fix(go.mod/go.sum): update minor dependencies (golang)

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence	Type	Update
github.com/cert-manager/cert-manager	v1.17.2 -> v1.18.2			require	minor
github.com/onsi/ginkgo/v2	v2.23.4 -> v2.24.0			require	minor
github.com/onsi/gomega	v1.37.0 -> v1.38.0			require	minor
github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring	v0.83.0 -> v0.84.1			require	minor
github.com/redis/go-redis/v9	v9.9.0 -> v9.12.1			require	minor
go (source)	1.24.3 -> 1.25.0			golang	minor
golang.org/x/mod	v0.24.0 -> v0.27.0			require	minor
sigs.k8s.io/yaml	v1.4.0 -> v1.6.0			require	minor

---

Release Notes

cert-manager/cert-manager (github.com/cert-manager/cert-manager)

v1.18.2

Compare Source

cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters.

We fixed a bug in the CSR's name constraints construction (only applies if you have enabled the NameConstraints feature gate).
We dropped the new global.rbac.disableHTTPChallengesRole Helm option due to a bug we found, this feature will be released in v1.19 instead.

Changes since v1.18.1:

Bug or Regression

• BUGFIX: permitted URI domains were incorrectly used to set the excluded URI domains in the CSR's name constraints (#​7833, @​cert-manager-bot)
• Reverted adding the global.rbac.disableHTTPChallengesRole Helm option. (#​7837, @​cert-manager-bot)

v1.18.1

Compare Source

cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters.

We have added a new feature gate ACMEHTTP01IngressPathTypeExact, to allow ingress-nginx users to turn off the new default Ingress PathType: Exact behavior, in ACME HTTP01 Ingress challenge solvers.
This change fixes the following issue: #​7791

We have increased the ACME challenge authorization timeout to two minutes, which we hope will fix a timeout error (error waiting for authorization), which has been reported by multiple users, since the release of cert-manager v1.16.0.
This change should fix the following issues: #​7337, #​7444, and #​7685.

ℹ️ Be sure to review all new features and changes below, and read the full release notes carefully before upgrading.

Changes since v1.18.0:

Feature

• Added a new feature gate ACMEHTTP01IngressPathTypeExact, to allow ingress-nginx users to turn off the new default Ingress PathType: Exact behavior, in ACME HTTP01 Ingress challenge solvers. (#7810, @​sspreitzer)

Bug or Regression

• ACME: Increased challenge authorization timeout to 2 minutes to fix error waiting for authorization. (#7801, @​hjoshi123)

Other (Cleanup or Flake)

• Use the latest version of ingress-nginx in E2E tests to ensure compatibility (#7807, @​wallrj)

v1.18.0

Compare Source

cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters.

cert-manager 1.18 introduces several new features and breaking changes. Highlights include support for ACME certificate profiles, a new default for Certificate.Spec.PrivateKey.RotationPolicy now set to Always (breaking change), and the default Certificate.Spec.RevisionHistoryLimit now set to 1 (potentially breaking).

ℹ️ Be sure to review all new features and changes below, and read the full release notes carefully before upgrading.

Known Issues

• ACME HTTP01 challenge paths are rejected by the ingress-nginx validating webhook (#​7791)

Changes since v1.17.2:

Feature

• Add config to the Vault issuer to allow the server-name to be specified when validating the certificates the Vault server presents. (#​7663, @​ThatsMrTalbot)
• Added app.kubernetes.io/managed-by: cert-manager label to the created Let's Encrypt account keys (#​7577, @​terinjokes)
• Added certificate issuance and expiration time metrics (certmanager_certificate_not_before_timestamp_seconds, certmanager_certificate_not_after_timestamp_seconds). (#​7612, @​solidDoWant)
• Added ingress-shim option: --extra-certificate-annotations, which sets a list of annotation keys to be copied from Ingress-like to resulting Certificate object (#​7083, @​k0da)
• Added the iss short name for the cert-manager Issuer resource. (#​7373, @​SgtCoDFish)
• Added the ciss short name for the cert-manager ClusterIssuer resource (#​7373, @​SgtCoDFish)
• Adds the global.rbac.disableHTTPChallengesRole helm value to disable HTTP-01 ACME challenges. This allows cert-manager to drop its permission to create pods, improving security when HTTP-01 challenges are not required. (#​7666, @​ali-hamza-noor)
• Allow customizing signature algorithm (#​7591, @​tareksha)
• Cache the full DNS response and handle TTL expiration in FindZoneByFqdn (#​7596, @​ThatsIvan)
• Cert-manager now uses a local fork of the golang.org/x/crypto/acme package (#​7752, @​wallrj)
• Add support for ACME profiles extension. (#​7777, @​wallrj)
• Promote the UseDomainQualifiedFinalizer feature to GA. (#​7735, @​jsoref)
• Switched service/servicemon definitions to use port names instead of numbers. (#​7727, @​jcpunk)
• The default value of Certificate.Spec.PrivateKey.RotationPolicy changed from Never to Always. (#​7723, @​wallrj)
• Potentially breaking: Set the default revisionHistoryLimit to 1 for the CertificateRequest revisions (#​7758, @​ali-hamza-noor)

Documentation

• Fix some comments (#​7620, @​teslaedison)

Bug or Regression

• Bump go-jose dependency to address CVE-2025-27144. (#​7606, @​SgtCoDFish)
• Bump golang.org/x/oauth2 to patch CVE-2025-22868. (#​7638, @​NicholasBlaskey)
• Bump golang.org/x/crypto to patch GHSA-hcg3-q754-cr77. (#​7638, @​NicholasBlaskey)
• Bump github.com/golang-jwt/jwt to patch GHSA-mh63-6h87-95cp. (#​7638, @​NicholasBlaskey)
• Change of the Kubernetes Ingress pathType from ImplementationSpecific to Exact for a reliable handling of ingress controllers and enhanced security. (#​7767, @​sspreitzer)
• Fix AWS Route53 error detection for not-found errors during deletion of DNS records. (#​7690, @​wallrj)
• Fix behavior when running with --namespace=<namespace>: limit the scope of cert-manager to a single namespace and disable cluster-scoped controllers. (#​7678, @​tsaarni)
• Fix handling of certificates with IP addresses in the commonName field; IP addresses are no longer added to the DNS subjectAlternativeName list and are instead added to the ipAddresses field as expected. (#​7081, @​johnjcool)
• Fix issuing of certificates via DNS01 challenges on Cloudflare after a breaking change to the Cloudflare API (#​7549, @​LukeCarrier)
• Fixed the certmanager_certificate_renewal_timestamp_seconds metric help text indicating that the metric is relative to expiration time, rather than Unix epoch time. (#​7609, @​solidDoWant)
• Fixing the service account template to incorporate boolean values for the annotations. (#​7698, @​ali-hamza-noor)
• Quote nodeSelector values in Helm Chart (#​7579, @​tobiasbp)
• Skip Gateway TLS listeners in Passthrough mode. (#​6986, @​vehagn)
• Upgrade golang.org/x/net fixing CVE-2025-22870. (#​7619, @​dependabot[bot])

Other (Cleanup or Flake)

• ACME E2E Tests: Upgraded Pebble to v2.7.0 and modified the ACME tests to match latest Pebble behaviour. (#​7771, @​wallrj)
• Patch the third_party/forked/acme package with support for the ACME profiles extension. (#​7776, @​wallrj)
• Promote the AdditionalCertificateOutputFormats feature to GA, making additional formats always enabled. (#​7744, @​erikgb)
• Remove deprecated feature gate ValidateCAA. Setting this feature gate is now a no-op which does nothing but print a warning log line (#​7553, @​SgtCoDFish)
• Update kind images to include the Kubernetes 1.33 node image (#​7787, @​cert-manager-bot)
• Upgrade Go to v1.24.4 (#​7785, @​wallrj)
• Use slices.Contains to simplify code (#​7753, @​cuinix)

v1.17.4

Compare Source

cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters.

We fixed a bug in the CSR's name constraints construction (only applies if you have enabled the NameConstraints feature gate).

Changes since v1.17.3:

Bug or Regression

• BUGFIX: permitted URI domains were incorrectly used to set the excluded URI domains in the CSR's name constraints (#​7832, @​cert-manager-bot)

v1.17.3

Compare Source

cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters.

This patch release addresses several vulnerabilities reported by the Trivy security scanner. It is built with the latest version of Go 1.23.

We have increased the ACME challenge authorization timeout to two minutes, which we hope will fix a timeout error (error waiting for authorization), which has been reported by multiple users, in: #​7337, #​7444, and #​7685.

ℹ️ Be sure to review all new features and changes below, and read the full release notes carefully before upgrading.

Changes since v1.17.2:

Bug or Regression

• Bump Go to 1.23.10 to fix GO-2025-3749, GO-2025-3750, and GO-2025-3751 (#​7799, @​wallrj)
• ACME: Increased challenge authorization timeout to 2 minutes to fix error waiting for authorization (#​7798, @​hjoshi123)

Other (Cleanup or Flake)

• Use the latest version of ingress-nginx in E2E tests to ensure compatibility (#​7808, @​wallrj)

onsi/ginkgo (github.com/onsi/ginkgo/v2)

v2.24.0

Compare Source

2.24.0

Features

Specs can now be decorated with (e.g.) SemVerConstraint("2.1.0") and ginkgo --sem-ver-filter="2.1.1" will only run constrained specs that match the requested version. Learn more in the docs here! Thanks to @​Icarus9913 for the PR.

Fixes

• remove -o from run command [3f5d379]. fixes #​1582

Maintenance

Numerous dependency bumps and documentation fixes

onsi/gomega (github.com/onsi/gomega)

v1.38.0

Compare Source

1.38.0

Features

• gstruct handles extra unexported fields [4ee7ed0]

Fixes

• support [] in IgnoringTopFunction function signatures (#​851) [36bbf72]

Maintenance

• Bump golang.org/x/net from 0.40.0 to 0.41.0 (#​846) [529d408]
• Fix typo [acd1f55]
• Bump google.golang.org/protobuf from 1.36.5 to 1.36.6 (#​835) [bae65a0]
• Bump nokogiri from 1.18.4 to 1.18.8 in /docs (#​842) [8dda91f]
• Bump golang.org/x/net from 0.39.0 to 0.40.0 (#​843) [212d812]
• Bump github.com/onsi/ginkgo/v2 from 2.23.3 to 2.23.4 (#​839) [59bd7f9]
• Bump nokogiri from 1.18.1 to 1.18.4 in /docs (#​834) [328c729]
• Bump uri from 1.0.2 to 1.0.3 in /docs (#​826) [9a798a1]
• Bump golang.org/x/net from 0.37.0 to 0.39.0 (#​841) [04a72c6]

prometheus-operator/prometheus-operator (github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring)

v0.84.1: 0.84.1 / 2025-08-06

Compare Source

• [CHANGE/BUGFIX] Disable compaction of overlapping blocks when Thanos sidecar is configured with object storage. #​7747
• [BUGFIX] Log only selected resources which are valid. #​7749

v0.84.0: 0.84.0 / 2025-07-14

Compare Source

• [FEATURE] Add telegram field to AlertManager CRD global configuration. #​7631
• [FEATURE] Add jira field to AlertManager CRD global configuration. #​7626
• [FEATURE] Add webex field to AlertManager CRD global configuration. #​7632
• [FEATURE] Add victorops field to Alertmanager CRD global configuration. #​7654
• [FEATURE] Add wechat field to Alertmanager CRD global configuration. #​7627
• [FEATURE] Add ruleQueryOffset field to ThanosRuler CRD. #​7580
• [FEATURE] Add ruleConcurrentEval field to ThanosRuler CRD. #​7659
• [FEATURE] Add ruleOutageTolerance field to ThanosRuler CRD. #​7672
• [FEATURE] Add ProxyConfig fields to ServiceMonitor. #​7647
• [FEATURE] Add ProxyConfig fields to Probe. #​7660
• [FEATURE] Add ProxyConfig fields to Prometheus apiServerConfig. #​7670
• [FEATURE] Add scrapeClassicHistograms field to Prometheus. #​7667
• [FEATURE] Add labelSelector field to HetznerSDConfig in the ScrapeConfig CRD. #​7675
• [FEATURE] Add startupProbe to config-reloader. #​7575
• [ENHANCEMENT] Set reason: ConfigurationUnmanaged in the Reconciled condition when the operator doesn't managed the Prometheus configuration. #​7661
• [ENHANCEMENT] AlertManager matchType defaults to = if neither matchType nor regex is set, and =~ if regex: true is set without matchType. #​7592

redis/go-redis (github.com/redis/go-redis/v9)

v9.12.1: 9.12.1

Compare Source

🚀 Highlights

In the last version (9.12.0) the client introduced bigger write and read buffer sizes. The default value was 512KiB.
However, users reported that this is too big for most use cases and can lead to high memory usage.
In this version the default value is changed to 256KiB. The README.md was updated to reflect the
correct default value and include a note that the default value can be changed.

🐛 Bug Fixes

• fix(options): Add buffer sizes to failover. Update README (#​3468)

🧰 Maintenance

• fix(options): Add buffer sizes to failover. Update README (#​3468)
• chore: update & fix otel example (#​3466)

Contributors

We'd like to thank all the contributors who worked on this release!

@​ndyakov and @​vmihailenco

v9.12.0: 9.12.0

Compare Source

🚀 Highlights

• This release includes support for Redis 8.2.
• Introduces an experimental Query Builders for FTSearch, FTAggregate and other search commands.
• Adds support for EPSILON option in FT.VSIM.
• Includes bug fixes and improvements contributed by the community related to ring and redisotel.

Changes

• Improve stale issue workflow (#​3458)
• chore(ci): Add 8.2 rc2 pre build for CI (#​3459)
• Added new stream commands (#​3450)
• feat: Add "skip_verify" to Sentinel (#​3428)
• fix: errors.Join requires Go 1.20 or later (#​3442)
• DOC-4344 document quickstart examples (#​3426)
• feat(bitop): add support for the new bitop operations (#​3409)

🚀 New Features

• feat: recover addIdleConn may occur panic (#​2445)
• feat(ring): specify custom health check func via HeartbeatFn option (#​2940)
• Add Query Builder for RediSearch commands (#​3436)
• add configurable buffer sizes for Redis connections (#​3453)
• Add VAMANA vector type to RediSearch (#​3449)
• VSIM add EPSILON option (#​3454)
• Add closing support to otel metrics instrumentation (#​3444)

🐛 Bug Fixes

• fix(redisotel): fix buggy append in reportPoolStats (#​3122)
• fix(search): return results even if doc is empty (#​3457)
• [ISSUE-3402]: Ring.Pipelined return dial timeout error (#​3403)

🧰 Maintenance

• Merges stale issues jobs into one job with two steps (#​3463)
• improve code readability (#​3446)
• chore(release): 9.12.0-beta.1 (#​3460)
• DOC-5472 time series doc examples (#​3443)
• Add VAMANA compression algorithm tests (#​3461)
• bumped redis 8.2 version used in the CI/CD (#​3451)

Contributors

We'd like to thank all the contributors who worked on this release!

@​andy-stark-redis, @​cxljs, @​elena-kolevska, @​htemelski-redis, @​jouir, @​monkey92t, @​ndyakov, @​ofekshenawa, @​rokn, @​smnvdev, @​strobil and @​wzy9607

New Contributors

• @​htemelski-redis made their first contribution in #​3409
• @​smnvdev made their first contribution in #​3403
• @​rokn made their first contribution in #​3444

v9.11.0: 9.11.0

Compare Source

🚀 Highlights

Fixes TxPipeline to work correctly in cluster scenarios, allowing execution of commands
only in the same slot for a given transaction.

Changes

🚀 New Features

• Set cluster slot for scan commands, rather than random (#​2623)
• Add CredentialsProvider field to UniversalOptions (#​2927)
• feat(redisotel): add WithCallerEnabled option (#​3415)

🐛 Bug Fixes

• fix(txpipeline): keyless commands should take the slot of the keyed (#​3411)
• fix(loading): cache the loaded flag for slave nodes (#​3410)
• fix(txpipeline): should return error on multi/exec on multiple slots (#​3408)
• fix: check if the shard exists to avoid returning nil (#​3396)

🧰 Maintenance

• feat: optimize connection pool waitTurn (#​3412)
• chore(ci): update CI redis builds (#​3407)
• chore: remove a redundant method from Ring, Client and ClusterClient (#​3401)
• test: refactor TestBasicCredentials using table-driven tests (#​3406)
• perf: reduce unnecessary memory allocation operations (#​3399)
• fix: insert entry during iterating over a map (#​3398)
• DOC-5229 probabilistic data type examples (#​3413)
• chore(deps): bump rojopolis/spellcheck-github-actions from 0.49.0 to 0.51.0 (#​3414)

Contributors

We'd like to thank all the contributors who worked on this release!

@​andy-stark-redis, @​boekkooi-impossiblecloud, @​cxljs, @​dcherubini, @​iamamirsalehi, @​ndyakov, @​pete-woods, @​twz915

v9.10.0: 9.10.0

Compare Source

Experimental support for vector sets!

🚀 Highlights

go-redis now supports vector sets. This data type is marked as "in preview" in Redis and its support in go-redis is marked as experimental. You can find examples in the documentation and in the doctests folder.

Changes

🚀 New Features

• feat: support vectorset (#​3375) @​fukua95

🧰 Maintenance

• Add the missing NewFloatSliceResult for testing (#​3393)
• DOC-5078 vector set examples (#​3394)

Contributors

We'd like to thank all the contributors who worked on this release!

@​AndBobsYourUncle, @​andy-stark-redis, @​fukua95 and @​ndyakov

golang/go (go)

v1.25.0

v1.24.6

v1.24.5

v1.24.4

kubernetes-sigs/yaml (sigs.k8s.io/yaml)

v1.6.0

Compare Source

What's Changed

• Add "kyaml" support and yamlfmt by @​thockin in https://github.com/kubernetes-sigs/yaml/pull/132

v1.5.0

Compare Source

• Bugfix: Handle unhashable keys during merge (https://github.com/kubernetes-sigs/yaml/pull/122)
• Improvement: wrap errors returned by JSON unmarshal (https://github.com/kubernetes-sigs/yaml/pull/106)
• Deprecation: Deprecate code in goyaml.v2 and goyaml.v3 directories, and redirect to equivalents in go.yaml.in/yaml/v2 and go.yaml.in/yaml/v3 (https://github.com/kubernetes-sigs/yaml/pull/133)

Full Changelog: kubernetes-sigs/yaml@v1.4.0...v1.5.0

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[renovate]

ℹ Artifact update notice

File name: go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

• 13 additional dependencies were updated

Details:

Package	Change
k8s.io/api	v0.33.1 -> v0.33.2
k8s.io/apiextensions-apiserver	v0.33.1 -> v0.33.2
k8s.io/apimachinery	v0.33.1 -> v0.33.2
k8s.io/client-go	v0.33.1 -> v0.33.2
k8s.io/code-generator	v0.33.1 -> v0.33.2
golang.org/x/crypto	v0.38.0 -> v0.41.0
golang.org/x/net	v0.40.0 -> v0.43.0
golang.org/x/sync	v0.14.0 -> v0.16.0
golang.org/x/sys	v0.33.0 -> v0.35.0
golang.org/x/term	v0.32.0 -> v0.34.0
golang.org/x/text	v0.25.0 -> v0.28.0
golang.org/x/tools	v0.32.0 -> v0.36.0
k8s.io/utils	v0.0.0-20250502105355-0f33e8f1c979 -> v0.0.0-20250604170112-4c0f3b243397