build(deps): bump the go-dependencies group across 2 directories with 30 updates by dependabot[bot] · Pull Request #12144 · radius-project/radius

dependabot · 2026-06-17T23:30:55Z

Bumps the go-dependencies group with 19 updates in the / directory:

Package	From	To
github.com/Azure/azure-sdk-for-go/sdk/azidentity	`1.14.0-beta.2.0.20260124023332-4c5175309ebb`	`1.14.0`
github.com/Azure/secrets-store-csi-driver-provider-azure	`1.8.1`	`1.8.2`
github.com/aws/aws-sdk-go-v2	`1.41.12`	`1.42.0`
github.com/aws/aws-sdk-go-v2/config	`1.32.23`	`1.32.25`
github.com/aws/aws-sdk-go-v2/service/cloudcontrol	`1.30.5`	`1.30.6`
github.com/aws/aws-sdk-go-v2/service/cloudformation	`1.72.0`	`1.72.1`
github.com/aws/aws-sdk-go-v2/service/ec2	`1.305.2`	`1.307.0`
github.com/aws/aws-sdk-go-v2/service/ecr	`1.58.3`	`1.58.4`
github.com/aws/smithy-go	`1.27.1`	`1.27.2`
github.com/fluxcd/pkg/apis/meta	`1.29.0`	`1.30.0`
github.com/fluxcd/source-controller/api	`1.8.5`	`1.9.0`
github.com/go-openapi/loads	`0.23.4`	`0.24.0`
github.com/go-openapi/spec	`0.22.5`	`0.22.6`
golang.org/x/crypto	`0.52.0`	`0.53.0`
helm.sh/helm/v3	`3.21.0`	`3.21.1`
k8s.io/api	`0.36.1`	`0.36.2`
k8s.io/apiextensions-apiserver	`0.36.1`	`0.36.2`
k8s.io/cli-runtime	`0.36.1`	`0.36.2`
k8s.io/kubectl	`0.36.1`	`0.36.2`

Bumps the go-dependencies group with 4 updates in the /test/magpiego directory: github.com/Azure/azure-sdk-for-go/sdk/azidentity, github.com/Azure/azure-sdk-for-go/sdk/storage/azblob, github.com/dapr/go-sdk and github.com/rabbitmq/amqp091-go.

Updates github.com/Azure/azure-sdk-for-go/sdk/azidentity from 1.14.0-beta.2.0.20260124023332-4c5175309ebb to 1.14.0

Release notes

Sourced from github.com/Azure/azure-sdk-for-go/sdk/azidentity's releases.

sdk/azidentity/v1.14.0

1.14.0 (2026-06-15)

Breaking Changes

These changes affect only code written against a beta version such as v1.14.0-beta.3

Removed WorkloadIdentityCredentialOptions.EnableAzureProxy. It will return in v1.15.0-beta.1

Bugs Fixed

AzureDeveloperCLICredential improved reporting of error messages returned from azd

Other Changes

Returned azidentity errors include links to the troubleshooting guide when appropriate

This module now requires a minimum Go version of 1.25

Upgraded dependencies

Commits

See full diff in compare view

Updates github.com/Azure/secrets-store-csi-driver-provider-azure from 1.8.1 to 1.8.2

Release notes

Sourced from github.com/Azure/secrets-store-csi-driver-provider-azure's releases.

v1.8.2 - 2026-06-11

Changelog

Bug Fixes 🐞

aad8a3c9c9099949be00b764ce53d99dd41c8048 fix(healthz): bypass uri parsing of unix socket path

Continuous Integration 💜

6aedfcde5df2694fb64e3450ace352b4995ff064 ci: migrate az login to workload identity federation (#2036)

Maintenance 🔧

4a3adb6a12442271c05163422e8b717d68743384 chore: bump go to 1.25.11 (#2041)

Commits

4927a15 release: update manifest and helm charts for v1.8.2 (#2043)
4a3adb6 chore: bump go to 1.25.11 (#2041)
aad8a3c fix(healthz): bypass uri parsing of unix socket path (#2038)
6aedfcd ci: migrate az login to workload identity federation (#2036)
See full diff in compare view

Updates github.com/aws/aws-sdk-go-v2 from 1.41.12 to 1.42.0

Commits

9a3190f Release 2026-06-08
b20dd5b Regenerated Clients
75a45ea Update API model
e736f55 Add preview of changes for standard retry mode behind flag (#3400)
ba08dc9 Release 2026-06-05.2
9a67e21 Revert schema serde (#3442)
51692f8 s3/transfermanager: avoid double-closing concurrentReader channel after read ...
f696d5b Release 2026-06-05
7efb8fd Regenerated Clients
1a420c5 Update endpoints model
Additional commits viewable in compare view

Updates github.com/aws/aws-sdk-go-v2/config from 1.32.23 to 1.32.25

Commits

0016334 Release 2026-06-10
396a182 Regenerated Clients
3eb8533 Update API model
7bbea79 Release 2026-06-09
1fefa6c Regenerated Clients
a2cf49f Update endpoints model
d87be68 Update API model
9a3190f Release 2026-06-08
b20dd5b Regenerated Clients
75a45ea Update API model
Additional commits viewable in compare view

Updates github.com/aws/aws-sdk-go-v2/credentials from 1.19.22 to 1.19.24

Commits

0016334 Release 2026-06-10
396a182 Regenerated Clients
3eb8533 Update API model
7bbea79 Release 2026-06-09
1fefa6c Regenerated Clients
a2cf49f Update endpoints model
d87be68 Update API model
9a3190f Release 2026-06-08
b20dd5b Regenerated Clients
75a45ea Update API model
Additional commits viewable in compare view

Updates github.com/aws/aws-sdk-go-v2/service/cloudcontrol from 1.30.5 to 1.30.6

Commits

18bff5e Release 2023-03-10
cca7003 Regenerated Clients
87bde6f Update endpoints model
361bd48 Update API model
61d474d Fix staticcheck linter warnings (#2044)
59a58ae Release 2023-03-09
aa1d8ae Regenerated Clients
3441f5f Update endpoints model
826cc36 Update API model
5799416 Release 2023-03-08
Additional commits viewable in compare view

Updates github.com/aws/aws-sdk-go-v2/service/cloudformation from 1.72.0 to 1.72.1

Commits

19d2a28 Release 2025-01-08
e153a59 Regenerated Clients
349cb94 Update endpoints model
740de30 Update API model
032b94e fix typo in README (#2914)
fca0255 Add a changelog section to the PR template (#2950)
ef36115 Add a workflow for external contributors to add a changelog entry (#2944)
7a84d4a drop service/iot1clickdevicesservice and service/iot1clickprojects (#2946)
5b873cf Release 2025-01-07
13848f9 Regenerated Clients
Additional commits viewable in compare view

Updates github.com/aws/aws-sdk-go-v2/service/ec2 from 1.305.2 to 1.307.0

Commits

0016334 Release 2026-06-10
396a182 Regenerated Clients
3eb8533 Update API model
7bbea79 Release 2026-06-09
1fefa6c Regenerated Clients
a2cf49f Update endpoints model
d87be68 Update API model
9a3190f Release 2026-06-08
b20dd5b Regenerated Clients
75a45ea Update API model
Additional commits viewable in compare view

Updates github.com/aws/aws-sdk-go-v2/service/ecr from 1.58.3 to 1.58.4

Commits

9a3190f Release 2026-06-08
b20dd5b Regenerated Clients
75a45ea Update API model
e736f55 Add preview of changes for standard retry mode behind flag (#3400)
ba08dc9 Release 2026-06-05.2
9a67e21 Revert schema serde (#3442)
51692f8 s3/transfermanager: avoid double-closing concurrentReader channel after read ...
f696d5b Release 2026-06-05
7efb8fd Regenerated Clients
1a420c5 Update endpoints model
Additional commits viewable in compare view

Updates github.com/aws/aws-sdk-go-v2/service/sts from 1.43.2 to 1.43.3

Commits

fa369bd Release 2026-06-03
960ee4d Regenerated Clients
4b6df8b Update endpoints model
30b15dd Update API model
e8c72af enable schema-serde (#3421)
See full diff in compare view

Updates github.com/aws/smithy-go from 1.27.1 to 1.27.2

Changelog

Sourced from github.com/aws/smithy-go's changelog.

Release (2026-06-05)

General Highlights

Dependency Update: Updated to the latest SDK module versions

Module Highlights

github.com/aws/smithy-go: v1.27.2

Bug Fix: Fix incorrect serialization of unions in CBOR-based protocols.

Release (2026-06-04)

General Highlights

Dependency Update: Updated to the latest SDK module versions

Module Highlights

github.com/aws/smithy-go: v1.27.1

Bug Fix: Fixed a deserialization failure in all protocols when encountering a union with explicit null members.

Bug Fix: Fixed a panic when deserializing nested unions in JSON- and CBOR-based protocols.

Release (2026-06-02)

General Highlights

Dependency Update: Updated to the latest SDK module versions

Module Highlights

github.com/aws/smithy-go: v1.27.0

Feature: Add APIs for schema-based serialization.

Feature: Add support for all current AWS and Smithy protocols.

Bug Fix: Enforce max nesting depth of 128 on CBOR payloads.

github.com/aws/smithy-go/aws-http-auth: v1.2.0

Feature: Add event stream signer.

Release (2026-05-27)

General Highlights

Dependency Update: Updated to the latest SDK module versions

Module Highlights

github.com/aws/smithy-go: v1.26.0

Feature: Add StringSlice to endpoint rulesfn.

Release (2026-04-23)

General Highlights

Dependency Update: Updated to the latest SDK module versions

Module Highlights

github.com/aws/smithy-go: v1.25.1

Bug Fix: Fixed a memory leak in the LRU cache implementation used by some AWS services.

... (truncated)

Commits

bff4b8c Release 2026-06-05
6b71b3a fix broken cbor union serialization (#676)
3c67717 serialize value types if @required (#675)
See full diff in compare view

Updates github.com/fluxcd/pkg/apis/meta from 1.29.0 to 1.30.0

Commits

3f9f27f Merge pull request #1243 from fluxcd/release-main
bc3dd2c Prepare for release
d19e060 Merge pull request #1242 from fluxcd/upgrade-deps
5778c6b Upgrade Kubernetes to 1.36.1
5a7f3ce Merge pull request #1240 from fluxcd/release-main
ceb5e00 Prepare for release
23ca4f5 Merge pull request #1241 from Iam-Karan-Suresh/impersonator-test
3d21e81 test: adding test cases for impersonator
a12b6e8 Merge pull request #1239 from fluxcd/oci-created
c635f88 oci: set created timestamp in the config
Additional commits viewable in compare view

Updates github.com/fluxcd/source-controller/api from 1.8.5 to 1.9.0

Release notes

Sourced from github.com/fluxcd/source-controller/api's releases.

v1.9.0

Changelog

v1.9.0 changelog

Container images

docker.io/fluxcd/source-controller:v1.9.0

ghcr.io/fluxcd/source-controller:v1.9.0

Supported architectures: linux/amd64, linux/arm64 and linux/arm/v7.

The container images are built on GitHub hosted runners and are signed with cosign and GitHub OIDC. To verify the images and their provenance (SLSA level 3), please see the security documentation.

Changelog

Sourced from github.com/fluxcd/source-controller/api's changelog.

1.9.0

Release date: 2026-06-17

This minor release comes with new authentication and verification features for the source APIs, along with various improvements, fixes and dependency updates.

GitRepository

The GitRepository controller now supports AWS CodeCommit as a Git provider, allowing authentication to CodeCommit repositories.

Git commit and tag verification now supports SSH signatures in addition to OpenPGP, so commits and tags signed with SSH keys can be verified via .spec.verify.

OCIRepository

The OCIRepository controller now supports configuring a custom Sigstore trusted root for keyless signature verification, via a Secret referenced in the verification configuration.

OCI artifacts are now resolved and stored strictly by their content digest.

Fixes:

cosign: fix v3 bundle verify on http and private CA registries and pass TLS to Rekor #2061

Close OCI blob reader and wrap errors consistently across controllers #2066

Remove unimplemented field from HelmChart CRD #2080

Improvements:

AWS CodeCommit support #2035

Add git commit/tag SSH signature verification #2077

Add custom Sigstore trusted root support #2003

Ensure OCI artifacts are handled strictly by digest #2075

build: target host architecture for local builds and envtest #2076

Various dependency updates #2067 #2071 #2072 #2073 #2078

... (truncated)

Commits

57734ac Merge pull request #2082 from fluxcd/release-v1.9.0
565d3f0 Release v1.9.0
63e7ba2 Add changelog entry for v1.9.0
16e724e Merge pull request #2081 from fluxcd/update-pkg-deps/main
e3d8a3f Fix tests for lazy artifact registry credentials
d00344a Update fluxcd/pkg dependencies
54f9f98 Merge pull request #2080 from fluxcd/fix-hc-trusted-root
1ecb593 fix: remove unimplemented field from HelmChart CRD
bed4f74 Merge pull request #2079 from fluxcd/update-pkg-deps/main
9ab0968 Update fluxcd/pkg dependencies
Additional commits viewable in compare view

Updates github.com/go-openapi/loads from 0.23.4 to 0.24.0

Release notes

Sourced from github.com/go-openapi/loads's releases.

v0.24.0

0.24.0 - 2026-06-07

New security features

Full Changelog: go-openapi/loads@v0.23.4...v0.24.0

4 commits in this release.

Documentation

doc: updated contributors file by @bot-go-openapi[bot] in #144 ...

doc: aligned with org docs by @fredbi in #143 ...

Security

feat(security): added containment options and predefined secure loaders by @fredbi in #145 ...

Updates

build(deps): bump the development-dependencies group across 1 directory with 8 updates by @dependabot[bot] in #142 ...

People who contributed to this release

@fredbi

loads license terms

Commits

20651cc feat(security): added containment options and predefined secure loaders (#145)
cb6e739 doc: updated contributors file
f9dfe0a doc: aligned with org docs (#143)
46fe8ad build(deps): bump the development-dependencies group across 1 directory with ...
See full diff in compare view

Updates github.com/go-openapi/spec from 0.22.5 to 0.22.6

Release notes

Sourced from github.com/go-openapi/spec's releases.

v0.22.6

0.22.6 - 2026-06-14

Full Changelog: go-openapi/spec@v0.22.5...v0.22.6

8 commits in this release.

Fixed bugs

fix(header): header extension should correctly marshal as JSON by @fredbi ...

Documentation

doc: updated contributors file by @bot-go-openapi[bot] in #274 ...

doc: aligned with org docs by @fredbi in #273 ...

Code quality

chore: relint by @fredbi ...

Updates

build(deps): bump the development-dependencies group with 8 updates by @dependabot[bot] in #276 ...

build(deps): bump the go-openapi-dependencies group across 1 directory with 6 updates by @dependabot[bot] in #275 ...

build(deps): bump the development-dependencies group with 8 updates by @dependabot[bot] in #272 ...

Other (technical)

Fix/277 header ext by @fredbi in #278 ...

People who contributed to this release

@fredbi

spec license terms

Commits

1b69857 Merge pull request #278 from fredbi/fix/277-header-ext
49846cb chore: relint
e41b4fd fix(header): header extension should correctly marshal as JSON
536d375 build(deps): bump the development-dependencies group with 8 updates
e935605 build(deps): bump the go-openapi-dependencies group across 1 directory with 6...
1ab4532 doc: updated contributors file
9a2db11 doc: aligned with org docs (#273)
0741160 build(deps): bump the development-dependencies group with 8 updates
See full diff in compare view

Updates github.com/go-openapi/swag/loading from 0.26.0 to 0.26.1

Release notes

Sourced from github.com/go-openapi/swag/loading's releases.

v0.26.1

0.26.1 - 2026-06-07

Full Changelog: go-openapi/swag@v0.26.0...v0.26.1

12 commits in this release.

Implemented enhancements

feat(loading): sandbox local loading with WithRoot (GHSA-v2xp-g8xf-22pf) by @fredbi in #203 ...

feat(ci): added shared workflow for bot-pr monitoring by @fredbi ...

Documentation

doc: updated contributors file by @bot-go-openapi[bot] in #206 ...

doc: aligned with org docs by @fredbi in #205 ...

doc: updated contributors file by @bot-go-openapi[bot] in #199 ...

Miscellaneous tasks

chore: prepare release v0.26.1 by @bot-go-openapi[bot] in #208 ...

Security

doc(loading): document security implications of using the loader by @fredbi in #207 ...

Updates

build(deps): bump the development-dependencies group with 8 updates by @dependabot[bot] in #204 ...

build(deps): bump the go-openapi-dependencies group across 15 directories with 2 updates by @dependabot[bot] in #202 ...

build(deps): bump the development-dependencies group with 7 updates by @dependabot[bot] in #201 ...

build(deps): bump the go-openapi-dependencies group across 15 directories with 2 updates by @dependabot[bot] in #200 ...

build(deps): bump the development-dependencies group with 7 updates by @dependabot[bot] in #198 ...

People who contributed to this release

@fredbi

swag license terms

... (truncated)

Commits

85923a5 chore: prepare release v0.26.1
336c586 doc(loading): document security implications of using the loader (#207)
92ec622 doc: updated contributors file
3f77c79 doc: aligned with org docs (#205)
40578b5 build(deps): bump the development-dependencies group with 8 updates
eefaba1 feat(loading): sandbox local loading with WithRoot (GHSA-v2xp-g8xf-22pf) (#203)
2e99502 feat(ci): added shared workflow for bot-pr monitoring
cafd10f build(deps): bump the go-openapi-dependencies group across 15 directories wit...
660dd54 build(deps): bump the development-dependencies group with 7 updates
e089511 build(deps): bump the go-openapi-dependencies group across 15 directories wit...
Additional commits viewable in compare view

Updates golang.org/x/crypto from 0.52.0 to 0.53.0

Commits

45460e0 go.mod: update golang.org/x dependencies
d37c95e pkcs12: limit PBKDF iteration count to prevent CPU exhaustion
e2ffffe ssh: reject incomplete gssapi-with-mic configurations
60e158a ssh/test: isolate CLI tests from user SSH config and agent
1b77d23 ssh/knownhosts: reject lines with multiple or unknown markers
3872a2b ssh/knownhosts: verify declared key type matches decoded key
9f72ecc ssh/knownhosts: treat only ASCII space and tab as whitespace
8f405a4 ssh: validate ECDSA curve matches expected algorithm
bb41b3d ssh: improve DH GEX group selection using PreferredBits
e04e721 ssh/agent: validate ed25519 private key length in Add
Additional commits viewable in compare view

Updates golang.org/x/sync from 0.20.0 to 0.21.0

Commits

5071ed6 all: fix some comments to improve readability
See full diff in compare view

Updates golang.org/x/text from 0.37.0 to 0.38.0

Commits

f4bb632 go.mod: update golang.org/x dependencies
See full diff in compare view

Updates helm.sh/helm/v3 from 3.21.0 to 3.21.1

Release notes

Sourced from helm.sh/helm/v3's releases.

Helm v3.21.1 is a patch release. Users are encouraged to upgrade for the best experience.

The community keeps growing, and we'd love to see you there!

Join the discussion in Kubernetes Slack:

for questions and just to hang out

for discussing PRs, code, and bugs

Hang out at the Public Developer Call: Thursday, 9:30 Pacific via Zoom

Test, debug, and contribute charts: ArtifactHub/packages

Notable Changes

Fixed nil pointer panic that could happen with helm template in ClientOnly flows. Now correctly returns a template error helm/helm#31920

Bumped golang.org/x/net to v0.55.0 to address GO-2026-5026 #32152

Bumped Go from 1.25 to 1.26 #32168

Dependency version updates

Installation and Upgrading

Download Helm v3.21.1. The common platform binaries are here:

MacOS amd64 (checksum / dd353172bc8cef8c1845501043b82224520a79ff8b2cd4388ec5bfa060ce96b9)

MacOS arm64 (checksum / 779ac09ad0cf333b12402555a32bd26174462384aba2f5a3845876f45d34146a)

Linux amd64 (checksum / a349c62d6ab2d5d11f044fc0d3afa6deed7d27cc7d5c351f536b169d9fc2cc1a)

Linux arm (checksum / ae52acbd13d1efa0d787aa679519da813c114c1b29b68e09a781fe258fc5c696)

Linux arm64 (checksum / 9b3deeecb56c4795aa806858fa4d6388c049e3edfcd771723bd12c1cbef66893)

Linux i386 (checksum / 1901a40be004699a2ac2cf05874bd84dfbed1f791327a0bc65c351d537b0f139)

Linux ppc64le (checksum / 136daecc0f4650158b2adedf14f29022402d92fd111041e55b4038c3df97c3bb)

Linux s390x (checksum / e5601b71342cba12ffd504c03c710769134fbec5bbdea6c90c859506e54d7591)

Linux riscv64 (checksum / e22b20fe16f6bd0d9729034ae76a9e81708bd94b0aa9628f617dc3dfbe876a2b)

Windows amd64 (checksum / e9d0dbeac9c9923c1b444ac4a1fc8e59d9f9afbeb30b4b6e9a00ac60a45b9459)

Windows arm64 (checksum / 9b8b803b27a5c1bdcbc75bcf8d1bf45c8f2ffede8ae29bed3ec093746b9807f9)

This release was signed with 208D D36E D5BB 3745 A167 43A4 C7C6 FBB5 B91C 1155 and can be found at @scottrigby keybase account. Please use the attached signatures for verifying this release using gpg.

The Quickstart Guide will get you going from there. For upgrade instructions or detailed installation notes, check the install guide. You can also use a script to install on any system with bash.

What's Next

4.2.2 and 3.21.2 are the next patch releases scheduled for July 8, 2026

4.3.0 and 3.22.0 are the next minor releases scheduled for September 9, 2026

Changelog

fix(action): avoid nil REST client getter panic when installing CRDs c56dd0095fd76da5d7b30ecdf506103e7f26745e (sergiochan)

fix(registry): keep credentials on plain-HTTP fallback with oras-go v2.6.1 702529f90a0021e4d9df4880d6589198ec0e05f7 (Terry Howe)

chore(deps): bump oras.land/oras-go/v2 from 2.6.0 to 2.6.1 178e120e16f5d61f769ee2c56a0d2a45ab7303bd (dependabot[bot])

chore(deps): bump golang.org/x/crypto from 0.52.0 to 0.53.0 dcf35f86551322d93c1cb695f08435b3287e5ad0 (dependabot[bot])

chore(deps): bump golang.org/x/term from 0.43.0 to 0.44.0 44aff8bf51809ec9f8a906d050818776cd47b264 (dependabot[bot])

chore(deps): bump golang.org/x/text from 0.37.0 to 0.38.0 ae2f31f5a7d0cd789ca9fd83a6a2fe5fc7c3a1a3 (dependabot[bot])

... (truncated)

Commits

c56dd00 fix(action): avoid nil REST client getter panic when installing CRDs
702529f fix(registry): keep credentials on plain-HTTP fallback with oras-go v2.6.1
178e120 chore(deps): bump oras.land/oras-go/v2 from 2.6.0 to 2.6.1
dcf35f8 chore(deps): bump golang.org/x/crypto from 0.52.0 to 0.53.0
44aff8b chore(deps): bump golang.org/x/term from 0.43.0 to 0.44.0
ae2f31f chore(deps): bump golang.org/x/text from 0.37.0 to 0.38.0
402225f Update .github/env
00eac21 ci: bump golangci-lint to v2.11.3 for go 1.26
bec346a chore: bump go to 1.26
58b6ccf chore(deps): bump github.com/lib/pq from 1.11.2 to 1.12.3
Additional commits viewable in compare view

Updates k8s.io/api from 0.36.1 to 0.36.2

Commits

2f4cefd Update dependencies to v0.36.2 tag
See full diff in compare view

Updates k8s.io/apiextensions-apiserver from 0.36.1 to 0.36.2

Commits

e4eb159 Update dependencies to v0.36.2 tag
See full diff in compare view

Updates k8s.io/apimachinery from 0.36.1 to 0.36.2

Commits

ae3f98e Update dependencies to v0.36.2 tag
2ec982d Merge pull request #139508lalitc375/automated-cherry-pick-of-#139480
6a88102 Fix wrong marking of errors
See full diff in compare view

Updates k8s.io/cli-runtime from 0.36.1 to 0.36.2

Commits

c97bc2f Update dependencies to v0.36.2 tag
See full diff in compare view

Updates k8s.io/client-go from 0.36.1 to 0.36.2

Commits

877f535 Update dependencies to v0.36.2 tag
See full diff in compare view

Updates k8s.io/kubectl from 0.36.1 to 0.36.2

Commits

7f7757a Update dependencies to v0.36.2 tag
See full diff in compare view

Updates oras.land/oras-go/v2 from 2.6.0 to 2.6.1

Release notes

Sourced from oras.land/oras-go/v2's releases.

v2.6.1

This is a security patch release addressing five advisories in the authentication, remote, and content layers, plus accumulated bug fixes and maintenance since v2.6.0.

Security Fixes

Drop the Authorization header on cross-origin redirects to prevent origin credentials leaking to a redirect target on a different scheme/port of the same host (GHSA-vh4v-2xq2-g5cg)

Validate the bearer realm host before sending credentials to prevent credential exfiltration to an attacker-controlled token service, including TLS downgrades and IP-literal metadata endpoints; adds TrustedRealmHosts (GHSA-28r5-37g7-p6mp, GHSA-xf85-363p-868w)

Validate the Location host before blob upload to prevent credentials being forwarded to a cross-host upload endpoint (SSRF / CWE-918) (#1152, GHSA-jxpm-75mh-9fp7)

Reject descriptor sizes exceeding 32 MiB in content.ReadAll to prevent a crafted OCI layout from triggering a makeslice panic and crashing the process (#1153, GHSA-f36w-mj3v-6jqv)

Resolve symlinks when enforcing the workingDir write boundary in content/file, blocking writes that escape the boundary via a symlinked path component when AllowPathTraversalOnWrite=false

Bug Fixes

graph.Memory should use digest as map key (#1095)

Fix credentials key for the Docker registry-1 host (#966)

Support an empty credentials file (#959)

Other Changes

Add GitOps release workflow with goreleaser (#1161)

Shift the Go support window to [1.24, 1.25] (#991)

Run go modernize (

Copilot

Copilot encountered an error and was unable to review this pull request. You can try again by re-requesting a review.

github-actions · 2026-06-17T23:31:17Z

Dependency Review

The following issues were found:

✅ 0 vulnerable package(s)
✅ 0 package(s) with incompatible licenses
✅ 0 package(s) with invalid SPDX license definitions
⚠️ 43 package(s) with unknown licenses.

See the Details below.

License Issues

go.mod

Package	Version	License	Issue Type
github.com/Azure/azure-sdk-for-go/sdk/azidentity	1.14.0	Null	Unknown License
github.com/Azure/secrets-store-csi-driver-provider-azure	1.8.2	Null	Unknown License
github.com/aws/aws-sdk-go-v2	1.42.0	Null	Unknown License
github.com/aws/aws-sdk-go-v2/config	1.32.25	Null	Unknown License
github.com/aws/aws-sdk-go-v2/credentials	1.19.24	Null	Unknown License
github.com/aws/aws-sdk-go-v2/feature/ec2/imds	1.18.29	Null	Unknown License
github.com/aws/aws-sdk-go-v2/internal/configsources	1.4.29	Null	Unknown License
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2	2.7.29	Null	Unknown License
github.com/aws/aws-sdk-go-v2/service/cloudformation	1.72.1	Null	Unknown License
github.com/aws/aws-sdk-go-v2/service/ec2	1.307.0	Null	Unknown License
github.com/aws/aws-sdk-go-v2/service/ecr	1.58.4	Null	Unknown License
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url	1.13.29	Null	Unknown License
github.com/aws/aws-sdk-go-v2/service/sso	1.31.3	Null	Unknown License
github.com/aws/aws-sdk-go-v2/service/ssooidc	1.36.6	Null	Unknown License
github.com/aws/aws-sdk-go-v2/service/sts	1.43.3	Null	Unknown License
github.com/aws/smithy-go	1.27.2	Null	Unknown License
github.com/fxamacker/cbor/v2	2.9.2	Null	Unknown License
github.com/go-openapi/spec	0.22.6	Null	Unknown License
github.com/lib/pq	1.12.3	Null	Unknown License
golang.org/x/crypto	0.53.0	Null	Unknown License
golang.org/x/sync	0.21.0	Null	Unknown License
golang.org/x/sys	0.46.0	Null	Unknown License
golang.org/x/term	0.44.0	Null	Unknown License
golang.org/x/text	0.38.0	Null	Unknown License
k8s.io/api	0.36.2	Null	Unknown License
k8s.io/apiextensions-apiserver	0.36.2	Null	Unknown License
k8s.io/apimachinery	0.36.2	Null	Unknown License
k8s.io/apiserver	0.36.2	Null	Unknown License
k8s.io/client-go	0.36.2	Null	Unknown License
k8s.io/component-base	0.36.2	Null	Unknown License
k8s.io/kube-openapi	0.0.0-20260603220949-865597e52e25	Null	Unknown License
k8s.io/kubectl	0.36.2	Null	Unknown License

test/magpiego/go.mod

Package	Version	License	Issue Type
github.com/Azure/azure-sdk-for-go/sdk/azidentity	1.14.0	Null	Unknown License
github.com/Azure/azure-sdk-for-go/sdk/storage/azblob	1.8.0	Null	Unknown License
github.com/dapr/dapr	1.18.0	Null	Unknown License
github.com/go-jose/go-jose/v4	4.1.4	Null	Unknown License
github.com/klauspost/compress	1.18.6	Null	Unknown License
github.com/rabbitmq/amqp091-go	1.12.0	Null	Unknown License
golang.org/x/crypto	0.53.0	Null	Unknown License
golang.org/x/net	0.56.0	Null	Unknown License
golang.org/x/sync	0.21.0	Null	Unknown License
golang.org/x/sys	0.46.0	Null	Unknown License
golang.org/x/text	0.38.0	Null	Unknown License

OpenSSF Scorecard

Scorecard details

Package

Version

Score

Details

gomod/github.com/Azure/azure-sdk-for-go/sdk/azidentity

1.14.0

Unknown

gomod/github.com/Azure/secrets-store-csi-driver-provider-azure

1.8.2

Unknown

gomod/github.com/aws/aws-sdk-go-v2

1.42.0

Unknown

gomod/github.com/aws/aws-sdk-go-v2/config

1.32.25

Unknown

gomod/github.com/aws/aws-sdk-go-v2/credentials

1.19.24

Unknown

gomod/github.com/aws/aws-sdk-go-v2/feature/ec2/imds

1.18.29

Unknown

gomod/github.com/aws/aws-sdk-go-v2/internal/configsources

1.4.29

Unknown

gomod/github.com/aws/aws-sdk-go-v2/internal/endpoints/v2

2.7.29

Unknown

gomod/github.com/aws/aws-sdk-go-v2/internal/v4a

1.4.30

🟢 6.4

Details

Check	Score	Reason
Maintained	🟢 10	30 commit(s) and 18 issue activity found in the last 90 days -- score normalized to 10
Packaging	⚠️ -1	packaging workflow not detected
Code-Review	⚠️ 1	Found 4/30 approved changesets -- score normalized to 1
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Token-Permissions	🟢 9	detected GitHub workflow tokens with excessive permissions
License	🟢 10	license file detected
Branch-Protection	🟢 5	branch protection is not maximal on development and all release branches
Signed-Releases	⚠️ -1	no releases found
Security-Policy	🟢 10	security policy file detected
Fuzzing	⚠️ 0	project is not fuzzed
SAST	🟢 7	SAST tool is not run on all commits -- score normalized to 7
Binary-Artifacts	🟢 9	binaries present in source code
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0

gomod/github.com/aws/aws-sdk-go-v2/service/cloudcontrol

1.30.6

🟢 6.4

Details

Check	Score	Reason
Maintained	🟢 10	30 commit(s) and 18 issue activity found in the last 90 days -- score normalized to 10
Packaging	⚠️ -1	packaging workflow not detected
Code-Review	⚠️ 1	Found 4/30 approved changesets -- score normalized to 1
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Token-Permissions	🟢 9	detected GitHub workflow tokens with excessive permissions
License	🟢 10	license file detected
Branch-Protection	🟢 5	branch protection is not maximal on development and all release branches
Signed-Releases	⚠️ -1	no releases found
Security-Policy	🟢 10	security policy file detected
Fuzzing	⚠️ 0	project is not fuzzed
SAST	🟢 7	SAST tool is not run on all commits -- score normalized to 7
Binary-Artifacts	🟢 9	binaries present in source code
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0

gomod/github.com/aws/aws-sdk-go-v2/service/cloudformation

1.72.1

Unknown

gomod/github.com/aws/aws-sdk-go-v2/service/ec2

1.307.0

Unknown

gomod/github.com/aws/aws-sdk-go-v2/service/ecr

1.58.4

Unknown

gomod/github.com/aws/aws-sdk-go-v2/service/internal/presigned-url

1.13.29

Unknown

gomod/github.com/aws/aws-sdk-go-v2/service/signin

1.2.0

🟢 6.4

Details

Check	Score	Reason
Maintained	🟢 10	30 commit(s) and 18 issue activity found in the last 90 days -- score normalized to 10
Packaging	⚠️ -1	packaging workflow not detected
Code-Review	⚠️ 1	Found 4/30 approved changesets -- score normalized to 1
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Token-Permissions	🟢 9	detected GitHub workflow tokens with excessive permissions
License	🟢 10	license file detected
Branch-Protection	🟢 5	branch protection is not maximal on development and all release branches
Signed-Releases	⚠️ -1	no releases found
Security-Policy	🟢 10	security policy file detected
Fuzzing	⚠️ 0	project is not fuzzed
SAST	🟢 7	SAST tool is not run on all commits -- score normalized to 7
Binary-Artifacts	🟢 9	binaries present in source code
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0

gomod/github.com/aws/aws-sdk-go-v2/service/sso

1.31.3

Unknown

gomod/github.com/aws/aws-sdk-go-v2/service/ssooidc

1.36.6

Unknown

gomod/github.com/aws/aws-sdk-go-v2/service/sts

1.43.3

Unknown

gomod/github.com/aws/smithy-go

1.27.2

Unknown

gomod/github.com/fluxcd/pkg/apis/acl

0.10.0

🟢 7.9

Details

Check	Score	Reason
Code-Review	🟢 10	all changesets reviewed
Maintained	🟢 10	30 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10
Dependency-Update-Tool	🟢 10	update tool detected
Packaging	⚠️ -1	packaging workflow not detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Binary-Artifacts	🟢 10	no binaries found in the repo
License	🟢 10	license file detected
CII-Best-Practices	⚠️ 2	badge detected: InProgress
Pinned-Dependencies	🟢 8	dependency not pinned by hash detected -- score normalized to 8
SAST	🟢 10	SAST tool is run on all commits
Branch-Protection	🟢 8	branch protection is not maximal on development and all release branches
Security-Policy	🟢 10	security policy file detected
Signed-Releases	⚠️ -1	no releases found
Fuzzing	🟢 10	project is fuzzed
Vulnerabilities	⚠️ 0	21 existing vulnerabilities detected
CI-Tests	🟢 10	12 out of 12 merged PRs checked by a CI test -- score normalized to 10
Contributors	🟢 10	project has 42 contributing companies or organizations

gomod/github.com/fluxcd/pkg/apis/meta

1.30.0

🟢 7.9

Details

Check	Score	Reason
Code-Review	🟢 10	all changesets reviewed
Maintained	🟢 10	30 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10
Dependency-Update-Tool	🟢 10	update tool detected
Packaging	⚠️ -1	packaging workflow not detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Binary-Artifacts	🟢 10	no binaries found in the repo
License	🟢 10	license file detected
CII-Best-Practices	⚠️ 2	badge detected: InProgress
Pinned-Dependencies	🟢 8	dependency not pinned by hash detected -- score normalized to 8
SAST	🟢 10	SAST tool is run on all commits
Branch-Protection	🟢 8	branch protection is not maximal on development and all release branches
Security-Policy	🟢 10	security policy file detected
Signed-Releases	⚠️ -1	no releases found
Fuzzing	🟢 10	project is fuzzed
Vulnerabilities	⚠️ 0	21 existing vulnerabilities detected
CI-Tests	🟢 10	12 out of 12 merged PRs checked by a CI test -- score normalized to 10
Contributors	🟢 10	project has 42 contributing companies or organizations

gomod/github.com/fluxcd/source-controller/api

1.9.0

🟢 8.1

Details

Check	Score	Reason
Packaging	⚠️ -1	packaging workflow not detected
Maintained	🟢 10	30 commit(s) and 9 issue activity found in the last 90 days -- score normalized to 10
Code-Review	🟢 10	all changesets reviewed
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Binary-Artifacts	🟢 10	no binaries found in the repo
CII-Best-Practices	🟢 5	badge detected: Passing
Fuzzing	🟢 10	project is fuzzed
License	🟢 10	license file detected
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Security-Policy	🟢 10	security policy file detected
Signed-Releases	🟢 10	5 out of the last 5 releases have a total of 10 signed artifacts.
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
SAST	🟢 10	SAST tool is run on all commits

gomod/github.com/fxamacker/cbor/v2

2.9.2

Unknown

gomod/github.com/go-openapi/loads

0.24.0

🟢 7.5

Details

Check	Score	Reason
Maintained	🟢 10	15 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Code-Review	⚠️ 0	Found 0/11 approved changesets -- score normalized to 0
Security-Policy	🟢 10	security policy file detected
Binary-Artifacts	🟢 10	no binaries found in the repo
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Token-Permissions	🟢 10	GitHub workflow tokens follow principle of least privilege
Pinned-Dependencies	🟢 10	all dependencies are pinned
Fuzzing	⚠️ 0	project is not fuzzed
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
SAST	🟢 7	SAST tool is not run on all commits -- score normalized to 7

gomod/github.com/go-openapi/spec

0.22.6

Unknown

gomod/github.com/go-openapi/swag/conv

0.26.1

🟢 8.2

Details

Check	Score	Reason
Code-Review	⚠️ 0	Found 0/11 approved changesets -- score normalized to 0
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Security-Policy	🟢 10	security policy file detected
Maintained	🟢 10	18 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Token-Permissions	🟢 10	GitHub workflow tokens follow principle of least privilege
Pinned-Dependencies	🟢 10	all dependencies are pinned
Fuzzing	🟢 10	project is fuzzed
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
SAST	🟢 7	SAST tool is not run on all commits -- score normalized to 7

gomod/github.com/go-openapi/swag/jsonname

0.26.1

🟢 8.2

Details

Check	Score	Reason
Code-Review	⚠️ 0	Found 0/11 approved changesets -- score normalized to 0
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Security-Policy	🟢 10	security policy file detected
Maintained	🟢 10	18 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Token-Permissions	🟢 10	GitHub workflow tokens follow principle of least privilege
Pinned-Dependencies	🟢 10	all dependencies are pinned
Fuzzing	🟢 10	project is fuzzed
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
SAST	🟢 7	SAST tool is not run on all commits -- score normalized to 7

gomod/github.com/go-openapi/swag/jsonutils

0.26.1

🟢 8.2

Details

Check	Score	Reason
Code-Review	⚠️ 0	Found 0/11 approved changesets -- score normalized to 0
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Security-Policy	🟢 10	security policy file detected
Maintained	🟢 10	18 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Token-Permissions	🟢 10	GitHub workflow tokens follow principle of least privilege
Pinned-Dependencies	🟢 10	all dependencies are pinned
Fuzzing	🟢 10	project is fuzzed
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
SAST	🟢 7	SAST tool is not run on all commits -- score normalized to 7

gomod/github.com/go-openapi/swag/loading

0.26.1

🟢 8.2

Details

Check	Score	Reason
Code-Review	⚠️ 0	Found 0/11 approved changesets -- score normalized to 0
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Security-Policy	🟢 10	security policy file detected
Maintained	🟢 10	18 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Token-Permissions	🟢 10	GitHub workflow tokens follow principle of least privilege
Pinned-Dependencies	🟢 10	all dependencies are pinned
Fuzzing	🟢 10	project is fuzzed
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
SAST	🟢 7	SAST tool is not run on all commits -- score normalized to 7

gomod/github.com/go-openapi/swag/mangling

0.26.1

🟢 8.2

Details

Check	Score	Reason
Code-Review	⚠️ 0	Found 0/11 approved changesets -- score normalized to 0
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Security-Policy	🟢 10	security policy file detected
Maintained	🟢 10	18 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Token-Permissions	🟢 10	GitHub workflow tokens follow principle of least privilege
Pinned-Dependencies	🟢 10	all dependencies are pinned
Fuzzing	🟢 10	project is fuzzed
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
SAST	🟢 7	SAST tool is not run on all commits -- score normalized to 7

gomod/github.com/go-openapi/swag/stringutils

0.26.1

🟢 8.2

Details

Check	Score	Reason
Code-Review	⚠️ 0	Found 0/11 approved changesets -- score normalized to 0
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Security-Policy	🟢 10	security policy file detected
Maintained	🟢 10	18 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Token-Permissions	🟢 10	GitHub workflow tokens follow principle of least privilege
Pinned-Dependencies	🟢 10	all dependencies are pinned
Fuzzing	🟢 10	project is fuzzed
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
SAST	🟢 7	SAST tool is not run on all commits -- score normalized to 7

gomod/github.com/go-openapi/swag/typeutils

0.26.1

🟢 8.2

Details

Check	Score	Reason
Code-Review	⚠️ 0	Found 0/11 approved changesets -- score normalized to 0
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Security-Policy	🟢 10	security policy file detected
Maintained	🟢 10	18 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Token-Permissions	🟢 10	GitHub workflow tokens follow principle of least privilege
Pinned-Dependencies	🟢 10	all dependencies are pinned
Fuzzing	🟢 10	project is fuzzed
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
SAST	🟢 7	SAST tool is not run on all commits -- score normalized to 7

gomod/github.com/go-openapi/swag/yamlutils

0.26.1

🟢 8.2

Details

Check	Score	Reason
Code-Review	⚠️ 0	Found 0/11 approved changesets -- score normalized to 0
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Security-Policy	🟢 10	security policy file detected
Maintained	🟢 10	18 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Token-Permissions	🟢 10	GitHub workflow tokens follow principle of least privilege
Pinned-Dependencies	🟢 10	all dependencies are pinned
Fuzzing	🟢 10	project is fuzzed
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
SAST	🟢 7	SAST tool is not run on all commits -- score normalized to 7

gomod/github.com/lib/pq

1.12.3

Unknown

gomod/golang.org/x/crypto

0.53.0

Unknown

gomod/golang.org/x/mod

0.36.0

Unknown

gomod/golang.org/x/sync

0.21.0

Unknown

gomod/golang.org/x/sys

0.46.0

Unknown

gomod/golang.org/x/term

0.44.0

Unknown

gomod/golang.org/x/text

0.38.0

Unknown

gomod/golang.org/x/tools

0.45.0

Unknown

gomod/helm.sh/helm/v3

3.21.1

🟢 9.3

Details

Check	Score	Reason
Dependency-Update-Tool	🟢 10	update tool detected
Code-Review	🟢 10	all changesets reviewed
Maintained	🟢 10	30 commit(s) and 6 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Packaging	⚠️ -1	packaging workflow not detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Token-Permissions	🟢 10	GitHub workflow tokens follow principle of least privilege
Security-Policy	🟢 9	security policy file detected
Pinned-Dependencies	🟢 10	all dependencies are pinned
License	🟢 10	license file detected
CII-Best-Practices	🟢 5	badge detected: Passing
SAST	🟢 10	SAST tool is run on all commits
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
Signed-Releases	🟢 8	5 out of the last 5 releases have a total of 5 signed artifacts.
Branch-Protection	🟢 5	branch protection is not maximal on development and all release branches
Fuzzing	🟢 10	project is fuzzed
CI-Tests	🟢 10	18 out of 18 merged PRs checked by a CI test -- score normalized to 10
Contributors	🟢 10	project has 59 contributing companies or organizations

gomod/k8s.io/api

0.36.2

Unknown

gomod/k8s.io/apiextensions-apiserver

0.36.2

Unknown

gomod/k8s.io/apimachinery

0.36.2

Unknown

gomod/k8s.io/apiserver

0.36.2

Unknown

gomod/k8s.io/cli-runtime

0.36.2

🟢 5.3

Details

Check	Score	Reason
Maintained	🟢 10	30 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow	⚠️ -1	no workflows found
Code-Review	⚠️ 0	Found 0/30 approved changesets -- score normalized to 0
Packaging	⚠️ -1	packaging workflow not detected
Token-Permissions	⚠️ -1	No tokens found
SAST	⚠️ 0	no SAST tool detected
Binary-Artifacts	🟢 10	no binaries found in the repo
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Fuzzing	⚠️ 0	project is not fuzzed
Pinned-Dependencies	⚠️ -1	no dependencies found
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Security-Policy	🟢 10	security policy file detected

gomod/k8s.io/client-go

0.36.2

Unknown

gomod/k8s.io/component-base

0.36.2

Unknown

gomod/k8s.io/kube-openapi

0.0.0-20260603220949-865597e52e25

Unknown

gomod/k8s.io/kubectl

0.36.2

Unknown

gomod/k8s.io/streaming

0.36.2

Unknown

gomod/k8s.io/utils

0.0.0-20260507154919-ff6756f316d2

🟢 5.6

Details

Check	Score	Reason
Code-Review	🟢 10	all changesets reviewed
Packaging	⚠️ -1	packaging workflow not detected
Maintained	⚠️ 2	3 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 2
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	🟢 5	dependency not pinned by hash detected -- score normalized to 5
License	🟢 10	license file detected
Fuzzing	⚠️ 0	project is not fuzzed
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Security-Policy	🟢 10	security policy file detected
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

gomod/oras.land/oras-go/v2

2.6.1

🟢 7.5

Details

Check	Score	Reason
Maintained	🟢 10	28 commit(s) and 4 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Code-Review	🟢 9	Found 15/16 approved changesets -- score normalized to 9
Security-Policy	🟢 9	security policy file detected
Packaging	⚠️ -1	packaging workflow not detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Binary-Artifacts	🟢 10	no binaries found in the repo
License	🟢 10	license file detected
Pinned-Dependencies	🟢 10	all dependencies are pinned
Fuzzing	⚠️ 0	project is not fuzzed
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	🟢 8	branch protection is not maximal on development and all release branches
SAST	🟢 9	SAST tool detected but not run on all commits

gomod/github.com/Azure/azure-sdk-for-go/sdk/azidentity

1.14.0

Unknown

gomod/github.com/Azure/azure-sdk-for-go/sdk/storage/azblob

1.8.0

Unknown

gomod/github.com/dapr/dapr

1.18.0

Unknown

gomod/github.com/dapr/durabletask-go

0.12.1

Unknown

gomod/github.com/dapr/go-sdk

1.15.0

🟢 5.4

Details

Check	Score	Reason
Packaging	⚠️ -1	packaging workflow not detected
Code-Review	🟢 10	all changesets reviewed
Maintained	🟢 10	27 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10
Binary-Artifacts	🟢 10	no binaries found in the repo
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Fuzzing	⚠️ 0	project is not fuzzed
License	🟢 10	license file detected
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Security-Policy	⚠️ 0	security policy file not detected
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

gomod/github.com/dapr/kit

0.18.1

🟢 4.9

Details

Check	Score	Reason
Code-Review	🟢 10	all changesets reviewed
Packaging	⚠️ -1	packaging workflow not detected
Maintained	🟢 6	8 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 6
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Fuzzing	⚠️ 0	project is not fuzzed
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Security-Policy	⚠️ 0	security policy file not detected
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

gomod/github.com/go-jose/go-jose/v4

4.1.4

Unknown

gomod/github.com/klauspost/compress

1.18.6

Unknown

gomod/github.com/rabbitmq/amqp091-go

1.12.0

Unknown

gomod/github.com/spiffe/go-spiffe/v2

2.6.0

🟢 5.4

Details

Check	Score	Reason
Code-Review	🟢 9	Found 13/14 approved changesets -- score normalized to 9
Maintained	🟢 10	14 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10
Packaging	⚠️ -1	packaging workflow not detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	⚠️ 2	dependency not pinned by hash detected -- score normalized to 2
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Security-Policy	⚠️ 0	security policy file not detected
Fuzzing	⚠️ 0	project is not fuzzed
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

gomod/golang.org/x/crypto

0.53.0

Unknown

gomod/golang.org/x/net

0.56.0

Unknown

gomod/golang.org/x/sync

0.21.0

Unknown

gomod/golang.org/x/sys

0.46.0

Unknown

gomod/golang.org/x/text

0.38.0

Unknown

gomod/google.golang.org/genproto/googleapis/rpc

0.0.0-20260401024825-9d38bb4040a9

🟢 6.6

Details

Check	Score	Reason
Code-Review	🟢 10	all changesets reviewed
Packaging	⚠️ -1	packaging workflow not detected
Security-Policy	🟢 10	security policy file detected
Maintained	🟢 10	30 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
License	🟢 10	license file detected
Fuzzing	⚠️ 0	project is not fuzzed
Branch-Protection	🟢 8	branch protection is not maximal on development and all release branches
Signed-Releases	⚠️ -1	no releases found
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
SAST	🟢 4	SAST tool is not run on all commits -- score normalized to 4

gomod/google.golang.org/grpc

1.80.0

🟢 7.7

Details

Check	Score	Reason
Maintained	🟢 10	30 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Security-Policy	🟢 9	security policy file detected
Code-Review	🟢 10	all changesets reviewed
Packaging	⚠️ -1	packaging workflow not detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Token-Permissions	🟢 10	GitHub workflow tokens follow principle of least privilege
Binary-Artifacts	🟢 10	no binaries found in the repo
License	🟢 10	license file detected
Fuzzing	🟢 10	project is fuzzed
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases	⚠️ 0	Project has not signed or included provenance with any releases.
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
SAST	🟢 7	SAST tool detected but not run on all commits

Scanned Files

go.mod
test/magpiego/go.mod

github-actions · 2026-06-17T23:46:56Z

Unit Tests

2 files ±0 439 suites ±0 7m 25s ⏱️ -8s
5 375 tests ±0 5 373 ✅ ±0 2 💤 ±0 0 ❌ ±0
6 555 runs ±0 6 553 ✅ ±0 2 💤 ±0 0 ❌ ±0

Results for commit d9193bd. ± Comparison against base commit 5586e28.

♻️ This comment has been updated with latest results.

DariuszPorowski · 2026-06-18T04:47:02Z

@dependabot rebase

… 30 updates Bumps the go-dependencies group with 19 updates in the / directory: | Package | From | To | | --- | --- | --- | | [github.com/Azure/azure-sdk-for-go/sdk/azidentity](https://github.com/Azure/azure-sdk-for-go) | `1.14.0-beta.2.0.20260124023332-4c5175309ebb` | `1.14.0` | | [github.com/Azure/secrets-store-csi-driver-provider-azure](https://github.com/Azure/secrets-store-csi-driver-provider-azure) | `1.8.1` | `1.8.2` | | [github.com/aws/aws-sdk-go-v2](https://github.com/aws/aws-sdk-go-v2) | `1.41.12` | `1.42.0` | | [github.com/aws/aws-sdk-go-v2/config](https://github.com/aws/aws-sdk-go-v2) | `1.32.23` | `1.32.25` | | [github.com/aws/aws-sdk-go-v2/service/cloudcontrol](https://github.com/aws/aws-sdk-go-v2) | `1.30.5` | `1.30.6` | | [github.com/aws/aws-sdk-go-v2/service/cloudformation](https://github.com/aws/aws-sdk-go-v2) | `1.72.0` | `1.72.1` | | [github.com/aws/aws-sdk-go-v2/service/ec2](https://github.com/aws/aws-sdk-go-v2) | `1.305.2` | `1.307.0` | | [github.com/aws/aws-sdk-go-v2/service/ecr](https://github.com/aws/aws-sdk-go-v2) | `1.58.3` | `1.58.4` | | [github.com/aws/smithy-go](https://github.com/aws/smithy-go) | `1.27.1` | `1.27.2` | | [github.com/fluxcd/pkg/apis/meta](https://github.com/fluxcd/pkg) | `1.29.0` | `1.30.0` | | [github.com/fluxcd/source-controller/api](https://github.com/fluxcd/source-controller) | `1.8.5` | `1.9.0` | | [github.com/go-openapi/loads](https://github.com/go-openapi/loads) | `0.23.4` | `0.24.0` | | [github.com/go-openapi/spec](https://github.com/go-openapi/spec) | `0.22.5` | `0.22.6` | | [golang.org/x/crypto](https://github.com/golang/crypto) | `0.52.0` | `0.53.0` | | [helm.sh/helm/v3](https://github.com/helm/helm) | `3.21.0` | `3.21.1` | | [k8s.io/api](https://github.com/kubernetes/api) | `0.36.1` | `0.36.2` | | [k8s.io/apiextensions-apiserver](https://github.com/kubernetes/apiextensions-apiserver) | `0.36.1` | `0.36.2` | | [k8s.io/cli-runtime](https://github.com/kubernetes/cli-runtime) | `0.36.1` | `0.36.2` | | [k8s.io/kubectl](https://github.com/kubernetes/kubectl) | `0.36.1` | `0.36.2` | Bumps the go-dependencies group with 4 updates in the /test/magpiego directory: [github.com/Azure/azure-sdk-for-go/sdk/azidentity](https://github.com/Azure/azure-sdk-for-go), [github.com/Azure/azure-sdk-for-go/sdk/storage/azblob](https://github.com/Azure/azure-sdk-for-go), [github.com/dapr/go-sdk](https://github.com/dapr/go-sdk) and [github.com/rabbitmq/amqp091-go](https://github.com/rabbitmq/amqp091-go). Updates `github.com/Azure/azure-sdk-for-go/sdk/azidentity` from 1.14.0-beta.2.0.20260124023332-4c5175309ebb to 1.14.0 - [Release notes](https://github.com/Azure/azure-sdk-for-go/releases) - [Commits](https://github.com/Azure/azure-sdk-for-go/commits/sdk/azcore/v1.14.0) Updates `github.com/Azure/secrets-store-csi-driver-provider-azure` from 1.8.1 to 1.8.2 - [Release notes](https://github.com/Azure/secrets-store-csi-driver-provider-azure/releases) - [Changelog](https://github.com/Azure/secrets-store-csi-driver-provider-azure/blob/master/docs/Release_Management.md) - [Commits](Azure/secrets-store-csi-driver-provider-azure@v1.8.1...v1.8.2) Updates `github.com/aws/aws-sdk-go-v2` from 1.41.12 to 1.42.0 - [Release notes](https://github.com/aws/aws-sdk-go-v2/releases) - [Commits](aws/aws-sdk-go-v2@v1.41.12...v1.42.0) Updates `github.com/aws/aws-sdk-go-v2/config` from 1.32.23 to 1.32.25 - [Release notes](https://github.com/aws/aws-sdk-go-v2/releases) - [Commits](aws/aws-sdk-go-v2@config/v1.32.23...config/v1.32.25) Updates `github.com/aws/aws-sdk-go-v2/credentials` from 1.19.22 to 1.19.24 - [Release notes](https://github.com/aws/aws-sdk-go-v2/releases) - [Commits](aws/aws-sdk-go-v2@credentials/v1.19.22...credentials/v1.19.24) Updates `github.com/aws/aws-sdk-go-v2/service/cloudcontrol` from 1.30.5 to 1.30.6 - [Release notes](https://github.com/aws/aws-sdk-go-v2/releases) - [Commits](aws/aws-sdk-go-v2@v1.30.5...service/s3/v1.30.6) Updates `github.com/aws/aws-sdk-go-v2/service/cloudformation` from 1.72.0 to 1.72.1 - [Release notes](https://github.com/aws/aws-sdk-go-v2/releases) - [Commits](aws/aws-sdk-go-v2@service/s3/v1.72.0...service/s3/v1.72.1) Updates `github.com/aws/aws-sdk-go-v2/service/ec2` from 1.305.2 to 1.307.0 - [Release notes](https://github.com/aws/aws-sdk-go-v2/releases) - [Commits](aws/aws-sdk-go-v2@service/ec2/v1.305.2...service/ec2/v1.307.0) Updates `github.com/aws/aws-sdk-go-v2/service/ecr` from 1.58.3 to 1.58.4 - [Release notes](https://github.com/aws/aws-sdk-go-v2/releases) - [Commits](aws/aws-sdk-go-v2@service/s3/v1.58.3...service/ecr/v1.58.4) Updates `github.com/aws/aws-sdk-go-v2/service/sts` from 1.43.2 to 1.43.3 - [Release notes](https://github.com/aws/aws-sdk-go-v2/releases) - [Commits](aws/aws-sdk-go-v2@service/amp/v1.43.2...service/amp/v1.43.3) Updates `github.com/aws/smithy-go` from 1.27.1 to 1.27.2 - [Release notes](https://github.com/aws/smithy-go/releases) - [Changelog](https://github.com/aws/smithy-go/blob/main/CHANGELOG.md) - [Commits](aws/smithy-go@v1.27.1...v1.27.2) Updates `github.com/fluxcd/pkg/apis/meta` from 1.29.0 to 1.30.0 - [Commits](fluxcd/pkg@apis/meta/v1.29.0...apis/meta/v1.30.0) Updates `github.com/fluxcd/source-controller/api` from 1.8.5 to 1.9.0 - [Release notes](https://github.com/fluxcd/source-controller/releases) - [Changelog](https://github.com/fluxcd/source-controller/blob/main/CHANGELOG.md) - [Commits](fluxcd/source-controller@v1.8.5...v1.9.0) Updates `github.com/go-openapi/loads` from 0.23.4 to 0.24.0 - [Release notes](https://github.com/go-openapi/loads/releases) - [Commits](go-openapi/loads@v0.23.4...v0.24.0) Updates `github.com/go-openapi/spec` from 0.22.5 to 0.22.6 - [Release notes](https://github.com/go-openapi/spec/releases) - [Commits](go-openapi/spec@v0.22.5...v0.22.6) Updates `github.com/go-openapi/swag/loading` from 0.26.0 to 0.26.1 - [Release notes](https://github.com/go-openapi/swag/releases) - [Commits](go-openapi/swag@v0.26.0...v0.26.1) Updates `golang.org/x/crypto` from 0.52.0 to 0.53.0 - [Commits](golang/crypto@v0.52.0...v0.53.0) Updates `golang.org/x/sync` from 0.20.0 to 0.21.0 - [Commits](golang/sync@v0.20.0...v0.21.0) Updates `golang.org/x/text` from 0.37.0 to 0.38.0 - [Release notes](https://github.com/golang/text/releases) - [Commits](golang/text@v0.37.0...v0.38.0) Updates `helm.sh/helm/v3` from 3.21.0 to 3.21.1 - [Release notes](https://github.com/helm/helm/releases) - [Commits](helm/helm@v3.21.0...v3.21.1) Updates `k8s.io/api` from 0.36.1 to 0.36.2 - [Commits](kubernetes/api@v0.36.1...v0.36.2) Updates `k8s.io/apiextensions-apiserver` from 0.36.1 to 0.36.2 - [Release notes](https://github.com/kubernetes/apiextensions-apiserver/releases) - [Commits](kubernetes/apiextensions-apiserver@v0.36.1...v0.36.2) Updates `k8s.io/apimachinery` from 0.36.1 to 0.36.2 - [Commits](kubernetes/apimachinery@v0.36.1...v0.36.2) Updates `k8s.io/cli-runtime` from 0.36.1 to 0.36.2 - [Commits](kubernetes/cli-runtime@v0.36.1...v0.36.2) Updates `k8s.io/client-go` from 0.36.1 to 0.36.2 - [Changelog](https://github.com/kubernetes/client-go/blob/master/CHANGELOG.md) - [Commits](kubernetes/client-go@v0.36.1...v0.36.2) Updates `k8s.io/kubectl` from 0.36.1 to 0.36.2 - [Commits](kubernetes/kubectl@v0.36.1...v0.36.2) Updates `oras.land/oras-go/v2` from 2.6.0 to 2.6.1 - [Release notes](https://github.com/oras-project/oras-go/releases) - [Commits](oras-project/oras-go@v2.6.0...v2.6.1) Updates `github.com/Azure/azure-sdk-for-go/sdk/azidentity` from 1.14.0-beta.2.0.20260124023332-4c5175309ebb to 1.14.0 - [Release notes](https://github.com/Azure/azure-sdk-for-go/releases) - [Commits](https://github.com/Azure/azure-sdk-for-go/commits/sdk/azcore/v1.14.0) Updates `github.com/Azure/azure-sdk-for-go/sdk/azidentity` from 1.13.1 to 1.14.0 - [Release notes](https://github.com/Azure/azure-sdk-for-go/releases) - [Commits](https://github.com/Azure/azure-sdk-for-go/commits/sdk/azcore/v1.14.0) Updates `github.com/Azure/azure-sdk-for-go/sdk/azidentity` from 1.13.1 to 1.14.0 - [Release notes](https://github.com/Azure/azure-sdk-for-go/releases) - [Commits](https://github.com/Azure/azure-sdk-for-go/commits/sdk/azcore/v1.14.0) Updates `github.com/Azure/azure-sdk-for-go/sdk/storage/azblob` from 1.7.0 to 1.8.0 - [Release notes](https://github.com/Azure/azure-sdk-for-go/releases) - [Commits](Azure/azure-sdk-for-go@sdk/azcore/v1.7.0...sdk/azcore/v1.8.0) Updates `github.com/dapr/go-sdk` from 1.14.2 to 1.15.0 - [Release notes](https://github.com/dapr/go-sdk/releases) - [Commits](dapr/go-sdk@v1.14.2...v1.15.0) Updates `github.com/rabbitmq/amqp091-go` from 1.11.0 to 1.12.0 - [Release notes](https://github.com/rabbitmq/amqp091-go/releases) - [Changelog](https://github.com/rabbitmq/amqp091-go/blob/main/CHANGELOG.md) - [Commits](rabbitmq/amqp091-go@v1.11.0...v1.12.0) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go-v2 dependency-version: 1.42.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-dependencies - dependency-name: github.com/aws/aws-sdk-go-v2/config dependency-version: 1.32.25 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go-dependencies - dependency-name: github.com/aws/aws-sdk-go-v2/credentials dependency-version: 1.19.24 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go-dependencies - dependency-name: github.com/aws/aws-sdk-go-v2/service/cloudcontrol dependency-version: 1.30.6 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go-dependencies - dependency-name: github.com/aws/aws-sdk-go-v2/service/cloudformation dependency-version: 1.72.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go-dependencies - dependency-name: github.com/aws/aws-sdk-go-v2/service/ec2 dependency-version: 1.307.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-dependencies - dependency-name: github.com/aws/aws-sdk-go-v2/service/ecr dependency-version: 1.58.4 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go-dependencies - dependency-name: github.com/aws/aws-sdk-go-v2/service/sts dependency-version: 1.43.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go-dependencies - dependency-name: github.com/aws/smithy-go dependency-version: 1.27.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go-dependencies - dependency-name: github.com/Azure/azure-sdk-for-go/sdk/azidentity dependency-version: 1.14.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-dependencies - dependency-name: github.com/Azure/azure-sdk-for-go/sdk/azidentity dependency-version: 1.14.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-dependencies - dependency-name: github.com/Azure/azure-sdk-for-go/sdk/azidentity dependency-version: 1.14.0 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go-dependencies - dependency-name: github.com/Azure/azure-sdk-for-go/sdk/azidentity dependency-version: 1.14.0 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go-dependencies - dependency-name: github.com/Azure/azure-sdk-for-go/sdk/storage/azblob dependency-version: 1.8.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-dependencies - dependency-name: github.com/Azure/secrets-store-csi-driver-provider-azure dependency-version: 1.8.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go-dependencies - dependency-name: github.com/dapr/go-sdk dependency-version: 1.15.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-dependencies - dependency-name: github.com/fluxcd/pkg/apis/meta dependency-version: 1.30.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-dependencies - dependency-name: github.com/fluxcd/source-controller/api dependency-version: 1.9.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-dependencies - dependency-name: github.com/go-openapi/loads dependency-version: 0.24.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-dependencies - dependency-name: github.com/go-openapi/spec dependency-version: 0.22.6 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go-dependencies - dependency-name: github.com/go-openapi/swag/loading dependency-version: 0.26.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go-dependencies - dependency-name: github.com/rabbitmq/amqp091-go dependency-version: 1.12.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-dependencies - dependency-name: golang.org/x/crypto dependency-version: 0.53.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-dependencies - dependency-name: golang.org/x/sync dependency-version: 0.21.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-dependencies - dependency-name: golang.org/x/text dependency-version: 0.38.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-dependencies - dependency-name: helm.sh/helm/v3 dependency-version: 3.21.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go-dependencies - dependency-name: k8s.io/api dependency-version: 0.36.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go-dependencies - dependency-name: k8s.io/apiextensions-apiserver dependency-version: 0.36.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go-dependencies - dependency-name: k8s.io/apimachinery dependency-version: 0.36.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go-dependencies - dependency-name: k8s.io/cli-runtime dependency-version: 0.36.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go-dependencies - dependency-name: k8s.io/client-go dependency-version: 0.36.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go-dependencies - dependency-name: k8s.io/kubectl dependency-version: 0.36.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go-dependencies - dependency-name: oras.land/oras-go/v2 dependency-version: 2.6.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go-dependencies ... Signed-off-by: dependabot[bot] <support@github.com>

radius-functional-tests · 2026-06-18T05:01:57Z

Radius functional test overview

🔍 Go to test action run

Click here to see the test run details

Name	Value
Repository	radius-project/radius
Commit ref	`d9193bd`
Unique ID	funcba1c4fdfcb
Image tag	pr-funcba1c4fdfcb

gotestsum 1.13.0
KinD: v0.29.0
Dapr: 1.14.4
Azure KeyVault CSI driver: 1.4.2
Azure Workload identity webhook: 1.3.0
Bicep recipe location ghcr.io/radius-project/dev/test/testrecipes/test-bicep-recipes/<name>:pr-funcba1c4fdfcb
Terraform recipe location http://tf-module-server.radius-test-tf-module-server.svc.cluster.local/<name>.zip (in cluster)
applications-rp test image location: ghcr.io/radius-project/dev/applications-rp:pr-funcba1c4fdfcb
dynamic-rp test image location: ghcr.io/radius-project/dev/dynamic-rp:pr-funcba1c4fdfcb
controller test image location: ghcr.io/radius-project/dev/controller:pr-funcba1c4fdfcb
ucp test image location: ghcr.io/radius-project/dev/ucpd:pr-funcba1c4fdfcb
deployment-engine test image location: ghcr.io/radius-project/deployment-engine:latest

Test Status

⌛ Building Radius and pushing container images for functional tests...
✅ Container images build succeeded
⌛ Publishing Bicep Recipes for functional tests...
✅ Recipe publishing succeeded
⌛ Starting ucp-cloud functional tests...
⌛ Starting corerp-cloud functional tests...
✅ ucp-cloud functional tests succeeded
✅ corerp-cloud functional tests succeeded

dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Jun 17, 2026

Copilot AI review requested due to automatic review settings June 17, 2026 23:30

dependabot Bot requested review from a team as code owners June 17, 2026 23:30

dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Jun 17, 2026

Copilot AI reviewed Jun 17, 2026

dependabot Bot force-pushed the dependabot/go_modules/go-dependencies-43021c6b36 branch from 912f5ed to 55d95b3 Compare June 18, 2026 03:25

dependabot Bot force-pushed the dependabot/go_modules/go-dependencies-43021c6b36 branch from 55d95b3 to d9193bd Compare June 18, 2026 05:00

DariuszPorowski approved these changes Jun 18, 2026

View reviewed changes

github-actions Bot mentioned this pull request Jun 18, 2026

Causinator 9000 CI Failure Digest — 2026-05-29 #12015

Open

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

build(deps): bump the go-dependencies group across 2 directories with 30 updates#12144

build(deps): bump the go-dependencies group across 2 directories with 30 updates#12144
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/go_modules/go-dependencies-43021c6b36

dependabot Bot commented on behalf of github Jun 17, 2026 •

edited

Loading

Uh oh!

Copilot AI left a comment

Uh oh!

github-actions Bot commented Jun 17, 2026 •

edited

Loading

Uh oh!

github-actions Bot commented Jun 17, 2026 •

edited

Loading

Uh oh!

DariuszPorowski commented Jun 18, 2026

Uh oh!

radius-functional-tests Bot commented Jun 18, 2026 •

edited

Loading

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Conversation

dependabot Bot commented on behalf of github Jun 17, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

sdk/azidentity/v1.14.0

1.14.0 (2026-06-15)

Breaking Changes

Bugs Fixed

Other Changes

v1.8.2 - 2026-06-11

Changelog

Bug Fixes 🐞

Continuous Integration 💜

Maintenance 🔧

Release (2026-06-05)

General Highlights

Module Highlights

Release (2026-06-04)

General Highlights

Module Highlights

Release (2026-06-02)

General Highlights

Module Highlights

Release (2026-05-27)

General Highlights

Module Highlights

Release (2026-04-23)

General Highlights

Module Highlights

v1.9.0

Changelog

Container images

1.9.0

GitRepository

OCIRepository

v0.24.0

0.24.0 - 2026-06-07

Documentation

Security

Updates

People who contributed to this release

v0.22.6

0.22.6 - 2026-06-14

Fixed bugs

Documentation

Code quality

Updates

Other (technical)

People who contributed to this release

v0.26.1

0.26.1 - 2026-06-07

Implemented enhancements

Documentation

Miscellaneous tasks

Security

Updates

People who contributed to this release

Notable Changes

Installation and Upgrading

What's Next

Changelog

v2.6.1

Security Fixes

Bug Fixes

Other Changes

Uh oh!

Copilot AI left a comment

Choose a reason for hiding this comment

Uh oh!

github-actions Bot commented Jun 17, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Dependency Review

License Issues

go.mod

test/magpiego/go.mod

OpenSSF Scorecard

Scanned Files

Uh oh!

github-actions Bot commented Jun 17, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Unit Tests

dependabot Bot commented on behalf of github Jun 17, 2026 •

edited

Loading

github-actions Bot commented Jun 17, 2026 •

edited

Loading

github-actions Bot commented Jun 17, 2026 •

edited

Loading

radius-functional-tests Bot commented Jun 18, 2026 •

edited

Loading