chore(deps): bump the gomodupdates group across 1 directory with 5 updates

[dependabot]

Bumps the gomodupdates group with 5 updates in the / directory:

Package	From	To
github.com/cert-manager/cert-manager	1.20.0	1.20.1
github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring	0.90.0	0.90.1
github.com/rs/zerolog	1.34.0	1.35.0
go.mondoo.com/mql/v13	13.2.0	13.3.4
github.com/google/go-containerregistry	0.21.3	0.21.4

Updates github.com/cert-manager/cert-manager from 1.20.0 to 1.20.1

Release notes

Sourced from github.com/cert-manager/cert-manager's releases.

v1.20.1 fixes an issue for OpenShift users that has to do with the finalizer RBAC, bumps gRPC to address a reported non-affecting vulnerability, and fixes a duplicate parentRef bug when both issuer config and annotations are present (Gateway API).

Bug or Regression

• Fixed duplicate parentRef bug when both issuer config and annotations are present. (#8658, @​hjoshi123)
• Add missing issuer finalizer RBAC to the order controller to support owner references. This was preventing OpenShift users from being able to upgrade to v1.20.0. (#8655, @​erikgb)
• Bump google.golang.org/grpc to fix vulnerability reported by scanners. This isn't a vulnerability that affects cert-manager, but we are bumping it because it is reported by scanners. (#8657, @​erikgb)

Commits

• dc96863 Merge pull request #8658 from cert-manager-bot/cherry-pick-8619-to-release-1.20
• 7e66079 removing duplicate parentRefs
• 75f90e4 Merge pull request #8657 from erikgb/fix-grpc-vuln
• f27364c Update module google.golang.org/grpc to v1.79.3 [security] (release-1.20)
• 5c1ce14 Merge pull request #8655 from cert-manager-bot/cherry-pick-8654-to-release-1.20
• 038260f Fix RBAC to support clusters with OwnerReferencesPermissionEnforcement enabled
• See full diff in compare view

Updates github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring from 0.90.0 to 0.90.1

Release notes

Sourced from github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring's releases.

0.90.1 / 2026-03-25

• [BUGFIX] Fix Probe ignoring HTTP client settings in scrape configuration. #8461

Changelog

Sourced from github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring's changelog.

0.90.1 / 2026-03-25

• [BUGFIX] Fix Probe ignoring HTTP client settings in scrape configuration. #8461

Commits

• 32d1b3d Merge pull request #8462 from slashpai/cut-0.90.1
• 7d87388 chore: cut v0.90.1
• 3d9d543 Merge pull request #8461 from multani/probe-http-config
• b2d239d feat: allows Probes to configure HTTP settings
• See full diff in compare view

Updates github.com/rs/zerolog from 1.34.0 to 1.35.0

Commits

• 1396655 Bump CI Go matrix minimum from 1.21 to 1.23
• 4b65a2f Bump actions/cache from 4 to 5 (#741)
• b835796 Bump actions/setup-go from 5 to 6 (#742)
• 134caf8 Added sanitization of journald keys (#751)
• e133b6a Added variadic StrsV, ObjectsV, and StringersV (#752)
• 82017d8 Bump github.com/coreos/go-systemd/v22 from 22.6.0 to 22.7.0 (#753)
• 2f5b8a9 fix: UpdateContext skips Nop and zero-value loggers (#754)
• d64c9a7 Add slog.Handler implementation for zerolog (#755)
• a0d61dc fix: return dict to Event pool (#749)
• f6fbd33 Test coverage improvements (#748)
• Additional commits viewable in compare view

Updates go.mondoo.com/mql/v13 from 13.2.0 to 13.3.4

Release notes

Sourced from go.mondoo.com/mql/v13's releases.

v13.3.4

What's Changed

• ⭐️Add Active Directory Provider by @​syrull in mondoohq/mql#7000
• 🧹 Add Active Directory provider to docs and defaults by @​tas50 in mondoohq/mql#7104
• 🎉 gcp-13.3.3 by @​github-actions[bot] in mondoohq/mql#7103
• ⭐ Add Organizations OUs, account paths, AppStream drain mode & URL redirection by @​tas50 in mondoohq/mql#7105
• 🧹 Update Azure armdatafactory SDK v9 → v10 by @​tas50 in mondoohq/mql#7106
• ⭐ Add Azure security resources for CIS/SOC 2/PCI audit coverage by @​tas50 in mondoohq/mql#7107
• Fix incomplete enum value comments in AWS .lr definitions by @​tas50 in mondoohq/mql#7108
• ⭐ Add Azure Container Registry resources for security auditing by @​tas50 in mondoohq/mql#7109
• ⭐ Add Amazon Keyspaces (Managed Cassandra) resources by @​tas50 in mondoohq/mql#7110
• ⭐ Add Log Analytics Workspace and Recovery Services Vault resources by @​tas50 in mondoohq/mql#7111
• ⭐ Enhance VPC coverage with new fields, resources, and sub-resources by @​tas50 in mondoohq/mql#7112
• Lazy-load DynamoDB, ECS, EKS details and parallelize S3 listing by @​tas50 in mondoohq/mql#7114
• Add SSM, CloudWatch Logs, and VPC PrivateLink resources by @​tas50 in mondoohq/mql#7113
• Bump actions/setup-go from 6.3.0 to 6.4.0 by @​dependabot[bot] in mondoohq/mql#7115
• Bump github/codeql-action from 4.32.6 to 4.35.1 by @​dependabot[bot] in mondoohq/mql#7116
• ⭐ Add Azure Functions, Service Bus, Event Hubs, DNS, and Front Door/CDN resources by @​tas50 in mondoohq/mql#7117
• ⭐ Add GCP Security Command Center and VPC Service Controls resources by @​tas50 in mondoohq/mql#7118
• Add AWS App Mesh, Identity Center, RAM, Step Functions, and Transfer Family resources by @​tas50 in mondoohq/mql#7119
• Register technology=directory-service in asset URL schema by @​syrull in mondoohq/mql#7123

Full Changelog: mondoohq/mql@v13.3.3...v13.3.4

v13.3.3

What's Changed

• 🎉 ansible-13.0.4, arista-13.1.6, atlassian-13.0.4, aws-13.6.2, azure-13.3.2, cloudflare-13.0.4, cloudformation-13.0.4, depsdev-13.0.5, equinix-13.0.4, gcp-13.3.2, github-13.0.5, gitlab-13.0.5, google-workspace-13.0.5, grafana-13.0.1, ipinfo-13.0.4, ipmi-13.0.4, mondoo-13.0.4, ms365-13.0.4, network-13.0.4, nmap-13.0.4, oci-13.0.4, okta-13.1.3, opcua-13.0.4, os-13.6.2, shodan-13.0.4, slack-13.0.4, snowflake-13.0.4, tailscale-13.0.4, terraform-13.0.4, vcd-13.0.4, vsphere-13.0.4 by @​github-actions[bot] in mondoohq/mql#7092
• ✨ Publish provider schema.json to release bucket by @​chris-rock in mondoohq/mql#7093
• 🧹 Add grafana provider to defaults and README by @​tas50 in mondoohq/mql#7094
• Add machine.secureboot resource for Linux Secure Boot status by @​tas50 in mondoohq/mql#7088
• 🎉 os-13.7.0 by @​tas50 in mondoohq/mql#7095
• ✨ Add user.loggedIn field to os provider by @​tas50 in mondoohq/mql#7096
• 🐛 Fix OOM crash: select only needed fields in Get-NetFirewallRule by @​vjeffrey in mondoohq/mql#7098
• ⭐ Add systemd.timer and systemd.socket resources by @​tas50 in mondoohq/mql#7097
• ⚡ Stream-decode Windows firewall rules to reduce memory by @​vjeffrey in mondoohq/mql#7099
• 🐛 Fix 21 incorrect GCP IAM permissions in auto-generated manifest by @​vjeffrey in mondoohq/mql#7080
• ⭐ Add filesystem fallback for systemd timer and socket resources by @​tas50 in mondoohq/mql#7100
• 🎉 os-13.8.0 by @​tas50 in mondoohq/mql#7101
• 🐛 Fix remaining GCP permissions and add validation test by @​vjeffrey in mondoohq/mql#7102

Full Changelog: mondoohq/mql@v13.3.2...v13.3.3

v13.3.2

What's Changed

• feat(grafana): add Grafana provider with org-scoped API resources by @​syrull in mondoohq/mql#7084
• 🧹 generate correct copyright for lr files by @​imilchev in mondoohq/mql#7090
• 🐛 handle asset explorer discovery targets properly by @​imilchev in mondoohq/mql#7089
• 🎉 k8s-13.0.7 by @​imilchev in mondoohq/mql#7091

... (truncated)

Commits

• a552add Register technology=directory-service in asset URL schema (#7123)
• da2d717 Add AWS App Mesh, Identity Center, RAM, Step Functions, and Transfer Family r...
• 5435589 ⭐ Add GCP Security Command Center and VPC Service Controls resources (#7118)
• 21f6518 ⭐ Add Azure Functions, Service Bus, Event Hubs, DNS, and Front Door/CDN resou...
• 0e3d80e Bump github/codeql-action from 4.32.6 to 4.35.1 (#7116)
• 69ca2a0 Bump actions/setup-go from 6.3.0 to 6.4.0 (#7115)
• e3df3ff Add SSM, CloudWatch Logs, and VPC PrivateLink resources (#7113)
• 5cf7e2e Lazy-load DynamoDB, ECS, EKS details and parallelize S3 listing (#7114)
• 8aa1d30 ⭐ Enhance VPC coverage with new fields, resources, and sub-resources (#7112)
• db012a9 ⭐ Add Log Analytics Workspace and Recovery Services Vault resources (#7111)
• Additional commits viewable in compare view

Updates github.com/google/go-containerregistry from 0.21.3 to 0.21.4

Release notes

Sourced from github.com/google/go-containerregistry's releases.

v0.21.4

What's Changed

• go.mod: do not make a viral minimum go version by @​howardjohn in google/go-containerregistry#2237
• Avoid pruning absolute links from extracted and flattened images by @​Subserial in google/go-containerregistry#2241
• Bump the go-deps group across 3 directories with 5 updates by @​dependabot[bot] in google/go-containerregistry#2245
• fix: update to go1.25.8, and use separate .go-version file by @​thaJeztah in google/go-containerregistry#2246
• Bump CI go version to 1.26.1 by @​Subserial in google/go-containerregistry#2242
• Bump codecov/codecov-action from 5.5.2 to 5.5.3 in the actions group by @​dependabot[bot] in google/go-containerregistry#2240
• fork distribution client v3 auth-challenge as an internal package (squashed) by @​thaJeztah in google/go-containerregistry#2248
• transport: validate Bearer realm URL to prevent SSRF by @​evilgensec in google/go-containerregistry#2243
• revert path traversal and symlink escape from #2227 by @​Subserial in google/go-containerregistry#2250
• Fix pkg/v1/google/auth tests for arm64 by @​Subserial in google/go-containerregistry#2085
• goreleaser: Update goreleaser config and GH action by @​Subserial in google/go-containerregistry#2253

New Contributors

• @​evilgensec made their first contribution in google/go-containerregistry#2243

Full Changelog: google/go-containerregistry@v0.21.3...v0.21.4

Commits

• e8813dd goreleaser: Update goreleaser config and GH action for releases (#2253)
• e90447d replace gcloud in binary calls in pkg/v1/google tests (#2085)
• 0d0368c revert path traversal and symlink escape changes (#2250)
• a2f47d4 transport: validate Bearer realm URL to prevent SSRF (#2243)
• 19a36cd fork distribution client v3 auth-challenge as an internal package (squashed) ...
• c612a9b Bump codecov/codecov-action from 5.5.2 to 5.5.3 in the actions group (#2240)
• 8f92f59 Bump CI go version to 1.26.1 (#2242)
• c99e7cf fix: update to go1.25.8, and use separate .go-version file (#2246)
• 0794660 Bump the go-deps group across 3 directories with 5 updates (#2245)
• 4cb93ae Undo pruning absolute links from extracted and flattened images (#2241)
• Additional commits viewable in compare view

Most Recent Ignore Conditions Applied to This Pull Request

Dependency Name	Ignore Conditions
github.com/google/go-containerregistry	[>= 0.15.a, < 0.16]

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[github-actions]

Test Results

0 files   -  2  0 suites   - 2   0s ⏱️ - 4m 56s
0 tests  -  8  0 ✅  -  6  0 💤  - 1  0 ❌  - 1 
0 runs   - 16  0 ✅  - 12  0 💤  - 2  0 ❌  - 2 

Results for commit a3072a0. ± Comparison against base commit 6e4f782.