v2.6.0)

Updates `github.com/coreos/go-oidc` from 2.3.0+incompatible to 2.5.0+incompatible
- [Release notes](https://github.com/coreos/go-oidc/releases)
- [Commits](coreos/go-oidc@v2.3.0...v2.5.0)

Updates `github.com/crewjam/saml` from 0.4.14 to 0.5.1
- [Commits](crewjam/saml@v0.4.14...v0.5.1)

Updates `github.com/fsnotify/fsnotify` from 1.8.0 to 1.10.1
- [Release notes](https://github.com/fsnotify/fsnotify/releases)
- [Changelog](https://github.com/fsnotify/fsnotify/blob/main/CHANGELOG.md)
- [Commits](fsnotify/fsnotify@v1.8.0...v1.10.1)

Updates `github.com/gin-gonic/gin` from 1.10.0 to 1.12.0
- [Release notes](https://github.com/gin-gonic/gin/releases)
- [Changelog](https://github.com/gin-gonic/gin/blob/master/CHANGELOG.md)
- [Commits](gin-gonic/gin@v1.10.0...v1.12.0)

Updates `github.com/go-resty/resty/v2` from 2.16.3 to 2.17.2
- [Release notes](https://github.com/go-resty/resty/releases)
- [Commits](go-resty/resty@v2.16.3...v2.17.2)

Updates `github.com/gophercloud/gophercloud/v2` from 2.8.0 to 2.13.0
- [Release notes](https://github.com/gophercloud/gophercloud/releases)
- [Changelog](https://github.com/gophercloud/gophercloud/blob/v2.13.0/CHANGELOG.md)
- [Commits](gophercloud/gophercloud@v2.8.0...v2.13.0)

Updates `github.com/prometheus-community/pro-bing` from 0.7.0 to 0.9.0
- [Release notes](https://github.com/prometheus-community/pro-bing/releases)
- [Commits](prometheus-community/pro-bing@v0.7.0...v0.9.0)

Updates `github.com/shirou/gopsutil/v4` from 4.25.1 to 4.26.5
- [Release notes](https://github.com/shirou/gopsutil/releases)
- [Commits](shirou/gopsutil@v4.25.1...v4.26.5)

Updates `github.com/swaggo/gin-swagger` from 1.6.0 to 1.6.1
- [Release notes](https://github.com/swaggo/gin-swagger/releases)
- [Commits](swaggo/gin-swagger@v1.6.0...v1.6.1)

Updates `github.com/swaggo/swag` from 1.16.3 to 1.16.6
- [Release notes](https://github.com/swaggo/swag/releases)
- [Commits](swaggo/swag@v1.16.3...v1.16.6)

Updates `go.mongodb.org/mongo-driver` from 1.17.2 to 1.17.9
- [Release notes](https://github.com/mongodb/mongo-go-driver/releases)
- [Commits](mongodb/mongo-go-driver@v1.17.2...v1.17.9)

Updates `golang.org/x/crypto` from 0.39.0 to 0.52.0
- [Commits](golang/crypto@v0.39.0...v0.52.0)

Updates `golang.org/x/sys` from 0.33.0 to 0.45.0
- [Commits](golang/sys@v0.33.0...v0.45.0)

Updates `k8s.io/apimachinery` from 0.34.1 to 0.36.2
- [Commits](kubernetes/apimachinery@v0.34.1...v0.36.2)

Updates `k8s.io/client-go` from 0.34.1 to 0.36.2
- [Changelog](https://github.com/kubernetes/client-go/blob/master/CHANGELOG.md)
- [Commits](kubernetes/client-go@v0.34.1...v0.36.2)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2/service/s3
  dependency-version: 1.104.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: github.com/blevesearch/bleve/v2
  dependency-version: 2.6.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: github.com/coreos/go-oidc
  dependency-version: 2.5.0+incompatible
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: github.com/crewjam/saml
  dependency-version: 0.5.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: github.com/fsnotify/fsnotify
  dependency-version: 1.10.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: github.com/gin-gonic/gin
  dependency-version: 1.12.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: github.com/go-resty/resty/v2
  dependency-version: 2.17.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: github.com/gophercloud/gophercloud/v2
  dependency-version: 2.12.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: github.com/NVIDIA/go-nvml
  dependency-version: 0.13.2-0
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: github.com/prometheus-community/pro-bing
  dependency-version: 0.9.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: github.com/shirou/gopsutil/v4
  dependency-version: 4.26.5
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: github.com/swaggo/gin-swagger
  dependency-version: 1.6.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: github.com/swaggo/swag
  dependency-version: 1.16.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: go.mongodb.org/mongo-driver
  dependency-version: 1.17.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: golang.org/x/crypto
  dependency-version: 0.51.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: golang.org/x/sys
  dependency-version: 0.45.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: k8s.io/apimachinery
  dependency-version: 0.36.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: k8s.io/client-go
  dependency-version: 0.36.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/go_modules/minor-and-patch-f047f05fa0 branch from a6455c5 to bb3c177 Compare June 29, 2026 01:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file go Pull requests that update go code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants