build(deps): bump the go-dependencies group across 1 directory with 28 updates

[dependabot]

Bumps the go-dependencies group with 20 updates in the / directory:

Package	From	To
github.com/Azure/secrets-store-csi-driver-provider-azure	1.7.2	1.8.1
github.com/Masterminds/semver/v3	3.4.0	3.5.0
github.com/aws/aws-sdk-go-v2	1.41.6	1.41.7
github.com/aws/aws-sdk-go-v2/config	1.32.16	1.32.17
github.com/aws/aws-sdk-go-v2/service/cloudcontrol	1.29.14	1.29.15
github.com/aws/aws-sdk-go-v2/service/cloudformation	1.71.10	1.71.11
github.com/aws/aws-sdk-go-v2/service/ec2	1.299.0	1.300.0
github.com/aws/aws-sdk-go-v2/service/ecr	1.57.1	1.57.2
github.com/getkin/kin-openapi	0.135.0	0.137.0
github.com/go-git/go-git/v5	5.18.0	5.19.0
github.com/go-openapi/runtime	0.29.4	0.29.5
github.com/hashicorp/hc-install	0.9.4	0.9.5
github.com/hashicorp/terraform-exec	0.25.1	0.25.2
github.com/mattn/go-isatty	0.0.21	0.0.22
github.com/stern/stern	1.33.1	1.34.0
go.uber.org/zap	1.27.1	1.28.0
k8s.io/apiextensions-apiserver	0.35.4	0.36.0
k8s.io/kubectl	0.35.4	0.36.0
sigs.k8s.io/controller-runtime	0.23.3	0.24.0
sigs.k8s.io/secrets-store-csi-driver	1.5.6	1.6.0

Updates github.com/Azure/secrets-store-csi-driver-provider-azure from 1.7.2 to 1.8.1

Release notes

Sourced from github.com/Azure/secrets-store-csi-driver-provider-azure's releases.

v1.8.1 - 2026-04-28

Changelog

Bug Fixes 🐞

• fix: validate pod context and secure socket perm with umask by @​aramase in Azure/secrets-store-csi-driver-provider-azure#1981
• fix: only set managed identity client ID when non-empty by @​aramase in Azure/secrets-store-csi-driver-provider-azure#2022
• fix: set ErrorStream and InfoStream for JSON logger to avoid nil panic by @​aramase in Azure/secrets-store-csi-driver-provider-azure#2024

Code Refactoring 💎

• refactor: update outdated k8s deps and linter by @​stlaz in Azure/secrets-store-csi-driver-provider-azure#1962

Continuous Integration 💜

• ci: use ubuntu-latest for gh workflows by @​aramase in Azure/secrets-store-csi-driver-provider-azure#1818
• ci: remove unused labels from dependabot config by @​aramase in Azure/secrets-store-csi-driver-provider-azure#2013

Documentation 📘

• docs: Fix undefined SERVICE_ACCOUNT_ISSUER variable in workload identity documentation by @​Copilot in Azure/secrets-store-csi-driver-provider-azure#1901
• docs: fix broken links by @​JoeyC-Dev in Azure/secrets-store-csi-driver-provider-azure#1967
• docs: add identity binding documentation by @​aramase in Azure/secrets-store-csi-driver-provider-azure#2016

Features 🌈

• feat: identity binding support by @​aramase in Azure/secrets-store-csi-driver-provider-azure#1984

Maintenance 🔧

• chore: bump golang.org/x/oauth2 from 0.11.0 to 0.27.0 in /test/e2e by @​dependabot[bot] in Azure/secrets-store-csi-driver-provider-azure#1871
• chore: update to go 1.24.5 by @​aramase in Azure/secrets-store-csi-driver-provider-azure#1879
• chore: use v2 images for node-driver-registrar and livenessprobe by @​aramase in Azure/secrets-store-csi-driver-provider-azure#1922
• chore: update to go 1.24.6 by @​SamCHogg in Azure/secrets-store-csi-driver-provider-azure#1921
• chore: update to go 1.24.7 by @​aramase in Azure/secrets-store-csi-driver-provider-azure#1934
• chore: update to go 1.24.9 by @​aramase in Azure/secrets-store-csi-driver-provider-azure#1939
• chore: bump golang.org/x/crypto from 0.43.0 to 0.45.0 by @​dependabot[bot] in Azure/secrets-store-csi-driver-provider-azure#1948
• chore: update to go 1.25.7 and otel/sdk to v1.40.0 by @​aramase in Azure/secrets-store-csi-driver-provider-azure#1988
• chore: update to go 1.25.8, grpc v1.79.3 and fix workflow action comments by @​aramase in Azure/secrets-store-csi-driver-provider-azure#2008
• chore: update to go 1.25.9 and otel/sdk v1.43.0 by @​aramase in Azure/secrets-store-csi-driver-provider-azure#2014

Commits

• c07d0d6 release: update manifest and helm charts for v1.8.1 (#2027)
• 7dc89ab fix: set ErrorStream and InfoStream for JSON logger to avoid (#2024)
• 94750e0 fix: only set managed identity client ID when non-empty (#2022)
• 8a59ecd release: update manifest and helm charts for v1.8.0 (#2019)
• 87c87fa chore: update to go 1.25.9 and otel/sdk v1.43.0 (#2014)
• e007db9 ci: remove unused labels from dependabot config (#2013)
• ef3d4c2 feat: identity binding support (#1984)
• 2f419ea chore: update to go 1.25.8, grpc v1.79.3 and fix workflow action comments (#2...
• 3f2347e chore: update to go 1.25.7 and otel/sdk to v1.40.0 (#1988)
• 694b16c fix: validate pod context and secure socket perm with umask (#1981)
• Additional commits viewable in compare view

Updates github.com/Masterminds/semver/v3 from 3.4.0 to 3.5.0

Release notes

Sourced from github.com/Masterminds/semver/v3's releases.

v3.5.0

What's Changed

• Adding more prerelease tests by @​mattfarina in Masterminds/semver#273
• Update constraint error messages by @​mattfarina in Masterminds/semver#278
• Fix edge cases by @​mattfarina in Masterminds/semver#279
• Adding some checks in by @​mattfarina in Masterminds/semver#280
• Updating deps by @​mattfarina in Masterminds/semver#281
• Bump github/codeql-action from 4.35.1 to 4.35.2 by @​dependabot[bot] in Masterminds/semver#282
• Bump actions/cache from 4.2.3 to 5.0.5 by @​dependabot[bot] in Masterminds/semver#283
• Bump golangci/golangci-lint-action from 7.0.1 to 9.2.0 by @​dependabot[bot] in Masterminds/semver#284
• Updating gitignore for devcontainers by @​mattfarina in Masterminds/semver#286
• Fixing some quality issues by @​mattfarina in Masterminds/semver#287

New Contributors

• @​dependabot[bot] made their first contribution in Masterminds/semver#282

Full Changelog: Masterminds/semver@v3.4.0...v3.5.0

Changelog

Sourced from github.com/Masterminds/semver/v3's changelog.

Changelog

Commits

• 8b89c86 Merge pull request #287 from mattfarina/fix-da-issues
• 29d51d0 Fixing some quality issues
• 87f651d Merge pull request #286 from mattfarina/update-devcontainer
• 158a685 Updating gitignore for devcontainers
• 7e83c08 Merge pull request #284 from Masterminds/dependabot/github_actions/golangci/g...
• 697e27f Merge pull request #283 from Masterminds/dependabot/github_actions/actions/ca...
• 1591f8e Merge pull request #282 from Masterminds/dependabot/github_actions/github/cod...
• 3f5ff17 Bump golangci/golangci-lint-action from 7.0.1 to 9.2.0
• 04baa33 Bump actions/cache from 4.2.3 to 5.0.5
• 45939fe Bump github/codeql-action from 4.35.1 to 4.35.2
• Additional commits viewable in compare view

Updates github.com/aws/aws-sdk-go-v2 from 1.41.6 to 1.41.7

Commits

• 2223642 Release 2026-04-29
• 04c7e46 Regenerated Clients
• 5f56925 Update endpoints model
• aac6d2b Update API model
• bdaead7 upgrade to smithy-go v1.25.1 (#3399)
• 008e12c Release 2026-04-27
• ef109d9 Regenerated Clients
• 6411e63 Update API model
• e5bf970 Release 2026-04-24
• bdbb88c Regenerated Clients
• Additional commits viewable in compare view

Updates github.com/aws/aws-sdk-go-v2/config from 1.32.16 to 1.32.17

Commits

• 2223642 Release 2026-04-29
• 04c7e46 Regenerated Clients
• 5f56925 Update endpoints model
• aac6d2b Update API model
• bdaead7 upgrade to smithy-go v1.25.1 (#3399)
• 008e12c Release 2026-04-27
• ef109d9 Regenerated Clients
• 6411e63 Update API model
• e5bf970 Release 2026-04-24
• bdbb88c Regenerated Clients
• Additional commits viewable in compare view

Updates github.com/aws/aws-sdk-go-v2/credentials from 1.19.15 to 1.19.16

Commits

• 2223642 Release 2026-04-29
• 04c7e46 Regenerated Clients
• 5f56925 Update endpoints model
• aac6d2b Update API model
• bdaead7 upgrade to smithy-go v1.25.1 (#3399)
• 008e12c Release 2026-04-27
• ef109d9 Regenerated Clients
• 6411e63 Update API model
• e5bf970 Release 2026-04-24
• bdbb88c Regenerated Clients
• Additional commits viewable in compare view

Updates github.com/aws/aws-sdk-go-v2/service/cloudcontrol from 1.29.14 to 1.29.15

Commits

• 4344501 Release 2025-06-06
• 20a068e Regenerated Clients
• d8fdf86 Update endpoints model
• 73f0a46 Update API model
• 8238069 Release 2025-06-05
• 80bbf28 Regenerated Clients
• a209c7a Update endpoints model
• f882ffa Update API model
• 6d549a5 add sep-based query-compatible tests for both jsonrpc10 and rpcv2cbor (#3106)
• f82629c Release 2025-06-04
• Additional commits viewable in compare view

Updates github.com/aws/aws-sdk-go-v2/service/cloudformation from 1.71.10 to 1.71.11

Commits

• 2223642 Release 2026-04-29
• 04c7e46 Regenerated Clients
• 5f56925 Update endpoints model
• aac6d2b Update API model
• bdaead7 upgrade to smithy-go v1.25.1 (#3399)
• 008e12c Release 2026-04-27
• ef109d9 Regenerated Clients
• 6411e63 Update API model
• e5bf970 Release 2026-04-24
• bdbb88c Regenerated Clients
• Additional commits viewable in compare view

Updates github.com/aws/aws-sdk-go-v2/service/ec2 from 1.299.0 to 1.300.0

Commits

• dc2d13f Release 2026-05-04
• da4bcff Regenerated Clients
• a8b1180 Update API model
• a707805 Release 2026-05-01
• 657bacf Regenerated Clients
• 29b6d37 Update endpoints model
• 2328c41 Update API model
• 83b34ea Release 2026-04-30
• f6eecf0 Regenerated Clients
• 3cca141 Update endpoints model
• Additional commits viewable in compare view

Updates github.com/aws/aws-sdk-go-v2/service/ecr from 1.57.1 to 1.57.2

Commits

• 9bd153c Release 2025-03-04.2
• b967446 Regenerated Clients
• 188c52a Update endpoints model
• defaf5c Update API model
• 8f2dd23 add test that verifies SRA order of operations (#3025)
• 3d547b0 Release 2025-03-04
• 554a149 Regenerated Clients
• 3abb221 Update endpoints model
• 95ae39d Update API model
• c62ec38 create kitchen sink test service (#3023)
• Additional commits viewable in compare view

Updates github.com/aws/aws-sdk-go-v2/service/sts from 1.42.0 to 1.42.1

Commits

• 5aa6e2b Release 2023-11-09
• 7dbcd52 Regenerated Clients
• 9b17844 Update API model
• efa5486 Allowlist bucket owner header (#2358)
• 5118d3b Release 2023-11-08
• f3c195f Regenerated Clients
• f24b6a0 Update endpoints model
• f5a0876 Update API model
• 3674c38 Release 2023-11-07
• b856b28 Regenerated Clients
• Additional commits viewable in compare view

Updates github.com/getkin/kin-openapi from 0.135.0 to 0.137.0

Release notes

Sourced from github.com/getkin/kin-openapi's releases.

v0.137.0

What's Changed

• revert to go 1.25 and revert cc4f8d99 by @​fenollp in getkin/kin-openapi#1161

Full Changelog: getkin/kin-openapi@v0.136.0...v0.137.0

v0.136.0

What's Changed

• openapi3: stop injecting contentless default in NewResponses() by @​0-don in getkin/kin-openapi#1148
• openapi3: standardize Origin json tag to "-" across all types by @​reuvenharrison in getkin/kin-openapi#1149
• Update usage message in cmd/validate by @​fenollp in getkin/kin-openapi#1150
• openapi3: fix determinism when handling discriminator mappings by @​fenollp in getkin/kin-openapi#1151
• feat: bump Go to 1.26 by @​fenollp in getkin/kin-openapi#1152
• openapi3: use componentNames for deterministic visitings by @​fenollp in getkin/kin-openapi#1153
• feat: add OpenAPI 3.1 support by @​reuvenharrison in getkin/kin-openapi#1125
• openapi3: add JoinFunc for custom $ref path resolution by @​reuvenharrison in getkin/kin-openapi#1154
• Add many many tests from ApisGuruOpenapiDirectory by @​fenollp in getkin/kin-openapi#1155
• openapi3: remove map-iteration order leaks causing flaky tests by @​cloudnativeninja in getkin/kin-openapi#1158
• openapi2conv: nil-guard components lookup in FromV3SchemaRef by @​SAY-5 in getkin/kin-openapi#1156
• Address various lint errors by @​fenollp in getkin/kin-openapi#1157

New Contributors

• @​0-don made their first contribution in getkin/kin-openapi#1148
• @​cloudnativeninja made their first contribution in getkin/kin-openapi#1158
• @​SAY-5 made their first contribution in getkin/kin-openapi#1156

Full Changelog: getkin/kin-openapi@v0.135.0...v0.136.0

Commits

• b641244 revert to go 1.25 and revert cc4f8d99
• ff4bce7 fix and upgrade goimports-reviser
• 028df2a refacto(tests): use t.Context instead of context.Background
• cc4f8d9 refacto: replace openapi3.*Ptr(..) funcs with new(..)
• df95b87 address various lint errors
• 3556929 openapi2conv: nil-guard components lookup in FromV3SchemaRef (#1156)
• 5a0a337 openapi3: remove map-iteration order leaks causing flaky tests (#1158)
• 3489553 openapi3: skip v3.1 load/validation flaky tests
• 3aa08cd openapi3: record v3.1 load/validation test failures
• 3179775 openapi3: enable testing for 3.1 documents
• Additional commits viewable in compare view

Updates github.com/go-git/go-git/v5 from 5.18.0 to 5.19.0

Release notes

Sourced from github.com/go-git/go-git/v5's releases.

v5.19.0

What's Changed

• build: Update module github.com/go-git/go-git/v5 to v5.18.0 [SECURITY] (releases/v5.x) by @​go-git-renovate[bot] in go-git/go-git#2010
• v5: Bump sha1cd and go-billy by @​pjbgf in go-git/go-git#2060
• v5: Align object encoding with upstream by @​pjbgf in go-git/go-git#2065

Full Changelog: go-git/go-git@v5.18.0...v5.19.0

Commits

• bc930f4 Merge pull request #2065 from go-git/commit-v5
• d315264 plumbing: object, Reset object before decode
• 6e1d348 plumbing: object, Align Tree handling with upstream
• e134ba3 tests: Skip double checks in Git v2.11
• 1971422 tests: Add git conformance tests for signing verification
• a387aa8 plumbing: object, Add ErrMalformedTag
• f415670 plumbing: object, Decode Tag headers via a state machine
• 5b0cd38 plumbing: object, Reject multi-signature commits at Verify
• fe8ed62 plumbing: object, Align Tag.EncodeWithoutSignature with Commit
• 98e337d plumbing: object, Add support for Tag.SignatureSHA256
• Additional commits viewable in compare view

Updates github.com/go-openapi/runtime from 0.29.4 to 0.29.5

Release notes

Sourced from github.com/go-openapi/runtime's releases.

v0.29.5

0.29.5 - 2026-05-04

Full Changelog: go-openapi/runtime@v0.29.4...v0.29.5

10 commits in this release.

---

Implemented enhancements

• feat(client): prefer multipart and support url-encoded file uploads by @​fredbi in #428 ...

Fixed bugs

• fix(statuses): align http status text with current standard by @​fredbi in #427 ...
• fix(validation): match content-type with MIME parameters by @​fredbi in #426 ...
• fix(auth): detect nil interface vs nil interface by @​fredbi in #425 ...
• fix: handle literal colons in URL paths for denco router by @​KuaaMU in #422 ...

Documentation

• doc: aligned docs with org-level docs by @​fredbi in #424 ...
• doc: updated contributors file by @​bot-go-openapi[bot] in #423 ...
• doc: updated contributors file by @​bot-go-openapi[bot] in #420 ...

Miscellaneous tasks

• chore: prepare release v0.29.5 by @​bot-go-openapi[bot] in #429 ...

Updates

• build(deps): bump the go-openapi-dependencies group across 2 directories with 3 updates by @​dependabot[bot] in #421 ...

---

People who contributed to this release

• @​KuaaMU
• @​fredbi

---

New Contributors

• @​KuaaMU made their first contribution in #422

... (truncated)

Commits

• 316127b chore: prepare release v0.29.5
• d7fb83c feat(client): prefer multipart and support url-encoded file uploads (#428)
• 1114423 fix(statuses): align http status text with current standard (#427)
• c69b34d fix(validation): match content-type with MIME parameters (#426)
• dd5f9c7 fix(auth): detect nil interface vs nil interface (#425)
• 8b594b4 doc: aligned docs with org-level docs (#424)
• 32bf6a0 doc: updated contributors file
• 8fe7420 fix: handle literal colons in URL paths for denco router (#422)
• 5b8c120 build(deps): bump the go-openapi-dependencies group across 2 directories with...
• 57116dd doc: updated contributors file
• See full diff in compare view

Updates github.com/go-openapi/strfmt from 0.26.1 to 0.26.2

Release notes

Sourced from github.com/go-openapi/strfmt's releases.

v0.26.2

0.26.2 - 2026-04-29

Full Changelog: go-openapi/strfmt@v0.26.1...v0.26.2

13 commits in this release.

---

Documentation

• doc: aligned docs with org-wide documentation. by @​fredbi in #247 ...
• doc: updated contributors file by @​bot-go-openapi[bot] in #239 ...
• doc: add portable agentic instructions by @​fredbi in #236 ...
• doc: added portable agentic instructions by @​fredbi in #235 ...

Performance

• perf(duration): faster and stricter ParseDuration. by @​fredbi in #246 ...

Miscellaneous tasks

• chore: prepare release v0.26.2 by @​bot-go-openapi[bot] in #248 ...
• chore: bump go directive to 1.25.0 by @​fredbi in #237 ...

Updates

• build(deps): bump the other-dependencies group across 2 directories with 2 updates by @​dependabot[bot] in #245 ...
• build(deps): bump the development-dependencies group with 8 updates by @​dependabot[bot] in #242 ...
• build(deps): bump golang.org/x/net from 0.52.0 to 0.53.0 in the golang-org-dependencies group across 1 directory by @​dependabot[bot] in #241 ...
• build(deps): bump github.com/jackc/pgx/v5 from 5.8.0 to 5.9.1 in /internal/testintegration in the other-dependencies group across 1 directory by @​dependabot[bot] in #240 ...
• build(deps): bump the go-openapi-dependencies group across 2 directories with 1 update by @​dependabot[bot] in #238 ...
• build(deps): bump golang.org/x/net from 0.50.0 to 0.52.0 in the golang-org-dependencies group across 1 directory by @​dependabot[bot] in #228 ...

---

People who contributed to this release

• @​fredbi

---

strfmt license terms

[![License][license-badge]][license-url]

... (truncated)

Commits

• fb29dd2 chore: prepare release v0.26.2
• c8c1e4e doc: aligned docs with org-wide documentation. (#247)
• ebb2f2f perf(duration): faster and stricter ParseDuration. (#246)
• c09c1cd build(deps): bump the other-dependencies group across 2 directories with 2 up...
• 1dfdf84 build(deps): bump the development-dependencies group with 8 updates
• 290bce4 build(deps): bump golang.org/x/net
• 49afd07 build(deps): bump github.com/jackc/pgx/v5 (#240)
• b04e233 doc: updated contributors file
• 9cdd252 build(deps): bump the go-openapi-dependencies group across 2 directories with...
• 5b911b6 build(deps): bump golang.org/x/net
• Additional commits viewable in compare view

Updates github.com/hashicorp/hc-install from 0.9.4 to 0.9.5

Release notes

Sourced from github.com/hashicorp/hc-install's releases.

v0.9.5

• go.mod: Lower compatibility constraint from 1.25.8 to 1.25.0 (#376)

Commits

• 2f46abf Prepare for 0.9.5 release (#377)
• 7878183 go.mod: Keep compatibility constraint separate from build (#376)
• d5841a3 version: cleanup after 0.9.4 release (#374)
• See full diff in compare view

Updates github.com/hashicorp/terraform-exec from 0.25.1 to 0.25.2

Release notes

Sourced from github.com/hashicorp/terraform-exec's releases.

v0.25.2

NOTES:

• go.mod: Lower compatibility constraint from 1.25.8 to 1.25.0 (#581)

DEPENDENCIES:

• build(deps): bump github.com/hashicorp/hc-install from 0.9.4 to 0.9.5 (#585)

Changelog

Sourced from github.com/hashicorp/terraform-exec's changelog.

0.25.2 (April 29, 2026)

NOTES:

• go.mod: Lower compatibility constraint from 1.25.8 to 1.25.0 (#581)

DEPENDENCIES:

• build(deps): bump github.com/hashicorp/hc-install from 0.9.4 to 0.9.5 (#585)

Commits

• 56a0d8b v0.25.2 [skip ci]
• 94a3afe Update Changelog in preparation for 0.25.2 (#586)
• ac26db5 go.mod: Keep compatibility constraint separate from build (#581)
• e856bad build(deps): bump github.com/hashicorp/hc-install from 0.9.4 to 0.9.5 (#585)
• See full diff in compare view

Updates github.com/mattn/go-isatty from 0.0.21 to 0.0.22

Commits

• 9a68506 Fix isCygwinPipeName to accept Windows 7 trailing suffix (#90)
• See full diff in compare view

Updates github.com/stern/stern from 1.33.1 to 1.34.0

Release notes

Sourced from github.com/stern/stern's releases.

v1.34.0

⚡ Notable Changes

New --qps and --burst flags for client-side throttling

You can now control the rate of requests to the Kubernetes API server with --qps and --burst flags. This is useful when you are tailing many pods and want to avoid overwhelming the API server.

stern . --qps 10 --burst 20

Changes

• Add --qps and --burst flags to control client-side throttling (#363) 7e59e4e (Abhishek Pareek)
• fix: honor klog -stderrthreshold even when -logtostderr is true (#364) 8e4ece3 (Pierluigi Lenoci)
• Update dependencies for Kubernetes 1.36 (#365) 6761a78 (Takashi Kusumi)

Changelog

Sourced from github.com/stern/stern's changelog.

v1.34.0

⚡ Notable Changes

New --qps and --burst flags for client-side throttling

You can now control the rate of requests to the Kubernetes API server with --qps and --burst flags. This is useful when you are tailing many pods and want to avoid overwhelming the API server.

stern . --qps 10 --burst 20

Changes

• Add --qps and --burst flags to control client-side throttling (#363) 7e59e4e (Abhishek Pareek)
• fix: honor klog -stderrthreshold even when -logtostderr is true (#364) 8e4ece3 (Pierluigi Lenoci)
• Update dependencies for Kubernetes 1.36 (#365) 6761a78 (Takashi Kusumi)

Commits

• b6f1226 Update CHANGELOG for v1.34.0 (#366)
• 6761a78 Update dependencies for Kubernetes 1.36 (#365)
• 8e4ece3 fix: honor klog -stderrthreshold even when -logtostderr is true (#364)
• 7e59e4e Add --qps and --burst flags to contorl client-side throttling (#363)
• See full diff in compare view

Updates go.uber.org/zap from 1.27.1 to 1.28.0

Release notes

Sourced from go.uber.org/zap's releases.

v1.28.0

Enhancements:

• #1534[]: Add zapcore.CheckPreWriteHook and CheckedEntry.Before method for transforming entries before they are written to any Cores.

#1534: uber-go/zap#1534

Changelog

Sourced from

[github-actions]

Dependency Review

The following issues were found:

• ✅ 0 vulnerable package(s)
• ✅ 0 package(s) with incompatible licenses
• ✅ 0 package(s) with invalid SPDX license definitions
• ⚠️ 37 package(s) with unknown licenses.
• ⚠️ 1 packages with OpenSSF Scorecard issues.

See the Details below.

License Issues

go.mod

Package	Version	License	Issue Type
github.com/Azure/secrets-store-csi-driver-provider-azure	1.8.1	Null	Unknown License
github.com/Masterminds/semver/v3	3.5.0	Null	Unknown License
github.com/aws/aws-sdk-go-v2	1.41.7	Null	Unknown License
github.com/aws/aws-sdk-go-v2/config	1.32.17	Null	Unknown License
github.com/aws/aws-sdk-go-v2/credentials	1.19.16	Null	Unknown License
github.com/aws/aws-sdk-go-v2/feature/ec2/imds	1.18.23	Null	Unknown License
github.com/aws/aws-sdk-go-v2/internal/configsources	1.4.23	Null	Unknown License
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2	2.7.23	Null	Unknown License
github.com/aws/aws-sdk-go-v2/service/cloudformation	1.71.11	Null	Unknown License
github.com/aws/aws-sdk-go-v2/service/ec2	1.300.0	Null	Unknown License
github.com/aws/aws-sdk-go-v2/service/ecr	1.57.2	Null	Unknown License
github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding	1.13.9	Null	Unknown License
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url	1.13.23	Null	Unknown License
github.com/aws/aws-sdk-go-v2/service/sso	1.30.17	Null	Unknown License
github.com/aws/aws-sdk-go-v2/service/ssooidc	1.35.21	Null	Unknown License
github.com/aws/aws-sdk-go-v2/service/sts	1.42.1	Null	Unknown License
github.com/fxamacker/cbor/v2	2.9.1	Null	Unknown License
github.com/getkin/kin-openapi	0.137.0	Null	Unknown License
github.com/go-git/go-git/v5	5.19.0	Null	Unknown License
github.com/go-openapi/swag	0.26.0	Null	Unknown License
github.com/klauspost/cpuid/v2	2.3.0	Null	Unknown License
github.com/mattn/go-isatty	0.0.22	Null	Unknown License
github.com/stern/stern	1.34.0	Null	Unknown License
golang.org/x/exp	0.0.0-20260410095643-746e56fc9e2f	Null	Unknown License
google.golang.org/protobuf	1.36.12-0.20260120151049-f2248ac996af	Null	Unknown License
k8s.io/api	0.36.0	Null	Unknown License
k8s.io/apiextensions-apiserver	0.36.0	Null	Unknown License
k8s.io/apimachinery	0.36.0	Null	Unknown License
k8s.io/apiserver	0.36.0	Null	Unknown License
k8s.io/client-go	0.36.0	Null	Unknown License
k8s.io/component-base	0.36.0	Null	Unknown License
k8s.io/klog/v2	2.140.0	Null	Unknown License
k8s.io/kube-openapi	0.0.0-20260502001324-b7f5293f4787	Null	Unknown License
k8s.io/kubectl	0.36.0	Null	Unknown License
sigs.k8s.io/controller-runtime	0.24.0	Null	Unknown License
sigs.k8s.io/kustomize/kyaml	0.21.1	Null	Unknown License
github.com/oasdiff/yaml3	0.0.12	Null	Unknown License

OpenSSF Scorecard

Scorecard details

Package	Version	Score	Details
gomod/github.com/Azure/azure-sdk-for-go/sdk/azidentity	1.14.0-beta.2.0.20260124023332-4c5175309ebb	🟢 7.3	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 12 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 10 all changesets reviewed CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy 🟢 10 security policy file detected License 🟢 10 license file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Token-Permissions 🟢 9 detected GitHub workflow tokens with excessive permissions Branch-Protection 🟢 5 branch protection is not maximal on development and all release branches Signed-Releases ⚠️ -1 no releases found Fuzzing ⚠️ 0 project is not fuzzed Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies 🟢 5 dependency not pinned by hash detected -- score normalized to 5 SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
gomod/github.com/Azure/secrets-store-csi-driver-provider-azure	1.8.1	Unknown	Unknown
gomod/github.com/Masterminds/semver/v3	3.5.0	Unknown	Unknown
gomod/github.com/aws/aws-sdk-go-v2	1.41.7	Unknown	Unknown
gomod/github.com/aws/aws-sdk-go-v2/config	1.32.17	Unknown	Unknown
gomod/github.com/aws/aws-sdk-go-v2/credentials	1.19.16	Unknown	Unknown
gomod/github.com/aws/aws-sdk-go-v2/feature/ec2/imds	1.18.23	Unknown	Unknown
gomod/github.com/aws/aws-sdk-go-v2/internal/configsources	1.4.23	Unknown	Unknown
gomod/github.com/aws/aws-sdk-go-v2/internal/endpoints/v2	2.7.23	Unknown	Unknown
gomod/github.com/aws/aws-sdk-go-v2/internal/v4a	1.4.24	🟢 6.4	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 5 issue activity found in the last 90 days -- score normalized to 10 Code-Review ⚠️ 1 Found 3/30 approved changesets -- score normalized to 1 Packaging ⚠️ -1 packaging workflow not detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Token-Permissions 🟢 9 detected GitHub workflow tokens with excessive permissions Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected License 🟢 10 license file detected Branch-Protection 🟢 6 branch protection is not maximal on development and all release branches Signed-Releases ⚠️ -1 no releases found Security-Policy 🟢 10 security policy file detected Fuzzing ⚠️ 0 project is not fuzzed SAST 🟢 6 SAST tool is not run on all commits -- score normalized to 6 Binary-Artifacts 🟢 9 binaries present in source code Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0
gomod/github.com/aws/aws-sdk-go-v2/service/cloudcontrol	1.29.15	🟢 6.4	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 5 issue activity found in the last 90 days -- score normalized to 10 Code-Review ⚠️ 1 Found 3/30 approved changesets -- score normalized to 1 Packaging ⚠️ -1 packaging workflow not detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Token-Permissions 🟢 9 detected GitHub workflow tokens with excessive permissions Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected License 🟢 10 license file detected Branch-Protection 🟢 6 branch protection is not maximal on development and all release branches Signed-Releases ⚠️ -1 no releases found Security-Policy 🟢 10 security policy file detected Fuzzing ⚠️ 0 project is not fuzzed SAST 🟢 6 SAST tool is not run on all commits -- score normalized to 6 Binary-Artifacts 🟢 9 binaries present in source code Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0
gomod/github.com/aws/aws-sdk-go-v2/service/cloudformation	1.71.11	Unknown	Unknown
gomod/github.com/aws/aws-sdk-go-v2/service/ec2	1.300.0	Unknown	Unknown
gomod/github.com/aws/aws-sdk-go-v2/service/ecr	1.57.2	Unknown	Unknown
gomod/github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding	1.13.9	Unknown	Unknown
gomod/github.com/aws/aws-sdk-go-v2/service/internal/presigned-url	1.13.23	Unknown	Unknown
gomod/github.com/aws/aws-sdk-go-v2/service/signin	1.0.11	🟢 6.4	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 5 issue activity found in the last 90 days -- score normalized to 10 Code-Review ⚠️ 1 Found 3/30 approved changesets -- score normalized to 1 Packaging ⚠️ -1 packaging workflow not detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Token-Permissions 🟢 9 detected GitHub workflow tokens with excessive permissions Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected License 🟢 10 license file detected Branch-Protection 🟢 6 branch protection is not maximal on development and all release branches Signed-Releases ⚠️ -1 no releases found Security-Policy 🟢 10 security policy file detected Fuzzing ⚠️ 0 project is not fuzzed SAST 🟢 6 SAST tool is not run on all commits -- score normalized to 6 Binary-Artifacts 🟢 9 binaries present in source code Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0
gomod/github.com/aws/aws-sdk-go-v2/service/sso	1.30.17	Unknown	Unknown
gomod/github.com/aws/aws-sdk-go-v2/service/ssooidc	1.35.21	Unknown	Unknown
gomod/github.com/aws/aws-sdk-go-v2/service/sts	1.42.1	Unknown	Unknown
gomod/github.com/fxamacker/cbor/v2	2.9.1	Unknown	Unknown
gomod/github.com/getkin/kin-openapi	0.137.0	Unknown	Unknown
gomod/github.com/go-git/go-billy/v5	5.9.0	🟢 8.6	Details Check Score Reason Code-Review 🟢 5 Found 2/4 approved changesets -- score normalized to 5 Packaging ⚠️ -1 packaging workflow not detected Binary-Artifacts 🟢 10 no binaries found in the repo Dependency-Update-Tool 🟢 10 update tool detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Maintained 🟢 10 30 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10 Pinned-Dependencies 🟢 10 all dependencies are pinned CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Signed-Releases ⚠️ -1 no releases found Fuzzing ⚠️ 0 project is not fuzzed Security-Policy 🟢 10 security policy file detected Branch-Protection 🟢 8 branch protection is not maximal on development and all release branches SAST 🟢 10 SAST tool is run on all commits CI-Tests 🟢 10 7 out of 7 merged PRs checked by a CI test -- score normalized to 10 Contributors 🟢 10 project has 26 contributing companies or organizations
gomod/github.com/go-git/go-git/v5	5.19.0	Unknown	Unknown
gomod/github.com/go-openapi/runtime	0.29.5	🟢 7.5	Details Check Score Reason Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Security-Policy 🟢 10 security policy file detected Packaging ⚠️ -1 packaging workflow not detected Maintained 🟢 10 30 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10 Code-Review ⚠️ 0 Found 1/13 approved changesets -- score normalized to 0 Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Pinned-Dependencies 🟢 10 all dependencies are pinned CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md SAST 🟢 7 SAST tool is not run on all commits -- score normalized to 7
gomod/github.com/go-openapi/strfmt	0.26.2	🟢 7.5	Details Check Score Reason Packaging ⚠️ -1 packaging workflow not detected Code-Review ⚠️ 0 Found 0/14 approved changesets -- score normalized to 0 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Maintained 🟢 10 30 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10 Security-Policy 🟢 10 security policy file detected Pinned-Dependencies 🟢 9 dependency not pinned by hash detected -- score normalized to 9 Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md SAST 🟢 8 SAST tool is not run on all commits -- score normalized to 8
gomod/github.com/go-openapi/swag	0.26.0	Unknown	Unknown
gomod/github.com/go-openapi/swag/cmdutils	0.26.0	🟢 8.3	Details Check Score Reason Packaging ⚠️ -1 packaging workflow not detected Code-Review ⚠️ 0 Found 0/12 approved changesets -- score normalized to 0 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Maintained 🟢 10 26 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10 Security-Policy 🟢 10 security policy file detected Binary-Artifacts 🟢 10 no binaries found in the repo CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Pinned-Dependencies 🟢 10 all dependencies are pinned Fuzzing 🟢 10 project is fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md SAST 🟢 8 SAST tool is not run on all commits -- score normalized to 8
gomod/github.com/go-openapi/swag/mangling	0.26.0	🟢 8.3	Details Check Score Reason Packaging ⚠️ -1 packaging workflow not detected Code-Review ⚠️ 0 Found 0/12 approved changesets -- score normalized to 0 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Maintained 🟢 10 26 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10 Security-Policy 🟢 10 security policy file detected Binary-Artifacts 🟢 10 no binaries found in the repo CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Pinned-Dependencies 🟢 10 all dependencies are pinned Fuzzing 🟢 10 project is fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md SAST 🟢 8 SAST tool is not run on all commits -- score normalized to 8
gomod/github.com/go-openapi/swag/netutils	0.26.0	🟢 8.3	Details Check Score Reason Packaging ⚠️ -1 packaging workflow not detected Code-Review ⚠️ 0 Found 0/12 approved changesets -- score normalized to 0 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Maintained 🟢 10 26 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10 Security-Policy 🟢 10 security policy file detected Binary-Artifacts 🟢 10 no binaries found in the repo CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Pinned-Dependencies 🟢 10 all dependencies are pinned Fuzzing 🟢 10 project is fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md SAST 🟢 8 SAST tool is not run on all commits -- score normalized to 8
gomod/github.com/hashicorp/hc-install	0.9.5	🟢 6.7	Details Check Score Reason Code-Review 🟢 10 all changesets reviewed Packaging ⚠️ -1 packaging workflow not detected Maintained 🟢 10 30 commit(s) and 4 issue activity found in the last 90 days -- score normalized to 10 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies 🟢 10 all dependencies are pinned Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Security-Policy 🟢 10 security policy file detected Branch-Protection 🟢 5 branch protection is not maximal on development and all release branches SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
gomod/github.com/hashicorp/terraform-exec	0.25.2	🟢 6.2	Details Check Score Reason Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Code-Review 🟢 8 Found 12/15 approved changesets -- score normalized to 8 Maintained 🟢 10 20 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10 Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies 🟢 6 dependency not pinned by hash detected -- score normalized to 6 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Security-Policy 🟢 10 security policy file detected Branch-Protection 🟢 5 branch protection is not maximal on development and all release branches SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
gomod/github.com/klauspost/cpuid/v2	2.3.0	Unknown	Unknown
gomod/github.com/mattn/go-isatty	0.0.22	Unknown	Unknown
gomod/github.com/oasdiff/yaml3	0.0.12	Unknown	Unknown
gomod/github.com/pjbgf/sha1cd	0.6.0	🟢 6.7	Details Check Score Reason Binary-Artifacts 🟢 10 no binaries found in the repo Maintained 🟢 5 6 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 5 Packaging ⚠️ -1 packaging workflow not detected Code-Review ⚠️ 0 Found 0/7 approved changesets -- score normalized to 0 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Pinned-Dependencies 🟢 10 all dependencies are pinned CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Fuzzing 🟢 10 project is fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 3 branch protection is not maximal on development and all release branches Security-Policy ⚠️ 0 security policy file not detected SAST 🟢 10 SAST tool is run on all commits
gomod/github.com/sergi/go-diff	1.4.0	⚠️ 2.9	Details Check Score Reason Code-Review 🟢 6 Found 8/12 approved changesets -- score normalized to 6 Dangerous-Workflow ⚠️ -1 no workflows found Maintained ⚠️ 0 0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0 Token-Permissions ⚠️ -1 No tokens found Binary-Artifacts 🟢 10 no binaries found in the repo Packaging ⚠️ -1 packaging workflow not detected Pinned-Dependencies ⚠️ -1 no dependencies found CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy ⚠️ 0 security policy file not detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
gomod/github.com/stern/stern	1.34.0	Unknown	Unknown
gomod/go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc	0.65.0	🟢 8.8	Details Check Score Reason Code-Review 🟢 10 all changesets reviewed Dependency-Update-Tool 🟢 10 update tool detected Packaging ⚠️ -1 packaging workflow not detected Binary-Artifacts 🟢 10 no binaries found in the repo Maintained 🟢 10 30 commit(s) and 12 issue activity found in the last 90 days -- score normalized to 10 Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Signed-Releases 🟢 8 4 out of the last 4 releases have a total of 4 signed artifacts. Fuzzing 🟢 10 project is fuzzed Pinned-Dependencies 🟢 4 dependency not pinned by hash detected -- score normalized to 4 SAST 🟢 10 SAST tool is run on all commits Branch-Protection 🟢 4 branch protection is not maximal on development and all release branches Security-Policy 🟢 10 security policy file detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected CI-Tests 🟢 10 30 out of 30 merged PRs checked by a CI test -- score normalized to 10 Contributors 🟢 10 project has 40 contributing companies or organizations
gomod/go.uber.org/zap	1.28.0	🟢 6.4	Details Check Score Reason Maintained ⚠️ 2 3 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 2 Packaging ⚠️ -1 packaging workflow not detected Code-Review 🟢 10 all changesets reviewed Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Security-Policy ⚠️ 0 security policy file not detected Fuzzing 🟢 10 project is fuzzed License 🟢 10 license file detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Signed-Releases ⚠️ -1 no releases found SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
gomod/golang.org/x/exp	0.0.0-20260410095643-746e56fc9e2f	Unknown	Unknown
gomod/golang.org/x/tools	0.44.0	Unknown	Unknown
gomod/google.golang.org/protobuf	1.36.12-0.20260120151049-f2248ac996af	Unknown	Unknown
gomod/k8s.io/api	0.36.0	Unknown	Unknown
gomod/k8s.io/apiextensions-apiserver	0.36.0	Unknown	Unknown
gomod/k8s.io/apimachinery	0.36.0	Unknown	Unknown
gomod/k8s.io/apiserver	0.36.0	Unknown	Unknown
gomod/k8s.io/cli-runtime	0.36.0	🟢 5.3	Details Check Score Reason Token-Permissions ⚠️ -1 No tokens found Maintained 🟢 10 30 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10 Dangerous-Workflow ⚠️ -1 no workflows found Packaging ⚠️ -1 packaging workflow not detected Code-Review ⚠️ 0 Found 0/30 approved changesets -- score normalized to 0 SAST ⚠️ 0 no SAST tool detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ -1 no dependencies found Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Security-Policy 🟢 10 security policy file detected
gomod/k8s.io/client-go	0.36.0	Unknown	Unknown
gomod/k8s.io/component-base	0.36.0	Unknown	Unknown
gomod/k8s.io/klog/v2	2.140.0	Unknown	Unknown
gomod/k8s.io/kube-openapi	0.0.0-20260502001324-b7f5293f4787	Unknown	Unknown
gomod/k8s.io/kubectl	0.36.0	Unknown	Unknown
gomod/k8s.io/streaming	0.36.0	Unknown	Unknown
gomod/k8s.io/utils	0.0.0-20260319190234-28399d86e0b5	🟢 5.3	Details Check Score Reason Maintained ⚠️ 3 4 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 3 Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Code-Review 🟢 10 all changesets reviewed CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Security-Policy 🟢 10 security policy file detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
gomod/sigs.k8s.io/controller-runtime	0.24.0	Unknown	Unknown
gomod/sigs.k8s.io/kustomize/api	0.21.1	🟢 5.7	Details Check Score Reason Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Code-Review 🟢 10 all changesets reviewed Packaging ⚠️ -1 packaging workflow not detected Maintained 🟢 10 30 commit(s) and 7 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Binary-Artifacts 🟢 10 no binaries found in the repo Security-Policy 🟢 10 security policy file detected Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Pinned-Dependencies ⚠️ 2 dependency not pinned by hash detected -- score normalized to 2
gomod/sigs.k8s.io/kustomize/kyaml	0.21.1	Unknown	Unknown
gomod/sigs.k8s.io/secrets-store-csi-driver	1.6.0	🟢 6.9	Details Check Score Reason Code-Review 🟢 10 all changesets reviewed Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Dependency-Update-Tool 🟢 10 update tool detected Binary-Artifacts 🟢 10 no binaries found in the repo Maintained 🟢 10 30 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10 Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Vulnerabilities 🟢 5 5 existing vulnerabilities detected Branch-Protection ⚠️ 3 branch protection is not maximal on development and all release branches Pinned-Dependencies 🟢 7 dependency not pinned by hash detected -- score normalized to 7 SAST 🟢 10 SAST tool is run on all commits License 🟢 10 license file detected Packaging 🟢 10 packaging workflow detected Security-Policy 🟢 10 security policy file detected Fuzzing ⚠️ 0 project is not fuzzed CI-Tests 🟢 10 15 out of 15 merged PRs checked by a CI test -- score normalized to 10 Contributors 🟢 10 project has 10 contributing companies or organizations
gomod/sigs.k8s.io/structured-merge-diff/v6	6.4.0	🟢 6.3	Details Check Score Reason Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow ⚠️ -1 no workflows found Maintained 🟢 10 12 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 10 all changesets reviewed Token-Permissions ⚠️ -1 No tokens found Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Binary-Artifacts 🟢 10 no binaries found in the repo CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Security-Policy 🟢 10 security policy file detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0

Scanned Files

• go.mod

[github-actions]

Unit Tests

    2 files  ±0    420 suites  ±0   6m 50s ⏱️ +7s
5 022 tests ±0  5 020 ✅ ±0  2 💤 ±0  0 ❌ ±0 
6 049 runs  ±0  6 047 ✅ ±0  2 💤 ±0  0 ❌ ±0 

Results for commit 2bc094a. ± Comparison against base commit 073b796.

♻️ This comment has been updated with latest results.

[radius-functional-tests]

Radius functional test overview

🔍 Go to test action run

Click here to see the test run details

Name	Value
Repository	radius-project/radius
Commit ref	2bc094a
Unique ID	func5d5e6f7b96
Image tag	pr-func5d5e6f7b96

• gotestsum 1.13.0
• KinD: v0.29.0
• Dapr: 1.14.4
• Azure KeyVault CSI driver: 1.4.2
• Azure Workload identity webhook: 1.3.0
• Bicep recipe location ghcr.io/radius-project/dev/test/testrecipes/test-bicep-recipes/<name>:pr-func5d5e6f7b96
• Terraform recipe location http://tf-module-server.radius-test-tf-module-server.svc.cluster.local/<name>.zip (in cluster)
• applications-rp test image location: ghcr.io/radius-project/dev/applications-rp:pr-func5d5e6f7b96
• dynamic-rp test image location: ghcr.io/radius-project/dev/dynamic-rp:pr-func5d5e6f7b96
• controller test image location: ghcr.io/radius-project/dev/controller:pr-func5d5e6f7b96
• ucp test image location: ghcr.io/radius-project/dev/ucpd:pr-func5d5e6f7b96
• deployment-engine test image location: ghcr.io/radius-project/deployment-engine:latest

Test Status

⌛ Building Radius and pushing container images for functional tests...
✅ Container images build succeeded
⌛ Publishing Bicep Recipes for functional tests...
✅ Recipe publishing succeeded
⌛ Starting corerp-cloud functional tests...
⌛ Starting ucp-cloud functional tests...
✅ ucp-cloud functional tests succeeded
✅ corerp-cloud functional tests succeeded

[Copilot]

Pull request overview

This PR updates the repository’s Go module dependencies (including Kubernetes, controller-runtime, AWS SDK v2, and multiple HashiCorp/Azure/OpenAPI libraries) and bumps the Go toolchain version declared in go.mod to align builds with the refreshed dependency set.

Changes:

• Bump go directive from 1.26.1 to 1.26.2.
• Update a broad set of Go dependencies (Kubernetes to v0.36.0, controller-runtime to v0.24.0, etc.).
• Refresh go.sum to match the updated module graph.

Reviewed changes

Copilot reviewed 1 out of 2 changed files in this pull request and generated 1 comment.

File	Description
go.mod	Updates Go version and direct/indirect dependency versions; introduces a standalone require line for github.com/hashicorp/go-version.
go.sum	Updates module checksums to reflect the dependency bumps and transitive graph changes.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 51.21%. Comparing base (073b796) to head (2bc094a).

Additional details and impacted files

@@            Coverage Diff             @@
##             main   #11828      +/-   ##
==========================================
+ Coverage   51.20%   51.21%   +0.01%     
==========================================
  Files         715      715              
  Lines       45074    45074              
==========================================
+ Hits        23079    23085       +6     
+ Misses      19798    19795       -3     
+ Partials     2197     2194       -3     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.