build(deps): bump the minor-and-patch group across 1 directory with 18 updates

[dependabot]

Bumps the minor-and-patch group with 16 updates in the / directory:

Package	From	To
github.com/NVIDIA/go-nvml	0.13.1-0	0.13.2-0
github.com/aws/aws-sdk-go-v2/service/s3	1.78.2	1.104.0
github.com/blevesearch/bleve/v2	2.4.4	2.6.0
github.com/coreos/go-oidc	2.3.0+incompatible	2.5.0+incompatible
github.com/crewjam/saml	0.4.14	0.5.1
github.com/fsnotify/fsnotify	1.8.0	1.10.1
github.com/gin-gonic/gin	1.10.0	1.12.0
github.com/go-resty/resty/v2	2.16.3	2.17.2
github.com/gophercloud/gophercloud/v2	2.8.0	2.13.0
github.com/prometheus-community/pro-bing	0.7.0	0.9.0
github.com/shirou/gopsutil/v4	4.25.1	4.26.5
github.com/swaggo/gin-swagger	1.6.0	1.6.1
github.com/swaggo/swag	1.16.3	1.16.6
go.mongodb.org/mongo-driver	1.17.2	1.17.9
k8s.io/apimachinery	0.34.1	0.36.2
k8s.io/client-go	0.34.1	0.36.2

Updates github.com/NVIDIA/go-nvml from 0.13.1-0 to 0.13.2-0

Release notes

Sourced from github.com/NVIDIA/go-nvml's releases.

v0.13.2-0

What's Changed

• sync nvml.h with CUDA version 13.2 by @​tariq1890 in NVIDIA/go-nvml#184

Full Changelog: NVIDIA/go-nvml@v0.13.1-0...v0.13.2-0

Commits

• a940d4c Merge pull request #184 from NVIDIA/upd-nvml-h-cuda-13.2
• 2976179 sync nvml.h with CUDA version 13.2.1 and update go bindings
• See full diff in compare view

Updates github.com/aws/aws-sdk-go-v2/service/s3 from 1.78.2 to 1.104.0

Commits

• 99943aa Release 2026-06-16
• 8594135 Regenerated Clients
• 14151e5 Update endpoints model
• f43e77c Update API model
• 9fcc53a Release 2026-06-15
• 65154c1 Regenerated Clients
• b86c7b9 Update API model
• 750e42a Release 2026-06-12
• f64ce2c Regenerated Clients
• 04e9755 Update endpoints model
• Additional commits viewable in compare view

Updates github.com/blevesearch/bleve/v2 from 2.4.4 to 2.6.0

Release notes

Sourced from github.com/blevesearch/bleve/v2's releases.

v2.6.0

What's Changed

• MB-69881: Improved APIs and perf optimizations for vector search by @​CascadingRadium in blevesearch/bleve#2270
• MB-27666: Hierarchy Search by @​CascadingRadium ; see docs/hierarchy.md
• Remove legacy vendor folder by @​CascadingRadium in blevesearch/bleve#2271
• Upgrade several dependencies - roaring/v2, mmap-go etc. by @​abhinavdangeti in blevesearch/bleve#2275
• MB-59633: Improve performance of Geospatial Search by @​CascadingRadium in blevesearch/bleve#2268
• MB-70388: Add forced docvalues for geopoint fields by @​Likith101 in blevesearch/bleve#2278
• MB-70410: Simplify CoalesceQueue in hierarchical nested search by @​CascadingRadium in blevesearch/bleve#2283
• MB-61890 - Introducing config for zap layer by @​Thejas-bhat in blevesearch/bleve#2066
• Handle nil multiSearchParams properly for MultiSearch by @​capemox in blevesearch/bleve#2286
• MB-59633: Disable DocValues Chunking & Compression for Geo Fields by @​Likith101 in blevesearch/bleve#2269
• Improved geo spatial search accuracy by @​Likith101 in blevesearch/geo#29 & blevesearch/geo#30
• MB-62985: Support for Binary quantized vector indexes @​Likith101 ; see docs/vectors.md
• MB-62182: New merge approach that avoids re-training of vector indexes @​Thejas-bhat ; see docs/fast_merge.md
• MB-71041: avoid updating root.bolt with in-memory segment's data by @​Thejas-bhat in blevesearch/bleve#2296
• MB-65018 add custom_filter/custom_score query support with context-driven callback hooks by @​maneuvertomars in blevesearch/bleve#2289 ; see docs/custom_query.md
• MB-65860: Introducing support for fileIO Callbacks by @​Likith101 in blevesearch/bleve#2209
• (perf) pool queryStringLex to reuse bufio.Reader across query parses by @​huynhanx03 in blevesearch/bleve#2300
• Fix null issue when parsing search request attributes by @​CascadingRadium in blevesearch/bleve#2312
• MB-71375: Bolt Wrappers for File Callbacks by @​Likith101 in blevesearch/bleve#2309
• Absorb fixes for filtering vector search, update workflows by @​abhinavdangeti in blevesearch/bleve#2314
• MB-59670: GPU-Accelerated Vector Search by @​CascadingRadium & @​capemox ; see docs/vectors.md
• MB-71383: Expose vector field stats in scorch by @​capemox in blevesearch/bleve#2316
• Added check for in-memory segment merge by @​Likith101 in blevesearch/bleve#2319
• MB-71607: Fixed data corruption in bolt by @​Likith101 in blevesearch/bleve#2324
• Fix metrics involving NestedDocuments by @​CascadingRadium in blevesearch/bleve#2325
• MB-71216, MB-71650: Implement fast merge over binary index classes by @​Thejas-bhat in blevesearch/bleve#2326
• Upgrade to go-faiss@v1.1.0; Fix formatting, typos, etc. in docs/ by @​abhinavdangeti in blevesearch/bleve#2328

Introduced new file format - zapx@v17

Milestone: https://github.com/blevesearch/bleve/milestone/29 Full Changelog: blevesearch/bleve@v2.5.7...v2.6.0

v2.5.7

What's Changed

• MB-69654: Fix vector field alias validation by @​CascadingRadium in blevesearch/bleve#2259
• Used iota for scorch EventKind by @​capemox in blevesearch/bleve#2257
• Fix String API for SearchResult by @​CascadingRadium in blevesearch/bleve#2262
• MB-55637: Added new error types in scorch by @​capemox in blevesearch/bleve#2255
• Add documentation for multi-vector and nested-vector field support by @​CascadingRadium in blevesearch/bleve#2261
• Add coverage (goveralls) github action by @​abhinavdangeti in blevesearch/bleve#2263
• MB-69641: Add support for retrieval of multi-vector documents by @​CascadingRadium in blevesearch/bleve#2258
• MB-69655: Fix vector normalization to handle multi-vectors correctly by @​CascadingRadium in blevesearch/bleve#2264

Milestone: https://github.com/blevesearch/bleve/milestone/33 Full Changelog: blevesearch/bleve@v2.5.6...v2.5.7

v2.5.6

... (truncated)

Commits

• d8f2ab9 Upgrade to go-faiss@v1.1.0; Fix formatting, typos, etc. in docs/ (#2328)
• 71b13fe go fmt ./... (#2327)
• 2a48049 MB-71216, MB-71650: Implement fast merge over binary index classes (#2326)
• a9e101a Fix metrics involving NestedDocuments (#2325)
• 2c7269a v2.6.0 doc fixes (#2323)
• e5e7e9e MB-71607: Fixed data corruption in bolt (#2324)
• 08e551f Updates to docs/vectors.md for v2.6.0 (#2320)
• 7cb486d Add a document for fast merge (#2321)
• d3a4022 Added check for in-memory segment merge (#2319)
• 77af9c8 Update docs/vectors.md (#2318)
• Additional commits viewable in compare view

Updates github.com/coreos/go-oidc from 2.3.0+incompatible to 2.5.0+incompatible

Release notes

Sourced from github.com/coreos/go-oidc's releases.

v2.5.0

What's Changed

• *: format all files using newer Go versions by @​ericchiang in coreos/go-oidc#472
• *: add sanity check to avoid JWT over-allocation by @​ericchiang in coreos/go-oidc#473

Full Changelog: coreos/go-oidc@v2.4.0...v2.5.0

v2.4.0

What's Changed

• oidc: verify signature before parsing token by @​ericchiang in coreos/go-oidc#465

Full Changelog: coreos/go-oidc@v2.3.0...v2.4.0

Commits

• 153fc73 *: add sanity check to avoid JWT over-allocation
• eb183a9 *: format all files using newer Go versions
• 752fcad oidc: verify signature before parsing token
• See full diff in compare view

Updates github.com/crewjam/saml from 0.4.14 to 0.5.1

Commits

• e3d0323 Revert "fix: Improper namespace application in elementToBytes (#580)"
• e985226 ArtifactResolve: change order of elements to satisfy ADFS
• 7c9cb20 CookieSessionProvider: add Path
• 97deba2 tidy up AuthnRequest.Redirect
• f051927 update readme
• 7e8fef5 bump golang.org/x/crypto to v0.33.0 which is the highest version that support...
• ed59954 properly set minimum go version to 1.22 (#604)
• 5b2a7ec remove pointless dependency on github.com/stretchr/testify
• 10fe88b remove pointless dependency on github.com/kr/pretty
• 30fafb0 remove pointless dependency on github.com/dchest/uniuri
• Additional commits viewable in compare view

Updates github.com/fsnotify/fsnotify from 1.8.0 to 1.10.1

Release notes

Sourced from github.com/fsnotify/fsnotify's releases.

v1.10.1

Changes and fixes

• inotify: don't remove sibling watches sharing a path prefix (#754)

• inotify, windows: don't rename sibling watches sharing a path prefix (#755)

#754: fsnotify/fsnotify#754 #755: fsnotify/fsnotify#755

v1.10.0

This version of fsnotify needs Go 1.23.

Changes and fixes

• inotify: improve initialization error message (#731)

• inotify: send Rename event if recursive watch is renamed (#696)

• inotify: avoid copying event buffers when reading names (#741)

• kqueue: skip dangling symlinks (ENOENT) in watchDirectoryFiles, so a bad entry no longer aborts Watcher.Add for the whole directory (#748)

• kqueue: drop watches directly in Close() to fix a file descriptor leak when recycling watchers (#740)

• windows: fix nil pointer dereference in remWatch (#736)

• windows: lock watch field updates against concurrent WatchList to fix a race introduced in v1.9.0 (#709, #749)

#696: fsnotify/fsnotify#696 #709: fsnotify/fsnotify#709 #731: fsnotify/fsnotify#731 #736: fsnotify/fsnotify#736 #740: fsnotify/fsnotify#740 #741: fsnotify/fsnotify#741 #748: fsnotify/fsnotify#748 #749: fsnotify/fsnotify#749

v1.9.0

Changes and fixes

• all: make BufferedWatcher buffered again (#657)

• inotify: fix race when adding/removing watches while a watched path is being deleted (#678, #686)

• inotify: don't send empty event if a watched path is unmounted (#655)

• inotify: don't register duplicate watches when watching both a symlink and its target; previously that would get "half-added" and removing the second would panic (#679)

... (truncated)

Changelog

Sourced from github.com/fsnotify/fsnotify's changelog.

1.10.1 2026-05-04

Changes and fixes

• inotify: don't remove sibling watches sharing a path prefix (#754)

• inotify, windows: don't rename sibling watches sharing a path prefix (#755)

#754: fsnotify/fsnotify#754 #755: fsnotify/fsnotify#755

1.10.0 2026-04-30

This version of fsnotify needs Go 1.23.

Changes and fixes

• inotify: improve initialization error message (#731)

• inotify: send Rename event if recursive watch is renamed (#696)

• inotify: avoid copying event buffers when reading names (#741)

• kqueue: skip dangling symlinks (ENOENT) in watchDirectoryFiles, so a bad entry no longer aborts Watcher.Add for the whole directory (#748)

• kqueue: drop watches directly in Close() to fix a file descriptor leak when recycling watchers (#740)

• windows: fix nil pointer dereference in remWatch (#736)

• windows: lock watch field updates against concurrent WatchList to fix a race introduced in v1.9.0 (#709, #749)

#696: fsnotify/fsnotify#696 #709: fsnotify/fsnotify#709 #731: fsnotify/fsnotify#731 #736: fsnotify/fsnotify#736 #740: fsnotify/fsnotify#740 #741: fsnotify/fsnotify#741 #748: fsnotify/fsnotify#748 #749: fsnotify/fsnotify#749

1.9.0 2024-04-04

... (truncated)

Commits

• 76b01a6 Release 1.10.1
• fec150b Update changelog
• 162b421 inotify, windows: don't rename sibling watches sharing a path prefix (#755)
• 224257f inotify: don't remove sibling watches sharing a path prefix (#754)
• e0c956c windows: document directory Write events and stabilize tests (#745)
• 8d01d7b Release 1.10.0
• 602284e Update changelog
• 7f03e59 kqueue: skip ENOENT entries in watchDirectoryFiles (#748)
• dab9dde windows: lock watch field updates against concurrent WatchList (#709) (#749)
• eadf267 kqueue: drop watches directly in Close() instead of going through remove() (#...
• Additional commits viewable in compare view

Updates github.com/gin-gonic/gin from 1.10.0 to 1.12.0

Release notes

Sourced from github.com/gin-gonic/gin's releases.

v1.12.0

Changelog

Features

• 192ac89eefc1c30f7c97ae48a9ffb1c6f1c8c8bc: feat(binding): add support for encoding.UnmarshalText in uri/query binding (#4203) (@​takanuva15)
• 53410d2e07054369e0960fbe2eed97e1b9966f12: feat(context): add GetError and GetErrorSlice methods for error retrieval (#4502) (@​raju-mechatronics)
• acc55e049e33b401e810dbd8c0d6dcb6b3ba2b05: feat(context): add Protocol Buffers support to content negotiation (#4423) (@​1911860538)
• 38e765119241d990705169bedb5002a29ae0cbd1: feat(context): implemented Delete method (@​Spyder01)
• 771dcc6476d7bc6abb9ec0235ecefa4d38fe6fb0: feat(gin): add option to use escaped path (#4420) (@​ldesauw)
• 4dec17afdff48e8018c83618fbbe69fceeb2b41d: feat(logger): color latency (#4146) (@​wsyqn6)
• d7776de7d444935ea4385999711bd6331a98fecb: feat(render): add bson protocol (#4145) (@​laurentcau)

Bug fixes

• b917b14ff9d189f16a7492be79d123a47806ee19: fix(binding): empty value error (#2169) (@​guonaihong)
• c3d1092b3b48addf6f9cd00fe274ec3bd14650eb: fix(binding): improve empty slice/array handling in form binding (#4380) (@​1911860538)
• 9914178584e42458ff7d23891463a880f58c9d86: fix(context): ClientIP handling for multiple X-Forwarded-For header values (#4472) (@​Nurysso)
• 2a794cd0b0faa7d829291375b27a3467ea972b0d: fix(debug): version mismatch (#4403) (@​zeek0x)
• c3d5a28ed6d3849da820195b6774d212bcc038a9: fix(gin): close os.File in RunFd to prevent resource leak (#4422) (@​1911860538)
• 5fad976b372e381312f8de69f0969f1284d229d3: fix(gin): literal colon routes not working with engine.Handler() (#4415) (@​pawannn)
• 63dd3e60cab89c27fb66bce1423bd268d52abad1: fix(recover): suppress http.ErrAbortHandler in recover (#4336) (@​MondayCha)
• 5c00df8afadd06cc5be530dde00fe6d9fa4a2e4a: fix(render): write content length in Data.Render (#4206) (@​dengaleev)
• 234a6d4c00cb77af9852aca0b8289745d5529b4b: fix(response): refine hijack behavior for response lifecycle (#4373) (@​appleboy)
• 472d086af2acd924cb4b9d7be0525f7d790f69bc: fix(tree): panic in findCaseInsensitivePathRec with RedirectFixedPath (#4535) (@​veeceey)
• 8e07d37c63e5536eb25f4af4c91eabeee4011fba: fix: Correct typos, improve documentation clarity, and remove dead code (#4511) (@​mahanadh)

Enhancements

• ba093d19477b896ac89a7fc3246af23d290b8e26: chore(binding): upgrade bson dependency to mongo-driver v2 (#4549) (@​BobDu)
• b2b489dbf4826c2c630717a77fd5e42774625410: chore(context): always trust xff headers from unix socket (#3359) (@​WeidiDeng)
• ecb3f7b5e2f3915bf1db240ed5eee572f8dbea36: chore(deps): upgrade golang.org/x/crypto to v0.45.0 (#4449) (@​appleboy)
• af6e8b70b8261bb0c99ad094fe552ab92991620a: chore(deps): upgrade quic-go to v0.57.1 (@​appleboy)
• db309081bc5c137b2aa15701ef53f7f19788da25: chore(logger): allow skipping query string output (#4547) (@​USA-RedDragon)
• 26c3a628655cad2388380cb8102d6ce7d4875f3b: chore(response): prevent Flush() panic when http.Flusher (#4479) (@​Twacqwq)
• 5dd833f1f26de0eb30eae47b17e05ced2482dc41: chore: bump minimum Go version to 1.24 and update workflows (#4388) (@​appleboy)

Refactor

• 39858a0859c914bd26948fa950477e11bd8d3823: refactor(binding): use maps.Copy for cleaner map handling (#4352) (@​russcoss)
• c0048f645ee945c4db30593afdea10123e2c30a6: refactor(context): omit the return value names (#4395) (@​wanghaolong613)
• 915e4c90d28ec4cffc6eb146e208ab5a65eac772: refactor(context): replace hardcoded localhost IPs with constants (#4481) (@​pauloappbr)
• 414de60574449457f3192a7a1d5528940db2836d: refactor(context): using maps.Clone (#4333) (@​cuiweixie)
• 59e9d4a794f12c4f9a6c7bed441b9644e5f6d99b: refactor(ginS): use sync.OnceValue to simplify engine function (#4314) (@​1911860538)
• 3ab698dc5110af1977d57226e4995c57dd34c233: refactor(recovery): smart error comparison (#4142) (@​zeek0x)
• d1a15347b1e45a8ee816193d3578a93bfd73b70f: refactor(utils): move util functions to utils.go (#4467) (@​zeek0x)
• e3118cc378d263454098924ebbde7e8d1dd2e904: refactor: for loop can be modernized using range over int (#4392) (@​wanghaolong613)
• 488f8c3ffa579a8d19beb2bae95ff8ef36b3d53f: refactor: replace magic numbers with named constants in bodyAllowedForStatus (#4529) (@​veeceey)
• 9968c4bf9d5a99edc3eee2c068a4c9160ece8915: refactor: use b.Loop() to simplify the code and improve performance (#4389) (@​reddaisyy)
• a85ef5ce4d0cda8834c59c855068ed48b51192d1: refactor: use b.Loop() to simplify the code and improve performance (#4432) (@​efcking)

Build process updates

• 61b67de522a189b568aced4c5c16917c558e3387: ci(bot): increase frequency and group updates for dependencies (#4367) (@​appleboy)
• fb27ef26c2fdfe25344b4c039d8a53551f9e912c: ci(lint): refactor test assertions and linter configuration (#4436) (@​appleboy)
• 93ff771e6dbf10e432864b30f3719ac5c84a4d4a: ci(sec): improve type safety and server organization in HTTP middleware (#4437) (@​appleboy)
• e88fc8927a52b74f55bec0351604a56ac0aa1c51: ci(sec): schedule Trivy security scans to run daily at midnight UTC (#4439) (@​appleboy)
• 5e5ff3ace496a31b138b0820136a146bfb5de0ef: ci: replace vulnerability scanning workflow with Trivy integration (#4421) (@​appleboy)
• 00900fb3e1ea9dde33985a0e4f6afec793d5e786: ci: update CI workflows and standardize Trivy config quotes (#4531) (@​appleboy)
• ae3f524974fc4f55d18c9e7fae4614503c015226: ci: update Go version support to 1.25+ across CI and docs (#4550) (@​appleboy)

... (truncated)

Changelog

Sourced from github.com/gin-gonic/gin's changelog.

Gin v1.12.0

Features

• feat(render): add bson protocol (#4145)
• feat(context): add GetError and GetErrorSlice methods for error retrieval (#4502)
• feat(binding): add support for encoding.UnmarshalText in uri/query binding (#4203)
• feat(gin): add option to use escaped path (#4420)
• feat(context): add Protocol Buffers support to content negotiation (#4423)
• feat(context): implemented Delete method (#38e7651)
• feat(logger): color latency (#4146)

Enhancements

• perf(tree): reduce allocations in findCaseInsensitivePath (#4417)
• perf(recovery): optimize line reading in stack function (#4466)
• perf(path): replace regex with custom functions in redirectTrailingSlash (#4414)
• perf(tree): optimize path parsing using strings.Count (#4246)
• chore(logger): allow skipping query string output (#4547)
• chore(context): always trust xff headers from unix socket (#3359)
• chore(response): prevent Flush() panic when the underlying ResponseWriter does not implement http.Flusher (#4479)
• refactor(recovery): smart error comparison (#4142)
• refactor(context): replace hardcoded localhost IPs with constants (#4481)
• refactor(utils): move util functions to utils.go (#4467)
• refactor(binding): use maps.Copy for cleaner map handling (#4352)
• refactor(context): using maps.Clone (#4333)
• refactor(ginS): use sync.OnceValue to simplify engine function (#4314)
• refactor: replace magic numbers with named constants in bodyAllowedForStatus (#4529)
• refactor: for loop can be modernized using range over int (#4392)

Bug Fixes

• fix(tree): panic in findCaseInsensitivePathRec with RedirectFixedPath (#4535)
• fix(render): write content length in Data.Render (#4206)
• fix(context): ClientIP handling for multiple X-Forwarded-For header values (#4472)
• fix(binding): empty value error (#2169)
• fix(recover): suppress http.ErrAbortHandler in recover (#4336)
• fix(gin): literal colon routes not working with engine.Handler() (#4415)
• fix(gin): close os.File in RunFd to prevent resource leak (#4422)
• fix(response): refine hijack behavior for response lifecycle (#4373)
• fix(binding): improve empty slice/array handling in form binding (#4380)
• fix(debug): version mismatch (#4403)
• fix: correct typos, improve documentation clarity, and remove dead code (#4511)

Build process updates / CI

• ci: update Go version support to 1.25+ across CI and docs (#4550)
• chore(binding): upgrade bson dependency to mongo-driver v2 (#4549)

Gin v1.11.0

... (truncated)

Commits

• 73726dc docs: update documentation to reflect Go version changes (#4552)
• e292e5c docs: document and finalize Gin v1.12.0 release (#4551)
• ae3f524 ci: update Go version support to 1.25+ across CI and docs (#4550)
• 38534e2 chore(deps): bump golang.org/x/net from 0.50.0 to 0.51.0 (#4548)
• 472d086 fix(tree): panic in findCaseInsensitivePathRec with RedirectFixedPath (#4535)
• fb25834 test(context): use http.StatusContinue constant instead of magic number 100 (...
• 6f1d5fe test(render): add comprehensive error handling tests (#4541)
• 5c00df8 fix(render): write content length in Data.Render (#4206)
• db30908 chore(logger): allow skipping query string output (#4547)
• ba093d1 chore(binding): upgrade bson dependency to mongo-driver v2 (#4549)
• Additional commits viewable in compare view

Updates github.com/go-resty/resty/v2 from 2.16.3 to 2.17.2

Release notes

Sourced from github.com/go-resty/resty/v2's releases.

v2.17.2

Release Notes

Backport

• backport: header deepcopy fix by @​jeevatkm in go-resty/resty#1110

Release

• release: version bump to v2.17.2 and readme update by @​jeevatkm in go-resty/resty#1112

Full Changelog: go-resty/resty@v2.17.1...v2.17.2

v2.17.1

Release Notes

Bug Fixes

• fix: content type request header on http.NoBody type #1074 by @​jeevatkm in go-resty/resty#1079

Full Changelog: go-resty/resty@v2.17.0...v2.17.1

v2.17.0

Release Notes

Bug Fixes

• Fix off-by-one error in key/value resolution by @​mbsulliv in go-resty/resty#975
• Fix/missing content length header on empty post req by @​Libero-Dev in go-resty/resty#1003

Backport

• backport: potential wrong total time in trace info from PR #1017 by @​git-hulk in go-resty/resty#1018
• backport: negative trace substraction when using SetTimeout by @​nicolasbeauvais in go-resty/resty#1065

Release Updates

• For v2.17.0 release by @​jeevatkm in go-resty/resty#1066

New Contributors

• @​mbsulliv made their first contribution in go-resty/resty#975
• @​Libero-Dev made their first contribution in go-resty/resty#1003

Full Changelog: go-resty/resty@v2.16.5...v2.17.0

v2.16.5

Release Notes

Bug Fixes

• fix: auth scheme and token from client level #959 by @​jeevatkm in go-resty/resty#960

Documentation

• chore(release): version bump and readme update by @​jeevatkm in go-resty/resty#961

... (truncated)

Commits

• b1b3aaa release: version bump to v2.17.2 and readme update (#1112)
• fb4a091 backport: header deepcopy fix (#1110)
• 52f3f39 Merge pull request #1079 from go-resty/fix-cnt-type-hdr-on-emptybody
• 16e2701 release: v2.17.1 readme update
• 203bf14 fix: content type request header on http.NoBody type #1074
• 061e449 chore: version bump to v2.17.1
• d4c3576 Merge pull request #1066 from go-resty/for-v2.17.0-release
• 6452271 chore: update readme for release v2.17.0
• 2eab959 ci: update go version 1.23.0
• 795d6c2 chore: update go.mod package versions
• Additional commits viewable in compare view

Updates github.com/gophercloud/gophercloud/v2 from 2.8.0 to 2.13.0

Release notes

Sourced from github.com/gophercloud/gophercloud/v2's releases.

v2.13.0

What's Changed

• [v2] CI: Add Gazpacho, drop Dalmatian by @​stephenfin in gophercloud/gophercloud#3707
• build(deps): bump github/codeql-action from 4.35.1 to 4.35.2 by @​dependabot[bot] in gophercloud/gophercloud#3723
• build(deps): bump golang.org/x/crypto from 0.49.0 to 0.50.0 by @​dependabot[bot] in gophercloud/gophercloud#3717
• build(deps): bump actions/upload-artifact from 7.0.0 to 7.0.1 by @​dependabot[bot] in gophercloud/gophercloud#3720
• [v2] Implement resource provider allocations by @​Etua in gophercloud/gophercloud#3728
• [v2] fix: skip non-struct fields in extractIntoPtr slice path to prevent unmarshal panic by @​winiciusallan in gophercloud/gophercloud#3730
• [v2] Implement usages by @​Etua in gophercloud/gophercloud#3731
• [v2] Bump golangci-lint by @​stephenfin in gophercloud/gophercloud#3737
• [v2] Leverage RandomUUID() in Placement resourceproviders tests by @​Etua in gophercloud/gophercloud#3732
• build(deps): bump golang.org/x/crypto from 0.50.0 to 0.51.0 by @​dependabot[bot] in gophercloud/gophercloud#3758
• build(deps): bump github/codeql-action from 4.35.2 to 4.35.4 by @​dependabot[bot] in gophercloud/gophercloud#3752
• build(deps): bump actions/labeler from 6.0.1 to 6.1.0 by @​dependabot[bot] in gophercloud/gophercloud#3744
• [v2] fix(vpnaas): change encryption and auth method in acceptance tests by @​winiciusallan in gophercloud/gophercloud#3760
• [v2] Allow clearing Placement resource provider parent_provider_uuid by @​Etua in gophercloud/gophercloud#3762
• [v2] tests: Prefer extension check over environment variable by @​stephenfin in gophercloud/gophercloud#3771
• [v2] neutron: properly enable port-forwarding extension in devstack by @​kayrus in gophercloud/gophercloud#3770
• [v2] db/instances: remove hardcoded 300GB size cap by @​DDuckSCH21 in gophercloud/gophercloud#3769
• build(deps): bump github/codeql-action from 4.35.4 to 4.35.5 by @​dependabot[bot] in gophercloud/gophercloud#3764
• [v2] Add Placement resourceprovider list post 1.39 by @​Etua in gophercloud/gophercloud#3772
• [v2] Add support for listing recordsets across all zones by @​Sharpz7 in gophercloud/gophercloud#3774
• [v2] CI: Use pre-built amphora images for Octavia jobs by @​mandre in gophercloud/gophercloud#3775
• [v2] allow port ranges in floating ip portforwarding by @​rjmercier1 in gophercloud/gophercloud#3776
• [v2] docs: relax one-operation-per-PR rule by @​mandre in gophercloud/gophercloud#3787
• build(deps): bump github/codeql-action from 4.35.5 to 4.36.0 by @​dependabot[bot] in gophercloud/gophercloud#3784
• build(deps): bump golang.org/x/crypto from 0.51.0 to 0.52.0 by @​dependabot[bot] in gophercloud/gophercloud#3781
• [v2] Add AGENTS.md by @​mandre in gophercloud/gophercloud#3790
• build(deps): bump github/codeql-action from 4.36.0 to 4.36.1 by @​dependabot[bot] in gophercloud/gophercloud#3794
• [v2] dns: add AllProjects support to zones.List via X-Auth-All-Projects header by @​abhijith-darshan in gophercloud/gophercloud#3802
• dns: fix SudoTenantID type in zones ListOpts by @​abhijith-darshan in gophercloud/gophercloud#3808

Full Changelog: gophercloud/gophercloud@v2.12.0...v2.13.0

v2.12.0

What's Changed

• [v2] Fix cl...

  Description has been truncated

[github-actions]

⚠️ Deprecation Warning: The deny-licenses option is deprecated for possible removal in the next major release. For more information, see issue 997.

Dependency Review

The following issues were found:

• ❌ 2 vulnerable package(s)
• ✅ 0 package(s) with incompatible licenses
• ✅ 0 package(s) with invalid SPDX license definitions
• ⚠️ 53 package(s) with unknown licenses.
• ⚠️ 1 packages with OpenSSF Scorecard issues.

See the Details below.

Vulnerabilities

go.mod

Name	Version	Vulnerability	Severity
github.com/russellhaering/goxmldsig	1.4.0	validateSignature Loop Variable Capture Signature Bypass in goxmldsig	high
github.com/quic-go/quic-go	0.59.0	quic-go: HTTP/3 QPACK Trailer Expansion Memory Exhaustion	moderate

Only included vulnerabilities with severity moderate or higher.

License Issues

go.mod

Package	Version	License	Issue Type
github.com/quic-go/quic-go	0.59.0	Null	Unknown License
github.com/NVIDIA/go-nvml	0.13.2-0	Null	Unknown License
github.com/RoaringBitmap/roaring/v2	2.14.5	Null	Unknown License
github.com/aws/aws-sdk-go-v2	1.42.0	Null	Unknown License
github.com/aws/aws-sdk-go-v2/internal/configsources	1.4.29	Null	Unknown License
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2	2.7.29	Null	Unknown License
github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding	1.13.12	Null	Unknown License
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url	1.13.29	Null	Unknown License
github.com/aws/aws-sdk-go-v2/service/internal/s3shared	1.19.29	Null	Unknown License
github.com/aws/aws-sdk-go-v2/service/s3	1.104.0	Null	Unknown License
github.com/aws/smithy-go	1.27.1	Null	Unknown License
github.com/beevik/etree	1.5.0	Null	Unknown License
github.com/bits-and-blooms/bitset	1.24.2	Null	Unknown License
github.com/blevesearch/bleve/v2	2.6.0	Null	Unknown License
github.com/blevesearch/bleve_index_api	1.3.11	Null	Unknown License
github.com/blevesearch/geo	0.2.5	Null	Unknown License
github.com/blevesearch/vellum	1.2.0	Null	Unknown License
github.com/bytedance/gopkg	0.1.3	Null	Unknown License
github.com/bytedance/sonic	1.15.0	Null	Unknown License
github.com/cloudwego/base64x	0.1.6	Null	Unknown License
github.com/coreos/go-oidc	2.5.0+incompatible	Null	Unknown License
github.com/crewjam/saml	0.5.1	Null	Unknown License
github.com/ebitengine/purego	0.10.0	Null	Unknown License
github.com/emicklei/go-restful/v3	3.13.0	Null	Unknown License
github.com/fsnotify/fsnotify	1.10.1	Null	Unknown License
github.com/gabriel-vasile/mimetype	1.4.12	Null	Unknown License
github.com/gin-contrib/sse	1.1.0	Null	Unknown License
github.com/gin-gonic/gin	1.12.0	Null	Unknown License
github.com/go-logr/logr	1.4.3	Null	Unknown License
github.com/go-playground/validator/v10	10.30.1	Null	Unknown License
github.com/go-resty/resty/v2	2.17.2	Null	Unknown License
github.com/goccy/go-json	0.10.5	Null	Unknown License
github.com/goccy/go-yaml	1.19.2	Null	Unknown License
github.com/golang/snappy	1.0.0	Null	Unknown License
github.com/klauspost/cpuid/v2	2.3.0	Null	Unknown License
github.com/pelletier/go-toml/v2	2.2.4	Null	Unknown License
github.com/shirou/gopsutil/v4	4.26.5	Null	Unknown License
github.com/spf13/pflag	1.0.9	Null	Unknown License
github.com/swaggo/gin-swagger	1.6.1	Null	Unknown License
github.com/swaggo/swag	1.16.6	Null	Unknown License
github.com/tklauser/numcpus	0.11.0	Null	Unknown License
github.com/ugorji/go/codec	1.3.1	Null	Unknown License
golang.org/x/crypto	0.52.0	Null	Unknown License
golang.org/x/net	0.55.0	Null	Unknown License
golang.org/x/sync	0.21.0	Null	Unknown License
golang.org/x/sys	0.45.0	Null	Unknown License
google.golang.org/protobuf	1.36.12-0.20260120151049-f2248ac996af	Null	Unknown License
k8s.io/api	0.36.2	Null	Unknown License
k8s.io/apimachinery	0.36.2	Null	Unknown License
k8s.io/client-go	0.36.2	Null	Unknown License
k8s.io/klog/v2	2.140.0	Null	Unknown License
sigs.k8s.io/json	0.0.0-20250730193827-2d320260d730	Null	Unknown License
github.com/gophercloud/gophercloud/v2	2.13.0	Null	Unknown License

Denied Licenses:

GPL-1.0-or-later, LGPL-2.0-or-later

OpenSSF Scorecard

Scorecard details

Package	Version	Score	Details
gomod/github.com/russellhaering/goxmldsig	1.4.0	🟢 6.9	Details Check Score Reason Binary-Artifacts 🟢 10 no binaries found in the repo Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration CI-Tests ⚠️ 1 2 out of 15 merged PRs checked by a CI test -- score normalized to 1 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Code-Review ⚠️ 0 found 10 unreviewed changesets out of 10 -- score normalized to 0 Contributors 🟢 10 3 different organizations found -- score normalized to 10 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Dependency-Update-Tool 🟢 10 update tool detected Fuzzing 🟢 10 project is fuzzed License 🟢 10 license file detected Maintained ⚠️ 0 0 commit(s) out of 30 and 0 issue activity out of 30 found in the last 90 days -- score normalized to 0 Packaging ⚠️ -1 no published package detected Pinned-Dependencies 🟢 7 dependency not pinned by hash detected -- score normalized to 7 SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Security-Policy 🟢 10 security policy file detected Signed-Releases ⚠️ -1 no releases found Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Vulnerabilities 🟢 10 no vulnerabilities detected
gomod/github.com/quic-go/quic-go	0.59.0	Unknown	Unknown
gomod/github.com/NVIDIA/go-nvml	0.13.2-0	Unknown	Unknown
gomod/github.com/RoaringBitmap/roaring/v2	2.14.5	Unknown	Unknown
gomod/github.com/aws/aws-sdk-go-v2	1.42.0	Unknown	Unknown
gomod/github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream	1.7.13	🟢 5.8	Details Check Score Reason Code-Review ⚠️ 0 Found 0/30 approved changesets -- score normalized to 0 Maintained 🟢 10 30 commit(s) and 18 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Packaging ⚠️ -1 packaging workflow not detected License 🟢 10 license file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions 🟢 9 detected GitHub workflow tokens with excessive permissions Branch-Protection 🟢 5 branch protection is not maximal on development and all release branches Signed-Releases ⚠️ -1 no releases found Security-Policy 🟢 10 security policy file detected Fuzzing ⚠️ 0 project is not fuzzed SAST ⚠️ 0 no SAST tool detected Binary-Artifacts 🟢 9 binaries present in source code Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0
gomod/github.com/aws/aws-sdk-go-v2/internal/configsources	1.4.29	Unknown	Unknown
gomod/github.com/aws/aws-sdk-go-v2/internal/endpoints/v2	2.7.29	Unknown	Unknown
gomod/github.com/aws/aws-sdk-go-v2/internal/v4a	1.4.30	🟢 5.8	Details Check Score Reason Code-Review ⚠️ 0 Found 0/30 approved changesets -- score normalized to 0 Maintained 🟢 10 30 commit(s) and 18 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Packaging ⚠️ -1 packaging workflow not detected License 🟢 10 license file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions 🟢 9 detected GitHub workflow tokens with excessive permissions Branch-Protection 🟢 5 branch protection is not maximal on development and all release branches Signed-Releases ⚠️ -1 no releases found Security-Policy 🟢 10 security policy file detected Fuzzing ⚠️ 0 project is not fuzzed SAST ⚠️ 0 no SAST tool detected Binary-Artifacts 🟢 9 binaries present in source code Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0
gomod/github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding	1.13.12	Unknown	Unknown
gomod/github.com/aws/aws-sdk-go-v2/service/internal/checksum	1.9.22	🟢 5.8	Details Check Score Reason Code-Review ⚠️ 0 Found 0/30 approved changesets -- score normalized to 0 Maintained 🟢 10 30 commit(s) and 18 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Packaging ⚠️ -1 packaging workflow not detected License 🟢 10 license file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions 🟢 9 detected GitHub workflow tokens with excessive permissions Branch-Protection 🟢 5 branch protection is not maximal on development and all release branches Signed-Releases ⚠️ -1 no releases found Security-Policy 🟢 10 security policy file detected Fuzzing ⚠️ 0 project is not fuzzed SAST ⚠️ 0 no SAST tool detected Binary-Artifacts 🟢 9 binaries present in source code Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0
gomod/github.com/aws/aws-sdk-go-v2/service/internal/presigned-url	1.13.29	Unknown	Unknown
gomod/github.com/aws/aws-sdk-go-v2/service/internal/s3shared	1.19.29	Unknown	Unknown
gomod/github.com/aws/aws-sdk-go-v2/service/s3	1.104.0	Unknown	Unknown
gomod/github.com/aws/smithy-go	1.27.1	Unknown	Unknown
gomod/github.com/beevik/etree	1.5.0	Unknown	Unknown
gomod/github.com/bits-and-blooms/bitset	1.24.2	Unknown	Unknown
gomod/github.com/blevesearch/bleve/v2	2.6.0	Unknown	Unknown
gomod/github.com/blevesearch/bleve_index_api	1.3.11	Unknown	Unknown
gomod/github.com/blevesearch/geo	0.2.5	Unknown	Unknown
gomod/github.com/blevesearch/go-faiss	1.1.0	🟢 5.7	Details Check Score Reason Maintained 🟢 10 20 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 9 Found 28/30 approved changesets -- score normalized to 9 Dangerous-Workflow ⚠️ -1 no workflows found Token-Permissions ⚠️ -1 No tokens found Packaging ⚠️ -1 packaging workflow not detected Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ -1 no dependencies found CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy ⚠️ 0 security policy file not detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
gomod/github.com/blevesearch/mmap-go	1.2.0	🟢 3.1	Details Check Score Reason Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Maintained ⚠️ 0 0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0 Code-Review ⚠️ 0 Found 2/29 approved changesets -- score normalized to 0 Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy ⚠️ 0 security policy file not detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
gomod/github.com/blevesearch/scorch_segment_api/v2	2.4.7	🟢 4.1	Details Check Score Reason Code-Review 🟢 5 Found 15/30 approved changesets -- score normalized to 5 Binary-Artifacts 🟢 10 no binaries found in the repo Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Maintained 🟢 4 5 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 4 Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Packaging ⚠️ -1 packaging workflow not detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy ⚠️ 0 security policy file not detected Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ -1 no releases found License 🟢 10 license file detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
gomod/github.com/blevesearch/vellum	1.2.0	Unknown	Unknown
gomod/github.com/blevesearch/zapx/v11	11.4.3	🟢 5.4	Details Check Score Reason Code-Review 🟢 10 all changesets reviewed Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Maintained 🟢 10 30 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10 Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy ⚠️ 0 security policy file not detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection 🟢 6 branch protection is not maximal on development and all release branches SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
gomod/github.com/blevesearch/zapx/v12	12.4.3	🟢 5.4	Details Check Score Reason Code-Review 🟢 10 all changesets reviewed Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Maintained 🟢 10 30 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10 Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy ⚠️ 0 security policy file not detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection 🟢 6 branch protection is not maximal on development and all release branches SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
gomod/github.com/blevesearch/zapx/v13	13.4.3	🟢 5.4	Details Check Score Reason Code-Review 🟢 10 all changesets reviewed Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Maintained 🟢 10 30 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10 Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy ⚠️ 0 security policy file not detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection 🟢 6 branch protection is not maximal on development and all release branches SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
gomod/github.com/blevesearch/zapx/v14	14.4.3	🟢 5.4	Details Check Score Reason Code-Review 🟢 10 all changesets reviewed Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Maintained 🟢 10 30 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10 Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy ⚠️ 0 security policy file not detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection 🟢 6 branch protection is not maximal on development and all release branches SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
gomod/github.com/blevesearch/zapx/v15	15.4.3	🟢 5.4	Details Check Score Reason Code-Review 🟢 10 all changesets reviewed Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Maintained 🟢 10 30 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10 Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy ⚠️ 0 security policy file not detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection 🟢 6 branch protection is not maximal on development and all release branches SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
gomod/github.com/blevesearch/zapx/v16	16.3.4	🟢 5.4	Details Check Score Reason Code-Review 🟢 10 all changesets reviewed Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Maintained 🟢 10 30 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10 Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy ⚠️ 0 security policy file not detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection 🟢 6 branch protection is not maximal on development and all release branches SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
gomod/github.com/blevesearch/zapx/v17	17.1.2	🟢 5.4	Details Check Score Reason Code-Review 🟢 10 all changesets reviewed Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Maintained 🟢 10 30 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10 Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy ⚠️ 0 security policy file not detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection 🟢 6 branch protection is not maximal on development and all release branches SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
gomod/github.com/bytedance/gopkg	0.1.3	Unknown	Unknown
gomod/github.com/bytedance/sonic	1.15.0	Unknown	Unknown
gomod/github.com/bytedance/sonic/loader	0.5.0	🟢 6.5	Details Check Score Reason Maintained 🟢 10 15 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 10 all changesets reviewed Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Security-Policy ⚠️ 0 security policy file not detected Fuzzing 🟢 10 project is fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md SAST 🟢 5 SAST tool is not run on all commits -- score normalized to 5
gomod/github.com/cloudwego/base64x	0.1.6	Unknown	Unknown
gomod/github.com/coreos/go-oidc	2.5.0+incompatible	Unknown	Unknown
gomod/github.com/crewjam/saml	0.5.1	Unknown	Unknown
gomod/github.com/ebitengine/purego	0.10.0	Unknown	Unknown
gomod/github.com/emicklei/go-restful/v3	3.13.0	Unknown	Unknown
gomod/github.com/fsnotify/fsnotify	1.10.1	Unknown	Unknown
gomod/github.com/gabriel-vasile/mimetype	1.4.12	Unknown	Unknown
gomod/github.com/gin-contrib/sse	1.1.0	Unknown	Unknown
gomod/github.com/gin-gonic/gin	1.12.0	Unknown	Unknown
gomod/github.com/go-logr/logr	1.4.3	Unknown	Unknown
gomod/github.com/go-playground/validator/v10	10.30.1	Unknown	Unknown
gomod/github.com/go-resty/resty/v2	2.17.2	Unknown	Unknown
gomod/github.com/goccy/go-json	0.10.5	Unknown	Unknown
gomod/github.com/goccy/go-yaml	1.19.2	Unknown	Unknown
gomod/github.com/golang/snappy	1.0.0	Unknown	Unknown
gomod/github.com/gophercloud/gophercloud/v2	2.13.0	🟢 6.7	Details Check Score Reason Code-Review 🟢 10 all changesets reviewed Maintained 🟢 10 30 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy ⚠️ 0 security policy file not detected License 🟢 9 license file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Signed-Releases ⚠️ -1 no releases found Fuzzing ⚠️ 0 project is not fuzzed Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies 🟢 9 dependency not pinned by hash detected -- score normalized to 9 SAST 🟢 9 SAST tool detected but not run on all commits
gomod/github.com/klauspost/cpuid/v2	2.3.0	Unknown	Unknown
gomod/github.com/pelletier/go-toml/v2	2.2.4	Unknown	Unknown
gomod/github.com/power-devops/perfstat	0.0.0-20240221224432-82ca36839d55	⚠️ 2	Details Check Score Reason Code-Review ⚠️ 0 Found 1/28 approved changesets -- score normalized to 0 Dangerous-Workflow ⚠️ -1 no workflows found Packaging ⚠️ -1 packaging workflow not detected Maintained ⚠️ 0 0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0 Token-Permissions ⚠️ -1 No tokens found Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ -1 no dependencies found CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy ⚠️ 0 security policy file not detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
gomod/github.com/prometheus-community/pro-bing	0.9.0	🟢 7.1	Details Check Score Reason Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Security-Policy 🟢 9 security policy file detected Binary-Artifacts 🟢 10 no binaries found in the repo Code-Review 🟢 9 Found 15/16 approved changesets -- score normalized to 9 Maintained 🟢 10 21 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Pinned-Dependencies 🟢 10 all dependencies are pinned CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
gomod/github.com/quic-go/qpack	0.6.0	🟢 5	Details Check Score Reason Maintained 🟢 6 8 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 6 Binary-Artifacts 🟢 10 no binaries found in the repo Code-Review ⚠️ 0 Found 1/23 approved changesets -- score normalized to 0 Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Pinned-Dependencies 🟢 6 dependency not pinned by hash detected -- score normalized to 6 Fuzzing 🟢 10 project is fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Security-Policy ⚠️ 0 security policy file not detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
gomod/github.com/shirou/gopsutil/v4	4.26.5	Unknown	Unknown
gomod/github.com/spf13/pflag	1.0.9	Unknown	Unknown
gomod/github.com/swaggo/gin-swagger	1.6.1	Unknown	Unknown
gomod/github.com/swaggo/swag	1.16.6	Unknown	Unknown
gomod/github.com/tklauser/go-sysconf	0.3.16	🟢 4.8	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected Code-Review ⚠️ 0 Found 0/10 approved changesets -- score normalized to 0 Binary-Artifacts 🟢 10 no binaries found in the repo Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies 🟢 8 dependency not pinned by hash detected -- score normalized to 8 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy ⚠️ 0 security policy file not detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
gomod/github.com/tklauser/numcpus	0.11.0	Unknown	Unknown
gomod/github.com/ugorji/go/codec	1.3.1	Unknown	Unknown
gomod/github.com/xdg-go/scram	1.2.0	🟢 4	Details Check Score Reason Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Code-Review ⚠️ 0 Found 1/30 approved changesets -- score normalized to 0 Packaging ⚠️ -1 packaging workflow not detected Token-Permissions 🟢 9 detected GitHub workflow tokens with excessive permissions Maintained ⚠️ 0 0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0 Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Binary-Artifacts 🟢 10 no binaries found in the repo CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy ⚠️ 0 security policy file not detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection 🟢 3 branch protection is not maximal on development and all release branches SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
gomod/go.etcd.io/bbolt	1.4.0	🟢 7.3	Details Check Score Reason Code-Review 🟢 10 all changesets reviewed Maintained 🟢 10 30 commit(s) and 5 issue activity found in the last 90 days -- score normalized to 10 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Packaging ⚠️ -1 packaging workflow not detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Pinned-Dependencies 🟢 10 all dependencies are pinned Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Security-Policy ⚠️ 0 security policy file not detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
gomod/go.mongodb.org/mongo-driver	1.17.9	🟢 7.5	Details Check Score Reason Dependency-Update-Tool 🟢 10 update tool detected Security-Policy 🟢 10 security policy file detected Code-Review 🟢 8 Found 18/22 approved changesets -- score normalized to 8 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Maintained 🟢 10 30 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10 Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies 🟢 8 dependency not pinned by hash detected -- score normalized to 8 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Vulnerabilities ⚠️ 0 29 existing vulnerabilities detected SAST 🟢 10 SAST tool is run on all commits Fuzzing 🟢 10 project is fuzzed Branch-Protection 🟢 4 branch protection is not maximal on development and all release branches CI-Tests 🟢 10 25 out of 25 merged PRs checked by a CI test -- score normalized to 10 Contributors 🟢 10 project has 23 contributing companies or organizations
gomod/go.mongodb.org/mongo-driver/v2	2.5.0	Unknown	Unknown
gomod/go.yaml.in/yaml/v2	2.4.3	Unknown	Unknown
gomod/golang.org/x/arch	0.22.0	Unknown	Unknown
gomod/golang.org/x/crypto	0.52.0	Unknown	Unknown
gomod/golang.org/x/mod	0.35.0	Unknown	Unknown
gomod/golang.org/x/net	0.55.0	Unknown	Unknown
gomod/golang.org/x/oauth2	0.34.0	Unknown	Unknown
gomod/golang.org/x/sync	0.21.0	Unknown	Unknown
gomod/golang.org/x/sys	0.45.0	Unknown	Unknown
gomod/golang.org/x/term	0.43.0	Unknown	Unknown
gomod/golang.org/x/text	0.37.0	Unknown	Unknown
gomod/golang.org/x/time	0.14.0	Unknown	Unknown
gomod/golang.org/x/tools	0.44.0	Unknown	Unknown
gomod/google.golang.org/protobuf	1.36.12-0.20260120151049-f2248ac996af	Unknown	Unknown
gomod/gopkg.in/evanphx/json-patch.v4	4.13.0	Unknown	Unknown
gomod/k8s.io/api	0.36.2	Unknown	Unknown
gomod/k8s.io/apimachinery	0.36.2	Unknown	Unknown
gomod/k8s.io/client-go	0.36.2	Unknown	Unknown
gomod/k8s.io/klog/v2	2.140.0	Unknown	Unknown
gomod/k8s.io/kube-openapi	0.0.0-20260317180543-43fb72c5454a	🟢 7.5	Details Check Score Reason Code-Review 🟢 10 all changesets reviewed Maintained 🟢 10 30 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Security-Policy 🟢 10 security policy file detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Packaging ⚠️ -1 packaging workflow not detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies 🟢 8 dependency not pinned by hash detected -- score normalized to 8 Fuzzing 🟢 10 project is fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
gomod/k8s.io/utils	0.0.0-20260210185600-b8788abfbbc2	🟢 5.6	Details Check Score Reason Code-Review 🟢 10 all changesets reviewed Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Maintained ⚠️ 2 3 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 2 Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 10 no binaries found in the repo CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Pinned-Dependencies 🟢 5 dependency not pinned by hash detected -- score normalized to 5 Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Security-Policy 🟢 10 security policy file detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
gomod/sigs.k8s.io/json	0.0.0-20250730193827-2d320260d730	Unknown	Unknown
gomod/sigs.k8s.io/structured-merge-diff/v6	6.3.2	🟢 6.3	Details Check Score Reason Code-Review 🟢 10 all changesets reviewed Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow ⚠️ -1 no workflows found Token-Permissions ⚠️ -1 No tokens found Maintained 🟢 10 18 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10 Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Security-Policy 🟢 10 security policy file detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0

Scanned Files

• go.mod