Release v1.15.0 #831
Merged
Release v1.15.0 #831
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<!-- CURSOR_SUMMARY --> > [!NOTE] > <sup>[Cursor Bugbot](https://cursor.com/dashboard?tab=bugbot) is generating a summary for commit f3dcbbaf2d57d1994fbea826c15ec024a6eb85cb. Configure [here](https://cursor.com/dashboard?tab=bugbot).</sup> <!-- /CURSOR_SUMMARY --> GitOrigin-RevId: 5d8765a97572c28ac2f39360db6dd10a78ceb8c5
https://github.com/user-attachments/assets/753ef158-ff12-48e0-b84f-f974e34ef6de <!-- CURSOR_SUMMARY --> --- > [!NOTE] > Introduces status-aware naming for change timeline entries and centralizes name/label mapping. > > - Adds `GetChangeTimelineEntryNameForStatus` and `GetChangeTimelineEntryLabelFromName` in `sdp-go`, plus in-progress name maps and tests > - Updates timeline entry default names (e.g., `"Map resources"`) and derives in-progress variants (e.g., `"Mapping resources..."`) based on status > - `models.ToSDP` now emits status-adjusted `Name` > - `admin/changes.go` simplifies archive import mapping by using label lookup helper and skipping deprecated entries via empty label > > <sup>Written by [Cursor Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit 45b29a8d31417f5013f0232c61173f12bc27e55d. This will update automatically on new commits. Configure [here](https://cursor.com/dashboard?tab=bugbot).</sup> <!-- /CURSOR_SUMMARY --> GitOrigin-RevId: 03f77c21f707816cb6384295f4e7cc5a56f4e70a
Something fishy is going on here: a load of HandleQuery all timeout at a time that is not related to the ovm.sdp.deadline. Maybe this will give us a clue where that deadline is coming from? <!-- CURSOR_SUMMARY --> --- > [!NOTE] > **Low Risk** > Adds a tracing attribute only; no control-flow, timeout, or query execution behavior changes. > > **Overview** > Adds extra tracing in `Engine.HandleQuery` to record the **actual context deadline** (`ctx.Deadline()`) as `ovm.sdp.ctxDeadline`, alongside the existing query-provided `ovm.sdp.deadline` attribute, to help diagnose unexpected timeouts. > > <sup>Written by [Cursor Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit 515f4b1d94de1c9bc535fb72856d0f1544e850bc. This will update automatically on new commits. Configure [here](https://cursor.com/dashboard?tab=bugbot).</sup> <!-- /CURSOR_SUMMARY --> GitOrigin-RevId: 26fce892dd3cb773426e0312db9c4993b52c1924
…ius values (#3703) This PR refactors `AccountConfig` storage from a serialized protobuf blob to dedicated columns in the `accounts` table, and removes the ability to set custom blast radius values. **Key changes:** - Renamed `BlastRadiusPreset.CUSTOM` (value 0) to `UNSPECIFIED`, which now defaults to `DETAILED` behavior - Unrolled `AccountConfig` from a protobuf blob in the `account_configs` KV table to dedicated columns (`blast_radius_preset`, `skip_unmapped_changes_for_risks`) directly in the `accounts` table - Implemented lazy migration: on first `GetAccountConfig` call for an unmigrated account, the system reads the legacy protobuf, extracts values, and writes them to the new columns - Removed the generic `kv/` package since `AccountConfig` was its only use case - `BlastRadiusConfig` fields (maxItems, linkDepth, timeout) are now hardcoded based on preset - custom values sent by clients are ignored on write but populated from preset values on read (for backward compatibility) The previous architecture had several issues: 1. **Opaque storage**: Protobuf blobs made it impossible to query or analyze account configurations directly in SQL 2. **Unnecessary complexity**: The KV abstraction added indirection for a single use case 3. **Custom values rarely used**: Analysis showed most accounts used presets, and supporting arbitrary custom values complicated the codebase 1. **Lazy migration vs. batch migration**: We chose lazy migration to minimize deployment risk. The `blast_radius_preset_migrated` flag tracks which accounts have been migrated. Trade-off: first request after deployment may be slightly slower for unmigrated accounts. 2. **API backward compatibility**: The protobuf definition remains largely unchanged - clients can still send `BlastRadiusConfig` values, they're just ignored. This prevents breaking existing integrations while simplifying the backend. 3. **UNSPECIFIED → DETAILED**: We convert `UNSPECIFIED` (formerly `CUSTOM`) to `DETAILED` both on read and during migration. This ensures predictable behavior without requiring user action. - [x] Unit tests updated and passing for `configservice` - [x] Tests verify setting/getting both `blastRadiusPreset` and `skipUnmappedChangesForRisks` - [x] Tests verify `UNSPECIFIED` is treated as `DETAILED` - [ ] Manual test: verify existing accounts migrate correctly on first access - [ ] Manual test: verify admin UI shows raw database values - [ ] Manual test: verify frontend preset selector and skip unmapped toggle work <!-- CURSOR_SUMMARY --> --- > [!NOTE] > Refactors `AccountConfig` storage and behavior across API, DB, protobufs, admin UI, and frontend. > > - Adds `blast_radius_preset`, `skip_unmapped_changes_for_risks`, `blast_radius_preset_migrated` to `accounts` (migration + schema, models, queries) > - Implements lazy migration: `GetAccountConfig` reads legacy protobuf once via `GetLegacyAccountConfig` then persists with `SetAccountConfigMigrated` > - Removes `server/kv` and legacy account_configs read/write paths; `UpdateAccountConfig` now writes columns only > - Hardcodes `BlastRadiusConfig` per preset; client-sent custom values ignored on write and filled on read > - Renames enum `CUSTOM`→`UNSPECIFIED` (treated as `DETAILED`) in proto and JS/Go bindings; helpers updated to use presets only > - Updates admin UI to display new columns and frontend to default to `DETAILED`; adjusts tests to cover presets, UNSPECIFIED handling, and new getters/setters > > <sup>Written by [Cursor Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit 81ae4bade3fc25853627bac707a2e94efb91967c. This will update automatically on new commits. Configure [here](https://cursor.com/dashboard?tab=bugbot).</sup> <!-- /CURSOR_SUMMARY --> GitOrigin-RevId: 42dad107c01d1131ad9c21c90c957afa8152fd65
This is some improvements to otel capturing to address some confusion noted in recent analyses. <!-- CURSOR_SUMMARY --> --- > [!NOTE] > **Low Risk** > Primarily refactors OpenTelemetry attribute/log wiring and adds extra observability fields; low functional risk aside from potential telemetry cardinality/log-volume changes (e.g., recording item name slices). > > **Overview** > Improves OpenTelemetry instrumentation for SDP queries by introducing `(*sdp.Query).SetSpanAttributes` and using it across gateway, discovery, and query-progress tracking to standardize span fields and reduce duplicated attribute setting. > > Enhances blast radius observability by adding counts for filtered/previously-processed candidate items and attaching candidate item name slices to LLM blast-radius spans, plus minor log field key normalization (e.g., `ovm.sdp.*`, `ovm.adapter.name`). > > <sup>Written by [Cursor Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit c0d22c965c765710d2a768ff2ec331b96bd99f34. This will update automatically on new commits. Configure [here](https://cursor.com/dashboard?tab=bugbot).</sup> <!-- /CURSOR_SUMMARY --> GitOrigin-RevId: 0829cdfae957bfecdb2517d01e161b392a7b953b
This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [google.golang.org/genproto](https://redirect.github.com/googleapis/go-genproto) | require | digest | `8e98ce8` → `8636f87` | --- > [!WARNING] > Some dependencies could not be looked up. Check the Dependency Dashboard for more information. --- ### Configuration 📅 **Schedule**: Branch creation - "before 10am on friday" in timezone Europe/London, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/overmindtech/workspace). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi45Mi4xIiwidXBkYXRlZEluVmVyIjoiNDIuOTIuMSIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiZGVwZW5kZW5jaWVzIiwiZ29sYW5nIl19--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> GitOrigin-RevId: aea8cb336a82708b7a9a396a2cd5be8b017b3591
… (#3728) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [github.com/serpapi/serpapi-golang](https://redirect.github.com/serpapi/serpapi-golang) | require | digest | `5a12868` → `0e41c79` | --- > [!WARNING] > Some dependencies could not be looked up. Check the Dependency Dashboard for more information. --- ### Configuration 📅 **Schedule**: Branch creation - "before 10am on friday" in timezone Europe/London, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/overmindtech/workspace). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi45Mi4xIiwidXBkYXRlZEluVmVyIjoiNDIuOTIuMSIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiZGVwZW5kZW5jaWVzIiwiZ29sYW5nIl19--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> GitOrigin-RevId: 33849dcf543ebcc8068d4d4af33a412c8787eccb
This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | alpine | final | patch | `3.23.2` → `3.23.3` | --- > [!WARNING] > Some dependencies could not be looked up. Check the Dependency Dashboard for more information. --- ### Configuration 📅 **Schedule**: Branch creation - "before 10am on friday" in timezone Europe/London, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/overmindtech/workspace). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi45Mi4xIiwidXBkYXRlZEluVmVyIjoiNDIuOTIuMSIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiZGVwZW5kZW5jaWVzIiwiZG9ja2VyIl19--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> GitOrigin-RevId: 16e579e22bcab563dcf8ca74ab749885961cae1a
… 8636f87 (#3730) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [google.golang.org/genproto/googleapis/rpc](https://redirect.github.com/googleapis/go-genproto) | require | digest | `8e98ce8` → `8636f87` | --- > [!WARNING] > Some dependencies could not be looked up. Check the Dependency Dashboard for more information. --- ### Configuration 📅 **Schedule**: Branch creation - "before 10am on friday" in timezone Europe/London, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/overmindtech/workspace). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi45Mi4xIiwidXBkYXRlZEluVmVyIjoiNDIuOTIuMSIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiZGVwZW5kZW5jaWVzIiwiZ29sYW5nIl19--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> GitOrigin-RevId: 3210642ecefc744108719593c22702983d12dbee
This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [aws](https://registry.terraform.io/providers/hashicorp/aws) ([source](https://redirect.github.com/hashicorp/terraform-provider-aws)) | required_provider | minor | `6.28.0` → `6.30.0` | | [aws](https://registry.terraform.io/providers/hashicorp/aws) ([source](https://redirect.github.com/hashicorp/terraform-provider-aws)) | required_provider | minor | `~> 5.60` → `~> 6.28` | | [google](https://registry.terraform.io/providers/hashicorp/google) ([source](https://redirect.github.com/hashicorp/terraform-provider-google)) | required_provider | minor | `7.16.0` → `7.17.0` | | [random](https://registry.terraform.io/providers/hashicorp/random) ([source](https://redirect.github.com/hashicorp/terraform-provider-random)) | required_provider | patch | `3.8.0` → `3.8.1` | | [tls](https://registry.terraform.io/providers/hashicorp/tls) ([source](https://redirect.github.com/hashicorp/terraform-provider-tls)) | required_provider | minor | `4.1.0` → `4.2.0` | --- > [!WARNING] > Some dependencies could not be looked up. Check the Dependency Dashboard for more information. --- ### Release Notes <details> <summary>hashicorp/terraform-provider-aws (aws)</summary> ### [`v6.30.0`](https://redirect.github.com/hashicorp/terraform-provider-aws/blob/HEAD/CHANGELOG.md#6300-January-28-2026) [Compare Source](https://redirect.github.com/hashicorp/terraform-provider-aws/compare/v6.29.0...v6.30.0) FEATURES: - **New Resource:** `aws_ssoadmin_managed_policy_attachments_exclusive` ([#​46176](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/46176)) BUG FIXES: - resource/aws\_dynamodb\_table: Fix panic when `global_secondary_index` or `global_secondary_index.key_schema` are `dynamic` ([#​46195](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/46195)) ### [`v6.29.0`](https://redirect.github.com/hashicorp/terraform-provider-aws/blob/HEAD/CHANGELOG.md#6290-January-28-2026) [Compare Source](https://redirect.github.com/hashicorp/terraform-provider-aws/compare/v6.28.0...v6.29.0) NOTES: - data-source/aws\_organizations\_organization: Add `return_organization_only` argument to return only the results of the [`DescribeOrganization`](https://docs.aws.amazon.com/organizations/latest/APIReference/API_DescribeOrganization.html) API and avoid API limits ([#​40884](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/40884)) - resource/aws\_cloudfront\_anycast\_ip\_list: Because we cannot easily test all this functionality, it is best effort and we ask for community help in testing ([#​43331](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/43331)) - resource/aws\_invoicing\_invoice\_unit: Deprecates `region` attribute, as the resource is global. ([#​46185](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/46185)) - resource/aws\_organizations\_organization: Add `return_organization_only` argument to return only the results of the [`DescribeOrganization`](https://docs.aws.amazon.com/organizations/latest/APIReference/API_DescribeOrganization.html) API and avoid API limits ([#​40884](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/40884)) - resource/aws\_savingsplans\_savings\_plan: Because we cannot easily test this functionality, it is best effort and we ask for community help in testing ([#​45834](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/45834)) FEATURES: - **New Data Source:** `aws_arcregionswitch_plan` ([#​43781](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/43781)) - **New Data Source:** `aws_arcregionswitch_route53_health_checks` ([#​43781](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/43781)) - **New Data Source:** `aws_organizations_entity_path` ([#​45890](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/45890)) - **New Data Source:** `aws_resourcegroupstaggingapi_required_tags` ([#​45994](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/45994)) - **New Data Source:** `aws_s3_bucket_object_lock_configuration` ([#​45990](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/45990)) - **New Data Source:** `aws_s3_bucket_replication_configuration` ([#​42662](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/42662)) - **New Data Source:** `aws_s3control_access_points` ([#​45949](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/45949)) - **New Data Source:** `aws_s3control_multi_region_access_points` ([#​45974](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/45974)) - **New Data Source:** `aws_savingsplans_savings_plan` ([#​45834](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/45834)) - **New Data Source:** `aws_wafv2_managed_rule_group` ([#​45899](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/45899)) - **New List Resource:** `aws_appflow_connector_profile` ([#​45983](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/45983)) - **New List Resource:** `aws_appflow_flow` ([#​45980](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/45980)) - **New List Resource:** `aws_cleanrooms_collaboration` ([#​45953](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/45953)) - **New List Resource:** `aws_cleanrooms_configured_table` ([#​45956](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/45956)) - **New List Resource:** `aws_cloudfront_key_value_store` ([#​45957](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/45957)) - **New List Resource:** `aws_opensearchserverless_collection` ([#​46001](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/46001)) - **New List Resource:** `aws_route53_record` ([#​46059](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/46059)) - **New List Resource:** `aws_s3_bucket` ([#​46004](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/46004)) - **New List Resource:** `aws_s3_object` ([#​46002](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/46002)) - **New List Resource:** `aws_security_group` ([#​46062](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/46062)) - **New Resource:** `aws_apigatewayv2_routing_rule` ([#​42961](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/42961)) - **New Resource:** `aws_arcregionswitch_plan` ([#​43781](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/43781)) - **New Resource:** `aws_cloudfront_anycast_ip_list` ([#​43331](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/43331)) - **New Resource:** `aws_notifications_managed_notification_account_contact_association` ([#​45185](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/45185)) - **New Resource:** `aws_notifications_managed_notification_additional_channel_association` ([#​45186](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/45186)) - **New Resource:** `aws_notifications_organizational_unit_association` ([#​45197](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/45197)) - **New Resource:** `aws_notifications_organizations_access` ([#​45273](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/45273)) - **New Resource:** `aws_opensearch_application` ([#​43822](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/43822)) - **New Resource:** `aws_ram_permission` ([#​44114](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/44114)) - **New Resource:** `aws_ram_resource_associations_exclusive` ([#​45883](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/45883)) - **New Resource:** `aws_sagemaker_labeling_job` ([#​46041](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/46041)) - **New Resource:** `aws_sagemaker_model_card` ([#​45993](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/45993)) - **New Resource:** `aws_sagemaker_model_card_export_job` ([#​46009](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/46009)) - **New Resource:** `aws_savingsplans_savings_plan` ([#​45834](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/45834)) - **New Resource:** `aws_sesv2_tenant_resource_association` ([#​45904](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/45904)) - **New Resource:** `aws_vpc_security_group_rules_exclusive` ([#​45876](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/45876)) ENHANCEMENTS: - aws\_api\_gateway\_domain\_name: Add `routing_mode` argument to support dynamic routing via routing rules ([#​42961](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/42961)) - aws\_apigatewayv2\_domain\_name: Add `routing_mode` argument to support dynamic routing via routing rules ([#​42961](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/42961)) - data-source/aws\_batch\_job\_definition: Add `allow_privilege_escalation` attribute to `eks_properties.pod_properties.containers.security_context` ([#​45896](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/45896)) - data-source/aws\_dynamodb\_table: Add `global_secondary_index.key_schema` attribute ([#​46157](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/46157)) - data-source/aws\_networkmanager\_core\_network\_policy\_document: Add `segment_actions.routing_policy_names` argument ([#​45928](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/45928)) - data-source/aws\_s3\_object: Add `body_base64` and `download_body` attributes. For improved performance, set `download_body = false` to ensure bodies are never downloaded ([#​46163](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/46163)) - data-source/aws\_vpc\_ipam\_pool: Add `source_resource` attribute ([#​44705](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/44705)) - resource/aws\_batch\_job\_definition: Add `allow_privilege_escalation` attribute to `eks_properties.pod_properties.containers.security_context` ([#​45896](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/45896)) - resource/aws\_bedrockagent\_data\_source: Add `vector_ingestion_configuration.parsing_configuration.bedrock_data_automation_configuration` block ([#​45966](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/45966)) - resource/aws\_bedrockagent\_data\_source: Add `vector_ingestion_configuration.parsing_configuration.bedrock_foundation_model_configuration.parsing_modality` argument ([#​46056](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/46056)) - resource/aws\_docdb\_cluster\_instance: Add `certificate_rotation_restart` argument ([#​45984](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/45984)) - resource/aws\_dynamodb\_table: Add support for multi-attribute keys in global secondary indexes. Introduces hash\_keys and range\_keys to the gsi block and makes hash\_key optional for backwards compatibility. ([#​45357](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/45357)) - resource/aws\_dynamodb\_table: Adds warning when `stream_view_type` is set and `stream_enabled` is either `false` or unset. ([#​45934](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/45934)) - resource/aws\_ecr\_account\_setting: Add support for `BLOB_MOUNTING` account setting name with `ENABLED` and `DISABLED` values ([#​46092](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/46092)) - resource/aws\_fsx\_windows\_file\_system: Add `domain_join_service_account_secret` argument to `self_managed_active_directory` configuration block ([#​45852](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/45852)) - resource/aws\_fsx\_windows\_file\_system: Change `self_managed_active_directory.password` to Optional and `self_managed_active_directory.username` to Optional and Computed ([#​45852](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/45852)) - resource/aws\_invoicing\_invoice\_unit: Adds resource identity support. ([#​46185](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/46185)) - resource/aws\_invoicing\_invoice\_unit: Adds validation to restrict `rules` to a single element. ([#​46185](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/46185)) - resource/aws\_lambda\_function: Increase upper limit of `memory_size` from 10240 MB to 32768 MB ([#​46065](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/46065)) - resource/aws\_launch\_template: Add `network_performance_options` argument ([#​46071](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/46071)) - resource/aws\_odb\_network: Enhancements to support KMS and STS parameters in CreateOdbNetwork and UpdateOdbNetwork. ([#​45636](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/45636)) - resource/aws\_opensearchserverless\_collection: Add resource identity support ([#​45981](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/45981)) - resource/aws\_osis\_pipeline: Updates `pipeline_configuration_body` maximum length validation to 2,621,440 bytes to align with AWS API specification. ([#​44881](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/44881)) - resource/aws\_sagemaker\_endpoint: Retry IAM eventual consistency errors on Create ([#​45951](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/45951)) - resource/aws\_sagemaker\_monitoring\_schedule: Add `monitoring_schedule_config.monitoring_job_definition` argument ([#​45951](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/45951)) - resource/aws\_sagemaker\_monitoring\_schedule: Make `monitoring_schedule_config.monitoring_job_definition_name` argument optional ([#​45951](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/45951)) - resource/aws\_vpc\_ipam\_pool: Add `source_resource` argument in support of provisioning of VPC Resource Planning Pools ([#​44705](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/44705)) - resource/aws\_vpc\_ipam\_resource\_discovery: Add `organizational_unit_exclusion` argument ([#​45890](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/45890)) - resource/aws\_vpc\_subnet: Add `ipv4_ipam_pool_id`, `ipv4_netmask_length`, `ipv6_ipam_pool_id`, and `ipv6_netmask_length` arguments in support of provisioning of subnets using IPAM ([#​44705](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/44705)) - resource/aws\_vpc\_subnet: Change `ipv6_cidr_block` to Optional and Computed ([#​44705](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/44705)) BUG FIXES: - data-source/aws\_ecr\_lifecycle\_policy\_document: Add `rule.action.target_storage_class` and `rule.selection.storage_class` to JSON serialization ([#​45909](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/45909)) - data-source/aws\_lakeformation\_permissions: Remove incorrect validation from `catalog_id`, `data_location.catalog_id`, `database.catalog_id`, `lf_tag_policy.catalog_id`, `table.catalog_id`, and `table_with_columns.catalog_id` arguments ([#​43931](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/43931)) - data-source/aws\_networkmanager\_core\_network\_policy\_document: Fix panic when `attachment_routing_policy_rules.action.associate_routing_policies` is empty ([#​46160](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/46160)) - provider: Fix crash when using custom S3 endpoints with non-standard region strings (e.g., S3-compatible storage like Ceph or MinIO) ([#​46000](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/46000)) - provider: When importing resources with `region` defined, in AWS European Sovereign Cloud, prevent failing due to region validation requiring region names to start with "\[a-z]{2}-" ([#​45895](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/45895)) - resource/aws\_athena\_workgroup: Fix error when removing `configuration.result_configuration.encryption_configuration` argument ([#​46159](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/46159)) - resource/aws\_bcmdataexports\_export: Fix `Provider produced inconsistent result after apply` error when querying `CARBON_EMISSIONS` table without `table_configurations` ([#​45972](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/45972)) - resource/aws\_bedrock\_inference\_profile: Fixed forced replacement following import when `model_source` is set ([#​45713](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/45713)) - resource/aws\_billing\_view: Fix handling of data\_filter\_expression ([#​45293](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/45293)) - resource/aws\_cloudformation\_stack\_set: Fix perpetual diff when using `auto_deployment` with `permission_model` set to `SERVICE_MANAGED` ([#​45992](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/45992)) - resource/aws\_cloudfront\_distribution: Fix `runtime error: invalid memory address or nil pointer dereference` panic when mistakenly importing a multi-tenant distribution ([#​45873](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/45873)) - resource/aws\_cloudfront\_distribution: Prevent mistakenly importing a multi-tenant distribution ([#​45873](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/45873)) - resource/aws\_cloudfront\_multitenant\_distribution: Fix "specified origin server does not exist or is not valid" errors when attempting to use Origin Access Control (OAC) ([#​45977](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/45977)) - resource/aws\_cloudfront\_multitenant\_distribution: Fix `origin_group` to use correct `id` attribute name and fix field mapping to resolve `missing required field` errors ([#​45921](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/45921)) - resource/aws\_cloudwatch\_event\_rule: Prevent failing on AWS European Sovereign Cloud regions due to region validation requiring region names to start with "\[a-z]{2}-" ([#​45895](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/45895)) - resource/aws\_config\_configuration\_recorder: Fix `InvalidRecordingGroupException: The recording group provided is not valid` errors when the `recording_group.exclusion_by_resource_type` or `recording_group.recording_strategy` argument is removed during update ([#​46110](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/46110)) - resource/aws\_datazone\_environment\_profile: Prevent failing on AWS European Sovereign Cloud regions due to region validation requiring region names to start with "\[a-z]{2}-" ([#​45895](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/45895)) - resource/aws\_dynamodb\_table: Fix perpetual diff for `warm_throughput` in global\_secondary\_index when not set in configuration. ([#​46094](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/46094)) - resource/aws\_dynamodb\_table: Fixes error when `name` is known after apply ([#​45917](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/45917)) - resource/aws\_eks\_cluster: Fix `kubernetes_network_config` argument name in EKS Auto Mode validation error message ([#​45997](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/45997)) - resource/aws\_emrserverless\_application: Prevent failing on AWS European Sovereign Cloud regions due to region validation requiring region names to start with "\[a-z]{2}-" ([#​45895](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/45895)) - resource/aws\_lakeformation\_permissions: Remove incorrect validation from `catalog_id`, `data_location.catalog_id`, `database.catalog_id`, `lf_tag_policy.catalog_id`, `table.catalog_id`, and `table_with_columns.catalog_id` arguments ([#​43931](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/43931)) - resource/aws\_lambda\_event\_source\_mapping: Prevent failing on AWS European Sovereign Cloud regions due to region validation requiring region names to start with "\[a-z]{2}-" ([#​45895](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/45895)) - resource/aws\_lambda\_invocation: Fix panic when deleting or replacing resource with empty input in CRUD lifecycle scope ([#​45967](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/45967)) - resource/aws\_lambda\_permission: Prevent failing on AWS European Sovereign Cloud regions due to region validation requiring region names to start with "\[a-z]{2}-" ([#​45895](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/45895)) - resource/aws\_lb\_target\_group: Fix update error when switching `health_check.protocol` from `HTTP` to `TCP` when `protocol` is `TCP` ([#​46036](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/46036)) - resource/aws\_multitenant\_cloudfront\_distribution: Prevent mistakenly importing a standard distribution ([#​45873](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/45873)) - resource/aws\_networkfirewall\_firewall\_policy: Support partner-managed rule groups via `firewall_policy.stateful_rule_group_reference.resource_arn` ([#​46124](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/46124)) - resource/aws\_odb\_network: Fix `delete_associated_resources` being set when value is unknown ([#​45636](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/45636)) - resource/aws\_pipes\_pipe: Prevent failing on AWS European Sovereign Cloud regions due to region validation requiring region names to start with "\[a-z]{2}-" ([#​45895](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/45895)) - resource/aws\_placement\_group: Correct validation of `partition_count` ([#​45042](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/45042)) - resource/aws\_rds\_cluster: Properly set `iam_database_authentication_enabled` when restored from snapshot ([#​39461](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/39461)) - resource/aws\_redshift\_cluster: Changing `port` now works. ([#​45870](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/45870)) - resource/aws\_redshiftserverless\_workgroup: Fix `ValidationException: Base capacity cannot be updated when PerformanceTarget is Enabled` error when updating `price_performance_target` and `base_capacity` ([#​46137](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/46137)) - resource/aws\_route53\_health\_check: Mark `regions` argument as `Computed` to fix an unexpected `regions` diff when it is not specified ([#​45829](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/45829)) - resource/aws\_route53\_zone: Fix `InvalidChangeBatch` errors during [ForceNew](https://developer.hashicorp.com/terraform/plugin/sdkv2/schemas/schema-behaviors#forcenew) operations when zone name changes ([#​45242](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/45242)) - resource/aws\_route53\_zone: Fixes error where Delete would fail if the remote resource had already been deleted. ([#​45985](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/45985)) - resource/aws\_route53profiles\_resource\_association: Fix `Invalid JSON String Value` error on initial apply and `ConflictException` on subsequent apply when associating Route53 Resolver Query Log Configs ([#​45958](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/45958)) - resource/aws\_route53recoverycontrolconfig\_control\_panel: Fix crash when create returns an error ([#​45954](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/45954)) - resource/aws\_s3\_bucket: Fix bucket creation with tags in non-commercial AWS regions by handling `UnsupportedArgument` errors during tag-on-create operations ([#​46122](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/46122)) - resource/aws\_s3\_bucket: Fix tag read and update operations in non-commercial AWS regions by handling `MethodNotAllowed` errors when S3 Control APIs are unavailable ([#​46122](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/46122)) - resource/aws\_servicecatalog\_portfolio\_share: Support organization and OU IDs in addition to ARNs for GovCloud compatibility ([#​39863](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/39863)) - resource/aws\_subnet: Mark `ipv6_cidr_block` as `ForceNew` when the existing IPv6 subnet was created with `assign_ipv6_address_on_create = true` ([#​46043](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/46043)) - resource/aws\_vpc\_endpoint: Fix persistent diffs caused by case differences in `ip_address_type` ([#​45947](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/45947)) </details> <details> <summary>hashicorp/terraform-provider-google (google)</summary> ### [`v7.17.0`](https://redirect.github.com/hashicorp/terraform-provider-google/blob/HEAD/CHANGELOG.md#7170-Unreleased) [Compare Source](https://redirect.github.com/hashicorp/terraform-provider-google/compare/v7.16.0...v7.17.0) </details> <details> <summary>hashicorp/terraform-provider-random (random)</summary> ### [`v3.8.1`](https://redirect.github.com/hashicorp/terraform-provider-random/blob/HEAD/CHANGELOG.md#381-January-27-2026) [Compare Source](https://redirect.github.com/hashicorp/terraform-provider-random/compare/v3.8.0...v3.8.1) NOTES: - This release introduces no functional changes but has been signed with a valid certificate for the windows binary. ([#​749](https://redirect.github.com/hashicorp/terraform-provider-random/issues/749)) </details> <details> <summary>hashicorp/terraform-provider-tls (tls)</summary> ### [`v4.2.0`](https://redirect.github.com/hashicorp/terraform-provider-tls/blob/HEAD/CHANGELOG.md#420-January-28-2026) [Compare Source](https://redirect.github.com/hashicorp/terraform-provider-tls/compare/v4.1.0...v4.2.0) FEATURES: - ephemeral/tls\_public\_key: New ephemeral resource that extracts the public key from a private key. ([#​668](https://redirect.github.com/hashicorp/terraform-provider-tls/issues/668)) ENHANCEMENTS: - data-source/tls\_certificats: Added `max_path_length` attribute ([#​301](https://redirect.github.com/hashicorp/terraform-provider-tls/issues/301)) - resource/tls\_self\_signed\_cert: Added optional `max_path_length` attribute ([#​301](https://redirect.github.com/hashicorp/terraform-provider-tls/issues/301)) - resource/tls\_locally\_signed\_cert: Added optional `max_path_length` attribute ([#​301](https://redirect.github.com/hashicorp/terraform-provider-tls/issues/301)) </details> --- ### Configuration 📅 **Schedule**: Branch creation - "before 10am on friday" in timezone Europe/London, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://redirect.github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/overmindtech/workspace). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi45Mi4xIiwidXBkYXRlZEluVmVyIjoiNDIuOTIuMSIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiZGVwZW5kZW5jaWVzIiwidGVycmFmb3JtIl19--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> GitOrigin-RevId: 184c69d8a5d176e3f19037fbd89548af18e52ce9
This PR contains the following updates:
| Package | Change |
[Age](https://docs.renovatebot.com/merge-confidence/) |
[Confidence](https://docs.renovatebot.com/merge-confidence/) |
|---|---|---|---|
|
[cloud.google.com/go/container](https://redirect.github.com/googleapis/google-cloud-go)
| `v1.45.0` → `v1.46.0` |
|
|
|
[github.com/auth0/go-auth0/v2](https://redirect.github.com/auth0/go-auth0)
| `v2.3.0` → `v2.4.0` |
|
|
|
[github.com/aws/aws-sdk-go-v2/service/ec2](https://redirect.github.com/aws/aws-sdk-go-v2)
| `v1.281.0` → `v1.285.0` |
|
|
|
[github.com/aws/aws-sdk-go-v2/service/lambda](https://redirect.github.com/aws/aws-sdk-go-v2)
| `v1.87.1` → `v1.88.0` |
|
|
|
[github.com/aws/aws-sdk-go-v2/service/s3](https://redirect.github.com/aws/aws-sdk-go-v2)
| `v1.95.1` → `v1.96.0` |
|
|
|
[github.com/getsentry/sentry-go](https://redirect.github.com/getsentry/sentry-go)
| `v0.41.0` → `v0.42.0` |
|
|
|
[github.com/harness/harness-go-sdk](https://redirect.github.com/harness/harness-go-sdk)
| `v0.7.2` → `v0.7.4` |
|
|
|
[github.com/kaptinlin/jsonrepair](https://redirect.github.com/kaptinlin/jsonrepair)
| `v0.2.6` → `v0.2.7` |
|
|
|
[github.com/nats-io/nats-server/v2](https://redirect.github.com/nats-io/nats-server)
| `v2.12.3` → `v2.12.4` |
|
|
| [github.com/onsi/ginkgo/v2](https://redirect.github.com/onsi/ginkgo) |
`v2.27.5` → `v2.28.1` |
|
|
| [github.com/onsi/gomega](https://redirect.github.com/onsi/gomega) |
`v1.39.0` → `v1.39.1` |
|
|
|
[github.com/openai/openai-go/v3](https://redirect.github.com/openai/openai-go)
| `v3.16.0` → `v3.17.0` |
|
|
|
[github.com/stripe/stripe-go/v84](https://redirect.github.com/stripe/stripe-go)
| `v84.2.0` → `v84.3.0` |
|
|
|
[google.golang.org/api](https://redirect.github.com/googleapis/google-api-go-client)
| `v0.262.0` → `v0.264.0` |
|
|
|
[~sigs.k8s.io/controller-runtime~](https://redirect.github.com/kubernetes-sigs/controller-runtime)
| ~`v0.22.4` → `v0.23.1`~ |
~~
|
~~
|
---
> [!WARNING]
> Some dependencies could not be looked up. Check the Dependency
Dashboard for more information.
## ⚠️ Warning
These modules are almost certainly going to break everything. They do
every time they update. If you update even one repo's OTEL modules, go
will then pull in new versions due to
[MVS](https://research.swtch.com/vgo-mvs) which will cause your repo to
break. All [otel pull
requests](https://redirect.github.com/pulls?q=is%3Aopen+is%3Apr+user%3Aovermindtech+archived%3Afalse+label%3Aobservability+)
need to be merged basically at the same time, and after all of the
modules have been updated to be compatible with each other.
---
### Release Notes
<details>
<summary>auth0/go-auth0 (github.com/auth0/go-auth0/v2)</summary>
###
[`v2.4.0`](https://redirect.github.com/auth0/go-auth0/blob/HEAD/CHANGELOG.md#v240-2026-01-27)
[Compare
Source](https://redirect.github.com/auth0/go-auth0/compare/v2.3.0...v2.4.0)
[Full
Changelog](https://redirect.github.com/auth0/go-auth0/compare/v2.3.0...v2.4.0)
**Added**
- feat: Add HTTP Basic Auth vault connections and phone consolidated
experience support
[#​687](https://redirect.github.com/auth0/go-auth0/pull/687)
([fern-api\[bot\]](https://redirect.github.com/apps/fern-api))
- feat: Add Actions Modules API and Custom Domains Enhancements
[#​684](https://redirect.github.com/auth0/go-auth0/pull/684)
([fern-api\[bot\]](https://redirect.github.com/apps/fern-api))
- Add Client Grants retrieval, Custom Domains Passkey support, Flows
SMS/Call actions, and Directory Provisioning list endpoint
[#​682](https://redirect.github.com/auth0/go-auth0/pull/682)
([fern-api\[bot\]](https://redirect.github.com/apps/fern-api))
- feat: Add Groups API, Enhanced Client Authentication, and Connection
Authentication Methods
[#​679](https://redirect.github.com/auth0/go-auth0/pull/679)
([fern-api\[bot\]](https://redirect.github.com/apps/fern-api))
- feat: Add Refresh Token Update API, Organization Discovery Domain
GetByName, and Refresh Token Metadata Support
[#​669](https://redirect.github.com/auth0/go-auth0/pull/669)
([fern-api\[bot\]](https://redirect.github.com/apps/fern-api))
</details>
<details>
<summary>aws/aws-sdk-go-v2
(github.com/aws/aws-sdk-go-v2/service/ec2)</summary>
###
[`v1.285.0`](https://redirect.github.com/aws/aws-sdk-go-v2/blob/HEAD/CHANGELOG.md#Release-2026-01-29)
#### Module Highlights
- `github.com/aws/aws-sdk-go-v2/service/ec2`:
[v1.285.0](service/ec2/CHANGELOG.md#v12850-2026-01-29)
- **Feature**: G7e instances feature up to 8 NVIDIA RTX PRO 6000
Blackwell Server Edition GPUs with 768 GB of memory and 5th generation
Intel Xeon Scalable processors. Supporting up to 192 vCPUs, 1600 Gbps
networking bandwidth with EFA, up to 2 TiB of system memory, and up to
15.2 TB of local NVMe SSD storage.
- `github.com/aws/aws-sdk-go-v2/service/gamelift`:
[v1.50.0](service/gamelift/CHANGELOG.md#v1500-2026-01-29)
- **Feature**: Amazon GameLift Servers now supports automatic scaling to
and from zero instances based on game session activity. Fleets scale
down to zero following a defined period of no game session activity and
scale up from zero when game sessions are requested, providing an option
for cost optimization.
###
[`v1.284.0`](https://redirect.github.com/aws/aws-sdk-go-v2/blob/HEAD/CHANGELOG.md#Release-2026-01-28)
#### General Highlights
- **Dependency Update**: Updated to the latest SDK module versions
#### Module Highlights
- `github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider`:
[v1.58.0](service/cognitoidentityprovider/CHANGELOG.md#v1580-2026-01-28)
- **Feature**: This release adds support for a new lambda trigger to
transform federated user attributes during the authentication with
external identity providers on Cognito Managed Login.
- `github.com/aws/aws-sdk-go-v2/service/connect`:
[v1.159.0](service/connect/CHANGELOG.md#v11590-2026-01-28)
- **Feature**: Adds support for filtering search results based on tags
assigned to contacts.
- `github.com/aws/aws-sdk-go-v2/service/ec2`:
[v1.284.0](service/ec2/CHANGELOG.md#v12840-2026-01-28)
- **Feature**: SearchTransitGatewayRoutes API response now includes a
NextToken field, enabling pagination when retrieving large sets of
transit gateway routes. Pass the returned NextToken value in subsequent
requests to retrieve the next page of results.
- `github.com/aws/aws-sdk-go-v2/service/lambda`:
[v1.88.0](service/lambda/CHANGELOG.md#v1880-2026-01-28)
- **Feature**: We are launching ESM Metrics and logging for Kafka ESM to
allow customers to monitor Kafka event processing using CloudWatch
Metrics and Logs.
- `github.com/aws/aws-sdk-go-v2/service/mediaconnect`:
[v1.47.0](service/mediaconnect/CHANGELOG.md#v1470-2026-01-28)
- **Feature**: This release adds support for NDI flow sources in AWS
Elemental MediaConnect. You can now send content to your MediaConnect
transport streams directly from your NDI environment using the new NDI
source type. Also adds support for LARGE 4X flow size, which can be used
when creating CDI JPEG-XS flows.
- `github.com/aws/aws-sdk-go-v2/service/mediaconvert`:
[v1.87.0](service/mediaconvert/CHANGELOG.md#v1870-2026-01-28)
- **Feature**: This release adds a follow source mode for audio output
channel count, an AES audio frame wrapping option for MXF outputs, and
an option to signal DolbyVision compatibility using the
SUPPLEMENTAL-CODECS tag in HLS manifests.
- `github.com/aws/aws-sdk-go-v2/service/s3`:
[v1.96.0](service/s3/CHANGELOG.md#v1960-2026-01-28)
- **Feature**: Adds support for the UpdateObjectEncryption API to change
the server-side encryption type of objects in general purpose buckets.
- `github.com/aws/aws-sdk-go-v2/service/s3control`:
[v1.68.0](service/s3control/CHANGELOG.md#v1680-2026-01-28)
- **Feature**: Adds support for the UpdateObjectEncryption API to change
the server-side encryption type of objects in general purpose buckets.
###
[`v1.283.0`](https://redirect.github.com/aws/aws-sdk-go-v2/blob/HEAD/CHANGELOG.md#Release-2026-01-27)
#### Module Highlights
- `github.com/aws/aws-sdk-go-v2/service/connect`:
[v1.158.0](service/connect/CHANGELOG.md#v11580-2026-01-27)
- **Feature**: Added support for task attachments. The StartTaskContact
API now accepts file attachments, enabling customers to include files
(.csv, .doc, .docx, .heic, .jfif, .jpeg, .jpg, .mov, .mp4, .pdf, .png,
.ppt, .pptx, .rtf, .txt, etc.) when creating Task contacts. Supports up
to 5 attachments per task.
- `github.com/aws/aws-sdk-go-v2/service/deadline`:
[v1.24.0](service/deadline/CHANGELOG.md#v1240-2026-01-27)
- **Feature**: AWS Deadline Cloud now supports editing job names and
descriptions after submission.
- `github.com/aws/aws-sdk-go-v2/service/ec2`:
[v1.283.0](service/ec2/CHANGELOG.md#v12830-2026-01-27)
- **Feature**: Releasing new EC2 instances. C8gb and M8gb with highest
EBS performance, M8gn with 600 Gbps network bandwidth, X8aedz and M8azn
with 5GHz AMD processors, X8i with Intel Xeon 6 processors and up to 6TB
memory, and Mac-m4max with Apple M4 Max chip for 25 percent faster
builds.
- `github.com/aws/aws-sdk-go-v2/service/medialive`:
[v1.90.0](service/medialive/CHANGELOG.md#v1900-2026-01-27)
- **Feature**: AWS Elemental MediaLive released two new features that
allows customers 1) to set Output Timecode for AV1 encoder, 2) to set a
Custom Epoch for CMAF Ingest and MediaPackage V2 output groups when
using Pipeline Locking or Disabled Locking modes.
- `github.com/aws/aws-sdk-go-v2/service/sagemaker`:
[v1.231.0](service/sagemaker/CHANGELOG.md#v12310-2026-01-27)
- **Feature**: Idle resource sharing enables teams to borrow unused
compute resources in your SageMaker HyperPod cluster. This capability
maximizes resource utilization by allowing teams to borrow idle compute
capacity beyond their allocated compute quotas.
###
[`v1.282.0`](https://redirect.github.com/aws/aws-sdk-go-v2/blob/HEAD/CHANGELOG.md#Release-2026-01-26)
#### Module Highlights
- `github.com/aws/aws-sdk-go-v2/service/connectcases`:
[v1.35.0](service/connectcases/CHANGELOG.md#v1350-2026-01-26)
- **Feature**: Amazon Connect now enables you to use tag-based access
controls to define who can access specific cases. You can associate tags
with case templates and configure security profiles to determine which
users can access cases with those tags.
- `github.com/aws/aws-sdk-go-v2/service/ec2`:
[v1.282.0](service/ec2/CHANGELOG.md#v12820-2026-01-26)
- **Feature**: DescribeInstanceTypes API response now includes an
additionalFlexibleNetworkInterfaces field, the number of interfaces
attachable to an instance when using flexible Elastic Network Adapter
(ENA) queues in addition to the base number specified by
maximumNetworkInterfaces.
- `github.com/aws/aws-sdk-go-v2/service/evidently`:
[v1.29.0](service/evidently/CHANGELOG.md#v1290-2026-01-26)
- **Feature**: Deprecate all Evidently API for AWS CloudWatch Evidently
deprecation
- `github.com/aws/aws-sdk-go-v2/service/groundstation`:
[v1.40.0](service/groundstation/CHANGELOG.md#v1400-2026-01-26)
- **Feature**: Adds support for AWS Ground Station Telemetry.
</details>
<details>
<summary>getsentry/sentry-go (github.com/getsentry/sentry-go)</summary>
###
[`v0.42.0`](https://redirect.github.com/getsentry/sentry-go/releases/tag/v0.42.0):
0.42.0
[Compare
Source](https://redirect.github.com/getsentry/sentry-go/compare/v0.41.0...v0.42.0)
##### Breaking Changes 🛠
- refactor Telemetry Processor to use TelemetryItem instead of
ItemConvertible by
[@​giortzisg](https://redirect.github.com/giortzisg) in
[#​1180](https://redirect.github.com/getsentry/sentry-go/pull/1180)
- remove ToEnvelopeItem from single log items
- rename TelemetryBuffer to Telemetry Processor to adhere to spec
- remove unsed ToEnvelopeItem(dsn) from Event.
##### New Features ✨
- Add metric support by
[@​aldy505](https://redirect.github.com/aldy505) in
[#​1151](https://redirect.github.com/getsentry/sentry-go/pull/1151)
- support for three metric methods (counter, gauge, distribution)
- custom metric units
- unexport batchlogger
##### Internal Changes 🔧
##### Release
- Fix changelog-preview permissions by
[@​BYK](https://redirect.github.com/BYK) in
[#​1181](https://redirect.github.com/getsentry/sentry-go/pull/1181)
- Switch from action-prepare-release to Craft by
[@​BYK](https://redirect.github.com/BYK) in
[#​1167](https://redirect.github.com/getsentry/sentry-go/pull/1167)
##### Other
- (repo) Add Claude Code settings with basic permissions by
[@​philipphofmann](https://redirect.github.com/philipphofmann) in
[#​1175](https://redirect.github.com/getsentry/sentry-go/pull/1175)
- Update release and changelog-preview workflows by
[@​giortzisg](https://redirect.github.com/giortzisg) in
[#​1177](https://redirect.github.com/getsentry/sentry-go/pull/1177)
- Bump echo to 4.10.1 by
[@​giortzisg](https://redirect.github.com/giortzisg) in
[#​1174](https://redirect.github.com/getsentry/sentry-go/pull/1174)
</details>
<details>
<summary>harness/harness-go-sdk
(github.com/harness/harness-go-sdk)</summary>
###
[`v0.7.4`](https://redirect.github.com/harness/harness-go-sdk/compare/v0.7.3...v0.7.4)
[Compare
Source](https://redirect.github.com/harness/harness-go-sdk/compare/v0.7.3...v0.7.4)
###
[`v0.7.3`](https://redirect.github.com/harness/harness-go-sdk/compare/v0.7.2...v0.7.3)
[Compare
Source](https://redirect.github.com/harness/harness-go-sdk/compare/v0.7.2...v0.7.3)
</details>
<details>
<summary>kaptinlin/jsonrepair
(github.com/kaptinlin/jsonrepair)</summary>
###
[`v0.2.7`](https://redirect.github.com/kaptinlin/jsonrepair/compare/v0.2.6...v0.2.7)
[Compare
Source](https://redirect.github.com/kaptinlin/jsonrepair/compare/v0.2.6...v0.2.7)
</details>
<details>
<summary>nats-io/nats-server
(github.com/nats-io/nats-server/v2)</summary>
###
[`v2.12.4`](https://redirect.github.com/nats-io/nats-server/releases/tag/v2.12.4)
[Compare
Source](https://redirect.github.com/nats-io/nats-server/compare/v2.12.3...v2.12.4)
#### Changelog
Refer to the [2.12 Upgrade
Guide](https://docs.nats.io/release-notes/whats_new/whats_new_212) for
backwards compatibility notes with 2.11.x.
##### Go Version
- 1.25.6
([#​7736](https://redirect.github.com/nats-io/nats-server/issues/7736))
##### Dependencies
- github.com/google/go-tpm v0.9.8
([#​7696](https://redirect.github.com/nats-io/nats-server/issues/7696))
- github.com/nats-io/nats.go v1.48.0
([#​7696](https://redirect.github.com/nats-io/nats-server/issues/7696))
- github.com/klauspost/compress v1.18.3
([#​7736](https://redirect.github.com/nats-io/nats-server/issues/7736))
- golang.org/x/crypto v0.47.0
([#​7736](https://redirect.github.com/nats-io/nats-server/issues/7736))
- golang.org/x/sys v0.40.0
([#​7736](https://redirect.github.com/nats-io/nats-server/issues/7736))
##### Added
Monitoring
- Added `tls_cert_not_after` to the `varz` monitoring endpoint for
showing when TLS certificates are due to expire
([#​7709](https://redirect.github.com/nats-io/nats-server/issues/7709))
##### Improved
JetStream
- Creating consumer file stores no longer contends on the stream lock,
improving consumer create performance on heavily loaded streams
([#​7700](https://redirect.github.com/nats-io/nats-server/issues/7700))
- Recalculating num pending with updated filter subjects no longer
gathers and sorts the subject filter list twice
([#​7772](https://redirect.github.com/nats-io/nats-server/issues/7772))
- Switching to interest-based retention will now remove no-interest
messages from the head of the stream
([#​7766](https://redirect.github.com/nats-io/nats-server/issues/7766))
##### Fixed
General
- The config parser now correctly detects and errors on self-referencing
environment variables
([#​7737](https://redirect.github.com/nats-io/nats-server/issues/7737))
- Internal functions for handling headers should no longer corrupt
message bodies if appended
([#​7752](https://redirect.github.com/nats-io/nats-server/issues/7752))
JetStream
- Raft single node elections now transition into leader state correctly
([#​7642](https://redirect.github.com/nats-io/nats-server/issues/7642))
- R1 streams will no longer incorrectly drift last sequence when
exceeding limits
([#​7658](https://redirect.github.com/nats-io/nats-server/issues/7658))
- Deleted streams are no longer wrongfully revived if stalled on an
upper-layer catchup
([#​7668](https://redirect.github.com/nats-io/nats-server/issues/7668))
- A panic that could happen when receiving a shutdown signal while
JetStream is still starting up has been fixed
([#​7683](https://redirect.github.com/nats-io/nats-server/issues/7683))
- JetStream usage stats now correctly reflect purged whole blocks when
optimising large purges
([#​7685](https://redirect.github.com/nats-io/nats-server/issues/7685))
- Recovering JetStream encryption keys now happens independently of the
stream index recovery, fixing some cases where the key could be reset
unexpectedly if the index is rebuilt
([#​7678](https://redirect.github.com/nats-io/nats-server/issues/7678))
- Non-replicated file-based consumers now detect corrupted state on disk
and are deleted automatically
([#​7691](https://redirect.github.com/nats-io/nats-server/issues/7691))
- A panic that could occur when a compact and a hash check run
concurrently on a store has been fixed
([#​7697](https://redirect.github.com/nats-io/nats-server/issues/7697))
- Raft no longer allows a repeat vote for the same term after a stepdown
or leadership transfer
([#​7698](https://redirect.github.com/nats-io/nats-server/issues/7698))
- Replicated consumers are no longer incorrectly deleted if they become
leader just as JetStream is about to shut down
([#​7699](https://redirect.github.com/nats-io/nats-server/issues/7699))
- Fixed an issue where a single truncated block could prevent storing
new messages in the filestore
([#​7704](https://redirect.github.com/nats-io/nats-server/issues/7704))
- Fixed a concurrent map iteration/write panic that could occur on
WorkQueue streams during partitioning
([#​7708](https://redirect.github.com/nats-io/nats-server/issues/7708))
- Fixed a deadlock that could occur on shutdown when adding streams
([#​7710](https://redirect.github.com/nats-io/nats-server/issues/7710))
- Required API level errors are now only returned after other checks,
preventing unexpected replies from other servers
([#​7711](https://redirect.github.com/nats-io/nats-server/issues/7711))
- A data race on mirror consumers has been fixed
([#​7716](https://redirect.github.com/nats-io/nats-server/issues/7716))
- JetStream no longer leaks subscriptions in a cluster when a stream
import/export is set up that overlaps the `$JS.>` namespace
([#​7720](https://redirect.github.com/nats-io/nats-server/issues/7720))
- The filestore will no longer waste CPU time rebuilding subject state
for WALs
([#​7721](https://redirect.github.com/nats-io/nats-server/issues/7721))
- Configuring `cluster_traffic` in config mode has been fixed
([#​7723](https://redirect.github.com/nats-io/nats-server/issues/7723))
- Subject intersection no longer misses certain subjects with specific
patterns of overlapping filters, which could affect consumers, num
pending calculations etc
([#​7728](https://redirect.github.com/nats-io/nats-server/issues/7728),
[#​7741](https://redirect.github.com/nats-io/nats-server/issues/7741),
[#​7744](https://redirect.github.com/nats-io/nats-server/issues/7744),
[#​7745](https://redirect.github.com/nats-io/nats-server/issues/7745))
- Multi-filtered next message lookups in the filestore can now skip
blocks when faster to do so
([#​7750](https://redirect.github.com/nats-io/nats-server/issues/7750))
- The binary search for start times now handles deleted messages
correctly
([#​7751](https://redirect.github.com/nats-io/nats-server/issues/7751))
- Consumer updates will now only recalculate num pending when the filter
subjects are changed
([#​7753](https://redirect.github.com/nats-io/nats-server/issues/7753))
- Consumer info calls will no longer recalculate num pending
([#​7758](https://redirect.github.com/nats-io/nats-server/issues/7758))
- Consumers on replicated interest or workqueue streams should no longer
lose interest or cause desyncs after having their filter subjects
updated
([#​7773](https://redirect.github.com/nats-io/nats-server/issues/7773))
- Interest-based streams will no longer start more check interest state
goroutines when there are existing running ones
([#​7769](https://redirect.github.com/nats-io/nats-server/issues/7769))
##### Complete Changes
</details>
<details>
<summary>onsi/ginkgo (github.com/onsi/ginkgo/v2)</summary>
###
[`v2.28.1`](https://redirect.github.com/onsi/ginkgo/releases/tag/v2.28.1)
[Compare
Source](https://redirect.github.com/onsi/ginkgo/compare/v2.28.0...v2.28.1)
#### 2.28.1
Update all dependencies. This auto-updated the required version of Go to
1.24, consistent with the fact that Go 1.23 has been out of support for
almost six months.
###
[`v2.28.0`](https://redirect.github.com/onsi/ginkgo/releases/tag/v2.28.0)
[Compare
Source](https://redirect.github.com/onsi/ginkgo/compare/v2.27.5...v2.28.0)
#### 2.28.0
Ginkgo's SemVer filter now supports filtering multiple components by
SemVer version:
```go
It("should work in a specific version range (1.0.0, 2.0.0) and third-party dependency redis in [8.0.0, ~)", SemVerConstraint(">= 3.2.0"), ComponentSemVerConstraint("redis", ">= 8.0.0") func() {
// This test will only run when version is between 1.0.0 (exclusive) and 2.0.0 (exclusive) and redis version is >= 8.0.0
})
```
can be filtered in or out with an invocation like:
```bash
ginkgo --sem-ver-filter="2.1.1, redis=8.2.0"
```
Huge thanks to
[@​Icarus9913](https://redirect.github.com/Icarus9913) for working
on this!
</details>
<details>
<summary>onsi/gomega (github.com/onsi/gomega)</summary>
###
[`v1.39.1`](https://redirect.github.com/onsi/gomega/releases/tag/v1.39.1)
[Compare
Source](https://redirect.github.com/onsi/gomega/compare/v1.39.0...v1.39.1)
#### 1.39.1
Update all dependencies. This auto-updated the required version of Go to
1.24, consistent with the fact that Go 1.23 has been out of support for
almost six months.
</details>
<details>
<summary>openai/openai-go (github.com/openai/openai-go/v3)</summary>
###
[`v3.17.0`](https://redirect.github.com/openai/openai-go/releases/tag/v3.17.0)
[Compare
Source](https://redirect.github.com/openai/openai-go/compare/v3.16.0...v3.17.0)
#### 3.17.0 (2026-01-27)
Full Changelog:
[v3.16.0...v3.17.0](https://redirect.github.com/openai/openai-go/compare/v3.16.0...v3.17.0)
##### Features
- **api:** api update
([a456c60](https://redirect.github.com/openai/openai-go/commit/a456c60498b33b7da048cc64bdff76c49a904117))
- **api:** api updates
([21fd4a9](https://redirect.github.com/openai/openai-go/commit/21fd4a9534d5ef531c6a9bc497b90c14b68ebda3))
- **client:** add a convenient param.SetJSON helper
([1b35ece](https://redirect.github.com/openai/openai-go/commit/1b35ece947934982609557e6acacfd3526289de1))
- **client:** add a StreamError type to access raw events from sse
streams
([fd14b30](https://redirect.github.com/openai/openai-go/commit/fd14b30e3cc2d14438a100be12627692e8ea045a))
##### Bug Fixes
- **api:** mark assistants as deprecated
([9a8c9af](https://redirect.github.com/openai/openai-go/commit/9a8c9af8cf988069e543487c09a0897806408d67))
- **client:** retain streaming when user sets request body
([3a7a22e](https://redirect.github.com/openai/openai-go/commit/3a7a22ec90c5ff44203321bbff94f9541a80601f))
- **docs:** add missing pointer prefix to api.md return types
([dd641d9](https://redirect.github.com/openai/openai-go/commit/dd641d924ead979b4369b952f99387880879938d))
##### Chores
- **internal:** codegen related update
([74d3989](https://redirect.github.com/openai/openai-go/commit/74d3989139a94407020f7bf43c8351c4dffe412c))
- **internal:** update `actions/checkout` version
([2db54a5](https://redirect.github.com/openai/openai-go/commit/2db54a5d05e3240c415cb91320ede5704331828a))
</details>
<details>
<summary>stripe/stripe-go (github.com/stripe/stripe-go/v84)</summary>
###
[`v84.3.0`](https://redirect.github.com/stripe/stripe-go/releases/tag/v84.3.0)
[Compare
Source](https://redirect.github.com/stripe/stripe-go/compare/v84.2.0...v84.3.0)
This release changes the pinned API version to `2026-01-28.clover`.
- [#​2258](https://redirect.github.com/stripe/stripe-go/pull/2258)
Update generated code
- Add support for new resource `RadarPaymentEvaluation`
- Add support for `New` method on resource `RadarPaymentEvaluation`
- Add support for `AdjustableQuantity` on `LineItem`
- Add support for new value `risk_reserved` on enum
`BalanceTransaction.BalanceType`
- Add support for new values `reserve_hold` and `reserve_release` on
enum `BalanceTransaction.Type`
- Add support for new value `pl_nip` on enums
`CheckoutSessionCustomerDetailsTaxIds.Type`,
`TaxCalculationCustomerDetailsTaxId.Type`, `TaxId.Type`, and
`TaxTransactionCustomerDetailsTaxId.Type`
- Add support for new value `adyen` on enums
`ConfirmationTokenPaymentMethodPreviewIdeal.Bank`,
`PaymentAttemptRecordPaymentMethodDetailsIdeal.Bank`, and
`PaymentRecordPaymentMethodDetailsIdeal.Bank`
- Add support for new value `ADYBNL2A` on enums
`ConfirmationTokenPaymentMethodPreviewIdeal.BIC`,
`PaymentAttemptRecordPaymentMethodDetailsIdeal.BIC`, and
`PaymentRecordPaymentMethodDetailsIdeal.BIC`
- Add support for `EnforceArithmeticValidation` on
`PaymentIntentAmountDetailsParams`,
`PaymentIntentCaptureAmountDetailsParams`,
`PaymentIntentConfirmAmountDetailsParams`, and
`PaymentIntentIncrementAuthorizationAmountDetailsParams`
- Add support for `Error` on `PaymentIntentAmountDetails`
- Remove support for `Bgn` on `TerminalConfigurationTippingParams` and
`TerminalConfigurationTipping`
- Add support for `Topup` on `TreasuryReceivedDebitLinkedFlows`
- Add support for `ContactPhone` on `V2CoreAccountParams`,
`V2CoreAccountTokenParams`, and `V2CoreAccount`
- Add support for `RegistrationDate` on
`V2CoreAccountIdentityBusinessDetailsParams`,
`V2CoreAccountIdentityBusinessDetails`, and
`V2CoreAccountTokenIdentityBusinessDetailsParams`
- Add support for new value `gb_vat` on enum
`V2CoreAccountIdentityBusinessDetailsIdNumber.Type`
- Add support for error code `request_blocked` on `Error`,
`InvoiceLastFinalizationError`, `PaymentIntentLastPaymentError`,
`SetupAttemptSetupError`, `SetupIntentLastSetupError`, and `StripeError`
- [#​2178](https://redirect.github.com/stripe/stripe-go/pull/2178)
Add context-aware logging interface and update logger usage
See [the changelog for more
details](https://redirect.github.com/stripe/stripe-go/blob/v84.3.0/CHANGELOG.md).
</details>
<details>
<summary>googleapis/google-api-go-client
(google.golang.org/api)</summary>
###
[`v0.264.0`](https://redirect.github.com/googleapis/google-api-go-client/releases/tag/v0.264.0)
[Compare
Source](https://redirect.github.com/googleapis/google-api-go-client/compare/v0.263.0...v0.264.0)
##### Features
- **all:** Auto-regenerate discovery clients
([#​3464](https://redirect.github.com/googleapis/google-api-go-client/issues/3464))
([5c164fc](https://redirect.github.com/googleapis/google-api-go-client/commit/5c164fc8830de4495d72b7c43be930396df83d3f))
- **all:** Auto-regenerate discovery clients
([#​3472](https://redirect.github.com/googleapis/google-api-go-client/issues/3472))
([52bd769](https://redirect.github.com/googleapis/google-api-go-client/commit/52bd769533cbf7f9c3377993a29647dc0cc4228d))
###
[`v0.263.0`](https://redirect.github.com/googleapis/google-api-go-client/releases/tag/v0.263.0)
[Compare
Source](https://redirect.github.com/googleapis/google-api-go-client/compare/v0.262.0...v0.263.0)
##### Features
- **all:** Auto-regenerate discovery clients
([#​3457](https://redirect.github.com/googleapis/google-api-go-client/issues/3457))
([0199a8c](https://redirect.github.com/googleapis/google-api-go-client/commit/0199a8c75bde11931d7fb1593cbb4801cf4250b6))
- **all:** Auto-regenerate discovery clients
([#​3459](https://redirect.github.com/googleapis/google-api-go-client/issues/3459))
([80afb8a](https://redirect.github.com/googleapis/google-api-go-client/commit/80afb8aabeb4a9e1c12c057917ccbb3e9a0700d0))
- **all:** Auto-regenerate discovery clients
([#​3460](https://redirect.github.com/googleapis/google-api-go-client/issues/3460))
([1315da9](https://redirect.github.com/googleapis/google-api-go-client/commit/1315da9e0b70c5c2245e209275e3dc6ef9f38b0e))
- **all:** Auto-regenerate discovery clients
([#​3462](https://redirect.github.com/googleapis/google-api-go-client/issues/3462))
([052317a](https://redirect.github.com/googleapis/google-api-go-client/commit/052317a0b1c4e4d57317589dddf7068124beff4c))
- **all:** Auto-regenerate discovery clients
([#​3463](https://redirect.github.com/googleapis/google-api-go-client/issues/3463))
([35423ac](https://redirect.github.com/googleapis/google-api-go-client/commit/35423ac5def99b9789b1c990ca7d98ef641e1932))
</details>
<details>
<summary>kubernetes-sigs/controller-runtime
(sigs.k8s.io/controller-runtime)</summary>
###
[`v0.23.1`](https://redirect.github.com/kubernetes-sigs/controller-runtime/releases/tag/v0.23.1)
[Compare
Source](https://redirect.github.com/kubernetes-sigs/controller-runtime/compare/v0.23.0...v0.23.1)
#### What's Changed
- \[release-0.23] 🐛 Cache reader: Wait for cache sync when
ReaderFailOnMissingInformer is true by
[@​k8s-infra-cherrypick-robot](https://redirect.github.com/k8s-infra-cherrypick-robot)
in
[#​3433](https://redirect.github.com/kubernetes-sigs/controller-runtime/pull/3433)
- \[release-0.23] :bug: Fix panic when using CRs with embedded pointer
structs by
[@​k8s-infra-cherrypick-robot](https://redirect.github.com/k8s-infra-cherrypick-robot)
in
[#​3436](https://redirect.github.com/kubernetes-sigs/controller-runtime/pull/3436)
- \[release-0.23] :seedling: Test cache reader waits for cache sync by
[@​k8s-infra-cherrypick-robot](https://redirect.github.com/k8s-infra-cherrypick-robot)
in
[#​3438](https://redirect.github.com/kubernetes-sigs/controller-runtime/pull/3438)
- \[release-0.23] :bug: Fakeclient: Fix status apply if existing object
has managedFields set by
[@​k8s-infra-cherrypick-robot](https://redirect.github.com/k8s-infra-cherrypick-robot)
in
[#​3437](https://redirect.github.com/kubernetes-sigs/controller-runtime/pull/3437)
**Full Changelog**:
<https://github.com/kubernetes-sigs/controller-runtime/compare/v0.23.0...v0.23.1>
###
[`v0.23.0`](https://redirect.github.com/kubernetes-sigs/controller-runtime/releases/tag/v0.23.0)
[Compare
Source](https://redirect.github.com/kubernetes-sigs/controller-runtime/compare/v0.22.5...v0.23.0)
#### 🔆 Highlights
- Client: Add subresource Apply support by
[@​alvaroaleman](https://redirect.github.com/alvaroaleman) in
[#​3321](https://redirect.github.com/kubernetes-sigs/controller-runtime/pull/3321)
- Conversion: Enable implementation of conversion outside of API
packages by [@​sbueringer](https://redirect.github.com/sbueringer)
in
[#​3335](https://redirect.github.com/kubernetes-sigs/controller-runtime/pull/3335)
- Priorityqueue: Various improvements, bug fixes and now enabled per
default
- Webhooks: Generic Validator and Defaulter by
[@​alvaroaleman](https://redirect.github.com/alvaroaleman) in
[#​3360](https://redirect.github.com/kubernetes-sigs/controller-runtime/pull/3360)
#### ⚠️ Breaking changes
- Dependencies: Update to k8s.io/\* v1.35 by
[@​alvaroaleman](https://redirect.github.com/alvaroaleman)
[@​dongjiang1989](https://redirect.github.com/dongjiang1989)
[@​kannon92](https://redirect.github.com/kannon92)
([#​3316](https://redirect.github.com/kubernetes-sigs/controller-runtime/issues/3316),
[#​3349](https://redirect.github.com/kubernetes-sigs/controller-runtime/issues/3349),
[#​3386](https://redirect.github.com/kubernetes-sigs/controller-runtime/issues/3386),
[#​3391](https://redirect.github.com/kubernetes-sigs/controller-runtime/issues/3391),
[#​3401](https://redirect.github.com/kubernetes-sigs/controller-runtime/issues/3401))
- Client: Add subresource Apply support by
[@​alvaroaleman](https://redirect.github.com/alvaroaleman) in
[#​3321](https://redirect.github.com/kubernetes-sigs/controller-runtime/pull/3321)
- Events: Migration to the new events API by
[@​clebs](https://redirect.github.com/clebs) in
[#​3262](https://redirect.github.com/kubernetes-sigs/controller-runtime/pull/3262)
- Using the new `GetEventRecorderFor` requires updating your rbac for
events to use the `events.k8s.io` apiGroup rather than the \`\` (core)
apiGroup
- Fakeclient: Set ResourceVersion for SSA Create by
[@​alvaroaleman](https://redirect.github.com/alvaroaleman) in
[#​3311](https://redirect.github.com/kubernetes-sigs/controller-runtime/pull/3311)
- Webhooks: Generic Validator and Defaulter by
[@​alvaroaleman](https://redirect.github.com/alvaroaleman) in
[#​3360](https://redirect.github.com/kubernetes-sigs/controller-runtime/pull/3360)
- Existing code of the form
`builder.WebhookManagedBy(mgr).For(&corev1.Deployment{})` has to be
changed to `builder.WebhookManagedBy(mgr, &appsv1.Deployment{})`
- Existing webhook implementations have to be changed to take the
concrete object rather than `runtime.Object`, for example from
`ValidateCreate(ctx context.Context, obj runtime.Object)
(admission.Warnings, error)` to `ValidateCreate(ctx context.Context, obj
*appsv1.Deployment) (admission.Warnings, error)`
#### ✨ Features
- Cache: Allow fine-granular SyncPeriod configuration by
[@​sbueringer](https://redirect.github.com/sbueringer) in
[#​3376](https://redirect.github.com/kubernetes-sigs/controller-runtime/pull/3376)
- Client: Add FieldOwner option to client.Options by
[@​aerfio](https://redirect.github.com/aerfio) in
[#​3389](https://redirect.github.com/kubernetes-sigs/controller-runtime/pull/3389)
- Client: Add FieldValidation option to client.Options by
[@​aerfio](https://redirect.github.com/aerfio) in
[#​3393](https://redirect.github.com/kubernetes-sigs/controller-runtime/pull/3393)
- Conversion: Enable implementation of conversion outside of API
packages by [@​sbueringer](https://redirect.github.com/sbueringer)
in
[#​3335](https://redirect.github.com/kubernetes-sigs/controller-runtime/pull/3335)
- Metrics: Add controller\_runtime\_reconcile\_timeouts\_total metric to
track ReconciliationTimeout timeouts by
[@​godwinpang](https://redirect.github.com/godwinpang) in
[#​3382](https://redirect.github.com/kubernetes-sigs/controller-runtime/pull/3382)
- Priorityqueue: Add optional Priority field to reconcile.Result by
[@​sbueringer](https://redirect.github.com/sbueringer) in
[#​3333](https://redirect.github.com/kubernetes-sigs/controller-runtime/pull/3333)
- Priorityqueue: Enable per default by
[@​sbueringer](https://redirect.github.com/sbueringer) in
[#​3332](https://redirect.github.com/kubernetes-sigs/controller-runtime/pull/3332)
- Priorityqueue: Use a buffer to optimize priority queue AddWithOpts
performance by [@​zach593](https://redirect.github.com/zach593) in
[#​3415](https://redirect.github.com/kubernetes-sigs/controller-runtime/pull/3415)
- Source/Kind: Delay reconciliation until handlers sync by
[@​GonzaloLuminary](https://redirect.github.com/GonzaloLuminary)
in
[#​3406](https://redirect.github.com/kubernetes-sigs/controller-runtime/pull/3406)
- Webhooks: Add WithContextFunc to WebhookBuilder by
[@​dmvolod](https://redirect.github.com/dmvolod) in
[#​3324](https://redirect.github.com/kubernetes-sigs/controller-runtime/pull/3324)
#### 🐛 Bugfixes
- Client: Allow SSA after normal resource creation by
[@​filipcirtog](https://redirect.github.com/filipcirtog) in
[#​3346](https://redirect.github.com/kubernetes-sigs/controller-runtime/pull/3346)
- Client: Fix List in namespaced client to list objects that are cluster
scoped by [@​troy0820](https://redirect.github.com/troy0820) in
[#​3351](https://redirect.github.com/kubernetes-sigs/controller-runtime/pull/3351)
[#​3353](https://redirect.github.com/kubernetes-sigs/controller-runtime/pull/3353)
- Envtest: Respect pre-configured binary paths in ControlPlane by
[@​mzhaom](https://redirect.github.com/mzhaom) in
[#​3372](https://redirect.github.com/kubernetes-sigs/controller-runtime/pull/3372)
- Fakeclient: Fix a number of bugs when updating through apply by
[@​alvaroaleman](https://redirect.github.com/alvaroaleman) in
[#​3319](https://redirect.github.com/kubernetes-sigs/controller-runtime/pull/3319)
- FakeClient: Fix Apply with Unstructured ApplyConfiguration and
resourceVersion unset by
[@​sbueringer](https://redirect.github.com/sbueringer) in
[#​3403](https://redirect.github.com/kubernetes-sigs/controller-runtime/pull/3403)
- Fakeclient: Fix SSA after List with non-list kind by
[@​sbueringer](https://redirect.github.com/sbueringer) in
[#​3364](https://redirect.github.com/kubernetes-sigs/controller-runtime/pull/3364)
- Fakeclient: Panic when trying to build more than one instance of
fake.ClientBuilder by
[@​troy0820](https://redirect.github.com/troy0820) in
[#​3314](https://redirect.github.com/kubernetes-sigs/controller-runtime/pull/3314)
- Leaderelection: Copy all parent context values to leader elector's
context by
[@​msudheendra-cflt](https://redirect.github.com/msudheendra-cflt)
in
[#​3327](https://redirect.github.com/kubernetes-sigs/controller-runtime/pull/3327)
- Metrics: Adding missing exponential buckets on webhook native
histogram by
[@​brito-rafa](https://redirect.github.com/brito-rafa) in
[#​3411](https://redirect.github.com/kubernetes-sigs/controller-runtime/pull/3411)
- Priorityqueue: Do FIFO ordering within priorities and not across by
[@​zach593](https://redirect.github.com/zach593) in
[#​3408](https://redirect.github.com/kubernetes-sigs/controller-runtime/pull/3408)
- Priorityqueue: Don't block on Get when queue is shutdown (2nd try) by
[@​sbueringer](https://redirect.github.com/sbueringer) in
[#​3337](https://redirect.github.com/kubernetes-sigs/controller-runtime/pull/3337)
- Priorityqueue: Ensure priority queue always returns high-priority
items first by
[@​moritzmoe](https://redirect.github.com/moritzmoe) in
[#​3330](https://redirect.github.com/kubernetes-sigs/controller-runtime/pull/3330)
- Priorityqueue: Fix
TestWhenAddingMultipleItemsWithRatelimitTrueTheyDontAffectEachOther by
[@​zach593](https://redirect.github.com/zach593) in
[#​3395](https://redirect.github.com/kubernetes-sigs/controller-runtime/pull/3395)
- Priorityqueue: Limit depthWithPriorityMetric cardinality to 25 by
[@​alvaroaleman](https://redirect.github.com/alvaroaleman)
[#​3419](https://redirect.github.com/kubernetes-sigs/controller-runtime/pull/3419)
- Priorityqueue: Properly sync the `waiter` manipulation by
[@​fossedihelm](https://redirect.github.com/fossedihelm) in
[#​3368](https://redirect.github.com/kubernetes-sigs/controller-runtime/pull/3368)
- setup-envtest: Select the newest Kubernetes by default by
[@​cbandy](https://redirect.github.com/cbandy) in
[#​3380](https://redirect.github.com/kubernetes-sigs/controller-runtime/pull/3380)
- testing/addr: Prevent possible leak by avoiding defer in loop by
[@​s-z-z](https://redirect.github.com/s-z-z) in
[#​3367](https://redirect.github.com/kubernetes-sigs/controller-runtime/pull/3367)
#### 🌱 Other
- Dependencies: Update controller-tools to 0.20.0 and fix lint by
[@​dongjiang1989](https://redirect.github.com/dongjiang1989) in
[#​3405](https://redirect.github.com/kubernetes-sigs/controller-runtime/pull/3405)
- Linter: Add depguard golangci-linter for forbid sort pkg by
[@​dongjiang1989](https://redirect.github.com/dongjiang1989) in
[#​3374](https://redirect.github.com/kubernetes-sigs/controller-runtime/pull/3374)
- Linter: Modernize finalizer utils by
[@​tbavelier](https://redirect.github.com/tbavelier) in
[#​3329](https://redirect.github.com/kubernetes-sigs/controller-runtime/pull/3329)
- Linter: Update golangci-lint version and modernize lint by
[@​dongjiang1989](https://redirect.github.com/dongjiang1989) in
[#​3384](https://redirect.github.com/kubernetes-sigs/controller-runtime/pull/3384)
- Linter: Update golangci-lint version to v2.4.0 by
[@​dongjiang1989](https://redirect.github.com/dongjiang1989) in
[#​3318](https://redirect.github.com/kubernetes-sigs/controller-runtime/pull/3318)
- Linter: Update golangci-lint version to v2.5.0 by
[@​dongjiang1989](https://redirect.github.com/dongjiang1989) in
[#​3323](https://redirect.github.com/kubernetes-sigs/controller-runtime/pull/3323)
- Linter: Update golangci-lint version to v2.7.2 by
[@​dongjiang1989](https://redirect.github.com/dongjiang1989) in
[#​3399](https://redirect.github.com/kubernetes-sigs/controller-runtime/pull/3399)
- Manager: Deflake should execute the Warmup function test when Warmup
group is started by
[@​alvaroaleman](https://redirect.github.com/alvaroaleman) in
[#​3356](https://redirect.github.com/kubernetes-sigs/controller-runtime/pull/3356)
- Misc: Add CreateOrPatch function in alias.go by
[@​tisonkun](https://redirect.github.com/tisonkun) in
[#​3375](https://redirect.github.com/kubernetes-sigs/controller-runtime/pull/3375)
- Misc: Change `sort` to `slices` package by
[@​dongjiang1989](https://redirect.github.com/dongjiang1989) in
[#​3370](https://redirect.github.com/kubernetes-sigs/controller-runtime/pull/3370)
- Misc: Fix typo in unit test name by
[@​s-z-z](https://redirect.github.com/s-z-z) in
[#​3304](https://redirect.github.com/kubernetes-sigs/controller-runtime/pull/3304)
- Misc: Revert deprecation of client.Apply by
[@​sbueringer](https://redirect.github.com/sbueringer) in
[#​3307](https://redirect.github.com/kubernetes-sigs/controller-runtime/pull/3307)
- Priorityqueue: Add and use newQueueWithTimeForwarder by
[@​alvaroaleman](https://redirect.github.com/alvaroaleman) in
[#​3336](https://redirect.github.com/kubernetes-sigs/controller-runtime/pull/3336)
- Priorityqueue: Add some more tests to the priorityqueue by
[@​alvaroaleman](https://redirect.github.com/alvaroaleman) in
[#​3387](https://redirect.github.com/kubernetes-sigs/controller-runtime/pull/3387)
- Priorityqueue: Use separate b-trees for ready and non-ready items by
[@​alvaroaleman](https://redirect.github.com/alvaroaleman) in
[#​3416](https://redirect.github.com/kubernetes-sigs/controller-runtime/pull/3416)
- Priorityqueue: Use synctest by
[@​alvaroaleman](https://redirect.github.com/alvaroaleman) in
[#​3350](https://redirect.github.com/kubernetes-sigs/controller-runtime/pull/3350)
#### 📖 Documentation
- Add a design for supporting warm replicas by
[@​godwinpang](https://redirect.github.com/godwinpang) in
[#​3121](https://redirect.github.com/kubernetes-sigs/controller-runtime/pull/3121)
- Remove latest from setupenvtest docs by
[@​troy0820](https://redirect.github.com/troy0820) in
[#​3359](https://redirect.github.com/kubernetes-sigs/controller-runtime/pull/3359)
- pkg/client/config: Remove outdated doc comments by
[@​haoqixu](https://redirect.github.com/haoqixu) in
[#​3306](https://redirect.github.com/kubernetes-sigs/controller-runtime/pull/3306)
- Update client.Apply example by
[@​aerfio](https://redirect.github.com/aerfio) in
[#​3390](https://redirect.github.com/kubernetes-sigs/controller-runtime/pull/3390)
- Update `README.md`'s compatibility matrix for `v0.22.x`. by
[@​renormalize](https://redirect.github.com/renormalize) in
[#​3392](https://redirect.github.com/kubernetes-sigs/controller-runtime/pull/3392)
#### Dependencies
##### Added
- github.com/Masterminds/semver/v3:
[v3.4.0](https://redirect.github.com/Masterminds/semver/tree/v3.4.0)
- github.com/gkampitakis/ciinfo:
[v0.3.2](https://redirect.github.com/gkampitakis/ciinfo/tree/v0.3.2)
- github.com/gkampitakis/go-diff:
[v1.3.2](https://redirect.github.com/gkampitakis/go-diff/tree/v1.3.2)
- github.com/gkampitakis/go-snaps:
[v0.5.15](https://redirect.github.com/gkampitakis/go-snaps/tree/v0.5.15)
- github.com/goccy/go-yaml:
[v1.18.0](https://redirect.github.com/goccy/go-yaml/tree/v1.18.0)
- github.com/joshdk/go-junit:
[v1.0.0](https://redirect.github.com/joshdk/go-junit/tree/v1.0.0)
- github.com/maruel/natural:
[v1.1.1](https://redirect.github.com/maruel/natural/tree/v1.1.1)
- github.com/mfridman/tparse:
[v0.18.0](https://redirect.github.com/mfridman/tparse/tree/v0.18.0)
- github.com/tidwall/gjson:
[v1.18.0](https://redirect.github.com/tidwall/gjson/tree/v1.18.0)
- github.com/tidwall/match:
[v1.1.1](https://redirect.github.com/tidwall/match/tree/v1.1.1)
- github.com/tidwall/pretty:
[v1.2.1](https://redirect.github.com/tidwall/pretty/tree/v1.2.1)
- github.com/tidwall/sjson:
[v1.2.5](https://redirect.github.com/tidwall/sjson/tree/v1.2.5)
- go.uber.org/automaxprocs: v1.6.0
- golang.org/x/tools/go/expect: v0.1.0-deprecated
- golang.org/x/tools/go/packages/packagestest: v0.1.1-deprecated
##### Changed
- github.com/go-logr/logr: [v1.4.2 →
v1.4.3](https://redirect.github.com/go-logr/logr/compare/v1.4.2...v1.4.3)
- github.com/google/pprof: [d1b30fe →
27863c8](https://redirect.github.com/google/pprof/compare/d1b30fe...27863c8)
- github.com/onsi/ginkgo/v2: [v2.22.0 →
v2.27.2](https://redirect.github.com/onsi/ginkgo/compare/v2.22.0...v2.27.2)
- github.com/onsi/gomega: [v1.36.1 →
v1.38.2](https://redirect.github.com/onsi/gomega/compare/v1.36.1...v1.38.2)
- github.com/prometheus/client\_golang: [v1.22.0 →
v1.23.2](https://redirect.github.com/prometheus/client_golang/compare/v1.22.0...v1.23.2)
- github.com/prometheus/client\_model: [v0.6.1 →
v0.6.2](https://redirect.github.com/prometheus/client_model/compare/v0.6.1...v0.6.2)
- github.com/prometheus/common: [v0.62.0 →
v0.66.1](https://redirect.github.com/prometheus/common/compare/v0.62.0...v0.66.1)
- github.com/prometheus/procfs: [v0.15.1 →
v0.16.1](https://redirect.github.com/prometheus/procfs/compare/v0.15.1...v0.16.1)
- github.com/rogpeppe/go-internal: [v1.13.1 →
v1.14.1](https://redirect.github.com/rogpeppe/go-internal/compare/v1.13.1...v1.14.1)
- github.com/spf13/cobra: [v1.9.1 →
v1.10.0](https://redirect.github.com/spf13/cobra/compare/v1.9.1...v1.10.0)
- github.com/spf13/pflag: [v1.0.6 →
v1.0.9](https://redirect.github.com/spf13/pflag/compare/v1.0.6...v1.0.9)
- github.com/stretchr/testify: [v1.10.0 →
v1.11.1](https://redirect.github.com/stretchr/testify/compare/v1.10.0...v1.11.1)
- go.etcd.io/bbolt: v1.4.2 → v1.4.3
- go.etcd.io/etcd/api/v3: v3.6.4 → v3.6.5
- go.etcd.io/etcd/client/pkg/v3: v3.6.4 → v3.6.5
- go.etcd.io/etcd/client/v3: v3.6.4 → v3.6.5
- go.etcd.io/etcd/pkg/v3: v3.6.4 → v3.6.5
- go.etcd.io/etcd/server/v3: v3.6.4 → v3.6.5
- go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp: v0.58.0
→ v0.61.0
- go.opentelemetry.io/otel/metric: v1.35.0 → v1.36.0
- go.opentelemetry.io/otel/sdk/metric: v1.34.0 → v1.36.0
- go.opentelemetry.io/otel/sdk: v1.34.0 → v1.36.0
- go.opentelemetry.io/otel/trace: v1.35.0 → v1.36.0
- go.opentelemetry.io/otel: v1.35.0 → v1.36.0
- go.yaml.in/yaml/v2: v2.4.2 → v2.4.3
- golang.org/x/crypto: v0.36.0 → v0.45.0
- golang.org/x/mod: v0.21.0 → v0.29.0
- golang.org/x/net: v0.38.0 → v0.47.0
- golang.org/x/oauth2: v0.27.0 → v0.30.0
- golang.org/x/sync: v0.12.0 → v0.18.0
- golang.org/x/sys: v0.31.0 → v0.38.0
- golang.org/x/telemetry:
[`bda5523`](https://redirect.github.com/kubernetes-sigs/controller-runtime/commit/bda5523)
→
[`078029d`](https://redirect.github.com/kubernetes-sigs/controller-runtime/commit/078029d)
- golang.org/x/term: v0.30.0 → v0.37.0
- golang.org/x/text: v0.23.0 → v0.31.0
- golang.org/x/tools: v0.26.0 → v0.38.0
- golang.org/x/xerrors:
[`5ec99f8`](https://redirect.github.com/kubernetes-sigs/controller-runtime/commit/5ec99f8)
→
[`9bdfabe`](https://redirect.github.com/kubernetes-sigs/controller-runtime/commit/9bdfabe)
- google.golang.org/genproto/googleapis/rpc:
[`a0af3ef`](https://redirect.github.com/kubernetes-sigs/controller-runtime/commit/a0af3ef)
→
[`200df99`](https://redirect.github.com/kubernetes-sigs/controller-runtime/commit/200df99)
- google.golang.org/grpc: v1.72.1 → v1.72.2
- google.golang.org/protobuf: v1.36.5 → v1.36.8
- gopkg.in/evanphx/json-patch.v4: v4.12.0 → v4.13.0
- k8s.io/api: v0.34.0 → v0.35.0
- k8s.io/apiextensions-apiserver: v0.34.0 → v0.35.0
- k8s.io/apimachinery: v0.34.0 → v0.35.0
- k8s.io/apiserver: v0.34.0 → v0.35.0
- k8s.io/client-go: v0.34.0 → v0.35.0
- k8s.io/code-generator: v0.34.0 → v0.35.0
- k8s.io/component-base: v0.34.0 → v0.35.0
- k8s.io/gengo/v2:
[`85fd79d`](https://redirect.github.com/kubernetes-sigs/controller-runtime/commit/85fd79d)
→
[`ec3ebc5`](https://redirect.github.com/kubernetes-sigs/controller-runtime/commit/ec3ebc5)
- k8s.io/kms: v0.34.0 → v0.35.0
- k8s.io/kube-openapi:
[`f3f2b99`](https://redirect.github.com/kubernetes-sigs/controller-runtime/commit/f3f2b99)
→
[`589584f`](https://redirect.github.com/kubernetes-sigs/controller-runtime/commit/589584f)
- k8s.io/utils:
[`4c0f3b2`](https://redirect.github.com/kubernetes-sigs/controller-runtime/commit/4c0f3b2)
→
[`bc988d5`](https://redirect.github.com/kubernetes-sigs/controller-runtime/commit/bc988d5)
- sigs.k8s.io/json:
[`cfa47c3`](https://redirect.github.com/kubernetes-sigs/controller-runtime/commit/cfa47c3)
→
[`2d32026`](https://redirect.github.com/kubernetes-sigs/controller-runtime/commit/2d32026)
##### Removed
- github.com/kisielk/errcheck:
[v1.5.0](https://redirect.github.com/kisielk/errcheck/tree/v1.5.0)
- github.com/kisielk/gotool:
[v1.0.0](https://redirect.github.com/kisielk/gotool/tree/v1.0.0)
- gopkg.in/yaml.v2: v2.4.0
#### New Contributors
- [@​haoqixu](https://redirect.github.com/haoqixu) made their
first contribution in
[#​3306](https://redirect.github.com/kubernetes-sigs/controller-runtime/pull/3306)
-
[@​msudheendra-cflt](https://redirect.github.com/msudheendra-cflt)
made their first contribution in
[#​3327](https://redirect.github.com/kubernetes-sigs/controller-runtime/pull/3327)
- [@​tbavelier](https://redirect.github.com/tbavelier) made their
first contribution in
[#​3329](https://redirect.github.com/kubernetes-sigs/controller-runtime/pull/3329)
- [@​moritzmoe](https://redirect.github.com/moritzmoe) made their
first contribution in
[#​3330](https://redirect.github.com/kubernetes-sigs/controller-runtime/pull/3330)
- [@​filipcirtog](https://redirect.github.com/filipcirtog) made
their first contribution in
[#​3346](https://redirect.github.com/kubernetes-sigs/controller-runtime/pull/3346)
- [@​fossedihelm](https://redirect.github.com/fossedihelm) made
their first contribution in
[#​3368](https://redirect.github.com/kubernetes-sigs/controller-runtime/pull/3368)
- [@​mzhaom](https://redirect.github.com/mzhaom) made their first
contribution in
[#​3372](https://redirect.github.com/kubernetes-sigs/controller-runtime/pull/3372)
- [@​tisonkun](https://redirect.github.com/tisonkun) made their
first contribution in
[#​3375](https://redirect.github.com/kubernetes-sigs/controller-runtime/pull/3375)
- [@​renormalize](https://redirect.github.com/renormalize) made
their first contribution in
[#​3392](https://redirect.github.com/kubernetes-sigs/controller-runtime/pull/3392)
- [@​brito-rafa](https://redirect.github.com/brito-rafa) made
their first contribution in
[#​3411](https://redirect.github.com/kubernetes-sigs/controller-runtime/pull/3411)
- [@​GonzaloLuminary](https://redirect.github.com/GonzaloLuminary)
made their first contribution in
[#​3406](https://redirect.github.com/kubernetes-sigs/controller-runtime/pull/3406)
**Full Changelog**:
<https://github.com/kubernetes-sigs/controller-runtime/compare/v0.22.0...v0.23.0>
*Thanks to all our contributors!* 😊
###
[`v0.22.5`](https://redirect.github.com/kubernetes-sigs/controller-runtime/releases/tag/v0.22.5)
[Compare
Source](https://redirect.github.com/kubernetes-sigs/controller-runtime/compare/v0.22.4...v0.22.5)
#### What's Changed
- 🌱 Bump k8s.io/\* to v0.34.3 by
[@​sbueringer](https://redirect.github.com/sbueringer) in
[#​3420](https://redirect.github.com/kubernetes-sigs/controller-runtime/pull/3420)
**Full Changelog**:
<https://github.com/kubernetes-sigs/controller-runtime/compare/v0.22.4...v0.22.5>
</details>
---
### Configuration
📅 **Schedule**: Branch creation - "before 10am on friday" in timezone
Europe/London, Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.
👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config
help](https://redirect.github.com/renovatebot/renovate/discussions) if
that's undesired.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box
---
This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/overmindtech/workspace).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi45Mi4xIiwidXBkYXRlZEluVmVyIjoiNDIuOTIuMSIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiZGVwZW5kZW5jaWVzIiwiZ29sYW5nIiwib2JzZXJ2YWJpbGl0eSJdfQ==-->
<!-- CURSOR_SUMMARY -->
---
> [!NOTE]
> **Medium Risk**
> While the PR is limited to dependency version bumps, it touches core
infra libraries (AWS/GCP SDKs, `controller-runtime`) and includes a
`sentry-go` release with noted breaking changes, so runtime/compile
regressions are plausible.
>
> **Overview**
> **Dependency-only update.** Bumps multiple Go modules in `go.mod` and
refreshes `go.sum`, including `cloud.google.com/go/container`,
`github.com/auth0/go-auth0/v2`, AWS SDK services (`ec2`, `lambda`,
`s3`), `github.com/getsentry/sentry-go`,
`github.com/openai/openai-go/v3`, `github.com/stripe/stripe-go/v84`,
`google.golang.org/api`, and `sigs.k8s.io/controller-runtime`.
>
> Also updates several transitive modules (e.g.,
`github.com/google/go-tpm`, `github.com/google/pprof`,
`github.com/klauspost/compress`, `golang.org/x/tools`,
`golang.org/x/telemetry`, and `sigs.k8s.io/structured-merge-diff/v6`)
via `go mod tidy`/MVS resolution.
>
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
00b507d7a147ea045f97670d1db1930d29aa2708. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->
---------
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Elliot Waddington <[email protected]>
GitOrigin-RevId: cc15bad91fa692e582aa6d18b18ef0969a21e7b8
<!-- CURSOR_SUMMARY --> > [!NOTE] > **Medium Risk** > Moderate risk because it changes the data source and caching behavior for KMS discovery (including permissions and cache-miss load semantics), which could affect correctness/latency and introduce subtle cache/deadlock issues if the loader or cache interaction is incorrect. > > **Overview** > GCP Cloud KMS adapters (`KeyRing`, `CryptoKey`, `CryptoKeyVersion`) are migrated from per-resource Cloud KMS API clients to a new `CloudKMSAssetLoader` that bulk-fetches KMS resources via Cloud Asset Inventory, caches them in `sdpcache`, and serves `GET`/`SEARCH`/`LIST` via a cache-miss → lazy bulk-load → recheck pattern (including singleflight/TTL and careful `done()` handling to avoid self-deadlock). > > This updates adapter wiring to construct and use the loader (and switches required IAM role/permissions to `roles/cloudasset.viewer` / `cloudasset.assets.listResource`), removes the old KMS client abstractions and mocks, rewrites unit tests to be cache/loader-based, and adds new integration test docs/code for comparing KMS vs Asset Inventory plus expanded `sdpcache` documentation and minor observability/logging guideline updates. > > <sup>Written by [Cursor Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit 95b8d35558fb12656d67868838194bca7169b9e6. This will update automatically on new commits. Configure [here](https://cursor.com/dashboard?tab=bugbot).</sup> <!-- /CURSOR_SUMMARY --> GitOrigin-RevId: e20cfeaafba977c17ae4c41331dc00c85dcc43f9
This fixes the timeout issues that we were having for blast radius. Rather than using a context when they're using a channel to signal cancellation. The reason for this is that canceling the context tends to break everything that uses that context and therefore causes all kinds of issues that were really hard to trace. Instead, we're just sending an event over a channel which causes everything to finish gracefully without having to bother with contexts. I have also added detection for stalled OpenAI responses because we basically never want to cancel an OpenAI call if it is still sending us data. So it makes more sense to have it be able to error and retry if we just stop receiving data. It's up to us to just set a longer context knowing that it's not going to be sitting there doing nothing. <!-- CURSOR_SUMMARY --> --- > [!NOTE] > **Medium Risk** > Touches core `changeanalysis` job execution and timeout semantics (hard vs soft) plus LLM streaming control flow, which could affect long-running analyses and failure modes. Scope is broad across API, CLI, and protobuf config, but changes are bounded and covered by updated/new tests. > > **Overview** > **Reworks change analysis time controls** from a configurable hard timeout (`ChangeAnalysisMaxTimeout`) to a *target duration* (`ChangeAnalysisTargetDuration`) used only to plan the blast radius soft-stop (67% of target), while enforcing a fixed 30-minute hard job deadline (`CHANGE_ANALYSIS_MAX_TIMEOUT`) across admin jobs and server-side scheduling. > > **Changes blast radius recursion stopping behavior** to use a channel-based `recursionControl` signal (soft timeout) rather than cancelling the main context, allowing in-flight gateway work and hypothesis collection to finish without tearing down shared connections; updates the admin UI/CLI/config presets/protos to reflect the new semantics. > > **Adds OpenAI Responses stream stall detection** with optional configurable idle timeout + retry budget, refactors stream event handling, and introduces `StreamWithIdleTimeout` with tests to cancel/retry only when the stream stops producing events. > > <sup>Written by [Cursor Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit 6a83ee7f06c9fe6aabb25bc847795067b706707e. This will update automatically on new commits. Configure [here](https://cursor.com/dashboard?tab=bugbot).</sup> <!-- /CURSOR_SUMMARY --> --------- Co-authored-by: David Schmitt <[email protected]> GitOrigin-RevId: ed6bbf437158f553d074c5a7ec61a87a1ba2a847
<!-- CURSOR_SUMMARY --> > [!NOTE] > **Low Risk** > Adds additional relationship discovery based on instance metadata and corresponding tests; no changes to auth, writes, or critical control flow. > > **Overview** > **Adds new dependency links from GCP Compute Instances to their originating templates and managers.** The compute instance adapter now inspects instance metadata and emits `LinkedItemQueries` for `instance-template` (global vs regional instance templates) and `created-by` (instance group manager), and includes these types in `PotentialLinks`. > > Extends `compute-instance_test.go` with coverage for both global and regional template URIs plus instance group manager linking to validate the new metadata-driven relationships. > > <sup>Written by [Cursor Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit e74c43641e69862639200aca01ed8904ade65bcb. Configure [here](https://cursor.com/dashboard?tab=bugbot).</sup> <!-- /CURSOR_SUMMARY --> GitOrigin-RevId: 655ee7dacf79a39805eeadad11c21e3e772d1b41
<!-- CURSOR_SUMMARY --> > [!NOTE] > **Low Risk** > Primarily a mechanical field rename/wiring change; risk is limited to missed renames causing nil-cache behavior or compile errors. > > **Overview** > Standardizes adapter caching by renaming internal `cacheField` members to `cache` across discovery tests, the `sources` transformer adapters, Kubernetes `KubeTypeAdapter` and all k8s adapter constructors, and stdlib `DNSAdapter`/`HTTPAdapter`. > > This also tightens assumptions by treating `cache` as *mandatory* (validation checks updated) while preserving a NoOp cache fallback when unset, and updates stdlib engine initialization/tests to wire the new field name. > > <sup>Written by [Cursor Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit 4b35d8ccdb0384e63cd2e6797c5073eab8445e39. This will update automatically on new commits. Configure [here](https://cursor.com/dashboard?tab=bugbot).</sup> <!-- /CURSOR_SUMMARY --> GitOrigin-RevId: 751736bb713b7da7dcf435bc689389aecdef57e1
We have seen a number of changes from one of our customers that use this adapter. I thought we already supported this, but it turns out we only supported the project-level one and we need to support the regional one as well. This adds the regional one, but re-uses the logic from the project-level one since they're the same actual data. <!-- CURSOR_SUMMARY --> > [!NOTE] > **Medium Risk** > Introduces a new discovery adapter and shared conversion path that can affect graph linking/health semantics for instance group managers; limited scope but touches core discovery wiring and type registries. > > **Overview** > Adds a new manual adapter for **regional** GCP `InstanceGroupManager` resources (`ComputeRegionInstanceGroupManager`), including wildcard `"*"` listing across all configured regions and Terraform lookup support. > > Refactors `InstanceGroupManager` → SDP item conversion into a shared helper used by both zonal and regional adapters, and wires up new GCP client interfaces/mocks, item type/resource identifiers, manual link generation, and `roles/compute.viewer` permissions for the new regional adapter. > > <sup>Written by [Cursor Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit be7b7cf4f2cd9c7a7bc2248e1ab50be60c6c4a58. Configure [here](https://cursor.com/dashboard?tab=bugbot).</sup> <!-- /CURSOR_SUMMARY --> GitOrigin-RevId: 6ef5717e2c6236180f650d78f35b448e592d6291
✨ <!-- CURSOR_SUMMARY --> --- > [!NOTE] > **Medium Risk** > Touches authentication and service-to-service impersonation flows across multiple services; mistakes in config wiring or nil/empty credential handling could break background jobs or middleware auth behavior. > > **Overview** > **Centralizes Auth0 impersonation HTTP client creation** by introducing `auth.Auth0Config.ImpersonationHTTPClient()` and switching background jobs and gateway/revlink warmup code to use it instead of duplicating OAuth2 client-credentials/token-source logic. > > Refactors configuration wiring to use structured `Auth0Config` and renames `auth.AuthConfig` to `auth.MiddlewareConfig`, updating api-server/gateway config loading, server structs, and tests; api-server also adds `ServerConfig.GetAuthConfig()` to consistently construct middleware settings (including unauthenticated overrides). > > <sup>Written by [Cursor Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit ecf5b0fc21b2b953de30c6cfb10af97eda3a2c21. This will update automatically on new commits. Configure [here](https://cursor.com/dashboard?tab=bugbot).</sup> <!-- /CURSOR_SUMMARY --> GitOrigin-RevId: 3b96218f2743aa92a050a761b5cdc214043abd39
<!-- CURSOR_SUMMARY --> > [!NOTE] > **Medium Risk** > Touches change-timeline data structures across backend and frontend; risk is mostly integration/compatibility (schema/field changes) and potential UI regressions, with no auth/payment/security logic affected. > > **Overview** > **Minimizes change timeline payload size** by replacing full `MappedItemDiff` objects in the "Map resources" timeline step with lightweight `MappedItemTimelineSummary` entries (display name, status, optional error) generated server-side. > > **Updates consumers**: the frontend timeline components/mocks/stories now render `MappedItemsTimelineEntry.items` (with explicit SUCCESS/ERROR/UNSUPPORTED statuses) instead of `mappedItems`, and the admin Area51 change details page now renders the full timeline (including content) as YAML via a new `buildTimelineYAML` helper rather than listing DB rows/sorting them. > > Adds/updates unit tests to validate timeline summary conversion and YAML output generation. > > <sup>Written by [Cursor Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit c19e962e1031d142d13654fe0f39e4c553de9fd8. Configure [here](https://cursor.com/dashboard?tab=bugbot).</sup> <!-- /CURSOR_SUMMARY --> --------- Co-authored-by: Elliot Waddington <[email protected]> GitOrigin-RevId: 6dc19bdac5c1979db94dbbbb1c8ee486884b106c
### Healthz Server starts ! <img width="2446" height="383" alt="image" src="https://github.com/user-attachments/assets/10aa2812-28e6-4e43-a590-2a5159992762" /> ### probes respond ```bash vscode ➜ /workspace (eng-2291-extract-kubernetes-probe-healthz-server-into-common-library) $ curl http://localhost:8089/healthz/ready ok vscode ➜ /workspace (eng-2291-extract-kubernetes-probe-healthz-server-into-common-library) $ curl http://localhost:8089/healthz/alive ok vscode ➜ /workspace (eng-2291-extract-kubernetes-probe-healthz-server-into-common-library) $ curl http://localhost:8089/healthz ok vscode ➜ /workspace (eng-2291-extract-kubernetes-probe-healthz-server-into-common-library) $ ``` ### cli tool starts and explore works <img width="2278" height="568" alt="image" src="https://github.com/user-attachments/assets/000e9d3c-8d71-4688-8b85-8b827f198223" /> <img width="2720" height="953" alt="image" src="https://github.com/user-attachments/assets/030a4802-fbd2-4658-836a-919340562645" /> <!-- CURSOR_SUMMARY --> --- > [!NOTE] > **Low Risk** > Low risk refactor that centralizes health-probe server wiring; main risk is subtle behavior changes in probe routing/log fields or port parsing for `stdlib-source`. > > **Overview** > Moves per-source `/healthz` HTTP server setup into a new `discovery.Engine.ServeHealthProbes(port)` helper that registers `/healthz/alive`, `/healthz/ready`, and legacy `/healthz` and starts the server with timeouts and consistent logging. > > Updates `aws-source`, `harness-source`, `k8s-source`, `azure-source`, `gcp-source`, and `stdlib-source` to call `e.ServeHealthProbes(...)` instead of duplicating `net/http` server wiring; `stdlib-source` now parses `service-port` from string to int and fails fast on invalid values. > > <sup>Written by [Cursor Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit 0d32c976d548d230c4c8574d5175b7164b4e802a. This will update automatically on new commits. Configure [here](https://cursor.com/dashboard?tab=bugbot).</sup> <!-- /CURSOR_SUMMARY --> GitOrigin-RevId: 82499655708298ea25a9adf59a8f5134cf1c17ee
https://github.com/user-attachments/assets/25cd6223-3c96-4bd5-9cf0-f11af6093c84 <!-- CURSOR_SUMMARY --> --- > [!NOTE] > **Medium Risk** > Large-scale package renames and initialization/wiring changes (admin handler + worker registration) could cause build or runtime startup regressions, though behavior changes appear mostly structural. > > **Overview** > Refactors `api-server` into clearer layers by renaming the former `server` package to `service` and moving the admin UI into its own `area51` package (including updated imports, sqlc type mappings, and regenerated templ files). > > Updates startup and wiring so `cmd/start.go` constructs the Area51 router and injects it into the service via a new `AdminHandler`, and registers Area51 River workers via a new `RegisterAdditionalWorkers` callback to avoid circular dependencies; CI, Docker build/entrypoint paths, VSCode launch config, and docs/testing commands are updated accordingly. > > <sup>Written by [Cursor Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit c280f6fd776c330bd071c98d5edc084698f88b3c. This will update automatically on new commits. Configure [here](https://cursor.com/dashboard?tab=bugbot).</sup> <!-- /CURSOR_SUMMARY --> GitOrigin-RevId: 0420e8bfeb22daf45aadeaaab8de1ef17a05670f
…latest sdk (#3765) <!-- CURSOR_SUMMARY --> > [!NOTE] > **Medium Risk** > Large surface-area change touching many Azure adapters plus major-version SDK bumps, which could subtly change API types/fields and the produced link graph despite mostly additive logic and updated tests. > > **Overview** > Upgrades multiple Azure ARM SDK dependencies (network `armnetwork` v6→v8, storage `armstorage` v2→v3, keyvault `armkeyvault` v1→v2, batch `armbatch` →`/v3`, SQL `armsql` →`/v2`) and updates all affected clients, mocks, and integration tests accordingly. > > Extends several Azure manual adapters to emit richer `LinkedItemQueries` and `PotentialLinks` for dependency/impact graphing, including new Azure item types (e.g., flow logs, private link service, DSCP config, NIC tap configs, storage encryption scope & private endpoint connections, managed HSM private endpoint connections, SQL LTR backups/schemas/maintenance config/failover group links). It also standardizes some stdlib link types (e.g., `stdlib.NetworkDNS`/`NetworkIP`/`NetworkHTTP`) and adjusts blast-propagation directions for shared resources like DNS/IP. > > <sup>Written by [Cursor Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit 200d860b5b202904af7ede77aebea173eb75b0d1. This will update automatically on new commits. Configure [here](https://cursor.com/dashboard?tab=bugbot).</sup> <!-- /CURSOR_SUMMARY --> GitOrigin-RevId: 0a4b7972b5b7e5f9c2b64324a818fdd69dba0523
<!-- CURSOR_SUMMARY --> > [!NOTE] > **Medium Risk** > Introduces a new adapter into the Azure discovery initialization path for every resource group, which can affect discovery runtime and linked-item graph behavior. Functional risk is moderate and largely mitigated by added unit and integration tests. > > **Overview** > Adds a new Azure Compute adapter for Proximity Placement Groups (PPGs), including an SDK client wrapper (`ProximityPlacementGroupsClient`) and a `ComputeProximityPlacementGroup` list/get implementation that emits SDP items and links to related compute resources (VMs, availability sets, VM scale sets). > > Registers the new adapter in `manual/adapters.go` so it is instantiated per resource group (and included in metadata-only registration), and adds both unit tests (mocked pager/client + link/scope behavior) and an end-to-end integration test that provisions a PPG, verifies `Get`/`List`, item attributes, and linked-item queries. > > <sup>Written by [Cursor Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit b62828eec1f101a779cf1c2b12105cd16eae6be6. This will update automatically on new commits. Configure [here](https://cursor.com/dashboard?tab=bugbot).</sup> <!-- /CURSOR_SUMMARY --> GitOrigin-RevId: d54b9b8e076b80f079fb7530b9f12181ffd18a38
This also avoids things like zero values being omitted and the enums being cast to integers. <!-- CURSOR_SUMMARY --> --- > [!NOTE] > **Medium Risk** > Changes the wire/CLI JSON serialization for `GetChangeSummary`, which can affect downstream consumers expecting prior JSON shapes (e.g., enum formatting and presence of default/empty fields). Scope is limited to output formatting and generated proto/types. > > **Overview** > Switches `GetChangeSummary` JSON rendering from a hand-built Go struct + `encoding/json` to protobuf-native `protojson` with `EmitUnpopulated: true`, so default values are included and enums serialize as names. > > Adds a new proto message `ChangeSummaryJSONOutput` (and regenerates Go/TS bindings) to define the JSON shape explicitly, and tweaks hypotheses handling so `null` vs `[]` can be distinguished in the new always-populated output. > > <sup>Written by [Cursor Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit e2b2ff9c6ed567df20e6199cfa604c89e6311071. This will update automatically on new commits. Configure [here](https://cursor.com/dashboard?tab=bugbot).</sup> <!-- /CURSOR_SUMMARY --> --------- Co-authored-by: Cursor Agent <[email protected]> GitOrigin-RevId: 343a4b33ebc98345442d7d7e33f7e9c079b54ad0
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
5 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Copybara Sync - Release v1.15.0
This PR was automatically created by Copybara, syncing changes from the overmindtech/workspace monorepo.
Original author: Dylan ([email protected])
What happens when this PR is merged?
tag-on-mergeworkflow will automatically create thev1.15.0tag on mainReview Checklist