Skip to content

deps(deps): update all non-major dependencies#107

Open
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/all-minor-patch
Open

deps(deps): update all non-major dependencies#107
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/all-minor-patch

Conversation

@renovate

@renovate renovate Bot commented Nov 14, 2024

Copy link
Copy Markdown
Contributor

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package Change Age Confidence Type Update
github.com/go-logr/logr v1.4.2v1.4.3 age confidence require patch
github.com/kubescape/kubevuln v0.3.33v0.3.154 age confidence require patch
github.com/kubescape/storage v0.0.111v0.0.291 age confidence require patch
github.com/onsi/ginkgo/v2 v2.20.2v2.32.0 age confidence require minor
github.com/onsi/gomega v1.34.2v1.42.1 age confidence require minor
github.com/validator-labs/validator v0.1.0v0.1.16 age confidence require patch
golang 1.231.26 age confidence stage minor
k8s.io/api v0.31.0v0.36.2 age confidence require minor
k8s.io/apimachinery v0.31.0v0.36.2 age confidence require minor
k8s.io/client-go v0.31.0v0.36.2 age confidence require minor
sigs.k8s.io/cluster-api v1.8.2v1.13.3 age confidence require minor
sigs.k8s.io/controller-runtime v0.19.0v0.24.1 age confidence require minor

Release Notes

go-logr/logr (github.com/go-logr/logr)

v1.4.3

Compare Source

Minor release.

What's Changed

New Contributors

Full Changelog: go-logr/logr@v1.4.2...v1.4.3

kubescape/kubevuln (github.com/kubescape/kubevuln)

v0.3.154

Compare Source

Description

This PR resolves the issue where kubevuln fails to scan larger images (like wordpress:6.0.1-php7.4) due to the default gRPC message size limit of 4 MiB on the client-side/server-side communication channel with sbom-scanner.

We raise the default message size limit on both ends to 128 MiB (128 * 1024 * 1024 bytes) to safely accommodate larger SBOM payloads.

Changes
  • v1 Package (pkg/sbomscanner/v1/client.go):
    • Defined MaxgRPCMessageSize = 128 * 1024 * 1024.
    • Added grpc.WithDefaultCallOptions(grpc.MaxCallRecvMsgSize(MaxgRPCMessageSize), grpc.MaxCallSendMsgSize(MaxgRPCMessageSize)) to grpc.NewClient.
  • Server Main (cmd/sbom-scanner/main.go):
    • Configured grpc.NewServer with grpc.MaxRecvMsgSize(sbomscanner.MaxgRPCMessageSize) and grpc.MaxSendMsgSize(sbomscanner.MaxgRPCMessageSize).
  • Tests (pkg/sbomscanner/v1/integration_test.go and pkg/sbomscanner/v1/server_test.go):
    • Updated test gRPC servers and clients to also use MaxgRPCMessageSize call and server options.

Closes #​381

v0.3.153

Compare Source

Problem

Scanning newer RPM-based images (e.g. recent redis/UBI-style bases) fails in the SBOM scanner sidecar with:

service error - ScanCVE, error: "creating SBOM: failed to generate SBOM: failed to run tasks:
sqlite driver is required for cataloging newer RPM databases, none registered:
sql: unknown driver \"sqlite\" (forgotten import?)"

Fixes #​378.

Root cause

Two changes combined to surface this:

  1. syft v1.32.0 (introduced in cd2e51c, "migrate to grype v0.99.1", 2025-09-17) added ensureSqliteDriverAvailable() to its RPM (redhat) cataloger. Newer RPM databases use the sqlite format (rpmdb.sqlite), and Syft now requires the consumer to register a database/sql driver under the name sqlite — it does not bundle one.

  2. The SBOM scanner sidecar (cmd/sbom-scanner + pkg/sbomscanner/v1, introduced in 36cd416, "add SBOM scanner sidecar", 2026-03-23) generates SBOMs via Syft without importing grype. The main cmd/http binary transitively pulls glebarez/go-sqlite (which registers "sqlite") through grype's DB layer, so it works. The sidecar has no such transitive import, so the driver is never registered.

Verified per-binary (redhat cataloger present / sqlite driver present):

binary redhat cataloger sqlite driver
cmd/http ✅ (glebarez via grype)
cmd/cli
cmd/sbom-scanner ❌ → bug

Fix

Register the pure-Go (CGO-free) modernc.org/sqlite driver via a blank import in the sidecar entrypoint (cmd/sbom-scanner/main.go). modernc.org/sqlite registers under the name "sqlite", which is exactly what the cataloger's sql.Open("sqlite", ...) needs.

It is placed in the binary entrypoint, not the shared pkg/sbomscanner/v1 package, on purpose: cmd/http imports that package and already has glebarez's "sqlite" driver, so a blank import there would cause a sql: Register called twice for driver sqlite panic at startup. Putting it in cmd/sbom-scanner keeps each binary at exactly one "sqlite" driver.

Note: the issue suggested mattn/go-sqlite3 as one option — that registers as "sqlite3" (and requires CGO), so it would not satisfy sql.Open("sqlite", ...). modernc.org/sqlite is the correct, pure-Go choice.

Testing

  • Added cmd/sbom-scanner/sqlite_driver_test.go — asserts exactly one "sqlite" driver is registered (catches both the missing-driver regression and an accidental double registration) and that an in-memory sqlite DB opens + pings.
  • go build ./cmd/... passes; go vet ./cmd/... clean.
  • Confirmed no binary ends up with two "sqlite" drivers (no double-registration panic).

🤖 Generated with Claude Code

Summary by CodeRabbit

  • New Features

    • Improved support for scanning images that rely on SQLite-backed metadata, helping scans complete more reliably in those cases.
  • Bug Fixes

    • Fixed an issue where the SQLite driver could be missing or not loaded consistently during scans.
    • Added coverage to confirm the SQLite connection is available and working as expected.

v0.3.152

Compare Source

Problem

Registry image scans fail when the SBOM-scanner sidecar is enabled (kubevuln.sbomScanner.enabled: true). normalizeImageID is called twice on the sidecar path:

  1. The adapter (adapters/v1/sidecar.go) normalizes the reference before sending the gRPC CreateSBOMRequest.
  2. scannerServer.CreateSBOM (pkg/sbomscanner/v1/server.go) normalizes it again.

normalizeImageID assumes its imageID argument is empty or a bare digest. But on the second call it is already a complete reference. Registry scans always send an empty image digest (the operator does not resolve a digest for registry scans), so:

  • 1st pass: normalizeImageID("", tag) → returns the tag.
  • 2nd pass: normalizeImageID(tag, tag)tag is non-empty and not a digest, so it gets grafted onto imageTag as a fake digest → repo@sha256:<tag>.

The result is an unparseable reference and the scan fails immediately:

"level":"error","msg":"service error - ScanRegistry",
 "error":"... could not parse reference: quay.io/systemtests/webgoat@sha256:quay.io/systemtests/webgoat:latest",
 "imageHash":""

No SBOM is produced and the scan never completes. (The in-process path normalizes once and is unaffected, so this only reproduces with the sidecar enabled.)

Fix

Make normalizeImageID idempotent: if imageID is already a complete reference, return it unchanged —

  • it equals imageTag (no digest known → scanned by tag), or
  • it already carries a digest (repo@sha256:...).

This is the minimal, defensive fix and does not change the single-normalization (in-process) path.

Alternative considered

scannerServer.CreateSBOM could simply not re-normalize and treat req.ImageId as the final reference (the adapter already normalized it). That's cleaner architecturally but changes the gRPC contract assumption; happy to take that direction instead if preferred.

Tests

Added regression cases to TestNormalizeImageID for an already-normalized tag (the empty-digest case) and an already-normalized digest reference. go test ./pkg/sbomscanner/v1/ -run TestNormalizeImageID passes.

Repro

kubevuln with sbomScanner.enabled: true; POST /v1/scanRegistryImage with imageTag set and imageHash empty.

Summary by CodeRabbit

Release Notes

  • Bug Fixes

    • Prevented incorrect handling of fully-formed image references by ensuring they’re passed through unchanged and only normalized at the correct point in the request flow.
  • Tests

    • Added a regression test covering the case where a scan provides an empty digest while a tag is available, verifying the request is formed with the tag as expected.

v0.3.151

Compare Source

Self-hosted kubevuln startup could crash when API_URL pointed to an in-cluster operator that does not implement the expected service-discovery route (404). In this state, kubevuln failed fast instead of using already-mounted static backend endpoints.

  • Backend service resolution: add resilient fallback path

    • Updated LoadBackendServicesConfig to resolve backend URLs in this order:
      1. services.json (existing behavior)
      2. API_URL discovery
      3. clusterData.json static fields (backendOpenAPI + eventReceiverRestURL)
    • If API_URL discovery fails (including 404), kubevuln now falls back to static config rather than terminating startup.
  • Fallback observability and error reporting

    • Added a warning log when API_URL discovery fails and kubevuln falls back to clusterData.json.
    • When both discovery and static fallback fail, return a combined error (errors.Join) so operators can see both failure causes.
    • Simplified error-flow style in the fallback branch (removed superfluous trailing else).
  • Static URL extraction from clusterData.json

    • Added parsing and normalization for static backend URL fields.
    • Uses backendOpenAPI and eventReceiverRestURL from clusterData.json, normalized to base service URLs consumed by backend adapters.
    • Documented that normalization intentionally keeps base service URLs (scheme + host).
    • Removed speculative alias-key handling (apiServer* / reportReceiver*) that is not present in real cluster config.
  • Docs: explicit backend URL precedence

    • Documented the service resolution order in docs/CONFIGURATION.md under backend services configuration.
  • Focused regression coverage

    • Added tests for:
      • fallback when API_URL is unset
      • fallback when API_URL discovery returns 404
      • URL normalization behavior
      • clusterData fallback error paths (missing file, invalid JSON, missing required backend fields)
      • combined error behavior when discovery and fallback both fail
// config/config.go (simplified)
services, err := servicediscovery.GetServices(client)
if err == nil {
    return services, nil
}
fallback, fallbackErr := loadBackendServicesFromClusterData(configDir)
if fallbackErr == nil {
    logger.L().Warning("API_URL discovery failed, falling back", helpers.Error(err))
    return fallback, nil
}
return nil, errors.Join(err, fallbackErr)

v0.3.150

Compare Source

This PR fixes a bug in the HTTP controller endpoints (GenerateSBOM, ScanCP, ScanCVE, ScanRegistry) where the request context was passed to asynchronous tasks submitted to the background worker pool. In Go 1.20+, the request context is cancelled as soon as the HTTP handler returns, resulting in the background worker aborting due to the cancelled context. Wrapping the context in context.WithoutCancel fixes this. Added unit tests to verify.

Summary by CodeRabbit

  • Bug Fixes
    • Background scan operations (SBOM generation, container package scans, CVE scans, and registry scans) now continue reliably even if the initial request is cancelled, improving overall system resilience and preventing incomplete scan results.

v0.3.149

Compare Source

Summary by CodeRabbit

  • Chores
    • Updated internal logging dependency to the latest version for improved stability.

v0.3.146

Compare Source

Summary

Add NewGrypeAdapterFixedDBWithMatchers(useDefaultMatchers bool) alongside the existing NewGrypeAdapterFixedDB(). The existing function becomes a thin wrapper passing false, so no current callers need changes.

Motivation

NewGrypeAdapter(listingURL, useDefaultMatchers) takes the flag and threads it into getMatchers. NewGrypeAdapterFixedDB() doesn't accept the flag and leaves useDefaultMatchers=false. Consumers like armosec/vulnerability-scanner override the global scanner with NewGrypeAdapterFixedDB() in tests — which means their CI runs against the false matcher path regardless of how production is configured. There's no clean way to align test and prod matcher mode short of reflect+unsafe on the unexported field.

This PR closes that gap: tests that need to mirror production matcher selection now have a dedicated constructor.

Compatibility

Non-breaking. NewGrypeAdapterFixedDB() keeps the same signature and behavior (defaults to useDefaultMatchers=false). Internal callers in adapters/v1/grype_test.go and core/services/scan_test.go are unaffected.

Test plan

  • go build ./adapters/v1/ clean
  • Existing kubevuln tests still pass (they call the no-arg variant)
  • Downstream PR in armosec/vulnerability-scanner switches its test override to NewGrypeAdapterFixedDBWithMatchers(UseDefaultMatchers) once this lands

Context

Downstream PR that needs this: armosec/vulnerability-scanner#38 — flips UseDefaultMatchers to true to eliminate language-ecosystem CPE false positives (Ruby gem gitlab 6.1.0 being flagged against GitLab CE/EE CVEs).

🤖 Generated with Claude Code

Summary by CodeRabbit

  • Refactor
    • Improved adapter initialization flexibility with configurable matcher behavior options.

Review Change Stack

v0.3.145

Compare Source

Summary

Bumps Go dependencies to address High and Unknown severity security advisories affecting the sbom-scanner binary layer.

Package Old New Advisory
github.com/cilium/cilium v1.17.14 v1.17.15 GHSA-gj49-89wh-h4gj (High)
github.com/docker/docker v28.5.0 v28.5.2 GHSA-x744-4wpc-v9h2 (High, partial — fix requires v29.3.1, not yet in module proxy)
golang.org/x/crypto v0.50.0 v0.52.0 GO-2026-5005 through GO-2026-5033 (14 advisories)
golang.org/x/net v0.53.0 v0.55.0 GO-2026-5025 through GO-2026-5030 (6 advisories)
golang.org/x/sys v0.43.0 v0.45.0 GO-2026-5024; also required transitively by x/crypto and x/net

github.com/anchore/grype advisories (GHSA-6gxw-85q2-q646, GO-2025-4160) are intentionally excluded per project policy (grype version is not bumped independently).

Test plan

  • go build ./... passes after go mod tidy
  • CI passes

🤖 Generated with Claude Code

v0.3.144

Compare Source

Bumps github.com/go-git/go-git/v5 from 5.19.0 to 5.19.1.

Release notes

Sourced from github.com/go-git/go-git/v5's releases.

v5.19.1

What's Changed

Full Changelog: https://github.com/go-git/go-git/compare/v5.19.0...v5.19.1

Commits
  • 3c3be60 Merge pull request #​2137 from go-git/validate-v5
  • 3fba897 plumbing: format/packfile, cap delta chain depth in parser
  • a97d660 Merge pull request #​2125 from hiddeco/v5/format-input-bounds
  • aeaa125 plumbing: format/objfile, require Header before Read
  • 1f38e17 plumbing: format/packfile, bound inflate size
  • f7545a0 plumbing: format/idxfile, bound nr by file size
  • 170b881 Merge pull request #​2116 from pjbgf/symlink-v5
  • 7b6d994 Merge pull request #​2117 from hiddeco/v5/worktree-fs-mkdirall-root-noop
  • f0709b3 git: Stop validating symlink target paths
  • 776d00f git: Allow MkdirAll on worktree-root paths
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

v0.3.142

Compare Source

Summary

  • GrypeAdapter.Ready() calls grype.LoadVulnerabilityDB every 24h to refresh the vulnerability DB
  • On success, g.store was replaced with the new store without calling Close() on the old one
  • vulnerability.Provider embeds io.Closer, so the SQLite file descriptor and GORM connection resources from the previous store were abandoned to the GC finalizer rather than closed explicitly

Test plan

  • go build ./adapters/v1/... passes (confirmed locally)
  • Existing grype adapter tests pass: go test ./adapters/v1/... -run TestGrype (requires Docker for the offline DB container)
  • Verify no slow file-descriptor growth after 24h in a running pod (lsof -p <pid> | grep grype | wc -l should stay at 1)

Context

Identified during memory investigation of v0.3.132 → v0.3.137 upgrade. The leak was not visually detectable in the Grafana RSS graph (GC finalizers eventually close the store), but explicit resource management is correct regardless.

🤖 Generated with Claude Code

Summary by CodeRabbit

  • Bug Fixes
    • Improved database connection handling during update failures to ensure proper cleanup and resource management before process restart.

Review Change Stack

v0.3.141

Compare Source

Bumps github.com/go-git/go-git/v5 from 5.18.0 to 5.19.0.

Release notes

Sourced from github.com/go-git/go-git/v5's releases.

v5.19.0

What's Changed

Full Changelog: https://github.com/go-git/go-git/compare/v5.18.0...v5.19.0

Commits
  • bc930f4 Merge pull request #​2065 from go-git/commit-v5
  • d315264 plumbing: object, Reset object before decode
  • 6e1d348 plumbing: object, Align Tree handling with upstream
  • e134ba3 tests: Skip double checks in Git v2.11
  • 1971422 tests: Add git conformance tests for signing verification
  • a387aa8 plumbing: object, Add ErrMalformedTag
  • f415670 plumbing: object, Decode Tag headers via a state machine
  • 5b0cd38 plumbing: object, Reject multi-signature commits at Verify
  • fe8ed62 plumbing: object, Align Tag.EncodeWithoutSignature with Commit
  • 98e337d plumbing: object, Add support for Tag.SignatureSHA256
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

v0.3.138

Compare Source

Summary by CodeRabbit

  • New Features

    • Backend service discovery now supports an API_URL environment variable and a configurable config directory, preferring local config with a fallback to the v3 API.
  • Chores

    • Large dependency and module updates for telemetry, cloud SDKs, and runtime libraries.

v0.3.137

Compare Source

Summary by CodeRabbit

  • New Features
    • Added RiskAcceptance configuration option to security settings.
    • Security exception repository initialization now requires both storage and risk acceptance to be enabled.

v0.3.136

Compare Source

Summary by CodeRabbit

  • Chores
    • Improved debug logging for vulnerability database updates: when debug mode is enabled, additional diagnostic info is logged, including the resolved archive URL for downloads.
    • Added a check that warns if the vulnerability database directory is not writable before attempting an update.

v0.3.134

Compare Source

Memory-reduction rollout (NAUT-1283)

Reduces node-agent + kubevuln scan peak RSS by 30.7% on gitlab-ee
(1,621 MB → 1,123 MB), fitting a 1.5 GB cgroup with 377 MB margin.

Measured deltas (gitlab-ee, 113,836 files; kernel peak RSS via /usr/bin/time -v)
Variant Peak RSS Δ vs main+all-cats
main + all catalogers 1,621 MB baseline
main + file-cats off 1,419 MB −202 MB
selective + file-cats off 1,184 MB −437 MB
combined + file-cats off 1,123 MB −498 MB (−30.7%)
Initiative status
  • Initiative 1 — disable file catalogers (this PR for node-agent / kubevuln)
  • Initiative 2 — binary-cataloger prefilter (in kubescape/syft v1.32.0-ks.2)
  • Initiative 3 — selective indexing (in kubescape/syft v1.32.0-ks.2)
  • Initiative 4 — parallelism = 1 (already in place: node-agent uses workerpool.New(1); kubevuln scanConcurrency defaults to 1)
  • Initiative 5 — GOMEMLIMIT at 80% of cgroup (this PR for helm-charts)
Cross-repo PRs
  • helm-charts: kubescape/helm-charts#PENDING_HELM
  • node-agent: kubescape/node-agent#PENDING_NA
  • kubevuln: kubescape/kubevuln#PENDING_KV
Audit

Pre-merge audit confirmed no production-path consumer reads
sbom.Files[*].Digests or sbom.Files[*].Metadata in node-agent,
kubevuln, or kubescape/storage. The two storage consumers
(containerprofile_processor.go:172, applicationprofile_processor.go:67)
only read f.Location.RealPath, which the directory walker still
populates regardless of file-cataloger disable. Selective indexing also
keeps 99.9% of the file-path coverage on gitlab-ee
(113,265 of 113,382 paths).

Reference: shared-designs-and-docs/syft-memory-improvement/2026-04-28-rollout-design.md

Summary by CodeRabbit

Release Notes

  • Bug Fixes

    • Updated SBOM generation configuration to refine the cataloging pipeline.
  • Chores

    • Updated test data to reflect new formatting standards.
    • Updated underlying dependencies to improve tool functionality.

v0.3.132

Compare Source

Summary

  • Adds proxyRegistryMap map[string]string field to Config (mapstructure key: proxyRegistryMap) so operators can declare registry mirror mappings in clusterData.json.
  • Adds proxyRegistryMap field to SyftAdapter and a rewriteImageRef helper that rewrites image pull references using simple string-prefix replacement, treating docker.io and index.docker.io as equivalent.
  • All three syft.GetSource call sites (initial pull, MANIFEST_UNKNOWN retry, 401 retry) use the rewritten pullRef; imageID/imageTag variables are untouched so SBOM annotations always record the original image reference.
  • When proxyRegistryMap is nil or empty, behaviour is identical to before.

Test plan

  • go build ./... — passes with no errors
  • go vet ./config/... ./cmd/... — clean
  • go test ./adapters/v1/ -run TestNormalizeImageID — 6/6 pass
  • Manual: set proxyRegistryMap: {"docker.io": "my-mirror.example.com"} in config and verify pulls are redirected

🤖 Generated with Claude Code

Summary by CodeRabbit

  • New Features
    • Added proxy registry mapping configuration for SBOM scanning. Container image references are now automatically rewritten to route image pulls through configured proxy registries, enabling seamless integration with enterprise proxy infrastructure. Features include longest-prefix matching for flexible routing, support for multiple image reference formats, and compatibility with standard retry mechanisms.

v0.3.129

Compare Source

Summary by CodeRabbit

  • Refactor
    • Improved internal initialization logic to conditionally configure the relevancy adapter based on storage availability, enhancing system flexibility and reliability when handling different deployment scenarios.

v0.3.119

Compare Source

Overview

Adds structured scan failure reporting to kubevuln. When a vulnerability scan fails (SBOM generation, CVE scan, or backend post), a ScanFailureReport is sent to POST /k8s/v2/scanFailure (careportreceiver). This feeds into the scan failure notification pipeline (SUB-7074) so users receive Slack/Teams alerts.

What changed:

  • Added ReportScanFailure(ctx, failureCase, reason, scanErr) to the Platform port interface
  • BackendAdapter.ReportScanFailure builds a ScanFailureReport (from armoapi-go/scanfailure) with Workloads[] list including ImageHash, JobID, ContainerName
  • Structured failure reasons: FailureReason uses human-friendly scanfailure.Reason* constants instead of raw error strings. Raw error preserved in separate Error field for R&D debugging.
  • Error classification: classifySBOMError() uses errors.As(*transport.Error) (Go 1.13 pattern) to detect auth failures, with string-based fallbacks for MANIFEST_UNKNOWN. classifySBOMStatus() maps Incomplete/TooLarge SBOM statuses.
  • Registry scan detection: populates RegistryName/IsRegistryScan when registryName arg is present
  • Instrumented GenerateSBOM(), ScanCVE(), ScanCP(), ScanRegistry() at all 14 failure points
  • Fire-and-forget: reporting errors are logged, never propagated to callers
  • 6 adapter tests + 11 classifier tests

Error Classification

Error condition Reason constant How detected
Image auth failure (401/403) ReasonImageAuthFailed errors.As(*transport.Error) + string fallback
Image not found ReasonImageNotFound strings.Contains("MANIFEST_UNKNOWN")
SBOM too large (result) ReasonSBOMTooLarge sbom.Status == TooLarge
SBOM incomplete (timeout/size) ReasonSBOMIncomplete sbom.Status == Incomplete
CVE matching failure ReasonCVEMatchingFailed Direct constant
Backend post failure ReasonResultUploadFailed Direct constant
SBOM storage failure ReasonSBOMStorageFailed Direct constant
Other/unknown ReasonSBOMGenerationFailed Fallback

Related issues/PRs

How to Test

  1. Unit tests: go test ./adapters/v1/... -run TestBackendAdapter_ReportScanFailure -v
  2. Classifier tests: go test ./core/services/... -run TestClassify -v
  3. Full test suite: go test ./...
  4. E2E: Deploy with scan failure pipeline and trigger a scan failure — verify Slack notification shows friendly reason text

Summary by CodeRabbit

  • New Features

    • Added scan failure reporting capability to capture and report failures from various scan operations.
    • Added failure reason classification to categorize SBOM-related errors and status issues with human-friendly descriptions.
  • Tests

    • Added comprehensive test coverage for scan failure reporting and failure reason classification.

v0.3.114

Compare Source

Summary

  • Adds an opt-in sidecar container that runs Syft SBOM generation in a separate memory cgroup, preventing OOM kills from crashing the main kubevuln pod (which holds Grype DB + in-flight scans)
  • gRPC service over Unix domain socket with registry-based scanning, crash detection, and retry logic
  • Backward compatible: without SBOM_SCANNER_SOCKET env var, kubevuln uses the in-process SyftAdapter as before

Design

See kubevuln-sbom-sidecar-design.md — follows the same pattern as node-agent PR #​753.

New files

File Purpose
pkg/sbomscanner/v1/proto/scanner.proto Registry-based protobuf service definition
pkg/sbomscanner/v1/server.go gRPC server (Syft + stereoscope registry pull)
pkg/sbomscanner/v1/client.go gRPC client with crash detection via codes.Unavailable
pkg/sbomscanner/v1/types.go Interface + error sentinels
cmd/sbom-scanner/main.go Scanner binary entrypoint
adapters/v1/sidecar.go SidecarSBOMAdapter implementing ports.SBOMCreator

Modified files

File Change
cmd/http/main.go Adapter selection via SBOM_SCANNER_SOCKET env var
build/Dockerfile Builds both kubevuln and sbom-scanner binaries

Companion PR

Helm chart changes: kubescape/helm-charts (PR to follow)

Test plan

  • Unit tests: go test ./pkg/sbomscanner/v1/... — health, crash detection, context cancellation, normalizeImageID
  • Integration tests: full gRPC lifecycle, simulated crash → ErrScannerCrashed, readiness toggle
  • Adapter tests: success, TooLarge passthrough, crash retry exhaustion (3 retries → TooLarge)
  • Existing tests: go test ./adapters/v1/... and go test ./core/services/... — no regressions
  • Docker build: both binaries present in image
  • E2E: kind cluster with sidecar enabled — sidecar started, kubevuln connected, SBOMSyft CRDs created, 0 restarts

🤖 Generated with Claude Code

Summary by CodeRabbit

  • New Features

    • Added optional SBOM scanner sidecar support with runtime selection and health/version reporting, falling back to the in-process scanner when unavailable.
    • Sidecar-based scans include size-aware handling and retry/oom behavior to surface complete or "too large" SBOM outcomes.
  • Tests

    • Added unit and integration tests covering sidecar client/server, scan paths, crash/retry behavior, and version reporting.
  • Chores

    • Updated build to compile and package the SBOM scanner sidecar.

v0.3.110

Compare Source

Bumps go.opentelemetry.io/otel/sdk from 1.37.0 to 1.40.0.

Changelog

Sourced from go.opentelemetry.io/otel/sdk's changelog.

[1.40.0/0.62.0/0.16.0] 2026-02-02

Added

  • Add AlwaysRecord sampler in go.opentelemetry.io/otel/sdk/trace. (#​7724)
  • Add Enabled method to all synchronous instrument interfaces (Float64Counter, Float64UpDownCounter, Float64Histogram, Float64Gauge, Int64Counter, Int64UpDownCounter, Int64Histogram, Int64Gauge,) in go.opentelemetry.io/otel/metric. This stabilizes the synchronous instrument enabled feature, allowing users to check if an instrument will process measurements before performing computationally expensive operations. (#​7763)
  • Add go.opentelemetry.io/otel/semconv/v1.39.0 package. The package contains semantic conventions from the v1.39.0 version of the OpenTelemetry Semantic Conventions. See the migration documentation for information on how to upgrade from go.opentelemetry.io/otel/semconv/v1.38.0. (#​7783, #​7789)

Changed

  • Improve the concurrent performance of HistogramReservoir in go.opentelemetry.io/otel/sdk/metric/exemplar by 4x. (#​7443)
  • Improve the concurrent performance of FixedSizeReservoir in go.opentelemetry.io/otel/sdk/metric/exemplar. (#​7447)
  • Improve performance of concurrent histogram measurements in go.opentelemetry.io/otel/sdk/metric. (#​7474)
  • Improve performance of concurrent synchronous gauge measurements in go.opentelemetry.io/otel/sdk/metric. (#​7478)
  • Add experimental observability metrics in go.opentelemetry.io/otel/exporters/stdout/stdoutmetric. (#​7492)
  • Exporter in go.opentelemetry.io/otel/exporters/prometheus ignores metrics with the scope go.opentelemetry.io/contrib/bridges/prometheus. This prevents scrape failures when the Prometheus exporter is misconfigured to get data from the Prometheus bridge. (#​7688)
  • Improve performance of concurrent exponential histogram measurements in go.opentelemetry.io/otel/sdk/metric. (#​7702)
  • The rpc.grpc.status_code attribute in the experimental metrics emitted from go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc is replaced with the rpc.response.status_code attribute to align with the semantic conventions. (#​7854)
  • The rpc.grpc.status_code attribute in the experimental metrics emitted from go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc is replaced with the rpc.response.status_code attribute to align with the semantic conventions. (#​7854)

Fixed

  • Fix bad log message when key-value pairs are dropped because of key duplication in go.opentelemetry.io/otel/sdk/log. (#​7662)
  • Fix DroppedAttributes on Record in go.opentelemetry.io/otel/sdk/log to not count the non-attribute key-value pairs dropped because of key duplication. (#​7662)
  • Fix SetAttributes on Record in go.opentelemetry.io/otel/sdk/log to not log that attributes are dropped when they are actually not dropped. (#​7662)
  • Fix missing request.GetBody in go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp to correctly handle HTTP/2 GOAWAY frame. (#​7794)
  • WithHostID detector in go.opentelemetry.io/otel/sdk/resource to use full path for ioreg command on Darwin (macOS). (#​7818)

Deprecated

  • Deprecate go.opentelemetry.io/otel/exporters/zipkin. For more information, see

    Note

    PR body was truncated to here.

@renovate renovate Bot requested a review from a team as a code owner November 14, 2024 23:05
@renovate renovate Bot requested a review from TylerGillson November 14, 2024 23:05
@renovate

renovate Bot commented Nov 14, 2024

Copy link
Copy Markdown
Contributor Author

ℹ Artifact update notice

File name: go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

  • 71 additional dependencies were updated

Details:

Package Change
github.com/anchore/go-logger v0.0.0-20230725134548-c21dafa1ec5a -> v0.0.0-20241205183533-4fc29b5832e7
github.com/anchore/packageurl-go v0.1.1-0.20240312213626-055233e539b4 -> v0.1.1-0.20241018175412-5c22e6360c4f
github.com/anchore/stereoscope v0.0.3-0.20240423181235-8b297badafd5 -> v0.0.11
github.com/anchore/syft v1.3.0 -> v1.18.1
github.com/armosec/armoapi-go v0.0.416 -> v0.0.512
github.com/armosec/gojay v1.2.15 -> v1.2.17
github.com/armosec/utils-go v0.0.57 -> v0.0.58
github.com/armosec/utils-k8s-go v0.0.26 -> v0.0.30
github.com/bmatcuk/doublestar/v4 v4.6.1 -> v4.7.1
github.com/briandowns/spinner v1.23.0 -> v1.23.1
github.com/containerd/errdefs v0.1.0 -> v1.0.0
github.com/docker/cli v24.0.7+incompatible -> v27.4.0+incompatible
github.com/docker/docker v27.1.1+incompatible -> v27.4.0+incompatible
github.com/emicklei/go-restful/v3 v3.12.1 -> v3.12.2
github.com/evanphx/json-patch/v5 v5.9.0 -> v5.9.11
github.com/fatih/color v1.17.0 -> v1.18.0
github.com/fsnotify/fsnotify v1.7.0 -> v1.8.0
github.com/gabriel-vasile/mimetype v1.4.3 -> v1.4.7
github.com/github/go-spdx/v2 v2.2.0 -> v2.3.2
github.com/gobuffalo/flect v1.0.2 -> v1.0.3
github.com/google/cel-go v0.20.1 -> v0.22.0
github.com/google/go-cmp v0.6.0 -> v0.7.0
github.com/google/go-containerregistry v0.20.1 -> v0.20.2
github.com/google/pprof v0.0.0-20240827171923-fa2c70bbbfe5 -> v0.0.0-20250403155104-27863c87afa6
github.com/grpc-ecosystem/grpc-gateway/v2 v2.20.0 -> v2.26.1
github.com/klauspost/compress v1.17.9 -> v1.17.11
github.com/kubescape/go-logger v0.0.22 -> v0.0.23
github.com/kubescape/k8s-interface v0.0.162 -> v0.0.191
github.com/pelletier/go-toml/v2 v2.2.2 -> v2.2.3
github.com/pierrec/lz4/v4 v4.1.15 -> v4.1.22
github.com/prometheus/client_golang v1.19.1 -> v1.20.5
github.com/prometheus/common v0.55.0 -> v0.61.0
github.com/sagikazarmark/locafero v0.4.0 -> v0.7.0
github.com/spf13/afero v1.11.0 -> v1.12.0
github.com/spf13/cast v1.6.0 -> v1.7.1
github.com/spf13/cobra v1.8.1 -> v1.9.1
github.com/spf13/pflag v1.0.5 -> v1.0.6
github.com/spf13/viper v1.19.0 -> v1.20.0
github.com/stoewer/go-strcase v1.2.0 -> v1.3.0
github.com/stripe/stripe-go/v74 v74.28.0 -> v74.30.0
github.com/sylabs/squashfs v0.6.1 -> v1.0.4
github.com/uptrace/opentelemetry-go-extra/otelutil v0.2.2 -> v0.3.2
github.com/uptrace/opentelemetry-go-extra/otelzap v0.2.2 -> v0.3.2
github.com/uptrace/uptrace-go v1.18.0 -> v1.30.1
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.53.0 -> v0.58.0
go.opentelemetry.io/contrib/instrumentation/runtime v0.44.0 -> v0.55.0
go.opentelemetry.io/otel v1.28.0 -> v1.35.0
go.opentelemetry.io/otel/exporters/stdout/stdouttrace v1.18.0 -> v1.30.0
go.opentelemetry.io/otel/metric v1.28.0 -> v1.35.0
go.opentelemetry.io/otel/sdk v1.28.0 -> v1.35.0
golang.org/x/crypto v0.26.0 -> v0.36.0
golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 -> v0.0.0-20241217172543-b2144cdd0a67
golang.org/x/net v0.28.0 -> v0.37.0
golang.org/x/oauth2 v0.21.0 -> v0.28.0
golang.org/x/sync v0.8.0 -> v0.12.0
golang.org/x/sys v0.24.0 -> v0.32.0
golang.org/x/term v0.23.0 -> v0.30.0
golang.org/x/text v0.17.0 -> v0.23.0
golang.org/x/time v0.5.0 -> v0.8.0
golang.org/x/tools v0.24.0 -> v0.31.0
gomodules.xyz/jsonpatch/v2 v2.4.0 -> v2.5.0
google.golang.org/genproto/googleapis/api v0.0.0-20240528184218-531527333157 -> v0.0.0-20250218202821-56aae31c358a
google.golang.org/genproto/googleapis/rpc v0.0.0-20240701130421-f6361c86f094 -> v0.0.0-20250218202821-56aae31c358a
k8s.io/apiextensions-apiserver v0.31.0 -> v0.32.3
k8s.io/apiserver v0.31.0 -> v0.32.3
k8s.io/component-base v0.31.0 -> v0.32.3
k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 -> v0.0.0-20241105132330-32ad38e42d3f
k8s.io/utils v0.0.0-20240711033017-18e509b52bc8 -> v0.0.0-20241210054802-24370beab758
sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.30.3 -> v0.31.0
sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd -> v0.0.0-20241014173422-cfa47c3a1cc8
sigs.k8s.io/structured-merge-diff/v4 v4.4.1 -> v4.5.0

@dosubot dosubot Bot added the size:L This PR changes 100-499 lines, ignoring generated files. label Nov 14, 2024
renovate-approve[bot]
renovate-approve Bot previously approved these changes Nov 14, 2024
renovate-approve[bot]
renovate-approve Bot previously approved these changes Nov 19, 2024
renovate-approve[bot]
renovate-approve Bot previously approved these changes Nov 19, 2024
renovate-approve[bot]
renovate-approve Bot previously approved these changes Nov 21, 2024
renovate-approve[bot]
renovate-approve Bot previously approved these changes Nov 21, 2024
renovate-approve[bot]
renovate-approve Bot previously approved these changes Nov 21, 2024
renovate-approve[bot]
renovate-approve Bot previously approved these changes Nov 22, 2024
renovate-approve[bot]
renovate-approve Bot previously approved these changes Nov 22, 2024
renovate-approve[bot]
renovate-approve Bot previously approved these changes Jan 28, 2025
renovate-approve[bot]
renovate-approve Bot previously approved these changes Jan 30, 2025
renovate-approve[bot]
renovate-approve Bot previously approved these changes Jan 31, 2025
renovate-approve[bot]
renovate-approve Bot previously approved these changes Feb 6, 2025
renovate-approve[bot]
renovate-approve Bot previously approved these changes Feb 7, 2025
renovate-approve[bot]
renovate-approve Bot previously approved these changes Feb 10, 2025
renovate-approve[bot]
renovate-approve Bot previously approved these changes Feb 11, 2025
renovate-approve[bot]
renovate-approve Bot previously approved these changes Feb 12, 2025
renovate-approve[bot]
renovate-approve Bot previously approved these changes Feb 13, 2025
renovate-approve[bot]
renovate-approve Bot previously approved these changes Feb 13, 2025
renovate-approve[bot]
renovate-approve Bot previously approved these changes Feb 14, 2025
renovate-approve[bot]
renovate-approve Bot previously approved these changes Feb 17, 2025
renovate-approve[bot]
renovate-approve Bot previously approved these changes Feb 18, 2025
renovate-approve[bot]
renovate-approve Bot previously approved these changes Mar 4, 2025
renovate-approve[bot]
renovate-approve Bot previously approved these changes Mar 5, 2025
renovate-approve[bot]
renovate-approve Bot previously approved these changes Mar 8, 2025
renovate-approve[bot]
renovate-approve Bot previously approved these changes Mar 11, 2025
renovate-approve[bot]
renovate-approve Bot previously approved these changes Mar 11, 2025
renovate-approve[bot]
renovate-approve Bot previously approved these changes Mar 12, 2025
renovate-approve[bot]
renovate-approve Bot previously approved these changes Mar 18, 2025
renovate-approve[bot]
renovate-approve Bot previously approved these changes Mar 19, 2025
renovate-approve[bot]
renovate-approve Bot previously approved these changes Mar 20, 2025
renovate-approve[bot]
renovate-approve Bot previously approved these changes Mar 20, 2025
renovate-approve[bot]
renovate-approve Bot previously approved these changes Mar 21, 2025
renovate-approve[bot]
renovate-approve Bot previously approved these changes Mar 24, 2025
renovate-approve[bot]
renovate-approve Bot previously approved these changes Mar 27, 2025
renovate-approve[bot]
renovate-approve Bot previously approved these changes Apr 2, 2025
@renovate

renovate Bot commented Apr 10, 2026

Copy link
Copy Markdown
Contributor Author

ℹ️ Artifact update notice

File name: go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

  • 94 additional dependencies were updated
  • The go directive was updated for compatibility reasons

Details:

Package Change
go 1.23.6 -> 1.26.0
sigs.k8s.io/cluster-api v1.8.2 -> v1.8.5
github.com/anchore/go-logger v0.0.0-20230725134548-c21dafa1ec5a -> v0.0.0-20250318195838-07ae343dd722
github.com/anchore/packageurl-go v0.1.1-0.20240312213626-055233e539b4 -> v0.1.1-0.20250220190351-d62adb6e1115
github.com/anchore/stereoscope v0.0.3-0.20240423181235-8b297badafd5 -> v0.1.22
github.com/anchore/syft v1.3.0 -> v1.42.3
github.com/armosec/armoapi-go v0.0.416 -> v0.0.718
github.com/armosec/gojay v1.2.15 -> v1.2.17
github.com/armosec/utils-go v0.0.57 -> v0.0.58
github.com/armosec/utils-k8s-go v0.0.26 -> v0.0.35
github.com/bmatcuk/doublestar/v4 v4.6.1 -> v4.10.0
github.com/briandowns/spinner v1.23.0 -> v1.23.2
github.com/containerd/errdefs v0.1.0 -> v1.0.0
github.com/containers/common v0.60.4 -> v0.64.2
github.com/docker/cli v24.0.7+incompatible -> v29.3.0+incompatible
github.com/docker/docker v27.1.1+incompatible -> v28.5.2+incompatible
github.com/docker/docker-credential-helpers v0.8.2 -> v0.9.5
github.com/docker/go-connections v0.5.0 -> v0.6.0
github.com/emicklei/go-restful/v3 v3.12.1 -> v3.13.0
github.com/evanphx/json-patch/v5 v5.9.0 -> v5.9.11
github.com/fatih/color v1.17.0 -> v1.19.0
github.com/fsnotify/fsnotify v1.7.0 -> v1.9.0
github.com/fxamacker/cbor/v2 v2.7.0 -> v2.9.0
github.com/gabriel-vasile/mimetype v1.4.3 -> v1.4.13
github.com/github/go-spdx/v2 v2.2.0 -> v2.4.0
github.com/go-openapi/swag v0.23.0 -> v0.23.1
github.com/go-task/slim-sprig/v3 v3.0.0 -> v3.0.0
github.com/gobuffalo/flect v1.0.2 -> v1.0.3
github.com/google/cel-go v0.20.1 -> v0.26.0
github.com/google/gnostic-models v0.6.9-0.20230804172637-c7be7c783f49 -> v0.7.0
github.com/google/go-cmp v0.6.0 -> v0.7.0
github.com/grpc-ecosystem/grpc-gateway/v2 v2.20.0 -> v2.28.0
github.com/klauspost/compress v1.17.9 -> v1.18.5
github.com/kubescape/go-logger v0.0.22 -> v0.0.33
github.com/kubescape/k8s-interface v0.0.162 -> v0.0.214
github.com/mailru/easyjson v0.7.7 -> v0.9.0
github.com/mattn/go-colorable v0.1.13 -> v0.1.14
github.com/mattn/go-isatty v0.0.20 -> v0.0.21
github.com/modern-go/reflect2 v1.0.2 -> v1.0.3-0.20250322232337-35a7c28c31ee
github.com/opencontainers/image-spec v1.1.0 -> v1.1.1
github.com/opencontainers/runtime-spec v1.2.0 -> v1.3.0
github.com/package-url/packageurl-go v0.1.1 -> v0.1.3
github.com/pelletier/go-toml/v2 v2.2.2 -> v2.2.4
github.com/pierrec/lz4/v4 v4.1.15 -> v4.1.22
github.com/prometheus/client_golang v1.19.1 -> v1.23.2
github.com/prometheus/client_model v0.6.1 -> v0.6.2
github.com/prometheus/common v0.55.0 -> v0.67.5
github.com/prometheus/procfs v0.15.1 -> v0.19.2
github.com/sagikazarmark/locafero v0.4.0 -> v0.11.0
github.com/seccomp/libseccomp-golang v0.10.0 -> v0.11.0
github.com/sirupsen/logrus v1.9.3 -> v1.9.4
github.com/sourcegraph/conc v0.3.0 -> v0.3.1-0.20240121214520-5f936abd7ae8
github.com/spf13/afero v1.11.0 -> v1.15.0
github.com/spf13/cast v1.6.0 -> v1.10.0
github.com/spf13/cobra v1.8.1 -> v1.10.2
github.com/spf13/pflag v1.0.5 -> v1.0.10
github.com/spf13/viper v1.19.0 -> v1.21.0
github.com/stoewer/go-strcase v1.2.0 -> v1.3.0
github.com/stripe/stripe-go/v74 v74.28.0 -> v74.30.0
github.com/sylabs/squashfs v0.6.1 -> v1.0.6
github.com/ulikunitz/xz v0.5.12 -> v0.5.15
github.com/uptrace/opentelemetry-go-extra/otelutil v0.2.2 -> v0.3.2
github.com/uptrace/opentelemetry-go-extra/otelzap v0.2.2 -> v0.3.2
github.com/uptrace/uptrace-go v1.18.0 -> v1.43.0
github.com/wagoodman/go-progress v0.0.0-20230925121702-07e42b3cdba0 -> v0.0.0-20260303201901-10176f79b2c0
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.53.0 -> v0.65.0
go.opentelemetry.io/contrib/instrumentation/runtime v0.44.0 -> v0.68.0
go.opentelemetry.io/otel v1.28.0 -> v1.43.0
go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.28.0 -> v1.43.0
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.27.0 -> v1.43.0
go.uber.org/zap v1.27.0 -> v1.27.1
golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 -> v0.0.0-20260410095643-746e56fc9e2f
golang.org/x/net v0.28.0 -> v0.56.0
golang.org/x/oauth2 v0.21.0 -> v0.36.0
golang.org/x/sync v0.8.0 -> v0.21.0
golang.org/x/sys v0.24.0 -> v0.46.0
golang.org/x/term v0.23.0 -> v0.44.0
golang.org/x/text v0.17.0 -> v0.38.0
golang.org/x/time v0.5.0 -> v0.15.0
golang.org/x/tools v0.24.0 -> v0.45.0
gomodules.xyz/jsonpatch/v2 v2.4.0 -> v2.4.0
google.golang.org/genproto/googleapis/api v0.0.0-20240528184218-531527333157 -> v0.0.0-20260414002931-afd174a4e478
google.golang.org/genproto/googleapis/rpc v0.0.0-20240701130421-f6361c86f094 -> v0.0.0-20260414002931-afd174a4e478
google.golang.org/grpc v1.65.0 -> v1.80.0
google.golang.org/protobuf v1.34.2 -> v1.36.12-0.20260120151049-f2248ac996af
gopkg.in/evanphx/json-patch.v4 v4.12.0 -> v4.13.0
gopkg.in/inf.v0 v0.9.1 -> v0.9.1
k8s.io/apiextensions-apiserver v0.31.0 -> v0.36.0
k8s.io/apiserver v0.31.0 -> v0.36.0
k8s.io/component-base v0.31.0 -> v0.36.0
k8s.io/klog/v2 v2.130.1 -> v2.140.0
k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 -> v0.0.0-20260317180543-43fb72c5454a
k8s.io/utils v0.0.0-20240711033017-18e509b52bc8 -> v0.0.0-20260319190234-28399d86e0b5
sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.30.3 -> v0.34.0
sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd -> v0.0.0-20250730193827-2d320260d730

@renovate

renovate Bot commented Jun 30, 2026

Copy link
Copy Markdown
Contributor Author

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

  • any of the package files in this branch needs updating, or
  • the branch becomes conflicted, or
  • you click the rebase/retry checkbox if found above, or
  • you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: go.sum
Command failed: go get -t ./...
go: module github.com/kubescape/kubevuln@v0.3.154 requires go >= 1.25.8; switching to go1.25.12
go: downloading go1.25.12 (linux/amd64)
go: module k8s.io/api@v0.36.2 requires go >= 1.26.0; switching to go1.26.5
go: downloading go1.26.5 (linux/amd64)
go: downloading k8s.io/apimachinery v0.36.2
go: downloading sigs.k8s.io/controller-runtime v0.24.1
go: downloading github.com/validator-labs/validator v0.1.16
go: downloading k8s.io/client-go v0.36.2
go: downloading github.com/go-logr/logr v1.4.3
go: downloading github.com/kubescape/kubevuln v0.3.154
go: downloading sigs.k8s.io/cluster-api v1.13.3
go: downloading github.com/onsi/ginkgo/v2 v2.32.0
go: downloading github.com/onsi/gomega v1.42.1
go: downloading github.com/kubescape/storage v0.0.291
go: downloading k8s.io/api v0.36.2
go: downloading k8s.io/utils v0.0.0-20260319190234-28399d86e0b5
go: downloading sigs.k8s.io/randfill v1.0.0
go: downloading k8s.io/klog/v2 v2.140.0
go: downloading k8s.io/kube-openapi v0.0.0-20260317180543-43fb72c5454a
go: downloading sigs.k8s.io/structured-merge-diff/v6 v6.4.0
go: downloading github.com/go-logr/zapr v1.3.0
go: downloading go.uber.org/zap v1.27.1
go: downloading k8s.io/apiserver v0.36.0
go: downloading github.com/prometheus/client_golang v1.23.2
go: downloading gomodules.xyz/jsonpatch/v2 v2.5.0
go: downloading github.com/armosec/utils-k8s-go v0.0.35
go: downloading github.com/kubescape/go-logger v0.0.33
go: downloading github.com/kubescape/k8s-interface v0.0.214
go: downloading github.com/openvex/go-vex v0.2.5
go: downloading go.opentelemetry.io/otel v1.43.0
go: downloading golang.org/x/mod v0.36.0
go: downloading github.com/pkg/errors v0.9.1
go: downloading github.com/evanphx/json-patch/v5 v5.9.11
go: downloading github.com/google/go-cmp v0.7.0
go: downloading github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822
go: downloading golang.org/x/net v0.56.0
go: downloading k8s.io/apiextensions-apiserver v0.36.0
go: downloading sigs.k8s.io/yaml v1.6.0
go: downloading github.com/anchore/syft v1.42.3
go: downloading github.com/containers/common v0.64.2
go: downloading gopkg.in/inf.v0 v0.9.1
go: downloading sigs.k8s.io/json v0.0.0-20250730193827-2d320260d730
go: downloading github.com/json-iterator/go v1.1.12
go: downloading go.yaml.in/yaml/v2 v2.4.3
go: downloading golang.org/x/oauth2 v0.36.0
go: downloading go.uber.org/multierr v1.11.0
go: downloading k8s.io/component-base v0.36.0
go: downloading github.com/prometheus/client_model v0.6.2
go: downloading github.com/prometheus/common v0.67.5
go: downloading github.com/fsnotify/fsnotify v1.9.0
go: downloading github.com/uptrace/uptrace-go v1.43.0
go: downloading github.com/google/uuid v1.6.0
go: downloading github.com/armosec/utils-go v0.0.58
go: downloading github.com/armosec/armoapi-go v0.0.718
go: downloading github.com/docker/docker v28.5.2+incompatible
go: downloading github.com/deckarep/golang-set/v2 v2.7.0
go: downloading github.com/package-url/packageurl-go v0.1.3
go: downloading github.com/sirupsen/logrus v1.9.4
go: downloading gopkg.in/yaml.v3 v3.0.1
go: downloading go.opentelemetry.io/otel/metric v1.43.0
go: downloading go.opentelemetry.io/otel/trace v1.43.0
go: downloading github.com/blang/semver/v4 v4.0.0
go: downloading github.com/gobuffalo/flect v1.0.3
go: downloading golang.org/x/sys v0.46.0
go: downloading github.com/Masterminds/semver/v3 v3.4.0
go: downloading go.yaml.in/yaml/v3 v3.0.4
go: downloading github.com/fxamacker/cbor/v2 v2.9.0
go: downloading golang.org/x/term v0.44.0
go: downloading golang.org/x/time v0.15.0
go: downloading github.com/anchore/stereoscope v0.1.22
go: downloading github.com/bmatcuk/doublestar/v4 v4.10.0
go: downloading github.com/gohugoio/hashstructure v0.6.0
go: downloading github.com/hashicorp/go-multierror v1.1.1
go: downloading github.com/scylladb/go-set v1.0.3-0.20200225121959-cc7b2070d91e
go: downloading github.com/github/go-spdx/v2 v2.4.0
go: downloading github.com/anchore/packageurl-go v0.1.1-0.20250220190351-d62adb6e1115
go: downloading github.com/go-viper/mapstructure/v2 v2.5.0
go: downloading github.com/jinzhu/copier v0.4.0
go: downloading github.com/opencontainers/runtime-spec v1.3.0
go: downloading github.com/seccomp/libseccomp-golang v0.11.0
go: downloading github.com/yl2chen/cidranger v1.0.2
go: downloading golang.org/x/text v0.38.0
go: downloading github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd
go: downloading github.com/modern-go/reflect2 v1.0.3-0.20250322232337-35a7c28c31ee
go: downloading github.com/spf13/pflag v1.0.10
go: downloading k8s.io/streaming v0.36.2
go: downloading golang.org/x/sync v0.21.0
go: downloading github.com/prometheus/procfs v0.19.2
go: downloading github.com/go-openapi/jsonreference v0.21.0
go: downloading github.com/go-openapi/swag v0.23.1
go: downloading github.com/google/gnostic-models v0.7.0
go: downloading github.com/google/cel-go v0.26.0
go: downloading github.com/beorn7/perks v1.0.1
go: downloading github.com/cespare/xxhash/v2 v2.3.0
go: downloading google.golang.org/protobuf v1.36.12-0.20260120151049-f2248ac996af
go: downloading github.com/briandowns/spinner v1.23.2
go: downloading github.com/mattn/go-isatty v0.0.21
go: downloading github.com/fatih/color v1.19.0
go: downloading go.opentelemetry.io/contrib/bridges/otelslog v0.18.0
go: downloading go.opentelemetry.io/otel/log v0.19.0
go: downloading github.com/uptrace/opentelemetry-go-extra/otelzap v0.3.2
go: downloading go.opentelemetry.io/contrib/instrumentation/runtime v0.68.0
go: downloading go.opentelemetry.io/contrib/processors/minsev v0.16.0
go: downloading go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp v0.19.0
go: downloading go.opentelemetry.io/otel/exporters/otlp/otlpmetric v0.41.0
go: downloading go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp v1.43.0
go: downloading go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.43.0
go: downloading go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.43.0
go: downloading go.opentelemetry.io/otel/exporters/stdout/stdouttrace v1.43.0
go: downloading go.opentelemetry.io/otel/sdk v1.43.0
go: downloading go.opentelemetry.io/otel/sdk/log v0.19.0
go: downloading go.opentelemetry.io/otel/sdk/metric v1.43.0
go: downloading github.com/armosec/gojay v1.2.17
go: downloading github.com/stripe/stripe-go/v74 v74.30.0
go: downloading go.mongodb.org/mongo-driver v1.17.6
go: downloading github.com/opencontainers/image-spec v1.1.1
go: downloading gopkg.in/evanphx/json-patch.v4 v4.13.0
go: downloading github.com/go-logr/stdr v1.2.2
go: downloading go.opentelemetry.io/auto/sdk v1.2.1
go: downloading github.com/emicklei/go-restful/v3 v3.13.0
go: downloading github.com/go-task/slim-sprig/v3 v3.0.0
go: downloading golang.org/x/tools v0.45.0
go: downloading github.com/x448/float16 v0.8.4
go: downloading github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc
go: downloading github.com/gabriel-vasile/mimetype v1.4.13
go: downloading github.com/spf13/afero v1.15.0
go: downloading github.com/sylabs/squashfs v1.0.6
go: downloading github.com/containerd/errdefs v1.0.0
go: downloading github.com/docker/go-connections v0.6.0
go: downloading github.com/google/go-containerregistry v0.21.2
go: downloading github.com/wagoodman/go-partybus v0.0.0-20230516145632-8ccac152c651
go: downloading github.com/wagoodman/go-progress v0.0.0-20260303201901-10176f79b2c0
go: downloading github.com/anchore/go-logger v0.0.0-20250318195838-07ae343dd722
go: downloading github.com/hashicorp/errwrap v1.1.0
go: downloading github.com/google/licensecheck v0.3.1
go: downloading github.com/facebookincubator/nvdtools v0.1.5
go: downloading github.com/acobaugh/osrelease v0.1.0
go: downloading github.com/go-openapi/jsonpointer v0.21.2
go: downloading github.com/mailru/easyjson v0.9.0
go: downloading cel.dev/expr v0.25.1
go: downloading google.golang.org/genproto/googleapis/api v0.0.0-20260414002931-afd174a4e478
go: downloading github.com/mattn/go-colorable v0.1.14
go: downloading github.com/uptrace/opentelemetry-go-extra/otelutil v0.3.2
go: downloading go.opentelemetry.io/proto/otlp v1.10.0
go: downloading github.com/coreos/go-oidc v2.5.0+incompatible
go: downloading github.com/coreos/go-oidc/v3 v3.15.0
go: downloading github.com/francoispqt/gojay v1.2.13
go: downloading github.com/cilium/cilium v1.17.15
go: downloading github.com/olvrng/ujson v1.1.0
go: downloading github.com/spf13/viper v1.21.0
go: downloading github.com/opencontainers/go-digest v1.0.0
go: downloading github.com/google/pprof v0.0.0-20260402051712-545e8a4df936
go: downloading github.com/becheran/wildmatch-go v1.0.0
go: downloading github.com/docker/cli v29.3.0+incompatible
go: downloading github.com/mitchellh/go-homedir v1.1.0
go: downloading github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2
go: downloading google.golang.org/grpc v1.80.0
go: downloading sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.34.0
go: downloading go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.65.0
go: downloading go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.43.0
go: downloading github.com/josharian/intern v1.0.0
go: downloading github.com/stoewer/go-strcase v1.3.0
go: downloading github.com/antlr4-go/antlr/v4 v4.13.0
go: downloading google.golang.org/genproto/googleapis/rpc v0.0.0-20260414002931-afd174a4e478
go: downloading github.com/cenkalti/backoff v2.2.1+incompatible
go: downloading github.com/cenkalti/backoff/v5 v5.0.3
go: downloading github.com/grpc-ecosystem/grpc-gateway/v2 v2.28.0
go: downloading github.com/cenkalti/backoff/v4 v4.3.0
go: downloading github.com/go-jose/go-jose/v4 v4.1.4
go: downloading github.com/sagikazarmark/locafero v0.11.0
go: downloading github.com/spf13/cast v1.10.0
go: downloading github.com/felixge/httpsnoop v1.0.4
go: downloading golang.org/x/exp v0.0.0-20260410095643-746e56fc9e2f
go: downloading github.com/spf13/cobra v1.10.2
go: downloading github.com/cilium/ebpf v0.17.1
go: downloading github.com/mackerelio/go-osstat v0.2.5
go: downloading github.com/sourcegraph/conc v0.3.1-0.20240121214520-5f936abd7ae8
go: downloading github.com/subosito/gotenv v1.6.0
go: downloading github.com/pelletier/go-toml/v2 v2.2.4
go: downloading github.com/klauspost/compress v1.18.5
go: downloading github.com/pierrec/lz4/v4 v4.1.22
go: downloading github.com/therootcompany/xz v1.0.1
go: downloading github.com/ulikunitz/xz v0.5.15
go: downloading github.com/docker/docker-credential-helpers v0.9.5
go: downloading github.com/inconshreveable/mousetrap v1.1.0
go: downloading github.com/go-openapi/errors v0.22.2
go: downloading github.com/go-openapi/strfmt v0.23.0
go: downloading github.com/go-openapi/validate v0.24.0
go: downloading github.com/vishvananda/netlink v1.3.1
go: downloading go4.org/netipx v0.0.0-20231129151722-fdeea329fbba
go: downloading go4.org v0.0.0-20230225012048-214862532bf5
go: downloading github.com/sasha-s/go-deadlock v0.3.5
go: downloading github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2
go: downloading github.com/mitchellh/mapstructure v1.5.0
go: downloading github.com/oklog/ulid v1.3.1
go: downloading github.com/go-openapi/analysis v0.23.0
go: downloading github.com/go-openapi/loads v0.22.0
go: downloading github.com/go-openapi/spec v0.21.0
go: downloading github.com/vishvananda/netns v0.0.5
go: downloading github.com/petermattis/goid v0.0.0-20241211131331-93ee7e083c43
go: downloading sigs.k8s.io/cluster-api/api v1.14.0-alpha.0
go: github.com/validator-labs/validator-plugin-kubescape/cmd imports
	github.com/validator-labs/validator/api/v1alpha1 imports
	sigs.k8s.io/cluster-api/api/v1beta1: cannot find module providing package sigs.k8s.io/cluster-api/api/v1beta1

Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies go size:S This PR changes 10-29 lines, ignoring generated files.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants