fix: update module github.com/spf13/viper to v1.19.0

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
github.com/spf13/viper	v1.18.2 -> v1.19.0

---

Release Notes

spf13/viper (github.com/spf13/viper)

v1.19.0

Compare Source

What's Changed

Bug Fixes 🐛

• fix!: hide struct binding behind a feature flag by @​sagikazarmark in https://github.com/spf13/viper/pull/1720

Dependency Updates ⬆️

• build(deps): bump github/codeql-action from 2.22.8 to 2.22.9 by @​dependabot in https://github.com/spf13/viper/pull/1705
• build(deps): bump actions/setup-go from 4.1.0 to 5.0.0 by @​dependabot in https://github.com/spf13/viper/pull/1703
• build(deps): bump github/codeql-action from 2.22.9 to 3.22.11 by @​dependabot in https://github.com/spf13/viper/pull/1713
• build(deps): bump github.com/pelletier/go-toml/v2 from 2.1.0 to 2.1.1 by @​dependabot in https://github.com/spf13/viper/pull/1711
• build(deps): bump golang.org/x/crypto from 0.16.0 to 0.17.0 by @​dependabot in https://github.com/spf13/viper/pull/1722
• build(deps): bump github/codeql-action from 3.22.11 to 3.23.0 by @​dependabot in https://github.com/spf13/viper/pull/1734
• build(deps): bump actions/dependency-review-action from 3.1.4 to 3.1.5 by @​dependabot in https://github.com/spf13/viper/pull/1731
• build(deps): bump mheap/github-action-required-labels from 5.1.0 to 5.2.0 by @​dependabot in https://github.com/spf13/viper/pull/1743
• build(deps): bump github/codeql-action from 3.23.0 to 3.23.2 by @​dependabot in https://github.com/spf13/viper/pull/1742
• build(deps): bump actions/dependency-review-action from 3.1.5 to 4.0.0 by @​dependabot in https://github.com/spf13/viper/pull/1739
• build(deps): bump cachix/install-nix-action from 24 to 25 by @​dependabot in https://github.com/spf13/viper/pull/1737
• build(deps): bump github/codeql-action from 3.23.2 to 3.24.0 by @​dependabot in https://github.com/spf13/viper/pull/1751
• build(deps): bump github/codeql-action from 3.24.0 to 3.24.1 by @​dependabot in https://github.com/spf13/viper/pull/1760
• build(deps): bump actions/dependency-review-action from 4.0.0 to 4.1.0 by @​dependabot in https://github.com/spf13/viper/pull/1761
• build(deps): bump golangci/golangci-lint-action from 3.7.0 to 4.0.0 by @​dependabot in https://github.com/spf13/viper/pull/1757
• build(deps): bump mheap/github-action-required-labels from 5.2.0 to 5.3.0 by @​dependabot in https://github.com/spf13/viper/pull/1759
• build(deps): bump github/codeql-action from 3.24.1 to 3.24.3 by @​dependabot in https://github.com/spf13/viper/pull/1763
• build(deps): bump github.com/sagikazarmark/crypt from 0.17.0 to 0.18.0 by @​dependabot in https://github.com/spf13/viper/pull/1774
• build(deps): bump github/codeql-action from 3.24.3 to 3.24.5 by @​dependabot in https://github.com/spf13/viper/pull/1770
• build(deps): bump github.com/stretchr/testify from 1.8.4 to 1.9.0 by @​dependabot in https://github.com/spf13/viper/pull/1776
• build(deps): bump github/codeql-action from 3.24.5 to 3.24.6 by @​dependabot in https://github.com/spf13/viper/pull/1775
• build(deps): bump cachix/install-nix-action from 25 to 26 by @​dependabot in https://github.com/spf13/viper/pull/1778
• build(deps): bump actions/dependency-review-action from 4.1.0 to 4.1.3 by @​dependabot in https://github.com/spf13/viper/pull/1767
• build(deps): bump github/codeql-action from 3.24.6 to 3.24.9 by @​dependabot in https://github.com/spf13/viper/pull/1790
• build(deps): bump mheap/github-action-required-labels from 5.3.0 to 5.4.0 by @​dependabot in https://github.com/spf13/viper/pull/1789
• build(deps): bump actions/checkout from 4.1.1 to 4.1.2 by @​dependabot in https://github.com/spf13/viper/pull/1780
• build(deps): bump actions/dependency-review-action from 4.1.3 to 4.2.4 by @​dependabot in https://github.com/spf13/viper/pull/1793
• chore: upgrade crypt by @​sagikazarmark in https://github.com/spf13/viper/pull/1794
• build(deps): bump github.com/pelletier/go-toml/v2 from 2.1.1 to 2.2.0 by @​dependabot in https://github.com/spf13/viper/pull/1788
• build(deps): bump actions/dependency-review-action from 4.2.4 to 4.2.5 by @​dependabot in https://github.com/spf13/viper/pull/1796
• build(deps): bump github.com/pelletier/go-toml/v2 from 2.2.0 to 2.2.1 by @​dependabot in https://github.com/spf13/viper/pull/1804
• build(deps): bump github/codeql-action from 3.24.9 to 3.25.1 by @​dependabot in https://github.com/spf13/viper/pull/1806
• build(deps): bump golang.org/x/net from 0.22.0 to 0.23.0 by @​dependabot in https://github.com/spf13/viper/pull/1807
• build(deps): bump actions/checkout from 4.1.2 to 4.1.3 by @​dependabot in https://github.com/spf13/viper/pull/1808
• build(deps): bump actions/checkout from 4.1.3 to 4.1.4 by @​dependabot in https://github.com/spf13/viper/pull/1813
• build(deps): bump github/codeql-action from 3.25.1 to 3.25.2 by @​dependabot in https://github.com/spf13/viper/pull/1811
• build(deps): bump mheap/github-action-required-labels from 5.4.0 to 5.4.1 by @​dependabot in https://github.com/spf13/viper/pull/1817
• build(deps): bump actions/dependency-review-action from 4.2.5 to 4.3.2 by @​dependabot in https://github.com/spf13/viper/pull/1821
• build(deps): bump github.com/pelletier/go-toml/v2 from 2.2.1 to 2.2.2 by @​dependabot in https://github.com/spf13/viper/pull/1822
• build(deps): bump actions/setup-go from 5.0.0 to 5.0.1 by @​dependabot in https://github.com/spf13/viper/pull/1824
• build(deps): bump github/codeql-action from 3.25.2 to 3.25.4 by @​dependabot in https://github.com/spf13/viper/pull/1828
• build(deps): bump golangci/golangci-lint-action from 4.0.0 to 6.0.1 by @​dependabot in https://github.com/spf13/viper/pull/1829
• build(deps): bump github/codeql-action from 3.25.4 to 3.25.7 by @​dependabot in https://github.com/spf13/viper/pull/1844
• build(deps): bump cachix/install-nix-action from 26 to 27 by @​dependabot in https://github.com/spf13/viper/pull/1833
• build(deps): bump actions/checkout from 4.1.4 to 4.1.6 by @​dependabot in https://github.com/spf13/viper/pull/1835

Other Changes

• Update links to Golang Modules documentation by @​tobb10001 in https://github.com/spf13/viper/pull/1758
• chore: add Go 1.22 support by @​sagikazarmark in https://github.com/spf13/viper/pull/1762
• fix #​1700: update tests to use local viper instance by @​smukk9 in https://github.com/spf13/viper/pull/1791
• Update references to bketelsen/crypt by @​skitt in https://github.com/spf13/viper/pull/1842

New Contributors

• @​tobb10001 made their first contribution in https://github.com/spf13/viper/pull/1758
• @​smukk9 made their first contribution in https://github.com/spf13/viper/pull/1791
• @​skitt made their first contribution in https://github.com/spf13/viper/pull/1842

Full Changelog: spf13/viper@v1.18.1...v1.19.0

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.

[github-actions]

Dependency Review

The following issues were found:

• ✅ 0 vulnerable package(s)
• ✅ 0 package(s) with incompatible licenses
• ✅ 0 package(s) with invalid SPDX license definitions
• ⚠️ 2 package(s) with unknown licenses.

See the Details below.

License Issues

go.mod

Package	Version	License	Issue Type
golang.org/x/oauth2	0.18.0	Null	Unknown License
github.com/pelletier/go-toml/v2	2.2.2	Null	Unknown License

OpenSSF Scorecard

Package	Version	Score	Details
gomod/github.com/pelletier/go-toml/v2	2.2.2	🟢 6.7	Details Check Score Reason Code-Review 🟢 5 Found 12/24 approved changesets -- score normalized to 5 Maintained 🟢 10 10 commit(s) and 6 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 9 license file detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Fuzzing 🟢 10 project is fuzzed Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Packaging 🟢 10 packaging workflow detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected SAST 🟢 7 SAST tool detected but not run on all commits Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0
gomod/github.com/spf13/viper	1.19.0	🟢 6.2	Details Check Score Reason Code-Review 🟢 6 Found 2/3 approved changesets -- score normalized to 6 Maintained 🟢 10 29 commit(s) and 11 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies 🟢 10 all dependencies are pinned Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Fuzzing ⚠️ 0 project is not fuzzed Security-Policy ⚠️ 0 security policy file not detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected SAST 🟢 10 SAST tool is run on all commits
gomod/golang.org/x/oauth2	0.18.0	Unknown	Unknown
gomod/google.golang.org/appengine	1.6.8	🟢 8.1	Details Check Score Reason Maintained 🟢 5 5 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 5 Code-Review 🟢 9 Found 24/25 approved changesets -- score normalized to 9 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Security-Policy 🟢 10 security policy file detected Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Binary-Artifacts 🟢 10 no binaries found in the repo Fuzzing 🟢 10 project is fuzzed SAST ⚠️ 1 SAST tool is not run on all commits -- score normalized to 1 Vulnerabilities 🟢 10 0 existing vulnerabilities detected Pinned-Dependencies 🟢 6 dependency not pinned by hash detected -- score normalized to 6
gomod/github.com/pelletier/go-toml/v2	2.1.0	🟢 6.7	Details Check Score Reason Code-Review 🟢 5 Found 12/24 approved changesets -- score normalized to 5 Maintained 🟢 10 10 commit(s) and 6 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 9 license file detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Fuzzing 🟢 10 project is fuzzed Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Packaging 🟢 10 packaging workflow detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected SAST 🟢 7 SAST tool detected but not run on all commits Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0
gomod/github.com/spf13/viper	1.18.2	🟢 6.2	Details Check Score Reason Code-Review 🟢 6 Found 2/3 approved changesets -- score normalized to 6 Maintained 🟢 10 29 commit(s) and 11 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies 🟢 10 all dependencies are pinned Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Fuzzing ⚠️ 0 project is not fuzzed Security-Policy ⚠️ 0 security policy file not detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected SAST 🟢 10 SAST tool is run on all commits
gomod/golang.org/x/oauth2	0.15.0	Unknown	Unknown
gomod/google.golang.org/appengine	1.6.7	🟢 8.1	Details Check Score Reason Maintained 🟢 5 5 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 5 Code-Review 🟢 9 Found 24/25 approved changesets -- score normalized to 9 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Security-Policy 🟢 10 security policy file detected Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Binary-Artifacts 🟢 10 no binaries found in the repo Fuzzing 🟢 10 project is fuzzed SAST ⚠️ 1 SAST tool is not run on all commits -- score normalized to 1 Vulnerabilities 🟢 10 0 existing vulnerabilities detected Pinned-Dependencies 🟢 6 dependency not pinned by hash detected -- score normalized to 6

Scanned Manifest Files

go.mod

• github.com/pelletier/go-toml/v2@2.2.2
• github.com/spf13/viper@1.19.0
• golang.org/x/oauth2@0.18.0
• google.golang.org/appengine@1.6.8
• github.com/pelletier/go-toml/v2@2.1.0
• github.com/spf13/viper@1.18.2
• golang.org/x/oauth2@0.15.0
• google.golang.org/appengine@1.6.7