mirror/oidc
1
0
Fork 0
mirror of https://github.com/zitadel/oidc.git synced 2026-01-26 05:08:51 -06:00
Code Issues Packages Projects Releases Wiki Activity
750 Commits 8 Branches 235 Tags
v3.45.3
Commit Graph

750 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
valerijhegaj
d105fafa37 fix(tracing): renamed tracer in op (#809) 
Closes #808 

- Made the Tracer public to allow users to customize it, similar to how
it’s done in the client.

- Private global var tracer renamed to public global var Tracer

Co-authored-by: v.i.khegay <v.i.khegay@tbank.ru>
v3.45.3 		2026-01-12 09:39:46 +00:00
Marc Alvarez
b4dca67d3c fix: consistently handle string-valued boolean fields from non-compliant OIDC providers (#791) 
AWS Cognito (and potentially other providers) return `email_verified`
and `phone_number_verified` as strings (`"true"`/`"false"`) instead of
proper JSON booleans, violating the [OIDC
specification](https://openid.net/specs/openid-connect-basic-1_0.html#StandardClaims).

AWS Documentation confirms this:
> Currently, Amazon Cognito returns the values for email_verified and
phone_number_verified as strings.

_Source:
https://docs.aws.amazon.com/cognito/latest/developerguide/userinfo-endpoint.html#get-userinfo-response-sample_

### The Problem

The `zitadel/oidc` library currently handles this inconsistently:
  -  `EmailVerified` uses the custom `Bool` type (added in #139)
  -  `PhoneNumberVerified` uses Go's standard `bool`
  
This forces developers to handle semantically identical fields
differently:

```go
// Currently inconsistent code path
userInfo.EmailVerified = oidc.Bool(emailValue)    // Cast
userInfo.PhoneNumberVerified = phoneValue      // No cast
```

Additionally, the existing `Bool.UnmarshalJSON` implementation meant
that false values couldn't overwrite true.

### Solution

Applied `Bool` type consistently to both fields and simplified
`Bool.UnmarshalJSON` using a direct switch statement to:

  - Handle standard JSON booleans (true/false)
  - Handle AWS Cognito string format ("true"/"false")
  - Return errors on invalid input instead of silently failing
  - Allow false to overwrite true

 Updated tests to match codebase conventions, as well.

 ### Impact

`PhoneNumberVerified` changes from `bool` to `Bool` (type alias of
`bool`). Most consumer code should work as-is since `Bool` is just a
type alias. Direct type assertions would need updating.

### Definition of Ready

- [X] I am happy with the code
- [X] Short description of the feature/issue is added in the pr
description
- [ ] PR is linked to the corresponding user story
- [X] Acceptance criteria are met
- [ ] All open todos and follow ups are defined in a new ticket and
justified
- [ ] Deviations from the acceptance criteria and design are agreed with
the PO and documented.
- [X] No debug or dead code
- [X] My code has no repetitions
- [X] Critical parts are tested automatically
- [x] Where possible E2E tests are implemented
- [X] Documentation/examples are up-to-date
- [ ] All non-functional requirements are met
- [x] Functionality of the acceptance criteria is checked manually on
the dev system.

Co-authored-by: Wim Van Laer <wim07101993@users.noreply.github.com>
v3.45.2 		2026-01-12 09:33:18 +00:00
dependabot[bot]
8138813929 chore(deps): bump github.com/bmatcuk/doublestar/v4 from 4.9.1 to 4.9.2 (#832) 
Bumps
[github.com/bmatcuk/doublestar/v4](https://github.com/bmatcuk/doublestar)
from 4.9.1 to 4.9.2.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/bmatcuk/doublestar/releases">github.com/bmatcuk/doublestar/v4's
releases</a>.</em></p>
<blockquote>
<h2>Fixed Handling of Paths With Meta Chars Using Alts</h2>
<p><a href="https://github.com/toga4"><code>@​toga4</code></a> submitted
a PR that fixed a small bug with the way paths were handled when the
pattern used <code>{alts}</code>: if some part of the on-disk path that
came before the <code>{alt}</code> included meta characters (say, a
directory name that included the character <code>?</code>), these meta
characters were not escaped when they were passed back through the
globbing routines. This caused doublestar to interpret them as actual
meta characters, rather than a fixed-string path as it should have. Nice
find, <a href="https://github.com/toga4"><code>@​toga4</code></a> !</p>
<h2>What's Changed</h2>
<ul>
<li>fix: escape meta characters in paths during brace expansion by <a
href="https://github.com/toga4"><code>@​toga4</code></a> in <a
href="https://redirect.github.com/bmatcuk/doublestar/pull/108">bmatcuk/doublestar#108</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/toga4"><code>@​toga4</code></a> made
their first contribution in <a
href="https://redirect.github.com/bmatcuk/doublestar/pull/108">bmatcuk/doublestar#108</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/bmatcuk/doublestar/compare/v4.9.1...v4.9.2">https://github.com/bmatcuk/doublestar/compare/v4.9.1...v4.9.2</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="3dc83064cf"><code>3dc8306</code></a>
Merge branch 'toga4-fix-brace-exp-with-meta'</li>
<li><a
href="4db19e22da"><code>4db19e2</code></a>
fix tests</li>
<li><a
href="4ef2b00391"><code>4ef2b00</code></a>
fix: escape meta characters in paths during brace expansion</li>
<li><a
href="b191bb9ad1"><code>b191bb9</code></a>
test: add failing tests for brace expansion with meta char
directories</li>
<li><a
href="9fded312dd"><code>9fded31</code></a>
notes about globbing</li>
<li>See full diff in <a
href="https://github.com/bmatcuk/doublestar/compare/v4.9.1...v4.9.2">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/bmatcuk/doublestar/v4&package-manager=go_modules&previous-version=4.9.1&new-version=4.9.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-01-12 06:49:18 +00:00
dependabot[bot]
70fb7d65af chore(deps): bump golang.org/x/text from 0.32.0 to 0.33.0 (#831) 
Bumps [golang.org/x/text](https://github.com/golang/text) from 0.32.0 to
0.33.0.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="536231a9ab"><code>536231a</code></a>
go.mod: update golang.org/x dependencies</li>
<li>See full diff in <a
href="https://github.com/golang/text/compare/v0.32.0...v0.33.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=golang.org/x/text&package-manager=go_modules&previous-version=0.32.0&new-version=0.33.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-01-12 07:47:57 +01:00
dependabot[bot]
9deae12322 chore(deps): bump github.com/zitadel/schema from 1.3.1 to 1.3.2 (#827) 
Bumps [github.com/zitadel/schema](https://github.com/zitadel/schema)
from 1.3.1 to 1.3.2.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/zitadel/schema/releases">github.com/zitadel/schema's
releases</a>.</em></p>
<blockquote>
<h2>v1.3.2</h2>
<h2><a
href="https://github.com/zitadel/schema/compare/v1.3.1...v1.3.2">1.3.2</a>
(2026-01-05)</h2>
<h3>Bug Fixes</h3>
<ul>
<li>add test (<a
href="95c7b8f172">95c7b8f</a>)</li>
<li>decode error message (<a
href="1b632a9ad4">1b632a9</a>)</li>
<li>fix assertion test (<a
href="595717facd">595717f</a>)</li>
<li>if default element type of value are setted in slice , raise error
(<a
href="9c250587ea">9c25058</a>)</li>
<li>indirection through nil pointer to embedded struct (<a
href="https://redirect.github.com/zitadel/schema/issues/211">#211</a>)
(<a
href="c3913e416b">c3913e4</a>)</li>
<li>test data (<a
href="2b94d1c4c5">2b94d1c</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="be9af1ca12"><code>be9af1c</code></a>
Merge pull request from GHSA-3669-72x9-r9p3</li>
<li><a
href="c3913e416b"><code>c3913e4</code></a>
fix: indirection through nil pointer to embedded struct (<a
href="https://redirect.github.com/zitadel/schema/issues/211">#211</a>)</li>
<li><a
href="595717facd"><code>595717f</code></a>
fix: fix assertion test</li>
<li><a
href="4fa7028fe7"><code>4fa7028</code></a>
fix delete pointer slice test</li>
<li><a
href="01a72cd29b"><code>01a72cd</code></a>
fix:test: fix comment</li>
<li><a
href="c9e4629f8b"><code>c9e4629</code></a>
fix:test: add assertion</li>
<li><a
href="1b632a9ad4"><code>1b632a9</code></a>
fix: decode error message</li>
<li><a
href="2b94d1c4c5"><code>2b94d1c</code></a>
fix: test data</li>
<li><a
href="95c7b8f172"><code>95c7b8f</code></a>
fix: add test</li>
<li><a
href="9c250587ea"><code>9c25058</code></a>
fix: if default element type of value are setted in slice , raise
error</li>
<li>Additional commits viewable in <a
href="https://github.com/zitadel/schema/compare/v1.3.1...v1.3.2">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/zitadel/schema&package-manager=go_modules&previous-version=1.3.1&new-version=1.3.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-01-06 07:58:35 +01:00
dependabot[bot]
12ffb38e8e chore(deps): bump codecov/codecov-action from 5.5.1 to 5.5.2 (#825) 
Bumps
[codecov/codecov-action](https://github.com/codecov/codecov-action) from
5.5.1 to 5.5.2.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/codecov/codecov-action/releases">codecov/codecov-action's
releases</a>.</em></p>
<blockquote>
<h2>v5.5.2</h2>
<h2>What's Changed</h2>
<ul>
<li>check gpg only when skip-validation = false by <a
href="https://github.com/maxweng-sentry"><code>@​maxweng-sentry</code></a>
in <a
href="https://redirect.github.com/codecov/codecov-action/pull/1894">codecov/codecov-action#1894</a></li>
<li>chore: <code>disable_search</code> alignment by <a
href="https://github.com/freemanzMrojo"><code>@​freemanzMrojo</code></a>
in <a
href="https://redirect.github.com/codecov/codecov-action/pull/1881">codecov/codecov-action#1881</a></li>
<li>chore(release): 5.5.2 by <a
href="https://github.com/thomasrockhu-codecov"><code>@​thomasrockhu-codecov</code></a>
in <a
href="https://redirect.github.com/codecov/codecov-action/pull/1902">codecov/codecov-action#1902</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/maxweng-sentry"><code>@​maxweng-sentry</code></a>
made their first contribution in <a
href="https://redirect.github.com/codecov/codecov-action/pull/1894">codecov/codecov-action#1894</a></li>
<li><a
href="https://github.com/freemanzMrojo"><code>@​freemanzMrojo</code></a>
made their first contribution in <a
href="https://redirect.github.com/codecov/codecov-action/pull/1881">codecov/codecov-action#1881</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/codecov/codecov-action/compare/v5.5.1...v5.5.2">https://github.com/codecov/codecov-action/compare/v5.5.1...v5.5.2</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md">codecov/codecov-action's
changelog</a>.</em></p>
<blockquote>
<h2>v5.5.2</h2>
<h3>What's Changed</h3>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/codecov/codecov-action/compare/v5.5.1..v5.5.2">https://github.com/codecov/codecov-action/compare/v5.5.1..v5.5.2</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="671740ac38"><code>671740a</code></a>
chore(release): 5.5.2 (<a
href="https://redirect.github.com/codecov/codecov-action/issues/1902">#1902</a>)</li>
<li><a
href="96b38e9e60"><code>96b38e9</code></a>
chore: <code>disable_search</code> alignment (<a
href="https://redirect.github.com/codecov/codecov-action/issues/1881">#1881</a>)</li>
<li><a
href="9b6d1f84bd"><code>9b6d1f8</code></a>
check gpg only when skip-validation = false (<a
href="https://redirect.github.com/codecov/codecov-action/issues/1894">#1894</a>)</li>
<li>See full diff in <a
href="https://github.com/codecov/codecov-action/compare/v5.5.1...v5.5.2">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=codecov/codecov-action&package-manager=github_actions&previous-version=5.5.1&new-version=5.5.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-12-16 07:36:38 +01:00
dependabot[bot]
c46a61fdfc chore(deps): bump golang.org/x/text from 0.31.0 to 0.32.0 (#824) 
Bumps [golang.org/x/text](https://github.com/golang/text) from 0.31.0 to
0.32.0.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="0dd57a6ef9"><code>0dd57a6</code></a>
go.mod: update golang.org/x dependencies</li>
<li><a
href="087616b6cd"><code>087616b</code></a>
transform: fix %q verb use with wrong type</li>
<li><a
href="16f85a7ff2"><code>16f85a7</code></a>
all: eliminate vet diagnostics</li>
<li>See full diff in <a
href="https://github.com/golang/text/compare/v0.31.0...v0.32.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=golang.org/x/text&package-manager=go_modules&previous-version=0.31.0&new-version=0.32.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-12-09 09:18:55 +01:00
dependabot[bot]
eb218bed72 chore(deps): bump go.opentelemetry.io/otel/trace from 1.38.0 to 1.39.0 (#823) 
Bumps
[go.opentelemetry.io/otel/trace](https://github.com/open-telemetry/opentelemetry-go)
from 1.38.0 to 1.39.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/open-telemetry/opentelemetry-go/releases">go.opentelemetry.io/otel/trace's
releases</a>.</em></p>
<blockquote>
<h2>v1.39.0</h2>
<h2>Overview</h2>
<h3>Added</h3>
<ul>
<li>Greatly reduce the cost of recording metrics in
<code>go.opentelemetry.io/otel/sdk/metric</code> using hashing for map
keys. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7175">#7175</a>)</li>
<li>Add <code>WithInstrumentationAttributeSet</code> option to
<code>go.opentelemetry.io/otel/log</code>,
<code>go.opentelemetry.io/otel/metric</code>, and
<code>go.opentelemetry.io/otel/trace</code> packages. This provides a
concurrent-safe and performant alternative to
<code>WithInstrumentationAttributes</code> by accepting a
pre-constructed <code>attribute.Set</code>. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7287">#7287</a>)</li>
<li>Add experimental observability for the Prometheus exporter in
<code>go.opentelemetry.io/otel/exporters/prometheus</code>. Check the
<code>go.opentelemetry.io/otel/exporters/prometheus/internal/x</code>
package documentation for more information. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7345">#7345</a>)</li>
<li>Add experimental observability metrics in
<code>go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc</code>.
(<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7353">#7353</a>)</li>
<li>Add temporality selector functions
<code>DeltaTemporalitySelector</code>,
<code>CumulativeTemporalitySelector</code>,
<code>LowMemoryTemporalitySelector</code> to
<code>go.opentelemetry.io/otel/sdk/metric</code>. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7434">#7434</a>)</li>
<li>Add experimental observability metrics for simple log processor in
<code>go.opentelemetry.io/otel/sdk/log</code>. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7548">#7548</a>)</li>
<li>Add experimental observability metrics in
<code>go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc</code>.
(<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7459">#7459</a>)</li>
<li>Add experimental observability metrics in
<code>go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp</code>.
(<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7486">#7486</a>)</li>
<li>Add experimental observability metrics for simple span processor in
<code>go.opentelemetry.io/otel/sdk/trace</code>. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7374">#7374</a>)</li>
<li>Add experimental observability metrics in
<code>go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp</code>.
(<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7512">#7512</a>)</li>
<li>Add experimental observability metrics for manual reader in
<code>go.opentelemetry.io/otel/sdk/metric</code>. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7524">#7524</a>)</li>
<li>Add experimental observability metrics for periodic reader in
<code>go.opentelemetry.io/otel/sdk/metric</code>. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7571">#7571</a>)</li>
<li>Support <code>OTEL_EXPORTER_OTLP_LOGS_INSECURE</code> and
<code>OTEL_EXPORTER_OTLP_INSECURE</code> environmental variables in
<code>go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp</code>.
(<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7608">#7608</a>)</li>
<li>Add <code>Enabled</code> method to the <code>Processor</code>
interface in <code>go.opentelemetry.io/otel/sdk/log</code>. All
<code>Processor</code> implementations now include an
<code>Enabled</code> method. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7639">#7639</a>)</li>
<li>The <code>go.opentelemetry.io/otel/semconv/v1.38.0</code> package.
The package contains semantic conventions from the <code>v1.38.0</code>
version of the OpenTelemetry Semantic Conventions. See the <a
href="https://github.com/open-telemetry/opentelemetry-go/blob/HEAD/semconv/v1.38.0/MIGRATION.md">migration
documentation</a> for information on how to upgrade from
<code>go.opentelemetry.io/otel/semconv/v1.37.0.</code>(<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7648">#7648</a>)</li>
</ul>
<h3>Changed</h3>
<ul>
<li><code>Distinct</code> in
<code>go.opentelemetry.io/otel/attribute</code> is no longer guaranteed
to uniquely identify an attribute set. Collisions between
<code>Distinct</code> values for different Sets are possible with
extremely high cardinality (billions of series per instrument), but are
highly unlikely. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7175">#7175</a>)</li>
<li><code>WithInstrumentationAttributes</code> in
<code>go.opentelemetry.io/otel/trace</code> synchronously de-duplicates
the passed attributes instead of delegating it to the returned
<code>TracerOption</code>. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7266">#7266</a>)</li>
<li><code>WithInstrumentationAttributes</code> in
<code>go.opentelemetry.io/otel/meter</code> synchronously de-duplicates
the passed attributes instead of delegating it to the returned
<code>MeterOption</code>. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7266">#7266</a>)</li>
<li><code>WithInstrumentationAttributes</code> in
<code>go.opentelemetry.io/otel/log</code> synchronously de-duplicates
the passed attributes instead of delegating it to the returned
<code>LoggerOption</code>. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7266">#7266</a>)</li>
<li>Rename the <code>OTEL_GO_X_SELF_OBSERVABILITY</code> environment
variable to <code>OTEL_GO_X_OBSERVABILITY</code> in
<code>go.opentelemetry.io/otel/sdk/trace</code>,
<code>go.opentelemetry.io/otel/sdk/log</code>, and
<code>go.opentelemetry.io/otel/exporters/stdout/stdouttrace</code>. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7302">#7302</a>)</li>
<li>Improve performance of histogram <code>Record</code> in
<code>go.opentelemetry.io/otel/sdk/metric</code> when min and max are
disabled using <code>NoMinMax</code>. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7306">#7306</a>)</li>
<li>Improve error handling for dropped data during translation by using
<code>prometheus.NewInvalidMetric</code> in
<code>go.opentelemetry.io/otel/exporters/prometheus</code>. ⚠️
<strong>Breaking Change:</strong> Previously, these cases were only
logged and scrapes succeeded. Now, when translation would drop data
(e.g., invalid label/value), the exporter emits a
<code>NewInvalidMetric</code>, and Prometheus scrapes <strong>fail with
HTTP 500</strong> by default. To preserve the prior behavior (scrapes
succeed while errors are logged), configure your Prometheus HTTP handler
with: <code>promhttp.HandlerOpts{ ErrorHandling:
promhttp.ContinueOnError }</code>. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7363">#7363</a>)</li>
<li>Replace fnv hash with xxhash in
<code>go.opentelemetry.io/otel/attribute</code> for better performance.
(<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7371">#7371</a>)</li>
<li>The default <code>TranslationStrategy</code> in
<code>go.opentelemetry.io/exporters/prometheus</code> is changed from
<code>otlptranslator.NoUTF8EscapingWithSuffixes</code> to
<code>otlptranslator.UnderscoreEscapingWithSuffixes</code>. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7421">#7421</a>)</li>
<li>Improve performance of concurrent measurements in
<code>go.opentelemetry.io/otel/sdk/metric</code>. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7427">#7427</a>)</li>
<li>Include W3C TraceFlags (bits 0–7) in the OTLP
<code>Span.Flags</code> field in
<code>go.opentelemetry.io/exporters/otlp/otlptrace/otlptracehttp</code>
and
<code>go.opentelemetry.io/exporters/otlp/otlptrace/otlptracegrpc</code>.
(<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7438">#7438</a>)</li>
<li>The <code>ErrorType</code> function in
<code>go.opentelemetry.io/otel/semconv/v1.37.0</code> now handles custom
error types.
If an error implements an <code>ErrorType() string</code> method, the
return value of that method will be used as the error type. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7442">#7442</a>)</li>
</ul>
<h3>Fixed</h3>
<ul>
<li>Fix <code>WithInstrumentationAttributes</code> options in
<code>go.opentelemetry.io/otel/trace</code>,
<code>go.opentelemetry.io/otel/metric</code>, and
<code>go.opentelemetry.io/otel/log</code> to properly merge attributes
when passed multiple times instead of replacing them. Attributes with
duplicate keys will use the last value passed. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7300">#7300</a>)</li>
<li>The equality of <code>attribute.Set</code> when using the
<code>Equal</code> method is not affected by the user overriding the
empty set pointed to by <code>attribute.EmptySet</code> in
<code>go.opentelemetry.io/otel/attribute</code>. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7357">#7357</a>)</li>
<li>Return partial OTLP export errors to the caller in
<code>go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc</code>.
(<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7372">#7372</a>)</li>
<li>Return partial OTLP export errors to the caller in
<code>go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp</code>.
(<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7372">#7372</a>)</li>
<li>Return partial OTLP export errors to the caller in
<code>go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc</code>.
(<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7372">#7372</a>)</li>
<li>Return partial OTLP export errors to the caller in
<code>go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp</code>.
(<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7372">#7372</a>)</li>
<li>Return partial OTLP export errors to the caller in
<code>go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc</code>.
(<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7372">#7372</a>)</li>
<li>Return partial OTLP export errors to the caller in
<code>go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp</code>.
(<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7372">#7372</a>)</li>
<li>Fix <code>AddAttributes</code>, <code>SetAttributes</code>,
<code>SetBody</code> on <code>Record</code> in
<code>go.opentelemetry.io/otel/sdk/log</code> to not mutate input. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7403">#7403</a>)</li>
<li>Do not double record measurements of <code>RecordSet</code> methods
in <code>go.opentelemetry.io/otel/semconv/v1.37.0</code>. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7655">#7655</a>)</li>
<li>Do not double record measurements of <code>RecordSet</code> methods
in <code>go.opentelemetry.io/otel/semconv/v1.36.0</code>. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7656">#7656</a>)</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md">go.opentelemetry.io/otel/trace's
changelog</a>.</em></p>
<blockquote>
<h2>[1.39.0/0.61.0/0.15.0/0.0.14] 2025-12-05</h2>
<h3>Added</h3>
<ul>
<li>Greatly reduce the cost of recording metrics in
<code>go.opentelemetry.io/otel/sdk/metric</code> using hashing for map
keys. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7175">#7175</a>)</li>
<li>Add <code>WithInstrumentationAttributeSet</code> option to
<code>go.opentelemetry.io/otel/log</code>,
<code>go.opentelemetry.io/otel/metric</code>, and
<code>go.opentelemetry.io/otel/trace</code> packages.
This provides a concurrent-safe and performant alternative to
<code>WithInstrumentationAttributes</code> by accepting a
pre-constructed <code>attribute.Set</code>. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7287">#7287</a>)</li>
<li>Add experimental observability for the Prometheus exporter in
<code>go.opentelemetry.io/otel/exporters/prometheus</code>.
Check the
<code>go.opentelemetry.io/otel/exporters/prometheus/internal/x</code>
package documentation for more information. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7345">#7345</a>)</li>
<li>Add experimental observability metrics in
<code>go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc</code>.
(<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7353">#7353</a>)</li>
<li>Add temporality selector functions
<code>DeltaTemporalitySelector</code>,
<code>CumulativeTemporalitySelector</code>,
<code>LowMemoryTemporalitySelector</code> to
<code>go.opentelemetry.io/otel/sdk/metric</code>. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7434">#7434</a>)</li>
<li>Add experimental observability metrics for simple log processor in
<code>go.opentelemetry.io/otel/sdk/log</code>. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7548">#7548</a>)</li>
<li>Add experimental observability metrics in
<code>go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc</code>.
(<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7459">#7459</a>)</li>
<li>Add experimental observability metrics in
<code>go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp</code>.
(<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7486">#7486</a>)</li>
<li>Add experimental observability metrics for simple span processor in
<code>go.opentelemetry.io/otel/sdk/trace</code>. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7374">#7374</a>)</li>
<li>Add experimental observability metrics in
<code>go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp</code>.
(<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7512">#7512</a>)</li>
<li>Add experimental observability metrics for manual reader in
<code>go.opentelemetry.io/otel/sdk/metric</code>. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7524">#7524</a>)</li>
<li>Add experimental observability metrics for periodic reader in
<code>go.opentelemetry.io/otel/sdk/metric</code>. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7571">#7571</a>)</li>
<li>Support <code>OTEL_EXPORTER_OTLP_LOGS_INSECURE</code> and
<code>OTEL_EXPORTER_OTLP_INSECURE</code> environmental variables in
<code>go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp</code>.
(<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7608">#7608</a>)</li>
<li>Add <code>Enabled</code> method to the <code>Processor</code>
interface in <code>go.opentelemetry.io/otel/sdk/log</code>.
All <code>Processor</code> implementations now include an
<code>Enabled</code> method. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7639">#7639</a>)</li>
<li>The <code>go.opentelemetry.io/otel/semconv/v1.38.0</code> package.
The package contains semantic conventions from the <code>v1.38.0</code>
version of the OpenTelemetry Semantic Conventions.
See the <a
href="https://github.com/open-telemetry/opentelemetry-go/blob/main/semconv/v1.38.0/MIGRATION.md">migration
documentation</a> for information on how to upgrade from
<code>go.opentelemetry.io/otel/semconv/v1.37.0.</code>(<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7648">#7648</a>)</li>
</ul>
<h3>Changed</h3>
<ul>
<li><code>Distinct</code> in
<code>go.opentelemetry.io/otel/attribute</code> is no longer guaranteed
to uniquely identify an attribute set.
Collisions between <code>Distinct</code> values for different Sets are
possible with extremely high cardinality (billions of series per
instrument), but are highly unlikely. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7175">#7175</a>)</li>
<li><code>WithInstrumentationAttributes</code> in
<code>go.opentelemetry.io/otel/trace</code> synchronously de-duplicates
the passed attributes instead of delegating it to the returned
<code>TracerOption</code>. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7266">#7266</a>)</li>
<li><code>WithInstrumentationAttributes</code> in
<code>go.opentelemetry.io/otel/meter</code> synchronously de-duplicates
the passed attributes instead of delegating it to the returned
<code>MeterOption</code>. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7266">#7266</a>)</li>
<li><code>WithInstrumentationAttributes</code> in
<code>go.opentelemetry.io/otel/log</code> synchronously de-duplicates
the passed attributes instead of delegating it to the returned
<code>LoggerOption</code>. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7266">#7266</a>)</li>
<li>Rename the <code>OTEL_GO_X_SELF_OBSERVABILITY</code> environment
variable to <code>OTEL_GO_X_OBSERVABILITY</code> in
<code>go.opentelemetry.io/otel/sdk/trace</code>,
<code>go.opentelemetry.io/otel/sdk/log</code>, and
<code>go.opentelemetry.io/otel/exporters/stdout/stdouttrace</code>. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7302">#7302</a>)</li>
<li>Improve performance of histogram <code>Record</code> in
<code>go.opentelemetry.io/otel/sdk/metric</code> when min and max are
disabled using <code>NoMinMax</code>. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7306">#7306</a>)</li>
<li>Improve error handling for dropped data during translation by using
<code>prometheus.NewInvalidMetric</code> in
<code>go.opentelemetry.io/otel/exporters/prometheus</code>.
⚠️ <strong>Breaking Change:</strong> Previously, these cases were only
logged and scrapes succeeded.
Now, when translation would drop data (e.g., invalid label/value), the
exporter emits a <code>NewInvalidMetric</code>, and Prometheus scrapes
<strong>fail with HTTP 500</strong> by default.
To preserve the prior behavior (scrapes succeed while errors are
logged), configure your Prometheus HTTP handler with:
<code>promhttp.HandlerOpts{ ErrorHandling: promhttp.ContinueOnError
}</code>. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7363">#7363</a>)</li>
<li>Replace fnv hash with xxhash in
<code>go.opentelemetry.io/otel/attribute</code> for better performance.
(<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7371">#7371</a>)</li>
<li>The default <code>TranslationStrategy</code> in
<code>go.opentelemetry.io/exporters/prometheus</code> is changed from
<code>otlptranslator.NoUTF8EscapingWithSuffixes</code> to
<code>otlptranslator.UnderscoreEscapingWithSuffixes</code>. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7421">#7421</a>)</li>
<li>Improve performance of concurrent measurements in
<code>go.opentelemetry.io/otel/sdk/metric</code>. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7427">#7427</a>)</li>
<li>Include W3C TraceFlags (bits 0–7) in the OTLP
<code>Span.Flags</code> field in
<code>go.opentelemetry.io/exporters/otlp/otlptrace/otlptracehttp</code>
and
<code>go.opentelemetry.io/exporters/otlp/otlptrace/otlptracegrpc</code>.
(<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7438">#7438</a>)</li>
<li>The <code>ErrorType</code> function in
<code>go.opentelemetry.io/otel/semconv/v1.37.0</code> now handles custom
error types.
If an error implements an <code>ErrorType() string</code> method, the
return value of that method will be used as the error type. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7442">#7442</a>)</li>
</ul>
<h3>Fixed</h3>
<ul>
<li>Fix <code>WithInstrumentationAttributes</code> options in
<code>go.opentelemetry.io/otel/trace</code>,
<code>go.opentelemetry.io/otel/metric</code>, and
<code>go.opentelemetry.io/otel/log</code> to properly merge attributes
when passed multiple times instead of replacing them.
Attributes with duplicate keys will use the last value passed. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7300">#7300</a>)</li>
<li>The equality of <code>attribute.Set</code> when using the
<code>Equal</code> method is not affected by the user overriding the
empty set pointed to by <code>attribute.EmptySet</code> in
<code>go.opentelemetry.io/otel/attribute</code>. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7357">#7357</a>)</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="6ce14298b9"><code>6ce1429</code></a>
Release v1.39.0 (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7676">#7676</a>)</li>
<li><a
href="12e421a706"><code>12e421a</code></a>
sdk/log: move Enabled method from FilterProcessor to Processor (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7639">#7639</a>)</li>
<li><a
href="5982f16d24"><code>5982f16</code></a>
fix(deps): update module golang.org/x/sys to v0.39.0 (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7684">#7684</a>)</li>
<li><a
href="928837830d"><code>9288378</code></a>
chore(deps): update module golang.org/x/sync to v0.19.0 (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7683">#7683</a>)</li>
<li><a
href="ee3dfef45d"><code>ee3dfef</code></a>
chore(deps): update github.com/securego/gosec/v2 digest to 41f28e2 (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7682">#7682</a>)</li>
<li><a
href="9345d1f64d"><code>9345d1f</code></a>
fix(deps): update module github.com/golangci/golangci-lint/v2 to v2.7.2
(<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7680">#7680</a>)</li>
<li><a
href="d03b03395d"><code>d03b033</code></a>
Check context prior to delaying retry in OTLP exporters (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7678">#7678</a>)</li>
<li><a
href="61765e78a6"><code>61765e7</code></a>
Fix flaky <code>TestClientInstrumentation</code> (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7677">#7677</a>)</li>
<li><a
href="a54721cc80"><code>a54721c</code></a>
chore(deps): update module github.com/go-git/go-billy/v5 to v5.7.0 (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7679">#7679</a>)</li>
<li><a
href="746d0860d7"><code>746d086</code></a>
chore(deps): update github/codeql-action action to v4.31.7 (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7675">#7675</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/open-telemetry/opentelemetry-go/compare/v1.38.0...v1.39.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=go.opentelemetry.io/otel/trace&package-manager=go_modules&previous-version=1.38.0&new-version=1.39.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-12-09 09:16:07 +01:00
dependabot[bot]
3f12974031 chore(deps): bump golang.org/x/oauth2 from 0.33.0 to 0.34.0 (#822) 
Bumps [golang.org/x/oauth2](https://github.com/golang/oauth2) from
0.33.0 to 0.34.0.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="acc38155b7"><code>acc3815</code></a>
endpoints: fix %q verb use with wrong type</li>
<li>See full diff in <a
href="https://github.com/golang/oauth2/compare/v0.33.0...v0.34.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=golang.org/x/oauth2&package-manager=go_modules&previous-version=0.33.0&new-version=0.34.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-12-09 09:13:17 +01:00
Jacques Dafflon
a3f34289fa fix(rp): don't ignore JWKS parsing errors (#771) 
This safely ignores unknown key type errors on JWKS while returning all
other errors. Returned errors are wrap to easily identify which key in
the set is problematic if any.

Jose v4.0.3 was handling this correctly according to spec, but it was
reverted in v4.0.4 as the implementation was a breaking change due to
the custom UnmarshalJSON on the key set. For details see:
- https://github.com/go-jose/go-jose/issues/136
- https://github.com/go-jose/go-jose/pull/137

Jose v4.0.4 also provided a handy static error to check for unknown web
key types. Sadly this was removed: a prefix match on the error message
is the best option until Jose improves it's error handling.

Hopefully, Jose will not change the error message in a patch or minor
version release. But just in case, test cases have been added to detect
it.

Closes #541

### Definition of Ready

- [x] I am happy with the code
- [x] Short description of the feature/issue is added in the pr
description
- [x] PR is linked to the corresponding user story
- [ ] Acceptance criteria are met
- [ ] All open todos and follow ups are defined in a new ticket and
justified
- [ ] Deviations from the acceptance criteria and design are agreed with
the PO and documented.
- [x] No debug or dead code
- [x] My code has no repetitions
- [x] Critical parts are tested automatically
- [x] Where possible E2E tests are implemented
- [x] Documentation/examples are up-to-date
- [x] All non-functional requirements are met
- [ ] Functionality of the acceptance criteria is checked manually on
the dev system.

Co-authored-by: Wim Van Laer <wim07101993@users.noreply.github.com>
v3.45.1 		2025-12-03 11:46:51 +01:00
dependabot[bot]
0fb4397c45 chore(deps): bump golang.org/x/text from 0.30.0 to 0.31.0 (#812) 
Bumps [golang.org/x/text](https://github.com/golang/text) from 0.30.0 to
0.31.0.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="e7ff6b3572"><code>e7ff6b3</code></a>
go.mod: update golang.org/x dependencies</li>
<li><a
href="fbf012b8c1"><code>fbf012b</code></a>
all: use reflect.TypeFor instead of reflect.TypeOf</li>
<li>See full diff in <a
href="https://github.com/golang/text/compare/v0.30.0...v0.31.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=golang.org/x/text&package-manager=go_modules&previous-version=0.30.0&new-version=0.31.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Wim Van Laer <wim07101993@users.noreply.github.com>
 2025-11-27 11:24:02 +00:00
dependabot[bot]
442670a864 chore(deps): bump golang.org/x/crypto from 0.36.0 to 0.45.0 in the go_modules group across 1 directory (#816) 
Bumps the go_modules group with 1 update in the / directory:
[golang.org/x/crypto](https://github.com/golang/crypto).

Updates `golang.org/x/crypto` from 0.36.0 to 0.45.0
<details>
<summary>Commits</summary>
<ul>
<li><a
href="4e0068c009"><code>4e0068c</code></a>
go.mod: update golang.org/x dependencies</li>
<li><a
href="e79546e28b"><code>e79546e</code></a>
ssh: curb GSSAPI DoS risk by limiting number of specified OIDs</li>
<li><a
href="f91f7a7c31"><code>f91f7a7</code></a>
ssh/agent: prevent panic on malformed constraint</li>
<li><a
href="2df4153a03"><code>2df4153</code></a>
acme/autocert: let automatic renewal work with short lifetime certs</li>
<li><a
href="bcf6a849ef"><code>bcf6a84</code></a>
acme: pass context to request</li>
<li><a
href="b4f2b62076"><code>b4f2b62</code></a>
ssh: fix error message on unsupported cipher</li>
<li><a
href="79ec3a51fc"><code>79ec3a5</code></a>
ssh: allow to bind to a hostname in remote forwarding</li>
<li><a
href="122a78f140"><code>122a78f</code></a>
go.mod: update golang.org/x dependencies</li>
<li><a
href="c0531f9c34"><code>c0531f9</code></a>
all: eliminate vet diagnostics</li>
<li><a
href="0997000b45"><code>0997000</code></a>
all: fix some comments</li>
<li>Additional commits viewable in <a
href="https://github.com/golang/crypto/compare/v0.36.0...v0.45.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=golang.org/x/crypto&package-manager=go_modules&previous-version=0.36.0&new-version=0.45.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions
You can disable automated security fix PRs for this repo from the
[Security Alerts page](https://github.com/zitadel/oidc/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Wim Van Laer <wim07101993@users.noreply.github.com>
 2025-11-27 12:22:39 +01:00
dependabot[bot]
6171d0330b chore(deps): bump actions/setup-go from 5 to 6 (#800) 
Bumps [actions/setup-go](https://github.com/actions/setup-go) from 5 to
6.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/setup-go/releases">actions/setup-go's
releases</a>.</em></p>
<blockquote>
<h2>v6.0.0</h2>
<h2>What's Changed</h2>
<h3>Breaking Changes</h3>
<ul>
<li>Improve toolchain handling to ensure more reliable and consistent
toolchain selection and management by <a
href="https://github.com/matthewhughes934"><code>@​matthewhughes934</code></a>
in <a
href="https://redirect.github.com/actions/setup-go/pull/460">actions/setup-go#460</a></li>
<li>Upgrade Nodejs runtime from node20 to node 24 by <a
href="https://github.com/salmanmkc"><code>@​salmanmkc</code></a> in <a
href="https://redirect.github.com/actions/setup-go/pull/624">actions/setup-go#624</a></li>
</ul>
<p>Make sure your runner is on version v2.327.1 or later to ensure
compatibility with this release. <a
href="https://github.com/actions/runner/releases/tag/v2.327.1">See
Release Notes</a></p>
<h3>Dependency Upgrades</h3>
<ul>
<li>Upgrade <code>@​types/jest</code> from 29.5.12 to 29.5.14 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/actions/setup-go/pull/589">actions/setup-go#589</a></li>
<li>Upgrade <code>@​actions/tool-cache</code> from 2.0.1 to 2.0.2 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/actions/setup-go/pull/591">actions/setup-go#591</a></li>
<li>Upgrade <code>@​typescript-eslint/parser</code> from 8.31.1 to
8.35.1 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/actions/setup-go/pull/590">actions/setup-go#590</a></li>
<li>Upgrade undici from 5.28.5 to 5.29.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/actions/setup-go/pull/594">actions/setup-go#594</a></li>
<li>Upgrade typescript from 5.4.2 to 5.8.3 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/actions/setup-go/pull/538">actions/setup-go#538</a></li>
<li>Upgrade eslint-plugin-jest from 28.11.0 to 29.0.1 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/actions/setup-go/pull/603">actions/setup-go#603</a></li>
<li>Upgrade <code>form-data</code> to bring in fix for critical
vulnerability by <a
href="https://github.com/matthewhughes934"><code>@​matthewhughes934</code></a>
in <a
href="https://redirect.github.com/actions/setup-go/pull/618">actions/setup-go#618</a></li>
<li>Upgrade actions/checkout from 4 to 5 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/actions/setup-go/pull/631">actions/setup-go#631</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/matthewhughes934"><code>@​matthewhughes934</code></a>
made their first contribution in <a
href="https://redirect.github.com/actions/setup-go/pull/618">actions/setup-go#618</a></li>
<li><a href="https://github.com/salmanmkc"><code>@​salmanmkc</code></a>
made their first contribution in <a
href="https://redirect.github.com/actions/setup-go/pull/624">actions/setup-go#624</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/setup-go/compare/v5...v6.0.0">https://github.com/actions/setup-go/compare/v5...v6.0.0</a></p>
<h2>v5.5.0</h2>
<h2>What's Changed</h2>
<h3>Bug fixes:</h3>
<ul>
<li>Update self-hosted environment validation by <a
href="https://github.com/priyagupta108"><code>@​priyagupta108</code></a>
in <a
href="https://redirect.github.com/actions/setup-go/pull/556">actions/setup-go#556</a></li>
<li>Add manifest validation and improve error handling by <a
href="https://github.com/priyagupta108"><code>@​priyagupta108</code></a>
in <a
href="https://redirect.github.com/actions/setup-go/pull/586">actions/setup-go#586</a></li>
<li>Update template link by <a
href="https://github.com/jsoref"><code>@​jsoref</code></a> in <a
href="https://redirect.github.com/actions/setup-go/pull/527">actions/setup-go#527</a></li>
</ul>
<h3>Dependency  updates:</h3>
<ul>
<li>Upgrade <code>@​action/cache</code> from 4.0.2 to 4.0.3 by <a
href="https://github.com/aparnajyothi-y"><code>@​aparnajyothi-y</code></a>
in <a
href="https://redirect.github.com/actions/setup-go/pull/574">actions/setup-go#574</a></li>
<li>Upgrade <code>@​actions/glob</code> from 0.4.0 to 0.5.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/actions/setup-go/pull/573">actions/setup-go#573</a></li>
<li>Upgrade ts-jest from 29.1.2 to 29.3.2 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/actions/setup-go/pull/582">actions/setup-go#582</a></li>
<li>Upgrade eslint-plugin-jest from 27.9.0 to 28.11.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/actions/setup-go/pull/537">actions/setup-go#537</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/jsoref"><code>@​jsoref</code></a> made
their first contribution in <a
href="https://redirect.github.com/actions/setup-go/pull/527">actions/setup-go#527</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/setup-go/compare/v5...v5.5.0">https://github.com/actions/setup-go/compare/v5...v5.5.0</a></p>
<h2>v5.4.0</h2>
<h2>What's Changed</h2>
<h3>Dependency updates :</h3>
<ul>
<li>Upgrade semver from 7.6.0 to 7.6.3 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/actions/setup-go/pull/535">actions/setup-go#535</a></li>
<li>Upgrade eslint-config-prettier from 8.10.0 to 10.0.1 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/actions/setup-go/pull/536">actions/setup-go#536</a></li>
<li>Upgrade <code>@​action/cache</code> from 4.0.0 to 4.0.2 by <a
href="https://github.com/aparnajyothi-y"><code>@​aparnajyothi-y</code></a>
in <a
href="https://redirect.github.com/actions/setup-go/pull/568">actions/setup-go#568</a></li>
<li>Upgrade undici from 5.28.4 to 5.28.5 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/actions/setup-go/pull/541">actions/setup-go#541</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="4469467582"><code>4469467</code></a>
Bump actions/checkout from 4 to 5 (<a
href="https://redirect.github.com/actions/setup-go/issues/631">#631</a>)</li>
<li><a
href="e093d1e9bb"><code>e093d1e</code></a>
Node 24 upgrade (<a
href="https://redirect.github.com/actions/setup-go/issues/624">#624</a>)</li>
<li><a
href="1d76b952eb"><code>1d76b95</code></a>
Improve toolchain handling (<a
href="https://redirect.github.com/actions/setup-go/issues/460">#460</a>)</li>
<li><a
href="e75c3e80bc"><code>e75c3e8</code></a>
Bump <code>form-data</code> to bring in fix for critical vulnerability
(<a
href="https://redirect.github.com/actions/setup-go/issues/618">#618</a>)</li>
<li><a
href="8e57b58e57"><code>8e57b58</code></a>
Bump eslint-plugin-jest from 28.11.0 to 29.0.1 (<a
href="https://redirect.github.com/actions/setup-go/issues/603">#603</a>)</li>
<li><a
href="7c0b336c9a"><code>7c0b336</code></a>
Bump typescript from 5.4.2 to 5.8.3 (<a
href="https://redirect.github.com/actions/setup-go/issues/538">#538</a>)</li>
<li><a
href="6f26dcc668"><code>6f26dcc</code></a>
Bump undici from 5.28.5 to 5.29.0 (<a
href="https://redirect.github.com/actions/setup-go/issues/594">#594</a>)</li>
<li><a
href="8d4083a006"><code>8d4083a</code></a>
Bump <code>@​typescript-eslint/parser</code> from 5.62.0 to 8.32.0 (<a
href="https://redirect.github.com/actions/setup-go/issues/590">#590</a>)</li>
<li><a
href="fa96338abe"><code>fa96338</code></a>
Bump <code>@​actions/tool-cache</code> from 2.0.1 to 2.0.2 (<a
href="https://redirect.github.com/actions/setup-go/issues/591">#591</a>)</li>
<li><a
href="4de67c04ab"><code>4de67c0</code></a>
Bump <code>@​types/jest</code> from 29.5.12 to 29.5.14 (<a
href="https://redirect.github.com/actions/setup-go/issues/589">#589</a>)</li>
<li>See full diff in <a
href="https://github.com/actions/setup-go/compare/v5...v6">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/setup-go&package-manager=github_actions&previous-version=5&new-version=6)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

You can trigger a rebase of this PR by commenting `@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

> **Note**
> Automatic rebases have been disabled on this pull request as it has
been open for over 30 days.

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Tim Möhlmann <tim+github@zitadel.com>
Co-authored-by: Wim Van Laer <wim07101993@users.noreply.github.com>
 2025-11-27 11:17:15 +00:00
dependabot[bot]
3254cbb438 chore(deps): bump cycjimmy/semantic-release-action from 5 to 6 (#814) 
Bumps
[cycjimmy/semantic-release-action](https://github.com/cycjimmy/semantic-release-action)
from 5 to 6.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/cycjimmy/semantic-release-action/releases">cycjimmy/semantic-release-action's
releases</a>.</em></p>
<blockquote>
<h2>v6.0.0</h2>
<h1><a
href="https://github.com/cycjimmy/semantic-release-action/compare/v5.0.2...v6.0.0">6.0.0</a>
(2025-11-17)</h1>
<h3>Features</h3>
<ul>
<li><strong>deps:</strong> update semantic-release to version 25 (<a
href="9246c0bd17">9246c0b</a>)</li>
</ul>
<h3>BREAKING CHANGES</h3>
<ul>
<li><strong>deps:</strong> Update semantic-release to version 25</li>
</ul>
<h2>v5.0.2</h2>
<h2><a
href="https://github.com/cycjimmy/semantic-release-action/compare/v5.0.1...v5.0.2">5.0.2</a>
(2025-10-10)</h2>
<h3>Bug Fixes</h3>
<ul>
<li>further fix of result handling in windUpJob.task.js (<a
href="451bf1fa96">451bf1f</a>),
closes <a
href="https://redirect.github.com/cycjimmy/semantic-release-action/issues/264">#264</a></li>
</ul>
<h2>v5.0.1</h2>
<h2><a
href="https://github.com/cycjimmy/semantic-release-action/compare/v5.0.0...v5.0.1">5.0.1</a>
(2025-10-09)</h2>
<h3>Bug Fixes</h3>
<ul>
<li>improves result handling in windUpJob.task.js (<a
href="4267eee560">4267eee</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/cycjimmy/semantic-release-action/blob/main/docs/CHANGELOG.md">cycjimmy/semantic-release-action's
changelog</a>.</em></p>
<blockquote>
<h2><a
href="https://github.com/cycjimmy/semantic-release-action/compare/v4.1.0...v4.1.1">4.1.1</a>
(2024-09-25)</h2>
<h3>Bug Fixes</h3>
<ul>
<li>default use semantic-release@24 (<a
href="c22487b442">c22487b</a>)</li>
</ul>
<h1><a
href="https://github.com/cycjimmy/semantic-release-action/compare/v4.0.0...v4.1.0">4.1.0</a>
(2024-03-19)</h1>
<h3>Bug Fixes</h3>
<ul>
<li>fix syntax error for importing (<a
href="42976755bc">4297675</a>)</li>
</ul>
<h3>Features</h3>
<ul>
<li>add repository_url input (<a
href="8dffec4efa">8dffec4</a>)</li>
</ul>
<h1><a
href="https://github.com/cycjimmy/semantic-release-action/compare/v3.4.2...v4.0.0">4.0.0</a>
(2023-08-31)</h1>
<h3>Features</h3>
<ul>
<li>update node version on runner to 20 (<a
href="0c2055456e">0c20554</a>)</li>
</ul>
<h3>BREAKING CHANGES</h3>
<ul>
<li>set the default node version to 20</li>
</ul>
<h2><a
href="https://github.com/cycjimmy/semantic-release-action/compare/v3.4.1...v3.4.2">3.4.2</a>
(2023-03-30)</h2>
<h3>Bug Fixes</h3>
<ul>
<li>fix installation error for npm-audit (<a
href="86a0e59803">86a0e59</a>),
closes <a
href="https://redirect.github.com/cycjimmy/semantic-release-action/issues/159">#159</a></li>
</ul>
<h2><a
href="https://github.com/cycjimmy/semantic-release-action/compare/v3.4.0...v3.4.1">3.4.1</a>
(2023-03-30)</h2>
<h3>Bug Fixes</h3>
<ul>
<li><strong>windUpJob:</strong> set last_release outputs before
returning (<a
href="91e3dc6dcc">91e3dc6</a>)</li>
</ul>
<h1><a
href="https://github.com/cycjimmy/semantic-release-action/compare/v3.3.0...v3.4.0">3.4.0</a>
(2023-03-15)</h1>
<h3>Features</h3>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="b12c8f6015"><code>b12c8f6</code></a>
chore(release): 6.0.0 [skip ci]</li>
<li><a
href="f80bc73384"><code>f80bc73</code></a>
Merge pull request <a
href="https://redirect.github.com/cycjimmy/semantic-release-action/issues/273">#273</a>
from cycjimmy/feat-update-semantic-release-to-version-25</li>
<li><a
href="089129701b"><code>0891297</code></a>
docs(readme): update semantic-release-action to v6</li>
<li><a
href="9246c0bd17"><code>9246c0b</code></a>
feat(deps): update semantic-release to version 25</li>
<li><a
href="e878abf189"><code>e878abf</code></a>
Merge pull request <a
href="https://redirect.github.com/cycjimmy/semantic-release-action/issues/272">#272</a>
from cycjimmy/dependabot/npm_and_yarn/js-yaml-4.1.1</li>
<li><a
href="acd6d5df2b"><code>acd6d5d</code></a>
build(deps): bump js-yaml from 4.1.0 to 4.1.1</li>
<li><a
href="100d1fb3a3"><code>100d1fb</code></a>
Merge pull request <a
href="https://redirect.github.com/cycjimmy/semantic-release-action/issues/270">#270</a>
from cycjimmy/dependabot/npm_and_yarn/actions/io-2.0.0</li>
<li><a
href="ea00aee834"><code>ea00aee</code></a>
build(deps): bump <code>@​actions/io</code> from 1.1.3 to 2.0.0</li>
<li><a
href="e03fa181e1"><code>e03fa18</code></a>
Merge pull request <a
href="https://redirect.github.com/cycjimmy/semantic-release-action/issues/266">#266</a>
from cycjimmy/dependabot/github_actions/actions/setup...</li>
<li><a
href="36bdefbcf6"><code>36bdefb</code></a>
build(deps): bump actions/setup-node from 5 to 6</li>
<li>See full diff in <a
href="https://github.com/cycjimmy/semantic-release-action/compare/v5...v6">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=cycjimmy/semantic-release-action&package-manager=github_actions&previous-version=5&new-version=6)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-11-27 11:11:40 +00:00
dependabot[bot]
44e39ee489 chore(deps): bump actions/checkout from 5 to 6 (#817) 
Bumps [actions/checkout](https://github.com/actions/checkout) from 5 to
6.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/checkout/releases">actions/checkout's
releases</a>.</em></p>
<blockquote>
<h2>v6.0.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Update README to include Node.js 24 support details and requirements
by <a href="https://github.com/salmanmkc"><code>@​salmanmkc</code></a>
in <a
href="https://redirect.github.com/actions/checkout/pull/2248">actions/checkout#2248</a></li>
<li>Persist creds to a separate file by <a
href="https://github.com/ericsciple"><code>@​ericsciple</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2286">actions/checkout#2286</a></li>
<li>v6-beta by <a
href="https://github.com/ericsciple"><code>@​ericsciple</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2298">actions/checkout#2298</a></li>
<li>update readme/changelog for v6 by <a
href="https://github.com/ericsciple"><code>@​ericsciple</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2311">actions/checkout#2311</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/checkout/compare/v5.0.0...v6.0.0">https://github.com/actions/checkout/compare/v5.0.0...v6.0.0</a></p>
<h2>v6-beta</h2>
<h2>What's Changed</h2>
<p>Updated persist-credentials to store the credentials under
<code>$RUNNER_TEMP</code> instead of directly in the local git
config.</p>
<p>This requires a minimum Actions Runner version of <a
href="https://github.com/actions/runner/releases/tag/v2.329.0">v2.329.0</a>
to access the persisted credentials for <a
href="https://docs.github.com/en/actions/tutorials/use-containerized-services/create-a-docker-container-action">Docker
container action</a> scenarios.</p>
<h2>v5.0.1</h2>
<h2>What's Changed</h2>
<ul>
<li>Port v6 cleanup to v5 by <a
href="https://github.com/ericsciple"><code>@​ericsciple</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2301">actions/checkout#2301</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/checkout/compare/v5...v5.0.1">https://github.com/actions/checkout/compare/v5...v5.0.1</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/actions/checkout/blob/main/CHANGELOG.md">actions/checkout's
changelog</a>.</em></p>
<blockquote>
<h1>Changelog</h1>
<h2>V6.0.0</h2>
<ul>
<li>Persist creds to a separate file by <a
href="https://github.com/ericsciple"><code>@​ericsciple</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2286">actions/checkout#2286</a></li>
<li>Update README to include Node.js 24 support details and requirements
by <a href="https://github.com/salmanmkc"><code>@​salmanmkc</code></a>
in <a
href="https://redirect.github.com/actions/checkout/pull/2248">actions/checkout#2248</a></li>
</ul>
<h2>V5.0.1</h2>
<ul>
<li>Port v6 cleanup to v5 by <a
href="https://github.com/ericsciple"><code>@​ericsciple</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2301">actions/checkout#2301</a></li>
</ul>
<h2>V5.0.0</h2>
<ul>
<li>Update actions checkout to use node 24 by <a
href="https://github.com/salmanmkc"><code>@​salmanmkc</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2226">actions/checkout#2226</a></li>
</ul>
<h2>V4.3.1</h2>
<ul>
<li>Port v6 cleanup to v4 by <a
href="https://github.com/ericsciple"><code>@​ericsciple</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2305">actions/checkout#2305</a></li>
</ul>
<h2>V4.3.0</h2>
<ul>
<li>docs: update README.md by <a
href="https://github.com/motss"><code>@​motss</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1971">actions/checkout#1971</a></li>
<li>Add internal repos for checking out multiple repositories by <a
href="https://github.com/mouismail"><code>@​mouismail</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1977">actions/checkout#1977</a></li>
<li>Documentation update - add recommended permissions to Readme by <a
href="https://github.com/benwells"><code>@​benwells</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2043">actions/checkout#2043</a></li>
<li>Adjust positioning of user email note and permissions heading by <a
href="https://github.com/joshmgross"><code>@​joshmgross</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2044">actions/checkout#2044</a></li>
<li>Update README.md by <a
href="https://github.com/nebuk89"><code>@​nebuk89</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2194">actions/checkout#2194</a></li>
<li>Update CODEOWNERS for actions by <a
href="https://github.com/TingluoHuang"><code>@​TingluoHuang</code></a>
in <a
href="https://redirect.github.com/actions/checkout/pull/2224">actions/checkout#2224</a></li>
<li>Update package dependencies by <a
href="https://github.com/salmanmkc"><code>@​salmanmkc</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2236">actions/checkout#2236</a></li>
</ul>
<h2>v4.2.2</h2>
<ul>
<li><code>url-helper.ts</code> now leverages well-known environment
variables by <a href="https://github.com/jww3"><code>@​jww3</code></a>
in <a
href="https://redirect.github.com/actions/checkout/pull/1941">actions/checkout#1941</a></li>
<li>Expand unit test coverage for <code>isGhes</code> by <a
href="https://github.com/jww3"><code>@​jww3</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1946">actions/checkout#1946</a></li>
</ul>
<h2>v4.2.1</h2>
<ul>
<li>Check out other refs/* by commit if provided, fall back to ref by <a
href="https://github.com/orhantoy"><code>@​orhantoy</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1924">actions/checkout#1924</a></li>
</ul>
<h2>v4.2.0</h2>
<ul>
<li>Add Ref and Commit outputs by <a
href="https://github.com/lucacome"><code>@​lucacome</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1180">actions/checkout#1180</a></li>
<li>Dependency updates by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>- <a
href="https://redirect.github.com/actions/checkout/pull/1777">actions/checkout#1777</a>,
<a
href="https://redirect.github.com/actions/checkout/pull/1872">actions/checkout#1872</a></li>
</ul>
<h2>v4.1.7</h2>
<ul>
<li>Bump the minor-npm-dependencies group across 1 directory with 4
updates by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1739">actions/checkout#1739</a></li>
<li>Bump actions/checkout from 3 to 4 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1697">actions/checkout#1697</a></li>
<li>Check out other refs/* by commit by <a
href="https://github.com/orhantoy"><code>@​orhantoy</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1774">actions/checkout#1774</a></li>
<li>Pin actions/checkout's own workflows to a known, good, stable
version. by <a href="https://github.com/jww3"><code>@​jww3</code></a> in
<a
href="https://redirect.github.com/actions/checkout/pull/1776">actions/checkout#1776</a></li>
</ul>
<h2>v4.1.6</h2>
<ul>
<li>Check platform to set archive extension appropriately by <a
href="https://github.com/cory-miller"><code>@​cory-miller</code></a> in
<a
href="https://redirect.github.com/actions/checkout/pull/1732">actions/checkout#1732</a></li>
</ul>
<h2>v4.1.5</h2>
<ul>
<li>Update NPM dependencies by <a
href="https://github.com/cory-miller"><code>@​cory-miller</code></a> in
<a
href="https://redirect.github.com/actions/checkout/pull/1703">actions/checkout#1703</a></li>
<li>Bump github/codeql-action from 2 to 3 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1694">actions/checkout#1694</a></li>
<li>Bump actions/setup-node from 1 to 4 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1696">actions/checkout#1696</a></li>
<li>Bump actions/upload-artifact from 2 to 4 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1695">actions/checkout#1695</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="1af3b93b68"><code>1af3b93</code></a>
update readme/changelog for v6 (<a
href="https://redirect.github.com/actions/checkout/issues/2311">#2311</a>)</li>
<li><a
href="71cf2267d8"><code>71cf226</code></a>
v6-beta (<a
href="https://redirect.github.com/actions/checkout/issues/2298">#2298</a>)</li>
<li><a
href="069c695914"><code>069c695</code></a>
Persist creds to a separate file (<a
href="https://redirect.github.com/actions/checkout/issues/2286">#2286</a>)</li>
<li><a
href="ff7abcd0c3"><code>ff7abcd</code></a>
Update README to include Node.js 24 support details and requirements (<a
href="https://redirect.github.com/actions/checkout/issues/2248">#2248</a>)</li>
<li>See full diff in <a
href="https://github.com/actions/checkout/compare/v5...v6">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/checkout&package-manager=github_actions&previous-version=5&new-version=6)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-11-27 12:10:11 +01:00
dependabot[bot]
6373a0e5bd chore(deps): bump golang.org/x/oauth2 from 0.32.0 to 0.33.0 (#811) 
Bumps [golang.org/x/oauth2](https://github.com/golang/oauth2) from
0.32.0 to 0.33.0.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="f28b0b5467"><code>f28b0b5</code></a>
all: fix some comments</li>
<li><a
href="fd15e0fe89"><code>fd15e0f</code></a>
x/oauth2: populate RetrieveError from DeviceAuth</li>
<li>See full diff in <a
href="https://github.com/golang/oauth2/compare/v0.32.0...v0.33.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=golang.org/x/oauth2&package-manager=go_modules&previous-version=0.32.0&new-version=0.33.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-11-11 10:47:16 +01:00
dependabot[bot]
0c355453ad chore(deps): bump github/codeql-action from 3 to 4 (#807) 
Bumps [github/codeql-action](https://github.com/github/codeql-action)
from 3 to 4.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/releases">github/codeql-action's
releases</a>.</em></p>
<blockquote>
<h2>v3.30.8</h2>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<h2>3.30.8 - 10 Oct 2025</h2>
<p>No user facing changes.</p>
<p>See the full <a
href="https://github.com/github/codeql-action/blob/v3.30.8/CHANGELOG.md">CHANGELOG.md</a>
for more information.</p>
<h2>v3.30.7</h2>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<h2>3.30.7 - 06 Oct 2025</h2>
<p>No user facing changes.</p>
<p>See the full <a
href="https://github.com/github/codeql-action/blob/v3.30.7/CHANGELOG.md">CHANGELOG.md</a>
for more information.</p>
<h2>v3.30.6</h2>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<h2>3.30.6 - 02 Oct 2025</h2>
<ul>
<li>Update default CodeQL bundle version to 2.23.2. <a
href="https://redirect.github.com/github/codeql-action/pull/3168">#3168</a></li>
</ul>
<p>See the full <a
href="https://github.com/github/codeql-action/blob/v3.30.6/CHANGELOG.md">CHANGELOG.md</a>
for more information.</p>
<h2>v3.30.5</h2>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<h2>3.30.5 - 26 Sep 2025</h2>
<ul>
<li>We fixed a bug that was introduced in <code>3.30.4</code> with
<code>upload-sarif</code> which resulted in files without a
<code>.sarif</code> extension not getting uploaded. <a
href="https://redirect.github.com/github/codeql-action/pull/3160">#3160</a></li>
</ul>
<p>See the full <a
href="https://github.com/github/codeql-action/blob/v3.30.5/CHANGELOG.md">CHANGELOG.md</a>
for more information.</p>
<h2>v3.30.4</h2>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<h2>3.30.4 - 25 Sep 2025</h2>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's
changelog</a>.</em></p>
<blockquote>
<h2>3.29.4 - 23 Jul 2025</h2>
<p>No user facing changes.</p>
<h2>3.29.3 - 21 Jul 2025</h2>
<p>No user facing changes.</p>
<h2>3.29.2 - 30 Jun 2025</h2>
<ul>
<li>Experimental: When the <code>quality-queries</code> input for the
<code>init</code> action is provided with an argument, separate
<code>.quality.sarif</code> files are produced and uploaded for each
language with the results of the specified queries. Do not use this in
production as it is part of an internal experiment and subject to change
at any time. <a
href="https://redirect.github.com/github/codeql-action/pull/2935">#2935</a></li>
</ul>
<h2>3.29.1 - 27 Jun 2025</h2>
<ul>
<li>Fix bug in PR analysis where user-provided <code>include</code>
query filter fails to exclude non-included queries. <a
href="https://redirect.github.com/github/codeql-action/pull/2938">#2938</a></li>
<li>Update default CodeQL bundle version to 2.22.1. <a
href="https://redirect.github.com/github/codeql-action/pull/2950">#2950</a></li>
</ul>
<h2>3.29.0 - 11 Jun 2025</h2>
<ul>
<li>Update default CodeQL bundle version to 2.22.0. <a
href="https://redirect.github.com/github/codeql-action/pull/2925">#2925</a></li>
<li>Bump minimum CodeQL bundle version to 2.16.6. <a
href="https://redirect.github.com/github/codeql-action/pull/2912">#2912</a></li>
</ul>
<h2>3.28.21 - 28 July 2025</h2>
<p>No user facing changes.</p>
<h2>3.28.20 - 21 July 2025</h2>
<ul>
<li>Remove support for combining SARIF files from a single upload for
GHES 3.18, see <a
href="https://github.blog/changelog/2024-05-06-code-scanning-will-stop-combining-runs-from-a-single-upload/">the
changelog post</a>. <a
href="https://redirect.github.com/github/codeql-action/pull/2959">#2959</a></li>
</ul>
<h2>3.28.19 - 03 Jun 2025</h2>
<ul>
<li>The CodeQL Action no longer includes its own copy of the extractor
for the <code>actions</code> language, which is currently in public
preview.
The <code>actions</code> extractor has been included in the CodeQL CLI
since v2.20.6. If your workflow has enabled the <code>actions</code>
language <em>and</em> you have pinned
your <code>tools:</code> property to a specific version of the CodeQL
CLI earlier than v2.20.6, you will need to update to at least CodeQL
v2.20.6 or disable
<code>actions</code> analysis.</li>
<li>Update default CodeQL bundle version to 2.21.4. <a
href="https://redirect.github.com/github/codeql-action/pull/2910">#2910</a></li>
</ul>
<h2>3.28.18 - 16 May 2025</h2>
<ul>
<li>Update default CodeQL bundle version to 2.21.3. <a
href="https://redirect.github.com/github/codeql-action/pull/2893">#2893</a></li>
<li>Skip validating SARIF produced by CodeQL for improved performance.
<a
href="https://redirect.github.com/github/codeql-action/pull/2894">#2894</a></li>
<li>The number of threads and amount of RAM used by CodeQL can now be
set via the <code>CODEQL_THREADS</code> and <code>CODEQL_RAM</code>
runner environment variables. If set, these environment variables
override the <code>threads</code> and <code>ram</code> inputs
respectively. <a
href="https://redirect.github.com/github/codeql-action/pull/2891">#2891</a></li>
</ul>
<h2>3.28.17 - 02 May 2025</h2>
<ul>
<li>Update default CodeQL bundle version to 2.21.2. <a
href="https://redirect.github.com/github/codeql-action/pull/2872">#2872</a></li>
</ul>
<h2>3.28.16 - 23 Apr 2025</h2>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="a841c540b7"><code>a841c54</code></a>
Scratch <code>uploadSpecifiedFiles</code> tests, make
<code>uploadPayload</code> tests instead</li>
<li><a
href="aeb12f6eaa"><code>aeb12f6</code></a>
Merge branch 'main' into redsun82/skip-sarif-upload-tests</li>
<li><a
href="6fd4ceb7bb"><code>6fd4ceb</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/3189">#3189</a>
from github/henrymercer/download-codeql-rate-limit</li>
<li><a
href="196a3e577b"><code>196a3e5</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/3188">#3188</a>
from github/mbg/telemetry/partial-config</li>
<li><a
href="98abb870dc"><code>98abb87</code></a>
Add configuration error for rate limited CodeQL download</li>
<li><a
href="bdd2cdf891"><code>bdd2cdf</code></a>
Also include <code>language</code> in error status report for
<code>start-proxy</code>, if available</li>
<li><a
href="fb148789ab"><code>fb14878</code></a>
Include <code>languages</code> in <code>start-proxy</code>
telemetry</li>
<li><a
href="2ff418f28a"><code>2ff418f</code></a>
Parse <code>language</code> before calling
<code>getCredentials</code></li>
<li>See full diff in <a
href="https://github.com/github/codeql-action/compare/v3...v4">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=3&new-version=4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-10-15 10:26:36 +02:00
dependabot[bot]
73661998c1 chore(deps): bump golang.org/x/text from 0.29.0 to 0.30.0 (#804) 
Bumps [golang.org/x/text](https://github.com/golang/text) from 0.29.0 to
0.30.0.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="c6abd0305e"><code>c6abd03</code></a>
go.mod: update golang.org/x dependencies</li>
<li><a
href="42f038dad6"><code>42f038d</code></a>
x/text: fix nil dereference in gotext extract</li>
<li><a
href="a42f0e2da6"><code>a42f0e2</code></a>
all: use built-in max/min to simplify the code</li>
<li>See full diff in <a
href="https://github.com/golang/text/compare/v0.29.0...v0.30.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=golang.org/x/text&package-manager=go_modules&previous-version=0.29.0&new-version=0.30.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-10-09 10:20:28 +00:00
dependabot[bot]
0c4a980eb2 chore(deps): bump golang.org/x/oauth2 from 0.31.0 to 0.32.0 (#805) 
Bumps [golang.org/x/oauth2](https://github.com/golang/oauth2) from
0.31.0 to 0.32.0.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="792c877635"><code>792c877</code></a>
oauth2: use strings.Builder instead of bytes.Buffer</li>
<li>See full diff in <a
href="https://github.com/golang/oauth2/compare/v0.31.0...v0.32.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=golang.org/x/oauth2&package-manager=go_modules&previous-version=0.31.0&new-version=0.32.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-10-09 12:18:04 +02:00
Jacques Dafflon
e3169b695f feat(rp): add WithPKCEFromDisocvery (#776) 
Add the WithPKCEFromDiscovery option to create a relying party with PKCE
enabled if it is supported when query the discovery endpoint as
discussed in #506.

This only works when creating an OIDC RP which performs a discovery
call. With an OAuth2-only RP, an error is returned as no discovery call
is performed.

Closes #506

### Definition of Ready

- [x] I am happy with the code
- [x] Short description of the feature/issue is added in the pr
description
- [x] PR is linked to the corresponding user story
- [ ] Acceptance criteria are met
- [ ] All open todos and follow ups are defined in a new ticket and
justified
- [ ] Deviations from the acceptance criteria and design are agreed with
the PO and documented.
- [x] No debug or dead code
- [x] My code has no repetitions
- [x] Critical parts are tested automatically
- [x] Where possible E2E tests are implemented
- [x] Documentation/examples are up-to-date
- [x] All non-functional requirements are met
- [ ] Functionality of the acceptance criteria is checked manually on
the dev system.
v3.45.0 		2025-09-29 08:42:54 +00:00
Livio Spring
adddf0e4b3 refactor: deprecate proprietary key file use for JWT Profile (#801) 
While reviewing #750, we noticed that the `KeyFile` struct and
corresponding methods are proprietary to Zitadel and should have never
been part of the pure OIDC library.

This PR deprecates the corresponding parts. For users of Zitadel, the
corresponding code is moved to zitadel/zitadel-go#516

### Definition of Ready

- [x] I am happy with the code
- [x] Short description of the feature/issue is added in the pr
description
- [x] PR is linked to the corresponding user story
- [x] Acceptance criteria are met
- [ ] All open todos and follow ups are defined in a new ticket and
justified
- [ ] Deviations from the acceptance criteria and design are agreed with
the PO and documented.
- [x] No debug or dead code
- [x] My code has no repetitions
- [x] Critical parts are tested automatically
- [ ] Where possible E2E tests are implemented
- [x] Documentation/examples are up-to-date
- [x] All non-functional requirements are met
- [x] Functionality of the acceptance criteria is checked manually on
the dev system.
 2025-09-23 08:44:48 +02:00
dependabot[bot]
df140a781b chore(deps): bump codecov/codecov-action from 5.5.0 to 5.5.1 (#799) 
Bumps
[codecov/codecov-action](https://github.com/codecov/codecov-action) from
5.5.0 to 5.5.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/codecov/codecov-action/releases">codecov/codecov-action's
releases</a>.</em></p>
<blockquote>
<h2>v5.5.1</h2>
<h2>What's Changed</h2>
<ul>
<li>build(deps): bump ossf/scorecard-action from 2.4.1 to 2.4.2 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/codecov/codecov-action/pull/1833">codecov/codecov-action#1833</a></li>
<li>build(deps): bump github/codeql-action from 3.28.18 to 3.29.9 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/codecov/codecov-action/pull/1861">codecov/codecov-action#1861</a></li>
<li>Document a <code>codecov-cli</code> version reference example by <a
href="https://github.com/webknjaz"><code>@​webknjaz</code></a> in <a
href="https://redirect.github.com/codecov/codecov-action/pull/1774">codecov/codecov-action#1774</a></li>
<li>docs: fix typo in README by <a
href="https://github.com/datalater"><code>@​datalater</code></a> in <a
href="https://redirect.github.com/codecov/codecov-action/pull/1866">codecov/codecov-action#1866</a></li>
<li>fix: update to use local app/ dir by <a
href="https://github.com/thomasrockhu-codecov"><code>@​thomasrockhu-codecov</code></a>
in <a
href="https://redirect.github.com/codecov/codecov-action/pull/1872">codecov/codecov-action#1872</a></li>
<li>build(deps): bump github/codeql-action from 3.29.9 to 3.29.11 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/codecov/codecov-action/pull/1867">codecov/codecov-action#1867</a></li>
<li>build(deps): bump actions/checkout from 4.2.2 to 5.0.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/codecov/codecov-action/pull/1868">codecov/codecov-action#1868</a></li>
<li>fix: overwrite pr number on fork by <a
href="https://github.com/thomasrockhu-codecov"><code>@​thomasrockhu-codecov</code></a>
in <a
href="https://redirect.github.com/codecov/codecov-action/pull/1871">codecov/codecov-action#1871</a></li>
<li>chore(release): 5.5.1 by <a
href="https://github.com/thomasrockhu-codecov"><code>@​thomasrockhu-codecov</code></a>
in <a
href="https://redirect.github.com/codecov/codecov-action/pull/1873">codecov/codecov-action#1873</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/datalater"><code>@​datalater</code></a>
made their first contribution in <a
href="https://redirect.github.com/codecov/codecov-action/pull/1866">codecov/codecov-action#1866</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/codecov/codecov-action/compare/v5.5.0...v5.5.1">https://github.com/codecov/codecov-action/compare/v5.5.0...v5.5.1</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md">codecov/codecov-action's
changelog</a>.</em></p>
<blockquote>
<h2>v5.5.1</h2>
<h3>What's Changed</h3>
<ul>
<li>fix: overwrite pr number on fork by <a
href="https://github.com/thomasrockhu-codecov"><code>@​thomasrockhu-codecov</code></a>
in <a
href="https://redirect.github.com/codecov/codecov-action/pull/1871">codecov/codecov-action#1871</a></li>
<li>build(deps): bump actions/checkout from 4.2.2 to 5.0.0 by
<code>@​app/dependabot</code> in <a
href="https://redirect.github.com/codecov/codecov-action/pull/1868">codecov/codecov-action#1868</a></li>
<li>build(deps): bump github/codeql-action from 3.29.9 to 3.29.11 by
<code>@​app/dependabot</code> in <a
href="https://redirect.github.com/codecov/codecov-action/pull/1867">codecov/codecov-action#1867</a></li>
<li>fix: update to use local app/ dir by <a
href="https://github.com/thomasrockhu-codecov"><code>@​thomasrockhu-codecov</code></a>
in <a
href="https://redirect.github.com/codecov/codecov-action/pull/1872">codecov/codecov-action#1872</a></li>
<li>docs: fix typo in README by <a
href="https://github.com/datalater"><code>@​datalater</code></a> in <a
href="https://redirect.github.com/codecov/codecov-action/pull/1866">codecov/codecov-action#1866</a></li>
<li>Document a <code>codecov-cli</code> version reference example by <a
href="https://github.com/webknjaz"><code>@​webknjaz</code></a> in <a
href="https://redirect.github.com/codecov/codecov-action/pull/1774">codecov/codecov-action#1774</a></li>
<li>build(deps): bump github/codeql-action from 3.28.18 to 3.29.9 by
<code>@​app/dependabot</code> in <a
href="https://redirect.github.com/codecov/codecov-action/pull/1861">codecov/codecov-action#1861</a></li>
<li>build(deps): bump ossf/scorecard-action from 2.4.1 to 2.4.2 by
<code>@​app/dependabot</code> in <a
href="https://redirect.github.com/codecov/codecov-action/pull/1833">codecov/codecov-action#1833</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/codecov/codecov-action/compare/v5.5.0..v5.5.1">https://github.com/codecov/codecov-action/compare/v5.5.0..v5.5.1</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="5a1091511a"><code>5a10915</code></a>
chore(release): 5.5.1 (<a
href="https://redirect.github.com/codecov/codecov-action/issues/1873">#1873</a>)</li>
<li><a
href="3e0ce21cac"><code>3e0ce21</code></a>
fix: overwrite pr number on fork (<a
href="https://redirect.github.com/codecov/codecov-action/issues/1871">#1871</a>)</li>
<li><a
href="c4741c8197"><code>c4741c8</code></a>
build(deps): bump actions/checkout from 4.2.2 to 5.0.0 (<a
href="https://redirect.github.com/codecov/codecov-action/issues/1868">#1868</a>)</li>
<li><a
href="17370e8add"><code>17370e8</code></a>
build(deps): bump github/codeql-action from 3.29.9 to 3.29.11 (<a
href="https://redirect.github.com/codecov/codecov-action/issues/1867">#1867</a>)</li>
<li><a
href="18fdacf0ce"><code>18fdacf</code></a>
fix: update to use local app/ dir (<a
href="https://redirect.github.com/codecov/codecov-action/issues/1872">#1872</a>)</li>
<li><a
href="206148c4b8"><code>206148c</code></a>
docs: fix typo in README (<a
href="https://redirect.github.com/codecov/codecov-action/issues/1866">#1866</a>)</li>
<li><a
href="3cb13a1234"><code>3cb13a1</code></a>
Document a <code>codecov-cli</code> version reference example (<a
href="https://redirect.github.com/codecov/codecov-action/issues/1774">#1774</a>)</li>
<li><a
href="a4803c1f8d"><code>a4803c1</code></a>
build(deps): bump github/codeql-action from 3.28.18 to 3.29.9 (<a
href="https://redirect.github.com/codecov/codecov-action/issues/1861">#1861</a>)</li>
<li><a
href="3139621497"><code>3139621</code></a>
build(deps): bump ossf/scorecard-action from 2.4.1 to 2.4.2 (<a
href="https://redirect.github.com/codecov/codecov-action/issues/1833">#1833</a>)</li>
<li>See full diff in <a
href="https://github.com/codecov/codecov-action/compare/v5.5.0...v5.5.1">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=codecov/codecov-action&package-manager=github_actions&previous-version=5.5.0&new-version=5.5.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-09-09 10:58:19 +03:00
dependabot[bot]
1d0e340190 chore(deps): bump golang.org/x/text from 0.28.0 to 0.29.0 (#797) 
Bumps [golang.org/x/text](https://github.com/golang/text) from 0.28.0 to
0.29.0.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="e69f31bf9c"><code>e69f31b</code></a>
go.mod: update golang.org/x dependencies</li>
<li><a
href="60c9786d9e"><code>60c9786</code></a>
all: upgrade go directive to at least 1.24.0 [generated]</li>
<li>See full diff in <a
href="https://github.com/golang/text/compare/v0.28.0...v0.29.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=golang.org/x/text&package-manager=go_modules&previous-version=0.28.0&new-version=0.29.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-09-08 12:14:13 +03:00
dependabot[bot]
60fd782966 chore(deps): bump golang.org/x/oauth2 from 0.30.0 to 0.31.0 (#796) 
Bumps [golang.org/x/oauth2](https://github.com/golang/oauth2) from
0.30.0 to 0.31.0.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="014cf778b4"><code>014cf77</code></a>
all: upgrade go directive to at least 1.24.0 [generated]</li>
<li><a
href="3c76ce5d23"><code>3c76ce5</code></a>
endpoints: correct Naver OAuth2 endpoint URLs</li>
<li>See full diff in <a
href="https://github.com/golang/oauth2/compare/v0.30.0...v0.31.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=golang.org/x/oauth2&package-manager=go_modules&previous-version=0.30.0&new-version=0.31.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-09-08 09:09:55 +00:00
Tim Möhlmann
c85da539c0 chore(go): add support for 1.25 (#798) 
- Add Go 1.25 to the test matrix
- Oldest supported Go version is now 1.24, as required for
https://github.com/zitadel/oidc/pull/796
- Fix non-constant format string build errors

### Definition of Ready

- [x] I am happy with the code
- [x] Short description of the feature/issue is added in the pr
description
- [x] PR is linked to the corresponding user story
- [x] Acceptance criteria are met
- [x] All open todos and follow ups are defined in a new ticket and
justified
- [x] Deviations from the acceptance criteria and design are agreed with
the PO and documented.
- [x] No debug or dead code
- [x] My code has no repetitions
- [x] Critical parts are tested automatically
- [x] Where possible E2E tests are implemented
- [x] Documentation/examples are up-to-date
- [x] All non-functional requirements are met
- [x] Functionality of the acceptance criteria is checked manually on
the dev system.
 2025-09-08 12:05:27 +03:00
dependabot[bot]
de1a600893 chore(deps): bump cycjimmy/semantic-release-action from 4 to 5 (#795) 
Bumps
[cycjimmy/semantic-release-action](https://github.com/cycjimmy/semantic-release-action)
from 4 to 5.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/cycjimmy/semantic-release-action/releases">cycjimmy/semantic-release-action's
releases</a>.</em></p>
<blockquote>
<h2>v5.0.0</h2>
<h1><a
href="https://github.com/cycjimmy/semantic-release-action/compare/v4.2.2...v5.0.0">5.0.0</a>
(2025-08-30)</h1>
<h3>Features</h3>
<ul>
<li>update node version on runner to 24 (<a
href="78693238b0">7869323</a>)</li>
</ul>
<h3>BREAKING CHANGES</h3>
<ul>
<li>this action now runs using node 24</li>
</ul>
<h2>v4.2.2</h2>
<h2><a
href="https://github.com/cycjimmy/semantic-release-action/compare/v4.2.1...v4.2.2">4.2.2</a>
(2025-07-04)</h2>
<h3>Bug Fixes</h3>
<ul>
<li><strong>cleanupNpmrc.task.js:</strong> Use <code>@​actions/io</code>
to remove .npmrc (<a
href="b7db0cbbf5">b7db0cb</a>)</li>
</ul>
<h2>v4.2.1</h2>
<h2><a
href="https://github.com/cycjimmy/semantic-release-action/compare/v4.2.0...v4.2.1">4.2.1</a>
(2025-06-07)</h2>
<h3>Bug Fixes</h3>
<ul>
<li>update marked terminal to v7.3.0 (<a
href="b52fa1bae5">b52fa1b</a>)</li>
</ul>
<h2>v4.2.0</h2>
<h1><a
href="https://github.com/cycjimmy/semantic-release-action/compare/v4.1.1...v4.2.0">4.2.0</a>
(2025-03-14)</h1>
<h3>Features</h3>
<ul>
<li>add ability to unset GITHUB_ACTION env var (<a
href="266ea7eb8c">266ea7e</a>)</li>
</ul>
<h2>v4.1.1</h2>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/cycjimmy/semantic-release-action/blob/main/docs/CHANGELOG.md">cycjimmy/semantic-release-action's
changelog</a>.</em></p>
<blockquote>
<h2><a
href="https://github.com/cycjimmy/semantic-release-action/compare/v4.2.1...v4.2.2">4.2.2</a>
(2025-07-04)</h2>
<h3>Bug Fixes</h3>
<ul>
<li><strong>cleanupNpmrc.task.js:</strong> Use <code>@​actions/io</code>
to remove .npmrc (<a
href="b7db0cbbf5">b7db0cb</a>)</li>
</ul>
<h2><a
href="https://github.com/cycjimmy/semantic-release-action/compare/v4.2.0...v4.2.1">4.2.1</a>
(2025-06-07)</h2>
<h3>Bug Fixes</h3>
<ul>
<li>update marked terminal to v7.3.0 (<a
href="b52fa1bae5">b52fa1b</a>)</li>
</ul>
<h1><a
href="https://github.com/cycjimmy/semantic-release-action/compare/v4.1.1...v4.2.0">4.2.0</a>
(2025-03-14)</h1>
<h3>Features</h3>
<ul>
<li>add ability to unset GITHUB_ACTION env var (<a
href="266ea7eb8c">266ea7e</a>)</li>
</ul>
<h2><a
href="https://github.com/cycjimmy/semantic-release-action/compare/v4.1.0...v4.1.1">4.1.1</a>
(2024-09-25)</h2>
<h3>Bug Fixes</h3>
<ul>
<li>default use semantic-release@24 (<a
href="c22487b442">c22487b</a>)</li>
</ul>
<h1><a
href="https://github.com/cycjimmy/semantic-release-action/compare/v4.0.0...v4.1.0">4.1.0</a>
(2024-03-19)</h1>
<h3>Bug Fixes</h3>
<ul>
<li>fix syntax error for importing (<a
href="42976755bc">4297675</a>)</li>
</ul>
<h3>Features</h3>
<ul>
<li>add repository_url input (<a
href="8dffec4efa">8dffec4</a>)</li>
</ul>
<h1><a
href="https://github.com/cycjimmy/semantic-release-action/compare/v3.4.2...v4.0.0">4.0.0</a>
(2023-08-31)</h1>
<h3>Features</h3>
<ul>
<li>update node version on runner to 20 (<a
href="0c2055456e">0c20554</a>)</li>
</ul>
<h3>BREAKING CHANGES</h3>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="9cc899c47e"><code>9cc899c</code></a>
chore(release): 5.0.0 [skip ci]</li>
<li><a
href="5362fd1cca"><code>5362fd1</code></a>
Merge pull request <a
href="https://redirect.github.com/cycjimmy/semantic-release-action/issues/255">#255</a>
from DarkAtra/feat/update-node-version-on-runner-to-24</li>
<li><a
href="92100d1315"><code>92100d1</code></a>
Merge pull request <a
href="https://redirect.github.com/cycjimmy/semantic-release-action/issues/253">#253</a>
from cycjimmy/dependabot/github_actions/actions/check...</li>
<li><a
href="78693238b0"><code>7869323</code></a>
feat: update node version on runner to 24</li>
<li><a
href="db700e46d1"><code>db700e4</code></a>
build(deps): bump actions/checkout from 4 to 5</li>
<li><a
href="9a24fc62fd"><code>9a24fc6</code></a>
Merge pull request <a
href="https://redirect.github.com/cycjimmy/semantic-release-action/issues/251">#251</a>
from cycjimmy/dependabot/npm_and_yarn/semantic-releas...</li>
<li><a
href="fc78113e7a"><code>fc78113</code></a>
build(deps): bump semantic-release from 24.2.6 to 24.2.7</li>
<li>See full diff in <a
href="https://github.com/cycjimmy/semantic-release-action/compare/v4...v5">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=cycjimmy/semantic-release-action&package-manager=github_actions&previous-version=4&new-version=5)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-09-02 15:02:55 +02:00
dependabot[bot]
98378b0b16 chore(deps): bump go.opentelemetry.io/otel/trace from 1.37.0 to 1.38.0 (#793) 
Bumps
[go.opentelemetry.io/otel/trace](https://github.com/open-telemetry/opentelemetry-go)
from 1.37.0 to 1.38.0.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md">go.opentelemetry.io/otel/trace's
changelog</a>.</em></p>
<blockquote>
<h2>[1.38.0/0.60.0/0.14.0/0.0.13] 2025-08-29</h2>
<p>This release is the last to support [Go 1.23].
The next release will require at least [Go 1.24].</p>
<h3>Added</h3>
<ul>
<li>Add native histogram exemplar support in
<code>go.opentelemetry.io/otel/exporters/prometheus</code>. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/6772">#6772</a>)</li>
<li>Add template attribute functions to the
<code>go.opentelmetry.io/otel/semconv/v1.34.0</code> package. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/6939">#6939</a>)
<ul>
<li><code>ContainerLabel</code></li>
<li><code>DBOperationParameter</code></li>
<li><code>DBSystemParameter</code></li>
<li><code>HTTPRequestHeader</code></li>
<li><code>HTTPResponseHeader</code></li>
<li><code>K8SCronJobAnnotation</code></li>
<li><code>K8SCronJobLabel</code></li>
<li><code>K8SDaemonSetAnnotation</code></li>
<li><code>K8SDaemonSetLabel</code></li>
<li><code>K8SDeploymentAnnotation</code></li>
<li><code>K8SDeploymentLabel</code></li>
<li><code>K8SJobAnnotation</code></li>
<li><code>K8SJobLabel</code></li>
<li><code>K8SNamespaceAnnotation</code></li>
<li><code>K8SNamespaceLabel</code></li>
<li><code>K8SNodeAnnotation</code></li>
<li><code>K8SNodeLabel</code></li>
<li><code>K8SPodAnnotation</code></li>
<li><code>K8SPodLabel</code></li>
<li><code>K8SReplicaSetAnnotation</code></li>
<li><code>K8SReplicaSetLabel</code></li>
<li><code>K8SStatefulSetAnnotation</code></li>
<li><code>K8SStatefulSetLabel</code></li>
<li><code>ProcessEnvironmentVariable</code></li>
<li><code>RPCConnectRPCRequestMetadata</code></li>
<li><code>RPCConnectRPCResponseMetadata</code></li>
<li><code>RPCGRPCRequestMetadata</code></li>
<li><code>RPCGRPCResponseMetadata</code></li>
</ul>
</li>
<li>Add <code>ErrorType</code> attribute helper function to the
<code>go.opentelmetry.io/otel/semconv/v1.34.0</code> package. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/6962">#6962</a>)</li>
<li>Add <code>WithAllowKeyDuplication</code> in
<code>go.opentelemetry.io/otel/sdk/log</code> which can be used to
disable deduplication for log records. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/6968">#6968</a>)</li>
<li>Add <code>WithCardinalityLimit</code> option to configure the
cardinality limit in <code>go.opentelemetry.io/otel/sdk/metric</code>.
(<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/6996">#6996</a>,
<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7065">#7065</a>,
<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7081">#7081</a>,
<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7164">#7164</a>,
<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7165">#7165</a>,
<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7179">#7179</a>)</li>
<li>Add <code>Clone</code> method to <code>Record</code> in
<code>go.opentelemetry.io/otel/log</code> that returns a copy of the
record with no shared state. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7001">#7001</a>)</li>
<li>Add experimental self-observability span and batch span processor
metrics in <code>go.opentelemetry.io/otel/sdk/trace</code>.
Check the <code>go.opentelemetry.io/otel/sdk/trace/internal/x</code>
package documentation for more information. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7027">#7027</a>,
<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/6393">#6393</a>,
<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7209">#7209</a>)</li>
<li>The <code>go.opentelemetry.io/otel/semconv/v1.36.0</code> package.
The package contains semantic conventions from the <code>v1.36.0</code>
version of the OpenTelemetry Semantic Conventions.
See the <a
href="https://github.com/open-telemetry/opentelemetry-go/blob/main/semconv/v1.36.0/MIGRATION.md">migration
documentation</a> for information on how to upgrade from
<code>go.opentelemetry.io/otel/semconv/v1.34.0.</code>(<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7032">#7032</a>,
<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7041">#7041</a>)</li>
<li>Add support for configuring Prometheus name translation using
<code>WithTranslationStrategy</code> option in
<code>go.opentelemetry.io/otel/exporters/prometheus</code>. The current
default translation strategy when UTF-8 mode is enabled is
<code>NoUTF8EscapingWithSuffixes</code>, but a future release will
change the default strategy to
<code>UnderscoreEscapingWithSuffixes</code> for compliance with the
specification. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7111">#7111</a>)</li>
<li>Add experimental self-observability log metrics in
<code>go.opentelemetry.io/otel/sdk/log</code>.
Check the <code>go.opentelemetry.io/otel/sdk/log/internal/x</code>
package documentation for more information. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7121">#7121</a>)</li>
<li>Add experimental self-observability trace exporter metrics in
<code>go.opentelemetry.io/otel/exporters/stdout/stdouttrace</code>.</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="84e3f3ac8b"><code>84e3f3a</code></a>
Release v1.38.0 (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7271">#7271</a>)</li>
<li><a
href="18424a46ed"><code>18424a4</code></a>
Add tests for attribute JSON marshalling (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7268">#7268</a>)</li>
<li><a
href="9798759463"><code>9798759</code></a>
Statically define trace observability attributes (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7263">#7263</a>)</li>
<li><a
href="be1e57fb36"><code>be1e57f</code></a>
Refactor BSP observability setup (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7264">#7264</a>)</li>
<li><a
href="d99c68cb21"><code>d99c68c</code></a>
chore(deps): update module github.com/mgechev/revive to v1.12.0 (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7269">#7269</a>)</li>
<li><a
href="0724539e71"><code>0724539</code></a>
Add benchmark for set equality (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7262">#7262</a>)</li>
<li><a
href="5358fd737d"><code>5358fd7</code></a>
Upgrade semconv dependencies to v1.37.0 (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7260">#7260</a>)</li>
<li><a
href="25d02741f7"><code>25d0274</code></a>
fix(deps): update module github.com/stretchr/testify to v1.11.1 (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7261">#7261</a>)</li>
<li><a
href="d0cab8666b"><code>d0cab86</code></a>
prometheus: Add support for setting Translation Strategy config option
(<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7111">#7111</a>)</li>
<li><a
href="3342341f15"><code>3342341</code></a>
Generate the <code>semconv/v1.37.0</code> packages (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7254">#7254</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/open-telemetry/opentelemetry-go/compare/v1.37.0...v1.38.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=go.opentelemetry.io/otel/trace&package-manager=go_modules&previous-version=1.37.0&new-version=1.38.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-09-01 16:22:03 +02:00
dependabot[bot]
044894f686 chore(deps): bump github.com/go-chi/chi/v5 from 5.2.2 to 5.2.3 (#790) 
Bumps [github.com/go-chi/chi/v5](https://github.com/go-chi/chi) from
5.2.2 to 5.2.3.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/go-chi/chi/releases">github.com/go-chi/chi/v5's
releases</a>.</em></p>
<blockquote>
<h2>v5.2.3</h2>
<h2>What's Changed</h2>
<ul>
<li>Add pathvalue example to README and implement PathValue handler. by
<a href="https://github.com/catatsuy"><code>@​catatsuy</code></a> in <a
href="https://redirect.github.com/go-chi/chi/pull/985">go-chi/chi#985</a></li>
<li>Allow multiple whitespace between method &amp; pattern by <a
href="https://github.com/JRaspass"><code>@​JRaspass</code></a> in <a
href="https://redirect.github.com/go-chi/chi/pull/1013">go-chi/chi#1013</a></li>
<li>Avoid potential nil dereference by <a
href="https://github.com/ProjectMutilation"><code>@​ProjectMutilation</code></a>
in <a
href="https://redirect.github.com/go-chi/chi/pull/1008">go-chi/chi#1008</a></li>
<li>feat(mux): support http.Request.Pattern in Go 1.23 by <a
href="https://github.com/Gusted"><code>@​Gusted</code></a> in <a
href="https://redirect.github.com/go-chi/chi/pull/986">go-chi/chi#986</a></li>
<li>fix/608 - Fix flaky Throttle middleware test by synchronizing token
usage by <a
href="https://github.com/OtavioBernardes"><code>@​OtavioBernardes</code></a>
in <a
href="https://redirect.github.com/go-chi/chi/pull/1016">go-chi/chi#1016</a></li>
<li>Optimize throttle middleware by avoiding unnecessary timer creation
by <a href="https://github.com/vasayxtx"><code>@​vasayxtx</code></a> in
<a
href="https://redirect.github.com/go-chi/chi/pull/1011">go-chi/chi#1011</a></li>
<li>Simplify wildcard replacement in route patterns by <a
href="https://github.com/srpvpn"><code>@​srpvpn</code></a> in <a
href="https://redirect.github.com/go-chi/chi/pull/1012">go-chi/chi#1012</a></li>
<li>Replace methodTypString func with reverseMethodMap by <a
href="https://github.com/JRaspass"><code>@​JRaspass</code></a> in <a
href="https://redirect.github.com/go-chi/chi/pull/1018">go-chi/chi#1018</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/ProjectMutilation"><code>@​ProjectMutilation</code></a>
made their first contribution in <a
href="https://redirect.github.com/go-chi/chi/pull/1008">go-chi/chi#1008</a></li>
<li><a href="https://github.com/Gusted"><code>@​Gusted</code></a> made
their first contribution in <a
href="https://redirect.github.com/go-chi/chi/pull/986">go-chi/chi#986</a></li>
<li><a
href="https://github.com/OtavioBernardes"><code>@​OtavioBernardes</code></a>
made their first contribution in <a
href="https://redirect.github.com/go-chi/chi/pull/1016">go-chi/chi#1016</a></li>
<li><a href="https://github.com/srpvpn"><code>@​srpvpn</code></a> made
their first contribution in <a
href="https://redirect.github.com/go-chi/chi/pull/1012">go-chi/chi#1012</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/go-chi/chi/compare/v5.2.2...v5.2.3">https://github.com/go-chi/chi/compare/v5.2.2...v5.2.3</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="9b9fb55def"><code>9b9fb55</code></a>
Replace methodTypString func with reverseMethodMap (<a
href="https://redirect.github.com/go-chi/chi/issues/1018">#1018</a>)</li>
<li><a
href="0265fcd786"><code>0265fcd</code></a>
refactor: iterative wildcard collapsing and add test for consecutive
wildcard...</li>
<li><a
href="cf537d4016"><code>cf537d4</code></a>
Optimize throttle middleware by avoiding unnecessary timer creation (<a
href="https://redirect.github.com/go-chi/chi/issues/1011">#1011</a>)</li>
<li><a
href="9040e95a07"><code>9040e95</code></a>
fix/608 - Fix flaky Throttle middleware test by synchronizing token
usage (<a
href="https://redirect.github.com/go-chi/chi/issues/1">#1</a>...</li>
<li><a
href="d12cc49622"><code>d12cc49</code></a>
feat(mux): support http.Request.Pattern in Go 1.23 (<a
href="https://redirect.github.com/go-chi/chi/issues/986">#986</a>)</li>
<li><a
href="1c2d011f59"><code>1c2d011</code></a>
Avoid potential nil dereference (<a
href="https://redirect.github.com/go-chi/chi/issues/1008">#1008</a>)</li>
<li><a
href="7859137737"><code>7859137</code></a>
Allow multiple whitespace between method &amp; pattern (<a
href="https://redirect.github.com/go-chi/chi/issues/1013">#1013</a>)</li>
<li><a
href="80d8da2a18"><code>80d8da2</code></a>
Add pathvalue example to README and implement PathValue handler. (<a
href="https://redirect.github.com/go-chi/chi/issues/985">#985</a>)</li>
<li>See full diff in <a
href="https://github.com/go-chi/chi/compare/v5.2.2...v5.2.3">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/go-chi/chi/v5&package-manager=go_modules&previous-version=5.2.2&new-version=5.2.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-08-28 14:24:44 +02:00
dependabot[bot]
200cec7e81 chore(deps): bump github.com/stretchr/testify from 1.11.0 to 1.11.1 (#789) 
Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify)
from 1.11.0 to 1.11.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/stretchr/testify/releases">github.com/stretchr/testify's
releases</a>.</em></p>
<blockquote>
<h2>v1.11.1</h2>
<p>This release fixes <a
href="https://redirect.github.com/stretchr/testify/issues/1785">#1785</a>
introduced in v1.11.0 where expected argument values implementing the
stringer interface (<code>String() string</code>) with a method which
mutates their value, when passed to mock.Mock.On
(<code>m.On(&quot;Method&quot;, &lt;expected&gt;).Return()</code>) or
actual argument values passed to mock.Mock.Called may no longer match
one another where they previously did match. The behaviour prior to
v1.11.0 where the stringer is always called is restored. Future testify
releases may not call the stringer method at all in this case.</p>
<h2>What's Changed</h2>
<ul>
<li>Backport <a
href="https://redirect.github.com/stretchr/testify/issues/1786">#1786</a>
to release/1.11: mock: revert to pre-v1.11.0 argument matching behavior
for mutating stringers by <a
href="https://github.com/brackendawson"><code>@​brackendawson</code></a>
in <a
href="https://redirect.github.com/stretchr/testify/pull/1788">stretchr/testify#1788</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/stretchr/testify/compare/v1.11.0...v1.11.1">https://github.com/stretchr/testify/compare/v1.11.0...v1.11.1</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="2a57335dc9"><code>2a57335</code></a>
Merge pull request <a
href="https://redirect.github.com/stretchr/testify/issues/1788">#1788</a>
from brackendawson/1785-backport-1.11</li>
<li><a
href="af8c91234f"><code>af8c912</code></a>
Backport <a
href="https://redirect.github.com/stretchr/testify/issues/1786">#1786</a>
to release/1.11</li>
<li>See full diff in <a
href="https://github.com/stretchr/testify/compare/v1.11.0...v1.11.1">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/stretchr/testify&package-manager=go_modules&previous-version=1.11.0&new-version=1.11.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-08-28 14:22:07 +02:00
dependabot[bot]
b22db5e4c0 chore(deps): bump codecov/codecov-action from 5.4.3 to 5.5.0 (#788) 
Bumps
[codecov/codecov-action](https://github.com/codecov/codecov-action) from
5.4.3 to 5.5.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/codecov/codecov-action/releases">codecov/codecov-action's
releases</a>.</em></p>
<blockquote>
<h2>v5.5.0</h2>
<h2>What's Changed</h2>
<ul>
<li>build(deps): bump github/codeql-action from 3.28.17 to 3.28.18 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/codecov/codecov-action/pull/1829">codecov/codecov-action#1829</a></li>
<li>docs: Refine OIDC docs by <a
href="https://github.com/spalmurray"><code>@​spalmurray</code></a> in <a
href="https://redirect.github.com/codecov/codecov-action/pull/1837">codecov/codecov-action#1837</a></li>
<li>fix: Typo in README by <a
href="https://github.com/spalmurray"><code>@​spalmurray</code></a> in <a
href="https://redirect.github.com/codecov/codecov-action/pull/1838">codecov/codecov-action#1838</a></li>
<li>fix: check reqs exist by <a
href="https://github.com/joseph-sentry"><code>@​joseph-sentry</code></a>
in <a
href="https://redirect.github.com/codecov/codecov-action/pull/1835">codecov/codecov-action#1835</a></li>
<li>Pin actions/github-script by Git SHA by <a
href="https://github.com/martincostello"><code>@​martincostello</code></a>
in <a
href="https://redirect.github.com/codecov/codecov-action/pull/1859">codecov/codecov-action#1859</a></li>
<li>feat: upgrade wrapper to 0.2.4 by <a
href="https://github.com/jviall"><code>@​jviall</code></a> in <a
href="https://redirect.github.com/codecov/codecov-action/pull/1864">codecov/codecov-action#1864</a></li>
<li>chore(release): 5.5.0 by <a
href="https://github.com/thomasrockhu-codecov"><code>@​thomasrockhu-codecov</code></a>
in <a
href="https://redirect.github.com/codecov/codecov-action/pull/1865">codecov/codecov-action#1865</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/spalmurray"><code>@​spalmurray</code></a> made
their first contribution in <a
href="https://redirect.github.com/codecov/codecov-action/pull/1837">codecov/codecov-action#1837</a></li>
<li><a
href="https://github.com/martincostello"><code>@​martincostello</code></a>
made their first contribution in <a
href="https://redirect.github.com/codecov/codecov-action/pull/1859">codecov/codecov-action#1859</a></li>
<li><a href="https://github.com/jviall"><code>@​jviall</code></a> made
their first contribution in <a
href="https://redirect.github.com/codecov/codecov-action/pull/1864">codecov/codecov-action#1864</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/codecov/codecov-action/compare/v5.4.3...v5.5.0">https://github.com/codecov/codecov-action/compare/v5.4.3...v5.5.0</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md">codecov/codecov-action's
changelog</a>.</em></p>
<blockquote>
<h2>v5.5.0</h2>
<h3>What's Changed</h3>
<ul>
<li>feat: upgrade wrapper to 0.2.4 by <a
href="https://github.com/jviall"><code>@​jviall</code></a> in <a
href="https://redirect.github.com/codecov/codecov-action/pull/1864">codecov/codecov-action#1864</a></li>
<li>Pin actions/github-script by Git SHA by <a
href="https://github.com/martincostello"><code>@​martincostello</code></a>
in <a
href="https://redirect.github.com/codecov/codecov-action/pull/1859">codecov/codecov-action#1859</a></li>
<li>fix: check reqs exist by <a
href="https://github.com/joseph-sentry"><code>@​joseph-sentry</code></a>
in <a
href="https://redirect.github.com/codecov/codecov-action/pull/1835">codecov/codecov-action#1835</a></li>
<li>fix: Typo in README by <a
href="https://github.com/spalmurray"><code>@​spalmurray</code></a> in <a
href="https://redirect.github.com/codecov/codecov-action/pull/1838">codecov/codecov-action#1838</a></li>
<li>docs: Refine OIDC docs by <a
href="https://github.com/spalmurray"><code>@​spalmurray</code></a> in <a
href="https://redirect.github.com/codecov/codecov-action/pull/1837">codecov/codecov-action#1837</a></li>
<li>build(deps): bump github/codeql-action from 3.28.17 to 3.28.18 by
<code>@​app/dependabot</code> in <a
href="https://redirect.github.com/codecov/codecov-action/pull/1829">codecov/codecov-action#1829</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/codecov/codecov-action/compare/v5.4.3..v5.5.0">https://github.com/codecov/codecov-action/compare/v5.4.3..v5.5.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="fdcc847654"><code>fdcc847</code></a>
chore(release): 5.5.0 (<a
href="https://redirect.github.com/codecov/codecov-action/issues/1865">#1865</a>)</li>
<li><a
href="2b79379983"><code>2b79379</code></a>
feat: upgrade wrapper to 0.2.4 (<a
href="https://redirect.github.com/codecov/codecov-action/issues/1864">#1864</a>)</li>
<li><a
href="39a2af19d9"><code>39a2af1</code></a>
Pin actions/github-script by Git SHA (<a
href="https://redirect.github.com/codecov/codecov-action/issues/1859">#1859</a>)</li>
<li><a
href="2db07e3179"><code>2db07e3</code></a>
fix: check reqs exist (<a
href="https://redirect.github.com/codecov/codecov-action/issues/1835">#1835</a>)</li>
<li><a
href="78f372e97e"><code>78f372e</code></a>
fix: Typo in README (<a
href="https://redirect.github.com/codecov/codecov-action/issues/1838">#1838</a>)</li>
<li><a
href="5ecdce83a1"><code>5ecdce8</code></a>
docs: Refine OIDC docs (<a
href="https://redirect.github.com/codecov/codecov-action/issues/1837">#1837</a>)</li>
<li><a
href="15559ed290"><code>15559ed</code></a>
build(deps): bump github/codeql-action from 3.28.17 to 3.28.18 (<a
href="https://redirect.github.com/codecov/codecov-action/issues/1829">#1829</a>)</li>
<li>See full diff in <a
href="https://github.com/codecov/codecov-action/compare/v5.4.3...v5.5.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=codecov/codecov-action&package-manager=github_actions&previous-version=5.4.3&new-version=5.5.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Tim Möhlmann <tim+github@zitadel.com>
 2025-08-27 08:48:21 +00:00
dependabot[bot]
08502788af chore(deps): bump github.com/stretchr/testify from 1.10.0 to 1.11.0 (#787) 
Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify)
from 1.10.0 to 1.11.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/stretchr/testify/releases">github.com/stretchr/testify's
releases</a>.</em></p>
<blockquote>
<h2>v1.11.0</h2>
<h2>What's Changed</h2>
<h3>Functional Changes</h3>
<p>v1.11.0 Includes a number of performance improvements.</p>
<ul>
<li>Call stack perf change for CallerInfo by <a
href="https://github.com/mikeauclair"><code>@​mikeauclair</code></a> in
<a
href="https://redirect.github.com/stretchr/testify/pull/1614">stretchr/testify#1614</a></li>
<li>Lazily render mock diff output on successful match by <a
href="https://github.com/mikeauclair"><code>@​mikeauclair</code></a> in
<a
href="https://redirect.github.com/stretchr/testify/pull/1615">stretchr/testify#1615</a></li>
<li>assert: check early in Eventually, EventuallyWithT, and Never by <a
href="https://github.com/cszczepaniak"><code>@​cszczepaniak</code></a>
in <a
href="https://redirect.github.com/stretchr/testify/pull/1427">stretchr/testify#1427</a></li>
<li>assert: add IsNotType by <a
href="https://github.com/bartventer"><code>@​bartventer</code></a> in <a
href="https://redirect.github.com/stretchr/testify/pull/1730">stretchr/testify#1730</a></li>
<li>assert.JSONEq: shortcut if same strings by <a
href="https://github.com/dolmen"><code>@​dolmen</code></a> in <a
href="https://redirect.github.com/stretchr/testify/pull/1754">stretchr/testify#1754</a></li>
<li>assert.YAMLEq: shortcut if same strings by <a
href="https://github.com/dolmen"><code>@​dolmen</code></a> in <a
href="https://redirect.github.com/stretchr/testify/pull/1755">stretchr/testify#1755</a></li>
<li>assert: faster and simpler isEmpty using reflect.Value.IsZero by <a
href="https://github.com/dolmen"><code>@​dolmen</code></a> in <a
href="https://redirect.github.com/stretchr/testify/pull/1761">stretchr/testify#1761</a></li>
<li>suite: faster methods filtering (internal refactor) by <a
href="https://github.com/dolmen"><code>@​dolmen</code></a> in <a
href="https://redirect.github.com/stretchr/testify/pull/1758">stretchr/testify#1758</a></li>
</ul>
<h3>Fixes</h3>
<ul>
<li>assert.ErrorAs: log target type by <a
href="https://github.com/craig65535"><code>@​craig65535</code></a> in <a
href="https://redirect.github.com/stretchr/testify/pull/1345">stretchr/testify#1345</a></li>
<li>Fix failure message formatting for Positive and Negative asserts in
<a
href="https://redirect.github.com/stretchr/testify/pull/1062">stretchr/testify#1062</a></li>
<li>Improve ErrorIs message when error is nil but an error was expected
by <a href="https://github.com/tsioftas"><code>@​tsioftas</code></a> in
<a
href="https://redirect.github.com/stretchr/testify/pull/1681">stretchr/testify#1681</a></li>
<li>fix Subset/NotSubset when calling with mixed input types by <a
href="https://github.com/siliconbrain"><code>@​siliconbrain</code></a>
in <a
href="https://redirect.github.com/stretchr/testify/pull/1729">stretchr/testify#1729</a></li>
<li>Improve ErrorAs failure message when error is nil by <a
href="https://github.com/ccoVeille"><code>@​ccoVeille</code></a> in <a
href="https://redirect.github.com/stretchr/testify/pull/1734">stretchr/testify#1734</a></li>
<li>mock.AssertNumberOfCalls: improve error msg by <a
href="https://github.com/3scalation"><code>@​3scalation</code></a> in <a
href="https://redirect.github.com/stretchr/testify/pull/1743">stretchr/testify#1743</a></li>
</ul>
<h3>Documentation, Build &amp; CI</h3>
<ul>
<li>docs: Fix typo in README by <a
href="https://github.com/alexandear"><code>@​alexandear</code></a> in <a
href="https://redirect.github.com/stretchr/testify/pull/1688">stretchr/testify#1688</a></li>
<li>Replace deprecated io/ioutil with io and os by <a
href="https://github.com/alexandear"><code>@​alexandear</code></a> in <a
href="https://redirect.github.com/stretchr/testify/pull/1684">stretchr/testify#1684</a></li>
<li>Document consequences of calling t.FailNow() by <a
href="https://github.com/greg0ire"><code>@​greg0ire</code></a> in <a
href="https://redirect.github.com/stretchr/testify/pull/1710">stretchr/testify#1710</a></li>
<li>chore: update docs for Unset <a
href="https://redirect.github.com/stretchr/testify/issues/1621">#1621</a>
by <a href="https://github.com/techfg"><code>@​techfg</code></a> in <a
href="https://redirect.github.com/stretchr/testify/pull/1709">stretchr/testify#1709</a></li>
<li>README: apply gofmt to examples by <a
href="https://github.com/alexandear"><code>@​alexandear</code></a> in <a
href="https://redirect.github.com/stretchr/testify/pull/1687">stretchr/testify#1687</a></li>
<li>refactor: use %q and %T to simplify fmt.Sprintf by <a
href="https://github.com/alexandear"><code>@​alexandear</code></a> in <a
href="https://redirect.github.com/stretchr/testify/pull/1674">stretchr/testify#1674</a></li>
<li>Propose Christophe Colombier (ccoVeille) as approver by <a
href="https://github.com/brackendawson"><code>@​brackendawson</code></a>
in <a
href="https://redirect.github.com/stretchr/testify/pull/1716">stretchr/testify#1716</a></li>
<li>Update documentation for the Error function in assert or require
package by <a
href="https://github.com/architagr"><code>@​architagr</code></a> in <a
href="https://redirect.github.com/stretchr/testify/pull/1675">stretchr/testify#1675</a></li>
<li>assert: remove deprecated build constraints by <a
href="https://github.com/alexandear"><code>@​alexandear</code></a> in <a
href="https://redirect.github.com/stretchr/testify/pull/1671">stretchr/testify#1671</a></li>
<li>assert: apply gofumpt to internal test suite by <a
href="https://github.com/ccoVeille"><code>@​ccoVeille</code></a> in <a
href="https://redirect.github.com/stretchr/testify/pull/1739">stretchr/testify#1739</a></li>
<li>CI: fix shebang in .ci.*.sh scripts by <a
href="https://github.com/dolmen"><code>@​dolmen</code></a> in <a
href="https://redirect.github.com/stretchr/testify/pull/1746">stretchr/testify#1746</a></li>
<li>assert,require: enable parallel testing on (almost) all top tests by
<a href="https://github.com/dolmen"><code>@​dolmen</code></a> in <a
href="https://redirect.github.com/stretchr/testify/pull/1747">stretchr/testify#1747</a></li>
<li>suite.Passed: add one more status test report by <a
href="https://github.com/Ararsa-Derese"><code>@​Ararsa-Derese</code></a>
in <a
href="https://redirect.github.com/stretchr/testify/pull/1706">stretchr/testify#1706</a></li>
<li>Add Helper() method in internal mocks and assert.CollectT by <a
href="https://github.com/dolmen"><code>@​dolmen</code></a> in <a
href="https://redirect.github.com/stretchr/testify/pull/1423">stretchr/testify#1423</a></li>
<li>assert.Same/NotSame: improve usage of Sprintf by <a
href="https://github.com/ccoVeille"><code>@​ccoVeille</code></a> in <a
href="https://redirect.github.com/stretchr/testify/pull/1742">stretchr/testify#1742</a></li>
<li>mock: enable parallel testing on internal testsuite by <a
href="https://github.com/dolmen"><code>@​dolmen</code></a> in <a
href="https://redirect.github.com/stretchr/testify/pull/1756">stretchr/testify#1756</a></li>
<li>suite: cleanup use of 'testing' internals at runtime by <a
href="https://github.com/dolmen"><code>@​dolmen</code></a> in <a
href="https://redirect.github.com/stretchr/testify/pull/1751">stretchr/testify#1751</a></li>
<li>assert: check test failure message for Empty and NotEmpty by <a
href="https://github.com/ccoVeille"><code>@​ccoVeille</code></a> in <a
href="https://redirect.github.com/stretchr/testify/pull/1745">stretchr/testify#1745</a></li>
<li>deps: fix dependency cycle with objx (again) by <a
href="https://github.com/dolmen"><code>@​dolmen</code></a> in <a
href="https://redirect.github.com/stretchr/testify/pull/1567">stretchr/testify#1567</a></li>
<li>assert.Empty: comprehensive doc of &quot;Empty&quot;-ness rules by
<a href="https://github.com/dolmen"><code>@​dolmen</code></a> in <a
href="https://redirect.github.com/stretchr/testify/pull/1753">stretchr/testify#1753</a></li>
<li>doc: improve godoc of top level 'testify' package by <a
href="https://github.com/dolmen"><code>@​dolmen</code></a> in <a
href="https://redirect.github.com/stretchr/testify/pull/1760">stretchr/testify#1760</a></li>
<li>assert.ErrorAs: simplify retrieving the type name by <a
href="https://github.com/ccoVeille"><code>@​ccoVeille</code></a> in <a
href="https://redirect.github.com/stretchr/testify/pull/1740">stretchr/testify#1740</a></li>
<li>assert.EqualValues: improve test coverage to 100% by <a
href="https://github.com/dolmen"><code>@​dolmen</code></a> in <a
href="https://redirect.github.com/stretchr/testify/pull/1763">stretchr/testify#1763</a></li>
<li>suite.Run: simplify running of Setup/TeardownSuite by <a
href="https://github.com/renzoarreaza"><code>@​renzoarreaza</code></a>
in <a
href="https://redirect.github.com/stretchr/testify/pull/1769">stretchr/testify#1769</a></li>
<li>assert.CallerInfo: micro optimization by using LastIndexByte by <a
href="https://github.com/dolmen"><code>@​dolmen</code></a> in <a
href="https://redirect.github.com/stretchr/testify/pull/1767">stretchr/testify#1767</a></li>
<li>assert.CallerInfo: micro cleanup by <a
href="https://github.com/dolmen"><code>@​dolmen</code></a> in <a
href="https://redirect.github.com/stretchr/testify/pull/1768">stretchr/testify#1768</a></li>
<li>assert: refactor Test<em>FileExists and Test</em>DirExists tests to
enable parallel testing by <a
href="https://github.com/dolmen"><code>@​dolmen</code></a> in <a
href="https://redirect.github.com/stretchr/testify/pull/1766">stretchr/testify#1766</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="b7801fbf5c"><code>b7801fb</code></a>
Merge pull request <a
href="https://redirect.github.com/stretchr/testify/issues/1778">#1778</a>
from stretchr/dependabot/github_actions/actions/chec...</li>
<li><a
href="69831f3b08"><code>69831f3</code></a>
build(deps): bump actions/checkout from 4 to 5</li>
<li><a
href="a53be35c3b"><code>a53be35</code></a>
Improve captureTestingT helper</li>
<li><a
href="aafb604176"><code>aafb604</code></a>
mock: improve formatting of error message</li>
<li><a
href="7218e0390a"><code>7218e03</code></a>
improve error msg</li>
<li><a
href="929a2126c2"><code>929a212</code></a>
Merge pull request <a
href="https://redirect.github.com/stretchr/testify/issues/1758">#1758</a>
from stretchr/dolmen/suite-faster-method-filtering</li>
<li><a
href="bc7459ec38"><code>bc7459e</code></a>
suite: faster filtering of methods (-testify.m)</li>
<li><a
href="7d37b5c962"><code>7d37b5c</code></a>
suite: refactor methodFilter</li>
<li><a
href="c58bc90e5c"><code>c58bc90</code></a>
Merge pull request <a
href="https://redirect.github.com/stretchr/testify/issues/1764">#1764</a>
from stretchr/dolmen/suite-refactor-stats-for-readab...</li>
<li><a
href="87101a6e4a"><code>87101a6</code></a>
suite.Run: refactor handling of stats</li>
<li>Additional commits viewable in <a
href="https://github.com/stretchr/testify/compare/v1.10.0...v1.11.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/stretchr/testify&package-manager=go_modules&previous-version=1.10.0&new-version=1.11.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-08-26 10:38:38 +03:00
Livio Spring
9efe061b2a chore: add limited availability notice to readme (#786) 
### Definition of Ready

- [ ] I am happy with the code
- [ ] Short description of the feature/issue is added in the pr
description
- [ ] PR is linked to the corresponding user story
- [ ] Acceptance criteria are met
- [ ] All open todos and follow ups are defined in a new ticket and
justified
- [ ] Deviations from the acceptance criteria and design are agreed with
the PO and documented.
- [ ] No debug or dead code
- [ ] My code has no repetitions
- [ ] Critical parts are tested automatically
- [ ] Where possible E2E tests are implemented
- [ ] Documentation/examples are up-to-date
- [ ] All non-functional requirements are met
- [ ] Functionality of the acceptance criteria is checked manually on
the dev system.
 2025-08-19 15:21:14 +02:00
dependabot[bot]
e4fc8af0a4 chore(deps): bump github.com/bmatcuk/doublestar/v4 from 4.9.0 to 4.9.1 (#780) 
Bumps
[github.com/bmatcuk/doublestar/v4](https://github.com/bmatcuk/doublestar)
from 4.9.0 to 4.9.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/bmatcuk/doublestar/releases">github.com/bmatcuk/doublestar/v4's
releases</a>.</em></p>
<blockquote>
<h2>Small Performance Change</h2>
<p>This release contains a small change that gives a slight performance
increase. Thanks to <a
href="https://github.com/jbedard"><code>@​jbedard</code></a> for the
PR!</p>
<h2>What's Changed</h2>
<ul>
<li>perf: reduce string construction in isZeroLengthPattern by <a
href="https://github.com/jbedard"><code>@​jbedard</code></a> in <a
href="https://redirect.github.com/bmatcuk/doublestar/pull/107">bmatcuk/doublestar#107</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/jbedard"><code>@​jbedard</code></a> made
their first contribution in <a
href="https://redirect.github.com/bmatcuk/doublestar/pull/107">bmatcuk/doublestar#107</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/bmatcuk/doublestar/compare/v4.9.0...v4.9.1">https://github.com/bmatcuk/doublestar/compare/v4.9.0...v4.9.1</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="8b690afa33"><code>8b690af</code></a>
note about optimization</li>
<li><a
href="792c3c9463"><code>792c3c9</code></a>
perf: reduce string construction in isZeroLengthPattern</li>
<li>See full diff in <a
href="https://github.com/bmatcuk/doublestar/compare/v4.9.0...v4.9.1">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/bmatcuk/doublestar/v4&package-manager=go_modules&previous-version=4.9.0&new-version=4.9.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Tim Möhlmann <tim+github@zitadel.com>
 2025-08-19 11:25:30 +00:00
dependabot[bot]
b3300325b3 chore(deps): bump actions/checkout from 4 to 5 (#783) 
Bumps [actions/checkout](https://github.com/actions/checkout) from 4 to
5.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/checkout/releases">actions/checkout's
releases</a>.</em></p>
<blockquote>
<h2>v5.0.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Update actions checkout to use node 24 by <a
href="https://github.com/salmanmkc"><code>@​salmanmkc</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2226">actions/checkout#2226</a></li>
<li>Prepare v5.0.0 release by <a
href="https://github.com/salmanmkc"><code>@​salmanmkc</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2238">actions/checkout#2238</a></li>
</ul>
<h2>⚠️ Minimum Compatible Runner Version</h2>
<p><strong>v2.327.1</strong><br />
<a
href="https://github.com/actions/runner/releases/tag/v2.327.1">Release
Notes</a></p>
<p>Make sure your runner is updated to this version or newer to use this
release.</p>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/checkout/compare/v4...v5.0.0">https://github.com/actions/checkout/compare/v4...v5.0.0</a></p>
<h2>v4.3.0</h2>
<h2>What's Changed</h2>
<ul>
<li>docs: update README.md by <a
href="https://github.com/motss"><code>@​motss</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1971">actions/checkout#1971</a></li>
<li>Add internal repos for checking out multiple repositories by <a
href="https://github.com/mouismail"><code>@​mouismail</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1977">actions/checkout#1977</a></li>
<li>Documentation update - add recommended permissions to Readme by <a
href="https://github.com/benwells"><code>@​benwells</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2043">actions/checkout#2043</a></li>
<li>Adjust positioning of user email note and permissions heading by <a
href="https://github.com/joshmgross"><code>@​joshmgross</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2044">actions/checkout#2044</a></li>
<li>Update README.md by <a
href="https://github.com/nebuk89"><code>@​nebuk89</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2194">actions/checkout#2194</a></li>
<li>Update CODEOWNERS for actions by <a
href="https://github.com/TingluoHuang"><code>@​TingluoHuang</code></a>
in <a
href="https://redirect.github.com/actions/checkout/pull/2224">actions/checkout#2224</a></li>
<li>Update package dependencies by <a
href="https://github.com/salmanmkc"><code>@​salmanmkc</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2236">actions/checkout#2236</a></li>
<li>Prepare release v4.3.0 by <a
href="https://github.com/salmanmkc"><code>@​salmanmkc</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2237">actions/checkout#2237</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/motss"><code>@​motss</code></a> made
their first contribution in <a
href="https://redirect.github.com/actions/checkout/pull/1971">actions/checkout#1971</a></li>
<li><a href="https://github.com/mouismail"><code>@​mouismail</code></a>
made their first contribution in <a
href="https://redirect.github.com/actions/checkout/pull/1977">actions/checkout#1977</a></li>
<li><a href="https://github.com/benwells"><code>@​benwells</code></a>
made their first contribution in <a
href="https://redirect.github.com/actions/checkout/pull/2043">actions/checkout#2043</a></li>
<li><a href="https://github.com/nebuk89"><code>@​nebuk89</code></a> made
their first contribution in <a
href="https://redirect.github.com/actions/checkout/pull/2194">actions/checkout#2194</a></li>
<li><a href="https://github.com/salmanmkc"><code>@​salmanmkc</code></a>
made their first contribution in <a
href="https://redirect.github.com/actions/checkout/pull/2236">actions/checkout#2236</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/checkout/compare/v4...v4.3.0">https://github.com/actions/checkout/compare/v4...v4.3.0</a></p>
<h2>v4.2.2</h2>
<h2>What's Changed</h2>
<ul>
<li><code>url-helper.ts</code> now leverages well-known environment
variables by <a href="https://github.com/jww3"><code>@​jww3</code></a>
in <a
href="https://redirect.github.com/actions/checkout/pull/1941">actions/checkout#1941</a></li>
<li>Expand unit test coverage for <code>isGhes</code> by <a
href="https://github.com/jww3"><code>@​jww3</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1946">actions/checkout#1946</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/checkout/compare/v4.2.1...v4.2.2">https://github.com/actions/checkout/compare/v4.2.1...v4.2.2</a></p>
<h2>v4.2.1</h2>
<h2>What's Changed</h2>
<ul>
<li>Check out other refs/* by commit if provided, fall back to ref by <a
href="https://github.com/orhantoy"><code>@​orhantoy</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1924">actions/checkout#1924</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/Jcambass"><code>@​Jcambass</code></a>
made their first contribution in <a
href="https://redirect.github.com/actions/checkout/pull/1919">actions/checkout#1919</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/checkout/compare/v4.2.0...v4.2.1">https://github.com/actions/checkout/compare/v4.2.0...v4.2.1</a></p>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/actions/checkout/blob/main/CHANGELOG.md">actions/checkout's
changelog</a>.</em></p>
<blockquote>
<h1>Changelog</h1>
<h2>V5.0.0</h2>
<ul>
<li>Update actions checkout to use node 24 by <a
href="https://github.com/salmanmkc"><code>@​salmanmkc</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2226">actions/checkout#2226</a></li>
</ul>
<h2>V4.3.0</h2>
<ul>
<li>docs: update README.md by <a
href="https://github.com/motss"><code>@​motss</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1971">actions/checkout#1971</a></li>
<li>Add internal repos for checking out multiple repositories by <a
href="https://github.com/mouismail"><code>@​mouismail</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1977">actions/checkout#1977</a></li>
<li>Documentation update - add recommended permissions to Readme by <a
href="https://github.com/benwells"><code>@​benwells</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2043">actions/checkout#2043</a></li>
<li>Adjust positioning of user email note and permissions heading by <a
href="https://github.com/joshmgross"><code>@​joshmgross</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2044">actions/checkout#2044</a></li>
<li>Update README.md by <a
href="https://github.com/nebuk89"><code>@​nebuk89</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2194">actions/checkout#2194</a></li>
<li>Update CODEOWNERS for actions by <a
href="https://github.com/TingluoHuang"><code>@​TingluoHuang</code></a>
in <a
href="https://redirect.github.com/actions/checkout/pull/2224">actions/checkout#2224</a></li>
<li>Update package dependencies by <a
href="https://github.com/salmanmkc"><code>@​salmanmkc</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2236">actions/checkout#2236</a></li>
</ul>
<h2>v4.2.2</h2>
<ul>
<li><code>url-helper.ts</code> now leverages well-known environment
variables by <a href="https://github.com/jww3"><code>@​jww3</code></a>
in <a
href="https://redirect.github.com/actions/checkout/pull/1941">actions/checkout#1941</a></li>
<li>Expand unit test coverage for <code>isGhes</code> by <a
href="https://github.com/jww3"><code>@​jww3</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1946">actions/checkout#1946</a></li>
</ul>
<h2>v4.2.1</h2>
<ul>
<li>Check out other refs/* by commit if provided, fall back to ref by <a
href="https://github.com/orhantoy"><code>@​orhantoy</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1924">actions/checkout#1924</a></li>
</ul>
<h2>v4.2.0</h2>
<ul>
<li>Add Ref and Commit outputs by <a
href="https://github.com/lucacome"><code>@​lucacome</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1180">actions/checkout#1180</a></li>
<li>Dependency updates by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>- <a
href="https://redirect.github.com/actions/checkout/pull/1777">actions/checkout#1777</a>,
<a
href="https://redirect.github.com/actions/checkout/pull/1872">actions/checkout#1872</a></li>
</ul>
<h2>v4.1.7</h2>
<ul>
<li>Bump the minor-npm-dependencies group across 1 directory with 4
updates by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1739">actions/checkout#1739</a></li>
<li>Bump actions/checkout from 3 to 4 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1697">actions/checkout#1697</a></li>
<li>Check out other refs/* by commit by <a
href="https://github.com/orhantoy"><code>@​orhantoy</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1774">actions/checkout#1774</a></li>
<li>Pin actions/checkout's own workflows to a known, good, stable
version. by <a href="https://github.com/jww3"><code>@​jww3</code></a> in
<a
href="https://redirect.github.com/actions/checkout/pull/1776">actions/checkout#1776</a></li>
</ul>
<h2>v4.1.6</h2>
<ul>
<li>Check platform to set archive extension appropriately by <a
href="https://github.com/cory-miller"><code>@​cory-miller</code></a> in
<a
href="https://redirect.github.com/actions/checkout/pull/1732">actions/checkout#1732</a></li>
</ul>
<h2>v4.1.5</h2>
<ul>
<li>Update NPM dependencies by <a
href="https://github.com/cory-miller"><code>@​cory-miller</code></a> in
<a
href="https://redirect.github.com/actions/checkout/pull/1703">actions/checkout#1703</a></li>
<li>Bump github/codeql-action from 2 to 3 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1694">actions/checkout#1694</a></li>
<li>Bump actions/setup-node from 1 to 4 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1696">actions/checkout#1696</a></li>
<li>Bump actions/upload-artifact from 2 to 4 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1695">actions/checkout#1695</a></li>
<li>README: Suggest <code>user.email</code> to be
<code>41898282+github-actions[bot]@users.noreply.github.com</code> by <a
href="https://github.com/cory-miller"><code>@​cory-miller</code></a> in
<a
href="https://redirect.github.com/actions/checkout/pull/1707">actions/checkout#1707</a></li>
</ul>
<h2>v4.1.4</h2>
<ul>
<li>Disable <code>extensions.worktreeConfig</code> when disabling
<code>sparse-checkout</code> by <a
href="https://github.com/jww3"><code>@​jww3</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1692">actions/checkout#1692</a></li>
<li>Add dependabot config by <a
href="https://github.com/cory-miller"><code>@​cory-miller</code></a> in
<a
href="https://redirect.github.com/actions/checkout/pull/1688">actions/checkout#1688</a></li>
<li>Bump the minor-actions-dependencies group with 2 updates by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1693">actions/checkout#1693</a></li>
<li>Bump word-wrap from 1.2.3 to 1.2.5 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1643">actions/checkout#1643</a></li>
</ul>
<h2>v4.1.3</h2>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="08c6903cd8"><code>08c6903</code></a>
Prepare v5.0.0 release (<a
href="https://redirect.github.com/actions/checkout/issues/2238">#2238</a>)</li>
<li><a
href="9f265659d3"><code>9f26565</code></a>
Update actions checkout to use node 24 (<a
href="https://redirect.github.com/actions/checkout/issues/2226">#2226</a>)</li>
<li>See full diff in <a
href="https://github.com/actions/checkout/compare/v4...v5">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/checkout&package-manager=github_actions&previous-version=4&new-version=5)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Tim Möhlmann <tim+github@zitadel.com>
 2025-08-14 15:34:32 +00:00
dependabot[bot]
337111f703 chore(deps): bump golang.org/x/text from 0.27.0 to 0.28.0 (#781) 
Bumps [golang.org/x/text](https://github.com/golang/text) from 0.27.0 to
0.28.0.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="425d715b4a"><code>425d715</code></a>
go.mod: update golang.org/x dependencies</li>
<li>See full diff in <a
href="https://github.com/golang/text/compare/v0.27.0...v0.28.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=golang.org/x/text&package-manager=go_modules&previous-version=0.27.0&new-version=0.28.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-08-14 17:14:07 +02:00
Ayato
5d37097a96 chore(op): fix parameter name typo in GetKeyByIDAndClientID (#779) 
Fix parameter name typo in `GetKeyByIDAndClientID`

### Definition of Ready
- [x] I am happy with the code
- [x] Short description of the feature/issue is added in the pr
description
- [ ] PR is linked to the corresponding user story
- [ ] Acceptance criteria are met
- [ ] All open todos and follow ups are defined in a new ticket and
justified
- [ ] Deviations from the acceptance criteria and design are agreed with
the PO and documented.
- [ ] No debug or dead code
- [ ] My code has no repetitions
- [ ] Critical parts are tested automatically
- [ ] Where possible E2E tests are implemented
- [ ] Documentation/examples are up-to-date
- [ ] All non-functional requirements are met
- [ ] Functionality of the acceptance criteria is checked manually on
the dev system.

Co-authored-by: Stefan Benz <46600784+stebenz@users.noreply.github.com>
 2025-08-05 12:25:17 +00:00
mqf20
3edc81ed9a feat: allow setting op.Crypto during provider setup (#778) 
Add a `op.WithCrypto` `op.Option` that allows developers to specify
their custom `op.Crypto` implementations during setup. If the
`op.Option` is used, it will override `op.Config.CryptoKey`.

Closes https://github.com/zitadel/oidc/issues/736.

### Definition of Ready

- [x] I am happy with the code
- [x] Short description of the feature/issue is added in the pr
description
- [x] PR is linked to the corresponding user story
- [ ] Acceptance criteria are met
- [ ] All open todos and follow ups are defined in a new ticket and
justified
- [ ] Deviations from the acceptance criteria and design are agreed with
the PO and documented.
- [x] No debug or dead code
- [ ] My code has no repetitions
- [ ] Critical parts are tested automatically
- [ ] Where possible E2E tests are implemented
- [x] Documentation/examples are up-to-date
- [ ] All non-functional requirements are met
- [ ] Functionality of the acceptance criteria is checked manually on
the dev system.

---------

Signed-off-by: mqf20 <mingqingfoo@gmail.com>
Co-authored-by: Tim Möhlmann <tim+github@zitadel.com>
v3.44.0 		2025-08-05 12:00:11 +00:00
Sianao
1fb34f3d41 fix: add redirect_uri decoded (#775) 
### Definition of Ready

This PR introduces a redirect_uri decoding step (url.QueryUnescape) in
the authorization request validation logic.
Libraries such as
[golang.org/x/oauth2](https://cs.opensource.google/go/x/oauth2/+/refs/tags/v0.30.0:oauth2.go;l=184)
automatically encode the redirect_uri using url.Values.Encode(). This
means the incoming URI is percent-encoded (e.g.,
https%3A%2F%2Fclient.example.com%2Fcallback), and the server must decode
it before performing string comparisons.

- [x] I am happy with the code
- [x] Short description of the feature/issue is added in the pr
description
- [x] PR is linked to the corresponding user story
- [x] Acceptance criteria are met
- [x] All open todos and follow ups are defined in a new ticket and
justified
- [x] Deviations from the acceptance criteria and design are agreed with
the PO and documented.
- [x] No debug or dead code
- [x] My code has no repetitions
- [x] Critical parts are tested automatically
- [x] Where possible E2E tests are implemented
- [x] Documentation/examples are up-to-date
- [x] All non-functional requirements are met
- [x] Functionality of the acceptance criteria is checked manually on
the dev system.

Co-authored-by: sianao <me@sianao.site>
v3.43.1 		2025-08-04 11:48:51 +00:00
Marc Alvarez
baf65b9a8c chore(op): clarify refresh token parameter names and improve code readability (#756) 
### Context

While implementing the Storage interface, I discovered that several
parameter names were misleading:
- Parameters named `refreshTokenID` and `newRefreshTokenID` actually
contain the full token values, not IDs
- This naming inconsistency caused confusion about what values should be
passed/returned
- The example implementations already use the semantically correct names
(`refreshToken`, `newRefreshToken`), creating a mismatch with the
interface definition

  ## Solution

This PR aligns the interface parameter names with their actual purpose
and with the existing example implementations.

  ## Changes

  1. **Storage interface parameter renames:**
     - `TokenRequestByRefreshToken`: `refreshTokenID` → `refreshToken`
- `CreateAccessAndRefreshTokens`: `newRefreshTokenID` →
`newRefreshToken`

  2. **Improved code readability in token.go:**
     - Made bare returns explicit for better clarity
     - Added documentation explaining the token creation flow
     - Clarified why `CreateAccessToken` also returns refresh tokens

  ## Impact

- **Breaking change**: No - these are parameter name changes in the
interface definition only
  - **Behavior change**: No - all logic remains unchanged
- **Documentation**: Improved with clearer parameter names and added
explanations

  ## Testing

- Ran existing tests (some timing-related test failures are pre-existing
and unrelated to these changes)
  - Verified example implementations already use the new parameter names

### Definition of Ready

- [X] I am happy with the code
- [X] Short description of the feature/issue is added in the pr
description
- [ ] PR is linked to the corresponding user story
- [ ] Acceptance criteria are met
- [ ] All open todos and follow ups are defined in a new ticket and
justified
- [ ] Deviations from the acceptance criteria and design are agreed with
the PO and documented.
- [X] No debug or dead code
- [X] My code has no repetitions
- [ ] Critical parts are tested automatically
- [ ] Where possible E2E tests are implemented
- [X] Documentation/examples are up-to-date
- [ ] All non-functional requirements are met
- [ ] Functionality of the acceptance criteria is checked manually on
the dev system.
 2025-08-04 14:13:11 +03:00
Brian Joerger
0d50c9369e feat(rp): optional authorized party check (#752) 
This PR makes the default Authorized Party check in `rp.VerifyIDToken`
optional by adding an options parameter for dynamic verification
functions. This check is meant to be an optional validation requirement,
so some providers (including GCP) do not adhere to it.

See https://github.com/zitadel/oidc/issues/405 for more context.

Closes https://github.com/zitadel/oidc/issues/405
v3.43.0 		2025-07-31 08:36:27 +00:00
dependabot[bot]
175edcfbed chore(deps): bump go.opentelemetry.io/otel/trace from 1.29.0 to 1.37.0 (#772) 
Bumps
[go.opentelemetry.io/otel/trace](https://github.com/open-telemetry/opentelemetry-go)
from 1.29.0 to 1.37.0.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md">go.opentelemetry.io/otel/trace's
changelog</a>.</em></p>
<blockquote>
<h2>[1.37.0/0.59.0/0.13.0] 2025-06-25</h2>
<h3>Added</h3>
<ul>
<li>The <code>go.opentelemetry.io/otel/semconv/v1.33.0</code> package.
The package contains semantic conventions from the <code>v1.33.0</code>
version of the OpenTelemetry Semantic Conventions.
See the <a
href="https://github.com/open-telemetry/opentelemetry-go/blob/main/semconv/v1.33.0/MIGRATION.md">migration
documentation</a> for information on how to upgrade from
<code>go.opentelemetry.io/otel/semconv/v1.32.0.</code>(<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/6799">#6799</a>)</li>
<li>The <code>go.opentelemetry.io/otel/semconv/v1.34.0</code> package.
The package contains semantic conventions from the <code>v1.34.0</code>
version of the OpenTelemetry Semantic Conventions. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/6812">#6812</a>)</li>
<li>Add metric's schema URL as <code>otel_scope_schema_url</code> label
in <code>go.opentelemetry.io/otel/exporters/prometheus</code>. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/5947">#5947</a>)</li>
<li>Add metric's scope attributes as <code>otel_scope_[attribute]</code>
labels in <code>go.opentelemetry.io/otel/exporters/prometheus</code>.
(<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/5947">#5947</a>)</li>
<li>Add <code>EventName</code> to <code>EnabledParameters</code> in
<code>go.opentelemetry.io/otel/log</code>. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/6825">#6825</a>)</li>
<li>Add <code>EventName</code> to <code>EnabledParameters</code> in
<code>go.opentelemetry.io/otel/sdk/log</code>. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/6825">#6825</a>)</li>
<li>Changed handling of
<code>go.opentelemetry.io/otel/exporters/prometheus</code> metric
renaming to add unit suffixes when it doesn't match one of the
pre-defined values in the unit suffix map. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/6839">#6839</a>)</li>
</ul>
<h3>Changed</h3>
<ul>
<li>The semantic conventions have been upgraded from
<code>v1.26.0</code> to <code>v1.34.0</code> in
<code>go.opentelemetry.io/otel/bridge/opentracing</code>. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/6827">#6827</a>)</li>
<li>The semantic conventions have been upgraded from
<code>v1.26.0</code> to <code>v1.34.0</code> in
<code>go.opentelemetry.io/otel/exporters/zipkin</code>. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/6829">#6829</a>)</li>
<li>The semantic conventions have been upgraded from
<code>v1.26.0</code> to <code>v1.34.0</code> in
<code>go.opentelemetry.io/otel/metric</code>. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/6832">#6832</a>)</li>
<li>The semantic conventions have been upgraded from
<code>v1.26.0</code> to <code>v1.34.0</code> in
<code>go.opentelemetry.io/otel/sdk/resource</code>. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/6834">#6834</a>)</li>
<li>The semantic conventions have been upgraded from
<code>v1.26.0</code> to <code>v1.34.0</code> in
<code>go.opentelemetry.io/otel/sdk/trace</code>. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/6835">#6835</a>)</li>
<li>The semantic conventions have been upgraded from
<code>v1.26.0</code> to <code>v1.34.0</code> in
<code>go.opentelemetry.io/otel/trace</code>. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/6836">#6836</a>)</li>
<li><code>Record.Resource</code> now returns
<code>*resource.Resource</code> instead of
<code>resource.Resource</code> in
<code>go.opentelemetry.io/otel/sdk/log</code>. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/6864">#6864</a>)</li>
<li>Retry now shows error cause for context timeout in
<code>go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc</code>,
<code>go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc</code>,
<code>go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc</code>,
<code>go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp</code>,
<code>go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp</code>,
<code>go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp</code>.
(<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/6898">#6898</a>)</li>
</ul>
<h3>Fixed</h3>
<ul>
<li>Stop stripping trailing slashes from configured endpoint URL in
<code>go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc</code>.
(<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/6710">#6710</a>)</li>
<li>Stop stripping trailing slashes from configured endpoint URL in
<code>go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp</code>.
(<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/6710">#6710</a>)</li>
<li>Stop stripping trailing slashes from configured endpoint URL in
<code>go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc</code>.
(<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/6710">#6710</a>)</li>
<li>Stop stripping trailing slashes from configured endpoint URL in
<code>go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp</code>.
(<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/6710">#6710</a>)</li>
<li>Validate exponential histogram scale range for Prometheus
compatibility in
<code>go.opentelemetry.io/otel/exporters/prometheus</code>. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/6822">#6822</a>)</li>
<li>Context cancellation during metric pipeline produce does not corrupt
data in <code>go.opentelemetry.io/otel/sdk/metric</code>. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/6914">#6914</a>)</li>
</ul>
<h3>Removed</h3>
<ul>
<li><code>go.opentelemetry.io/otel/exporters/prometheus</code> no longer
exports <code>otel_scope_info</code> metric. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/6770">#6770</a>)</li>
</ul>
<h2>[0.12.2] 2025-05-22</h2>
<h3>Fixed</h3>
<ul>
<li>Retract <code>v0.12.0</code> release of
<code>go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc</code>
module that contains invalid dependencies. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/6804">#6804</a>)</li>
<li>Retract <code>v0.12.0</code> release of
<code>go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp</code>
module that contains invalid dependencies. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/6804">#6804</a>)</li>
<li>Retract <code>v0.12.0</code> release of
<code>go.opentelemetry.io/otel/exporters/stdout/stdoutlog</code> module
that contains invalid dependencies. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/6804">#6804</a>)</li>
</ul>
<h2>[0.12.1] 2025-05-21</h2>
<h3>Fixes</h3>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="69e81088ad"><code>69e8108</code></a>
Release 1.37.0/0.59.0/0.13.0 (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/6925">#6925</a>)</li>
<li><a
href="67ca271b2c"><code>67ca271</code></a>
chore(deps): update golang.org/x/telemetry digest to fef9409 (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/6929">#6929</a>)</li>
<li><a
href="b4fad0aef8"><code>b4fad0a</code></a>
chore(deps): update module github.com/grpc-ecosystem/grpc-gateway/v2 to
v2.27...</li>
<li><a
href="553779c161"><code>553779c</code></a>
chore: add missing ) in GPG hyperlink (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/6928">#6928</a>)</li>
<li><a
href="351a51f1ed"><code>351a51f</code></a>
Use existing schema URLs in tests (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/6924">#6924</a>)</li>
<li><a
href="a365d8505d"><code>a365d85</code></a>
Add test for logging from a span in the opentracing bridge (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/6919">#6919</a>)</li>
<li><a
href="787518f061"><code>787518f</code></a>
chore(deps): update google.golang.org/genproto/googleapis/rpc digest to
513f2...</li>
<li><a
href="fbfb44a20f"><code>fbfb44a</code></a>
chore(deps): update golang.org/x (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/6923">#6923</a>)</li>
<li><a
href="98f76937b8"><code>98f7693</code></a>
chore: flatten bridge/opentracing/internal package (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/6916">#6916</a>)</li>
<li><a
href="1b803e1a59"><code>1b803e1</code></a>
fix(deps): update module github.com/prometheus/common to v0.65.0 (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/6921">#6921</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/open-telemetry/opentelemetry-go/compare/v1.29.0...v1.37.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=go.opentelemetry.io/otel/trace&package-manager=go_modules&previous-version=1.29.0&new-version=1.37.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-07-29 06:46:45 +00:00
Marco A.
dbf1a731a9 feat: pass optional logout hint and ui locales to end session request (#774) 
### Definition of Ready

- [x] I am happy with the code
- [x] Short description of the feature/issue is added in the pr
description
- [x] PR is linked to the corresponding user story
- [x] Acceptance criteria are met
- [x] All open todos and follow ups are defined in a new ticket and
justified
- [x] Deviations from the acceptance criteria and design are agreed with
the PO and documented.
- [x] No debug or dead code
- [x] My code has no repetitions
- [x] Critical parts are tested automatically
- [x] Where possible E2E tests are implemented
- [x] Documentation/examples are up-to-date
- [x] All non-functional requirements are met
- [x] Functionality of the acceptance criteria is checked manually on
the dev system.

# Context

PR https://github.com/zitadel/oidc/pull/754 has introduced the optional
logout hint and UI locales to the end session request. However, while
working on https://github.com/zitadel/zitadel/pull/10039 , I have
noticed that the integration tests on Zitadel side call
`relying_party.EndSession()` without the possibility of specifying any
logout hint nor ui locales.

This PR adds these 2 parameters to `relying_party.EndSession()`
function.
v3.42.0 		2025-07-24 21:26:46 +02:00
dependabot[bot]
11614213cc chore(deps): bump golang.org/x/text from 0.26.0 to 0.27.0 (#767) 
Bumps [golang.org/x/text](https://github.com/golang/text) from 0.26.0 to
0.27.0.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="b6d26456dd"><code>b6d2645</code></a>
go.mod: update golang.org/x dependencies</li>
<li>See full diff in <a
href="https://github.com/golang/text/compare/v0.26.0...v0.27.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=golang.org/x/text&package-manager=go_modules&previous-version=0.26.0&new-version=0.27.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-07-16 11:46:04 +00:00
Mark Laing
c0d0ba9b0f feat: Request aware cookie handling (#753) 
* pkg/http: Add `secureCookieFunc` field to CookieHandler.

Signed-off-by: Mark Laing <mark.laing@canonical.com>

* pkg/http: Add `IsRequestAware` method CookieHandler.

Signed-off-by: Mark Laing <mark.laing@canonical.com>

* pkg/http: Use `secureCookieFunc` when checking a cookie (if set).

Signed-off-by: Mark Laing <mark.laing@canonical.com>

* pkg/http: Error on `SetCookie` if cookie handler is request aware.

Signed-off-by: Mark Laing <mark.laing@canonical.com>

* pkg/http: Add method to set request aware cookies.

Signed-off-by: Mark Laing <mark.laing@canonical.com>

* pkg/http: Add function to create a new request aware cookie handler.

Signed-off-by: Mark Laing <mark.laing@canonical.com>

* pkg/client/rp: Update `trySetStateCookie` function signature.

Use `SetRequestAwareCookie` if the cookie handle is request aware.
This function signature can be updated because it is not exported.

Signed-off-by: Mark Laing <mark.laing@canonical.com>

* pkg/client/rp: Add `GenerateAndStoreCodeChallengeWithRequest` function.

It's not possible to add a `http.Request` argument to
`GenerateAndStoreCodeChallenge` as this would be a breaking change.
Instead, add a new function that accepts a request argument and call
`SetRequestAwareCookie` here.

Signed-off-by: Mark Laing <mark.laing@canonical.com>

* pkg/client/rp: Update PKCE logic to pass request if required by cookie handler.

Signed-off-by: Mark Laing <mark.laing@canonical.com>

* pkg/http: Don't set MaxAge if cookie handler is request aware.

The securecookie field can be nil. Expect the caller to set max age on
the securecookie returned by the secureCookieFunc.

Signed-off-by: Mark Laing <mark.laing@canonical.com>

* pkg/client: Add integration tests for request aware cookie handling.

Adds a new type `cookieSpec` which is accepted as an argument to
`RunAuthorizationCodeFlow`. `TestRelyingPartySession` now runs with
`wrapServer` true/false and with two cookie handlers, one static and one
request aware.

The request aware handler extracts encryption keys from a secret using a
salt from a "login_id" cookie.

Signed-off-by: Mark Laing <mark.laing@canonical.com>

---------

Signed-off-by: Mark Laing <mark.laing@canonical.com>
v3.41.0 		2025-07-16 11:33:03 +00:00
Jan-Otto Kröpke
21e830e275 feat: exclude OTEL instrumentation via build tag (#770) 
* feat: exclude OTEL instrumentation via build tag

* add readme
v3.40.0 		2025-07-16 11:29:59 +00:00
dependabot[bot]
d09a952410 chore(deps): bump github.com/bmatcuk/doublestar/v4 from 4.8.1 to 4.9.0 (#769) 
Bumps [github.com/bmatcuk/doublestar/v4](https://github.com/bmatcuk/doublestar) from 4.8.1 to 4.9.0.
- [Release notes](https://github.com/bmatcuk/doublestar/releases)
- [Commits](https://github.com/bmatcuk/doublestar/compare/v4.8.1...v4.9.0)

---
updated-dependencies:
- dependency-name: github.com/bmatcuk/doublestar/v4
  dependency-version: 4.9.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-07-15 08:58:28 +02:00
Jonathan Yoder
71b7500c62 fix: Omit empty assertion fields in client creds request (#745) v3.39.1 2025-07-02 12:34:13 +00:00
dependabot[bot]
3b0ab8f048 chore(deps): bump github.com/go-chi/chi/v5 in the go_modules group (#759) 
Bumps the go_modules group with 1 update: [github.com/go-chi/chi/v5](https://github.com/go-chi/chi).


Updates `github.com/go-chi/chi/v5` from 5.2.1 to 5.2.2
- [Release notes](https://github.com/go-chi/chi/releases)
- [Changelog](https://github.com/go-chi/chi/blob/master/CHANGELOG.md)
- [Commits](https://github.com/go-chi/chi/compare/v5.2.1...v5.2.2)

---
updated-dependencies:
- dependency-name: github.com/go-chi/chi/v5
  dependency-version: 5.2.2
  dependency-type: direct:production
  dependency-group: go_modules
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-07-02 13:27:39 +03:00
Fabienne Bühler
d6e37fa741 Merge pull request #758 from zitadel/hifabienne-patch-1 
chore: update issue templates
 2025-06-17 14:32:55 +02:00
Fabienne Bühler
8e1e5174fd Delete .github/ISSUE_TEMPLATE/proposal.yaml 2025-06-17 11:17:14 +02:00