fix(deps): update go-minor

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
github.com/IBM/sarama	v1.47.0 → v1.48.2
github.com/lib/pq	v1.11.2 → v1.12.3
github.com/onsi/gomega	v1.39.1 → v1.40.0
github.com/testcontainers/testcontainers-go	v0.41.0 → v0.42.0
github.com/testcontainers/testcontainers-go/modules/postgres	v0.41.0 → v0.42.0

---

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

---

Release Notes

IBM/sarama (github.com/IBM/sarama)

v1.48.2: Version 1.48.2 (2026-05-13)

Compare Source

What's Changed

🎉 New Features / Improvements

• feat(admin): add KIP-396 list/alter offsets APIs by @​DCjanus in #​3419
• feat: add SubscriptionUserDataProvider hook for BalanceStrategy by @​lizthegrey in #​3506
• perf(zstd): scale idle zstd encoder cap to GOMAXPROCS by @​lizthegrey in #​3507

🐛 Fixes

• fix: retry ListTopics on transient transport errors by @​huynhanx03 in #​3497
• test(fvt): only safeClose if we created by @​dnwe in #​3530
• fix(client): scope metadata refresh errors to requested topics by @​dnwe in #​3532

🔧 Maintenance

• test(fvt): speedup functional test runs by @​dnwe in #​3528

Full Changelog: IBM/sarama@v1.48.1...v1.48.2

v1.48.1: Version 1.48.1 (2026-05-10)

Compare Source

What's Changed

🐛 Fixes

• perf: cache topic batch-size metric lookup by @​huynhanx03 in #​3498
• fix: stabilise TestFuncTxnProduceAndCommitOffset flakes by @​dnwe in #​3517
• test: relax producer batch metrics assertions by @​DCjanus in #​3523
• fix: prevent race during partition consumer close by @​dnwe in #​3524
• fix: return leaderless errors in metadata refresh by @​dnwe in #​3525

📦 Dependency updates

• chore(deps): update dependency golangci/golangci-lint to v2.12.1 by @​renovate[bot] in #​3509
• chore(deps): bump github.com/klauspost/compress from 1.18.5 to 1.18.6 by @​dependabot[bot] in #​3508
• chore(deps): bump golang.org/x/sys from 0.43.0 to 0.44.0 in the golang-x group across 1 directory by @​dependabot[bot] in #​3520
• chore(deps): update module golang.org/x/crypto to v0.51.0 by @​renovate[bot] in #​3521
• fix(deps): update module golang.org/x/net to v0.54.0 by @​renovate[bot] in #​3526
• chore(deps): update dependency golangci/golangci-lint to v2.12.2 by @​renovate[bot] in #​3515

🔧 Maintenance

• chore: add testifylint and fix lint warnings by @​dnwe in #​3522

New Contributors

• @​huynhanx03 made their first contribution in #​3498

Full Changelog: IBM/sarama@v1.48.0...v1.48.1

v1.48.0: Version 1.48.0 (2026-04-24)

Compare Source

What's Changed

🎉 New Features / Improvements

• feat(producer): partition muting for msg ordering by @​dnwe in #​3422

🐛 Fixes

• fix: handle nullable metadata in OffsetFetchResponse by @​dnwe in #​3473
• fix: nil response/done channels after SASLv1 failure by @​dnwe in #​3474
• fix(protocol): handle ElectLeaders V1 non-flexible headers by @​DCjanus in #​3478
• fix: correct a number of goroutine leaks by @​dnwe in #​3476
• fix: resolve deadlock in concurrent offset commits by @​dnwe in #​3477
• fix(consumer): avoid broker race in response feeder by @​DCjanus in #​3486
• fix: stop dispatcher for dying children in brokerConsumer.abort() by @​lizthegrey in #​3492
• fix: close broken tcp connections by @​Asphaltt in #​3384
• fix: add Unwrap() to DescribeConfigError and AlterConfigError by @​ShinThirty in #​3487

📦 Dependency updates

• chore(deps): update dependency golangci/golangci-lint to v2.11.1 by @​renovate[bot] in #​3462
• chore(deps): bump github.com/pierrec/lz4/v4 from 4.1.25 to 4.1.26 by @​dependabot[bot] in #​3461
• chore(deps): bump golang.org/x/sync from 0.19.0 to 0.20.0 in the golang-x group across 1 directory by @​dependabot[bot] in #​3466
• chore(deps): update module golang.org/x/crypto to v0.49.0 by @​renovate[bot] in #​3468
• chore(deps): update dependency golangci/golangci-lint to v2.11.3 by @​renovate[bot] in #​3464
• fix(deps): update module golang.org/x/net to v0.52.0 by @​renovate[bot] in #​3472
• fix(deps): update module github.com/klauspost/compress to v1.18.5 by @​renovate[bot] in #​3480
• chore(deps): update module golang.org/x/crypto to v0.50.0 by @​renovate[bot] in #​3489
• fix(deps): update module golang.org/x/net to v0.53.0 by @​renovate[bot] in #​3493
• chore(deps): update docker/setup-buildx-action action to v4 by @​renovate[bot] in #​3458
• chore(deps): update docker/bake-action action to v7.1.0 by @​renovate[bot] in #​3459

🔧 Maintenance

• chore: add kafka versions 3.9.2 and 4.2.0 by @​edoardocomar in #​3471

📝 Documentation

• Update the Kakfa Protocol Specification Link by @​MohishKhadse55 in #​3463

➕ Other Changes

• chore(deps): update dependency golangci/golangci-lint to v2.11.4 by @​renovate[bot] in #​3482
• fix: update API version URL as previous link was not working by @​MohishKhadse55 in #​3485

New Contributors

• @​MohishKhadse55 made their first contribution in #​3463
• @​Asphaltt made their first contribution in #​3384
• @​ShinThirty made their first contribution in #​3487

Full Changelog: IBM/sarama@v1.47.0...v1.48.0

lib/pq (github.com/lib/pq)

v1.12.3

Compare Source

• Send datestyle startup parameter, improving compatbility with database engines
  that use a different default datestyle such as EnterpriseDB (#​1312).

v1.12.2

Compare Source

• Treat io.ErrUnexpectedEOF as driver.ErrBadConn so database/sql discards the
  connection. Since v1.12.0 this could result in permanently broken connections,
  especially with CockroachDB which frequently sends partial messages (#​1299).

v1.12.1

Compare Source

• Look for pgpass file in ~/.pgpass instead of ~/.postgresql/pgpass (#​1300).

• Don't clear password if directly set on pq.Config (#​1302).

v1.12.0

Compare Source

• The next release may change the default sslmode from require to prefer.
  See #​1271 for details.

• CopyIn() and CopyInToSchema() have been marked as deprecated. These are
  simple query builders and not needed for COPY [..] FROM STDIN support (which
  is not deprecated). (#​1279)

  // Old
  tx.Prepare(CopyIn("temp", "num", "text", "blob", "nothing"))
  
  // Replacement
  tx.Prepare(`copy temp (num, text, blob, nothing) from stdin`)
  

Features

• Support protocol 3.2, and the min_protocol_version and
  max_protocol_version DSN parameters (#​1258).

• Support sslmode=prefer and sslmode=allow (#​1270).

• Support ssl_min_protocol_version and ssl_max_protocol_version (#​1277).

• Support connection service file to load connection details (#​1285).

• Support sslrootcert=system and use ~/.postgresql/root.crt as the default
  value of sslrootcert (#​1280, #​1281).

• Add a new pqerror package with PostgreSQL error codes (#​1275).

  For example, to test if an error is a UNIQUE constraint violation:

  if pqErr, ok := errors.AsType[*pq.Error](err); ok && pqErr.Code == pqerror.UniqueViolation {
      log.Fatalf("email %q already exsts", email)
  }
  

  To make this a bit more convenient, it also adds a pq.As() function:

  pqErr := pq.As(err, pqerror.UniqueViolation)
  if pqErr != nil {
      log.Fatalf("email %q already exsts", email)
  }
  

Fixes

• Fix SSL key permission check to allow modes stricter than 0600/0640#1265 (#​1265).

• Fix Hstore to work with binary parameters (#​1278).

• Clearer error when starting a new query while pq is still processing another
  query (#​1272).

• Send intermediate CAs with client certificates, so they can be signed by an
  intermediate CA (#​1267).

• Use time.UTC for UTC aliases such as Etc/UTC (#​1282).

onsi/gomega (github.com/onsi/gomega)

v1.40.0

Compare Source

1.40.0

We're adopting a new release strategy to minimize dependency bloat in projects that consume Gomega. It is a limitation of the go mod toolchain that test subdependencies of your project's direct dependencies get pulled in as indirect dependencies. In the case of Gomega, this ends up pulling in all of Ginkgo into your go.mod even if you are only using Gomega (Gomega uses Ginkgo for its own tests).

Going forward, releases will strip out all tests, tidy up the go.mod and then push this stripped down version to a new master-lite branch. These stripped-down versions will receive the vx.y.z git tag and will be picked up by the go toolchain.

Please open an issue if this new release process causes unexpected changes for your projects.

testcontainers/testcontainers-go (github.com/testcontainers/testcontainers-go)

v0.42.0

Compare Source

What's Changed

⚠️ Breaking Changes

• chore!: migrate to moby modules (#​3591) @​thaJeztah

🔒 Security

• chore(deps): bump moby/client v0.4.0, moby/api v1.54.1 (#​3634) @​thaJeztah

🐛 Bug Fixes

• fix: return an error when docker host cannot be retrieved (#​3613) @​ash2k

🧹 Housekeeping

• chore: gitignore Gas Town agent artifacts (#​3633) @​mdelapenya
• fix(usage-metrics): include last release in the legend pop over (#​3630) @​mdelapenya
• chore: update usage metrics (2026-04) (#​3621) @​github-actions[bot]
• fix(usage-metrics): order of actions matters (#​3623) @​mdelapenya
• fix(usage-metrics): reduce rate-limit cascade errors (#​3622) @​mdelapenya
• fix(usage-metrics): replace the per-version inline retry with a multi-pass approach (#​3620) @​mdelapenya

📦 Dependency updates

• chore(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp from 1.28.0 to 1.43.0 in /modules/grafana-lgtm (#​3639) @​dependabot[bot]
• chore(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp from 1.42.0 to 1.43.0 in /modules/compose (#​3641) @​dependabot[bot]
• chore(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp from 1.42.0 to 1.43.0 in /modules/compose (#​3645) @​dependabot[bot]
• chore(deps): bump mkdocs-include-markdown-plugin from 7.2.1 to 7.2.2 (#​3626) @​dependabot[bot]
• chore(deps): bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.51.2 to 1.97.3 in /modules/localstack (#​3638) @​dependabot[bot]
• chore(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp from 1.41.0 to 1.43.0 in /modules/grafana-lgtm (#​3643) @​dependabot[bot]
• chore(deps): bump go.opentelemetry.io/otel/sdk from 1.41.0 to 1.43.0 in /modules/milvus (#​3644) @​dependabot[bot]
• chore: update to Go 1.25.9, 1.26.9 (#​3647) @​thaJeztah
• chore(deps): bump bump github.com/klauspost/compress v1.18.5, github.com/docker/compose v5.1.2 (#​3646) @​thaJeztah
• chore(deps): bump moby/client v0.4.0, moby/api v1.54.1 (#​3634) @​thaJeztah
• chore(deps): bump golang.org/x/sys from 0.41.0 to 0.42.0 (#​3629) @​dependabot[bot]
• chore(deps): bump github.com/moby/patternmatcher from 0.6.0 to 0.6.1 (#​3628) @​dependabot[bot]
• chore(deps): bump github.com/shirou/gopsutil/v4 from 4.26.2 to 4.26.3 (#​3627) @​dependabot[bot]
• fix(localstack): accept community-archive as a valid tag (#​3601) @​johnduhart
• chore(deps): bump github.com/go-jose/go-jose/v4 from 4.1.3 to 4.1.4 in /modules/gcloud (#​3632) @​dependabot[bot]
• chore(deps): bump actions/upload-artifact from 6.0.0 to 7.0.0 (#​3625) @​dependabot[bot]
• chore(deps): bump pygments from 2.19.2 to 2.20.0 (#​3615) @​dependabot[bot]
• chore(deps): bump google.golang.org/grpc from 1.67.0 to 1.79.3 in /modules/milvus (#​3612) @​dependabot[bot]
• chore(deps): bump google.golang.org/grpc from 1.67.0 to 1.79.3 in /modules/etcd (#​3611) @​dependabot[bot]
• chore(deps): bump google.golang.org/grpc from 1.79.1 to 1.79.3 in /modules/ollama (#​3610) @​dependabot[bot]
• chore(deps): bump google.golang.org/grpc from 1.67.0 to 1.79.3 in /modules/pinecone (#​3609) @​dependabot[bot]
• chore(deps): bump google.golang.org/grpc from 1.67.0 to 1.79.3 in /modules/couchbase (#​3608) @​dependabot[bot]
• chore(deps): bump requests from 2.32.4 to 2.33.0 (#​3604) @​dependabot[bot]
• chore(deps): bump google.golang.org/grpc from 1.79.1 to 1.79.3 in /modules/meilisearch (#​3607) @​dependabot[bot]
• chore(deps): bump github.com/moby/buildkit from 0.27.1 to 0.28.1 in /modules/compose (#​3605) @​dependabot[bot]
• chore(deps): bump google.golang.org/grpc from 1.67.0 to 1.79.3 in /modules/qdrant (#​3606) @​dependabot[bot]
• chore(deps): bump github.com/modelcontextprotocol/go-sdk from 1.3.1 to 1.4.1 in /modules/dockermcpgateway (#​3599) @​dependabot[bot]
• chore(deps): bump google.golang.org/grpc from 1.69.2 to 1.79.3 in /modules/dockermodelrunner (#​3594) @​dependabot[bot]
• chore(deps): bump google.golang.org/grpc from 1.71.0 to 1.79.3 in /modules/toxiproxy (#​3595) @​dependabot[bot]
• chore(deps): bump google.golang.org/grpc from 1.72.0 to 1.79.3 in /modules/weaviate (#​3596) @​dependabot[bot]
• chore(deps): bump google.golang.org/grpc from 1.79.1 to 1.79.3 in /modules/compose (#​3597) @​dependabot[bot]
• chore(deps): bump google.golang.org/grpc from 1.79.1 to 1.79.3 in /modules/grafana-lgtm (#​3598) @​dependabot[bot]
• chore(deps): bump google.golang.org/grpc from 1.67.0 to 1.79.3 in /modules/gcloud (#​3593) @​dependabot[bot]

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • At any time (no schedule defined)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[renovate]

ℹ️ Artifact update notice

File name: maas/maas-service/go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

• 19 additional dependencies were updated

Details:

Package	Change
github.com/Azure/go-ansiterm	v0.0.0-20210617225240-d185dfc1b5a1 -> v0.0.0-20250102033503-faa5f7b0171c
github.com/bits-and-blooms/bitset	v1.20.0 -> v1.24.4
github.com/cenkalti/backoff/v4	v4.2.1 -> v4.3.0
github.com/ebitengine/purego	v0.8.4 -> v0.10.0
github.com/failsafe-go/failsafe-go	v0.8.5 -> v0.9.5
github.com/gabriel-vasile/mimetype	v1.4.10 -> v1.4.12
github.com/golang-jwt/jwt/v5	v5.3.0 -> v5.3.1
github.com/knadh/koanf/providers/file	v1.2.0 -> v1.2.1
github.com/moby/go-archive	v0.1.0 -> v0.2.0
github.com/moby/term	v0.5.0 -> v0.5.2
github.com/pierrec/lz4/v4	v4.1.22 -> v4.1.25
github.com/power-devops/perfstat	v0.0.0-20210106213030-5aafc221ea8c -> v0.0.0-20240221224432-82ca36839d55
github.com/shirou/gopsutil/v4	v4.25.6 -> v4.26.2
github.com/tklauser/go-sysconf	v0.3.12 -> v0.3.16
github.com/tklauser/numcpus	v0.6.1 -> v0.11.0
go.opentelemetry.io/auto/sdk	v1.1.0 -> v1.2.1
go.opentelemetry.io/otel	v1.35.0 -> v1.41.0
go.opentelemetry.io/otel/metric	v1.35.0 -> v1.41.0
go.opentelemetry.io/otel/trace	v1.35.0 -> v1.41.0