Skip to content

🐹 Bump the minor-patch group across 1 directory with 6 updates#44

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/go_modules/minor-patch-4fb3bc9c2a
Open

🐹 Bump the minor-patch group across 1 directory with 6 updates#44
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/go_modules/minor-patch-4fb3bc9c2a

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 4, 2026

Copy link
Copy Markdown
Contributor

Bumps the minor-patch group with 4 updates in the / directory: github.com/oapi-codegen/oapi-codegen/v2, github.com/oapi-codegen/runtime, k8s.io/apimachinery and k8s.io/cloud-provider.

Updates github.com/oapi-codegen/oapi-codegen/v2 from 2.5.1 to 2.7.0

Release notes

Sourced from github.com/oapi-codegen/oapi-codegen/v2's releases.

v2.7.0: Squashing bugs, many bugs (and adding some features)

Many improvements and even more bug fixes

This v2.7.0 release of oapi-codegen contains quite a bit of internal refactoring, focused on our most historically fragile code paths, which relate to the aggregate types (allOf/anyOf/oneOf), $ref to external specs, enums, and the spec traversal logic missing quite a few leaf nodes where models should have been generated, but were skipped.

The biggest changes are explicitly described in the sections below, and the full list of commits is at the bottom.

Thank you to all contributors, we've been going through all past PR's and updating them and merging where we can, and thanks to all our users for reporting issues that you hit.

I've (@​mromaszewicz) used a lot of LLM help here to scrub through old issues and do some deep internal refactoring to address common problem areas. I intend to continue doing this, since the conditional generation logic is getting quite complicated. When I originally released oapi-codegen, the use case was much simpler, all the models were under #/components/schemas, and all the references to them were in the requests, responses, etc. I never imagine how many things would be external references or unions, and how many complex OpenAPI specifications people would be generating code for. The initial design was never flexible enough to handle that, so ongoing bug fixes are getting increasingly complex due to edge cases. This version has a lot of internal changes you won't see as a user, but the way we handle type generation internally is unifying lots of copy/paste re-implementations into reusable code for consistency. Most of these changes can be done transparently, but some can't, so, onto the changes:

Code generation changes which might require some changes on your end

This release contains three changes, all very narrow in scope, which will require some manual adjustment of your own code. We've decided that these are small enough and uncommon enough not to require opt-in, which causes internal complexity. It's always a judgment call with these. If we got it wrong, we're happy to revisit it in a maintenance release.

Strict-server external response refs require strict-server generation in both packages (#2357)

If your strict-server spec uses an external $ref to a components/responses/... defined in another spec, that other spec must also be generated with strict-server: true. Add it to the source spec's config and regenerate:

# config for the spec being $ref'd
generate:
  models: true
  strict-server: true   # now required when imported by a strict-server spec

This restores the v2.0.0 behavior that lets you cast response models across package boundaries — the standard pattern for sharing error models (e.g. a common 400) across services. PR #1387 had silently changed the embedded type from N400JSONResponse to the bare externalRef0.N400, so the local and external response structs no longer had matching types and casts stopped compiling.

Many more anonymous inner schemas are now hoisted into top level schemas

Inline oneOf, anyOf, and additionalProperties schemas embedded directly under an operation's request or response body now flow through the same boilerplate-emission pipeline as components/schemas, so they get the As* / From* / Merge* accessor methods they were previously missing. As part of that change, two older naming patterns are replaced with one pattern, shared with all components:

GetPets_200_Data_Item             →  GetPets200JSONResponseBody_Data_Item
GetPets200JSONResponse_Data_Item  →  GetPets200JSONResponseBody_Data_Item

In practice, we think this shouldn't break anyone, because this change addresses a bug which produced pointless types with no benefit, and you never interact with these directly, but rather you'd call an accessor on a field of a model.

Strict middleware typedefs are now inlined (#2271)

StrictHandlerFunc and StrictMiddlewareFunc in generated strict-server code are now inline type definitions instead of aliases to github.com/oapi-codegen/runtime/strictmiddleware/<framework>. Generated servers no longer import that package.

... (truncated)

Commits
  • b363ca5 refactor(codegen): better Swagger compression, modern naming (#1909)
  • 08b3018 Route server enums through general enums codegen (#2358)
  • fbc8e0d revert external-ref carve-out in strict-server response embedding (#2010) (#2...
  • 7517e09 respect output file path on gofmt failure (#2356)
  • 9643421 fix example codegen (#2354)
  • 036a54b per-operation middleware in Echo (#2353)
  • 3338f93 Strict server: gate no-content response headers on nullable/optional (#2351)
  • 218effe Synchronize strict servers (#2350)
  • 81b9d95 Overhaul anonymous schema hoisting (#2348)
  • eff4a2b fix: allow x-go-type and x-go-type-skip-optional-pointer for allOf (#1610)
  • Additional commits viewable in compare view

Updates github.com/oapi-codegen/runtime from 1.1.2 to 1.4.1

Release notes

Sourced from github.com/oapi-codegen/runtime's releases.

Bug fixes

This is a bug fix release.

Changes in v1.4.0, coupled with changes in v2.7.0 of oapi-codegen exposed some new problems. deepObject style marshaling behavior now supports encoding unicode. UTF-8 can't be directly included in parameters, so we need to % escape it.

Form binding now detects maps, which makes binding to a Nullable possible. We can't use generics around Nullable[T], so we handle maps generically, assuming they're a Nullable with its behavior assumptions.

🐛 Bug fixes

📦 Dependency updates

Sponsors

We would like to thank our sponsors for their support during this release.

Parameter handling improvements and fixes

This release fixes some missing edge cases in parameter binding and styling. We now handle all the permutations of style and explode, for the first time. Lots of tests have been added to catch regressions.

🚀 New features and improvements

  • Improve deepobject unmarshalling to support nullable.Nullable and encode.TextUnmarshaler (#45) @​j-waters
  • feat: support spaceDelimited and pipeDelimited query parameter binding (#117) @​mromaszewicz

🐛 Bug fixes

  • Fix form/explode=false incorrectly splitting primitive string values on commas (#119) @​f-kanari

... (truncated)

Commits
  • 2755f15 Fix form binding of Nullables (#133)
  • 17de1dd Percent-encode deepObject parameter wire output (#132)
  • d2b7c4c chore(deps): update oapi-codegen/actions action to v0.7.0
  • 6fd6c25 chore(deps): update github/codeql-action action to v4
  • 19040cc fix(deps): update module github.com/kataras/iris/v12 to v12.2.11
  • e05282e chore(deps): update release-drafter/release-drafter action to v7.2.0 (#122)
  • 247b459 fix(deps): update module github.com/labstack/echo/v4 to v4.15.1 (#105)
  • 1d38dfa fix(deps): update module github.com/labstack/echo/v5 to v5.1.0 (#120)
  • be9ed17 chore(deps): update release-drafter/release-drafter action to v7 (#113)
  • 77570f9 Fix form/explode=false incorrectly splitting primitive string values on comma...
  • Additional commits viewable in compare view

Updates k8s.io/apimachinery from 0.35.0 to 0.36.1

Commits
  • 7af103a Update dependencies to v0.36.1 tag
  • efb7f26 Merge remote-tracking branch 'origin/master' into release-1.36
  • d966e56 Update github.com/moby/spdystream from v0.5.0 to v0.5.1
  • 79b3632 Merge pull request #137864 from yongruilin/dv-dra-mismatch
  • a8822f7 Add slice and map union member support with tests
  • 7dba2d0 Use IsZero instead of IsNil for union ratcheting check
  • d95710f Fix union validation ratcheting when oldObj is nil
  • 729062d Merge pull request #137849 from bryantbiggs/deps/update-kube-openapi
  • 13b12e6 dependencies: bump kube-openapi to drop ginkgo/gomega indirect deps
  • 27f4670 Merge pull request #136657 from Jefftree/sharding-test
  • Additional commits viewable in compare view

Updates k8s.io/cloud-provider from 0.35.0 to 0.36.1

Commits
  • 557a943 Update dependencies to v0.36.1 tag
  • 7ed4846 Merge remote-tracking branch 'origin/master' into release-1.36
  • 499bead Merge pull request #138346 from dashpole/update_otel_prop
  • cbc002e Merge remote-tracking branch 'origin/master' into release-1.36
  • 1ac694c Update github.com/moby/spdystream from v0.5.0 to v0.5.1
  • 008e5d2 update go.opentelemetry.io/otel to v1.41.0
  • 947f8d6 update google.golang.org/grpc to v1.79.3
  • a605393 Merge pull request #137849 from bryantbiggs/deps/update-kube-openapi
  • e7c25aa Merge pull request #137843 from pacoxu/cobra-v1.10.2
  • a9b5736 dependencies: bump kube-openapi to drop ginkgo/gomega indirect deps
  • Additional commits viewable in compare view

Updates k8s.io/component-base from 0.35.0 to 0.36.1

Commits
  • 8b55240 Update dependencies to v0.36.1 tag
  • c842c86 Merge remote-tracking branch 'origin/master' into release-1.36
  • ba6e4e3 Merge pull request #138346 from dashpole/update_otel_prop
  • a8a9f00 Merge remote-tracking branch 'origin/master' into release-1.36
  • 597cc27 Update github.com/moby/spdystream from v0.5.0 to v0.5.1
  • 6bdba9b update go.opentelemetry.io/otel to v1.41.0
  • f688683 update google.golang.org/grpc to v1.79.3
  • 1cffdcd Merge pull request #136355 from enj/enj/i/tls_cache_gc
  • 7dbe9af Merge pull request #137849 from bryantbiggs/deps/update-kube-openapi
  • 8a87883 Merge pull request #137843 from pacoxu/cobra-v1.10.2
  • Additional commits viewable in compare view

Updates k8s.io/klog/v2 from 2.130.1 to 2.140.0

Release notes

Sourced from k8s.io/klog/v2's releases.

Prepare klog release for Kubernetes v1.36

What's Changed

New Contributors

Full Changelog: kubernetes/klog@v2.130.1...v2.140.0

Commits
  • ef4b370 Merge pull request #432 from pierluigilenoci/fix/stderr-threshold-issue-212
  • 39c4c76 refactor: address code review feedback from @​pohly
  • 764a9a3 Merge pull request #430 from pohly/textlogger-optional-header
  • 015c613 Update stderr_threshold_test.go
  • 2f517bd Update klog.go
  • 36bc4ff textlogger: optionally turn off header
  • 5f1f303 Merge pull request #433 from pohly/textlogger-hook-result
  • c469d41 Merge pull request #431 from pohly/ktesting-vmodule-fix
  • 8509d6a ktesting: support multi-line result from AnyToStringHook
  • 08e6e8b Fix stderrthreshold not honored when logtostderr is set
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the minor-patch group with 4 updates in the / directory: [github.com/oapi-codegen/oapi-codegen/v2](https://github.com/oapi-codegen/oapi-codegen), [github.com/oapi-codegen/runtime](https://github.com/oapi-codegen/runtime), [k8s.io/apimachinery](https://github.com/kubernetes/apimachinery) and [k8s.io/cloud-provider](https://github.com/kubernetes/cloud-provider).


Updates `github.com/oapi-codegen/oapi-codegen/v2` from 2.5.1 to 2.7.0
- [Release notes](https://github.com/oapi-codegen/oapi-codegen/releases)
- [Commits](oapi-codegen/oapi-codegen@v2.5.1...v2.7.0)

Updates `github.com/oapi-codegen/runtime` from 1.1.2 to 1.4.1
- [Release notes](https://github.com/oapi-codegen/runtime/releases)
- [Commits](oapi-codegen/runtime@v1.1.2...v1.4.1)

Updates `k8s.io/apimachinery` from 0.35.0 to 0.36.1
- [Commits](kubernetes/apimachinery@v0.35.0...v0.36.1)

Updates `k8s.io/cloud-provider` from 0.35.0 to 0.36.1
- [Commits](kubernetes/cloud-provider@v0.35.0...v0.36.1)

Updates `k8s.io/component-base` from 0.35.0 to 0.36.1
- [Commits](kubernetes/component-base@v0.35.0...v0.36.1)

Updates `k8s.io/klog/v2` from 2.130.1 to 2.140.0
- [Release notes](https://github.com/kubernetes/klog/releases)
- [Changelog](https://github.com/kubernetes/klog/blob/main/RELEASE.md)
- [Commits](kubernetes/klog@v2.130.1...2.140.0)

---
updated-dependencies:
- dependency-name: github.com/oapi-codegen/oapi-codegen/v2
  dependency-version: 2.7.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-patch
- dependency-name: github.com/oapi-codegen/runtime
  dependency-version: 1.4.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-patch
- dependency-name: k8s.io/apimachinery
  dependency-version: 0.36.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-patch
- dependency-name: k8s.io/cloud-provider
  dependency-version: 0.36.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-patch
- dependency-name: k8s.io/component-base
  dependency-version: 0.36.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-patch
- dependency-name: k8s.io/klog/v2
  dependency-version: 2.140.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update go code labels Jun 4, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file go Pull requests that update go code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants