chore(deps): update go dependencies

[red-hat-konflux]

Note: This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Type	Update	Change
cel.dev/expr	indirect	minor	v0.24.0 -> v0.25.1
cloud.google.com/go/auth	indirect	minor	v0.17.0 -> v0.18.2
cloud.google.com/go/longrunning	indirect	minor	v0.7.0 -> v0.8.0
cuelang.org/go	indirect	minor	v0.14.2 -> v0.16.0
github.com/AliyunContainerService/ack-ram-tool/pkg/credentials/provider	indirect	minor	v0.19.0 -> v0.20.0
github.com/AliyunContainerService/ack-ram-tool/pkg/ecsmetadata	indirect	patch	v0.0.9 -> v0.0.10
github.com/Azure/azure-sdk-for-go/sdk/azcore	require	minor	v1.19.1 -> v1.21.0
github.com/Azure/azure-sdk-for-go/sdk/azidentity	require	patch	v1.13.0 -> v1.13.1
github.com/AzureAD/microsoft-authentication-library-for-go	indirect	minor	v1.5.0 -> v1.7.0
github.com/GoogleCloudPlatform/grpc-gcp-go/grpcgcp	indirect	minor	v1.5.3 -> v1.6.0
github.com/GoogleCloudPlatform/opentelemetry-operations-go/exporter/metric	indirect	minor	v0.54.0 -> v0.55.0
github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/resourcemapping	indirect	minor	v0.54.0 -> v0.55.0
github.com/ProtonMail/go-crypto	indirect	minor	v1.3.0 -> v1.4.0
github.com/ThalesIgnite/crypto11	indirect	minor	v1.2.5 -> v1.6.0
github.com/alibabacloud-go/openapi-util	indirect	patch	v0.1.1 -> v0.1.2
github.com/alibabacloud-go/tea	indirect	minor	v1.3.13 -> v1.4.0
github.com/aliyun/credentials-go	indirect	patch	v1.4.7 -> v1.4.11
github.com/aws/aws-sdk-go-v2/credentials	indirect	minor	v1.18.17 -> v1.19.11
github.com/aws/aws-sdk-go-v2/feature/ec2/imds	indirect	patch	v1.18.10 -> v1.18.19
github.com/aws/aws-sdk-go-v2/internal/configsources	indirect	patch	v1.4.10 -> v1.4.19
github.com/aws/aws-sdk-go-v2/internal/ini	indirect	patch	v1.8.4 -> v1.8.5
github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding	indirect	patch	v1.13.2 -> v1.13.6
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url	indirect	patch	v1.13.10 -> v1.13.19
github.com/aws/smithy-go	indirect	patch	v1.23.1 -> v1.23.2
github.com/awslabs/amazon-ecr-credential-helper/ecr-login	require	minor	v0.10.1 -> v0.12.0
github.com/cloudflare/circl	indirect	patch	v1.6.1 -> v1.6.3
github.com/cncf/xds/go	indirect	digest	2ee22ca -> dba9d58
github.com/containerd/stargz-snapshotter/estargz	indirect	patch	v0.18.0 -> v0.18.2
github.com/docker/docker-credential-helpers	require	patch	v0.9.4 -> v0.9.5
github.com/emicklei/proto	indirect	patch	v1.14.2 -> v1.14.3
github.com/envoyproxy/protoc-gen-validate	indirect	minor	v1.2.1 -> v1.3.3
github.com/go-openapi/analysis	indirect	patch	v0.24.0 -> v0.24.2
github.com/go-openapi/errors	indirect	patch	v0.22.3 -> v0.22.7
github.com/go-openapi/jsonpointer	indirect	patch	v0.22.1 -> v0.22.5
github.com/go-openapi/jsonreference	indirect	patch	v0.21.2 -> v0.21.5
github.com/go-openapi/loads	indirect	patch	v0.23.1 -> v0.23.2
github.com/go-openapi/runtime	indirect	patch	v0.29.0 -> v0.29.2
github.com/go-openapi/spec	indirect	patch	v0.22.0 -> v0.22.4
github.com/go-openapi/strfmt	indirect	minor	v0.24.0 -> v0.25.0
github.com/go-openapi/swag	indirect	patch	v0.25.1 -> v0.25.5
github.com/go-openapi/swag/cmdutils	indirect	patch	v0.25.1 -> v0.25.5
github.com/go-openapi/swag/conv	indirect	patch	v0.25.1 -> v0.25.5
github.com/go-openapi/swag/fileutils	indirect	patch	v0.25.1 -> v0.25.5
github.com/go-openapi/swag/jsonname	indirect	patch	v0.25.1 -> v0.25.5
github.com/go-openapi/swag/jsonutils	indirect	patch	v0.25.1 -> v0.25.5
github.com/go-openapi/swag/loading	indirect	patch	v0.25.1 -> v0.25.5
github.com/go-openapi/swag/mangling	indirect	patch	v0.25.1 -> v0.25.5
github.com/go-openapi/swag/netutils	indirect	patch	v0.25.1 -> v0.25.5
github.com/go-openapi/swag/stringutils	indirect	patch	v0.25.1 -> v0.25.5
github.com/go-openapi/swag/typeutils	indirect	patch	v0.25.1 -> v0.25.5
github.com/go-openapi/swag/yamlutils	indirect	patch	v0.25.1 -> v0.25.5
github.com/go-openapi/validate	indirect	patch	v0.25.0 -> v0.25.1
github.com/google/certificate-transparency-go	indirect	patch	v1.3.2 -> v1.3.3
github.com/google/gnostic-models	indirect	patch	v0.7.0 -> v0.7.1
github.com/google/go-containerregistry	require	minor	v0.20.6 -> v0.21.2
github.com/google/go-containerregistry/pkg/authn/k8schain	require	digest	cb4a037 -> 9e0ccb0
github.com/google/go-containerregistry/pkg/authn/kubernetes	require	digest	cb4a037 -> 9e0ccb0
github.com/google/go-querystring	indirect	minor	v1.1.0 -> v1.2.0
github.com/googleapis/enterprise-certificate-proxy	indirect	patch	v0.3.6 -> v0.3.13
github.com/in-toto/in-toto-golang	indirect	minor	v0.9.0 -> v0.10.0
github.com/klauspost/compress	indirect	patch	v1.18.1 -> v1.18.4
github.com/letsencrypt/boulder	require	minor	v0.20250721.0 -> v0.20260303.0
github.com/miekg/pkcs11	indirect	patch	v1.1.1 -> v1.1.2
github.com/open-policy-agent/opa	indirect	minor	v1.1.0 -> v1.14.0
github.com/prometheus/common	indirect	patch	v0.67.1 -> v0.67.5
github.com/prometheus/procfs	indirect	minor	v0.17.0 -> v0.20.1
github.com/protocolbuffers/txtpbfmt	indirect	digest	f293424 -> a481f6a
github.com/secure-systems-lab/go-securesystemslib	indirect	minor	v0.9.1 -> v0.10.0
github.com/sigstore/rekor	require	minor	v1.4.2 -> v1.5.0
github.com/sigstore/scaffolding	require	patch	v0.7.22 -> v0.7.33
github.com/sigstore/sigstore	require	minor	v1.9.6-0.20251017153808-5089bd7668f3 -> v1.10.4
github.com/sigstore/sigstore-go	require	patch	v1.1.3 -> v1.1.4
github.com/sigstore/sigstore/pkg/signature/kms/aws	require	minor	v1.9.5 -> v1.10.4
github.com/sigstore/sigstore/pkg/signature/kms/azure	require	minor	v1.9.5 -> v1.10.4
github.com/sigstore/sigstore/pkg/signature/kms/gcp	require	minor	v1.9.6-0.20251017153808-5089bd7668f3 -> v1.10.4
github.com/sigstore/sigstore/pkg/signature/kms/hashivault	require	minor	v1.9.5 -> v1.10.4
github.com/sirupsen/logrus	indirect	patch	v1.9.3 -> v1.9.4
github.com/spf13/cobra	require	patch	v1.10.1 -> v1.10.2
github.com/transparency-dev/formats	indirect	minor	v0.0.0-20251017110053-404c0d5b696c -> v0.1.0
github.com/transparency-dev/tessera	indirect	patch	v1.0.0 -> v1.0.2
gitlab.com/gitlab-org/api/client-go	indirect	minor	v0.157.0 -> v0.161.1
go.mongodb.org/mongo-driver	indirect	patch	v1.17.4 -> v1.17.9
go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc	indirect	minor	v0.63.0 -> v0.66.0
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp	indirect	minor	v0.63.0 -> v0.66.0
go.opentelemetry.io/contrib/instrumentation/runtime	indirect	minor	v0.63.0 -> v0.66.0
go.opentelemetry.io/otel/exporters/prometheus	indirect	minor	v0.60.0 -> v0.63.0
go.opentelemetry.io/proto/otlp	indirect	minor	v1.8.0 -> v1.9.0
golang.org/x/crypto	require	minor	v0.43.0 -> v0.48.0
golang.org/x/exp	indirect	digest	90e834f -> 3dfff04
golang.org/x/mod	indirect	minor	v0.29.0 -> v0.33.0
golang.org/x/net	require	minor	v0.46.0 -> v0.51.0
golang.org/x/oauth2	indirect	minor	v0.32.0 -> v0.35.0
golang.org/x/sync	indirect	minor	v0.17.0 -> v0.19.0
golang.org/x/sys	indirect	minor	v0.37.0 -> v0.41.0
golang.org/x/term	indirect	minor	v0.36.0 -> v0.40.0
golang.org/x/text	indirect	minor	v0.30.0 -> v0.34.0
golang.org/x/tools	indirect	minor	v0.38.0 -> v0.42.0
google.golang.org/api	indirect	minor	v0.252.0 -> v0.269.0
google.golang.org/genproto	indirect	digest	88f65dc -> a57be14
google.golang.org/genproto/googleapis/api	indirect	digest	88f65dc -> a57be14
google.golang.org/genproto/googleapis/rpc	indirect	digest	88f65dc -> a57be14
k8s.io/api	require	minor	v0.34.1 -> v0.35.2
k8s.io/apiextensions-apiserver	indirect	minor	v0.34.1 -> v0.35.2
k8s.io/apimachinery	require	minor	v0.34.1 -> v0.35.2
k8s.io/client-go	require	minor	v0.34.1 -> v0.35.2
k8s.io/code-generator	replace	minor	v0.34.1 -> v0.35.2
k8s.io/code-generator	require	minor	v0.34.1 -> v0.35.2
k8s.io/gengo/v2	indirect	digest	ec3ebc5 -> 5ee0d03
k8s.io/kube-openapi	replace	digest	589584f -> 5b3e3fd
k8s.io/kube-openapi	require	digest	589584f -> 5b3e3fd
k8s.io/utils	indirect	digest	bc988d5 -> b8788ab
knative.dev/hack	require	digest	4fae780 -> 0126b28
knative.dev/hack/schema	require	digest	4fae780 -> 0126b28
knative.dev/pkg	require	digest	a1339c6 -> a902bbf
sigs.k8s.io/release-utils	require	patch	v0.12.2 -> v0.12.3

---

Warning

Some dependencies could not be looked up. Check the warning logs for more information.

---

Release Notes

google/cel-spec (cel.dev/expr)

v0.25.1

Compare Source

Minor additions to the v0.25.0 release

What's Changed

• Remove test/v1 directory and its protos by @​l46kok in #​487
• Add parsing tests for string and bytes literals by @​hudlow in #​489

Full Changelog: google/cel-spec@v0.25.0...v0.25.1

v0.25.0

Compare Source

What's Changed

• Initial version of the policy specification by @​jcking in #​477
• Remove orphaned ToC entry for enums as ints from the specification by @​timostamm in #​476
• Tests for selector, function, and field names formerly defined as reserved by @​hudlow in #​480
• Add a test case for lastIndexOf in string_ext against an empty string by @​l46kok in #​468
• Remove TOC from language definition by @​hudlow in #​482
• Remove int(enum) -> int signature by @​hudlow in #​483
• Clarify formatting decimals, add %f formatting test cases around rounding by @​l46kok in #​485
• Remove remaining google.rpc.Status deps from cel-spec by @​TristonianJones in #​486

New Contributors

• @​timostamm made their first contribution in #​476

Full Changelog: google/cel-spec@v0.24.0...v0.25.0

googleapis/google-cloud-go (cloud.google.com/go/auth)

v0.18.0

Compare Source

• bigquery:

  • Marked stable.
  • Schema inference of nullable fields supported.
  • Added TimePartitioning to QueryConfig.

• firestore: Data provided to DocumentRef.Set with a Merge option can contain
  Delete sentinels.

• logging: Clients can accept parent resources other than projects.

• pubsub:

  • pubsub/pstest: A lighweight fake for pubsub. Experimental; feedback welcome.
  • Support updating more subscription metadata: AckDeadline,
    RetainAckedMessages and RetentionDuration.

• oslogin/apiv1beta: New client for the Cloud OS Login API.

• rpcreplay: A package for recording and replaying gRPC traffic.

• spanner:

  • Add a ReadWithOptions that supports a row limit, as well as an index.
  • Support query plan and execution statistics.
  • Added OpenCensus support.

• storage: Clarify checksum validation for gzipped files (it is not validated
  when the file is served uncompressed).

cue-lang/cue (cuelang.org/go)

v0.16.0

Compare Source

Changes which may break some users are marked below with: ⚠️

Language

As a reminder, we have two ongoing language experiments since v0.15; a replacement for struct embedding and a rework of aliases. Please give these a try and report any issues or feedback!

⚠️ The cmdreferencepkg global experiment is now stable, meaning that CUE_EXPERIMENT=cmdreferencepkg is always enabled.

#"""# is now accepted as a string literal quoting a double quote, ".

Multiline string literals now require a trailing newline, matching the language spec.

The new try experiment

This release introduces the try experiment, which adds a try clause in comprehensions as well as the use of ? in field selectors. This addition to the language is intended to provide a more concise syntax for handling optional fields without the risk of unintentionally swallowing errors.

This experiment also introduces the else clause for if and try comprehensions, and the fallback clause for for comprehensions, which trigger when a comprehension produces zero values.

You can try this experiment by following our how-to guides on the try clause and the else clause. For more information, see the proposal on GitHub and the spec change patch.

Evaluator

Performance

Further improve the use of caching in the typochecker algorithm; this provides speed-ups of up to 80% on some large projects.

Very large structs (tested with 20,000 fields) are up to 80% faster now, as we were repeating some work unnecessarily.

A great deal of effort has gone into reducing the allocations and memory usage across a number of projects. For some of these, memory usage is down by as much as 60%.

These improvements were possible thanks to our Unity service, letting us analyze CUE's performance and test for regressions on third party projects. Contact @​mvdan on Discord, Slack, or via the Unity page to ensure that your project is included or you are running into slowness.

A number of changes were made to improve support for using cue.Values concurrently; see Issue #​2733 for more details and ongoing progress.

Other changes

Fix a regression introduced in v0.13 where the or built-in with literal arguments could stop behaving like a disjunction.

A number of panics and other bugs in the evaluator which were reported since v0.15.0 have been fixed; thank you to all who reported these.

cmd/cue

Add support for $DOCKER_AUTH_CONFIG to directly provide the contents of $DOCKER_CONFIG/config.json to authenticate with module registries, matching Docker's current behavior.

The --outfile flag now works when given non-regular files such as named pipes or sockets.

⚠️ cue mod publish no longer ignores sub-directories containing a go.mod file.

⚠️ Using cue inside the cue.mod directory now fails consistently with a clear error message to not place CUE code there. Previously, some commands worked while others failed with confusing errors.

⚠️ The global --verbose and --trace flags have been moved to the cue get go and cue trim commands respectively, as they were the only ones actually using those flags, and this could be confusing to users.

Fix a bug where loading ./...:pkgname could lead to loading directories without CUE files as instances, which could cause poor performance for CUE packages with multiple parent directories.

cue exp writefs gains an encoding optional field for regular files, to specify an encoding rather than infer it from the filename extension.

LSP server

Initial LSP support for editing embedded JSON and YAML files. This feature provides completions and hover-docs when editing JSON or YAML files which are embedded into CUE via the @embed attribute. A teaser video is available on YouTube.

Code Actions: two code actions are now provided, Add surrounding struct braces and Remove surrounding struct braces, which convert between

a: b: c

and

a: {
	b: c
}

with the cursor on b.

A complete overhaul of how the LSP server suggests code completions. This solves the previous naïve implementation which would only make suggestions after a field name or path had been started. Now completions are available from within whitespace.

Embedded paths with mutual dependencies: embedded paths with multiple components (e.g. a.b.c) can in some cases only be fully resolved after the resolution of other embedded paths. The LSP server can now correctly handle these dependencies.

The LSP server now implements LSP Document Symbols functionality. This is often used by editors to provide light-weight breadcrumb navigation within a file.

Some preliminary diagnostics are now sent from the LSP server back to the editor. Initially this mainly indicates syntax errors in CUE files, but this can be extended in the future.

Many bug fixes, including better behaviour for files and directories with spaces; improvements for value aliases (foo: L=x); LSP rename now provides placeholder text; improved jump-to-definition behaviour for package-level fields; fixed issues around imports; path resolution; formatting of standalone CUE files; and others.

See our Getting Started wiki page for instructions on how to set it up with your editor.

Please report any bugs or missing features you encounter via the Issue tracker or via the #lsp channels on Discord or Slack.

Encodings

Add support for encoding YAML tags like key: !Custom value by using CUE attributes like key: "value" @​yaml(,tag="!Custom").

cue get go now detects which Go packages use Kubernetes type semantics via // +k8s:openapi-gen=true and obeys the field annotations // +optional and // +nullable.

cue get go gains a --codec flag to configure the use and priority of Go struct field tags like json or yaml.

Fix a bug where cue get go could skip over fields whose type implements one of the supported marshaling interfaces.

Fix a few bugs where cue get go could result in invalid or failing CUE code.

JSON Schema's Config.OpenOnlyWhenExplicit option is now exposed for the CLI via the filetype tag jsonschema+openOnlyWhenExplicit.

JSON Schema now properly encodes hash references for better compatibility with other tools.

Standard library

The strconv package adds ParseNumber, like ParseInt or ParseFloat but allowing other CUE number strings such as 1Ki.

The net package adds InCIDR to test whether an IP is contained by a CIDR string.

The net package adds ParseCIDR to extract useful information from a CIDR string.

The net package adds CompareIP to compare two IP addresses, which can be useful for computing with IP ranges.

The net/http package adds Serve as an experimental API to listen on a port and serve HTTP requests.

The tool/file package adds Symlink to create symbolic links.

Go API

cue.Value.Decode now supports the new cue.Unmarshaler interface, allowing Go types to implement their own CUE value decoding logic via an UnmarshalCUE(cue.Value) error method.

The new cue.IsIncomplete function reports whether the given value is a CUE incomplete error.

cue/ast gains the NewPredeclared and Ident.IsPredeclared to mark and detect identifiers referencing predeclared names like error or int rather than fields which may shadow those names in the current scope.

⚠️ cue.Value.Decode now uses cue.IsIncomplete to not treat incomplete errors as fatal, allowing the decoding to continue.

Fix a bug where cue.Value.Decode could behave incorrectly when decoding a CUE null or incomplete value.

⚠️ cue/token.Compare now sorts absolute paths before relative ones, to ensure consistent behavior between Unix-like systems and Windows.

⚠️ The long-deprecated cue/ast.Node.Comments and cue/ast.Node.AddComment interface methods are now removed; use cue/ast.Comments and cue/ast.AddComment respectively.

⚠️ The long-deprecated and unused cue/parser.FromVersion and cue/parser.DeprecationError APIs are now removed.

⚠️ The long-deprecated and hidden cue.Instance.Eval method is now removed.

Full list of changes since v0.15.0

• internal/ci: use OIDC with the Central Registry for the e2e tests by @​mvdan in de47a5e
• re-enable staticcheck's SA4000 and SA4003 checks by @​mvdan in 771e253
• internal: bump staticcheck to v0.7.0 for Go 1.26 support by @​mvdan in e1de78e
• lsp/eval: correct resolution of package-level fields by @​cuematthew in e3306a9
• lsp/eval: add test showing bad behaviour by @​cuematthew in da5d43a
• lsp/server: make "Remove surrounding struct braces" preferred by @​cuematthew in 5f20a71
• doc/ref: clarify who maintains this document by @​mvdan in 3ee970f
• allow more commands in Claude by @​mvdan in 6d50284
• lspaux/protocol: initial implementation for protocol by @​cuematthew in 3ee106b
• cue/load: check some errors that were ignored by @​rogpeppe in 13fdcdb
• doc/ref: fix three mistakes in the matchIf examples by @​mvdan in 000506e
• cue/load: do not panic when load.Instances(args, nil) fails very early by @​mvdan in cd6a481
• cmd/cue: add a test case for issue 4286 by @​mvdan in edc89df
• lsp/eval: add support for comprehension else/fallback by @​cuematthew in e2d8f7b
• cmd/cue: support explicit encodings in exp writefs by @​mvdan in d0eca3f
• cmd/cue: rewrite exp writefs with internal/filetypes and internal/encoding by @​mvdan in 766668d
• cmd/cue: add first exp writefs testscript by @​mvdan in 00eddbf
• internal/core/adt: missed missing missing by @​mpvl in 8732213
• cue/parser: simplify else/fallback clause rules by @​mpvl in 0cbc9a1
• cue/parser: restrict else to single clause only by @​mpvl in 28f0246
• cue: add fallback keyword for for comprehensions by @​mpvl in fe9f503
• cue/testdata: rename out/eval to out/evalalpha when appropriate by @​rogpeppe in c76dc5a
• cue/build: fix stale identifier resolution across instances by @​mvdan in dd7361a
• cmd/cue: add regression test for issue 4275 by @​mvdan in 791e697
• encoding/yaml: improve ast.StructLit and ListLit positions by @​cuematthew in cde471e
• cmd/cue: be more helpful when publishing a module without source by @​mvdan in 3dfa50a
• encoding/jsonschema: remove net/url.Parse workaround for Go 1.26 by @​mvdan in 6cce9bc
• internal/core/export: fix self-referential lets for recursive definitions by @​mvdan in c257634
• internal/core/compile: avoid double error for invalid optional references by @​mpvl in c1be2bb
• update all dependencies by @​mvdan in 9fb0173
• internal/core/adt: add regression test for error() in pattern constraint keys by @​mvdan in 50a0a5e
• internal/core/adt: fix structural cycle hang with braced selectors by @​mvdan in 36702fd
• cmd/cue: add and unskip tests for invalid task type errors by @​mvdan in db4afc1
• internal/core/dep: fix stack overflow on recursive definitions in dep analysis by @​mvdan in 0b49a54
• internal/core/dep,internal/core/export: fix stack overflow on recursive definitions by @​mvdan in d0e2ab6
• tools/flow: skip phantom tasks from eliminated conditional branches by @​mvdan in 7fb912e
• encoding/gocode: fix test by @​rogpeppe in 98ca6e3
• internal/core: remove import path to instance mapping by @​rogpeppe in b3d9ffc
• doc/spec: use "custom errors" instead of "user errors" by @​myitcv in baf8302
• internal/ci: explicitly set contents permission by @​myitcv in 7cde504
• lsp/eval: Add support for try-clauses and optional path components by @​cuematthew in 62de631
• cue/testdata: update stats for comprehensions/try.txtar by @​mvdan in 20c1149
• internal/core/adt: implement try expressions by @​mpvl in f2e8299
• cue/build: integrate identifier resolution into Complete by @​mpvl in 1aeb33e
• lsp/fscache: ignore ASTs which have no absolute positions by @​cuematthew in 2585b3b
• cue/ast,cue/ast/astutil: add NewPredeclared and IsPredeclared for builtin references by @​mpvl in 8405422
• internal/core/adt: fix else clause duplication in comprehension field splitting by @​mvdan in 40356ab
• cue/load: improve error for major-only version packages outside a module by @​mvdan in 7675369
• cmd/cue/cmd: add test coverage for absolute packages with cue cmd by @​mvdan in f5e266a
• encoding/yaml: add support for YAML tags via @yaml(,tag) attribute by @​jonas-meyer in b1a58bd
• internal/astinternal: omit ILLEGAL tokens in debug print by @​mpvl in 23736eb
• cue: clarify that Schema is only useful for Value.Subsume by @​mvdan in bb18d7b
• lsp/cache: expand completion range of fields in json for double-quotes by @​cuematthew in b1c63da
• all: start using "else" in comprehensions by @​mvdan in 3f2f654
• tweak Claude's allow and deny settings further by @​mvdan in ef6bb80
• internal/ci: disable checkout persist-credentials by default by @​myitcv in 069eac9
• cue/load: do not load non-CUE directories as instances by @​rogpeppe in a4d2a6f
• cue/load: add test case for non-package directories by @​rogpeppe in 028411e
• cmd/cue: deflake cue_after test by @​rogpeppe in 4504db0
• all: use reflect.TypeAssert in three more places by @​mvdan in 58cbd0c
• cue/internal: Make ToFile optionally preserve StructLits by @​cuematthew in ec3e289
• all: re-apply go fix -any=false ./... after Go version bump by @​mvdan in 8579c46
• lsp/cache: completions must not return null items list by @​cuematthew in 75ee97a
• internal/core/export: fix panic in relPathLength for BinaryExpr by @​mvdan in 788eeed
• tools/fix: use ast.Predeclared to avoid shadowing in value alias conversion by @​mvdan in 08a7ec3
• cue/ast,cue/ast/astutil: add Predeclared sentinel for builtin references by @​mvdan in 42cc85f
• tools/fix: add tests for value alias conversion when "self" is in scope by @​mvdan in 3dacb0c
• cue/ast/astutil: fix false positive in label expression check for let clauses by @​mvdan in a93bcc1
• cmd/cue/cmd: add failing test for issue #​4202 by @​mvdan in 0a4a11a
• internal/core/export: avoid let name collisions with dependency fields by @​mvdan in f2b697a
• internal/core/export: add failing test for issue #​4221 by @​mvdan in b690442
• internal/core/adt: fix undefined field in comprehension with structural cycle by @​mvdan in 225a1c4
• cue/testdata: add regression test for issue #​4203 by @​mvdan in e3eb948
• internal/core/adt: fix panic in memory reclamation by @​mvdan in 355d6fd
• internal/core/adt: add else clause to comprehensions by @​mpvl in 9e2dec3
• _scripts: add OpenSpec support for AI-assisted development by @​mpvl in 6a78eff
• lsp/eval: fix field-value aliases by @​cuematthew in 29d8be4
• lsp/eval: add test to show bad behaviour of aliases by @​cuematthew in 3e6bee7
• internal/core/export: fix hidden identifier renaming in for clauses by @​mvdan in 2fea4bc
• internal/core/export: add failing test for issue #​4254 by @​mvdan in c53993e
• cue/errors: avoid duplicate path in error list formatting by @​mvdan in 487c072
• pkg/list/testdata: add regression test for issue #​4171 by @​mvdan in e977cfa
• internal/lsp: implement ConvertFromStruct code action by @​cuematthew in f68f686
• internal/ci: bump actions/checkout and cue.dev/x/githubactions by @​mvdan in f4d1d5a
• lsp/server: force-load all packages for completions within embedded files by @​cuematthew in 5eb5ed9
• pkg/tools/http: remove valueMu mutex from http.Serve by @​mpvl in 95ba1d2
• internal/core/runtime: add lock protection to loaded map by @​mpvl in 6451728
• internal/core/adt: fix race condition in Vertex.Default() by @​mpvl in 854a5b7
• internal/core/adt: use thread-safe WeakMap for regexp caching by @​mpvl in c7797c1
• pkg/tools/http: experimental implementation of http.Serve by @​mpvl in 0badd6d
• golps/protocol: introduce DocumentURI.Path method by @​cuematthew in f04e0fb
• gopls/protocol: rename DocumentURI.Path to DocumentURI.FilePath by @​cuematthew in d8eca4a
• lsp/eval: process field attributes and specialise queries for embeds by @​cuematthew in eb192c6
• internal/lsp: model embedded files as packages by @​cuematthew in fa8946f
• lsp/fscache: read json and yaml files as CUE by @​cuematthew in 6825394
• lsp/cache: rework package dirtying and reloading by @​cuematthew in 22fff24
• internal/lsp: FileEvaluatorForURI returns lsp/cache.File by @​cuematthew in dbf3293
• lsp/eval: change eval constructor to take Config struct by @​cuematthew in 3cd3244
• interpreter/embed: prepare embed for extension by @​cuematthew in a95414a
• encoding/json: extract PatchExpr to internal/encoding/json by @​cuematthew in e5bfcda
• all: apply the straightforward Go 1.25 or later cleanups by @​mvdan in e834a18
• cmd/cue: rewrite help fmt by @​mvdan in 0fa24af
• all: test and release on Go 1.26, require Go 1.25 or later by @​mvdan in 0dc0eac
• internal/core/compile: fix operator precedence in error() builtin by @​mvdan in 70b3f3e
• cue/testdata/builtins: add test for error() with erroring interpolation by @​mvdan in a6070c8
• internal/core/adt: fix value alias resolution in disjunctions by @​mvdan in b053ad5
• cue/testdata/disjunctions: add regression test for value alias in disjunction by @​mvdan in 0c9ed36
• internal/core/adt: handle EqualOp in SimplifyBounds by @​mvdan in 0813460
• pkg/net: add CompareIP by @​mvdan in 174a8b9
• pkg/encoding/openapi: support marshalSchema builtin for openAPI by @​mpvl in 66ea772
• lsp/fscache: correct path components by @​cuematthew in 44a543b
• integration/workspace: add test showing bad behaviour by @​cuematthew in c164d8f
• add go tool cue and xargs as allowed Claude commands by @​mvdan in 4b495fa
• all: go fix -any=false ./... by @​mvdan in 3d3f74b
• internal/lsp: implement ConvertToStruct code action by @​cuematthew in c45f72d
• internal/core/adt: refine cycle handling in LetReference.resolve by @​mvdan in 3e1e745
• cue/testdata/cycle: add regression test for issue 4244 by @​mvdan in eb2c57c
• lsp/cache: provide placeholder for PrepareRename by @​cuematthew in 049d6e1
• internal/ci: allow steps to influence job permissions by @​myitcv in 839f03d
• cmd/cue: alter flag behavior based on the command name by @​mvdan in bc5bd8f
• cmd/cue: drop --verbose and --trace as global flags by @​mvdan in 92afa2e
• cmd/cue: map constants by go/types.Type directly by @​mvdan in dac4e90
• pkg/tool/file: add Symlink by @​sprat in [6618a6f](https://redirect.github.com/cue-lang/cue/commit/6618a6f909b43

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

To execute skipped test pipelines write comment /ok-to-test.

---

Documentation

Find out how to configure dependency updates in MintMaker documentation or see all available configuration options in Renovate documentation.

[red-hat-konflux]

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: go.sum

Command failed: go get -t ./...
go: github.com/ThalesIgnite/crypto11@v1.6.0: parsing go.mod:
	module declares its path as: github.com/ThalesGroup/crypto11
	        but was required as: github.com/ThalesIgnite/crypto11

[red-hat-konflux]

Autoclosing Skipped

This PR has been flagged for autoclosing. However, it is being skipped due to the branch being already modified. Please close/delete it manually or report a bug if you think this is in error.