build(deps): bump the go-dev-dependencies group across 1 directory with 22 updates by dependabot[bot] · Pull Request #307 · greenbone/opensight-golang-libraries

dependabot · 2026-04-20T04:12:06Z

Bumps the go-dev-dependencies group with 17 updates in the / directory:

Package	From	To
github.com/testcontainers/testcontainers-go	`0.41.0`	`0.42.0`
golang.org/x/crypto	`0.49.0`	`0.50.0`
github.com/docker/go-connections	`0.6.0`	`0.7.0`
github.com/go-openapi/jsonpointer	`0.22.5`	`0.23.1`
github.com/go-openapi/swag/conv	`0.25.5`	`0.26.0`
github.com/go-openapi/swag/jsonutils	`0.25.5`	`0.26.0`
github.com/go-openapi/swag/loading	`0.25.5`	`0.26.0`
github.com/go-openapi/swag/stringutils	`0.25.5`	`0.26.0`
github.com/jackc/pgx/v5	`5.9.1`	`5.9.2`
github.com/mattn/go-isatty	`0.0.20`	`0.0.21`
github.com/mattn/go-sqlite3	`1.14.40`	`1.14.42`
go.mongodb.org/mongo-driver/v2	`2.5.0`	`2.5.1`
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp	`0.67.0`	`0.68.0`
golang.org/x/arch	`0.25.0`	`0.26.0`
golang.org/x/mod	`0.34.0`	`0.35.0`
golang.org/x/net	`0.52.0`	`0.53.0`
golang.org/x/tools	`0.43.0`	`0.44.0`

Updates github.com/testcontainers/testcontainers-go from 0.41.0 to 0.42.0

Release notes

Sourced from github.com/testcontainers/testcontainers-go's releases.

... (truncated)

Commits

6e58418 chore: use new version (v0.42.0) in modules and examples
f713dc0 chore(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetr...
300827a chore(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetr...
7a15ac1 chore(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptrace...
5bae3d2 fix: return an error when docker host cannot be retrieved (#3613)
fc19484 chore(deps): bump mkdocs-include-markdown-plugin from 7.2.1 to 7.2.2 (#3626)
95bdc0c chore(deps): bump github.com/aws/aws-sdk-go-v2/service/s3 (#3638)
75aa226 chore(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptrace...
2f59938 chore(deps): bump go.opentelemetry.io/otel/sdk in /modules/milvus (#3644)
580abf6 chore: update to Go 1.25.9, 1.26.9 (#3647)
Additional commits viewable in compare view

Updates golang.org/x/crypto from 0.49.0 to 0.50.0

Commits

03ca0dc go.mod: update golang.org/x dependencies
8400f4a ssh: respect signer's algorithm preference in pickSignatureAlgorithm
81c6cb3 ssh: swap cbcMinPaddingSize to cbcMinPacketSize to get encLength
See full diff in compare view

Updates github.com/docker/go-connections from 0.6.0 to 0.7.0

Commits

7997b0f Merge pull request #156 from thaJeztah/bump_go_winio
329724a chore(deps): bump github.com/Microsoft/go-winio v0.6.2
161dc9b Merge pull request #155 from thaJeztah/pin_actions
b115e42 Merge pull request #154 from thaJeztah/fix_non_linux_tests
4c35b2a ci: pin actions to sha
b4454a6 tlsconfig: make root pool tests deterministic across platforms
0819711 tlsconfig: certPool: pass options as argument
0329635 tlsconfig: rename some vars that shadowed
894d811 Merge pull request #150 from thaJeztah/deprecate_SystemCertPool
0a1293a Merge pull request #153 from thaJeztah/chachacha
Additional commits viewable in compare view

Updates github.com/go-openapi/jsonpointer from 0.22.5 to 0.23.1

Release notes

Sourced from github.com/go-openapi/jsonpointer's releases.

... (truncated)

Commits

df7695b fix(offset): in Offset method, fixed index of value of array element. (#128)
d5ccb6c doc: project status update (#127)
f08d527 docs: point to organization-wide documentations, added missing godocs (#126)
5b79c49 doc: updated contributors file
a9cabb6 chore(deps): bump the development-dependencies group with 7 updates
331ea42 feat: added alternate json name provider (#123)
04588aa feat: added optional support for non-default json name provider (#122)
bca4023 feat: the RFC 6901 "-" array suffix is now supported (#121)
827f12d doc: updated contributors file
635e674 fix(errors): correct error message for invalid JSON pointer start (#118)
Additional commits viewable in compare view

Updates github.com/go-openapi/swag/conv from 0.25.5 to 0.26.0

Release notes

Sourced from github.com/go-openapi/swag/conv's releases.

... (truncated)

Commits

10f02a4 chore: prepare release v0.26.0
543ed20 feat(jsonname): added new json name provider more respectful of go convention...
15feaa1 doc: updated contributors file
be70d5e build(deps): bump the go-openapi-dependencies group across 15 directories wit...
e3a465d chore: bump go directive to 1.25.0 (#192)
544d0de doc: add portable agentic instructions (#191)
2345c91 doc: update discord link (#190)
6aaa57c build(deps): bump the other-dependencies group across 3 directories with 1 up...
524ef32 build(deps): bump the development-dependencies group with 7 updates
228d6ed ci: fixed dependabot path (#187)
Additional commits viewable in compare view

Updates github.com/go-openapi/swag/jsonname from 0.25.5 to 0.26.0

Release notes

Sourced from github.com/go-openapi/swag/jsonname's releases.

... (truncated)

Commits

10f02a4 chore: prepare release v0.26.0
543ed20 feat(jsonname): added new json name provider more respectful of go convention...
15feaa1 doc: updated contributors file
be70d5e build(deps): bump the go-openapi-dependencies group across 15 directories wit...
e3a465d chore: bump go directive to 1.25.0 (#192)
544d0de doc: add portable agentic instructions (#191)
2345c91 doc: update discord link (#190)
6aaa57c build(deps): bump the other-dependencies group across 3 directories with 1 up...
524ef32 build(deps): bump the development-dependencies group with 7 updates
228d6ed ci: fixed dependabot path (#187)
Additional commits viewable in compare view

Updates github.com/go-openapi/swag/jsonutils from 0.25.5 to 0.26.0

Release notes

Sourced from github.com/go-openapi/swag/jsonutils's releases.

... (truncated)

Commits

10f02a4 chore: prepare release v0.26.0
543ed20 feat(jsonname): added new json name provider more respectful of go convention...
15feaa1 doc: updated contributors file
be70d5e build(deps): bump the go-openapi-dependencies group across 15 directories wit...
e3a465d chore: bump go directive to 1.25.0 (#192)
544d0de doc: add portable agentic instructions (#191)
2345c91 doc: update discord link (#190)
6aaa57c build(deps): bump the other-dependencies group across 3 directories with 1 up...
524ef32 build(deps): bump the development-dependencies group with 7 updates
228d6ed ci: fixed dependabot path (#187)
Additional commits viewable in compare view

Updates github.com/go-openapi/swag/loading from 0.25.5 to 0.26.0

Release notes

Sourced from github.com/go-openapi/swag/loading's releases.

... (truncated)

Commits

10f02a4 chore: prepare release v0.26.0
543ed20 feat(jsonname): added new json name provider more respectful of go convention...
15feaa1 doc: updated contributors file
be70d5e build(deps): bump the go-openapi-dependencies group across 15 directories wit...
e3a465d chore: bump go directive to 1.25.0 (#192)
544d0de doc: add portable agentic instructions (#191)
2345c91 doc: update discord link (#190)
6aaa57c build(deps): bump the other-dependencies group across 3 directories with 1 up...
524ef32 build(deps): bump the development-dependencies group with 7 updates
228d6ed ci: fixed dependabot path (#187)
Additional commits viewable in compare view

Updates github.com/go-openapi/swag/stringutils from 0.25.5 to 0.26.0

Release notes

Sourced from github.com/go-openapi/swag/stringutils's releases.

... (truncated)

Commits

10f02a4 chore: prepare release v0.26.0
543ed20 feat(jsonname): added new json name provider more respectful of go convention...
15feaa1 doc: updated contributors file
be70d5e build(deps): bump the go-openapi-dependencies group across 15 directories wit...
e3a465d chore: bump go directive to 1.25.0 (#192)
544d0de doc: add portable agentic instructions (#191)
2345c91 doc: update discord link (#190)
6aaa57c build(deps): bump the other-dependencies group across 3 directories with 1 up...
524ef32 build(deps): bump the development-dependencies group with 7 updates
228d6ed ci: fixed dependabot path (#187)
Additional commits viewable in compare view

Updates github.com/go-openapi/swag/typeutils from 0.25.5 to 0.26.0

Release notes

Sourced from github.com/go-openapi/swag/typeutils's releases.

…th 22 updates Bumps the go-dev-dependencies group with 17 updates in the / directory: | Package | From | To | | --- | --- | --- | | [github.com/testcontainers/testcontainers-go](https://github.com/testcontainers/testcontainers-go) | `0.41.0` | `0.42.0` | | [golang.org/x/crypto](https://github.com/golang/crypto) | `0.49.0` | `0.50.0` | | [github.com/docker/go-connections](https://github.com/docker/go-connections) | `0.6.0` | `0.7.0` | | [github.com/go-openapi/jsonpointer](https://github.com/go-openapi/jsonpointer) | `0.22.5` | `0.23.1` | | [github.com/go-openapi/swag/conv](https://github.com/go-openapi/swag) | `0.25.5` | `0.26.0` | | [github.com/go-openapi/swag/jsonutils](https://github.com/go-openapi/swag) | `0.25.5` | `0.26.0` | | [github.com/go-openapi/swag/loading](https://github.com/go-openapi/swag) | `0.25.5` | `0.26.0` | | [github.com/go-openapi/swag/stringutils](https://github.com/go-openapi/swag) | `0.25.5` | `0.26.0` | | [github.com/jackc/pgx/v5](https://github.com/jackc/pgx) | `5.9.1` | `5.9.2` | | [github.com/mattn/go-isatty](https://github.com/mattn/go-isatty) | `0.0.20` | `0.0.21` | | [github.com/mattn/go-sqlite3](https://github.com/mattn/go-sqlite3) | `1.14.40` | `1.14.42` | | [go.mongodb.org/mongo-driver/v2](https://github.com/mongodb/mongo-go-driver) | `2.5.0` | `2.5.1` | | [go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp](https://github.com/open-telemetry/opentelemetry-go-contrib) | `0.67.0` | `0.68.0` | | [golang.org/x/arch](https://github.com/golang/arch) | `0.25.0` | `0.26.0` | | [golang.org/x/mod](https://github.com/golang/mod) | `0.34.0` | `0.35.0` | | [golang.org/x/net](https://github.com/golang/net) | `0.52.0` | `0.53.0` | | [golang.org/x/tools](https://github.com/golang/tools) | `0.43.0` | `0.44.0` | Updates `github.com/testcontainers/testcontainers-go` from 0.41.0 to 0.42.0 - [Release notes](https://github.com/testcontainers/testcontainers-go/releases) - [Commits](testcontainers/testcontainers-go@v0.41.0...v0.42.0) Updates `golang.org/x/crypto` from 0.49.0 to 0.50.0 - [Commits](golang/crypto@v0.49.0...v0.50.0) Updates `github.com/docker/go-connections` from 0.6.0 to 0.7.0 - [Commits](docker/go-connections@v0.6.0...v0.7.0) Updates `github.com/go-openapi/jsonpointer` from 0.22.5 to 0.23.1 - [Release notes](https://github.com/go-openapi/jsonpointer/releases) - [Commits](go-openapi/jsonpointer@v0.22.5...v0.23.1) Updates `github.com/go-openapi/swag/conv` from 0.25.5 to 0.26.0 - [Release notes](https://github.com/go-openapi/swag/releases) - [Commits](go-openapi/swag@v0.25.5...v0.26.0) Updates `github.com/go-openapi/swag/jsonname` from 0.25.5 to 0.26.0 - [Release notes](https://github.com/go-openapi/swag/releases) - [Commits](go-openapi/swag@v0.25.5...v0.26.0) Updates `github.com/go-openapi/swag/jsonutils` from 0.25.5 to 0.26.0 - [Release notes](https://github.com/go-openapi/swag/releases) - [Commits](go-openapi/swag@v0.25.5...v0.26.0) Updates `github.com/go-openapi/swag/loading` from 0.25.5 to 0.26.0 - [Release notes](https://github.com/go-openapi/swag/releases) - [Commits](go-openapi/swag@v0.25.5...v0.26.0) Updates `github.com/go-openapi/swag/stringutils` from 0.25.5 to 0.26.0 - [Release notes](https://github.com/go-openapi/swag/releases) - [Commits](go-openapi/swag@v0.25.5...v0.26.0) Updates `github.com/go-openapi/swag/typeutils` from 0.25.5 to 0.26.0 - [Release notes](https://github.com/go-openapi/swag/releases) - [Commits](go-openapi/swag@v0.25.5...v0.26.0) Updates `github.com/go-openapi/swag/yamlutils` from 0.25.5 to 0.26.0 - [Release notes](https://github.com/go-openapi/swag/releases) - [Commits](go-openapi/swag@v0.25.5...v0.26.0) Updates `github.com/jackc/pgx/v5` from 5.9.1 to 5.9.2 - [Changelog](https://github.com/jackc/pgx/blob/master/CHANGELOG.md) - [Commits](jackc/pgx@v5.9.1...v5.9.2) Updates `github.com/mattn/go-isatty` from 0.0.20 to 0.0.21 - [Commits](mattn/go-isatty@v0.0.20...v0.0.21) Updates `github.com/mattn/go-sqlite3` from 1.14.40 to 1.14.42 - [Release notes](https://github.com/mattn/go-sqlite3/releases) - [Commits](mattn/go-sqlite3@v1.14.40...v1.14.42) Updates `go.mongodb.org/mongo-driver/v2` from 2.5.0 to 2.5.1 - [Release notes](https://github.com/mongodb/mongo-go-driver/releases) - [Commits](mongodb/mongo-go-driver@v2.5.0...v2.5.1) Updates `go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp` from 0.67.0 to 0.68.0 - [Release notes](https://github.com/open-telemetry/opentelemetry-go-contrib/releases) - [Changelog](https://github.com/open-telemetry/opentelemetry-go-contrib/blob/main/CHANGELOG.md) - [Commits](open-telemetry/opentelemetry-go-contrib@zpages/v0.67.0...zpages/v0.68.0) Updates `golang.org/x/arch` from 0.25.0 to 0.26.0 - [Commits](golang/arch@v0.25.0...v0.26.0) Updates `golang.org/x/mod` from 0.34.0 to 0.35.0 - [Commits](golang/mod@v0.34.0...v0.35.0) Updates `golang.org/x/net` from 0.52.0 to 0.53.0 - [Commits](golang/net@v0.52.0...v0.53.0) Updates `golang.org/x/sys` from 0.42.0 to 0.43.0 - [Commits](golang/sys@v0.42.0...v0.43.0) Updates `golang.org/x/text` from 0.35.0 to 0.36.0 - [Release notes](https://github.com/golang/text/releases) - [Commits](golang/text@v0.35.0...v0.36.0) Updates `golang.org/x/tools` from 0.43.0 to 0.44.0 - [Release notes](https://github.com/golang/tools/releases) - [Commits](golang/tools@v0.43.0...v0.44.0) --- updated-dependencies: - dependency-name: github.com/testcontainers/testcontainers-go dependency-version: 0.42.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-dev-dependencies - dependency-name: golang.org/x/crypto dependency-version: 0.50.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-dev-dependencies - dependency-name: github.com/docker/go-connections dependency-version: 0.7.0 dependency-type: indirect update-type: version-update:semver-minor dependency-group: go-dev-dependencies - dependency-name: github.com/go-openapi/jsonpointer dependency-version: 0.23.1 dependency-type: indirect update-type: version-update:semver-minor dependency-group: go-dev-dependencies - dependency-name: github.com/go-openapi/swag/conv dependency-version: 0.26.0 dependency-type: indirect update-type: version-update:semver-minor dependency-group: go-dev-dependencies - dependency-name: github.com/go-openapi/swag/jsonname dependency-version: 0.26.0 dependency-type: indirect update-type: version-update:semver-minor dependency-group: go-dev-dependencies - dependency-name: github.com/go-openapi/swag/jsonutils dependency-version: 0.26.0 dependency-type: indirect update-type: version-update:semver-minor dependency-group: go-dev-dependencies - dependency-name: github.com/go-openapi/swag/loading dependency-version: 0.26.0 dependency-type: indirect update-type: version-update:semver-minor dependency-group: go-dev-dependencies - dependency-name: github.com/go-openapi/swag/stringutils dependency-version: 0.26.0 dependency-type: indirect update-type: version-update:semver-minor dependency-group: go-dev-dependencies - dependency-name: github.com/go-openapi/swag/typeutils dependency-version: 0.26.0 dependency-type: indirect update-type: version-update:semver-minor dependency-group: go-dev-dependencies - dependency-name: github.com/go-openapi/swag/yamlutils dependency-version: 0.26.0 dependency-type: indirect update-type: version-update:semver-minor dependency-group: go-dev-dependencies - dependency-name: github.com/jackc/pgx/v5 dependency-version: 5.9.2 dependency-type: indirect update-type: version-update:semver-patch dependency-group: go-dev-dependencies - dependency-name: github.com/mattn/go-isatty dependency-version: 0.0.21 dependency-type: indirect update-type: version-update:semver-patch dependency-group: go-dev-dependencies - dependency-name: github.com/mattn/go-sqlite3 dependency-version: 1.14.42 dependency-type: indirect update-type: version-update:semver-patch dependency-group: go-dev-dependencies - dependency-name: go.mongodb.org/mongo-driver/v2 dependency-version: 2.5.1 dependency-type: indirect update-type: version-update:semver-patch dependency-group: go-dev-dependencies - dependency-name: go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp dependency-version: 0.68.0 dependency-type: indirect update-type: version-update:semver-minor dependency-group: go-dev-dependencies - dependency-name: golang.org/x/arch dependency-version: 0.26.0 dependency-type: indirect update-type: version-update:semver-minor dependency-group: go-dev-dependencies - dependency-name: golang.org/x/mod dependency-version: 0.35.0 dependency-type: indirect update-type: version-update:semver-minor dependency-group: go-dev-dependencies - dependency-name: golang.org/x/net dependency-version: 0.53.0 dependency-type: indirect update-type: version-update:semver-minor dependency-group: go-dev-dependencies - dependency-name: golang.org/x/sys dependency-version: 0.43.0 dependency-type: indirect update-type: version-update:semver-minor dependency-group: go-dev-dependencies - dependency-name: golang.org/x/text dependency-version: 0.36.0 dependency-type: indirect update-type: version-update:semver-minor dependency-group: go-dev-dependencies - dependency-name: golang.org/x/tools dependency-version: 0.44.0 dependency-type: indirect update-type: version-update:semver-minor dependency-group: go-dev-dependencies ... Signed-off-by: dependabot[bot] <support@github.com>

github-actions · 2026-04-20T04:12:30Z

Dependency Review

The following issues were found:

✅ 0 vulnerable package(s)
❌ 6 package(s) with incompatible licenses
✅ 0 package(s) with invalid SPDX license definitions
⚠️ 7 package(s) with unknown licenses.

See the Details below.

Snapshot Warnings

Ensure that dependencies are being submitted on PR branches and consider enabling retry-on-snapshot-warnings. See the documentation for more information and troubleshooting advice.

License Issues

go.mod

Package	Version	License	Issue Type
golang.org/x/crypto	0.50.0	BSD-3-Clause AND LicenseRef-scancode-google-patent-license-golang	Incompatible License
golang.org/x/mod	0.35.0	BSD-3-Clause AND LicenseRef-scancode-google-patent-license-golang	Incompatible License
golang.org/x/net	0.53.0	BSD-3-Clause AND LicenseRef-scancode-google-patent-license-golang	Incompatible License
golang.org/x/sys	0.43.0	BSD-3-Clause AND LicenseRef-scancode-google-patent-license-golang	Incompatible License
golang.org/x/text	0.36.0	BSD-3-Clause AND LicenseRef-scancode-google-patent-license-golang	Incompatible License
golang.org/x/tools	0.44.0	BSD-3-Clause AND LicenseRef-scancode-google-patent-license-golang	Incompatible License
github.com/jackc/pgx/v5	5.9.2	Null	Unknown License
github.com/mattn/go-isatty	0.0.21	Null	Unknown License
github.com/mattn/go-sqlite3	1.14.42	Null	Unknown License
github.com/moby/moby/api	1.54.1	Null	Unknown License
github.com/moby/moby/client	0.4.0	Null	Unknown License
github.com/testcontainers/testcontainers-go	0.42.0	Null	Unknown License
golang.org/x/arch	0.26.0	Null	Unknown License

OpenSSF Scorecard

Scorecard details

Package

Version

Score

Details

gomod/github.com/docker/go-connections

0.7.0

🟢 6.5

Details

Check	Score	Reason
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Maintained	🟢 10	14 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Token-Permissions	🟢 10	GitHub workflow tokens follow principle of least privilege
Packaging	⚠️ -1	packaging workflow not detected
Code-Review	🟢 10	all changesets reviewed
Binary-Artifacts	🟢 10	no binaries found in the repo
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Fuzzing	⚠️ 0	project is not fuzzed
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Security-Policy	⚠️ 0	security policy file not detected
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

gomod/github.com/go-openapi/jsonpointer

0.23.1

🟢 8.2

Details

Check	Score	Reason
Packaging	⚠️ -1	packaging workflow not detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Code-Review	⚠️ 0	Found 1/12 approved changesets -- score normalized to 0
Security-Policy	🟢 10	security policy file detected
Maintained	🟢 10	21 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10
Token-Permissions	🟢 10	GitHub workflow tokens follow principle of least privilege
Pinned-Dependencies	🟢 10	all dependencies are pinned
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Fuzzing	🟢 10	project is fuzzed
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
SAST	🟢 7	SAST tool is not run on all commits -- score normalized to 7

gomod/github.com/go-openapi/swag/conv

0.26.0

🟢 8.2

Details

Check	Score	Reason
Code-Review	⚠️ 0	Found 0/13 approved changesets -- score normalized to 0
Maintained	🟢 10	23 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Security-Policy	🟢 10	security policy file detected
Packaging	⚠️ -1	packaging workflow not detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Token-Permissions	🟢 10	GitHub workflow tokens follow principle of least privilege
Pinned-Dependencies	🟢 10	all dependencies are pinned
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Fuzzing	🟢 10	project is fuzzed
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
SAST	🟢 7	SAST tool is not run on all commits -- score normalized to 7

gomod/github.com/go-openapi/swag/jsonname

0.26.0

🟢 8.2

Details

Check	Score	Reason
Code-Review	⚠️ 0	Found 0/13 approved changesets -- score normalized to 0
Maintained	🟢 10	23 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Security-Policy	🟢 10	security policy file detected
Packaging	⚠️ -1	packaging workflow not detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Token-Permissions	🟢 10	GitHub workflow tokens follow principle of least privilege
Pinned-Dependencies	🟢 10	all dependencies are pinned
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Fuzzing	🟢 10	project is fuzzed
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
SAST	🟢 7	SAST tool is not run on all commits -- score normalized to 7

gomod/github.com/go-openapi/swag/jsonutils

0.26.0

🟢 8.2

Details

Check	Score	Reason
Code-Review	⚠️ 0	Found 0/13 approved changesets -- score normalized to 0
Maintained	🟢 10	23 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Security-Policy	🟢 10	security policy file detected
Packaging	⚠️ -1	packaging workflow not detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Token-Permissions	🟢 10	GitHub workflow tokens follow principle of least privilege
Pinned-Dependencies	🟢 10	all dependencies are pinned
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Fuzzing	🟢 10	project is fuzzed
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
SAST	🟢 7	SAST tool is not run on all commits -- score normalized to 7

gomod/github.com/go-openapi/swag/loading

0.26.0

🟢 8.2

Details

Check	Score	Reason
Code-Review	⚠️ 0	Found 0/13 approved changesets -- score normalized to 0
Maintained	🟢 10	23 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Security-Policy	🟢 10	security policy file detected
Packaging	⚠️ -1	packaging workflow not detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Token-Permissions	🟢 10	GitHub workflow tokens follow principle of least privilege
Pinned-Dependencies	🟢 10	all dependencies are pinned
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Fuzzing	🟢 10	project is fuzzed
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
SAST	🟢 7	SAST tool is not run on all commits -- score normalized to 7

gomod/github.com/go-openapi/swag/stringutils

0.26.0

🟢 8.2

Details

Check	Score	Reason
Code-Review	⚠️ 0	Found 0/13 approved changesets -- score normalized to 0
Maintained	🟢 10	23 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Security-Policy	🟢 10	security policy file detected
Packaging	⚠️ -1	packaging workflow not detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Token-Permissions	🟢 10	GitHub workflow tokens follow principle of least privilege
Pinned-Dependencies	🟢 10	all dependencies are pinned
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Fuzzing	🟢 10	project is fuzzed
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
SAST	🟢 7	SAST tool is not run on all commits -- score normalized to 7

gomod/github.com/go-openapi/swag/typeutils

0.26.0

🟢 8.2

Details

Check	Score	Reason
Code-Review	⚠️ 0	Found 0/13 approved changesets -- score normalized to 0
Maintained	🟢 10	23 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Security-Policy	🟢 10	security policy file detected
Packaging	⚠️ -1	packaging workflow not detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Token-Permissions	🟢 10	GitHub workflow tokens follow principle of least privilege
Pinned-Dependencies	🟢 10	all dependencies are pinned
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Fuzzing	🟢 10	project is fuzzed
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
SAST	🟢 7	SAST tool is not run on all commits -- score normalized to 7

gomod/github.com/go-openapi/swag/yamlutils

0.26.0

🟢 8.2

Details

Check	Score	Reason
Code-Review	⚠️ 0	Found 0/13 approved changesets -- score normalized to 0
Maintained	🟢 10	23 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Security-Policy	🟢 10	security policy file detected
Packaging	⚠️ -1	packaging workflow not detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Token-Permissions	🟢 10	GitHub workflow tokens follow principle of least privilege
Pinned-Dependencies	🟢 10	all dependencies are pinned
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Fuzzing	🟢 10	project is fuzzed
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
SAST	🟢 7	SAST tool is not run on all commits -- score normalized to 7

gomod/github.com/jackc/pgx/v5

5.9.2

Unknown

gomod/github.com/mattn/go-isatty

0.0.21

Unknown

gomod/github.com/mattn/go-sqlite3

1.14.42

Unknown

gomod/github.com/moby/moby/api

1.54.1

Unknown

gomod/github.com/moby/moby/client

0.4.0

Unknown

gomod/github.com/testcontainers/testcontainers-go

0.42.0

Unknown

gomod/go.mongodb.org/mongo-driver/v2

2.5.1

🟢 7.8

Details

Check	Score	Reason
Code-Review	🟢 8	Found 8/10 approved changesets -- score normalized to 8
Maintained	🟢 10	30 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Packaging	⚠️ -1	packaging workflow not detected
Dependency-Update-Tool	🟢 10	update tool detected
Security-Policy	🟢 10	security policy file detected
Token-Permissions	🟢 10	GitHub workflow tokens follow principle of least privilege
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	🟢 8	dependency not pinned by hash detected -- score normalized to 8
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Signed-Releases	⚠️ 0	Project has not signed or included provenance with any releases.
Vulnerabilities	🟢 3	7 existing vulnerabilities detected
SAST	🟢 10	SAST tool is run on all commits
Fuzzing	🟢 10	project is fuzzed
Branch-Protection	🟢 4	branch protection is not maximal on development and all release branches
CI-Tests	🟢 10	22 out of 22 merged PRs checked by a CI test -- score normalized to 10
Contributors	🟢 10	project has 25 contributing companies or organizations

gomod/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp

0.68.0

🟢 8.7

Details

Check	Score	Reason
Code-Review	🟢 8	Found 5/6 approved changesets -- score normalized to 8
Dependency-Update-Tool	🟢 10	update tool detected
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Maintained	🟢 10	30 commit(s) and 12 issue activity found in the last 90 days -- score normalized to 10
Binary-Artifacts	🟢 10	no binaries found in the repo
Token-Permissions	🟢 10	GitHub workflow tokens follow principle of least privilege
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Fuzzing	🟢 10	project is fuzzed
Signed-Releases	🟢 8	4 out of the last 4 releases have a total of 4 signed artifacts.
SAST	🟢 10	SAST tool is run on all commits
Pinned-Dependencies	🟢 4	dependency not pinned by hash detected -- score normalized to 4
License	🟢 10	license file detected
Branch-Protection	🟢 4	branch protection is not maximal on development and all release branches
Security-Policy	🟢 10	security policy file detected
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
CI-Tests	🟢 10	29 out of 29 merged PRs checked by a CI test -- score normalized to 10
Contributors	🟢 10	project has 39 contributing companies or organizations

gomod/golang.org/x/arch

0.26.0

Unknown

gomod/golang.org/x/crypto

0.50.0

Unknown

gomod/golang.org/x/mod

0.35.0

Unknown

gomod/golang.org/x/net

0.53.0

Unknown

gomod/golang.org/x/sys

0.43.0

Unknown

gomod/golang.org/x/text

0.36.0

Unknown

gomod/golang.org/x/tools

0.44.0

Unknown

Scanned Files

go.mod

github-actions · 2026-04-20T04:12:38Z

Conventional Commits Report

😢 No conventional commits found.

👉 Learn more about the conventional commits usage at Greenbone.

codecov · 2026-04-20T04:13:42Z

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 94.04%. Comparing base (efc872f) to head (bdd2da3).
⚠️ Report is 4 commits behind head on main.

Additional details and impacted files

@@             Coverage Diff             @@
##             main     #307       +/-   ##
===========================================
+ Coverage   56.59%   94.04%   +37.45%     
===========================================
  Files          71        5       -66     
  Lines        4006      504     -3502     
===========================================
- Hits         2267      474     -1793     
+ Misses       1543       20     -1523     
+ Partials      196       10      -186

Flag	Coverage Δ
opensearch-tests	`95.68% <ø> (ø)`
postgres-tests	`92.03% <ø> (ø)`
unit-tests	`?`

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

dependabot · 2026-04-20T17:08:23Z

Looks like these dependencies are updatable in another way, so this is no longer needed.

dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Apr 20, 2026

dependabot bot requested a review from a team as a code owner April 20, 2026 04:12

dependabot bot added the dependencies Pull requests that update a dependency file label Apr 20, 2026

dependabot bot requested a review from a team as a code owner April 20, 2026 04:12

dependabot bot added the go Pull requests that update Go code label Apr 20, 2026

dependabot bot closed this Apr 20, 2026

dependabot bot deleted the dependabot/go_modules/go-dev-dependencies-d5923375ce branch April 20, 2026 17:08

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

build(deps): bump the go-dev-dependencies group across 1 directory with 22 updates#307

build(deps): bump the go-dev-dependencies group across 1 directory with 22 updates#307
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/go_modules/go-dev-dependencies-d5923375ce

dependabot bot commented on behalf of github Apr 20, 2026 •

edited

Loading

Uh oh!

github-actions bot commented Apr 20, 2026

Uh oh!

github-actions bot commented Apr 20, 2026

Uh oh!

codecov bot commented Apr 20, 2026 •

edited

Loading

Uh oh!

dependabot bot commented on behalf of github Apr 20, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot bot commented on behalf of github Apr 20, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

v0.42.0

What's Changed

⚠️ Breaking Changes

🔒 Security

🐛 Bug Fixes

🧹 Housekeeping

📦 Dependency updates

v0.23.1

0.23.1 - 2026-04-18

Fixed bugs

Documentation

Updates

People who contributed to this release

v0.23.0

0.23.0 - 2026-04-15

v0.26.0

0.26.0 - 2026-04-15

Implemented enhancements

Documentation

Code quality

Miscellaneous tasks

Updates

People who contributed to this release

v0.26.0

0.26.0 - 2026-04-15

Implemented enhancements

Documentation

Code quality

Miscellaneous tasks

Updates

People who contributed to this release

v0.26.0

0.26.0 - 2026-04-15

Implemented enhancements

Documentation

Code quality

Miscellaneous tasks

Updates

People who contributed to this release

v0.26.0

0.26.0 - 2026-04-15

Implemented enhancements

Documentation

Code quality

Miscellaneous tasks

Updates

People who contributed to this release

v0.26.0

0.26.0 - 2026-04-15

Implemented enhancements

Documentation

Code quality

Miscellaneous tasks

Updates

People who contributed to this release

v0.26.0

0.26.0 - 2026-04-15

Implemented enhancements

Documentation

Code quality

Miscellaneous tasks

Updates

Uh oh!

github-actions bot commented Apr 20, 2026

Dependency Review

Snapshot Warnings

License Issues

go.mod

OpenSSF Scorecard

Scanned Files

Uh oh!

github-actions bot commented Apr 20, 2026

Conventional Commits Report

Uh oh!

codecov bot commented Apr 20, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Codecov Report

dependabot bot commented on behalf of github Apr 20, 2026 •

edited

Loading

codecov bot commented Apr 20, 2026 •

edited

Loading