build(deps): bump the go-dev-dependencies group with 11 updates

[dependabot]

Bumps the go-dev-dependencies group with 11 updates:

Package	From	To
github.com/testcontainers/testcontainers-go	0.41.0	0.42.0
golang.org/x/crypto	0.49.0	0.50.0
github.com/mattn/go-isatty	0.0.20	0.0.21
github.com/mattn/go-sqlite3	1.14.40	1.14.42
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp	0.67.0	0.68.0
golang.org/x/arch	0.25.0	0.26.0
golang.org/x/mod	0.34.0	0.35.0
golang.org/x/net	0.52.0	0.53.0
golang.org/x/sys	0.42.0	0.43.0
golang.org/x/text	0.35.0	0.36.0
golang.org/x/tools	0.43.0	0.44.0

Updates github.com/testcontainers/testcontainers-go from 0.41.0 to 0.42.0

Release notes

Sourced from github.com/testcontainers/testcontainers-go's releases.

v0.42.0

What's Changed

⚠️ Breaking Changes

• chore!: migrate to moby modules (#3591) @​thaJeztah

🔒 Security

• chore(deps): bump moby/client v0.4.0, moby/api v1.54.1 (#3634) @​thaJeztah

🐛 Bug Fixes

• fix: return an error when docker host cannot be retrieved (#3613) @​ash2k

🧹 Housekeeping

• chore: gitignore Gas Town agent artifacts (#3633) @​mdelapenya
• fix(usage-metrics): include last release in the legend pop over (#3630) @​mdelapenya
• chore: update usage metrics (2026-04) (#3621) @github-actions[bot]
• fix(usage-metrics): order of actions matters (#3623) @​mdelapenya
• fix(usage-metrics): reduce rate-limit cascade errors (#3622) @​mdelapenya
• fix(usage-metrics): replace the per-version inline retry with a multi-pass approach (#3620) @​mdelapenya

📦 Dependency updates

• chore(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp from 1.28.0 to 1.43.0 in /modules/grafana-lgtm (#3639) @dependabot[bot]
• chore(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp from 1.42.0 to 1.43.0 in /modules/compose (#3641) @dependabot[bot]
• chore(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp from 1.42.0 to 1.43.0 in /modules/compose (#3645) @dependabot[bot]
• chore(deps): bump mkdocs-include-markdown-plugin from 7.2.1 to 7.2.2 (#3626) @dependabot[bot]
• chore(deps): bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.51.2 to 1.97.3 in /modules/localstack (#3638) @dependabot[bot]
• chore(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp from 1.41.0 to 1.43.0 in /modules/grafana-lgtm (#3643) @dependabot[bot]
• chore(deps): bump go.opentelemetry.io/otel/sdk from 1.41.0 to 1.43.0 in /modules/milvus (#3644) @dependabot[bot]
• chore: update to Go 1.25.9, 1.26.9 (#3647) @​thaJeztah
• chore(deps): bump bump github.com/klauspost/compress v1.18.5, github.com/docker/compose v5.1.2 (#3646) @​thaJeztah
• chore(deps): bump moby/client v0.4.0, moby/api v1.54.1 (#3634) @​thaJeztah
• chore(deps): bump golang.org/x/sys from 0.41.0 to 0.42.0 (#3629) @dependabot[bot]
• chore(deps): bump github.com/moby/patternmatcher from 0.6.0 to 0.6.1 (#3628) @dependabot[bot]
• chore(deps): bump github.com/shirou/gopsutil/v4 from 4.26.2 to 4.26.3 (#3627) @dependabot[bot]
• fix(localstack): accept community-archive as a valid tag (#3601) @​johnduhart
• chore(deps): bump github.com/go-jose/go-jose/v4 from 4.1.3 to 4.1.4 in /modules/gcloud (#3632) @dependabot[bot]
• chore(deps): bump actions/upload-artifact from 6.0.0 to 7.0.0 (#3625) @dependabot[bot]
• chore(deps): bump pygments from 2.19.2 to 2.20.0 (#3615) @dependabot[bot]
• chore(deps): bump google.golang.org/grpc from 1.67.0 to 1.79.3 in /modules/milvus (#3612) @dependabot[bot]
• chore(deps): bump google.golang.org/grpc from 1.67.0 to 1.79.3 in /modules/etcd (#3611) @dependabot[bot]
• chore(deps): bump google.golang.org/grpc from 1.79.1 to 1.79.3 in /modules/ollama (#3610) @dependabot[bot]
• chore(deps): bump google.golang.org/grpc from 1.67.0 to 1.79.3 in /modules/pinecone (#3609) @dependabot[bot]
• chore(deps): bump google.golang.org/grpc from 1.67.0 to 1.79.3 in /modules/couchbase (#3608) @dependabot[bot]
• chore(deps): bump requests from 2.32.4 to 2.33.0 (#3604) @dependabot[bot]
• chore(deps): bump google.golang.org/grpc from 1.79.1 to 1.79.3 in /modules/meilisearch (#3607) @dependabot[bot]
• chore(deps): bump github.com/moby/buildkit from 0.27.1 to 0.28.1 in /modules/compose (#3605) @dependabot[bot]

... (truncated)

Commits

• 6e58418 chore: use new version (v0.42.0) in modules and examples
• f713dc0 chore(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetr...
• 300827a chore(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetr...
• 7a15ac1 chore(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptrace...
• 5bae3d2 fix: return an error when docker host cannot be retrieved (#3613)
• fc19484 chore(deps): bump mkdocs-include-markdown-plugin from 7.2.1 to 7.2.2 (#3626)
• 95bdc0c chore(deps): bump github.com/aws/aws-sdk-go-v2/service/s3 (#3638)
• 75aa226 chore(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptrace...
• 2f59938 chore(deps): bump go.opentelemetry.io/otel/sdk in /modules/milvus (#3644)
• 580abf6 chore: update to Go 1.25.9, 1.26.9 (#3647)
• Additional commits viewable in compare view

Updates golang.org/x/crypto from 0.49.0 to 0.50.0

Commits

• 03ca0dc go.mod: update golang.org/x dependencies
• 8400f4a ssh: respect signer's algorithm preference in pickSignatureAlgorithm
• 81c6cb3 ssh: swap cbcMinPaddingSize to cbcMinPacketSize to get encLength
• See full diff in compare view

Updates github.com/mattn/go-isatty from 0.0.20 to 0.0.21

Commits

• 4237fb1 Update Go test matrix to current versions (1.24-1.26)
• 433c12b Update GitHub Actions to latest versions
• 1cf5589 Add wasip1 and wasip2 to build constraints in isatty_others.go
• 1237245 Update dependencies: go 1.15 -> 1.21, golang.org/x/sys v0.6.0 -> v0.28.0
• ac9c88d Fix typo in comment: undocomented -> undocumented
• 8b7124e Add availability check for NtQueryObject in init
• 08d0313 Fix isCygwinPipeName to reject names with extra trailing tokens
• See full diff in compare view

Updates github.com/mattn/go-sqlite3 from 1.14.40 to 1.14.42

Commits

• 5df13a0 Merge pull request #1387 from mattn/codex/stmt-cache
• e302e5c document that _stmt_cache_size is per connection
• 867dcbf move reset/clear into putCachedStmt and always finalize on failure
• 0e58fa4 simplify prepareWithCache to call prepare instead of duplicating logic
• e9f47da do not bail out on finalize error in closeCachedStmtsLocked
• 325cb8d remove redundant stmtCacheSize check in putCachedStmt
• 061c2a5 check stmtCacheSize before acquiring mutex in takeCachedStmt
• efa9b1c add opt-in statement cache
• 8d12439 Merge pull request #1386 from mattn/perf/reduce-cgo-overhead
• 89f4bbe fix build with SQLITE_ENABLE_UNLOCK_NOTIFY
• Additional commits viewable in compare view

Updates go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp from 0.67.0 to 0.68.0

Release notes

Sourced from go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp's releases.

Release v1.43.0/v2.5.0/v0.68.0/v0.37.0/v0.23.0/v0.18.0/v0.16.0/v0.15.0

Added

• Add Resource method to SDK in go.opentelemetry.io/contrib/otelconf/v0.3.0 to expose the resolved SDK resource from declarative configuration. (#8660)
• Add support to set the configuration file via OTEL_CONFIG_FILE in go.opentelemetry.io/contrib/otelconf. (#8639)
• Add support for service resource detector in go.opentelemetry.io/contrib/otelconf. (#8674)
• Add support for attribute_count_limit and attribute_value_length_limit in tracer provider configuration in go.opentelemetry.io/contrib/otelconf. (#8687)
• Add support for attribute_count_limit and attribute_value_length_limit in logger provider configuration in go.opentelemetry.io/contrib/otelconf. (#8686)
• Add support for server.address and server.port attributes in go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc. (#8723)
• Add support for OTEL_SEMCONV_STABILITY_OPT_IN in go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc. Supported values are rpc (default), rpc/dup and rpc/old. (#8726)
• Add the http.route metric attribute to go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp. (#8632)

Changed

• Prepend _ to the normalized environment variable name when the key starts with a digit in go.opentelemetry.io/contrib/propagators/envcar, ensuring POSIX compliance. (#8678)
• Move experimental types from go.opentelemetry.io/contrib/otelconf to go.opentelemetry.io/contrib/otelconf/x. (#8529)
• Normalize cached environment variable names in go.opentelemetry.io/contrib/propagators/envcar, aligning Carrier.Keys output with the carrier's normalized key format. (#8761)

Fixed

• Fix go.opentelemetry.io/contrib/otelconf Prometheus reader converting OTel dot-style label names (e.g. service.name) to underscore-style (service_name) in target_info when both without_type_suffix and without_units are set. Use NoTranslation instead of UnderscoreEscapingWithoutSuffixes to preserve dot-style label names while still suppressing metric name suffixes. (#8763)
• Limit the request body size at 1MB in go.opentelemetry.io/contrib/zpages. (#8656)
• Fix server spans using the client's address and port for server.address and server.port attributes in go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc. (#8723)

Removed

• Host ID resource detector has been removed when configuring the host resource detector in go.opentelemetry.io/contrib/otelconf. (#8581)

Deprecated

• Deprecate OTEL_EXPERIMENTAL_CONFIG_FILE in favour of OTEL_CONFIG_FILE in go.opentelemetry.io/contrib/otelconf. (#8639)

What's Changed

• chore(deps): update module github.com/jgautheron/goconst to v1.9.0 by @​renovate[bot] in open-telemetry/opentelemetry-go-contrib#8651
• chore(deps): update module go.yaml.in/yaml/v2 to v2.4.4 by @​renovate[bot] in open-telemetry/opentelemetry-go-contrib#8652
• chore(deps): update golang.org/x/telemetry digest to e526e8a by @​renovate[bot] in open-telemetry/opentelemetry-go-contrib#8647
• chore(deps): update module k8s.io/klog/v2 to v2.140.0 by @​renovate[bot] in open-telemetry/opentelemetry-go-contrib#8650
• chore(deps): update module github.com/mgechev/revive to v1.14.0 by @​mmorel-35 in open-telemetry/opentelemetry-go-contrib#8646
• chore(deps): update module github.com/mgechev/revive to v1.15.0 by @​renovate[bot] in open-telemetry/opentelemetry-go-contrib#8539
• chore: fix noctx issues by @​mmorel-35 in open-telemetry/opentelemetry-go-contrib#8645
• chore(deps): update golang.org/x by @​renovate[bot] in open-telemetry/opentelemetry-go-contrib#8655
• chore(deps): update module codeberg.org/chavacava/garif to v0.2.1 by @​renovate[bot] in open-telemetry/opentelemetry-go-contrib#8654
• chore(deps): update module github.com/mattn/go-runewidth to v0.0.21 by @​renovate[bot] in open-telemetry/opentelemetry-go-contrib#8653
• fix(deps): update module go.opentelemetry.io/proto/otlp to v1.10.0 by @​renovate[bot] in open-telemetry/opentelemetry-go-contrib#8657
• Limit the number of bytes read from the zpages body by @​dmathieu in open-telemetry/opentelemetry-go-contrib#8656
• fix(deps): update module github.com/golangci/golangci-lint/v2 to v2.11.2 by @​renovate[bot] in open-telemetry/opentelemetry-go-contrib#8648
• fix(deps): update module github.com/golangci/golangci-lint/v2 to v2.11.3 by @​renovate[bot] in open-telemetry/opentelemetry-go-contrib#8661
• chore(deps): update github.com/securego/gosec/v2 digest to 8895462 by @​renovate[bot] in open-telemetry/opentelemetry-go-contrib#8663
• otelconf: support OTEL_CONFIG_FILE as it is no longer experimental by @​codeboten in open-telemetry/opentelemetry-go-contrib#8639
• chore(deps): update module github.com/sonatard/noctx to v0.5.1 by @​renovate[bot] in open-telemetry/opentelemetry-go-contrib#8664

... (truncated)

Changelog

Sourced from go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp's changelog.

[1.43.0/2.5.0/0.68.0/0.37.0/0.23.0/0.18.0/0.16.0/0.15.0] - 2026-04-03

Added

• Add Resource method to SDK in go.opentelemetry.io/contrib/otelconf/v0.3.0 to expose the resolved SDK resource from declarative configuration. (#8660)
• Add support to set the configuration file via OTEL_CONFIG_FILE in go.opentelemetry.io/contrib/otelconf. (#8639)
• Add support for service resource detector in go.opentelemetry.io/contrib/otelconf. (#8674)
• Add support for attribute_count_limit and attribute_value_length_limit in tracer provider configuration in go.opentelemetry.io/contrib/otelconf. (#8687)
• Add support for attribute_count_limit and attribute_value_length_limit in logger provider configuration in go.opentelemetry.io/contrib/otelconf. (#8686)
• Add support for server.address and server.port attributes in go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc. (#8723)
• Add support for OTEL_SEMCONV_STABILITY_OPT_IN in go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc. Supported values are rpc (default), rpc/dup and rpc/old. (#8726)
• Add the http.route metric attribute to go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp. (#8632)

Changed

• Prepend _ to the normalized environment variable name when the key starts with a digit in go.opentelemetry.io/contrib/propagators/envcar, ensuring POSIX compliance. (#8678)
• Move experimental types from go.opentelemetry.io/contrib/otelconf to go.opentelemetry.io/contrib/otelconf/x. (#8529)
• Normalize cached environment variable names in go.opentelemetry.io/contrib/propagators/envcar, aligning Carrier.Keys output with the carrier's normalized key format. (#8761)

Fixed

• Fix go.opentelemetry.io/contrib/otelconf Prometheus reader converting OTel dot-style label names (e.g. service.name) to underscore-style (service_name) in target_info when both without_type_suffix and without_units are set. Use NoTranslation instead of UnderscoreEscapingWithoutSuffixes to preserve dot-style label names while still suppressing metric name suffixes. (#8763)
• Limit the request body size at 1MB in go.opentelemetry.io/contrib/zpages. (#8656)
• Fix server spans using the client's address and port for server.address and server.port attributes in go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc. (#8723)

Removed

• Host ID resource detector has been removed when configuring the host resource detector in go.opentelemetry.io/contrib/otelconf. (#8581)

Deprecated

• Deprecate OTEL_EXPERIMENTAL_CONFIG_FILE in favour of OTEL_CONFIG_FILE in go.opentelemetry.io/contrib/otelconf. (#8639)

Commits

• 45977a4 Release v1.43.0/v2.5.0/v0.68.0/v0.37.0/v0.23.0/v0.18.0/v0.16.0/v0.15.0 (#8769)
• 0fcc152 fix(deps): update module github.com/googlecloudplatform/opentelemetry-operati...
• eaba3cd chore(deps): update googleapis to 6f92a3b (#8776)
• 6df430c chore(deps): update module github.com/jgautheron/goconst to v1.10.0 (#8771)
• ae90e32 Fix otelconf prometheus label escaping (#8763)
• f202c3f otelconf: move experimental types to otelconf/x (#8529)
• 8ddaece fix(deps): update aws-sdk-go-v2 monorepo (#8764)
• c7c03a4 chore(deps): update module github.com/mattn/go-runewidth to v0.0.22 (#8766)
• 717a85a envcar: normalize cached environment variable names (#8761)
• ad990b6 fix(deps): update module github.com/aws/smithy-go to v1.24.3 (#8765)
• Additional commits viewable in compare view

Updates golang.org/x/arch from 0.25.0 to 0.26.0

Commits

• c172774 arm64/instgen: support register with index in SVE
• e36c9fb arm64/instgen: add GP and SIMD register support for SVE
• af53bf6 riscv64: add support for zbc instructions
• 45767dc arm64/instgen: add assembler code generator for SVE
• 2a0debc riscv64: support zihintpause disassembly
• d1c8e71 arm64/instgen: add arm64 ISA XML processing
• d5a2fc6 arm64: add arm64 ISA XML parser
• See full diff in compare view

Updates golang.org/x/mod from 0.34.0 to 0.35.0

Commits

• 03901d3 go.mod: update golang.org/x dependencies
• See full diff in compare view

Updates golang.org/x/net from 0.52.0 to 0.53.0

Commits

• a8d1fc1 go.mod: update golang.org/x dependencies
• 056ac74 quic: avoid depending on golang.org/x/sys/unix
• c85f611 http3: add http3 package for testing in std
• 805fc81 http2: add transport API tests
• e63b894 http2: support testing via net/http.Transport.RoundTrip
• 9ee1e48 http2/hpack: prevent HeaderField from escaping during encoding
• 1e71bd8 http2: prevent hanging Transport due to bad SETTINGS frame
• 7bca150 internal/http3: respect net/http Server Shutdown context when shutting down
• 44c41be internal/http3: prevent server from holding mutex when sleeping during shutdown
• 228a67a internal/http3: add CloseIdleConnections support in transport
• Additional commits viewable in compare view

Updates golang.org/x/sys from 0.42.0 to 0.43.0

Commits

• f33a730 windows: support nil security descriptor on GetNamedSecurityInfo
• 493d172 cpu: add runtime import in cpu_darwin_arm64_other.go
• 2c2be75 windows: use syscall.SyscallN in Proc.Call
• a76ec62 cpu: roll back "use IsProcessorFeaturePresent to calculate ARM64 on windows"
• See full diff in compare view

Updates golang.org/x/text from 0.35.0 to 0.36.0

Commits

• 8577a70 go.mod: update golang.org/x dependencies
• See full diff in compare view

Updates golang.org/x/tools from 0.43.0 to 0.44.0

Commits

• 3dd188d go.mod: update golang.org/x dependencies
• aebd870 gopls: improve doc link matching to support links followed by a colon
• 5357b43 go/analysis/passes/modernize: rangeint: handle type parameter constraints
• bf04c61 go/types/internal/play: show normal terms of selected type
• 0ae2de0 gopls/internal/filecache: cache decoded objects in memCache
• 8e51a5f go/ssa: support direct references to embedded fields in struct lit
• 5005b9e internal/gcimporter: rename ureader_yes.go to ureader.go
• 5ca865b go/types/objectpath: add debugging command
• f6476fb internal/gcimporter: consume generic methods in gcimporter
• b36d1d1 internal/pkgbits: sync version.go with goroot
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[github-actions]

Dependency Review

The following issues were found:

• ✅ 0 vulnerable package(s)
• ✅ 0 package(s) with incompatible licenses
• ✅ 0 package(s) with invalid SPDX license definitions
• ⚠️ 10 package(s) with unknown licenses.

See the Details below.

Snapshot Warnings

⚠️: No snapshots were found for the head SHA 8e9dbe4.

Ensure that dependencies are being submitted on PR branches and consider enabling retry-on-snapshot-warnings. See the documentation for more information and troubleshooting advice.

License Issues

go.mod

Package	Version	License	Issue Type
github.com/mattn/go-sqlite3	1.14.42	Null	Unknown License
github.com/moby/moby/api	1.54.1	Null	Unknown License
github.com/moby/moby/client	0.4.0	Null	Unknown License
golang.org/x/arch	0.26.0	Null	Unknown License
golang.org/x/crypto	0.50.0	Null	Unknown License
golang.org/x/mod	0.35.0	Null	Unknown License
golang.org/x/net	0.53.0	Null	Unknown License
golang.org/x/sys	0.43.0	Null	Unknown License
golang.org/x/text	0.36.0	Null	Unknown License
golang.org/x/tools	0.44.0	Null	Unknown License

Allowed Licenses:

0BSD, AGPL-3.0-or-later, Apache-2.0, BlueOak-1.0.0, BSD-2-Clause, BSD-3-Clause-Clear, BSD-3-Clause, BSL-1.0, bzip2-1.0.6, CAL-1.0, CC-BY-3.0, CC-BY-4.0, CC-BY-SA-4.0, CC0-1.0, EPL-2.0, GPL-1.0-or-later, GPL-2.0-only, GPL-2.0-or-later, GPL-2.0, GPL-3.0-only, GPL-3.0-or-later, GPL-3.0, ISC, LGPL-2.0-only, LGPL-2.0-or-later, LGPL-2.1-only, LGPL-2.1-or-later, LGPL-2.1, LGPL-3.0-only, LGPL-3.0, LGPL-3.0-or-later, MIT, MIT-CMU, MPL-1.1, MPL-2.0, OFL-1.1, PSF-2.0, Python-2.0, Python-2.0.1, Unicode-3.0, Unicode-DFS-2016, Unlicense, Zlib, ZPL-2.1

OpenSSF Scorecard

Scorecard details

Package	Version	Score	Details
gomod/github.com/mattn/go-isatty	0.0.21	🟢 3.9	Details Check Score Reason Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Binary-Artifacts 🟢 10 no binaries found in the repo Maintained 🟢 6 7 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 6 Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Code-Review 🟢 5 Found 11/20 approved changesets -- score normalized to 5 Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Security-Policy ⚠️ 0 security policy file not detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
gomod/github.com/mattn/go-sqlite3	1.14.42	Unknown	Unknown
gomod/github.com/moby/moby/api	1.54.1	Unknown	Unknown
gomod/github.com/moby/moby/client	0.4.0	Unknown	Unknown
gomod/github.com/testcontainers/testcontainers-go	0.42.0	🟢 6.3	Details Check Score Reason Dependency-Update-Tool 🟢 10 update tool detected Maintained 🟢 10 30 commit(s) and 6 issue activity found in the last 90 days -- score normalized to 10 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Code-Review 🟢 3 Found 6/16 approved changesets -- score normalized to 3 Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies 🟢 9 dependency not pinned by hash detected -- score normalized to 9 CII-Best-Practices ⚠️ 2 badge detected: InProgress Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected SAST 🟢 9 SAST tool detected but not run on all commits Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Security-Policy ⚠️ 0 security policy file not detected Signed-Releases ⚠️ -1 no releases found CI-Tests 🟢 10 25 out of 25 merged PRs checked by a CI test -- score normalized to 10 Vulnerabilities ⚠️ 2 8 existing vulnerabilities detected Contributors 🟢 10 project has 61 contributing companies or organizations
gomod/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp	0.68.0	🟢 8.8	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 9 issue activity found in the last 90 days -- score normalized to 10 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Dependency-Update-Tool 🟢 10 update tool detected Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Code-Review 🟢 10 all changesets reviewed Binary-Artifacts 🟢 10 no binaries found in the repo CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Signed-Releases 🟢 8 4 out of the last 4 releases have a total of 4 signed artifacts. Fuzzing 🟢 10 project is fuzzed License 🟢 10 license file detected Pinned-Dependencies 🟢 4 dependency not pinned by hash detected -- score normalized to 4 SAST 🟢 10 SAST tool is run on all commits Branch-Protection 🟢 4 branch protection is not maximal on development and all release branches Security-Policy 🟢 10 security policy file detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected CI-Tests 🟢 10 30 out of 30 merged PRs checked by a CI test -- score normalized to 10 Contributors 🟢 10 project has 39 contributing companies or organizations
gomod/golang.org/x/arch	0.26.0	Unknown	Unknown
gomod/golang.org/x/crypto	0.50.0	Unknown	Unknown
gomod/golang.org/x/mod	0.35.0	Unknown	Unknown
gomod/golang.org/x/net	0.53.0	Unknown	Unknown
gomod/golang.org/x/sys	0.43.0	Unknown	Unknown
gomod/golang.org/x/text	0.36.0	Unknown	Unknown
gomod/golang.org/x/tools	0.44.0	Unknown	Unknown

Scanned Files

• go.mod

[github-actions]

Conventional Commits Report

😢 No conventional commits found.

👉 Learn more about the conventional commits usage at Greenbone.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 94.04%. Comparing base (d0bd8a1) to head (8e9dbe4).
⚠️ Report is 5 commits behind head on main.

Additional details and impacted files

@@             Coverage Diff             @@
##             main     #303       +/-   ##
===========================================
+ Coverage   57.13%   94.04%   +36.91%     
===========================================
  Files          70        5       -65     
  Lines        3945      504     -3441     
===========================================
- Hits         2254      474     -1780     
+ Misses       1493       20     -1473     
+ Partials      198       10      -188     

Flag	Coverage Δ
opensearch-tests	95.68% <ø> (ø)
postgres-tests	92.03% <ø> (ø)
unit-tests	?

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.