chore(deps): bump the go-deps group with 7 updates

[dependabot]

Bumps the go-deps group with 7 updates:

Package	From	To
github.com/gin-contrib/gzip	1.2.3	1.2.4
github.com/prometheus/common	0.66.1	0.67.1
github.com/samber/lo	1.51.0	1.52.0
golang.org/x/crypto	0.42.0	0.43.0
golang.org/x/net	0.44.0	0.46.0
sigs.k8s.io/controller-runtime	0.22.1	0.22.3
sigs.k8s.io/gateway-api	1.3.0	1.4.0

Updates github.com/gin-contrib/gzip from 1.2.3 to 1.2.4

Release notes

Sourced from github.com/gin-contrib/gzip's releases.

v1.2.4

Changelog

Bug fixes

• 4c0c3531574e2911ba304a1a7de85f74d4683c73: fix(header): disable gzip compression for error responses (#120) (@​appleboy)

Enhancements

• 8f25d09bbd45f586128b6a2e1b05f465a8dfec44: chore: update Go version and refresh dependencies (@​appleboy)
• c41b389e172267603f0cf452981c8c43b335b584: chore: upgrade Go version and refresh dependencies (@​appleboy)

Build process updates

• ef1d76af69a69ac6674ed2353ddfafe5d3c9ff54: ci: integrate Trivy vulnerability scanning into CI workflow (@​appleboy)
• 5328e46719048209fa37113fc83b45c5da74ac7b: ci: update CI to test against Go 1.25 (@​appleboy)
• 05c6a0dc97ba02fa761283194212ddb07b8acc57: ci: drop Go 1.23 support from CI test matrix (@​appleboy)
• da07e65db2a5c1a679d6904ffacc5fc488562863: ci: modernize GitHub Actions and update workflow dependencies (@​appleboy)
• 218712ef248d02c654f31890f7df89bf2147548c: ci: upgrade Go action version in CI workflow (@​appleboy)

Commits

• 218712e ci: upgrade Go action version in CI workflow
• da07e65 ci: modernize GitHub Actions and update workflow dependencies
• 4c0c353 fix(header): disable gzip compression for error responses (#120)
• 05c6a0d ci: drop Go 1.23 support from CI test matrix
• c41b389 chore: upgrade Go version and refresh dependencies
• 8f25d09 chore: update Go version and refresh dependencies
• 5328e46 ci: update CI to test against Go 1.25
• ef1d76a ci: integrate Trivy vulnerability scanning into CI workflow
• See full diff in compare view

Updates github.com/prometheus/common from 0.66.1 to 0.67.1

Release notes

Sourced from github.com/prometheus/common's releases.

v0.67.1

What's Changed

• Fix Go case-insensitive file name collision by @​SuperQ in prometheus/common#853

Full Changelog: prometheus/common@v0.67.0...v0.67.1

v0.67.0 / 2025-10-07

What's Changed

• Create CHANGELOG.md for easier communication of library changes, especially possible breaking changes. by @​ywwg in prometheus/common#833
• model: New test for validation with dots by @​m1k1o in prometheus/common#759
• expfmt: document NewTextParser as required by @​burgerdev in prometheus/common#842
• expfmt: Add support for float histograms and gauge histograms by @​beorn7 in prometheus/common#843
• Updated minimum Go version to 1.24.0, updated Go dependecies by @​SuperQ in prometheus/common#849

New Contributors

• @​m1k1o made their first contribution in prometheus/common#759
• @​burgerdev made their first contribution in prometheus/common#842

Full Changelog: prometheus/common@v0.66.1...v0.67.0

Changelog

Sourced from github.com/prometheus/common's changelog.

v0.67.1 / 2025-10-07

What's Changed

• Remove VERSION file to avoid Go conflict error in prometheus/common#853

Full Changelog: prometheus/common@v0.67.0...v0.67.1

v0.67.0 / 2025-10-07

What's Changed

• Create CHANGELOG.md for easier communication of library changes, especially possible breaking changes. by @​ywwg in prometheus/common#833
• model: New test for validation with dots by @​m1k1o in prometheus/common#759
• expfmt: document NewTextParser as required by @​burgerdev in prometheus/common#842
• expfmt: Add support for float histograms and gauge histograms by @​beorn7 in prometheus/common#843
• Updated minimum Go version to 1.24.0, updated Go dependecies by @​SuperQ in prometheus/common#849

New Contributors

• @​m1k1o made their first contribution in prometheus/common#759
• @​burgerdev made their first contribution in prometheus/common#842

Full Changelog: prometheus/common@v0.66.1...v0.67.0

Commits

• c41fe14 Merge pull request #853 from prometheus/superq/version
• f5de376 Fix Go case-insensitive file name collision
• b63ce83 Merge pull request #848 from prometheus/beorn7/version
• 6035595 Cut v0.67.0
• 1a6ab58 Merge pull request #849 from prometheus/superq/go_1.25
• a277468 Update Go
• 3219621 Merge pull request #846 from prometheus/dependabot/go_modules/google.golang.o...
• 797fd97 build(deps): bump google.golang.org/protobuf from 1.36.8 to 1.36.9
• dd2fa0e Merge pull request #841 from prometheus/repo_sync
• c36260a Merge pull request #844 from prometheus/dependabot/go_modules/go.yaml.in/yaml...
• Additional commits viewable in compare view

Updates github.com/samber/lo from 1.51.0 to 1.52.0

Release notes

Sourced from github.com/samber/lo's releases.

v1.52.0

Thrilled to announce the latest release of samber/lo!

This version brings major improvements:

• A new it/ sub-package for everything related to the iter package added in Go 1.23. Big up to @​NathanBaulch for its help on this
• A new documentation -> lo.samber.dev
• Lots of micro fixes and performance improvements
• Better code quality with many more linters

✨ A good introduction to streams in Go !

What's Changed

• fix(chunk): Copy chunk in a new slice by @​samber in samber/lo#648
• fix(zipx): fix the max length calculation by @​samber in samber/lo#649
• fix(retry): fix potential race condition in debounce callback by @​samber in samber/lo#650
• feature: add Mode function with tests and documentation by @​ghosx in samber/lo#644
• add FilterKeys for map by @​rasha108bik in samber/lo#631
• feat: adding FilterValues and fix FilterKeys signature by @​samber in samber/lo#661 samber/lo#662
• fix: more consistent panic strings by @​NathanBaulch in samber/lo#678
• fix: minor example issues by @​NathanBaulch in samber/lo#676
• feat: preserve type alias in DropByIndex and WithoutBy by @​NathanBaulch in samber/lo#675
• feat: adding hassuffix + hasprefix by @​samber in samber/lo#680
• Added Cut, CutPrefix, CutSuffix by @​xelavopelk in samber/lo#666
• Add TrimXXX helpers by @​samber in samber/lo#683
• fix(string): fix division by zero by @​samber in samber/lo#684
• fix: avoid recover() if possible by @​NathanBaulch in samber/lo#685
• fix: panic when passing -1 to Drop by @​NathanBaulch in samber/lo#688
• perf: avoid Keyify twice in Trim by @​NathanBaulch in samber/lo#689
• feat: new iter package by @​NathanBaulch in samber/lo#672
• feat: from slice to map with index passed by @​mabrarov in samber/lo#697
• feat: from slice/iterator to map with index passed by @​mabrarov in samber/lo#698
• feat(generator): deprecate lo.Generator in favor of go "iter" package by @​samber in samber/lo#700
• perf: optimization of map access by @​mabrarov in samber/lo#692
• perf: optimize map access everywhere by @​NathanBaulch in samber/lo#693

Tests

• fix(tests): fix flaky time-based tests by @​samber in samber/lo#699

Style

• lint: unit test improvements by @​NathanBaulch in samber/lo#674
• lint: fix CI warnings and avoid named return parameters by @​NathanBaulch in samber/lo#682
• lint: enable 7 more linters by @​NathanBaulch in samber/lo#686
• lint: enable gofumpt extra rules by @​NathanBaulch in samber/lo#690
• Style/rename internal rand by @​samber in samber/lo#701
• lint: Apply testifylint linter recommendations by @​NathanBaulch in samber/lo#669
• Style add golangci config by @​samber in samber/lo#670
• chore: minor whitespace fixes by @​NathanBaulch in samber/lo#677

... (truncated)

Commits

• a25c42d bump v1.52.0
• 15ac624 docs: adding go playground examples to it/ package (#708)
• c7e9459 docs: lots of various doc improvements (#706)
• fa2d724 doc: add it/mutable/parallel sub-package to llms.txt (#707)
• aa3a48d fix(doc): add missing "contributing" entry in the menu
• 5def06d fix(doc): various hot fixes
• f9a57ef chore(deps-dev): bump typescript from 5.6.3 to 5.9.3 in /docs (#704)
• 8b8aa28 fix(doc): make "iter" package visible in doc sidebar
• 39e418f doc: adding a "contributing" page
• 1b3cb42 fix(doc): improve algolia search
• Additional commits viewable in compare view

Updates golang.org/x/crypto from 0.42.0 to 0.43.0

Commits

• 627cb89 go.mod: update golang.org/x dependencies
• dca4914 acme: fix autocert TestHTTPHandlerDefaultFallback
• 1336e21 x509roots/fallback: update bundle
• 2beaa59 ssh: add VerifiedPublicKeyCallback
• 66c3d8c ssh: add support for FIPS mode
• ddb4e80 ssh: remove custom contains, use slices.Contains
• f4d47b0 ssh: return clearer error when signature algorithm is used as key format
• 96dc232 x509roots/fallback/bundle: add bundle package to export root certs
• 8c9ba31 all: freeze and deprecate more packages
• 559e062 ssh/agent: return an error for unexpected message types
• See full diff in compare view

Updates golang.org/x/net from 0.44.0 to 0.46.0

Commits

• 2002a06 go.mod: update golang.org/x dependencies
• 59706cd html: impose open element stack size limit
• 6ec8895 html: align in row insertion mode with spec
• 5393563 http2: fix RFC 9218 write scheduler not being idempotent
• b2ab371 internal/httpsfv: implement parsing support for date and display string
• edb764c internal/httpsfv: add parsing functionality for types defined in RFC 8941
• fbba2c2 internal/httpsfv: add support for consuming Display String and Date type
• 47a241f http2: make the error channel pool per-Server
• 51f657b webdav/internal/xml: use the built-in min function
• f2e909b internal/httpsfv: implement parsing support for Dictionary and List type.
• Additional commits viewable in compare view

Updates sigs.k8s.io/controller-runtime from 0.22.1 to 0.22.3

Release notes

Sourced from sigs.k8s.io/controller-runtime's releases.

v0.22.3

What's Changed

• [release-0.22] 🐛 Allow SSA after normal resource creation by @​k8s-infra-cherrypick-robot in kubernetes-sigs/controller-runtime#3348

Full Changelog: kubernetes-sigs/controller-runtime@v0.22.2...v0.22.3

v0.22.2

What's Changed

• 🐛 Panic when trying to build more than one instance of fake.ClientBuilder by @​k8s-infra-cherrypick-robot in kubernetes-sigs/controller-runtime#3315
• 🌱 Bump to k8s.io/* v0.34.1 by @​k8s-infra-cherrypick-robot in kubernetes-sigs/controller-runtime#3317
• 🐛 Don't block on Get when queue is shutdown (2nd try) by @​k8s-infra-cherrypick-robot in kubernetes-sigs/controller-runtime#3338
• 🐛 Fix a bug where the priorityqueue would sometimes not return high-priority items first by @​k8s-infra-cherrypick-robot in kubernetes-sigs/controller-runtime#3340

Full Changelog: kubernetes-sigs/controller-runtime@v0.22.1...v0.22.2

Commits

• 3e8b259 [release-0.22] 🐛 Allow SSA after normal resource creation (#3348)
• 7fb34b5 [release-0.22] 🐛 Fix a bug where the priorityqueue would sometimes not return...
• 27d4b5e Merge pull request #3338 from k8s-infra-cherrypick-robot/cherry-pick-3337-to-...
• 6d368ce Rebase priorityqueue shutdown fix for release-0.22
• d04f428 Don't block on Get when queue is shutdown (2nd try)
• 7f146f7 Merge pull request #3317 from k8s-infra-cherrypick-robot/cherry-pick-3316-to-...
• f3b9e4f Bump to k8s.io/* v0.34.1
• 04c6a08 [release-0.22] 🐛Panic when trying to build more than one instance of fake.Cli...
• See full diff in compare view

Updates sigs.k8s.io/gateway-api from 1.3.0 to 1.4.0

Release notes

Sourced from sigs.k8s.io/gateway-api's releases.

v1.4.0

Warning: Regarding the Experimental CRDs - please note that the experimental CRDs for this release are too large for a standard kubectl apply. You may receive an error like metadata.annotations: Too long: may not be more than 262144 bytes. To work around this please use kubectl apply --server-side -f https://github.com/kubernetes-sigs/gateway-api/releases/download/v1.4.0/experimental-install.yaml. We're looking into ways to reduce the size for future releases to avoid this.

Major Changes since v1.3.0

Breaking Changes

Experimental CORS Support in HTTPRoute - Breaking Change for AllowCredentials Field

Users of the Experimental CORS AllowCredentials field can now specify false. The underlying API specification type has changed from a enum of type boolean to just a boolean, so users deploying HTTPRoutes via libraries and evaluating the experimental CORS support will need to adjust for the change in types. Please see #3895 for more details.

Standard GRPCRoute - Spec Field Required (Technicality)

This PR makes grpcroute.spec a required field. This is technically a backward-incompatible change, as previously the field was unintentionally treated as optional because we erroneously used omitempty on .spec (unlike other APIs). Since the codebase didn't yet enforce explicit required markers, that omitempty allowed a missing .spec.

Because .spec contains essential route configuration, omitting it renders a GRPCRoute unusable and causes route implementation to fail, so we expect this change will not have adverse effects, but wanted to call it out all the same. Please see #3937 for more details.

GEPs

New Features

In this release, the following major features are moving to the Standard channel and are now considered generally available:

• GEP-1897 BackendTLSPolicy - Configuration of TLS from the Gateway to Backends
• GEP-3164 SupportedFeatures - Status information about the features that an implementation supports.

In this release, we introduced the following new features are moving to the Experimental channel, for implementations to evaluate:

• GEP-3949 Mesh Resource - Mesh-wide configuration and supported features.
• GEP-3793 Default Gateways - Allowing Gateways to program some routes by default.
• GEP-1494 HTTP External Auth - Enabling External Auth for HTTPRoute.

... (truncated)

Commits

• 5e5891a docs: update nav for v1.4.0
• 99f3a0f docs: bump README.md for v1.4.0 release
• f52fdcf docs: bump main guide for v1.4.0 release
• 7518633 chore: run generators
• 5562f64 chore: update consts.go for v1.4.0
• b37953e conformance: make backend TLS tests IPv6-safe (#4121)
• 92bbdff v1.4.0-rc.2 (#4130)
• e01e10e Merge remote-tracking branch 'upstream/main' into release-1.4
• c7508f7 Update deadline extension policy (#4111)
• b77cb37 build(deps): bump sigs.k8s.io/controller-tools from 0.18.0 to 0.19.0 (#4129)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions