Skip to content

Copilot instructions: tell it about new(EXPR) form#7086

Merged
sorindumitru merged 1 commit into
spiffe:mainfrom
c4rlo:patch-1
Jun 22, 2026
Merged

Copilot instructions: tell it about new(EXPR) form#7086
sorindumitru merged 1 commit into
spiffe:mainfrom
c4rlo:patch-1

Conversation

@c4rlo

@c4rlo c4rlo commented Jun 21, 2026

Copy link
Copy Markdown
Contributor

Tell Copilot about this new Go feature. Came up in #7085 (comment).

Tell Copilot about this new Go feature.

Signed-off-by: Carlo Teubner <cteubner1@bloomberg.net>

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Updates the repository’s Copilot guidance to reflect the project’s current Go toolchain capabilities, preventing incorrect “does not compile” feedback for valid modern Go syntax.

Changes:

  • Document that new(x) is valid when x is an expression (not just a type), aligning Copilot guidance with the Go version used by this repo.

@sorindumitru
sorindumitru added this pull request to the merge queue Jun 22, 2026
@sorindumitru sorindumitru added this to the 1.15.2 milestone Jun 22, 2026
@sorindumitru
sorindumitru removed this pull request from the merge queue due to a manual request Jun 22, 2026
@sorindumitru
sorindumitru added this pull request to the merge queue Jun 22, 2026
Merged via the queue into spiffe:main with commit 73215a3 Jun 22, 2026
57 checks passed
zzzz465 added a commit to pubg/spire that referenced this pull request Jul 16, 2026
* build(deps): bump github.com/open-policy-agent/opa from 1.16.2 to 1.17.0 (#6997)

Bumps [github.com/open-policy-agent/opa](https://github.com/open-policy-agent/opa) from 1.16.2 to 1.17.0.
- [Release notes](https://github.com/open-policy-agent/opa/releases)
- [Changelog](https://github.com/open-policy-agent/opa/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-policy-agent/opa/compare/v1.16.2...v1.17.0)

---
updated-dependencies:
- dependency-name: github.com/open-policy-agent/opa
  dependency-version: 1.17.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Apply PQC policy to bundle endpoint and prometheus server (#6995)

Signed-off-by: Sorin Dumitru <sorin@returnze.ro>

* build(deps): bump the aws-sdk group with 2 updates (#6996)

Bumps the aws-sdk group with 2 updates: [github.com/aws/aws-sdk-go-v2/service/s3](https://github.com/aws/aws-sdk-go-v2) and [github.com/aws/smithy-go](https://github.com/aws/smithy-go).


Updates `github.com/aws/aws-sdk-go-v2/service/s3` from 1.101.0 to 1.102.0
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/service/s3/v1.101.0...service/s3/v1.102.0)

Updates `github.com/aws/smithy-go` from 1.25.1 to 1.26.0
- [Release notes](https://github.com/aws/smithy-go/releases)
- [Changelog](https://github.com/aws/smithy-go/blob/main/CHANGELOG.md)
- [Commits](https://github.com/aws/smithy-go/compare/v1.25.1...v1.26.0)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2/service/s3
  dependency-version: 1.102.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: aws-sdk
- dependency-name: github.com/aws/smithy-go
  dependency-version: 1.26.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: aws-sdk
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* fix: use structured logger for rebootstrap messages and fix typos (#7000)

Signed-off-by: immanuwell <pchpr.00@list.ru>

* Fix stale proto directory layout in CONTRIBUTING.md (#7011)

Signed-off-by: Agustín Martínez Fayó <amartinezfayo@gmail.com>

* build(deps): bump github.com/sigstore/sigstore from 1.10.6 to 1.10.7 (#7005)

Bumps [github.com/sigstore/sigstore](https://github.com/sigstore/sigstore) from 1.10.6 to 1.10.7.
- [Release notes](https://github.com/sigstore/sigstore/releases)
- [Commits](https://github.com/sigstore/sigstore/compare/v1.10.6...v1.10.7)

---
updated-dependencies:
- dependency-name: github.com/sigstore/sigstore
  dependency-version: 1.10.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* build(deps): bump cloud.google.com/go/security (#7004)

Bumps the google-cloud-sdk group with 1 update: [cloud.google.com/go/security](https://github.com/googleapis/google-cloud-go).


Updates `cloud.google.com/go/security` from 1.24.0 to 1.25.0
- [Release notes](https://github.com/googleapis/google-cloud-go/releases)
- [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/documentai/CHANGES.md)
- [Commits](https://github.com/googleapis/google-cloud-go/compare/kms/v1.24.0...kms/v1.25.0)

---
updated-dependencies:
- dependency-name: cloud.google.com/go/security
  dependency-version: 1.25.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: google-cloud-sdk
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* build(deps): bump github.com/aws/aws-sdk-go-v2/service/autoscaling (#7003)

Bumps the aws-sdk group with 1 update: [github.com/aws/aws-sdk-go-v2/service/autoscaling](https://github.com/aws/aws-sdk-go-v2).


Updates `github.com/aws/aws-sdk-go-v2/service/autoscaling` from 1.66.0 to 1.67.0
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/service/s3/v1.66.0...service/s3/v1.67.0)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2/service/autoscaling
  dependency-version: 1.67.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: aws-sdk
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Add Copilot repository custom instructions (#7009)

* Add Copilot repository custom instructions

Signed-off-by: Agustín Martínez Fayó <amartinezfayo@gmail.com>

* Address Copilot comments

Signed-off-by: Agustín Martínez Fayó <amartinezfayo@gmail.com>

* Add links to the SDK repositories

Signed-off-by: Agustín Martínez Fayó <amartinezfayo@gmail.com>

* Note that field names come from pkg/common/telemetry/names.go

Signed-off-by: Agustín Martínez Fayó <amartinezfayo@gmail.com>

---------

Signed-off-by: Agustín Martínez Fayó <amartinezfayo@gmail.com>

* Add support for two more PQC curves (#6999)

Go 1.26 added support for these so we can allow using them

Signed-off-by: Sorin Dumitru <sorin@returnze.ro>

* build(deps): bump google.golang.org/api in the google-cloud-sdk group (#7014)

Bumps the google-cloud-sdk group with 1 update: [google.golang.org/api](https://github.com/googleapis/google-api-go-client).


Updates `google.golang.org/api` from 0.282.0 to 0.283.0
- [Release notes](https://github.com/googleapis/google-api-go-client/releases)
- [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md)
- [Commits](https://github.com/googleapis/google-api-go-client/compare/v0.282.0...v0.283.0)

---
updated-dependencies:
- dependency-name: google.golang.org/api
  dependency-version: 0.283.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: google-cloud-sdk
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* build(deps): bump github.com/sigstore/sigstore from 1.10.7 to 1.10.8 (#7016)

Bumps [github.com/sigstore/sigstore](https://github.com/sigstore/sigstore) from 1.10.7 to 1.10.8.
- [Release notes](https://github.com/sigstore/sigstore/releases)
- [Commits](https://github.com/sigstore/sigstore/compare/v1.10.7...v1.10.8)

---
updated-dependencies:
- dependency-name: github.com/sigstore/sigstore
  dependency-version: 1.10.8
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* agent: add `log_selectors` config item (#6981)

* agent: log configured workload selectors on identity failures

Signed-off-by: Carlo Teubner <cteubner1@bloomberg.net>

* agent: minor refactor to reduce num params

Signed-off-by: Carlo Teubner <cteubner1@bloomberg.net>

* agent: log selectors as single string

Addresses review comment.

Signed-off-by: Carlo Teubner <cteubner1@bloomberg.net>

* agent: Sort selectors before logging

Signed-off-by: Carlo Teubner <cteubner1@bloomberg.net>

---------

Signed-off-by: Carlo Teubner <cteubner1@bloomberg.net>

* build(deps): bump github.com/shirou/gopsutil/v4 from 4.26.4 to 4.26.5 (#7015)

Bumps [github.com/shirou/gopsutil/v4](https://github.com/shirou/gopsutil) from 4.26.4 to 4.26.5.
- [Release notes](https://github.com/shirou/gopsutil/releases)
- [Commits](https://github.com/shirou/gopsutil/compare/v4.26.4...v4.26.5)

---
updated-dependencies:
- dependency-name: github.com/shirou/gopsutil/v4
  dependency-version: 4.26.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* build(deps): bump the aws-sdk group with 7 updates (#7013)

Bumps the aws-sdk group with 7 updates:

| Package | From | To |
| --- | --- | --- |
| [github.com/aws/aws-sdk-go-v2/service/ec2](https://github.com/aws/aws-sdk-go-v2) | `1.304.0` | `1.305.0` |
| [github.com/aws/aws-sdk-go-v2/service/iam](https://github.com/aws/aws-sdk-go-v2) | `1.53.1` | `1.54.1` |
| [github.com/aws/aws-sdk-go-v2/service/kms](https://github.com/aws/aws-sdk-go-v2) | `1.52.0` | `1.53.1` |
| [github.com/aws/aws-sdk-go-v2/service/s3](https://github.com/aws/aws-sdk-go-v2) | `1.102.0` | `1.103.0` |
| [github.com/aws/aws-sdk-go-v2/service/secretsmanager](https://github.com/aws/aws-sdk-go-v2) | `1.41.0` | `1.42.0` |
| [github.com/aws/aws-sdk-go-v2/service/sts](https://github.com/aws/aws-sdk-go-v2) | `1.42.0` | `1.43.0` |
| [github.com/aws/smithy-go](https://github.com/aws/smithy-go) | `1.26.0` | `1.27.0` |


Updates `github.com/aws/aws-sdk-go-v2/service/ec2` from 1.304.0 to 1.305.0
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/service/ec2/v1.304.0...service/ec2/v1.305.0)

Updates `github.com/aws/aws-sdk-go-v2/service/iam` from 1.53.1 to 1.54.1
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/service/s3/v1.53.1...service/s3/v1.54.1)

Updates `github.com/aws/aws-sdk-go-v2/service/kms` from 1.52.0 to 1.53.1
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/service/s3/v1.52.0...service/s3/v1.53.1)

Updates `github.com/aws/aws-sdk-go-v2/service/s3` from 1.102.0 to 1.103.0
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/service/s3/v1.102.0...service/s3/v1.103.0)

Updates `github.com/aws/aws-sdk-go-v2/service/secretsmanager` from 1.41.0 to 1.42.0
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/v1.41.0...service/s3/v1.42.0)

Updates `github.com/aws/aws-sdk-go-v2/service/sts` from 1.42.0 to 1.43.0
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/service/s3/v1.42.0...service/s3/v1.43.0)

Updates `github.com/aws/smithy-go` from 1.26.0 to 1.27.0
- [Release notes](https://github.com/aws/smithy-go/releases)
- [Changelog](https://github.com/aws/smithy-go/blob/main/CHANGELOG.md)
- [Commits](https://github.com/aws/smithy-go/compare/v1.26.0...v1.27.0)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2/service/ec2
  dependency-version: 1.305.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: aws-sdk
- dependency-name: github.com/aws/aws-sdk-go-v2/service/iam
  dependency-version: 1.54.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: aws-sdk
- dependency-name: github.com/aws/aws-sdk-go-v2/service/kms
  dependency-version: 1.53.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: aws-sdk
- dependency-name: github.com/aws/aws-sdk-go-v2/service/s3
  dependency-version: 1.103.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: aws-sdk
- dependency-name: github.com/aws/aws-sdk-go-v2/service/secretsmanager
  dependency-version: 1.42.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: aws-sdk
- dependency-name: github.com/aws/aws-sdk-go-v2/service/sts
  dependency-version: 1.43.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: aws-sdk
- dependency-name: github.com/aws/smithy-go
  dependency-version: 1.27.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: aws-sdk
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* build(deps): bump actions/checkout from 6.0.2 to 6.0.3 (#7024)

Bumps [actions/checkout](https://github.com/actions/checkout) from 6.0.2 to 6.0.3.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/de0fac2e4500dabe0009e67214ff5f5447ce83dd...df4cb1c069e1874edd31b4311f1884172cec0e10)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: 6.0.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* build(deps): bump github.com/jackc/pgx/v5 from 5.9.2 to 5.10.0 (#7026)

Bumps [github.com/jackc/pgx/v5](https://github.com/jackc/pgx) from 5.9.2 to 5.10.0.
- [Changelog](https://github.com/jackc/pgx/blob/master/CHANGELOG.md)
- [Commits](https://github.com/jackc/pgx/compare/v5.9.2...v5.10.0)

---
updated-dependencies:
- dependency-name: github.com/jackc/pgx/v5
  dependency-version: 5.10.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Retry image builds to tolerate transient base image pull failures (#7032)

Signed-off-by: Agustín Martínez Fayó <amartinezfayo@gmail.com>

* build(deps): bump github.com/aws/smithy-go from 1.27.0 to 1.27.1 in the aws-sdk group (#7033)

build(deps): bump github.com/aws/smithy-go in the aws-sdk group

Bumps the aws-sdk group with 1 update: [github.com/aws/smithy-go](https://github.com/aws/smithy-go).


Updates `github.com/aws/smithy-go` from 1.27.0 to 1.27.1
- [Release notes](https://github.com/aws/smithy-go/releases)
- [Changelog](https://github.com/aws/smithy-go/blob/main/CHANGELOG.md)
- [Commits](https://github.com/aws/smithy-go/compare/v1.27.0...v1.27.1)

---
updated-dependencies:
- dependency-name: github.com/aws/smithy-go
  dependency-version: 1.27.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: aws-sdk
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Datastore config doc updates (#7023)

* server sql doc: explain connection string

Signed-off-by: Carlo Teubner <cteubner1@bloomberg.net>

* server sql doc: spelling of AWS_SECRET_ACCESS_KEY

Signed-off-by: Carlo Teubner <cteubner1@bloomberg.net>

* server sql doc: misc cleanups

Signed-off-by: Carlo Teubner <cteubner1@bloomberg.net>

---------

Signed-off-by: Carlo Teubner <cteubner1@bloomberg.net>

* Retry container image pulls in integration tests to reduce CI flakiness (#7031)

* Retry container image pulls in integration tests to reduce CI flakiness

Signed-off-by: Agustín Martínez Fayó <amartinezfayo@gmail.com>

* Hardcode retry attempts and backoff in integration tests

Signed-off-by: Agustín Martínez Fayó <amartinezfayo@gmail.com>

---------

Signed-off-by: Agustín Martínez Fayó <amartinezfayo@gmail.com>

* Upgrade go-spiffe to 2.7.0 (#7035)

* Upgrade go-spiffe to 2.7.0

Signed-off-by: Sorin Dumitru <sorin@returnze.ro>

* Add dumy implementations for WIT-SVID API

Signed-off-by: Sorin Dumitru <sorin@returnze.ro>

---------

Signed-off-by: Sorin Dumitru <sorin@returnze.ro>

* Remove the unused kind configuration from the cert-manager integration test (#7037)

* Remove stale kindest/node pin from the cert-manager integration test

Signed-off-by: Agustín Martínez Fayó <amartinezfayo@gmail.com>

* Remove the now-unused cert-manager kind config

Signed-off-by: Agustín Martínez Fayó <amartinezfayo@gmail.com>

---------

Signed-off-by: Agustín Martínez Fayó <amartinezfayo@gmail.com>

* Add assignee rotation with ball-in-court tracking for pull requests (#7012)

* Add round-robin reviewer auto-assignment with ball-in-court tracking

Signed-off-by: Agustín Martínez Fayó <amartinezfayo@gmail.com>

* Address Copilot comments

Signed-off-by: Agustín Martínez Fayó <amartinezfayo@gmail.com>

* Address Copilot comments

Signed-off-by: Agustín Martínez Fayó <amartinezfayo@gmail.com>

* Exclude bot-authored PRs from reviewer rotation

Signed-off-by: Agustín Martínez Fayó <amartinezfayo@gmail.com>

* Pick the PR assignee at random instead of by PR number

Signed-off-by: Agustín Martínez Fayó <amartinezfayo@gmail.com>

---------

Signed-off-by: Agustín Martínez Fayó <amartinezfayo@gmail.com>

* Fix assign-reviewer not setting an assignee on open (#7043)

Scope assign-reviewer concurrency per event action

Signed-off-by: Agustín Martínez Fayó <amartinezfayo@gmail.com>

* build(deps): bump github.com/mattn/go-sqlite3 from 1.14.44 to 1.14.45 (#7041)

Bumps [github.com/mattn/go-sqlite3](https://github.com/mattn/go-sqlite3) from 1.14.44 to 1.14.45.
- [Release notes](https://github.com/mattn/go-sqlite3/releases)
- [Commits](https://github.com/mattn/go-sqlite3/compare/v1.14.44...v1.14.45)

---
updated-dependencies:
- dependency-name: github.com/mattn/go-sqlite3
  dependency-version: 1.14.45
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* build(deps): bump github.com/google/go-tpm-tools from 0.4.8 to 0.4.9 (#7040)

Bumps [github.com/google/go-tpm-tools](https://github.com/google/go-tpm-tools) from 0.4.8 to 0.4.9.
- [Release notes](https://github.com/google/go-tpm-tools/releases)
- [Commits](https://github.com/google/go-tpm-tools/compare/v0.4.8...v0.4.9)

---
updated-dependencies:
- dependency-name: github.com/google/go-tpm-tools
  dependency-version: 0.4.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* build(deps): bump github.com/Azure/azure-sdk-for-go/sdk/azcore from 1.21.1 to 1.22.0 in the azure-sdk group (#7039)

build(deps): bump github.com/Azure/azure-sdk-for-go/sdk/azcore

Bumps the azure-sdk group with 1 update: [github.com/Azure/azure-sdk-for-go/sdk/azcore](https://github.com/Azure/azure-sdk-for-go).


Updates `github.com/Azure/azure-sdk-for-go/sdk/azcore` from 1.21.1 to 1.22.0
- [Release notes](https://github.com/Azure/azure-sdk-for-go/releases)
- [Commits](https://github.com/Azure/azure-sdk-for-go/compare/sdk/azcore/v1.21.1...sdk/azcore/v1.22.0)

---
updated-dependencies:
- dependency-name: github.com/Azure/azure-sdk-for-go/sdk/azcore
  dependency-version: 1.22.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: azure-sdk
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* test: Add x509util certificate coverage (#7029)

Signed-off-by: Keegan Witt <keeganwitt@gmail.com>

* Add SPIRE-backed Prometheus TLS identity and SPIFFE allowlist (#6812)

* Add SPIRE-backed Prometheus TLS identity and SPIFFE allowlist

(cherry picked from commit 2ec839e145e276b6e1079f49831a8a023f92f266)
Signed-off-by: aviralgarg05 <gargaviral99@gmail.com>

* Fix markdown table formatting to pass lint

Signed-off-by: Agustín Martínez Fayó <amartinezfayo@gmail.com>

---------

Signed-off-by: aviralgarg05 <gargaviral99@gmail.com>
Signed-off-by: Agustín Martínez Fayó <amartinezfayo@gmail.com>
Co-authored-by: Agustín Martínez Fayó <amartinezfayo@gmail.com>

* test(common/idutil): Expand IDFromProto coverage (#7028)

Add table-driven coverage for invalid trust domain values.

Preserve the existing path validation cases and keep expectations aligned with actual behavior.

Signed-off-by: Keegan Witt <keeganwitt@gmail.com>

* Correct the stale actions/upload-artifact version comment to v7.0.1 (#7053)

Signed-off-by: Agustín Martínez Fayó <amartinezfayo@gmail.com>

* Update the review ball-in-court on fork PRs via workflow_run (#7052)

* Update the review ball-in-court on fork PRs via workflow_run

Signed-off-by: Agustín Martínez Fayó <amartinezfayo@gmail.com>

* Address Copilot comments

Signed-off-by: Agustín Martínez Fayó <amartinezfayo@gmail.com>

* Address Copilot comments

Signed-off-by: Agustín Martínez Fayó <amartinezfayo@gmail.com>

* Harden review-apply against forged capture artifacts

Signed-off-by: Agustín Martínez Fayó <amartinezfayo@gmail.com>

* Mention the review-existence and bot checks in the workflow headers

Signed-off-by: Agustín Martínez Fayó <amartinezfayo@gmail.com>

---------

Signed-off-by: Agustín Martínez Fayó <amartinezfayo@gmail.com>

* build(deps): bump the aws-sdk group across 1 directory with 2 updates (#7059)

Bumps the aws-sdk group with 2 updates in the / directory: [github.com/aws/aws-sdk-go-v2/service/ec2](https://github.com/aws/aws-sdk-go-v2) and [github.com/aws/smithy-go](https://github.com/aws/smithy-go).


Updates `github.com/aws/aws-sdk-go-v2/service/ec2` from 1.305.0 to 1.306.0
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/service/ec2/v1.305.0...service/ec2/v1.306.0)

Updates `github.com/aws/smithy-go` from 1.27.1 to 1.27.2
- [Release notes](https://github.com/aws/smithy-go/releases)
- [Changelog](https://github.com/aws/smithy-go/blob/main/CHANGELOG.md)
- [Commits](https://github.com/aws/smithy-go/compare/v1.27.1...v1.27.2)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2/service/ec2
  dependency-version: 1.306.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: aws-sdk
- dependency-name: github.com/aws/smithy-go
  dependency-version: 1.27.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: aws-sdk
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* build(deps): bump google.golang.org/api from 0.283.0 to 0.284.0 in the google-cloud-sdk group (#7058)

build(deps): bump google.golang.org/api in the google-cloud-sdk group

Bumps the google-cloud-sdk group with 1 update: [google.golang.org/api](https://github.com/googleapis/google-api-go-client).


Updates `google.golang.org/api` from 0.283.0 to 0.284.0
- [Release notes](https://github.com/googleapis/google-api-go-client/releases)
- [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md)
- [Commits](https://github.com/googleapis/google-api-go-client/compare/v0.283.0...v0.284.0)

---
updated-dependencies:
- dependency-name: google.golang.org/api
  dependency-version: 0.284.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: google-cloud-sdk
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* build(deps): bump github.com/open-policy-agent/opa from 1.17.0 to 1.17.1 (#7050)

Bumps [github.com/open-policy-agent/opa](https://github.com/open-policy-agent/opa) from 1.17.0 to 1.17.1.
- [Release notes](https://github.com/open-policy-agent/opa/releases)
- [Changelog](https://github.com/open-policy-agent/opa/blob/v1.17.1/CHANGELOG.md)
- [Commits](https://github.com/open-policy-agent/opa/compare/v1.17.0...v1.17.1)

---
updated-dependencies:
- dependency-name: github.com/open-policy-agent/opa
  dependency-version: 1.17.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* agent: treat failure of all attestation plugins as overall failure & return Unavailable (#7045)

* agent: handle failure of all attestation plugins

Treat failure from all attestation plugins as an overall workload
attestation failure instead of returning no selectors. Without any
selectors, we can never match any workload registration entry.

This early error return path will result in clearer error logs. For
example, in FetchJWTSVID, we'll log "Workload attestation failed"
instead of "No identity issued" with a misleading "registered=false"
field.

Also, pass any attestation error to the telemetry counter.

Signed-off-by: Carlo Teubner <cteubner1@bloomberg.net>

* agent: return Unavailable on attestation fail

Map workload attestation failures to gRPC code Unavailable in request
handlers, instead of returning raw attestor errors (which could be gRPC
errors received from the plugins that may not make sense for the
Workload API, or non-gRPC errors that would get mapped to gRPC code
Unknown).

Signed-off-by: Carlo Teubner <cteubner1@bloomberg.net>

---------

Signed-off-by: Carlo Teubner <cteubner1@bloomberg.net>

* fix: validate missing Workload API endpoint in spire upstreamauthority (#7008)

* fix: validate missing workload API endpoint in spire upstreamauthority

Signed-off-by: immanuwell <pchpr.00@list.ru>

* fix: reject invalid platform workload API settings early

Signed-off-by: immanuwell <pchpr.00@list.ru>

* fix: address review comments on spire upstreamauthority validation

Signed-off-by: immanuwell <pchpr.00@list.ru>

---------

Signed-off-by: immanuwell <pchpr.00@list.ru>

* build(deps): bump actions/github-script from 7.0.1 to 9.0.0 (#7047)

Bumps [actions/github-script](https://github.com/actions/github-script) from 7.0.1 to 9.0.0.
- [Release notes](https://github.com/actions/github-script/releases)
- [Commits](https://github.com/actions/github-script/compare/60a0d83039c74a4aee543508d2ffcb1c3799cdea...3a2844b7e9c422d3c10d287c895573f7108da1b3)

---
updated-dependencies:
- dependency-name: actions/github-script
  dependency-version: 9.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* build(deps): bump the golang-org-x group across 1 directory with 3 updates (#7061)

Bumps the golang-org-x group with 2 updates in the / directory: [golang.org/x/crypto](https://github.com/golang/crypto) and [golang.org/x/net](https://github.com/golang/net).


Updates `golang.org/x/crypto` from 0.52.0 to 0.53.0
- [Commits](https://github.com/golang/crypto/compare/v0.52.0...v0.53.0)

Updates `golang.org/x/net` from 0.55.0 to 0.56.0
- [Commits](https://github.com/golang/net/compare/v0.55.0...v0.56.0)

Updates `golang.org/x/sys` from 0.45.0 to 0.46.0
- [Commits](https://github.com/golang/sys/compare/v0.45.0...v0.46.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-version: 0.53.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: golang-org-x
- dependency-name: golang.org/x/net
  dependency-version: 0.56.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: golang-org-x
- dependency-name: golang.org/x/sys
  dependency-version: 0.46.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: golang-org-x
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Prefer determining pod and container ids from cgroup file (#7060)

* Prefer determining pod and container ids from cgroup file

This file is owned by the kernel and a workload is not able to influence it in any way.

Signed-off-by: Sorin Dumitru <sorin@returnze.ro>

* Fixup previous tests

Signed-off-by: Sorin Dumitru <sorin@returnze.ro>

---------

Signed-off-by: Sorin Dumitru <sorin@returnze.ro>

* build(deps): bump github.com/sigstore/cosign/v3 from 3.0.6 to 3.1.1 (#7055)

Bumps [github.com/sigstore/cosign/v3](https://github.com/sigstore/cosign) from 3.0.6 to 3.1.1.
- [Release notes](https://github.com/sigstore/cosign/releases)
- [Changelog](https://github.com/sigstore/cosign/blob/main/CHANGELOG.md)
- [Commits](https://github.com/sigstore/cosign/compare/v3.0.6...v3.1.1)

---
updated-dependencies:
- dependency-name: github.com/sigstore/cosign/v3
  dependency-version: 3.1.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Fix Azure IMDS Plugin Signature Validation (#6960)

* Fix Azure IMDS Plugin Signature Validation

Signed-off-by: Changheng Gu <cgu@confluent.io>

* Update cert and documentation

Signed-off-by: Changheng Gu <cgu@confluent.io>

* Use slices.Contains for domain validation

Signed-off-by: Changheng Gu <cgu@confluent.io>

* address comment

Signed-off-by: Changheng Gu <cgu@confluent.io>

* address comments

Signed-off-by: Changheng Gu <cgu@confluent.io>

---------

Signed-off-by: Changheng Gu <cgu@confluent.io>

* Switch Dependabot to grouped weekly PRs and drop the auto-merge workflow (#7070)

* Switch Dependabot to grouped weekly PRs and drop the auto-merge workflow

Signed-off-by: Agustín Martínez Fayó <amartinezfayo@gmail.com>

* Address Copilot comments

Signed-off-by: Agustín Martínez Fayó <amartinezfayo@gmail.com>

---------

Signed-off-by: Agustín Martínez Fayó <amartinezfayo@gmail.com>

* build(deps): bump github.com/aws/aws-sdk-go-v2/service/ec2 from 1.306.0 to 1.307.0 in the aws-sdk group (#7067)

build(deps): bump github.com/aws/aws-sdk-go-v2/service/ec2

Bumps the aws-sdk group with 1 update: [github.com/aws/aws-sdk-go-v2/service/ec2](https://github.com/aws/aws-sdk-go-v2).


Updates `github.com/aws/aws-sdk-go-v2/service/ec2` from 1.306.0 to 1.307.0
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/service/ec2/v1.306.0...service/ec2/v1.307.0)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2/service/ec2
  dependency-version: 1.307.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: aws-sdk
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* build(deps): bump regclient/actions from c70ad64367908075211b10dcd2ab9fad4bfa1816 to 14f9d37db17b5dc41fefd1ffdd1af4b9e2490560 (#7063)

build(deps): bump regclient/actions

Bumps [regclient/actions](https://github.com/regclient/actions) from c70ad64367908075211b10dcd2ab9fad4bfa1816 to 14f9d37db17b5dc41fefd1ffdd1af4b9e2490560.
- [Release notes](https://github.com/regclient/actions/releases)
- [Changelog](https://github.com/regclient/actions/blob/main/RELEASE.md)
- [Commits](https://github.com/regclient/actions/compare/c70ad64367908075211b10dcd2ab9fad4bfa1816...14f9d37db17b5dc41fefd1ffdd1af4b9e2490560)

---
updated-dependencies:
- dependency-name: regclient/actions
  dependency-version: 14f9d37db17b5dc41fefd1ffdd1af4b9e2490560
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* build(deps): bump actions/github-script from 7.0.1 to 9.0.0 (#7062)

Bumps [actions/github-script](https://github.com/actions/github-script) from 7.0.1 to 9.0.0.
- [Release notes](https://github.com/actions/github-script/releases)
- [Commits](https://github.com/actions/github-script/compare/v7.0.1...3a2844b7e9c422d3c10d287c895573f7108da1b3)

---
updated-dependencies:
- dependency-name: actions/github-script
  dependency-version: 9.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Fix http_challenge agent name validation regex (#7066)

The agentNamePattern regex had a typo and a structural error. The
character class [a-zA-z] (lowercase z) spans ASCII 0x41-0x7A, which also
matches the six symbols between Z and a ([ \ ] ^ _ `), so names
containing them were accepted. The shape ^[a-zA-z]+[a-zA-Z0-9-]$ required
one or more letters followed by exactly one alphanumeric or dash, which
rejected ordinary agent names such as host01, agent-01 and web-agent.

Replace it with ^[a-zA-Z][a-zA-Z0-9-]*$ (a letter followed by letters,
digits or dashes), simplify validateAgentName to use MatchString, and add
test cases for the newly-accepted and newly-rejected names.

Signed-off-by: kanywst <niwatakuma@icloud.com>

* Upgrade to Go 1.26.4 (#7069)

Signed-off-by: Sorin Dumitru <sorin@returnze.ro>

* [gcp_kms] add small sleep to get public key (#6924)

* [gcp_kms] add small sleep between attempts to getPublicKey

Signed-off-by: daescha <djschlatt@gmail.com>

* [gcp_kms] fix tests

Signed-off-by: daescha <djschlatt@gmail.com>

---------

Signed-off-by: daescha <djschlatt@gmail.com>
Co-authored-by: Agustín Martínez Fayó <amartinezfayo@gmail.com>

* Add spire-agent workload API rate limiting by pod UID with OS UID fal… (#6724)

* Add spire-agent workload API rate limiting by pod UID with OS UID fallback

Signed-off-by: Kevin Lui <kevin.lui@thetradedesk.com>

* Refactor rate limiting into shared package and optimize pod UID resolution

Extract the two-generation GC per-key rate limiter into
pkg/common/ratelimit so both the agent and server share the same
implementation. Add Kubernetes auto-detection to skip procfs reads on
non-k8s nodes and cache pod UID lookups per PID to reduce overhead.

Signed-off-by: Kevin Lui <kevin.lui@thetradedesk.com>

* Rate limit workload API by SPIFFE ID after attestation

Signed-off-by: Kevin Lui <kevin.lui@thetradedesk.com>

* Rekey rate limiter on attested selector set, expand coverage to bundles and SDS

Signed-off-by: Kevin Lui <kevin.lui@thetradedesk.com>

* Clarify rate limiting log message covers Workload API and SDS

Signed-off-by: Kevin Lui <kevin.lui@thetradedesk.com>

* Move rate-limit config to experimental, SHA-256-hash keys, exempt agent from SDS, expand exemption tests, use wg.Go

Signed-off-by: Kevin Lui <kevin.lui@thetradedesk.com>

* Fix CI: avoid out-of-range slice index in test helper and commit regenerated test keys

Signed-off-by: Kevin Lui <kevin.lui@thetradedesk.com>

* Fix CI: align markdown tables in spire_agent.md to satisfy MD060

Signed-off-by: Kevin Lui <kevin.lui@thetradedesk.com>

---------

Signed-off-by: Kevin Lui <kevin.lui@thetradedesk.com>
Signed-off-by: Kevin <4625079+terahertz5k@users.noreply.github.com>
Co-authored-by: Kevin Lui <kevin.lui@thetradedesk.com>

* Update dario.cat/merge dependency (#7083)

This seems to be currently causing issues for dependabot, so manually updating it

Signed-off-by: Sorin Dumitru <sorin@returnze.ro>

* build(deps): bump the minor-and-patch group across 1 directory with 2 updates (#7084)

Bumps the minor-and-patch group with 2 updates in the / directory: [github.com/aws/aws-sdk-go-v2/service/eks](https://github.com/aws/aws-sdk-go-v2) and [k8s.io/mount-utils](https://github.com/kubernetes/mount-utils).


Updates `github.com/aws/aws-sdk-go-v2/service/eks` from 1.84.0 to 1.85.0
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/service/s3/v1.84.0...service/s3/v1.85.0)

Updates `k8s.io/mount-utils` from 0.36.1 to 0.36.2
- [Commits](https://github.com/kubernetes/mount-utils/compare/v0.36.1...v0.36.2)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2/service/eks
  dependency-version: 1.85.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: k8s.io/mount-utils
  dependency-version: 0.36.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Fix data races in built-in BundlePublisher plugins on dynamic reconfiguration (#7082)

Signed-off-by: Agustín Martínez Fayó <amartinezfayo@gmail.com>

* Fix flaky `gcp_kms` key manager tests caused by mock clock handling and shared fixture mutation (#7081)

* Fix flaky `gcp_kms` key manager tests caused by mock clock handling and shared fixture mutation

Signed-off-by: Agustín Martínez Fayó <amartinezfayo@gmail.com>

* Address review comments

Signed-off-by: Agustín Martínez Fayó <amartinezfayo@gmail.com>

---------

Signed-off-by: Agustín Martínez Fayó <amartinezfayo@gmail.com>

* events: keep previous first/lastEvent information when reloading (#6994)

* events: keep previous first/lastEvent information when reloading

Signed-off-by: Sorin Dumitru <sorin@returnze.ro>

* commitReload -> swapCache

Signed-off-by: Sorin Dumitru <sorin@returnze.ro>

* Add concurrent access test

Signed-off-by: Sorin Dumitru <sorin@returnze.ro>

---------

Signed-off-by: Sorin Dumitru <sorin@returnze.ro>

* feat: Support for optional verification of client cert IPs (x509pop) (#6911)

* x509pop: add optional client IP verification

* Switchable with verify_client_ip feature flag
* When enabled, connecting peer's IP is extracted from the gRPC context
  header, forwarded a X-Forwarded-Client-IP, and validated against the
  leaf cert IP SANs

Signed-off-by: Jason Costello <jason@jsnc.tl>

* Adds unit test coverage for verify client IP attestation

Signed-off-by: Jason Costello <jason@jsnc.tl>

* [From review] Perform IP SAN check after X509 is verified

Signed-off-by: Jason Costello <jason@jsnc.tl>

* Fix unit tests to challenge, as required with Attest adjustments

Signed-off-by: Jason Costello <jason@jsnc.tl>

* PR changes

Signed-off-by: Marcos Yacob <marcosyacob@gmail.com>

* PR changes

Signed-off-by: Marcos Yacob <marcosyacob@gmail.com>

* Resolve lint issue on MD

Signed-off-by: Marcos Yacob <marcosyacob@gmail.com>

---------

Signed-off-by: Jason Costello <jason@jsnc.tl>
Signed-off-by: Marcos Yacob <marcosyacob@gmail.com>
Co-authored-by: Marcos Yacob <marcosyacob@gmail.com>

* migrate use of github.com/docker/docker dependencies to github.com/moby/moby equivalents to resolve CVEs (#7078)

migrate use of github.com/docker/docker dependencies to github.com/moby/moby equivalents

Signed-off-by: Daniel Schlatter <djschlatt@gmail.com>

* refactor: use standard `fs.FS` to simplify code (#7046)

Simplify filesystem interfaces using stdlib

Replace our custom FileSystem interface with the standard library's
fs.FS interface, and benefit from its associated helpers.

The only slight downside is that we must now open "proc/[pid]/cgroups"
rather than "/proc/[pid]/cgroups", due to fs.FS interface semantics,
which looks a little bit odd perhaps, but it seems like an overall win
to me.

Also delete OSFileSystem type, which was entirely unused.

Signed-off-by: Carlo Teubner <cteubner1@bloomberg.net>

* Copilot instructions: tell it about new(EXPR) form (#7086)

Tell Copilot about this new Go feature.

Signed-off-by: Carlo Teubner <cteubner1@bloomberg.net>

* Fetch updated attested nodes in bulk (#7022)

* Fetch updated attested nodes in bulk

Signed-off-by: nweisenauer-sap <137267159+nweisenauer-sap@users.noreply.github.com>

* checks for positive pageSize in buildAttestedNodesCache

Signed-off-by: nweisenauer-sap <137267159+nweisenauer-sap@users.noreply.github.com>

* addresses Copilot's review comments

Signed-off-by: nweisenauer-sap <137267159+nweisenauer-sap@users.noreply.github.com>

---------

Signed-off-by: nweisenauer-sap <137267159+nweisenauer-sap@users.noreply.github.com>

* Tolerate mountinfo lines with an empty mount source (#7044)

* Tolerate mountinfo lines with an empty mount source

The docker workload attestor (and k8s, which shares the code) parses
/proc/<pid>/mountinfo via k8s.io/mount-utils ParseMountInfo, which splits
each line with strings.Fields and requires at least 10 fields. Per proc(5)
the mount source may be empty (a tmpfs mount has no source), which renders
as an empty field between the filesystem type and the super options. The
kernel escapes any real whitespace in a path as octal (\040), so the
double space in a line like:

    119 206 0:68 / /local rw,relatime - tmpfs  rw,size=8192k

unambiguously means an empty source. strings.Fields collapses that empty
field, so the line counts as 9 fields and ParseMountInfo rejects the whole
file with "wrong number of fields". The attestor then extracts no
container ID and no SVID is issued.

Replace the upstream call with a small SPIRE-side mountinfo parser that is
position-aware around the "-" separator, so the trailing fstype/source/
super-options triple is read by position and an empty source is tolerated.
Only the root and filesystem type are consumed by the extractor. This also
drops the k8s.io/mount-utils dependency (and its transitive moby/sys/
mountinfo) since it was the only user.

Adds a regression fixture with the empty-source tmpfs line plus unit tests
for the parser.

Signed-off-by: Arpit Jain <arpitjain099@gmail.com>

* Use strings.Split to preserve empty mount-source fields

Switch parseMountInfoLine from the Index+Fields approach to
strings.Split(line, " "), which preserves empty fields between
consecutive spaces. This makes the empty-source handling more
direct: the separator and all fields are located by index in
a single slice.

Also switch parseMountInfo to stream lines with bufio.Scanner
instead of reading the whole file into memory first.

Signed-off-by: Arpit Jain <arpitjain099@gmail.com>

* Use slices.Index for the mountinfo separator

Addresses review: replace the manual separator loop with slices.Index,
and drop the now-unused k8s.io/mount-utils dependency via go mod tidy.

Signed-off-by: arpitjain099 <arpitjain099@gmail.com>

---------

Signed-off-by: Arpit Jain <arpitjain099@gmail.com>
Signed-off-by: arpitjain099 <arpitjain099@gmail.com>

* build(deps): bump the minor-and-patch group with 10 updates (#7091)

Bumps the minor-and-patch group with 10 updates:

| Package | From | To |
| --- | --- | --- |
| [github.com/Azure/azure-sdk-for-go/sdk/azidentity](https://github.com/Azure/azure-sdk-for-go) | `1.13.1` | `1.14.0` |
| [github.com/aws/aws-sdk-go-v2/service/eks](https://github.com/aws/aws-sdk-go-v2) | `1.85.0` | `1.86.0` |
| [github.com/aws/aws-sdk-go-v2/service/s3](https://github.com/aws/aws-sdk-go-v2) | `1.103.0` | `1.104.0` |
| [github.com/spiffe/go-spiffe/v2](https://github.com/spiffe/go-spiffe) | `2.7.0` | `2.8.0` |
| [google.golang.org/api](https://github.com/googleapis/google-api-go-client) | `0.284.0` | `0.285.0` |
| [google.golang.org/genproto/googleapis/rpc](https://github.com/googleapis/go-genproto) | `0.0.0-20260526163538-3dc84a4a5aaa` | `0.0.0-20260610212136-7ab31c22f7ad` |
| [k8s.io/api](https://github.com/kubernetes/api) | `0.36.1` | `0.36.2` |
| [k8s.io/apimachinery](https://github.com/kubernetes/apimachinery) | `0.36.1` | `0.36.2` |
| [k8s.io/client-go](https://github.com/kubernetes/client-go) | `0.36.1` | `0.36.2` |
| [k8s.io/kube-aggregator](https://github.com/kubernetes/kube-aggregator) | `0.36.1` | `0.36.2` |


Updates `github.com/Azure/azure-sdk-for-go/sdk/azidentity` from 1.13.1 to 1.14.0
- [Release notes](https://github.com/Azure/azure-sdk-for-go/releases)
- [Commits](https://github.com/Azure/azure-sdk-for-go/compare/sdk/azidentity/v1.13.1...sdk/azcore/v1.14.0)

Updates `github.com/aws/aws-sdk-go-v2/service/eks` from 1.85.0 to 1.86.0
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/service/s3/v1.85.0...service/s3/v1.86.0)

Updates `github.com/aws/aws-sdk-go-v2/service/s3` from 1.103.0 to 1.104.0
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/service/s3/v1.103.0...service/s3/v1.104.0)

Updates `github.com/spiffe/go-spiffe/v2` from 2.7.0 to 2.8.0
- [Release notes](https://github.com/spiffe/go-spiffe/releases)
- [Changelog](https://github.com/spiffe/go-spiffe/blob/main/CHANGELOG.md)
- [Commits](https://github.com/spiffe/go-spiffe/compare/v2.7.0...v2.8.0)

Updates `google.golang.org/api` from 0.284.0 to 0.285.0
- [Release notes](https://github.com/googleapis/google-api-go-client/releases)
- [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md)
- [Commits](https://github.com/googleapis/google-api-go-client/compare/v0.284.0...v0.285.0)

Updates `google.golang.org/genproto/googleapis/rpc` from 0.0.0-20260526163538-3dc84a4a5aaa to 0.0.0-20260610212136-7ab31c22f7ad
- [Commits](https://github.com/googleapis/go-genproto/commits)

Updates `k8s.io/api` from 0.36.1 to 0.36.2
- [Commits](https://github.com/kubernetes/api/compare/v0.36.1...v0.36.2)

Updates `k8s.io/apimachinery` from 0.36.1 to 0.36.2
- [Commits](https://github.com/kubernetes/apimachinery/compare/v0.36.1...v0.36.2)

Updates `k8s.io/client-go` from 0.36.1 to 0.36.2
- [Changelog](https://github.com/kubernetes/client-go/blob/master/CHANGELOG.md)
- [Commits](https://github.com/kubernetes/client-go/compare/v0.36.1...v0.36.2)

Updates `k8s.io/kube-aggregator` from 0.36.1 to 0.36.2
- [Commits](https://github.com/kubernetes/kube-aggregator/compare/v0.36.1...v0.36.2)

---
updated-dependencies:
- dependency-name: github.com/Azure/azure-sdk-for-go/sdk/azidentity
  dependency-version: 1.14.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: github.com/aws/aws-sdk-go-v2/service/eks
  dependency-version: 1.86.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: github.com/aws/aws-sdk-go-v2/service/s3
  dependency-version: 1.104.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: github.com/spiffe/go-spiffe/v2
  dependency-version: 2.8.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: google.golang.org/api
  dependency-version: 0.285.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: google.golang.org/genproto/googleapis/rpc
  dependency-version: 0.0.0-20260610212136-7ab31c22f7ad
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: k8s.io/api
  dependency-version: 0.36.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: k8s.io/apimachinery
  dependency-version: 0.36.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: k8s.io/client-go
  dependency-version: 0.36.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: k8s.io/kube-aggregator
  dependency-version: 0.36.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* build(deps): bump regclient/actions from 14f9d37db17b5dc41fefd1ffdd1af4b9e2490560 to 4b4db1dcc7dad75ad67a788a380f75a20cc8a040 (#7090)

build(deps): bump regclient/actions

Bumps [regclient/actions](https://github.com/regclient/actions) from 14f9d37db17b5dc41fefd1ffdd1af4b9e2490560 to 4b4db1dcc7dad75ad67a788a380f75a20cc8a040.
- [Release notes](https://github.com/regclient/actions/releases)
- [Changelog](https://github.com/regclient/actions/blob/main/RELEASE.md)
- [Commits](https://github.com/regclient/actions/compare/14f9d37db17b5dc41fefd1ffdd1af4b9e2490560...4b4db1dcc7dad75ad67a788a380f75a20cc8a040)

---
updated-dependencies:
- dependency-name: regclient/actions
  dependency-version: 4b4db1dcc7dad75ad67a788a380f75a20cc8a040
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* build(deps): bump actions/checkout from 6.0.3 to 7.0.0 (#7089)

Bumps [actions/checkout](https://github.com/actions/checkout) from 6.0.3 to 7.0.0.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/df4cb1c069e1874edd31b4311f1884172cec0e10...9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: 7.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* build(deps): bump msys2/setup-msys2 from 2.31.1 to 2.32.0 in the minor-and-patch group (#7088)

build(deps): bump msys2/setup-msys2 in the minor-and-patch group

Bumps the minor-and-patch group with 1 update: [msys2/setup-msys2](https://github.com/msys2/setup-msys2).


Updates `msys2/setup-msys2` from 2.31.1 to 2.32.0
- [Release notes](https://github.com/msys2/setup-msys2/releases)
- [Changelog](https://github.com/msys2/setup-msys2/blob/main/CHANGELOG.md)
- [Commits](https://github.com/msys2/setup-msys2/compare/e9898307ac31d1a803454791be09ab9973336e1c...66cd2cce69caa17b53920067426061ca1de3a884)

---
updated-dependencies:
- dependency-name: msys2/setup-msys2
  dependency-version: 2.32.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* fix: correct TTL logging in delegated identity X.509 SVID subscriber (#7071)

fix: correct TTL logging in delegated identity subscriber when admin/downstream identities are present

Signed-off-by: immanuwell <pchpr.00@list.ru>

* Document the ball-in-court review process in the pull request template (#7095)

Signed-off-by: Agustín Martínez Fayó <amartinezfayo@gmail.com>

* spire-agent: implement logger service (#7017)

* spire-agent: implement logger service

Signed-off-by: Sorin Dumitru <sorin@returnze.ro>

* Copilot review comments

Signed-off-by: Sorin Dumitru <sorin@returnze.ro>

* review comments

Signed-off-by: Sorin Dumitru <sorin@returnze.ro>

* review comments

Signed-off-by: Sorin Dumitru <sorin@returnze.ro>

* Remove auditing

there's no auditing support in the agent

Signed-off-by: Sorin Dumitru <sorin@returnze.ro>

* Use agent rpccontext

Signed-off-by: Sorin Dumitru <sorin@returnze.ro>

* Move status helpers to common/api

Signed-off-by: Sorin Dumitru <sorin@returnze.ro>

* Use status helpers from common/api

Signed-off-by: Sorin Dumitru <sorin@returnze.ro>

* Make sure logger metrics are emitted

Signed-off-by: Sorin Dumitru <sorin@returnze.ro>

* fix linter errors

Signed-off-by: Sorin Dumitru <sorin@returnze.ro>

* Review comments

Signed-off-by: Sorin Dumitru <sorin@returnze.ro>

* Add RPC metric name test

Signed-off-by: Sorin Dumitru <sorin@returnze.ro>

---------

Signed-off-by: Sorin Dumitru <sorin@returnze.ro>

* fix: cascade-delete registered_entries on attested node deletion (#6946)

* fix: cascade-delete registered_entries on attested node deletion

Previously, deleteAttestedNodeAndSelectors deleted AttestedNode and
NodeSelector rows but left registered_entries with parent_id matching
the deleted node's SPIFFE ID untouched. In particular, the alias row
that SPIRE auto-creates in createJoinTokenRegistrationEntry (when
CreateJoinToken is called with AgentId) would survive the node it was
minted for, accumulating as dead rows that still flow through the
server's entry cache and the events-based cache.

This extends deleteAttestedNodeAndSelectors to cascade: find entries
whose parent_id equals the deleted node's SPIFFE ID, delete each via
the existing deleteRegistrationEntrySupport helper, emit a
RegistrationEntryEvent per deletion so event-cache consumers see
them, and log each cascaded delete at Info with the usual
SPIFFEID/ParentID/RegistrationID telemetry fields (matching the
pruneRegistrationEntries pattern). The cascade fires for both
DeleteAttestedNode (admin delete) and PruneAttestedExpiredNodes
(periodic prune) since both paths reach this helper. Callers pass
their existing logger (ds.log for DeleteAttestedNode, the prune
logger for PruneAttestedExpiredNodes).

Mirrors the shape of #3873 which added the node_resolver_map_entries
cascade at the same function.

Fixes #6944

Signed-off-by: angabini <494150+angabini@users.noreply.github.com>

* doc: update spire_server.md

Signed-off-by: angabini <494150+angabini@users.noreply.github.com>

* doc: cleanup spire_server.md

Signed-off-by: angabini <494150+angabini@users.noreply.github.com>

* fix(sqlstore): narrow cascade to join-token-attested nodes

Per review feedback on #6946: cascading every entry parented on a
deleted attested node would also wipe legitimately user-registered
workload entries that happen to be parented directly on a non-join-
token agent SVID (e.g. spiffe://td/spire/agent/aws_iid/...). That
is a supported registration pattern, not an orphan.

Restrict the cascade in deleteAttestedNodeAndSelectors to nodes
whose attested DataType is "join_token". The auto-alias that
createJoinTokenRegistrationEntry writes is the only entry SPIRE
itself creates with parent_id = node SVID, so this still cleans up
the unbounded-growth case reported in #6944 without changing
behavior for any other attestor. A broader explicit cascade can be
added later behind a CLI flag, as suggested in the issue.

Add TestDeleteAttestedNodeNonJoinTokenDoesNotCascade asserting an
aws_iid-attested node's child entry survives node deletion and no
RegistrationEntryEvent is emitted. Existing cascade tests already
use join_token nodes and continue to pass.

Update doc/spire_server.md to reflect the narrowed scope.

Refs #6944

Signed-off-by: angabini <494150+angabini@users.noreply.github.com>

* fix(sqlstore): match alias selector shape on cascade

Per Copilot review feedback on #6946 (B): even within join-token-attested
nodes, child entries can be user-managed (e.g. an operator-created entry
parented on the agent SVID for a workload that happens to share that
parent). Cascading on parent_id alone would still over-delete those.

Tighten deleteAttestedNodeAndSelectors to match the exact shape that
createJoinTokenRegistrationEntry writes:
  - exactly one selector
  - selector.Type == "spiffe_id"
  - selector.Value == entry.ParentID

Anything else stays put.

Tests:
  - Add TestDeleteAttestedNodeJoinTokenPreservesNonAliasChildEntries
    (replaces the federation multi-test): asserts an alias-shaped child
    cascades while a unix-selector workload child parented on the same
    join_token-attested node survives, and exactly one entry event is
    emitted.
  - Sharpen TestDeleteAttestedNodeNonJoinTokenDoesNotCascade: switch
    the child entry to alias-shaped selectors so the test isolates the
    DataType filter from the selector-shape filter.
  - Extract lastRegistrationEntryEventID() helper used by all four
    cascade tests (Copilot review comment 4).

Refs #6944

Signed-off-by: angabini <494150+angabini@users.noreply.github.com>

* doc(spire_server): re-align config table to widest row

The cascade note added in 61a42b9ad widened the prune_attested_nodes_expired_for
description to 581 chars while every other row in the table sat at 480, tripping
markdownlint MD060/table-column-style. Pad the description column on every other
row in the table to match, keeping pipe positions identical at columns 1, 38,
516, 581 across the entire config table.

Pure padding change; no rendered content moved. Separator row padded with
dashes (preserving continuous alignment marker), content rows with spaces.

Signed-off-by: angabini <494150+angabini@users.noreply.github.com>

* test(agent): cover join-token alias cascade end-to-end, cross-ref shape

Incorporates review feedback on #6946.

- Cross-reference the auto-alias entry shape between its writer
  (createJoinTokenRegistrationEntry) and the cascade matcher
  (deleteAttestedNodeAndSelectors) so the two can't drift silently.
- Add TestCascadeDeleteJoinTokenAliasEntry exercising the real
  CreateJoinToken -> DeleteAgent path; fakedatastore is backed by the
  sqlstore, so a shape change that misses the matcher fails the test.
- Document that manual `agent evict`/`agent purge` also cascade and that
  the cleanup is forward-only (pre-existing orphans are not swept).
- Revert the unrelated config-table realignment to keep the doc diff minimal.

Signed-off-by: angabini <494150+angabini@users.noreply.github.com>

---------

Signed-off-by: angabini <494150+angabini@users.noreply.github.com>

* Add tag-based key discovery support in the `aws_kms` KeyManager plugin (#7006)

* Add tag-based key discovery support in the `aws_kms` KeyManager plugin

Signed-off-by: Agustín Martínez Fayó <amartinezfayo@gmail.com>

* Address Copilot comments

Signed-off-by: Agustín Martínez Fayó <amartinezfayo@gmail.com>

* Address review comments

Signed-off-by: Agustín Martínez Fayó <amartinezfayo@gmail.com>

---------

Signed-off-by: Agustín Martínez Fayó <amartinezfayo@gmail.com>

* Fix data race in spiretest log assertion helper (#7096)

Signed-off-by: Agustín Martínez Fayó <amartinezfayo@gmail.com>

* spire-agent: try to enable SE_DEBUG_PRIVILEGE at startup on windows (#7073)

* spire-agent: try to enable SE_DEBUG_PRIVILEGE at startup on windows

The [OpenProcessToken](https://learn.microsoft.com/en-us/windows/win32/api/processthreadsapi/nf-processthreadsapi-openprocesstoken) API mentions that
SE_DEBUG_NAME/SeDebugPrivilege (why two different names, windows???) privilege is required for opening the process token for a process running as a more
privileged account (it does work from admin to admin users without this).

Attempt to enable this and log an warning if that fails.

Signed-off-by: Sorin Dumitru <sorin@returnze.ro>

* Workaround broken AdjustTokenPrivileges

Signed-off-by: Sorin Dumitru <sorin@returnze.ro>

* Move function to global variable

Signed-off-by: Sorin Dumitru <sorin@returnze.ro>

---------

Signed-off-by: Sorin Dumitru <sorin@returnze.ro>

* Fix azure_imds node attestation for standalone VMs (#6807)

Signed-off-by: Ravishen Jain <ravisshen@gmail.com>

* Fix flaky fetch-jwt-svids integration test by waiting for the restarted server (#7108)

* Fix flaky fetch-jwt-svids integration test by waiting for the restarted server

Signed-off-by: Agustín Martínez Fayó <amartinezfayo@gmail.com>

* Address review comments

Signed-off-by: Agustín Martínez Fayó <amartinezfayo@gmail.com>

---------

Signed-off-by: Agustín Martínez Fayó <amartinezfayo@gmail.com>

* Add azure_imds network interface unmarshal regression test (#7106)

Signed-off-by: Agustín Martínez Fayó <amartinezfayo@gmail.com>

* Add force-push guidance to the PR template and reference it from CONTRIBUTING.md (#7105)

Signed-off-by: Agustín Martínez Fayó <amartinezfayo@gmail.com>

* build(deps): bump the minor-and-patch group with 10 updates (#7109)

Bumps the minor-and-patch group with 10 updates:

| Package | From | To |
| --- | --- | --- |
| [github.com/aws/aws-sdk-go-v2/service/ec2](https://github.com/aws/aws-sdk-go-v2) | `1.307.0` | `1.308.0` |
| [github.com/aws/aws-sdk-go-v2/service/eks](https://github.com/aws/aws-sdk-go-v2) | `1.86.0` | `1.87.0` |
| [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry) | `0.21.6` | `0.21.7` |
| [github.com/hashicorp/go-metrics](https://github.com/hashicorp/go-metrics) | `0.5.4` | `0.6.0` |
| [github.com/mattn/go-sqlite3](https://github.com/mattn/go-sqlite3) | `1.14.45` | `1.14.47` |
| [github.com/moby/moby/api](https://github.com/moby/moby) | `1.54.2` | `1.55.0` |
| [github.com/moby/moby/client](https://github.com/moby/moby) | `0.4.1` | `0.5.0` |
| [github.com/shirou/gopsutil/v4](https://github.com/shirou/gopsutil) | `4.26.5` | `4.26.6` |
| [github.com/spiffe/go-spiffe/v2](https://github.com/spiffe/go-spiffe) | `2.8.0` | `2.8.1` |
| [google.golang.org/api](https://github.com/googleapis/google-api-go-client) | `0.285.0` | `0.286.0` |


Updates `github.com/aws/aws-sdk-go-v2/service/ec2` from 1.307.0 to 1.308.0
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/service/ec2/v1.307.0...service/ec2/v1.308.0)

Updates `github.com/aws/aws-sdk-go-v2/service/eks` from 1.86.0 to 1.87.0
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/service/s3/v1.86.0...service/s3/v1.87.0)

Updates `github.com/google/go-containerregistry` from 0.21.6 to 0.21.7
- [Release notes](https://github.com/google/go-containerregistry/releases)
- [Commits](https://github.com/google/go-containerregistry/compare/v0.21.6...v0.21.7)

Updates `github.com/hashicorp/go-metrics` from 0.5.4 to 0.6.0
- [Release notes](https://github.com/hashicorp/go-metrics/releases)
- [Commits](https://github.com/hashicorp/go-metrics/compare/v0.5.4...v0.6.0)

Updates `github.com/mattn/go-sqlite3` from 1.14.45 to 1.14.47
- [Release notes](https://github.com/mattn/go-sqlite3/releases)
- [Commits](https://github.com/mattn/go-sqlite3/compare/v1.14.45...v1.14.47)

Updates `github.com/moby/moby/api` from 1.54.2 to 1.55.0
- [Release notes](https://github.com/moby/moby/releases)
- [Commits](https://github.com/moby/moby/compare/api/v1.54.2...api/v1.55.0)

Updates `github.com/moby/moby/client` from 0.4.1 to 0.5.0
- [Release notes](https://github.com/moby/moby/releases)
- [Changelog](https://github.com/moby/moby/blob/v0.5.0/CHANGELOG.md)
- [Commits](https://github.com/moby/moby/compare/v0.4.1...v0.5.0)

Updates `github.com/shirou/gopsutil/v4` from 4.26.5 to 4.26.6
- [Release notes](https://github.com/shirou/gopsutil/releases)
- [Commits](https://github.com/shirou/gopsutil/compare/v4.26.5...v4.26.6)

Updates `github.com/spiffe/go-spiffe/v2` from 2.8.0 to 2.8.1
- [Release notes](https://github.com/spiffe/go-spiffe/releases)
- [Changelog](https://github.com/spiffe/go-spiffe/blob/main/CHANGELOG.md)
- [Commits](https://github.com/spiffe/go-spiffe/compare/v2.8.0...v2.8.1)

Updates `google.golang.org/api` from 0.285.0 to 0.286.0
- [Release notes](https://github.com/googleapis/google-api-go-client/releases)
- [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md)
- [Commits](https://github.com/googleapis/google-api-go-client/compare/v0.285.0...v0.286.0)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2/service/ec2
  dependency-version: 1.308.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: github.com/aws/aws-sdk-go-v2/service/eks
  dependency-version: 1.87.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: github.com/google/go-containerregistry
  dependency-version: 0.21.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: github.com/hashicorp/go-metrics
  dependency-version: 0.6.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: github.com/mattn/go-sqlite3
  dependency-version: 1.14.47
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: github.com/moby/moby/api
  dependency-version: 1.55.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: github.com/moby/moby/client
  dependency-version: 0.5.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: github.com/shirou/gopsutil/v4
  dependency-version: 4.26.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: github.com/spiffe/go-spiffe/v2
  dependency-version: 2.8.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: google.golang.org/api
  dependency-version: 0.286.0
  dependency-type: direct:production
  update-type: versio…
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants