chore(deps): bump github.com/traefik/traefik/v3 from 3.6.8 to 3.6.11 in /tests

[dependabot]

Bumps github.com/traefik/traefik/v3 from 3.6.8 to 3.6.11.

Release notes

Sourced from github.com/traefik/traefik/v3's releases.

v3.6.11

CVE fixed:

• CVE-2026-32595 (Advisory GHSA-g3hg-j4jv-cwfr)
• CVE-2026-32305 (Advisory GHSA-wvvq-wgcr-9q48)
• CVE-2026-32695 (Advisory GHSA-67jx-r9pv-98rj)

Bug fixes:

• [logs, otel] Add OTel-conformant trace context attributes to access logs (#12801 @​mmatur)
• [k8s/gatewayapi] Fix incorrect hostname matching between listener and route (#12599 @​TheColorman)
• [k8s/ingress] Fix ingress router's rule (#12808 @​gndz07)
• [webui] Remove AGPL license in code (#12799 @​Desel72)
• [k8s/ingress-nginx] Fix proxy-ssl-verify annotation (#12825 @​LBF38)
• [http] Add maxResponseBodySize configuration on HTTP provider (#12788 @​gndz07)
• [tls] Support fragmented TLS client hello (#12787 @​rtribotte)
• [middleware, authentication] Make basic auth check timing constant (#12803 @​rtribotte)

Documentation:

• [k8s] Improve the multi tenant security note (#12822 @​nmengin)
• Fix unnecessary escaping of pipe in regexp examples (#12784 @​diegmonti)
• Add vulnerability submission quality guidelines (#12807 @​emilevauge)
• Fix start up message format (#12806 @​mloiseleur)
• Remove unsupported servers[n].address from TCP label examples (#12817 @​sheddy-traefik)
• Bump mkdocs-traefiklabs to use consent mode (#12804 @​darkweaver87)

v3.6.10

CVE fixed:

• CVE-2026-29777 (Advisory GHSA-8q2w-wr49-whqj)
• CVE-2026-27141 (Advisory GHSA-4hjq-9h5c-252j)

Bug fixes:

• [docker] Bump Docker and OpenTelemetry dependencies (#12761 by mmatur)
• [fastproxy] Bump github.com/valyala/fasthttp to v1.69.0 (#12763 by kevinpollet)
• [healthcheck, grpc] Remove path parsing with grpc healthcheck (#12760 by rtribotte)
• [k8s/gatewayapi] Fix Gateway API router's rules (#12753 by rtribotte)
• [middleware] Fix HasSecureHeadersDefined returning false when stsSeconds is 0 (#12684 by veeceey)
• [otel] Bump go.opentelemetry.io/otel dependencies (#12754 by rtribotte)
• [server] Bump golang.org/x/net to v0.51.0 (#12756 by kevinpollet)
• [webui] Fix priority display in dashboard and ACME bypass redirect (#12740 by mmatur)
• [webui] Fix basePath validation for dashboard template (#12729 by gndz07)

Documentation:

• [middleware] Correct documentation for Digest auth (#12651 by Zash)
• Add missing .http to TOML table names (#12713 by Darsstar)
• Fix incorrect TOML example in entrypoints docs (#12711 by mfmfuyu)
• Fix API basepath option documentation (#12744 by nmengin)

v3.6.9

CVE fixed:

• CVE-2026-26998 (Advisory GHSA-fw45-f5q2-2p4x)
• CVE-2026-26999 (Advisory GHSA-xw98-5q62-jx94)

... (truncated)

Changelog

Sourced from github.com/traefik/traefik/v3's changelog.

v3.6.11 (2026-03-19)

All Commits

Bug fixes:

• [logs, otel] Add OTel-conformant trace context attributes to access logs (#12801 @​mmatur)
• [k8s/gatewayapi] Fix incorrect hostname matching between listener and route (#12599 @​TheColorman)
• [k8s/ingress] Fix ingress router's rule (#12808 @​gndz07)
• [webui] Remove AGPL license in code (#12799 @​Desel72)
• [k8s/ingress-nginx] Fix proxy-ssl-verify annotation (#12825 @​LBF38)
• [http] Add maxResponseBodySize configuration on HTTP provider (#12788 @​gndz07)
• [tls] Support fragmented TLS client hello (#12787 @​rtribotte)
• [middleware, authentication] Make basic auth check timing constant (#12803 @​rtribotte)

Documentation:

• [k8s] Improve the multi tenant security note (#12822 @​nmengin)
• Fix unnecessary escaping of pipe in regexp examples (#12784 @​diegmonti)
• Add vulnerability submission quality guidelines (#12807 @​emilevauge)
• Fix start up message format (#12806 @​mloiseleur)
• Remove unsupported servers[n].address from TCP label examples (#12817 @​sheddy-traefik)
• Bump mkdocs-traefiklabs to use consent mode (#12804 @​darkweaver87)

v2.11.41 (2026-03-18)

All Commits

Bug fixes:

• [http] Add maxResponseBodySize configuration on HTTP provider (#12788 @​gndz07)
• [tls] Support fragmented TLS client hello (#12787 @​rtribotte)
• [middleware, authentication] Make basic auth check timing constant (#12803 @​rtribotte)

Documentation:

• Bump mkdocs-traefiklabs to use consent mode (#12804 @​darkweaver87)

v3.6.10 (2026-03-06)

All Commits

Bug fixes:

• [docker] Bump Docker and OpenTelemetry dependencies (#12761 by mmatur)
• [fastproxy] Bump github.com/valyala/fasthttp to v1.69.0 (#12763 by kevinpollet)
• [healthcheck, grpc] Remove path parsing with grpc healthcheck (#12760 by rtribotte)
• [k8s/gatewayapi] Fix Gateway API router's rules (#12753 by rtribotte)
• [middleware] Fix HasSecureHeadersDefined returning false when stsSeconds is 0 (#12684 by veeceey)
• [otel] Bump go.opentelemetry.io/otel dependencies (#12754 by rtribotte)
• [server] Bump golang.org/x/net to v0.51.0 (#12756 by kevinpollet)
• [webui] Fix priority display in dashboard and ACME bypass redirect (#12740 by mmatur)
• [webui] Fix basePath validation for dashboard template (#12729 by gndz07)

Documentation:

• [middleware] Correct documentation for Digest auth (#12651 by Zash)
• Add missing .http to TOML table names (#12713 by Darsstar)
• Fix incorrect TOML example in entrypoints docs (#12711 by mfmfuyu)

... (truncated)

Commits

• 33219a0 Prepare release v3.6.11
• b1b520b Merge branch v2.11 into v3.6
• f2c198c Prepare release v2.11.41
• 3166deb Improve the multi tenant security note
• f79caa5 Fix proxy-ssl-verify annotation
• 3140087 Remove AGPL license in code
• 122175a Make basic auth check timing constant
• 11d2514 Fix ingress router's rule
• 154fcf8 Remove unsupported servers[n].address from TCP label examples
• 69a738c Fix incorrect hostname matching between listener and route
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[github-actions]

Dependency Review

The following issues were found:

• ❌ 1 vulnerable package(s)
• ✅ 0 package(s) with incompatible licenses
• ✅ 0 package(s) with invalid SPDX license definitions
• ⚠️ 16 package(s) with unknown licenses.

See the Details below.

Vulnerabilities

tests/go.mod

Name	Version	Vulnerability	Severity
google.golang.org/grpc	1.79.1	gRPC-Go has an authorization bypass via missing leading slash in :path	critical

License Issues

tests/go.mod

Package	Version	License	Issue Type
github.com/aws/aws-sdk-go-v2	1.41.1	Null	Unknown License
github.com/aws/aws-sdk-go-v2/config	1.32.8	Null	Unknown License
github.com/aws/aws-sdk-go-v2/credentials	1.19.8	Null	Unknown License
github.com/aws/aws-sdk-go-v2/feature/ec2/imds	1.18.17	Null	Unknown License
github.com/aws/aws-sdk-go-v2/internal/configsources	1.4.17	Null	Unknown License
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2	2.7.17	Null	Unknown License
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url	1.13.17	Null	Unknown License
github.com/aws/aws-sdk-go-v2/service/route53	1.62.1	Null	Unknown License
github.com/aws/aws-sdk-go-v2/service/s3	1.96.0	Null	Unknown License
github.com/aws/aws-sdk-go-v2/service/sso	1.30.9	Null	Unknown License
github.com/aws/aws-sdk-go-v2/service/ssooidc	1.35.14	Null	Unknown License
github.com/aws/aws-sdk-go-v2/service/sts	1.41.6	Null	Unknown License
github.com/cespare/xxhash/v2	2.3.0	Null	Unknown License
github.com/go-acme/lego/v4	4.32.0	Null	Unknown License
github.com/grpc-ecosystem/grpc-gateway/v2	2.28.0	Null	Unknown License
github.com/miekg/dns	1.1.72	Null	Unknown License

Denied Licenses: GPL-2.0, AGPL-1.0, AGPL-1.0-or-later, AGPL-1.0-only, AGPL-3.0, AGPL-3.0-only, AGPL-3.0-or-later, GPL-1.0, GPL-1.0+, GPL-1.0-only, GPL-1.0-or-later, CNRI-Python-GPL-Compatible, GPL-2.0+, GPL-2.0-only, GPL-2.0-or-later, GPL-2.0-with-GCC-exception, GPL-2.0-with-autoconf-exception, GPL-2.0-with-bison-exception, GPL-2.0-with-classpath-exception, GPL-2.0-with-font-exception, GPL-3.0, GPL-3.0+, GPL-3.0-only, GPL-3.0-or-later, GPL-3.0-with-GCC-exception, GPL-3.0-with-autoconf-exception, LGPL-2.0, LGPL-2.0+, LGPL-2.0-only, LGPL-2.0-or-later, LGPL-2.1, LGPL-2.1+, LGPL-2.1-only, LGPL-2.1-or-later, LGPL-3.0, LGPL-3.0+, LGPL-3.0-only, LGPL-3.0-or-later, LGPLLR, NGPL

OpenSSF Scorecard

Scorecard details

Package	Version	Score	Details
gomod/google.golang.org/grpc	1.79.1	🟢 7.7	Details Check Score Reason Code-Review 🟢 10 all changesets reviewed Maintained 🟢 10 30 commit(s) and 6 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected Security-Policy 🟢 9 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Binary-Artifacts 🟢 10 no binaries found in the repo License 🟢 10 license file detected Fuzzing 🟢 10 project is fuzzed Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 SAST 🟢 7 SAST tool detected but not run on all commits
gomod/github.com/aws/aws-sdk-go-v2	1.41.1	Unknown	Unknown
gomod/github.com/aws/aws-sdk-go-v2/config	1.32.8	Unknown	Unknown
gomod/github.com/aws/aws-sdk-go-v2/credentials	1.19.8	Unknown	Unknown
gomod/github.com/aws/aws-sdk-go-v2/feature/ec2/imds	1.18.17	Unknown	Unknown
gomod/github.com/aws/aws-sdk-go-v2/internal/configsources	1.4.17	Unknown	Unknown
gomod/github.com/aws/aws-sdk-go-v2/internal/endpoints/v2	2.7.17	Unknown	Unknown
gomod/github.com/aws/aws-sdk-go-v2/internal/v4a	1.4.17	🟢 6.5	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10 Code-Review ⚠️ 2 Found 7/30 approved changesets -- score normalized to 2 Packaging ⚠️ -1 packaging workflow not detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions 🟢 9 detected GitHub workflow tokens with excessive permissions Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Signed-Releases ⚠️ -1 no releases found Security-Policy 🟢 10 security policy file detected Fuzzing ⚠️ 0 project is not fuzzed SAST 🟢 4 SAST tool is not run on all commits -- score normalized to 4 Binary-Artifacts 🟢 9 binaries present in source code Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0
gomod/github.com/aws/aws-sdk-go-v2/service/internal/checksum	1.9.8	🟢 6.5	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10 Code-Review ⚠️ 2 Found 7/30 approved changesets -- score normalized to 2 Packaging ⚠️ -1 packaging workflow not detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions 🟢 9 detected GitHub workflow tokens with excessive permissions Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Signed-Releases ⚠️ -1 no releases found Security-Policy 🟢 10 security policy file detected Fuzzing ⚠️ 0 project is not fuzzed SAST 🟢 4 SAST tool is not run on all commits -- score normalized to 4 Binary-Artifacts 🟢 9 binaries present in source code Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0
gomod/github.com/aws/aws-sdk-go-v2/service/internal/presigned-url	1.13.17	Unknown	Unknown
gomod/github.com/aws/aws-sdk-go-v2/service/internal/s3shared	1.19.17	🟢 6.5	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10 Code-Review ⚠️ 2 Found 7/30 approved changesets -- score normalized to 2 Packaging ⚠️ -1 packaging workflow not detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions 🟢 9 detected GitHub workflow tokens with excessive permissions Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Signed-Releases ⚠️ -1 no releases found Security-Policy 🟢 10 security policy file detected Fuzzing ⚠️ 0 project is not fuzzed SAST 🟢 4 SAST tool is not run on all commits -- score normalized to 4 Binary-Artifacts 🟢 9 binaries present in source code Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0
gomod/github.com/aws/aws-sdk-go-v2/service/route53	1.62.1	Unknown	Unknown
gomod/github.com/aws/aws-sdk-go-v2/service/s3	1.96.0	Unknown	Unknown
gomod/github.com/aws/aws-sdk-go-v2/service/signin	1.0.5	🟢 6.5	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10 Code-Review ⚠️ 2 Found 7/30 approved changesets -- score normalized to 2 Packaging ⚠️ -1 packaging workflow not detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions 🟢 9 detected GitHub workflow tokens with excessive permissions Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Signed-Releases ⚠️ -1 no releases found Security-Policy 🟢 10 security policy file detected Fuzzing ⚠️ 0 project is not fuzzed SAST 🟢 4 SAST tool is not run on all commits -- score normalized to 4 Binary-Artifacts 🟢 9 binaries present in source code Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0
gomod/github.com/aws/aws-sdk-go-v2/service/sso	1.30.9	Unknown	Unknown
gomod/github.com/aws/aws-sdk-go-v2/service/ssooidc	1.35.14	Unknown	Unknown
gomod/github.com/aws/aws-sdk-go-v2/service/sts	1.41.6	Unknown	Unknown
gomod/github.com/cespare/xxhash/v2	2.3.0	Unknown	Unknown
gomod/github.com/go-acme/lego/v4	4.32.0	Unknown	Unknown
gomod/github.com/grpc-ecosystem/grpc-gateway/v2	2.28.0	Unknown	Unknown
gomod/github.com/miekg/dns	1.1.72	Unknown	Unknown
gomod/github.com/traefik/traefik/v3	3.6.11	🟢 6.5	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 15 issue activity found in the last 90 days -- score normalized to 10 Security-Policy 🟢 10 security policy file detected Code-Review 🟢 10 all changesets reviewed Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 9 binaries present in source code License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Packaging 🟢 10 packaging workflow detected Pinned-Dependencies 🟢 5 dependency not pinned by hash detected -- score normalized to 5 SAST 🟢 7 SAST tool detected but not run on all commits
gomod/go.opentelemetry.io/otel	1.41.0	🟢 9.3	Details Check Score Reason Dependency-Update-Tool 🟢 10 update tool detected Maintained 🟢 10 30 commit(s) and 18 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Code-Review 🟢 10 all changesets reviewed Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies 🟢 10 all dependencies are pinned License 🟢 10 license file detected CII-Best-Practices 🟢 5 badge detected: Passing Signed-Releases 🟢 8 5 out of the last 5 releases have a total of 5 signed artifacts. Fuzzing 🟢 10 project is fuzzed Security-Policy 🟢 10 security policy file detected SAST 🟢 9 SAST tool detected but not run on all commits Vulnerabilities 🟢 10 0 existing vulnerabilities detected Branch-Protection 🟢 5 branch protection is not maximal on development and all release branches CI-Tests 🟢 10 30 out of 30 merged PRs checked by a CI test -- score normalized to 10 Contributors 🟢 10 project has 38 contributing companies or organizations
gomod/go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc	0.17.0	🟢 9.3	Details Check Score Reason Dependency-Update-Tool 🟢 10 update tool detected Maintained 🟢 10 30 commit(s) and 18 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Code-Review 🟢 10 all changesets reviewed Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies 🟢 10 all dependencies are pinned License 🟢 10 license file detected CII-Best-Practices 🟢 5 badge detected: Passing Signed-Releases 🟢 8 5 out of the last 5 releases have a total of 5 signed artifacts. Fuzzing 🟢 10 project is fuzzed Security-Policy 🟢 10 security policy file detected SAST 🟢 9 SAST tool detected but not run on all commits Vulnerabilities 🟢 10 0 existing vulnerabilities detected Branch-Protection 🟢 5 branch protection is not maximal on development and all release branches CI-Tests 🟢 10 30 out of 30 merged PRs checked by a CI test -- score normalized to 10 Contributors 🟢 10 project has 38 contributing companies or organizations
gomod/go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp	0.17.0	🟢 9.3	Details Check Score Reason Dependency-Update-Tool 🟢 10 update tool detected Maintained 🟢 10 30 commit(s) and 18 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Code-Review 🟢 10 all changesets reviewed Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies 🟢 10 all dependencies are pinned License 🟢 10 license file detected CII-Best-Practices 🟢 5 badge detected: Passing Signed-Releases 🟢 8 5 out of the last 5 releases have a total of 5 signed artifacts. Fuzzing 🟢 10 project is fuzzed Security-Policy 🟢 10 security policy file detected SAST 🟢 9 SAST tool detected but not run on all commits Vulnerabilities 🟢 10 0 existing vulnerabilities detected Branch-Protection 🟢 5 branch protection is not maximal on development and all release branches CI-Tests 🟢 10 30 out of 30 merged PRs checked by a CI test -- score normalized to 10 Contributors 🟢 10 project has 38 contributing companies or organizations
gomod/go.opentelemetry.io/otel/exporters/otlp/otlptrace	1.41.0	🟢 9.3	Details Check Score Reason Dependency-Update-Tool 🟢 10 update tool detected Maintained 🟢 10 30 commit(s) and 18 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Code-Review 🟢 10 all changesets reviewed Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies 🟢 10 all dependencies are pinned License 🟢 10 license file detected CII-Best-Practices 🟢 5 badge detected: Passing Signed-Releases 🟢 8 5 out of the last 5 releases have a total of 5 signed artifacts. Fuzzing 🟢 10 project is fuzzed Security-Policy 🟢 10 security policy file detected SAST 🟢 9 SAST tool detected but not run on all commits Vulnerabilities 🟢 10 0 existing vulnerabilities detected Branch-Protection 🟢 5 branch protection is not maximal on development and all release branches CI-Tests 🟢 10 30 out of 30 merged PRs checked by a CI test -- score normalized to 10 Contributors 🟢 10 project has 38 contributing companies or organizations
gomod/go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc	1.41.0	🟢 9.3	Details Check Score Reason Dependency-Update-Tool 🟢 10 update tool detected Maintained 🟢 10 30 commit(s) and 18 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Code-Review 🟢 10 all changesets reviewed Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies 🟢 10 all dependencies are pinned License 🟢 10 license file detected CII-Best-Practices 🟢 5 badge detected: Passing Signed-Releases 🟢 8 5 out of the last 5 releases have a total of 5 signed artifacts. Fuzzing 🟢 10 project is fuzzed Security-Policy 🟢 10 security policy file detected SAST 🟢 9 SAST tool detected but not run on all commits Vulnerabilities 🟢 10 0 existing vulnerabilities detected Branch-Protection 🟢 5 branch protection is not maximal on development and all release branches CI-Tests 🟢 10 30 out of 30 merged PRs checked by a CI test -- score normalized to 10 Contributors 🟢 10 project has 38 contributing companies or organizations
gomod/go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp	1.41.0	🟢 9.3	Details Check Score Reason Dependency-Update-Tool 🟢 10 update tool detected Maintained 🟢 10 30 commit(s) and 18 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Code-Review 🟢 10 all changesets reviewed Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies 🟢 10 all dependencies are pinned License 🟢 10 license file detected CII-Best-Practices 🟢 5 badge detected: Passing Signed-Releases 🟢 8 5 out of the last 5 releases have a total of 5 signed artifacts. Fuzzing 🟢 10 project is fuzzed Security-Policy 🟢 10 security policy file detected SAST 🟢 9 SAST tool detected but not run on all commits Vulnerabilities 🟢 10 0 existing vulnerabilities detected Branch-Protection 🟢 5 branch protection is not maximal on development and all release branches CI-Tests 🟢 10 30 out of 30 merged PRs checked by a CI test -- score normalized to 10 Contributors 🟢 10 project has 38 contributing companies or organizations
gomod/go.opentelemetry.io/otel/log	0.17.0	🟢 9.3	Details Check Score Reason Dependency-Update-Tool 🟢 10 update tool detected Maintained 🟢 10 30 commit(s) and 18 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Code-Review 🟢 10 all changesets reviewed Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies 🟢 10 all dependencies are pinned License 🟢 10 license file detected CII-Best-Practices 🟢 5 badge detected: Passing Signed-Releases 🟢 8 5 out of the last 5 releases have a total of 5 signed artifacts. Fuzzing 🟢 10 project is fuzzed Security-Policy 🟢 10 security policy file detected SAST 🟢 9 SAST tool detected but not run on all commits Vulnerabilities 🟢 10 0 existing vulnerabilities detected Branch-Protection 🟢 5 branch protection is not maximal on development and all release branches CI-Tests 🟢 10 30 out of 30 merged PRs checked by a CI test -- score normalized to 10 Contributors 🟢 10 project has 38 contributing companies or organizations
gomod/go.opentelemetry.io/otel/metric	1.41.0	🟢 9.3	Details Check Score Reason Dependency-Update-Tool 🟢 10 update tool detected Maintained 🟢 10 30 commit(s) and 18 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Code-Review 🟢 10 all changesets reviewed Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies 🟢 10 all dependencies are pinned License 🟢 10 license file detected CII-Best-Practices 🟢 5 badge detected: Passing Signed-Releases 🟢 8 5 out of the last 5 releases have a total of 5 signed artifacts. Fuzzing 🟢 10 project is fuzzed Security-Policy 🟢 10 security policy file detected SAST 🟢 9 SAST tool detected but not run on all commits Vulnerabilities 🟢 10 0 existing vulnerabilities detected Branch-Protection 🟢 5 branch protection is not maximal on development and all release branches CI-Tests 🟢 10 30 out of 30 merged PRs checked by a CI test -- score normalized to 10 Contributors 🟢 10 project has 38 contributing companies or organizations
gomod/go.opentelemetry.io/otel/sdk	1.41.0	🟢 9.3	Details Check Score Reason Dependency-Update-Tool 🟢 10 update tool detected Maintained 🟢 10 30 commit(s) and 18 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Code-Review 🟢 10 all changesets reviewed Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies 🟢 10 all dependencies are pinned License 🟢 10 license file detected CII-Best-Practices 🟢 5 badge detected: Passing Signed-Releases 🟢 8 5 out of the last 5 releases have a total of 5 signed artifacts. Fuzzing 🟢 10 project is fuzzed Security-Policy 🟢 10 security policy file detected SAST 🟢 9 SAST tool detected but not run on all commits Vulnerabilities 🟢 10 0 existing vulnerabilities detected Branch-Protection 🟢 5 branch protection is not maximal on development and all release branches CI-Tests 🟢 10 30 out of 30 merged PRs checked by a CI test -- score normalized to 10 Contributors 🟢 10 project has 38 contributing companies or organizations
gomod/go.opentelemetry.io/otel/sdk/log	0.17.0	🟢 9.3	Details Check Score Reason Dependency-Update-Tool 🟢 10 update tool detected Maintained 🟢 10 30 commit(s) and 18 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Code-Review 🟢 10 all changesets reviewed Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies 🟢 10 all dependencies are pinned License 🟢 10 license file detected CII-Best-Practices 🟢 5 badge detected: Passing Signed-Releases 🟢 8 5 out of the last 5 releases have a total of 5 signed artifacts. Fuzzing 🟢 10 project is fuzzed Security-Policy 🟢 10 security policy file detected SAST 🟢 9 SAST tool detected but not run on all commits Vulnerabilities 🟢 10 0 existing vulnerabilities detected Branch-Protection 🟢 5 branch protection is not maximal on development and all release branches CI-Tests 🟢 10 30 out of 30 merged PRs checked by a CI test -- score normalized to 10 Contributors 🟢 10 project has 38 contributing companies or organizations
gomod/go.opentelemetry.io/otel/trace	1.41.0	Unknown	Unknown
gomod/go.opentelemetry.io/proto/otlp	1.9.0	🟢 7.9	Details Check Score Reason Code-Review 🟢 10 all changesets reviewed Dependency-Update-Tool 🟢 10 update tool detected Packaging ⚠️ -1 packaging workflow not detected Binary-Artifacts 🟢 10 no binaries found in the repo Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Maintained 🟢 10 30 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10 Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege License 🟢 10 license file detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Pinned-Dependencies 🟢 6 dependency not pinned by hash detected -- score normalized to 6 Signed-Releases ⚠️ -1 no releases found Vulnerabilities 🟢 10 0 existing vulnerabilities detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed Branch-Protection 🟢 4 branch protection is not maximal on development and all release branches Security-Policy 🟢 10 security policy file detected CI-Tests 🟢 10 30 out of 30 merged PRs checked by a CI test -- score normalized to 10 Contributors 🟢 10 project has 8 contributing companies or organizations
gomod/golang.org/x/crypto	0.48.0	Unknown	Unknown
gomod/golang.org/x/mod	0.32.0	Unknown	Unknown
gomod/golang.org/x/net	0.51.0	Unknown	Unknown
gomod/golang.org/x/oauth2	0.35.0	Unknown	Unknown
gomod/golang.org/x/sys	0.41.0	Unknown	Unknown
gomod/golang.org/x/term	0.40.0	Unknown	Unknown
gomod/golang.org/x/text	0.34.0	Unknown	Unknown
gomod/golang.org/x/tools	0.41.0	Unknown	Unknown
gomod/google.golang.org/genproto/googleapis/api	0.0.0-20260209200024-4cfbd4190f57	🟢 6.6	Details Check Score Reason Packaging ⚠️ -1 packaging workflow not detected Code-Review 🟢 10 all changesets reviewed Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Maintained 🟢 10 21 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Branch-Protection 🟢 8 branch protection is not maximal on development and all release branches Signed-Releases ⚠️ -1 no releases found Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 SAST 🟢 3 SAST tool is not run on all commits -- score normalized to 3
gomod/google.golang.org/genproto/googleapis/rpc	0.0.0-20260209200024-4cfbd4190f57	🟢 6.6	Details Check Score Reason Packaging ⚠️ -1 packaging workflow not detected Code-Review 🟢 10 all changesets reviewed Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Maintained 🟢 10 21 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Branch-Protection 🟢 8 branch protection is not maximal on development and all release branches Signed-Releases ⚠️ -1 no releases found Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 SAST 🟢 3 SAST tool is not run on all commits -- score normalized to 3

Scanned Files

• tests/go.mod

[coderabbitai]

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 15d81d37-ee6b-48df-83d7-12490759eb5c

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch dependabot/go_modules/tests/github.com/traefik/traefik/v3-3.6.11

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[dependabot]

Superseded by #175.