build(deps): bump the go-dependencies group across 2 directories with 21 updates

[dependabot]

Bumps the go-dependencies group with 14 updates in the / directory:

Package	From	To
github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/servicebus/armservicebus/v2	2.0.0-beta.3	2.0.0-beta.4
github.com/aws/aws-sdk-go-v2/config	1.32.17	1.32.18
github.com/aws/aws-sdk-go-v2/service/cloudcontrol	1.29.15	1.30.0
github.com/aws/aws-sdk-go-v2/service/ec2	1.303.0	1.304.0
github.com/aws/smithy-go	1.25.1	1.26.0
github.com/fluxcd/pkg/apis/meta	1.27.0	1.28.0
github.com/getkin/kin-openapi	0.138.0	0.139.0
github.com/go-chi/chi/v5	5.2.5	5.3.0
github.com/go-openapi/runtime	0.31.0	0.32.2
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp	0.68.0	0.69.0
go.opentelemetry.io/contrib/instrumentation/runtime	0.68.0	0.69.0
go.opentelemetry.io/otel/exporters/prometheus	0.65.0	0.66.0
go.opentelemetry.io/otel/exporters/zipkin	1.43.0	1.44.0
golang.org/x/crypto	0.51.0	0.52.0

Bumps the go-dependencies group with 2 updates in the /test/magpiego directory: github.com/go-chi/chi/v5 and github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azsecrets.

Updates github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/servicebus/armservicebus/v2 from 2.0.0-beta.3 to 2.0.0-beta.4

Release notes

Sourced from github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/servicebus/armservicebus/v2's releases.

sdk/resourcemanager/support/armsupport/v2.0.0-beta.4

2.0.0-beta.4 (2026-03-16)

Breaking Changes

• Function NewProblemClassificationsClient parameter(s) have been changed from (subscriptionID string, credential azcore.TokenCredential, options *arm.ClientOptions) to (credential azcore.TokenCredential, options *arm.ClientOptions)
• Type of MessageProperties.ContentType has been changed from *TranscriptContentType to *string
• Enum TranscriptContentType has been removed
• Function *ClientFactory.NewLookUpResourceIDClient has been removed
• Function *ClientFactory.NewProblemClassificationsNoSubscriptionClient has been removed
• Function *ClientFactory.NewServiceClassificationsClient has been removed
• Function *ClientFactory.NewServiceClassificationsNoSubscriptionClient has been removed
• Function NewLookUpResourceIDClient has been removed
• Function *LookUpResourceIDClient.Post has been removed
• Function PossibleTranscriptContentTypeValues has been removed
• Function *ProblemClassificationsClient.ClassifyProblems has been removed
• Function NewProblemClassificationsNoSubscriptionClient has been removed
• Function *ProblemClassificationsNoSubscriptionClient.ClassifyProblems has been removed
• Function NewServiceClassificationsClient has been removed
• Function *ServiceClassificationsClient.ClassifyServices has been removed
• Function NewServiceClassificationsNoSubscriptionClient has been removed
• Function *ServiceClassificationsNoSubscriptionClient.ClassifyServices has been removed
• Struct ClassificationService has been removed
• Struct LookUpResourceIDRequest has been removed
• Struct LookUpResourceIDResponse has been removed
• Struct OperationsListResult has been removed
• Struct ProblemClassificationsClassificationInput has been removed
• Struct ProblemClassificationsClassificationOutput has been removed
• Struct ProblemClassificationsClassificationResult has been removed
• Struct ServiceClassificationAnswer has been removed
• Struct ServiceClassificationOutput has been removed
• Struct ServiceClassificationRequest has been removed
• Field OperationsListResult of struct OperationsClientListResponse has been removed
• Field Metadata, ParentProblemClassification of struct ProblemClassificationProperties has been removed
• Field Metadata of struct ServiceProperties has been removed

Features Added

• New enum type ActionType with values ActionTypeInternal
• New enum type Origin with values OriginSystem, OriginUser, OriginUserSystem
• New struct OperationListResult
• New field SystemData in struct CommunicationDetails
• New field ActionType, IsDataAction, Origin in struct Operation
• New anonymous field OperationListResult in struct OperationsClientListResponse
• New field SystemData in struct ProblemClassification
• New field NextLink in struct ProblemClassificationsListResult
• New field SystemData in struct Service
• New field NextLink in struct ServicesListResult
• New field SystemData in struct TicketDetails

sdk/resourcemanager/applicationinsights/armapplicationinsights/v2.0.0-beta.4

... (truncated)

Commits

• 4473bad [Release] sdk/resourcemanager/sql/armsql/2.0.0-beta.4 (#22080)
• 90c78e1 feat: add ReplaceReadmeNewClientName function (#22165)
• babccdd fix sdk/resourcemanager/connectedvmware/armconnectedvmware README (#22162)
• 775c707 [Release] sdk/resourcemanager/compute/armcompute/5.4.0 (#22114)
• e7bf410 [Release] sdk/resourcemanager/batch/armbatch/2.2.0 generation from spec commi...
• 270c1d6 [Release] sdk/resourcemanager/netapp/armnetapp/6.0.0-beta.1 generation from s...
• 38a3d6f [Release] sdk/resourcemanager/network/armnetwork/5.0.0 (#22093)
• 959a71b [Release] sdk/resourcemanager/virtualmachineimagebuilder/armvirtualmachineima...
• 2454e9f [Release] sdk/resourcemanager/deviceupdate/armdeviceupdate/1.3.0 generation f...
• 72768a2 [Release] sdk/resourcemanager/healthcareapis/armhealthcareapis/2.0.0 generati...
• Additional commits viewable in compare view

Updates github.com/aws/aws-sdk-go-v2/config from 1.32.17 to 1.32.18

Commits

• db9f4e5 Release 2026-05-22
• 34e7ddc Regenerated Clients
• f9db036 Update endpoints model
• ae5eae1 Update API model
• 429dbdd Feat discover endpoint partition validation (#3410)
• ab4f5b6 Release 2026-05-21
• 757a099 Regenerated Clients
• 02c8323 Update API model
• f4ac954 Bump smithy-go version and update imports for evenstream protocoltests (#3420)
• 6d93700 Add replace for credentials dependency added on go.mod (#3419)
• Additional commits viewable in compare view

Updates github.com/aws/aws-sdk-go-v2/credentials from 1.19.16 to 1.19.17

Commits

• db9f4e5 Release 2026-05-22
• 34e7ddc Regenerated Clients
• f9db036 Update endpoints model
• ae5eae1 Update API model
• 429dbdd Feat discover endpoint partition validation (#3410)
• ab4f5b6 Release 2026-05-21
• 757a099 Regenerated Clients
• 02c8323 Update API model
• f4ac954 Bump smithy-go version and update imports for evenstream protocoltests (#3420)
• 6d93700 Add replace for credentials dependency added on go.mod (#3419)
• Additional commits viewable in compare view

Updates github.com/aws/aws-sdk-go-v2/service/cloudcontrol from 1.29.15 to 1.30.0

Commits

• 2d43b81 Release 2024-06-19
• 812bc72 Regenerated Clients
• 12e2648 Update endpoints model
• 5df426a Update API model
• 78777b6 add implicit global region to internal partition metadata (#2688)
• 077df5d Release 2024-06-18
• 3320b13 Regenerated Clients
• 1315201 Update API model
• 8dddc9c add SDK-specific feature tracking (#2682)
• 54f11c0 Release 2024-06-17
• Additional commits viewable in compare view

Updates github.com/aws/aws-sdk-go-v2/service/ec2 from 1.303.0 to 1.304.0

Commits

• db9f4e5 Release 2026-05-22
• 34e7ddc Regenerated Clients
• f9db036 Update endpoints model
• ae5eae1 Update API model
• 429dbdd Feat discover endpoint partition validation (#3410)
• ab4f5b6 Release 2026-05-21
• 757a099 Regenerated Clients
• 02c8323 Update API model
• f4ac954 Bump smithy-go version and update imports for evenstream protocoltests (#3420)
• 6d93700 Add replace for credentials dependency added on go.mod (#3419)
• Additional commits viewable in compare view

Updates github.com/aws/smithy-go from 1.25.1 to 1.26.0

Changelog

Sourced from github.com/aws/smithy-go's changelog.

Release (2026-05-27)

General Highlights

• Dependency Update: Updated to the latest SDK module versions

Module Highlights

• github.com/aws/smithy-go: v1.26.0
  • Feature: Add StringSlice to endpoint rulesfn.

Release (2026-04-23)

General Highlights

• Dependency Update: Updated to the latest SDK module versions

Module Highlights

• github.com/aws/smithy-go: v1.25.1
  • Bug Fix: Fixed a memory leak in the LRU cache implementation used by some AWS services.

Release (2026-04-15)

General Highlights

• Dependency Update: Updated to the latest SDK module versions

Module Highlights

• github.com/aws/smithy-go: v1.25.0
  • Feature: Add support for endpointBdd trait

Release (2026-04-02)

General Highlights

• Dependency Update: Updated to the latest SDK module versions

Module Highlights

• github.com/aws/smithy-go: v1.24.3
  • Bug Fix: Add additional sigv4 configuration.
• github.com/aws/smithy-go/aws-http-auth: v1.1.3
  • Bug Fix: Add additional sigv4 configuration.

Release (2026-02-27)

General Highlights

• Dependency Update: Bump minimum go version to 1.24.

Release (2026-02-20)

General Highlights

• Dependency Update: Updated to the latest SDK module versions

Module Highlights

• github.com/aws/smithy-go: v1.24.1

... (truncated)

Commits

• 45ed831 Release 2026-05-27
• 36699a9 handle vars in auth scheme id tmpl (#667)
• b81ddf7 Use GoDependency to add SDK dependencies on codegen instead of relying on go ...
• 999a54b add event stream test generator (#661)
• 22e6cf7 Expand JMESPath truthy check by allowing bare collections to be evaluated (#654)
• See full diff in compare view

Updates github.com/fluxcd/pkg/apis/meta from 1.27.0 to 1.28.0

Commits

• 2b9f4c5 Merge pull request #1216 from fluxcd/release-main
• 715a46d Prepare for release
• 482ea79 Merge pull request #1129 from Iam-Karan-Suresh/refactor/extract-dependencyref...
• 4281774 refactor: move DependencyReference to apis/meta
• fa13036 Merge pull request #1215 from fluxcd/release-main
• e944ed2 Prepare for release
• dce25dd Merge pull request #1214 from fluxcd/ci-jwt
• 55b3741 auth: introduce JWT signing with JWK for CI systems
• f50d611 Merge pull request #1213 from fluxcd/release-main
• 39163c0 Prepare for release
• Additional commits viewable in compare view

Updates github.com/getkin/kin-openapi from 0.138.0 to 0.139.0

Release notes

Sourced from github.com/getkin/kin-openapi's releases.

v0.139.0

What's Changed

• feat(openapi3): batch-convert long-tail RequiredFieldError sites by @​reuvenharrison in getkin/kin-openapi#1170
• feat(openapi3): typed validation error clusters (combined: Persistent unmanaged volumes #1171-#1179) by @​reuvenharrison in getkin/kin-openapi#1180
• openapi3gen: skip component export for anonymous types by @​0-don in getkin/kin-openapi#1163
• feat: migrate to oasdiff/yaml v0.1.0 single Unmarshal API + enable DisableTimestamps by @​reuvenharrison in getkin/kin-openapi#1181
• openapi3: typed context errors for Validate() wrapper chain by @​reuvenharrison in getkin/kin-openapi#1183
• openapi3: track Origin on the document root (T) by @​reuvenharrison in getkin/kin-openapi#1184
• openapi3: tests flakiness corrected by @​fenollp in getkin/kin-openapi#1159
• openapi3: aggregate independent validation errors via EnableMultiError by @​reuvenharrison in getkin/kin-openapi#1185
• openapi3: fix validation of duplicated path templates by @​reuvenharrison in getkin/kin-openapi#1189
• openapi3: type the remaining bare-error validation sites by @​reuvenharrison in getkin/kin-openapi#1187

Full Changelog: getkin/kin-openapi@v0.138.0...v0.139.0

Commits

• 8381bfc openapi3: type the remaining bare-error validation sites (#1187)
• d29b5c0 openapi3: fix validation of duplicated path templates (#1189)
• e56c2c7 openapi3: aggregate independent validation errors via EnableMultiError (#1185)
• 7ea1ac8 openapi3: tests flakiness corrected (#1159)
• dc70f84 openapi3: track Origin on the document root (T) (#1184)
• 69492df openapi3: typed context errors for Validate() wrapper chain (#1183)
• 0a89925 un-patch YAML serialization of dates (see issue #697)
• 55a4c72 openapi3: re-enable tests disabled due to YAML dates in map keys
• c61836c ci: fixup lint after modifications to marsh.go
• 7633481 feat: migrate to oasdiff/yaml v0.1.0 single Unmarshal API + enable DisableTim...
• Additional commits viewable in compare view

Updates github.com/go-chi/chi/v5 from 5.2.5 to 5.3.0

Release notes

Sourced from github.com/go-chi/chi/v5's releases.

v5.3.0

What's Changed

• Use strings.ReplaceAll where applicable by @​JRaspass in go-chi/chi#1046
• Propagate inline middlewares across mounted subrouters by @​LukasJenicek in go-chi/chi#1049
• add go 1.26 to ci by @​pkieltyka in go-chi/chi#1052
• Remove last uses of io/ioutil by @​JRaspass in go-chi/chi#1054
• Simplify chi.walk with slices.Concat by @​JRaspass in go-chi/chi#1053
• Apply the stringscutprefix modernizer by @​JRaspass in go-chi/chi#1051
• Bump minimum Go to 1.23, always use request.Pattern by @​JRaspass in go-chi/chi#1048
• middleware: fix httpFancyWriter.ReadFrom double-counting bytes with Tee by @​alliasgher in go-chi/chi#1085
• Fix typo in Route doc comment by @​gouwazi in go-chi/chi#1073
• fix: set Request.Pattern from RoutePattern() by @​leno23 in go-chi/chi#1097
• feat: middleware.ClientIP, a replacement for middleware.RealIP by @​VojtechVitek in go-chi/chi#967

New Contributors

• @​LukasJenicek made their first contribution in go-chi/chi#1049
• @​alliasgher made their first contribution in go-chi/chi#1085
• @​gouwazi made their first contribution in go-chi/chi#1073
• @​leno23 made their first contribution in go-chi/chi#1097

SECURITY: middleware.ClientIP, a replacement for middleware.RealIP

@​VojtechVitek submitted PR #967, which introduces middleware.ClientIP — a replacement for middleware.RealIP that closes the three open spoofing advisories:

• GHSA-9g5q-2w5x-hmxf — IP spoofing via XFF in RemoteAddr resolution (convto)
• GHSA-rjr7-jggh-pgcp — RealIP allows IP spoofing via unvalidated XFF (rezmoss)
• GHSA-3fxj-6jh8-hvhx — IP spoofing in middleware.RealIP (Saku0512, Critical / 9.3)

It also addresses issues outlined at:

• go-chi/chi#708
• https://adam-p.ca/blog/2022/03/x-forwarded-for/
• go-chi/chi#711
• go-chi/chi#453
• go-chi/chi#908

middleware.RealIP is deprecated in this PR with pointers to the new API.

The deprecation only adds a // Deprecated: doc comment; the function keeps working for backward compatibility.

Why a new middleware (not "fix RealIP in place")

RealIP has two unfixable design choices: it mutates r.RemoteAddr, and it tries to be a one-size-fits-all default by walking a hard-coded list of headers any client can supply. Per adam-p's "The perils of the 'real' client IP" (which calls chi out by name on this), there is no safe default — the user must pick their trust source explicitly.

The new API

Four middlewares, two accessors. Pick exactly one middleware based on your infrastructure, read the result with one of the two accessors:

// One of the four. There is no safe default — pick exactly one.
func ClientIPFromHeader(trustedHeader string) func(http.Handler) http.Handler
func ClientIPFromXFF(trustedIPPrefixes ...string) func(http.Handler) http.Handler
func ClientIPFromXFFTrustedProxies(numTrustedProxies int) func(http.Handler) http.Handler
</tr></table> 

... (truncated)

Commits

• 3b17157 feat: middleware.ClientIP, a replacement for middleware.RealIP (#967)
• 818fdcf fix: set Request.Pattern from RoutePattern() (#1097)
• f975af0 Fix typo in Route doc comment (#1073)
• 4ef87ea middleware: fix httpFancyWriter.ReadFrom double-counting bytes with Tee (#1085)
• a54874f Bump minimum Go to 1.23, always use request.Pattern (#1048)
• 3328d4d Apply the stringscutprefix modernizer (#1051)
• be60b2e Simplify chi.walk with slices.Concat (#1053)
• a36a925 Remove last uses of io/ioutil (#1054)
• 7d93ee3 add go 1.26 to ci (#1052)
• 903cff2 Propagate inline middlewares across mounted subrouters (#1049)
• Additional commits viewable in compare view

Updates github.com/go-openapi/runtime from 0.31.0 to 0.32.2

Release notes

Sourced from github.com/go-openapi/runtime's releases.

v0.32.2

0.32.2 - 2026-05-27

Full Changelog: go-openapi/runtime@v0.32.1...v0.32.2

2 commits in this release.

---

Fixed bugs

• fix(client): added a guard to avoid the client to panic by @​fredbi in #474 ...

Miscellaneous tasks

• chore: prepare release v0.32.2 by @​bot-go-openapi[bot] in #475 ...

---

People who contributed to this release

• @​fredbi

---

runtime license terms

Per-module changes

---

client-middleware/opentracing (0.32.2)

Miscellaneous tasks

• chore: prepare release v0.32.2 by @​bot-go-openapi[bot] in #475 ...

v0.32.1

... (truncated)

Commits

• a357ecf chore: prepare release v0.32.2
• 10b4d12 fix(client): added a guard to avoid the client to panic (#474)
• ea80e5a chore: prepare release v0.32.1
• 01f5c55 doc: documented SkipAuth feature with build tag (#472)
• af192a9 refactor(client): promote ContextualTransport to runtime package (#471)
• 1002219 chore: prepare release v0.32.0
• c1e2e2c Merge pull request #469 from fredbi/fix/3113-file-urlencoded
• 584ff89 ci: add unsafe-skipauth tagged-build workflow with coverage
• 4042690 feat(middleware): build-tag-gated SetSkipAuth for dev-mode auth bypass
• cd748fa refactor(client/otel): pivot OpenTelemetry transport to SubmitContext
• Additional commits viewable in compare view

Updates go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp from 0.68.0 to 0.69.0

Release notes

Sourced from go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp's releases.

v1.44.0/v2.5.1/v0.69.0/v0.37.1/v0.24.0/v0.19.0/v0.16.1/v0.16.0

Added

• Add error.type attribute to http.client.request.duration for transport failures in otelhttp. (#8801)
• Add examples for prometheus compatibility document. (#8716)
• Add support for cardinality_limits in PeriodicMetricReader in otelconf. (#8885)
• Add Resource method to SDK in go.opentelemetry.io/contrib/otelconf/x to expose the resolved SDK resource from declarative configuration. (#8913)
• Add go.opentelemetry.io/contrib/detectors/hetzner, a new resource detector for Hetzner Cloud servers, ported from github.com/open-telemetry/opentelemetry-collector-contrib/processor/resourcedetectionprocessor/internal/hetzner. Detects cloud.provider, cloud.platform, cloud.region, cloud.availability_zone, host.id, and host.name. (#8979)

Changed

• Set error field as record.SetErr instead of a plain attribute in go.opentelemetry.io/contrib/bridges/otellogrus. (#8776)
• Set the "error" field (e.g. created via zap.Error) as record.SetErr instead of a plain attribute in go.opentelemetry.io/contrib/bridges/otelzap. (#8719)
• Set fields implementing error interface from slog records as record.SetErr instead of plain attributes in go.opentelemetry.io/contrib/bridges/otelslog. (#8774)
• Set emitted errors in go.opentelemetry.io/contrib/bridges/otellogr as record errors (Record.SetErr) instead of exception.message attributes. (#8775)

Fixed

• Fix header attributes lost when using sub-spans in go.opentelemetry.io/contrib/instrumentation/net/http/httptrace/otelhttptrace. (#8797)
• Validate encoding configuration for OTLP HTTP exporters in go.opentelemetry.io/contrib/otelconf. (#8772)
• Remove the custom body wrapper from the request's body after the request is processed to allow body type comparisons with the original type in go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp and go.opentelemetry.io/contrib/instrumentation/github.com/gorilla/mux/otelmux. (#6914)
• Unknown or empty HTTP methods now report "_OTHER" instead of "GET" across all HTTP instrumentations to align with OpenTelemetry semantic conventions. (#8868)
• The default span name formatter in go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp now conforms to the OpenTelemetry HTTP semantic conventions for server span names. (#8871)
  • The default span name is now {method} {route} (e.g. GET /foo/{id}) when a route pattern is available, or {method} (e.g. GET) otherwise.

Removed

• Remove the deprecated WithSpanOptions option in go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc. (#8991)

What's Changed

• otelconf: validate encoding configuration for OTLP HTTP exporters by @​sonalgaud12 in open-telemetry/opentelemetry-go-contrib#8772
• fix(deps): update module github.com/aws/aws-sdk-go-v2/service/s3 to v1.99.0 by @​renovate[bot] in open-telemetry/opentelemetry-go-contrib#8780
• chore(deps): update prom/prometheus docker tag to v3.11.1 by @​renovate[bot] in open-telemetry/opentelemetry-go-contrib#8779
• otellogrus: Set error field as record.SetErr by @​sonalgaud12 in open-telemetry/opentelemetry-go-contrib#8778
• chore(deps): update module golang.org/x/sys to v0.43.0 by @​renovate[bot] in open-telemetry/opentelemetry-go-contrib#8783
• chore(deps): update golang.org/x/telemetry digest to 93c7c8a by @​renovate[bot] in open-telemetry/opentelemetry-go-contrib#8786
• chore(deps): update module github.com/mattn/go-isatty to v0.0.21 by @​renovate[bot] in open-telemetry/opentelemetry-go-contrib#8787
• chore(deps): update module github.com/mattn/go-runewidth to v0.0.23 by @​renovate[bot] in open-telemetry/opentelemetry-go-contrib#8788
• chore(deps): update golang.org/x by @​renovate[bot] in open-telemetry/opentelemetry-go-contrib#8791
• chore(deps): update actions/github-script action to v9 by @​renovate[bot] in open-telemetry/opentelemetry-go-contrib#8795
• fix(deps): update golang.org/x by @​renovate[bot] in open-telemetry/opentelemetry-go-contrib#8794
• otelzap: set error field as record.SetErr by @​iblancasa in open-telemetry/opentelemetry-go-contrib#8719
• fix(deps): update golang.org/x to 746e56f by @​renovate[bot] in open-telemetry/opentelemetry-go-contrib#8796
• chore(deps): update module golang.org/x/arch to v0.26.0 by @​renovate[bot] in open-telemetry/opentelemetry-go-contrib#8798
• Check if otelgrpc metrics are enabled by @​dashpole in open-telemetry/opentelemetry-go-contrib#8792
• chore(deps): update actions/upload-artifact action to v7.0.1 by @​renovate[bot] in open-telemetry/opentelemetry-go-contrib#8800
• Check instrument enabled in deprecatedruntime by @​dashpole in open-telemetry/opentelemetry-go-contrib#8793
• chore(deps): update module github.com/ashanbrown/forbidigo/v2 to v2.3.1 by @​renovate[bot] in open-telemetry/opentelemetry-go-contrib#8804
• chore(deps): update module github.com/ashanbrown/makezero/v2 to v2.2.1 by @​renovate[bot] in open-telemetry/opentelemetry-go-contrib#8802
• chore(deps): update module github.com/manuelarte/funcorder to v0.6.0 by @​renovate[bot] in open-telemetry/opentelemetry-go-contrib#8803

... (truncated)

Changelog

Sourced from go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp's changelog.

[1.44.0/2.5.1/0.69.0/0.37.1/0.24.0/0.19.0/0.16.1/0.16.0] - 2026-05-28

Added

• Add error.type attribute to http.client.request.duration for transport failures in otelhttp. (#8801)
• Add examples for prometheus compatibility document. (#8716)
• Add support for cardinality_limits in PeriodicMetricReader in otelconf. (#8885)
• Add Resource method to SDK in go.opentelemetry.io/contrib/otelconf/x to expose the resolved SDK resource from declarative configuration. (#8913)
• Add go.opentelemetry.io/contrib/detectors/hetzner, a new resource detector for Hetzner Cloud servers, ported from github.com/open-telemetry/opentelemetry-collector-contrib/processor/resourcedetectionprocessor/internal/hetzner. Detects cloud.provider, cloud.platform, cloud.region, cloud.availability_zone, host.id, and host.name. (#8979)

Changed

• Set error field as record.SetErr instead of a plain attribute in go.opentelemetry.io/contrib/bridges/otellogrus. (#8776)
• Set the "error" field (e.g. created via zap.Error) as record.SetErr instead of a plain attribute in go.opentelemetry.io/contrib/bridges/otelzap. (#8719)
• Set fields implementing error interface from slog records as record.SetErr instead of plain attributes in go.opentelemetry.io/contrib/bridges/otelslog. (#8774)
• Set emitted errors in go.opentelemetry.io/contrib/bridges/otellogr as record errors (Record.SetErr) instead of exception.message attributes. (#8775)

Fixed

• Fix header attributes lost when using sub-spans in go.opentelemetry.io/contrib/instrumentation/net/http/httptrace/otelhttptrace. (#8797)
• Validate encoding configuration for OTLP HTTP exporters in go.opentelemetry.io/contrib/otelconf. (#8772)
• Remove the custom body wrapper from the request's body after the request is processed to allow body type comparisons with the original type in go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp and go.opentelemetry.io/contrib/instrumentation/github.com/gorilla/mux/otelmux. (#6914)
• Unknown or empty HTTP methods now report "_OTHER" instead of "GET" across all HTTP instrumentations to align with OpenTelemetry semantic conventions. (#8868)
• The default span name formatter in go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp now conforms to the OpenTelemetry HTTP semantic conventions for server span names. (#8871)
  • The default span name is now {method} {route} (e.g. GET /foo/{id}) when a route pattern is available, or {method} (e.g. GET) otherwise.

Removed

• Remove the deprecated WithSpanOptions option in go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc. (#8991)

Commits

• 03b2bcd Release v1.44.0/v2.5.1/v0.69.0/v0.37.1/v0.24.0/v0.19.0/v0.16.1/v0.16.0 (#9033)
• 80c46d4 chore(deps): update module github.com/alecthomas/chroma/v2 to v2.26.0 (#9034)
• 51f2921 fix(deps): update module github.com/hetznercloud/hcloud-go/v2 to v2.41.2 (#9026)
• db82162 fix(deps): update aws-sdk-go-v2 monorepo (#9031)
• 5a3e533 fix(deps): update module github.com/aws/smithy-go to v1.26.0 (#9032)
• c67843c otelhttp: Remove custom wrapper after handling request (#6914)
• c0a4135 docs(otelhttptrace): add performance guidance for WithoutSubSpans (#8785)
• a51a867 otelconf: implement cardinality_limits support in PeriodicMetricReader (#8885)
• dead6e5 chore(deps): update module go.yaml.in/yaml/v2 to v2.4.4 (#8994)
• 979ce18 chore(deps): update module github.com/jgautheron/goconst to v1.10.2 (#9030)
• Additional commits viewable in compare view

Updates go.opentelemetry.io/contrib/instrumentation/runtime from 0.68.0 to 0.69.0

Release notes

Sourced from go.opentelemetry.io/contrib/instrumentation/runtime's releases.

v1.44.0/v2.5.1/v0.69.0/v0.37.1/v0.24.0/v0.19.0/v0.16.1/v0.16.0

Added

• Add error.type attribute to http.client.request.duration for transport failures in otelhttp. (#8801)
• Add examples for prometheus compatibility document. (#8716)
• Add support for cardinality_limits in PeriodicMetricReader in otelconf. (#8885)
• Add Resource method to SDK in go.opentelemetry.io/contrib/otelconf/x to expose the resolved SDK resource from declarative configuration. (#8913)
• Add go.opentelemetry.io/contrib/detectors/hetzner, a new resource detector for Hetzner Cloud servers, ported from github.com/open-telemetry/opentelemetry-collector-contrib/processor/resourcedetectionprocessor/internal/hetzner. Detects cloud.provider, cloud.platform, cloud.region, cloud.availability_zone, host.id, and host.name. (#8979)

Changed

• Set error field as record.SetErr instead of a plain attribute in go.opentelemetry.io/contrib/bridges/otellogrus. (#8776)
• Set the "error" field (e.g. created via zap.Error) as record.SetErr instead of a plain attribute in go.opentelemetry.io/contrib/bridges/otelzap. (#8719)
• Set fields implementing error interface from slog records as record.SetErr instead of plain attributes in go.opentelemetry.io/contrib/bridges/otelslog. (#8774)
• Set emitted errors in go.opentelemetry.io/contrib/bridges/otellogr as record errors (Record.SetErr) instead of exception.message attributes. (#8775)

Fixed

• Fix header attributes lost when using sub-spans in go.opentelemetry.io/contrib/instrumentation/net/http/httptrace/otelhttptrace. (#8797)
• Validate encoding configuration for OTLP HTTP exporters in go.opentelemetry.io/contrib/otelconf. (#8772)
• Remove the custom body wrapper from the request's body after the request is processed to allow body type comparisons with the original type in Description has been truncated

[Copilot]

Copilot encountered an error and was unable to review this pull request. You can try again by re-requesting a review.

[github-actions]

Dependency Review

The following issues were found:

• ✅ 0 vulnerable package(s)
• ✅ 0 package(s) with incompatible licenses
• ✅ 0 package(s) with invalid SPDX license definitions
• ⚠️ 18 package(s) with unknown licenses.

See the Details below.

License Issues

go.mod

Package	Version	License	Issue Type
github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/servicebus/armservicebus/v2	2.0.0-beta.4	Null	Unknown License
github.com/aws/aws-sdk-go-v2/config	1.32.18	Null	Unknown License
github.com/aws/aws-sdk-go-v2/credentials	1.19.17	Null	Unknown License
github.com/aws/aws-sdk-go-v2/service/ec2	1.304.0	Null	Unknown License
github.com/aws/aws-sdk-go-v2/service/ssooidc	1.36.0	Null	Unknown License
github.com/getkin/kin-openapi	0.139.0	Null	Unknown License
github.com/go-chi/chi/v5	5.3.0	Null	Unknown License
github.com/go-openapi/runtime	0.32.2	Null	Unknown License
github.com/golang-jwt/jwt/v5	5.3.1	Null	Unknown License
go.opentelemetry.io/otel/trace	1.44.0	Null	Unknown License
golang.org/x/crypto	0.52.0	Null	Unknown License
golang.org/x/sys	0.45.0	Null	Unknown License
github.com/oasdiff/yaml	0.1.0	Null	Unknown License
github.com/oasdiff/yaml3	0.0.13	Null	Unknown License

test/magpiego/go.mod

Package	Version	License	Issue Type
github.com/go-chi/chi/v5	5.3.0	Null	Unknown License
go.opentelemetry.io/otel/trace	1.44.0	Null	Unknown License
golang.org/x/crypto	0.52.0	Null	Unknown License
golang.org/x/sys	0.45.0	Null	Unknown License

OpenSSF Scorecard

Scorecard details

Package	Version	Score	Details
gomod/github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/servicebus/armservicebus/v2	2.0.0-beta.4	Unknown	Unknown
gomod/github.com/aws/aws-sdk-go-v2/config	1.32.18	Unknown	Unknown
gomod/github.com/aws/aws-sdk-go-v2/credentials	1.19.17	Unknown	Unknown
gomod/github.com/aws/aws-sdk-go-v2/service/cloudcontrol	1.30.0	🟢 6.7	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 14 issue activity found in the last 90 days -- score normalized to 10 Code-Review ⚠️ 2 Found 8/30 approved changesets -- score normalized to 2 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Packaging ⚠️ -1 packaging workflow not detected Token-Permissions 🟢 9 detected GitHub workflow tokens with excessive permissions License 🟢 10 license file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Security-Policy 🟢 10 security policy file detected Branch-Protection 🟢 5 branch protection is not maximal on development and all release branches Signed-Releases ⚠️ -1 no releases found Fuzzing ⚠️ 0 project is not fuzzed SAST 🟢 10 SAST tool is run on all commits Binary-Artifacts 🟢 9 binaries present in source code Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0
gomod/github.com/aws/aws-sdk-go-v2/service/ec2	1.304.0	Unknown	Unknown
gomod/github.com/aws/aws-sdk-go-v2/service/ssooidc	1.36.0	Unknown	Unknown
gomod/github.com/aws/smithy-go	1.26.0	🟢 7.3	Details Check Score Reason Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Packaging ⚠️ -1 packaging workflow not detected Code-Review 🟢 6 Found 18/30 approved changesets -- score normalized to 6 Maintained 🟢 10 23 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Binary-Artifacts 🟢 9 binaries present in source code Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ -1 no releases found Branch-Protection 🟢 6 branch protection is not maximal on development and all release branches Security-Policy 🟢 10 security policy file detected SAST 🟢 9 SAST tool is not run on all commits -- score normalized to 9
gomod/github.com/fluxcd/pkg/apis/meta	1.28.0	🟢 7.9	Details Check Score Reason Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Code-Review 🟢 10 all changesets reviewed Packaging ⚠️ -1 packaging workflow not detected Maintained 🟢 10 30 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10 Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Dependency-Update-Tool 🟢 10 update tool detected CII-Best-Practices ⚠️ 2 badge detected: InProgress License 🟢 10 license file detected Pinned-Dependencies 🟢 8 dependency not pinned by hash detected -- score normalized to 8 Signed-Releases ⚠️ -1 no releases found Fuzzing 🟢 10 project is fuzzed Branch-Protection 🟢 8 branch protection is not maximal on development and all release branches SAST 🟢 10 SAST tool is run on all commits Security-Policy 🟢 10 security policy file detected Vulnerabilities ⚠️ 0 21 existing vulnerabilities detected CI-Tests 🟢 10 13 out of 13 merged PRs checked by a CI test -- score normalized to 10 Contributors 🟢 10 project has 42 contributing companies or organizations
gomod/github.com/getkin/kin-openapi	0.139.0	Unknown	Unknown
gomod/github.com/go-chi/chi/v5	5.3.0	Unknown	Unknown
gomod/github.com/go-openapi/runtime	0.32.2	Unknown	Unknown
gomod/github.com/golang-jwt/jwt/v5	5.3.1	Unknown	Unknown
gomod/github.com/oasdiff/yaml	0.1.0	Unknown	Unknown
gomod/github.com/oasdiff/yaml3	0.0.13	Unknown	Unknown
gomod/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp	0.69.0	🟢 8.8	Details Check Score Reason Code-Review 🟢 10 all changesets reviewed Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Dependency-Update-Tool 🟢 10 update tool detected Maintained 🟢 10 30 commit(s) and 16 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Signed-Releases 🟢 8 4 out of the last 4 releases have a total of 4 signed artifacts. License 🟢 10 license file detected SAST 🟢 9 SAST tool detected but not run on all commits Branch-Protection 🟢 4 branch protection is not maximal on development and all release branches Security-Policy 🟢 10 security policy file detected Fuzzing 🟢 10 project is fuzzed Pinned-Dependencies 🟢 4 dependency not pinned by hash detected -- score normalized to 4 Vulnerabilities 🟢 10 0 existing vulnerabilities detected CI-Tests 🟢 10 30 out of 30 merged PRs checked by a CI test -- score normalized to 10 Contributors 🟢 10 project has 40 contributing companies or organizations
gomod/go.opentelemetry.io/contrib/instrumentation/runtime	0.69.0	🟢 8.8	Details Check Score Reason Code-Review 🟢 10 all changesets reviewed Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Dependency-Update-Tool 🟢 10 update tool detected Maintained 🟢 10 30 commit(s) and 16 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Signed-Releases 🟢 8 4 out of the last 4 releases have a total of 4 signed artifacts. License 🟢 10 license file detected SAST 🟢 9 SAST tool detected but not run on all commits Branch-Protection 🟢 4 branch protection is not maximal on development and all release branches Security-Policy 🟢 10 security policy file detected Fuzzing 🟢 10 project is fuzzed Pinned-Dependencies 🟢 4 dependency not pinned by hash detected -- score normalized to 4 Vulnerabilities 🟢 10 0 existing vulnerabilities detected CI-Tests 🟢 10 30 out of 30 merged PRs checked by a CI test -- score normalized to 10 Contributors 🟢 10 project has 40 contributing companies or organizations
gomod/go.opentelemetry.io/otel	1.44.0	🟢 9.2	Details Check Score Reason Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Maintained 🟢 10 30 commit(s) and 21 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected Code-Review 🟢 9 Found 12/13 approved changesets -- score normalized to 9 Dependency-Update-Tool 🟢 10 update tool detected Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies 🟢 10 all dependencies are pinned CII-Best-Practices 🟢 5 badge detected: Passing SAST 🟢 9 SAST tool detected but not run on all commits Fuzzing 🟢 10 project is fuzzed Vulnerabilities 🟢 10 0 existing vulnerabilities detected License 🟢 10 license file detected Security-Policy 🟢 10 security policy file detected Branch-Protection 🟢 5 branch protection is not maximal on development and all release branches Signed-Releases 🟢 8 5 out of the last 5 releases have a total of 5 signed artifacts. CI-Tests 🟢 10 29 out of 29 merged PRs checked by a CI test -- score normalized to 10 Contributors 🟢 10 project has 42 contributing companies or organizations
gomod/go.opentelemetry.io/otel/exporters/prometheus	0.66.0	🟢 9.2	Details Check Score Reason Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Maintained 🟢 10 30 commit(s) and 21 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected Code-Review 🟢 9 Found 12/13 approved changesets -- score normalized to 9 Dependency-Update-Tool 🟢 10 update tool detected Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies 🟢 10 all dependencies are pinned CII-Best-Practices 🟢 5 badge detected: Passing SAST 🟢 9 SAST tool detected but not run on all commits Fuzzing 🟢 10 project is fuzzed Vulnerabilities 🟢 10 0 existing vulnerabilities detected License 🟢 10 license file detected Security-Policy 🟢 10 security policy file detected Branch-Protection 🟢 5 branch protection is not maximal on development and all release branches Signed-Releases 🟢 8 5 out of the last 5 releases have a total of 5 signed artifacts. CI-Tests 🟢 10 29 out of 29 merged PRs checked by a CI test -- score normalized to 10 Contributors 🟢 10 project has 42 contributing companies or organizations
gomod/go.opentelemetry.io/otel/exporters/zipkin	1.44.0	🟢 9.2	Details Check Score Reason Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Maintained 🟢 10 30 commit(s) and 21 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected Code-Review 🟢 9 Found 12/13 approved changesets -- score normalized to 9 Dependency-Update-Tool 🟢 10 update tool detected Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies 🟢 10 all dependencies are pinned CII-Best-Practices 🟢 5 badge detected: Passing SAST 🟢 9 SAST tool detected but not run on all commits Fuzzing 🟢 10 project is fuzzed Vulnerabilities 🟢 10 0 existing vulnerabilities detected License 🟢 10 license file detected Security-Policy 🟢 10 security policy file detected Branch-Protection 🟢 5 branch protection is not maximal on development and all release branches Signed-Releases 🟢 8 5 out of the last 5 releases have a total of 5 signed artifacts. CI-Tests 🟢 10 29 out of 29 merged PRs checked by a CI test -- score normalized to 10 Contributors 🟢 10 project has 42 contributing companies or organizations
gomod/go.opentelemetry.io/otel/metric	1.44.0	🟢 9.2	Details Check Score Reason Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Maintained 🟢 10 30 commit(s) and 21 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected Code-Review 🟢 9 Found 12/13 approved changesets -- score normalized to 9 Dependency-Update-Tool 🟢 10 update tool detected Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies 🟢 10 all dependencies are pinned CII-Best-Practices 🟢 5 badge detected: Passing SAST 🟢 9 SAST tool detected but not run on all commits Fuzzing 🟢 10 project is fuzzed Vulnerabilities 🟢 10 0 existing vulnerabilities detected License 🟢 10 license file detected Security-Policy 🟢 10 security policy file detected Branch-Protection 🟢 5 branch protection is not maximal on development and all release branches Signed-Releases 🟢 8 5 out of the last 5 releases have a total of 5 signed artifacts. CI-Tests 🟢 10 29 out of 29 merged PRs checked by a CI test -- score normalized to 10 Contributors 🟢 10 project has 42 contributing companies or organizations
gomod/go.opentelemetry.io/otel/sdk	1.44.0	🟢 9.2	Details Check Score Reason Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Maintained 🟢 10 30 commit(s) and 21 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected Code-Review 🟢 9 Found 12/13 approved changesets -- score normalized to 9 Dependency-Update-Tool 🟢 10 update tool detected Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies 🟢 10 all dependencies are pinned CII-Best-Practices 🟢 5 badge detected: Passing SAST 🟢 9 SAST tool detected but not run on all commits Fuzzing 🟢 10 project is fuzzed Vulnerabilities 🟢 10 0 existing vulnerabilities detected License 🟢 10 license file detected Security-Policy 🟢 10 security policy file detected Branch-Protection 🟢 5 branch protection is not maximal on development and all release branches Signed-Releases 🟢 8 5 out of the last 5 releases have a total of 5 signed artifacts. CI-Tests 🟢 10 29 out of 29 merged PRs checked by a CI test -- score normalized to 10 Contributors 🟢 10 project has 42 contributing companies or organizations
gomod/go.opentelemetry.io/otel/sdk/metric	1.44.0	🟢 9.2	Details Check Score Reason Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Maintained 🟢 10 30 commit(s) and 21 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected Code-Review 🟢 9 Found 12/13 approved changesets -- score normalized to 9 Dependency-Update-Tool 🟢 10 update tool detected Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies 🟢 10 all dependencies are pinned CII-Best-Practices 🟢 5 badge detected: Passing SAST 🟢 9 SAST tool detected but not run on all commits Fuzzing 🟢 10 project is fuzzed Vulnerabilities 🟢 10 0 existing vulnerabilities detected License 🟢 10 license file detected Security-Policy 🟢 10 security policy file detected Branch-Protection 🟢 5 branch protection is not maximal on development and all release branches Signed-Releases 🟢 8 5 out of the last 5 releases have a total of 5 signed artifacts. CI-Tests 🟢 10 29 out of 29 merged PRs checked by a CI test -- score normalized to 10 Contributors 🟢 10 project has 42 contributing companies or organizations
gomod/go.opentelemetry.io/otel/trace	1.44.0	Unknown	Unknown
gomod/golang.org/x/crypto	0.52.0	Unknown	Unknown
gomod/golang.org/x/sys	0.45.0	Unknown	Unknown
gomod/github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azsecrets	1.5.0	🟢 7.3	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 15 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 10 all changesets reviewed Security-Policy 🟢 10 security policy file detected Packaging ⚠️ -1 packaging workflow not detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions 🟢 9 detected GitHub workflow tokens with excessive permissions License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection 🟢 5 branch protection is not maximal on development and all release branches Fuzzing ⚠️ 0 project is not fuzzed Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies 🟢 5 dependency not pinned by hash detected -- score normalized to 5 SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
gomod/github.com/go-chi/chi/v5	5.3.0	Unknown	Unknown
gomod/go.opentelemetry.io/otel	1.44.0	🟢 9.2	Details Check Score Reason Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Maintained 🟢 10 30 commit(s) and 21 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected Code-Review 🟢 9 Found 12/13 approved changesets -- score normalized to 9 Dependency-Update-Tool 🟢 10 update tool detected Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies 🟢 10 all dependencies are pinned CII-Best-Practices 🟢 5 badge detected: Passing SAST 🟢 9 SAST tool detected but not run on all commits Fuzzing 🟢 10 project is fuzzed Vulnerabilities 🟢 10 0 existing vulnerabilities detected License 🟢 10 license file detected Security-Policy 🟢 10 security policy file detected Branch-Protection 🟢 5 branch protection is not maximal on development and all release branches Signed-Releases 🟢 8 5 out of the last 5 releases have a total of 5 signed artifacts. CI-Tests 🟢 10 29 out of 29 merged PRs checked by a CI test -- score normalized to 10 Contributors 🟢 10 project has 42 contributing companies or organizations
gomod/go.opentelemetry.io/otel/metric	1.44.0	🟢 9.2	Details Check Score Reason Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Maintained 🟢 10 30 commit(s) and 21 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected Code-Review 🟢 9 Found 12/13 approved changesets -- score normalized to 9 Dependency-Update-Tool 🟢 10 update tool detected Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies 🟢 10 all dependencies are pinned CII-Best-Practices 🟢 5 badge detected: Passing SAST 🟢 9 SAST tool detected but not run on all commits Fuzzing 🟢 10 project is fuzzed Vulnerabilities 🟢 10 0 existing vulnerabilities detected License 🟢 10 license file detected Security-Policy 🟢 10 security policy file detected Branch-Protection 🟢 5 branch protection is not maximal on development and all release branches Signed-Releases 🟢 8 5 out of the last 5 releases have a total of 5 signed artifacts. CI-Tests 🟢 10 29 out of 29 merged PRs checked by a CI test -- score normalized to 10 Contributors 🟢 10 project has 42 contributing companies or organizations
gomod/go.opentelemetry.io/otel/trace	1.44.0	Unknown	Unknown
gomod/golang.org/x/crypto	0.52.0	Unknown	Unknown
gomod/golang.org/x/sys	0.45.0	Unknown	Unknown

Scanned Files

• go.mod
• test/magpiego/go.mod

[radius-functional-tests]

Radius functional test overview

🔍 Go to test action run

Click here to see the test run details

Name	Value
Repository	radius-project/radius
Commit ref	26774e7
Unique ID	funcd37605b239
Image tag	pr-funcd37605b239

• gotestsum 1.13.0
• KinD: v0.29.0
• Dapr: 1.14.4
• Azure KeyVault CSI driver: 1.4.2
• Azure Workload identity webhook: 1.3.0
• Bicep recipe location ghcr.io/radius-project/dev/test/testrecipes/test-bicep-recipes/<name>:pr-funcd37605b239
• Terraform recipe location http://tf-module-server.radius-test-tf-module-server.svc.cluster.local/<name>.zip (in cluster)
• applications-rp test image location: ghcr.io/radius-project/dev/applications-rp:pr-funcd37605b239
• dynamic-rp test image location: ghcr.io/radius-project/dev/dynamic-rp:pr-funcd37605b239
• controller test image location: ghcr.io/radius-project/dev/controller:pr-funcd37605b239
• ucp test image location: ghcr.io/radius-project/dev/ucpd:pr-funcd37605b239
• deployment-engine test image location: ghcr.io/radius-project/deployment-engine:latest

Test Status

⌛ Building Radius and pushing container images for functional tests...
✅ Container images build succeeded
⌛ Publishing Bicep Recipes for functional tests...
✅ Recipe publishing succeeded
⌛ Starting ucp-cloud functional tests...
⌛ Starting corerp-cloud functional tests...
✅ ucp-cloud functional tests succeeded
✅ corerp-cloud functional tests succeeded

[github-actions]

Unit Tests

    2 files  ±0    435 suites  ±0   7m 12s ⏱️ -12s
5 247 tests ±0  5 245 ✅ ±0  2 💤 ±0  0 ❌ ±0 
6 369 runs  ±0  6 367 ✅ ±0  2 💤 ±0  0 ❌ ±0 

Results for commit 26774e7. ± Comparison against base commit e25bdcf.