deps: bump the all-go-minor-and-patch group across 1 directory with 23 updates by dependabot[bot] · Pull Request #4318 · Azure/azure-container-networking

dependabot · 2026-04-05T12:05:00Z

Bumps the all-go-minor-and-patch group with 17 updates in the / directory:

Package	From	To
github.com/Azure/azure-sdk-for-go/sdk/azcore	`1.19.1`	`1.21.0`
github.com/Azure/azure-sdk-for-go/sdk/azidentity	`1.13.0`	`1.13.1`
github.com/Microsoft/hcsshim	`0.13.0`	`0.14.0`
github.com/hashicorp/go-version	`1.7.0`	`1.9.0`
github.com/spf13/cobra	`1.10.1`	`1.10.2`
go.uber.org/zap	`1.27.0`	`1.27.1`
golang.org/x/sys	`0.40.0`	`0.42.0`
google.golang.org/grpc	`1.79.3`	`1.80.0`
k8s.io/klog/v2	`2.130.1`	`2.140.0`
github.com/labstack/echo/v4	`4.13.4`	`4.15.1`
github.com/prometheus/common	`0.67.1`	`0.67.5`
github.com/sirupsen/logrus	`1.9.3`	`1.9.4`
golang.org/x/time	`0.14.0`	`0.15.0`
github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v4	`4.7.0-beta.1`	`4.9.0-beta.1`
github.com/cilium/cilium	`1.17.14`	`1.19.2`
golang.org/x/sync	`0.19.0`	`0.20.0`
k8s.io/kubelet	`0.34.1`	`0.35.3`

Updates github.com/Azure/azure-sdk-for-go/sdk/azcore from 1.19.1 to 1.21.0

Release notes

Sourced from github.com/Azure/azure-sdk-for-go/sdk/azcore's releases.

sdk/azcore/v1.21.0

1.21.0 (2026-01-12)

Features Added

Added runtime/datetime package which provides specialized time type wrappers for serializing and deserializing time values in various formats used by Azure services.

Other Changes

Aligned cloud.AzureGovernment and cloud.AzureChina audience values with Azure CLI

Commits

f6309d4 Prep azcore@v1.21.0 for release (#25864)
d0a9819 Update SDK generation as completed when SDK pull request is linked to release...
aba8672 Configurations: 'specification/resourceconnector/resource-manager/Microsoft....
481e4ab Add some missing methods to the types in datetime (#25826)
35d6071 Skip unsafeptr check for storage SDKs (#25856)
5d68f66 add code (#25837)
944cd8d add code (#25836)
1191825 [Regeneration]sdk/resourcemanager/quota/armquota (#25835)
e1a9bfd add code (#25838)
1de7ac7 [Automation] Regenerate SDK based on typespec-go branch main (#25729)
Additional commits viewable in compare view

Updates github.com/Azure/azure-sdk-for-go/sdk/azidentity from 1.13.0 to 1.13.1

Commits

6bb9b03 azidentity v1.13.1 (#25574)
e18dbd7 Increment package version after release of azidentity (#25367)
4f0facc Prepare azidentity v1.13.0 for release (#25352)
2d8c98b Selecting ManagedIdentityCredential disables DefaultAzureCredential's IMDS pr...
67dd4fc Increment package version after release of azidentity (#25263)
1a74bc8 Prepare azidentity v1.12.0 for release (#25231)
839a355 Test IMDS managed identity with a remote VM (#25237)
c352be3 Sync eng/common directory with azure-sdk-tools for PR 11931 (#25243)
c994eca gofmt (#25234)
9c95d95 [Release] sdk/resourcemanager/computefleet/armcomputefleet/2.0.0-beta.1 gener...
Additional commits viewable in compare view

Updates github.com/Microsoft/hcsshim from 0.13.0 to 0.14.0

Release notes

Sourced from github.com/Microsoft/hcsshim's releases.

v0.14.0

This is a non-rc v0.14.0 release, which is the same as https://github.com/microsoft/hcsshim/releases/tag/v0.14.0-rc.1

What's Changed

Use multi-error for annotation processing by @helsaawy in microsoft/hcsshim#2419

Add rootfs.exe tool to merge tar image layers by @helsaawy in microsoft/hcsshim#2424

Support for querying disks based on LUN by @ambarve in microsoft/hcsshim#2421

Tool for extracting UtilityVM files from a container layer into a CIM by @ambarve in microsoft/hcsshim#2423

Add uvm:// mount support for LCOW by @helsaawy in microsoft/hcsshim#2430

Bump google.golang.org/grpc from 1.69.0 to 1.72.1 in /test by @dependabot[bot] in microsoft/hcsshim#2432

Bump golang.org/x/sync from 0.13.0 to 0.14.0 in /test by @dependabot[bot] in microsoft/hcsshim#2433

Store extraction error for LazyImageLayers by @helsaawy in microsoft/hcsshim#2429

Switch to golangci-lint v2 by @helsaawy in microsoft/hcsshim#2440

SecurityPolicy: Add leading and trailing checks for env variables by @MahatiC in microsoft/hcsshim#2431

Trim LCOW GetProperties response by @helsaawy in microsoft/hcsshim#2458

Swap EvalSymlinks with ResolvePath by @helsaawy in microsoft/hcsshim#2455

Bug: when searching for LinuxBootFiles by @helsaawy in microsoft/hcsshim#2454

Organize annotations; change annotation expansions by @helsaawy in microsoft/hcsshim#2449

Omnibus dependabot update by @helsaawy in microsoft/hcsshim#2442

lcow: disable virtio-vsock init by @anmaxvl in microsoft/hcsshim#2461

Initial support for verified CIMs by @ambarve in microsoft/hcsshim#2448

Move hcsshim/main to containerd v2.1.2 and update CIs to WS2025 by @kiashok in microsoft/hcsshim#2425

Validate runhcs sandbox isolation and platform by @helsaawy in microsoft/hcsshim#2473

log mkfs.ext4 stderr output by @anmaxvl in microsoft/hcsshim#2474

Bump golang.org/x/sys from 0.33.0 to 0.34.0 in /test by @dependabot[bot] in microsoft/hcsshim#2480

Remove WS2025 from CIs by @kiashok in microsoft/hcsshim#2483

Gcs sidecar framework by @kiashok in microsoft/hcsshim#2422

Support for importing verified block CIM layers by @ambarve in microsoft/hcsshim#2456

Warn on incomplete vNUMA setting, clarify field names by @helsaawy in microsoft/hcsshim#2466

Fix CUDA for non-privileged containers by @helsaawy in microsoft/hcsshim#2492

fixes to uvmboot by @ambarve in microsoft/hcsshim#2494

Bump actions/checkout from 4 to 5 by @dependabot[bot] in microsoft/hcsshim#2499

Full Changelog: microsoft/hcsshim@v0.13.0...v0.14.0

v0.14.0-rc.1

What's Changed

Use multi-error for annotation processing by @helsaawy in microsoft/hcsshim#2419

Add rootfs.exe tool to merge tar image layers by @helsaawy in microsoft/hcsshim#2424

Support for querying disks based on LUN by @ambarve in microsoft/hcsshim#2421

Tool for extracting UtilityVM files from a container layer into a CIM by @ambarve in microsoft/hcsshim#2423

Add uvm:// mount support for LCOW by @helsaawy in microsoft/hcsshim#2430

Bump google.golang.org/grpc from 1.69.0 to 1.72.1 in /test by @dependabot[bot] in microsoft/hcsshim#2432

Bump golang.org/x/sync from 0.13.0 to 0.14.0 in /test by @dependabot[bot] in microsoft/hcsshim#2433

Store extraction error for LazyImageLayers by @helsaawy in microsoft/hcsshim#2429

Switch to golangci-lint v2 by @helsaawy in microsoft/hcsshim#2440

SecurityPolicy: Add leading and trailing checks for env variables by @MahatiC in microsoft/hcsshim#2431

Trim LCOW GetProperties response by @helsaawy in microsoft/hcsshim#2458

Swap EvalSymlinks with ResolvePath by @helsaawy in microsoft/hcsshim#2455

... (truncated)

Commits

59e0e2f Bump actions/checkout from 4 to 5 (#2499)
a776109 Fix console size bug
0366cb2 Add default allow all policy to uvmboot
144c633 Fix CUDA for non-privileged containers (#2492)
0842153 Warn on incomplete vNUMA setting, clarify field names (#2466)
1ee5fce Merge pull request #2456 from ambarve/hyperv_bcims
a2229bf Make a common utility function for appending VHD footer
e7200e8 Support for importing block CIM layers
dde229d Support creating verified UVM CIMs
b8f90a0 Merge pull request #2422 from kiashok/gcs-sidecar-framework
Additional commits viewable in compare view

Updates github.com/hashicorp/go-version from 1.7.0 to 1.9.0

Release notes

Sourced from github.com/hashicorp/go-version's releases.

v1.9.0

What's Changed

Enhancements

Add support for prefix of any character by @brondum in hashicorp/go-version#79

Internal

Update CHANGELOG for version 1.8.0 enhancements by @sonamtenzin2 in hashicorp/go-version#178

Bump the github-actions-backward-compatible group across 1 directory with 2 updates by @dependabot[bot] in hashicorp/go-version#179

Bump the github-actions-breaking group with 4 updates by @dependabot[bot] in hashicorp/go-version#180

Bump the github-actions-backward-compatible group with 3 updates by @dependabot[bot] in hashicorp/go-version#182

Update GitHub Actions to trigger on pull requests and update go version by @ssagarverma in hashicorp/go-version#185

Bump actions/upload-artifact from 6.0.0 to 7.0.0 in the github-actions-breaking group across 1 directory by @dependabot[bot] in hashicorp/go-version#183

Bump the github-actions-backward-compatible group across 1 directory with 2 updates by @dependabot[bot] in hashicorp/go-version#186

New Contributors

@sonamtenzin2 made their first contribution in hashicorp/go-version#178

@brondum made their first contribution in hashicorp/go-version#79

@ssagarverma made their first contribution in hashicorp/go-version#185

Full Changelog: hashicorp/go-version@v1.8.0...v1.9.0

v1.8.0

What's Changed

Add CODEOWNERS file in .github/CODEOWNERS by @mukeshjc in hashicorp/go-version#145

Linting by @KaushikiAnand in hashicorp/go-version#151

Correct typos in comments by @alexandear in hashicorp/go-version#134

Migrate GitHub Actions updates from TSCCR to Dependabot by @nodyhub in hashicorp/go-version#155

Bump the github-actions-backward-compatible group with 2 updates by @dependabot[bot] in hashicorp/go-version#157

Update doc reference in README by @alexandear in hashicorp/go-version#135

Bump the github-actions-breaking group with 3 updates by @dependabot[bot] in hashicorp/go-version#156

[Compliance] - PR Template Changes Required by @compliance-pr-automation-bot[bot] in hashicorp/go-version#158

Add benchmark test for version.String() by @Manikkumar1988 in hashicorp/go-version#159

Bytes implementation by @Manikkumar1988 in hashicorp/go-version#161

Bump actions/cache from 4.2.3 to 4.2.4 in the github-actions-backward-compatible group by @dependabot[bot] in hashicorp/go-version#167

Bump actions/checkout from 4.2.2 to 5.0.0 in the github-actions-breaking group by @dependabot[bot] in hashicorp/go-version#166

Bump the github-actions-breaking group across 1 directory with 2 updates by @dependabot[bot] in hashicorp/go-version#171

[IND-4226] [COMPLIANCE] Update Copyright Headers by @oss-core-libraries-dashboard[bot] in hashicorp/go-version#172

drop init() by @florianl in hashicorp/go-version#175

New Contributors

@mukeshjc made their first contribution in hashicorp/go-version#145

@KaushikiAnand made their first contribution in hashicorp/go-version#151

@alexandear made their first contribution in hashicorp/go-version#134

@nodyhub made their first contribution in hashicorp/go-version#155

@compliance-pr-automation-bot[bot] made their first contribution in hashicorp/go-version#158

@Manikkumar1988 made their first contribution in hashicorp/go-version#159

@oss-core-libraries-dashboard[bot] made their first contribution in hashicorp/go-version#172

@florianl made their first contribution in hashicorp/go-version#175

Full Changelog: hashicorp/go-version@v1.7.0...v1.8.0

Changelog

Sourced from github.com/hashicorp/go-version's changelog.

1.9.0 (Mar 30, 2026)

ENHANCEMENTS:

Support parsing versions with custom prefixes via opt-in option in hashicorp/go-version#79

INTERNAL:

Bump the github-actions-backward-compatible group across 1 directory with 2 updates in hashicorp/go-version#179

Bump the github-actions-breaking group with 4 updates in hashicorp/go-version#180

Bump the github-actions-backward-compatible group with 3 updates in hashicorp/go-version#182

Update GitHub Actions to trigger on pull requests and update go version in hashicorp/go-version#185

Bump actions/upload-artifact from 6.0.0 to 7.0.0 in the github-actions-breaking group across 1 directory in hashicorp/go-version#183

Bump the github-actions-backward-compatible group across 1 directory with 2 updates in hashicorp/go-version#186

1.8.0 (Nov 28, 2025)

ENHANCEMENTS:

Add benchmark test for version.String() in hashicorp/go-version#159

Bytes implementation in hashicorp/go-version#161

INTERNAL:

Add CODEOWNERS file in .github/CODEOWNERS in hashicorp/go-version#145

Linting in hashicorp/go-version#151

Correct typos in comments in hashicorp/go-version#134

Migrate GitHub Actions updates from TSCCR to Dependabot in hashicorp/go-version#155

Bump the github-actions-backward-compatible group with 2 updates in hashicorp/go-version#157

Update doc reference in README in hashicorp/go-version#135

Bump the github-actions-breaking group with 3 updates in hashicorp/go-version#156

[Compliance] - PR Template Changes Required in hashicorp/go-version#158

Bump actions/cache from 4.2.3 to 4.2.4 in the github-actions-backward-compatible group in hashicorp/go-version#167

Bump actions/checkout from 4.2.2 to 5.0.0 in the github-actions-breaking group in hashicorp/go-version#166

Bump the github-actions-breaking group across 1 directory with 2 updates in hashicorp/go-version#171

[IND-4226] [COMPLIANCE] Update Copyright Headers in hashicorp/go-version#172

drop init() in hashicorp/go-version#175

Commits

b80b1e6 Update CHANGELOG for version 1.9.0 (#187)
e93736f Bump the github-actions-backward-compatible group across 1 directory with 2 u...
c009de0 Bump actions/upload-artifact from 6.0.0 to 7.0.0 in the github-actions-breaki...
0474357 Update GitHub Actions to trigger on pull requests and update go version (#185)
b4ab5fc Support parsing versions with custom prefixes via opt-in option (#79)
25c683b Merge pull request #182 from hashicorp/dependabot/github_actions/github-actio...
4f2bcd8 Bump the github-actions-backward-compatible group with 3 updates
acb8b18 Merge pull request #180 from hashicorp/dependabot/github_actions/github-actio...
0394c4f Merge pull request #179 from hashicorp/dependabot/github_actions/github-actio...
b2fbaa7 Bump the github-actions-backward-compatible group across 1 directory with 2 u...
Additional commits viewable in compare view

Updates github.com/spf13/cobra from 1.10.1 to 1.10.2

Release notes

Sourced from github.com/spf13/cobra's releases.

v1.10.2

🔧 Dependencies

chore: Migrate from gopkg.in/yaml.v3 to go.yaml.in/yaml/v3 by @dims in spf13/cobra#2336 - the gopkg.in/yaml.v3 package has been deprecated for some time: this should significantly cleanup dependency/supply-chains for consumers of spf13/cobra

📈 CI/CD

Fix linter and allow CI to pass by @marckhouzam in spf13/cobra#2327

fix: actions/setup-go v6 by @jpmcb in spf13/cobra#2337

🔥✍🏼 Docs

Add documentation for repeated flags functionality by @rvergis in spf13/cobra#2316

🍂 Refactors

refactor: replace several vars with consts by @htoyoda18 in spf13/cobra#2328

refactor: change minUsagePadding from var to const by @ssam18 in spf13/cobra#2325

🤗 New Contributors

@rvergis made their first contribution in spf13/cobra#2316

@htoyoda18 made their first contribution in spf13/cobra#2328

@ssam18 made their first contribution in spf13/cobra#2325

@dims made their first contribution in spf13/cobra#2336

Full Changelog: spf13/cobra@v1.10.1...v1.10.2

Thank you to our amazing contributors!!!!! 🐍 🚀

Commits

88b30ab chore: Migrate from gopkg.in/yaml.v3 to go.yaml.in/yaml/v3 (#2336)
346d408 fix: actions/setup-go v6 (#2337)
fc81d20 refactor: change minUsagePadding from var to const (#2325)
117698a refactor: replace several vars with consts (#2328)
e2dd29d Add documentation for repeated flags functionality (#2316)
0629892 Fix linter (#2327)
See full diff in compare view

Updates go.uber.org/zap from 1.27.0 to 1.27.1

Release notes

Sourced from go.uber.org/zap's releases.

v1.27.1

Enhancements:

#1501[]: prevent Object from panicking on nils

#1511[]: Fix a race condition in WithLazy.

Thanks to @rabbbit, @alshopov, @jquirke, @arukiidou for their contributions to this release.

#1501: uber-go/zap#1501 #1511: uber-go/zap#1511

Changelog

Sourced from go.uber.org/zap's changelog.

1.27.1 (19 Nov 2025)

Enhancements:

#1501[]: prevent Object from panicking on nils

#1511[]: Fix a race condition in WithLazy.

Thanks to @rabbbit, @alshopov, @jquirke, @arukiidou for their contributions to this release.

#1501: uber-go/zap#1501 #1511: uber-go/zap#1511

Commits

7b755a3 release 1.27.1 (#1521)
d6b395b Update lazy logger not to materialize unless it's being written to (#1519)
4b9cea0 ci: Test with Go 1.24, Go 1.25 (#1508)
7c80d7b Fix race condition in WithLazy implementation (#1426) (#1511)
07077a6 Prevent zap.Object from panicing on nils (#1501)
a6afd05 Fix lint check name (#1502)
6d48253 chore: fix typo (#1482)
32f2ec1 Fix the field test for bool type (#1480)
fe16eb5 Upgrade grpc in zapgrc test package & bump go version (#1478)
5f00c34 test(AtomicLevel): demonstrate Handler is not vulnerable to XSS (#1477)
Additional commits viewable in compare view

Updates golang.org/x/exp from 0.0.0-20240808152545-0cdaa3abc0fa to 0.0.0-20241108190413-2d47ceb2692f

Commits

See full diff in compare view

Updates golang.org/x/sys from 0.40.0 to 0.42.0

Commits

eaaaaee windows/registry: correct KeyInfo.ModTime calculation
942780b cpu: darwin/arm64 feature detection
acef388 unix/linux: Prefixmsg and PrefixCacheinfo structs
3687fbd cpu: better defaults on darwin ARM64
48062e9 plan9: change Note to alias syscall.Note
4f23f80 windows: change Signal to alias syscall.Signal
7548802 all: upgrade go directive to at least 1.25.0 [generated]
fc646e4 cpu: use IsProcessorFeaturePresent to calculate ARM64 on windows
f11c7bb windows: add IsProcessorFeaturePresent and processor feature consts
d25a7aa unix: add IoctlSetString on all platforms
Additional commits viewable in compare view

Updates google.golang.org/grpc from 1.79.3 to 1.80.0

Release notes

Sourced from google.golang.org/grpc's releases.

Release 1.80.0

Behavior Changes

balancer: log a warning if a balancer is registered with uppercase letters, as balancer names should be lowercase. In a future release, balancer names will be treated as case-insensitive; see #5288 for details. (#8837)

xds: update resource error handling and re-resolution logic (#8907)

Re-resolve all LOGICAL_DNS clusters simultaneously when re-resolution is requested.

Fail all in-flight RPCs immediately upon receipt of listener or route resource errors, instead of allowing them to complete.

Bug Fixes

xds: support the LB policy configured in LOGICAL_DNS cluster resources instead of defaulting to pick_first. (#8733)

credentials/tls: perform per-RPC authority validation against the leaf certificate instead of the entire peer certificate chain. (#8831)

xds: enabling A76 ring hash endpoint keys no longer causes EDS resources with invalid proxy metadata to be NACKed when HTTP CONNECT (gRFC A86) is disabled. (#8875)

xds: validate that the sum of endpoint weights in a locality does not exceed the maximum uint32 value. (#8899)

Special Thanks: @RAVEYUS

xds: fix incorrect proto field access in the weighted round robin (WRR) configuration where blackout_period was used instead of weight_expiration_period. (#8915)

Special Thanks: @gregbarasch

xds/rbac: handle addresses with ports in IP matchers. (#8990)

New Features

ringhash: enable gRFC A76 (endpoint hash keys and request hash headers) by default. (#8922)

Performance Improvements

credentials/alts: pool write buffers to reduce memory allocations and usage. (#8919)

grpc: enable the use of pooled write buffers for buffering HTTP/2 frame writes by default. This reduces memory usage when connections are idle. Use the WithSharedWriteBuffer dial option or the SharedWriteBuffer server option to disable this feature. (#8957)

xds/priority: stop caching child LB policies removed from the configuration. This will help reduce memory and cpu usage when localities are constantly switching between priorities. (#8997)

mem: add a faster tiered buffer pool; use the experimental mem.NewBinaryTieredBufferPool function to create such pools. (#8775)

Commits

397e45e Change version to 1.80.0 (#8948)
64ebf0a Cherry-pick #8997 to v1.80.x (#9027)
e45ed24 xds/rbac: add additional handling for addresses with ports (#8990) (#9022)
c78d26e Cherry-pick #8957 to v1.80.x (#9007)
bd7cd3c grpc: enforce strict path checking for incoming requests on the server (#8987)
b6597b3 xds/clusterimpl: use xdsConfig for updates and remove redundant fields from L...
1d4fa8a xds: change cdsbalancer to use update from dependency manager (#8907)
8f47d36 attributes: Replace internal map with linked list (#8933)
22e1ee8 xds: add panic recovery in xdsclient resource unmarshalling. (#8895)
7136e99 credentials/alts: Pool write buffers (#8919)
Additional commits viewable in compare view

Updates google.golang.org/protobuf from 1.36.10 to 1.36.11

Updates k8s.io/klog/v2 from 2.130.1 to 2.140.0

Release notes

Sourced from k8s.io/klog/v2's releases.

Prepare klog release for Kubernetes v1.36

What's Changed

Add dependabot by @lucacome in kubernetes/klog#410

Use strconv.AppendQuote instead of strconv.Quote for message formatting by @astef in kubernetes/klog#413

de-duplication of key/value pairs by @pohly in kubernetes/klog#415

Fix: Ensure constant format strings in fmt and printf calls by @mikelolasagasti in kubernetes/klog#417

Remove old note on Go version requirements by @guettli in kubernetes/klog#425

test with 1.24 and 1.25 by @pohly in kubernetes/klog#428

ktesting: fix vmodule support by @pohly in kubernetes/klog#431

ktesting: support multi-line result from AnyToStringHook by @pohly in kubernetes/klog#433

textlogger: optionally turn off header by @pohly in kubernetes/klog#430

feat: fix stderrthreshold not honored when logtostderr is set (#212) + two new flags by @pierluigilenoci in kubernetes/klog#432

New Contributors

@lucacome made their first contribution in kubernetes/klog#410

@astef made their first contribution in kubernetes/klog#413

@mikelolasagasti made their first contribution in kubernetes/klog#417

@guettli made their first contribution in kubernetes/klog#425

@pierluigilenoci made their first contribution in kubernetes/klog#432

Full Changelog: kubernetes/klog@v2.130.1...v2.140.0

Commits

ef4b370 Merge pull request #432 from pierluigilenoci/fix/stderr-threshold-issue-212
39c4c76 refactor: address code review feedback from @pohly
764a9a3 Merge pull request #430 from pohly/textlogger-optional-header
015c613 Update stderr_threshold_test.go
2f517bd Update klog.go
36bc4ff textlogger: optionally turn off header
5f1f303 Merge pull request #433 from pohly/textlogger-hook-result
c469d41 Merge pull request #431 from pohly/ktesting-vmodule-fix
8509d6a ktesting: support multi-line result from AnyToStringHook
08e6e8b Fix stderrthreshold not honored when logtostderr is set
Additional commits viewable in compare view

Updates github.com/labstack/echo/v4 from 4.13.4 to 4.15.1

Release notes

Sourced from github.com/labstack/echo/v4's releases.

v4.15.0

Security

WARNING: If your application relies on cross-origin or same-site (same subdomain) requests do not blindly push this version to production

The CSRF middleware now supports the Sec-Fetch-Site header as a modern, defense-in-depth approach to CSRF protection, implementing the OWASP-recommended Fetch Metadata API alongside the traditional token-based mechanism.

How it works:

Modern browsers automatically send the Sec-Fetch-Site header with all requests, indicating the relationship between the request origin and the target. The middleware uses this to make security decisions:

same-origin or none: Requests are allowed (exact origin match or direct user navigation)

same-site: Falls back to token validation (e.g., subdomain to main domain)

cross-site: Blocked by default with 403 error for unsafe methods (POST, PUT, DELETE, PATCH)

For browsers that don't send this header (older browsers), the middleware seamlessly falls back to traditional token-based CSRF protection.

New Configuration Options:

TrustedOrigins []string: Allowlist specific origins for cross-site requests (useful for OAuth callbacks, webhooks)

AllowSecFetchSiteFunc func(echo.Context) (bool, error): Custom logic for same-site/cross-site request validation

Example:
e.Use(middleware.CSRFWithConfig(middleware.CSRFConfig{
    // Allow OAuth callbacks from trusted provider
    TrustedOrigins: []string{"https://oauth-provider.com"},
// Custom validation for same-site requests
AllowSecFetchSiteFunc: func(c echo.Context) (bool, error) {
    // Your custom authorization logic here
    return validateCustomAuth(c), nil
    // return true, err  // blocks request with error
    // return true, nil  // allows CSRF request through
    // return false, nil // falls back to legacy token logic
},

}))
PR: labstack/echo#2858

Type-Safe Generic Parameter Binding

Added generic functions for type-safe parameter extraction and context access by @aldas in labstack/echo#2856

Echo now provides generic functions for extracting path, query, and form parameters with automatic type conversion, eliminating manual string parsing and type assertions.

... (truncated)

Changelog

Sourced from github.com/labstack/echo/v4's changelog.

Changelog

v5.1.0 - 2026-03-31

Security

This change does not break the API contract, but it does introduce breaking changes in logic/behavior. If your application is using c.RealIP() beware and read https://echo.labstack.com/docs/ip-address

v4 behavior can be restored with:
e := echo.New()
e.IPExtractor = echo.LegacyIPExtractor()
Remove legacy IP extraction logic from context.RealIP method by @aldas in labstack/echo#2933

Enhancements

Add echo-opentelemetry to the README.md by @aldas in labstack/echo#2908

fix: correct spelling mistakes in comments and field name by @crawfordxx in labstack/echo#2916

Add https://github.com/labstack/echo-prometheus to the middleware list in README.md by @aldas in labstack/echo#2919

Add StartConfig.Listener so server with custom Listener is easier to create by @aldas in labstack/echo#2920

Fix rate limiter documentation for defau...
Description has been truncated

dependabot · 2026-04-05T12:05:01Z

Labels

The following labels could not be found: grouped. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

rbtr · 2026-04-06T15:45:39Z

/azp run Azure Container Networking PR

azure-pipelines · 2026-04-06T15:45:52Z

Azure Pipelines successfully started running 1 pipeline(s).

…3 updates Bumps the all-go-minor-and-patch group with 17 updates in the / directory: | Package | From | To | | --- | --- | --- | | [github.com/Azure/azure-sdk-for-go/sdk/azcore](https://github.com/Azure/azure-sdk-for-go) | `1.19.1` | `1.21.0` | | [github.com/Azure/azure-sdk-for-go/sdk/azidentity](https://github.com/Azure/azure-sdk-for-go) | `1.13.0` | `1.13.1` | | [github.com/Microsoft/hcsshim](https://github.com/Microsoft/hcsshim) | `0.13.0` | `0.14.0` | | [github.com/hashicorp/go-version](https://github.com/hashicorp/go-version) | `1.7.0` | `1.9.0` | | [github.com/spf13/cobra](https://github.com/spf13/cobra) | `1.10.1` | `1.10.2` | | [go.uber.org/zap](https://github.com/uber-go/zap) | `1.27.0` | `1.27.1` | | [golang.org/x/sys](https://github.com/golang/sys) | `0.40.0` | `0.42.0` | | [google.golang.org/grpc](https://github.com/grpc/grpc-go) | `1.79.3` | `1.80.0` | | [k8s.io/klog/v2](https://github.com/kubernetes/klog) | `2.130.1` | `2.140.0` | | [github.com/labstack/echo/v4](https://github.com/labstack/echo) | `4.13.4` | `4.15.1` | | [github.com/prometheus/common](https://github.com/prometheus/common) | `0.67.1` | `0.67.5` | | [github.com/sirupsen/logrus](https://github.com/sirupsen/logrus) | `1.9.3` | `1.9.4` | | [golang.org/x/time](https://github.com/golang/time) | `0.14.0` | `0.15.0` | | [github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v4](https://github.com/Azure/azure-sdk-for-go) | `4.7.0-beta.1` | `4.9.0-beta.1` | | [github.com/cilium/cilium](https://github.com/cilium/cilium) | `1.17.14` | `1.19.2` | | [golang.org/x/sync](https://github.com/golang/sync) | `0.19.0` | `0.20.0` | | [k8s.io/kubelet](https://github.com/kubernetes/kubelet) | `0.34.1` | `0.35.3` | Updates `github.com/Azure/azure-sdk-for-go/sdk/azcore` from 1.19.1 to 1.21.0 - [Release notes](https://github.com/Azure/azure-sdk-for-go/releases) - [Commits](Azure/azure-sdk-for-go@sdk/azcore/v1.19.1...sdk/azcore/v1.21.0) Updates `github.com/Azure/azure-sdk-for-go/sdk/azidentity` from 1.13.0 to 1.13.1 - [Release notes](https://github.com/Azure/azure-sdk-for-go/releases) - [Commits](Azure/azure-sdk-for-go@sdk/azcore/v1.13.0...sdk/azidentity/v1.13.1) Updates `github.com/Microsoft/hcsshim` from 0.13.0 to 0.14.0 - [Release notes](https://github.com/Microsoft/hcsshim/releases) - [Commits](microsoft/hcsshim@v0.13.0...v0.14.0) Updates `github.com/hashicorp/go-version` from 1.7.0 to 1.9.0 - [Release notes](https://github.com/hashicorp/go-version/releases) - [Changelog](https://github.com/hashicorp/go-version/blob/main/CHANGELOG.md) - [Commits](hashicorp/go-version@v1.7.0...v1.9.0) Updates `github.com/spf13/cobra` from 1.10.1 to 1.10.2 - [Release notes](https://github.com/spf13/cobra/releases) - [Commits](spf13/cobra@v1.10.1...v1.10.2) Updates `go.uber.org/zap` from 1.27.0 to 1.27.1 - [Release notes](https://github.com/uber-go/zap/releases) - [Changelog](https://github.com/uber-go/zap/blob/master/CHANGELOG.md) - [Commits](uber-go/zap@v1.27.0...v1.27.1) Updates `golang.org/x/exp` from 0.0.0-20240808152545-0cdaa3abc0fa to 0.0.0-20241108190413-2d47ceb2692f - [Commits](https://github.com/golang/exp/commits) Updates `golang.org/x/sys` from 0.40.0 to 0.42.0 - [Commits](golang/sys@v0.40.0...v0.42.0) Updates `google.golang.org/grpc` from 1.79.3 to 1.80.0 - [Release notes](https://github.com/grpc/grpc-go/releases) - [Commits](grpc/grpc-go@v1.79.3...v1.80.0) Updates `google.golang.org/protobuf` from 1.36.10 to 1.36.11 Updates `k8s.io/klog/v2` from 2.130.1 to 2.140.0 - [Release notes](https://github.com/kubernetes/klog/releases) - [Changelog](https://github.com/kubernetes/klog/blob/main/RELEASE.md) - [Commits](kubernetes/klog@v2.130.1...2.140.0) Updates `github.com/labstack/echo/v4` from 4.13.4 to 4.15.1 - [Release notes](https://github.com/labstack/echo/releases) - [Changelog](https://github.com/labstack/echo/blob/master/CHANGELOG.md) - [Commits](labstack/echo@v4.13.4...v4.15.1) Updates `github.com/prometheus/common` from 0.67.1 to 0.67.5 - [Release notes](https://github.com/prometheus/common/releases) - [Changelog](https://github.com/prometheus/common/blob/main/CHANGELOG.md) - [Commits](prometheus/common@v0.67.1...v0.67.5) Updates `github.com/sirupsen/logrus` from 1.9.3 to 1.9.4 - [Release notes](https://github.com/sirupsen/logrus/releases) - [Changelog](https://github.com/sirupsen/logrus/blob/master/CHANGELOG.md) - [Commits](sirupsen/logrus@v1.9.3...v1.9.4) Updates `golang.org/x/crypto` from 0.46.0 to 0.47.0 - [Commits](golang/crypto@v0.46.0...v0.47.0) Updates `golang.org/x/net` from 0.48.0 to 0.49.0 - [Commits](golang/net@v0.48.0...v0.49.0) Updates `golang.org/x/time` from 0.14.0 to 0.15.0 - [Commits](golang/time@v0.14.0...v0.15.0) Updates `github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v4` from 4.7.0-beta.1 to 4.9.0-beta.1 - [Release notes](https://github.com/Azure/azure-sdk-for-go/releases) - [Commits](Azure/azure-sdk-for-go@sdk/resourcemanager/containerservice/armcontainerservice/v4.7.0-beta.1...sdk/resourcemanager/containerservice/armcontainerservice/v4.9.0-beta.1) Updates `github.com/cilium/cilium` from 1.17.14 to 1.19.2 - [Release notes](https://github.com/cilium/cilium/releases) - [Changelog](https://github.com/cilium/cilium/blob/1.19.2/CHANGELOG.md) - [Commits](cilium/cilium@1.17.14...1.19.2) Updates `github.com/cilium/ebpf` from 0.19.0 to 0.20.1-0.20260218191617-ee67e7f43dd9 - [Release notes](https://github.com/cilium/ebpf/releases) - [Commits](https://github.com/cilium/ebpf/commits) Updates `golang.org/x/sync` from 0.19.0 to 0.20.0 - [Commits](golang/sync@v0.19.0...v0.20.0) Updates `k8s.io/kubectl` from 0.34.1 to 0.35.2 - [Commits](kubernetes/kubectl@v0.34.1...v0.35.2) Updates `k8s.io/kubelet` from 0.34.1 to 0.35.3 - [Commits](kubernetes/kubelet@v0.34.1...v0.35.3) --- updated-dependencies: - dependency-name: github.com/Azure/azure-sdk-for-go/sdk/azcore dependency-version: 1.21.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all-go-minor-and-patch - dependency-name: github.com/Azure/azure-sdk-for-go/sdk/azidentity dependency-version: 1.13.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all-go-minor-and-patch - dependency-name: github.com/Microsoft/hcsshim dependency-version: 0.14.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all-go-minor-and-patch - dependency-name: github.com/hashicorp/go-version dependency-version: 1.9.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all-go-minor-and-patch - dependency-name: github.com/spf13/cobra dependency-version: 1.10.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all-go-minor-and-patch - dependency-name: go.uber.org/zap dependency-version: 1.27.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all-go-minor-and-patch - dependency-name: golang.org/x/exp dependency-version: 0.0.0-20241108190413-2d47ceb2692f dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all-go-minor-and-patch - dependency-name: golang.org/x/sys dependency-version: 0.42.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all-go-minor-and-patch - dependency-name: google.golang.org/grpc dependency-version: 1.80.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all-go-minor-and-patch - dependency-name: google.golang.org/protobuf dependency-version: 1.36.11 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all-go-minor-and-patch - dependency-name: k8s.io/klog/v2 dependency-version: 2.140.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all-go-minor-and-patch - dependency-name: github.com/labstack/echo/v4 dependency-version: 4.15.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all-go-minor-and-patch - dependency-name: github.com/prometheus/common dependency-version: 0.67.5 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all-go-minor-and-patch - dependency-name: github.com/sirupsen/logrus dependency-version: 1.9.4 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all-go-minor-and-patch - dependency-name: golang.org/x/crypto dependency-version: 0.47.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all-go-minor-and-patch - dependency-name: golang.org/x/net dependency-version: 0.49.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all-go-minor-and-patch - dependency-name: golang.org/x/time dependency-version: 0.15.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all-go-minor-and-patch - dependency-name: github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v4 dependency-version: 4.9.0-beta.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all-go-minor-and-patch - dependency-name: github.com/cilium/cilium dependency-version: 1.19.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all-go-minor-and-patch - dependency-name: github.com/cilium/ebpf dependency-version: 0.20.1-0.20260218191617-ee67e7f43dd9 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all-go-minor-and-patch - dependency-name: golang.org/x/sync dependency-version: 0.20.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all-go-minor-and-patch - dependency-name: k8s.io/kubectl dependency-version: 0.35.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all-go-minor-and-patch - dependency-name: k8s.io/kubelet dependency-version: 0.35.3 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all-go-minor-and-patch ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot bot added the dependencies Dependencies only. label Apr 5, 2026

dependabot bot requested a review from a team as a code owner April 5, 2026 12:05

dependabot bot requested a review from isaac-dasan April 5, 2026 12:05

dependabot bot added the dependencies Dependencies only. label Apr 5, 2026

rbtr previously approved these changes Apr 6, 2026

View reviewed changes

rbtr enabled auto-merge April 6, 2026 15:45

dependabot bot dismissed rbtr’s stale review via 733b69b April 12, 2026 12:04

dependabot bot force-pushed the dependabot/go_modules/all-go-minor-and-patch-4ee95b6210 branch from 23faa57 to 733b69b Compare April 12, 2026 12:04

dependabot bot force-pushed the dependabot/go_modules/all-go-minor-and-patch-4ee95b6210 branch from 733b69b to f23dbb3 Compare April 13, 2026 20:24

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

deps: bump the all-go-minor-and-patch group across 1 directory with 23 updates#4318

deps: bump the all-go-minor-and-patch group across 1 directory with 23 updates#4318
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/go_modules/all-go-minor-and-patch-4ee95b6210

dependabot bot commented on behalf of github Apr 5, 2026 •

edited

Loading

Uh oh!

dependabot bot commented on behalf of github Apr 5, 2026

Uh oh!

rbtr commented Apr 6, 2026

Uh oh!

azure-pipelines bot commented Apr 6, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Conversation

dependabot bot commented on behalf of github Apr 5, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

sdk/azcore/v1.21.0

1.21.0 (2026-01-12)

Features Added

Other Changes

v0.14.0

What's Changed

v0.14.0-rc.1

What's Changed

v1.9.0

What's Changed

Enhancements

Internal

New Contributors

v1.8.0

What's Changed

New Contributors

1.9.0 (Mar 30, 2026)

1.8.0 (Nov 28, 2025)

v1.10.2

🔧 Dependencies

📈 CI/CD

🔥✍🏼 Docs

🍂 Refactors

🤗 New Contributors

v1.27.1

1.27.1 (19 Nov 2025)

Release 1.80.0

Behavior Changes

Bug Fixes

New Features

Performance Improvements

Prepare klog release for Kubernetes v1.36

What's Changed

New Contributors

v4.15.0

Changelog

v5.1.0 - 2026-03-31

Uh oh!

dependabot bot commented on behalf of github Apr 5, 2026

Labels

Uh oh!

rbtr commented Apr 6, 2026

Uh oh!

azure-pipelines bot commented Apr 6, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

dependabot bot commented on behalf of github Apr 5, 2026 •

edited

Loading