build(deps): bump the go-dev-dependencies group with 21 updates

[dependabot]

Bumps the go-dev-dependencies group with 21 updates:

Package	From	To
github.com/samber/lo	1.52.0	1.53.0
github.com/go-openapi/jsonpointer	0.22.4	0.22.5
github.com/go-openapi/jsonreference	0.21.4	0.21.5
github.com/go-openapi/spec	0.22.3	0.22.4
github.com/go-openapi/swag/conv	0.25.4	0.25.5
github.com/go-openapi/swag/jsonname	0.25.4	0.25.5
github.com/go-openapi/swag/jsonutils	0.25.4	0.25.5
github.com/go-openapi/swag/loading	0.25.4	0.25.5
github.com/go-openapi/swag/stringutils	0.25.4	0.25.5
github.com/go-openapi/swag/typeutils	0.25.4	0.25.5
github.com/go-openapi/swag/yamlutils	0.25.4	0.25.5
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp	0.65.0	0.67.0
go.opentelemetry.io/otel	1.40.0	1.42.0
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp	1.40.0	1.42.0
go.opentelemetry.io/otel/metric	1.40.0	1.42.0
go.opentelemetry.io/otel/trace	1.40.0	1.42.0
go.yaml.in/yaml/v2	2.4.3	2.4.4
golang.org/x/arch	0.24.0	0.25.0
golang.org/x/sync	0.19.0	0.20.0
golang.org/x/sys	0.41.0	0.42.0
golang.org/x/time	0.14.0	0.15.0

Updates github.com/samber/lo from 1.52.0 to 1.53.0

Release notes

Sourced from github.com/samber/lo's releases.

v1.53.0

Announcing the latest release of lo with lots of good gifts! 🎁

🌊 First, a big thanks to @​d-enk for making lots of performance improvements in the recent weeks.

🧪 Second, this release introduces a new simd experimental package. If you run on an amd64 architecture and a recent CPU, you can perform very fast operations thanks to SIMD CPU instructions. -> Documentation: https://lo.samber.dev/docs/experimental/simd

💥 Third, this version adds *Err variants of many lo helpers (like MapErr, FlatMapErr, ReduceErr, etc.) whose callbacks can return an error and short-circuit execution when one occurs.

[!NOTE] The simd sub-package is considered not stable. We might break the initial API based on developers' feedback in the coming months.

---

Features & improvements

• feat: adding SIMD helpers by @​samber in samber/lo#801
• feat: adding Error variants: MapErr, FlatMapErr, ReduceErr... by @​samber in samber/lo#823
• feat: support for buffer iterator by @​mimol91 in samber/lo#824
• feat: add Take, TakeWhile, FilterTake, Window, and Sliding functions by @​juliazadorozhnaya in samber/lo#760
• feat: add a Concat slice function. by @​FGasper in samber/lo#714
• feat: add iterator slice helpers by @​juliazadorozhnaya in samber/lo#791
• feat(it): adding loit.Concat by @​samber in samber/lo#722
• feat: Allow Union/Intersect to take many lists by @​frankywahl in samber/lo#181
• feat: Add Clone function to return shallow copy of slice collections by @​quexer in samber/lo#732
• feat: IntersectBy by @​ghosx in samber/lo#653
• feat: Support Custom Assert by @​RelicOfTesla in samber/lo#755
• feat: Must support Custom error handler. by @​RelicOfTesla in samber/lo#752
• feat: WithoutNth handle non-comparable types by @​urisimchoni in samber/lo#774
• refactor: remove unnecessary type arguments in NewThrottle by @​d-enk in samber/lo#773
• refactor: lo.IntersectBy + adding loit.IntersectBy + adding doc by @​samber in samber/lo#739
• fix: rename IsSortedByKey to IsSortedBy by @​NathanBaulch in samber/lo#735
• fix(iter/tuples): support break iteration over Zip[By] seq by @​d-enk in samber/lo#757
• fix(it.Mode): align behavior with lo.Mode and ensure consistent slice… by @​intojhanurag in samber/lo#711
• fix: improve Clone function to preserve nilness and avoid liveness issues by @​quexer in samber/lo#740
• fix: reset n counter per iteration in it.Replace by @​LikimiaD in samber/lo#799
• fix: make Ellipsis operate on runes instead of bytes to prevent Unicode truncation by @​veeceey in samber/lo#796
• fix: correct DropByIndex handling of negative indices out of bounds by @​d-enk in samber/lo#778

Deprecation

• refactor: remove helpers deprecated for more than 3y by @​samber in samber/lo#810

Performance improvements

• feat: Optimize UniqMap to reduce unnecessary slice preallocation by @​ivolkoff in samber/lo#710
• refactor(it): simplify DropLast, TrimSuffix, TrimPrefix and use range loops by @​d-enk in samber/lo#782
• bench: fix iterators to actually iterate in benchmarks by @​d-enk in samber/lo#781
• refactor: simplify slice cut/trim prefix/suffix functions by @​d-enk in samber/lo#787
• perf: optimize Sliding by pre-allocating result capacity by @​d-enk in samber/lo#783

... (truncated)

Commits

• cf6fb4f bump v1.53.0
• 56ef3be feat: support for buffer iterator (#824)
• 6a9f881 💄
• 7f0c2e0 feat: adding UnzipByErrX helpers
• af46a13 feat: adding RejectErr helpers
• 6f42e74 doc: improve examples
• ff0e293 feat: adding FilterErr helpers
• 4bb58fd feat: adding RepeatByErr helpers
• 72a33aa feat: adding FilterKeysErr + FilterValuesErr helpers
• dd1d58e feat: adding FindDuplicatesByErr helper
• Additional commits viewable in compare view

Updates github.com/go-openapi/jsonpointer from 0.22.4 to 0.22.5

Release notes

Sourced from github.com/go-openapi/jsonpointer's releases.

v0.22.5

0.22.5 - 2026-03-02

Full Changelog: go-openapi/jsonpointer@v0.22.4...v0.22.5

15 commits in this release.

---

Documentation

• doc: updated contributors file by @​bot-go-openapi[bot] in #97 ...
• doc: announced new discord channel by @​fredbi in #96 ...
• doc: updated contributors file by @​bot-go-openapi[bot] in #92 ...

Code quality

• chore: doc, test, lint update by @​fredbi in #105 ...

Miscellaneous tasks

• ci: upgraded bump-release workflow (new input format) by @​fredbi in #106 ...
• ci: updated workflows by @​fredbi in #95 ...
• chore: fixed missing license headers in new files by @​fredbi in #94 ...
• ci: removed duplicate workflow remaining after refactoring by @​fredbi in #93 ...

Updates

• chore(deps): bump github.com/go-openapi/testify/v2 from 2.3.0 to 2.4.0 in the go-openapi-dependencies group by @​dependabot[bot] in #104 ...
• chore(deps): bump github.com/go-openapi/testify/v2 from 2.2.0 to 2.3.0 in the go-openapi-dependencies group by @​dependabot[bot] in #102 ...
• chore(deps): bump the development-dependencies group with 7 updates by @​dependabot[bot] in #103 ...
• chore(deps): bump the development-dependencies group with 7 updates by @​dependabot[bot] in #101 ...
• chore(deps): bump github.com/go-openapi/testify/v2 from 2.1.8 to 2.2.0 in the go-openapi-dependencies group by @​dependabot[bot] in #100 ...
• chore(deps): bump github.com/go-openapi/testify/v2 from 2.0.2 to 2.1.8 in the go-openapi-dependencies group by @​dependabot[bot] in #98 ...
• chore(deps): bump the development-dependencies group with 7 updates by @​dependabot[bot] in #99 ...

---

People who contributed to this release

• @​bot-go-openapi[bot]
• @​fredbi

---

New Contributors

... (truncated)

Commits

• e232aaf ci: upgraded bump-release workflow (new input format) (#106)
• 9f448d5 chore: doc, test, lint update (#105)
• 565d4a2 chore(deps): bump github.com/go-openapi/testify/v2
• 869667c chore(deps): bump github.com/go-openapi/testify/v2
• 83371ca chore(deps): bump the development-dependencies group with 7 updates
• 7ad57ed chore(deps): bump the development-dependencies group with 7 updates
• 26e9371 chore(deps): bump github.com/go-openapi/testify/v2
• fb213a3 chore(deps): bump github.com/go-openapi/testify/v2
• e481e05 chore(deps): bump the development-dependencies group with 7 updates
• 62b2c8e doc: updated contributors file
• Additional commits viewable in compare view

Updates github.com/go-openapi/jsonreference from 0.21.4 to 0.21.5

Release notes

Sourced from github.com/go-openapi/jsonreference's releases.

v0.21.5

0.21.5 - 2026-03-02

Full Changelog: go-openapi/jsonreference@v0.21.4...v0.21.5

14 commits in this release.

---

Documentation

• doc: updated contributors file by @​bot-go-openapi[bot] in #71 ...
• doc: announced new discord channel by @​fredbi in #70 ...
• doc: added basic usage in readme and testable examples by @​fredbi in #69 ...
• doc: fixed copy-paste errors with jsonpointer by @​fredbi in #67 ...

Code quality

• chore: doc, lint, tests by @​fredbi in #79 ...

Testing

• test: added fuzz test for reference parser by @​fredbi in #68 ...

Miscellaneous tasks

• ci: remove duplicate release worflow by @​fredbi in #66 ...

Updates

• build(deps): bump the development-dependencies group with 7 updates by @​dependabot[bot] in #78 ...
• build(deps): bump the development-dependencies group with 7 updates by @​dependabot[bot] in #76 ...
• build(deps): bump github.com/go-openapi/testify/v2 from 2.1.8 to 2.2.0 in the go-openapi-dependencies group by @​dependabot[bot] in #75 ...
• build(deps): bump github.com/go-openapi/testify/v2 from 2.1.1 to 2.1.8 in the go-openapi-dependencies group by @​dependabot[bot] in #74 ...
• build(deps): bump the development-dependencies group with 7 updates by @​dependabot[bot] in #73 ...
• build(deps): bump github.com/go-openapi/testify/v2 from 2.0.2 to 2.1.1 in the go-openapi-dependencies group by @​dependabot[bot] in #72 ...
• build(deps): bump the development-dependencies group with 7 updates by @​dependabot[bot] in #65 ...

---

People who contributed to this release

• @​fredbi

---

... (truncated)

Commits

• 8b85573 chore: doc, lint, tests (#79)
• f9fd8bd build(deps): bump the development-dependencies group with 7 updates
• 76deb10 build(deps): bump the development-dependencies group with 7 updates
• 7b4cec2 build(deps): bump github.com/go-openapi/testify/v2
• fecb9ac build(deps): bump github.com/go-openapi/testify/v2
• 8f205c3 build(deps): bump the development-dependencies group with 7 updates
• 9d5c22a build(deps): bump github.com/go-openapi/testify/v2
• 2d9cd9b doc: updated contributors file
• 4b5d805 doc: announced new discord channel
• a738066 doc: added basic usage in readme and testable examples
• Additional commits viewable in compare view

Updates github.com/go-openapi/spec from 0.22.3 to 0.22.4

Release notes

Sourced from github.com/go-openapi/spec's releases.

v0.22.4

0.22.4 - 2026-03-03

Full Changelog: go-openapi/spec@v0.22.3...v0.22.4

9 commits in this release.

---

Documentation

• doc: updated contributors file by @​bot-go-openapi[bot] in #247 ...

Code quality

• chore: doc, tests, lint by @​fredbi in #255 ...

Updates

• build(deps): bump github.com/go-openapi/testify/v2 from 2.3.0 to 2.4.0 in the go-openapi-dependencies group by @​dependabot[bot] in #254 ...
• build(deps): bump the development-dependencies group with 7 updates by @​dependabot[bot] in #253 ...
• build(deps): bump github.com/go-openapi/testify/v2 from 2.2.0 to 2.3.0 in the go-openapi-dependencies group by @​dependabot[bot] in #252 ...
• build(deps): bump github.com/go-openapi/testify/v2 from 2.1.8 to 2.2.0 in the go-openapi-dependencies group by @​dependabot[bot] in #250 ...
• build(deps): bump the development-dependencies group with 7 updates by @​dependabot[bot] in #251 ...
• build(deps): bump github.com/go-openapi/testify/v2 from 2.0.2 to 2.1.8 in the go-openapi-dependencies group by @​dependabot[bot] in #248 ...
• build(deps): bump the development-dependencies group with 7 updates by @​dependabot[bot] in #249 ...

---

People who contributed to this release

• @​fredbi

---

spec license terms

Commits

• d6177ef chore: doc, tests, lint (#255)
• 0c2d5d4 build(deps): bump github.com/go-openapi/testify/v2
• 7ca5d97 build(deps): bump the development-dependencies group with 7 updates
• 71eebab build(deps): bump github.com/go-openapi/testify/v2
• d708159 build(deps): bump github.com/go-openapi/testify/v2
• d181245 build(deps): bump the development-dependencies group with 7 updates
• 02c28f2 build(deps): bump github.com/go-openapi/testify/v2
• 22037ac build(deps): bump the development-dependencies group with 7 updates
• 5fc39a0 doc: updated contributors file
• See full diff in compare view

Updates github.com/go-openapi/swag/conv from 0.25.4 to 0.25.5

Release notes

Sourced from github.com/go-openapi/swag/conv's releases.

v0.25.5

0.25.5 - 2026-03-02

Full Changelog: go-openapi/swag@v0.25.4...v0.25.5

16 commits in this release.

---

Documentation

• doc: updated contributors file by @​bot-go-openapi[bot] in #177 ...

Code quality

• Doc/discord invite by @​fredbi in #180 ...

Testing

• test: upgraded tests to use generics by @​fredbi in #176 ...
• test: upgraded to go-openapi/testify@v2.3.0 by @​fredbi in #175 ...

Miscellaneous tasks

• chore: prepare release v0.25.5 by @​bot-go-openapi[bot] in #181 ...
• ci: updated ci workflows by @​fredbi in #179 ...
• ci: upgraded shared workflows (fixed secret propagation, fuzz matrix) by @​fredbi in #174 ...
• ci: upgraded shared workflows (fixes mono-repo releases) by @​fredbi in #173 ...

Updates

• build(deps): bump the go-openapi-dependencies group across 15 directories with 2 updates by @​dependabot[bot] in #178 ...
• build(deps): bump the development-dependencies group across 2 directories with 1 update by @​dependabot[bot] in #172 ...
• build(deps): bump the development-dependencies group across 2 directories with 1 update by @​dependabot[bot] in #170 ...
• build(deps): bump the development-dependencies group across 2 directories with 1 update by @​dependabot[bot] in #168 ...
• build(deps): bump the development-dependencies group across 2 directories with 2 updates by @​dependabot[bot] in #167 ...
• build(deps): bump the development-dependencies group across 2 directories with 1 update by @​dependabot[bot] in #166 ...
• build(deps): bump the development-dependencies group across 2 directories with 2 updates by @​dependabot[bot] in #165 ...
• build(deps): bump the development-dependencies group across 2 directories with 1 update by @​dependabot[bot] in #164 ...

---

People who contributed to this release

• @​fredbi

---

... (truncated)

Commits

• 86905cc chore: prepare release v0.25.5
• 345f85b doc: updated docs, links (#180)
• 01b074b ci: updated ci workflows (#179)
• 607decd build(deps): bump the go-openapi-dependencies group across 15 directories wit...
• 4924f95 doc: updated contributors file
• 281942d test: upgraded tests to use generics (#176)
• b9f9e45 test: upgraded to go-openapi/testify@v2.3.0 (#175)
• b7e96e1 ci: upgraded shared workflows (fixed secret propagation, fuzz matrix) (#174)
• 236d975 ci: upgraded shared workflows (fixes mono-repo releases) (#173)
• fd4d373 build(deps): bump the development-dependencies group across 2 directories wit...
• Additional commits viewable in compare view

Updates github.com/go-openapi/swag/jsonname from 0.25.4 to 0.25.5

Release notes

Sourced from github.com/go-openapi/swag/jsonname's releases.

v0.25.5

0.25.5 - 2026-03-02

Full Changelog: go-openapi/swag@v0.25.4...v0.25.5

16 commits in this release.

---

Documentation

• doc: updated contributors file by @​bot-go-openapi[bot] in #177 ...

Code quality

• Doc/discord invite by @​fredbi in #180 ...

Testing

• test: upgraded tests to use generics by @​fredbi in #176 ...
• test: upgraded to go-openapi/testify@v2.3.0 by @​fredbi in #175 ...

Miscellaneous tasks

• chore: prepare release v0.25.5 by @​bot-go-openapi[bot] in #181 ...
• ci: updated ci workflows by @​fredbi in #179 ...
• ci: upgraded shared workflows (fixed secret propagation, fuzz matrix) by @​fredbi in #174 ...
• ci: upgraded shared workflows (fixes mono-repo releases) by @​fredbi in #173 ...

Updates

• build(deps): bump the go-openapi-dependencies group across 15 directories with 2 updates by @​dependabot[bot] in #178 ...
• build(deps): bump the development-dependencies group across 2 directories with 1 update by @​dependabot[bot] in #172 ...
• build(deps): bump the development-dependencies group across 2 directories with 1 update by @​dependabot[bot] in #170 ...
• build(deps): bump the development-dependencies group across 2 directories with 1 update by @​dependabot[bot] in #168 ...
• build(deps): bump the development-dependencies group across 2 directories with 2 updates by @​dependabot[bot] in #167 ...
• build(deps): bump the development-dependencies group across 2 directories with 1 update by @​dependabot[bot] in #166 ...
• build(deps): bump the development-dependencies group across 2 directories with 2 updates by @​dependabot[bot] in #165 ...
• build(deps): bump the development-dependencies group across 2 directories with 1 update by @​dependabot[bot] in #164 ...

---

People who contributed to this release

• @​fredbi

---

... (truncated)

Commits

• 86905cc chore: prepare release v0.25.5
• 345f85b doc: updated docs, links (#180)
• 01b074b ci: updated ci workflows (#179)
• 607decd build(deps): bump the go-openapi-dependencies group across 15 directories wit...
• 4924f95 doc: updated contributors file
• 281942d test: upgraded tests to use generics (#176)
• b9f9e45 test: upgraded to go-openapi/testify@v2.3.0 (#175)
• b7e96e1 ci: upgraded shared workflows (fixed secret propagation, fuzz matrix) (#174)
• 236d975 ci: upgraded shared workflows (fixes mono-repo releases) (#173)
• fd4d373 build(deps): bump the development-dependencies group across 2 directories wit...
• Additional commits viewable in compare view

Updates github.com/go-openapi/swag/jsonutils from 0.25.4 to 0.25.5

Release notes

Sourced from github.com/go-openapi/swag/jsonutils's releases.

v0.25.5

0.25.5 - 2026-03-02

Full Changelog: go-openapi/swag@v0.25.4...v0.25.5

16 commits in this release.

---

Documentation

• doc: updated contributors file by @​bot-go-openapi[bot] in #177 ...

Code quality

• Doc/discord invite by @​fredbi in #180 ...

Testing

• test: upgraded tests to use generics by @​fredbi in #176 ...
• test: upgraded to go-openapi/testify@v2.3.0 by @​fredbi in #175 ...

Miscellaneous tasks

• chore: prepare release v0.25.5 by @​bot-go-openapi[bot] in #181 ...
• ci: updated ci workflows by @​fredbi in #179 ...
• ci: upgraded shared workflows (fixed secret propagation, fuzz matrix) by @​fredbi in #174 ...
• ci: upgraded shared workflows (fixes mono-repo releases) by @​fredbi in #173 ...

Updates

• build(deps): bump the go-openapi-dependencies group across 15 directories with 2 updates by @​dependabot[bot] in #178 ...
• build(deps): bump the development-dependencies group across 2 directories with 1 update by @​dependabot[bot] in #172 ...
• build(deps): bump the development-dependencies group across 2 directories with 1 update by @​dependabot[bot] in #170 ...
• build(deps): bump the development-dependencies group across 2 directories with 1 update by @​dependabot[bot] in #168 ...
• build(deps): bump the development-dependencies group across 2 directories with 2 updates by @​dependabot[bot] in #167 ...
• build(deps): bump the development-dependencies group across 2 directories with 1 update by @​dependabot[bot] in #166 ...
• build(deps): bump the development-dependencies group across 2 directories with 2 updates by @​dependabot[bot] in #165 ...
• build(deps): bump the development-dependencies group across 2 directories with 1 update by @​dependabot[bot] in #164 ...

---

People who contributed to this release

• @​fredbi

---

... (truncated)

Commits

• 86905cc chore: prepare release v0.25.5
• 345f85b doc: updated docs, links (#180)
• 01b074b ci: updated ci workflows (#179)
• 607decd build(deps): bump the go-openapi-dependencies group across 15 directories wit...
• 4924f95 doc: updated contributors file
• 281942d test: upgraded tests to use generics (#176)
• b9f9e45 test: upgraded to go-openapi/testify@v2.3.0 (#175)
• b7e96e1 ci: upgraded shared workflows (fixed secret propagation, fuzz matrix) (#174)
• 236d975 ci: upgraded shared workflows (fixes mono-repo releases) (#173)
• fd4d373 build(deps): bump the development-dependencies group across 2 directories wit...
• Additional commits viewable in compare view

Updates github.com/go-openapi/swag/loading from 0.25.4 to 0.25.5

Release notes

Sourced from github.com/go-openapi/swag/loading's releases.

v0.25.5

0.25.5 - 2026-03-02

Full Changelog: go-openapi/swag@v0.25.4...v0.25.5

16 commits in this release.

---

Documentation

• doc: updated contributors file by @​bot-go-openapi[bot] in #177 ...

Code quality

• Doc/discord invite by @​fredbi in #180 ...

Testing

• test: upgraded tests to use generics by @​fredbi in #176 ...
• test: upgraded to go-openapi/testify@v2.3.0 by @​fredbi in #175 ...

Miscellaneous tasks

• chore: prepare release v0.25.5 by @​bot-go-openapi[bot] in #181 ...
• ci: updated ci workflows by @​fredbi in #179 ...
• ci: upgraded shared workflows (fixed secret propagation, fuzz matrix) by @​fredbi in #174 ...
• ci: upgraded shared workflows (fixes mono-repo releases) by @​fredbi in #173 ...

Updates

• build(deps): bump the go-openapi-dependencies group across 15 directories with 2 updates by @​dependabot[bot] in #178 ...
• build(deps): bump the development-dependencies group across 2 directories with 1 update by @​dependabot[bot] in #172 ...
• build(deps): bump the development-dependencies group across 2 directories with 1 update by @​dependabot[bot] in #170 ...
• build(deps): bump the development-dependencies group across 2 directories with 1 update by @​dependabot[bot] in #168 ...
• build(deps): bump the development-dependencies group across 2 directories with 2 updates by @​dependabot[bot] in #167 ...
• build(deps): bump the development-dependencies group across 2 directories with 1 ...

  Description has been truncated

[github-actions]

Dependency Review

The following issues were found:

• ✅ 0 vulnerable package(s)
• ✅ 0 package(s) with incompatible licenses
• ✅ 0 package(s) with invalid SPDX license definitions
• ⚠️ 7 package(s) with unknown licenses.

See the Details below.

Snapshot Warnings

⚠️: No snapshots were found for the head SHA 9db88e5.

Ensure that dependencies are being submitted on PR branches and consider enabling retry-on-snapshot-warnings. See the documentation for more information and troubleshooting advice.

License Issues

go.mod

Package	Version	License	Issue Type
github.com/go-openapi/jsonpointer	0.22.5	Null	Unknown License
github.com/go-openapi/spec	0.22.4	Null	Unknown License
github.com/samber/lo	1.53.0	Null	Unknown License
golang.org/x/arch	0.25.0	Null	Unknown License
golang.org/x/sync	0.20.0	Null	Unknown License
golang.org/x/sys	0.42.0	Null	Unknown License
golang.org/x/time	0.15.0	Null	Unknown License

Allowed Licenses:

0BSD, AGPL-3.0-or-later, Apache-2.0, BlueOak-1.0.0, BSD-2-Clause, BSD-3-Clause-Clear, BSD-3-Clause, BSL-1.0, bzip2-1.0.6, CAL-1.0, CC-BY-3.0, CC-BY-4.0, CC-BY-SA-4.0, CC0-1.0, EPL-2.0, GPL-1.0-or-later, GPL-2.0-only, GPL-2.0-or-later, GPL-2.0, GPL-3.0-only, GPL-3.0-or-later, GPL-3.0, ISC, LGPL-2.0-only, LGPL-2.0-or-later, LGPL-2.1-only, LGPL-2.1-or-later, LGPL-2.1, LGPL-3.0-only, LGPL-3.0, LGPL-3.0-or-later, MIT, MIT-CMU, MPL-1.1, MPL-2.0, OFL-1.1, PSF-2.0, Python-2.0, Python-2.0.1, Unicode-3.0, Unicode-DFS-2016, Unlicense, Zlib, ZPL-2.1

OpenSSF Scorecard

Scorecard details

Package	Version	Score	Details
gomod/github.com/go-openapi/jsonpointer	0.22.5	Unknown	Unknown
gomod/github.com/go-openapi/jsonreference	0.21.5	🟢 8.2	Details Check Score Reason Code-Review ⚠️ 0 Found 0/14 approved changesets -- score normalized to 0 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Maintained 🟢 10 16 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10 Binary-Artifacts 🟢 10 no binaries found in the repo Packaging ⚠️ -1 packaging workflow not detected Pinned-Dependencies 🟢 10 all dependencies are pinned Security-Policy 🟢 10 security policy file detected Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Fuzzing 🟢 10 project is fuzzed Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md SAST 🟢 6 SAST tool is not run on all commits -- score normalized to 6
gomod/github.com/go-openapi/spec	0.22.4	Unknown	Unknown
gomod/github.com/go-openapi/swag/conv	0.25.5	🟢 8.3	Details Check Score Reason Maintained 🟢 10 17 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10 Code-Review ⚠️ 1 Found 2/14 approved changesets -- score normalized to 1 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Security-Policy 🟢 10 security policy file detected Packaging ⚠️ -1 packaging workflow not detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Pinned-Dependencies 🟢 10 all dependencies are pinned Fuzzing 🟢 10 project is fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md SAST 🟢 6 SAST tool is not run on all commits -- score normalized to 6
gomod/github.com/go-openapi/swag/jsonname	0.25.5	🟢 8.3	Details Check Score Reason Maintained 🟢 10 17 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10 Code-Review ⚠️ 1 Found 2/14 approved changesets -- score normalized to 1 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Security-Policy 🟢 10 security policy file detected Packaging ⚠️ -1 packaging workflow not detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Pinned-Dependencies 🟢 10 all dependencies are pinned Fuzzing 🟢 10 project is fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md SAST 🟢 6 SAST tool is not run on all commits -- score normalized to 6
gomod/github.com/go-openapi/swag/jsonutils	0.25.5	🟢 8.3	Details Check Score Reason Maintained 🟢 10 17 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10 Code-Review ⚠️ 1 Found 2/14 approved changesets -- score normalized to 1 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Security-Policy 🟢 10 security policy file detected Packaging ⚠️ -1 packaging workflow not detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Pinned-Dependencies 🟢 10 all dependencies are pinned Fuzzing 🟢 10 project is fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md SAST 🟢 6 SAST tool is not run on all commits -- score normalized to 6
gomod/github.com/go-openapi/swag/loading	0.25.5	🟢 8.3	Details Check Score Reason Maintained 🟢 10 17 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10 Code-Review ⚠️ 1 Found 2/14 approved changesets -- score normalized to 1 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Security-Policy 🟢 10 security policy file detected Packaging ⚠️ -1 packaging workflow not detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Pinned-Dependencies 🟢 10 all dependencies are pinned Fuzzing 🟢 10 project is fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md SAST 🟢 6 SAST tool is not run on all commits -- score normalized to 6
gomod/github.com/go-openapi/swag/stringutils	0.25.5	🟢 8.3	Details Check Score Reason Maintained 🟢 10 17 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10 Code-Review ⚠️ 1 Found 2/14 approved changesets -- score normalized to 1 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Security-Policy 🟢 10 security policy file detected Packaging ⚠️ -1 packaging workflow not detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Pinned-Dependencies 🟢 10 all dependencies are pinned Fuzzing 🟢 10 project is fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md SAST 🟢 6 SAST tool is not run on all commits -- score normalized to 6
gomod/github.com/go-openapi/swag/typeutils	0.25.5	🟢 8.3	Details Check Score Reason Maintained 🟢 10 17 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10 Code-Review ⚠️ 1 Found 2/14 approved changesets -- score normalized to 1 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Security-Policy 🟢 10 security policy file detected Packaging ⚠️ -1 packaging workflow not detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Pinned-Dependencies 🟢 10 all dependencies are pinned Fuzzing 🟢 10 project is fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md SAST 🟢 6 SAST tool is not run on all commits -- score normalized to 6
gomod/github.com/go-openapi/swag/yamlutils	0.25.5	🟢 8.3	Details Check Score Reason Maintained 🟢 10 17 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10 Code-Review ⚠️ 1 Found 2/14 approved changesets -- score normalized to 1 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Security-Policy 🟢 10 security policy file detected Packaging ⚠️ -1 packaging workflow not detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Pinned-Dependencies 🟢 10 all dependencies are pinned Fuzzing 🟢 10 project is fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md SAST 🟢 6 SAST tool is not run on all commits -- score normalized to 6
gomod/github.com/samber/lo	1.53.0	Unknown	Unknown
gomod/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp	0.67.0	🟢 8.8	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 17 issue activity found in the last 90 days -- score normalized to 10 Dependency-Update-Tool 🟢 10 update tool detected Code-Review 🟢 10 all changesets reviewed Packaging ⚠️ -1 packaging workflow not detected Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Binary-Artifacts 🟢 10 no binaries found in the repo Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected License 🟢 10 license file detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected SAST 🟢 9 SAST tool detected but not run on all commits Fuzzing 🟢 10 project is fuzzed Signed-Releases 🟢 8 5 out of the last 5 releases have a total of 5 signed artifacts. Branch-Protection 🟢 4 branch protection is not maximal on development and all release branches Security-Policy 🟢 10 security policy file detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Pinned-Dependencies 🟢 4 dependency not pinned by hash detected -- score normalized to 4 CI-Tests 🟢 10 30 out of 30 merged PRs checked by a CI test -- score normalized to 10 Contributors 🟢 10 project has 42 contributing companies or organizations
gomod/go.opentelemetry.io/otel	1.42.0	🟢 9.3	Details Check Score Reason Dependency-Update-Tool 🟢 10 update tool detected Code-Review 🟢 10 all changesets reviewed Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Maintained 🟢 10 30 commit(s) and 19 issue activity found in the last 90 days -- score normalized to 10 Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Packaging ⚠️ -1 packaging workflow not detected Binary-Artifacts 🟢 10 no binaries found in the repo CII-Best-Practices 🟢 5 badge detected: Passing Pinned-Dependencies 🟢 10 all dependencies are pinned License 🟢 10 license file detected Fuzzing 🟢 10 project is fuzzed Vulnerabilities 🟢 10 0 existing vulnerabilities detected SAST 🟢 10 SAST tool is run on all commits Branch-Protection 🟢 5 branch protection is not maximal on development and all release branches Signed-Releases 🟢 8 5 out of the last 5 releases have a total of 5 signed artifacts. Security-Policy 🟢 10 security policy file detected CI-Tests 🟢 10 30 out of 30 merged PRs checked by a CI test -- score normalized to 10 Contributors 🟢 10 project has 38 contributing companies or organizations
gomod/go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp	1.42.0	🟢 9.3	Details Check Score Reason Dependency-Update-Tool 🟢 10 update tool detected Code-Review 🟢 10 all changesets reviewed Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Maintained 🟢 10 30 commit(s) and 19 issue activity found in the last 90 days -- score normalized to 10 Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Packaging ⚠️ -1 packaging workflow not detected Binary-Artifacts 🟢 10 no binaries found in the repo CII-Best-Practices 🟢 5 badge detected: Passing Pinned-Dependencies 🟢 10 all dependencies are pinned License 🟢 10 license file detected Fuzzing 🟢 10 project is fuzzed Vulnerabilities 🟢 10 0 existing vulnerabilities detected SAST 🟢 10 SAST tool is run on all commits Branch-Protection 🟢 5 branch protection is not maximal on development and all release branches Signed-Releases 🟢 8 5 out of the last 5 releases have a total of 5 signed artifacts. Security-Policy 🟢 10 security policy file detected CI-Tests 🟢 10 30 out of 30 merged PRs checked by a CI test -- score normalized to 10 Contributors 🟢 10 project has 38 contributing companies or organizations
gomod/go.opentelemetry.io/otel/metric	1.42.0	🟢 9.3	Details Check Score Reason Dependency-Update-Tool 🟢 10 update tool detected Code-Review 🟢 10 all changesets reviewed Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Maintained 🟢 10 30 commit(s) and 19 issue activity found in the last 90 days -- score normalized to 10 Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Packaging ⚠️ -1 packaging workflow not detected Binary-Artifacts 🟢 10 no binaries found in the repo CII-Best-Practices 🟢 5 badge detected: Passing Pinned-Dependencies 🟢 10 all dependencies are pinned License 🟢 10 license file detected Fuzzing 🟢 10 project is fuzzed Vulnerabilities 🟢 10 0 existing vulnerabilities detected SAST 🟢 10 SAST tool is run on all commits Branch-Protection 🟢 5 branch protection is not maximal on development and all release branches Signed-Releases 🟢 8 5 out of the last 5 releases have a total of 5 signed artifacts. Security-Policy 🟢 10 security policy file detected CI-Tests 🟢 10 30 out of 30 merged PRs checked by a CI test -- score normalized to 10 Contributors 🟢 10 project has 38 contributing companies or organizations
gomod/go.opentelemetry.io/otel/trace	1.42.0	🟢 9.3	Details Check Score Reason Dependency-Update-Tool 🟢 10 update tool detected Code-Review 🟢 10 all changesets reviewed Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Maintained 🟢 10 30 commit(s) and 19 issue activity found in the last 90 days -- score normalized to 10 Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Packaging ⚠️ -1 packaging workflow not detected Binary-Artifacts 🟢 10 no binaries found in the repo CII-Best-Practices 🟢 5 badge detected: Passing Pinned-Dependencies 🟢 10 all dependencies are pinned License 🟢 10 license file detected Fuzzing 🟢 10 project is fuzzed Vulnerabilities 🟢 10 0 existing vulnerabilities detected SAST 🟢 10 SAST tool is run on all commits Branch-Protection 🟢 5 branch protection is not maximal on development and all release branches Signed-Releases 🟢 8 5 out of the last 5 releases have a total of 5 signed artifacts. Security-Policy 🟢 10 security policy file detected CI-Tests 🟢 10 30 out of 30 merged PRs checked by a CI test -- score normalized to 10 Contributors 🟢 10 project has 38 contributing companies or organizations
gomod/go.yaml.in/yaml/v2	2.4.4	Unknown	Unknown
gomod/golang.org/x/arch	0.25.0	Unknown	Unknown
gomod/golang.org/x/sync	0.20.0	Unknown	Unknown
gomod/golang.org/x/sys	0.42.0	Unknown	Unknown
gomod/golang.org/x/time	0.15.0	Unknown	Unknown

Scanned Files

• go.mod

[github-actions]

Conventional Commits Report

Type	Number
Bug Fixes	2

🚀 Conventional commits found.

[codecov]

Codecov Report

❌ Patch coverage is 36.36364% with 7 lines in your changes missing coverage. Please review.
✅ Project coverage is 57.23%. Comparing base (d3e4d88) to head (9db88e5).
⚠️ Report is 2 commits behind head on main.

Files with missing lines	Patch %	Lines
pkg/configReader/helper/createEnvFile.go	0.00%	7 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main     #296      +/-   ##
==========================================
- Coverage   57.29%   57.23%   -0.07%     
==========================================
  Files          70       70              
  Lines        3939     3945       +6     
==========================================
+ Hits         2257     2258       +1     
- Misses       1486     1491       +5     
  Partials      196      196              

Flag	Coverage Δ
opensearch-tests	95.68% <ø> (ø)
postgres-tests	92.03% <ø> (ø)
unit-tests	51.84% <36.36%> (-0.07%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.