Bump the go_modules group across 1 directory with 6 updates

[dependabot]

Bumps the go_modules group with 5 updates in the / directory:

Package	From	To
github.com/buger/jsonparser	1.1.1	1.1.2
github.com/containerd/containerd	1.7.30	1.7.33
github.com/docker/cli	29.0.3+incompatible	29.2.0+incompatible
go.opentelemetry.io/otel	1.39.0	1.41.0
google.golang.org/grpc	1.77.0	1.79.3

Updates github.com/buger/jsonparser from 1.1.1 to 1.1.2

Release notes

Sourced from github.com/buger/jsonparser's releases.

v1.1.2

What's Changed

• Updated travis to build for 1.13 to 1.15 by @​janreggie in buger/jsonparser#225
• • eliminate 2 allocations in EachKey() by @​Villenny in buger/jsonparser#223
• fix issue #150 (in deleting case) by @​daria-kay in buger/jsonparser#226
• fixing the oss-fuzz issue by @​daria-kay in buger/jsonparser#227
• Fix parseInt overflow check false negative by @​carsonip in buger/jsonparser#231
• Added bespoke error for null cases by @​jonomacd in buger/jsonparser#228
• Fuzzing: Add CIFuzz by @​AdamKorcz in buger/jsonparser#239
• Added latest versions of go to tests by @​moredure in buger/jsonparser#244
• fix EachKey pIdxFlags allocation by @​unxcepted in buger/jsonparser#241
• fix: prevent panic on negative slice index in Delete with malformed JSON (GO-2026-4514) by @​dbarrosop in buger/jsonparser#276

New Contributors

• @​janreggie made their first contribution in buger/jsonparser#225
• @​Villenny made their first contribution in buger/jsonparser#223
• @​daria-kay made their first contribution in buger/jsonparser#226
• @​carsonip made their first contribution in buger/jsonparser#231
• @​jonomacd made their first contribution in buger/jsonparser#228
• @​moredure made their first contribution in buger/jsonparser#244
• @​unxcepted made their first contribution in buger/jsonparser#241
• @​dbarrosop made their first contribution in buger/jsonparser#276

Full Changelog: buger/jsonparser@v1.1.1...v1.1.2

Commits

• a69e7e0 Merge pull request #276 from dbarrosop/master
• d3eacc0 fix: prevent panic on negative slice index in Delete with malformed JSON (GO-...
• 61b32cf Merge pull request #241 from unxcepted/master
• 2181e83 Merge pull request #244 from ScaleChamp/patch-2
• 1510b51 Added latest versions of go to tests
• 6fc2e48 fix: eachkey allocation
• a6f867e Merge pull request #239 from AdamKorcz/cifuzz1
• cbc01fd Fuzzing: Add CIFuzz
• dc92d69 Merge pull request #228 from jonomacd/null-handling
• 2d9d634 Merge pull request #231 from carsonip/fix-parseint-overflow-check
• Additional commits viewable in compare view

Updates github.com/containerd/containerd from 1.7.30 to 1.7.33

Release notes

Sourced from github.com/containerd/containerd's releases.

containerd 1.7.33

Welcome to the v1.7.33 release of containerd!

The thirty-third patch release for containerd 1.7 contains various fixes and updates including security patches.

Security Updates

• containerd

  • CVE-2026-53488
  • CVE-2026-47262

• go-jose

  • CVE-2026-34986

Please try out the release binaries and report any issues at https://github.com/containerd/containerd/issues.

Contributors

• Samuel Karp
• Chris Henzie
• Akihiro Suda
• Akhil Mohan
• Ben Cressey
• Davanum Srinivas
• Sopho Merkviladze

Changes

• Prepare release notes for v1.7.33 (#13631)
  • 7517e6737 Prepare release notes for v1.7.33
  • ab306518a Merge commit from fork
  • d34cdafda Merge commit from fork
  • 9ab2b7a89 Bound user-database file reads in openBoundedUserFile
  • 1e9806f90 Merge commit from fork
  • 4d8ba4d23 Do not propagate reserved labels from image configs
• update runc binary to v1.3.6 (#13615)
  • 74c728c13 update runc binary to v1.3.6
• update go to 1.26.4/1.25.11 (#13579)
  • 947caa4b7 update go to 1.26.4/1.25.11
• Configure udevd children-max for root-test (#13564)
  • e884e964e Configure udevd children-max for root-test
• Clean up disk space in node e2e workflow (#13552)
  • b9e756888 Clean up disk space in node e2e workflow
• Bump go-jose/go-jose/v3 to v3.0.5 to fix GHSA-78h2-9frx-2jm8 (#13467)
  • 4dfc1844e Bump go-jose to v3.0.5 to address CVE-2026-34986

... (truncated)

Commits

• e8b1a9b Merge pull request #13631 from samuelkarp/prepare-1.7.33
• 7517e67 Prepare release notes for v1.7.33
• ab30651 Merge commit from fork
• 0962898 Merge pull request #13615 from k8s-infra-cherrypick-robot/cherry-pick-13606-t...
• 74c728c update runc binary to v1.3.6
• d34cdaf Merge commit from fork
• 1e9806f Merge commit from fork
• 9ab2b7a Bound user-database file reads in openBoundedUserFile
• d805d96 Merge pull request #13579 from akhilerm/1.7-go1.26.4
• 947caa4 update go to 1.26.4/1.25.11
• Additional commits viewable in compare view

Updates github.com/docker/cli from 29.0.3+incompatible to 29.2.0+incompatible

Commits

• 0b9d198 Merge pull request #6764 from vvoland/update-docker
• 9c9ec73 vendor: github.com/moby/moby/client v0.2.2
• bab3e81 vendor: github.com/moby/moby/api v1.53.0
• 2e64fc1 Merge pull request #6367 from thaJeztah/template_slicejoin
• 1f2ba2a Merge pull request #6760 from thaJeztah/container_create_fix_error
• e34a342 templates: make "join" work with non-string slices and map values
• a86356d Merge pull request #6763 from thaJeztah/bump_mapstructure
• 771660a vendor: github.com/go-viper/mapstructure/v2 v2.5.0
• 9cff36b Merge pull request #6762 from thaJeztah/bump_x_deps
• 08ed2bc cli/command/container: make injecting config.json failures a warning
• Additional commits viewable in compare view

Updates github.com/moby/spdystream from 0.5.0 to 0.5.1

Release notes

Sourced from github.com/moby/spdystream's releases.

v0.5.1

What's Changed

Security

Fix memory amplification in SPDY frame parsing leads to denial of service (CVE-2026-35469 / GHSA-pc3f-x583-g7j2)

Changes

• spdy: fix duplicate license headers, add LICENSE, PATENTS, and update NOTICE moby/spdystream#106
• ci: update actions and test against latest Go versions moby/spdystream#107
• use ioutil.Discard for go1.13 compatibility moby/spdystream#109

Full Changelog: moby/spdystream@v0.5.0...v0.5.1

Commits

• c59e5d7 Merge pull request #109 from thaJeztah/use_ioutil
• 2fd0155 use ioutil.Discard for go1.13 compatibility
• ef6121f Merge commit from fork
• 241cec9 compare with signed Int for 32-bit Arm
• 21c3864 Add options to customize limits
• acf9b45 spdy: update godoc for MaxDataLength
• eb63605 spdy: limit header-size and header-count
• 2f21da4 spdy: fix header block byte accounting
• 5976b66 spdy: enforce 24-bit frame length limits
• cf0ec5d Guard against oversized SPDY frames
• Additional commits viewable in compare view

Updates go.opentelemetry.io/otel from 1.39.0 to 1.41.0

Changelog

Sourced from go.opentelemetry.io/otel's changelog.

[1.41.0/0.63.0/0.17.0/0.0.15] 2026-03-02

This release is the last to support [Go 1.24]. The next release will require at least [Go 1.25].

Added

• Support testing of [Go 1.26]. (#7902)

Fixed

• Update Baggage in go.opentelemetry.io/otel/propagation and Parse and New in go.opentelemetry.io/otel/baggage to comply with W3C Baggage specification limits. New and Parse now return partial baggage along with an error when limits are exceeded. Errors from baggage extraction are reported to the global error handler. (#7880)
• Return an error when the endpoint is configured as insecure and with TLS configuration in go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp. (#7914)
• Return an error when the endpoint is configured as insecure and with TLS configuration in go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp. (#7914)
• Return an error when the endpoint is configured as insecure and with TLS configuration in go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp. (#7914)

[1.40.0/0.62.0/0.16.0] 2026-02-02

Added

• Add AlwaysRecord sampler in go.opentelemetry.io/otel/sdk/trace. (#7724)
• Add Enabled method to all synchronous instrument interfaces (Float64Counter, Float64UpDownCounter, Float64Histogram, Float64Gauge, Int64Counter, Int64UpDownCounter, Int64Histogram, Int64Gauge,) in go.opentelemetry.io/otel/metric. This stabilizes the synchronous instrument enabled feature, allowing users to check if an instrument will process measurements before performing computationally expensive operations. (#7763)
• Add go.opentelemetry.io/otel/semconv/v1.39.0 package. The package contains semantic conventions from the v1.39.0 version of the OpenTelemetry Semantic Conventions. See the migration documentation for information on how to upgrade from go.opentelemetry.io/otel/semconv/v1.38.0. (#7783, #7789)

Changed

• Improve the concurrent performance of HistogramReservoir in go.opentelemetry.io/otel/sdk/metric/exemplar by 4x. (#7443)
• Improve the concurrent performance of FixedSizeReservoir in go.opentelemetry.io/otel/sdk/metric/exemplar. (#7447)
• Improve performance of concurrent histogram measurements in go.opentelemetry.io/otel/sdk/metric. (#7474)
• Improve performance of concurrent synchronous gauge measurements in go.opentelemetry.io/otel/sdk/metric. (#7478)
• Add experimental observability metrics in go.opentelemetry.io/otel/exporters/stdout/stdoutmetric. (#7492)
• Exporter in go.opentelemetry.io/otel/exporters/prometheus ignores metrics with the scope go.opentelemetry.io/contrib/bridges/prometheus. This prevents scrape failures when the Prometheus exporter is misconfigured to get data from the Prometheus bridge. (#7688)
• Improve performance of concurrent exponential histogram measurements in go.opentelemetry.io/otel/sdk/metric. (#7702)
• The rpc.grpc.status_code attribute in the experimental metrics emitted from go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc is replaced with the rpc.response.status_code attribute to align with the semantic conventions. (#7854)
• The rpc.grpc.status_code attribute in the experimental metrics emitted from go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc is replaced with the rpc.response.status_code attribute to align with the semantic conventions. (#7854)

Fixed

• Fix bad log message when key-value pairs are dropped because of key duplication in go.opentelemetry.io/otel/sdk/log. (#7662)
• Fix DroppedAttributes on Record in go.opentelemetry.io/otel/sdk/log to not count the non-attribute key-value pairs dropped because of key duplication. (#7662)
• Fix SetAttributes on Record in go.opentelemetry.io/otel/sdk/log to not log that attributes are dropped when they are actually not dropped. (#7662)
• Fix missing request.GetBody in go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp to correctly handle HTTP/2 GOAWAY frame. (#7794)
• WithHostID detector in go.opentelemetry.io/otel/sdk/resource to use full path for ioreg command on Darwin (macOS). (#7818)

... (truncated)

Commits

• 4575a97 Release 1.41.0/0.63.0/0.17.0/0.0.15 (#7977)
• 66fc10d fix: add error handling for insecure HTTP endpoints with TLS client configura...
• 76e6eec chore(deps): update github/codeql-action action to v4.32.5 (#7980)
• 0d50f90 Revert "Generate semconv/v1.40.0" (#7978)
• c38a4a5 Generate semconv/v1.40.0 (#7929)
• 0f1a224 chore(deps): update module github.com/securego/gosec/v2 to v2.23.0 (#7899)
• c79ebf4 chore(deps): update module github.com/daixiang0/gci to v0.14.0 (#7973)
• f758157 chore(deps): update module github.com/sonatard/noctx to v0.5.0 (#7968)
• 92a1164 fix(deps): update github.com/opentracing-contrib/go-grpc/test digest to d566b...
• 3cd7c27 chore(deps): update module github.com/protonmail/go-crypto to v1.4.0 (#7969)
• Additional commits viewable in compare view

Updates google.golang.org/grpc from 1.77.0 to 1.79.3

Release notes

Sourced from google.golang.org/grpc's releases.

Release 1.79.3

Security

• server: fix an authorization bypass where malformed :path headers (missing the leading slash) could bypass path-based restricted "deny" rules in interceptors like grpc/authz. Any request with a non-canonical path is now immediately rejected with an Unimplemented error. (#8981)

Release 1.79.2

Bug Fixes

• stats: Prevent redundant error logging in health/ORCA producers by skipping stats/tracing processing when no stats handler is configured. (grpc/grpc-go#8874)

Release 1.79.1

Bug Fixes

• grpc: Remove the -dev suffix from the User-Agent header. (grpc/grpc-go#8902)

Release 1.79.0

API Changes

• mem: Add experimental API SetDefaultBufferPool to change the default buffer pool. (#8806)
  • Special Thanks: @​vanja-p
• experimental/stats: Update MetricsRecorder to require embedding the new UnimplementedMetricsRecorder (a no-op struct) in all implementations for forward compatibility. (#8780)

Behavior Changes

• balancer/weightedtarget: Remove handling of Addresses and only handle Endpoints in resolver updates. (#8841)

New Features

• experimental/stats: Add support for asynchronous gauge metrics through the new AsyncMetricReporter and RegisterAsyncReporter APIs. (#8780)
• pickfirst: Add support for weighted random shuffling of endpoints, as described in gRFC A113.
  • This is enabled by default, and can be turned off using the environment variable GRPC_EXPERIMENTAL_PF_WEIGHTED_SHUFFLING. (#8864)
• xds: Implement :authority rewriting, as specified in gRFC A81. (#8779)
• balancer/randomsubsetting: Implement the random_subsetting LB policy, as specified in gRFC A68. (#8650)
  • Special Thanks: @​marek-szews

Bug Fixes

• credentials/tls: Fix a bug where the port was not stripped from the authority override before validation. (#8726)
  • Special Thanks: @​Atul1710
• xds/priority: Fix a bug causing delayed failover to lower-priority clusters when a higher-priority cluster is stuck in CONNECTING state. (#8813)
• health: Fix a bug where health checks failed for clients using legacy compression options (WithDecompressor or RPCDecompressor). (#8765)
  • Special Thanks: @​sanki92
• transport: Fix an issue where the HTTP/2 server could skip header size checks when terminating a stream early. (#8769)
  • Special Thanks: @​joybestourous
• server: Propagate status detail headers, if available, when terminating a stream during request header processing. (#8754)
  • Special Thanks: @​joybestourous

Performance Improvements

• credentials/alts: Optimize read buffer alignment to reduce copies. (#8791)
• mem: Optimize pooling and creation of buffer objects. (#8784)
• transport: Reduce slice re-allocations by reserving slice capacity. (#8797)

... (truncated)

Commits

• dda86db Change version to 1.79.3 (#8983)
• 72186f1 grpc: enforce strict path checking for incoming requests on the server (#8981)
• 97ca352 Changing version to 1.79.3-dev (#8954)
• 8902ab6 Change the version to release 1.79.2 (#8947)
• a928670 Cherry-pick #8874 to v1.79.x (#8904)
• 06df363 Change version to 1.79.2-dev (#8903)
• 782f2de Change version to 1.79.1 (#8902)
• 850eccb Change version to 1.79.1-dev (#8851)
• 765ff05 Change version to 1.79.0 (#8850)
• 68804be Cherry pick #8864 to v1.79.x (#8896)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[github-actions]

Hello dependabot[bot] 👋 Thank you for opening a Pull Request in eksctl project. The team will review the Pull Request and aim to respond within 1-10 business days. Meanwhile, please read about the Contribution and Code of Conduct guidelines here. You can find out more information about eksctl on our website