Release v1.18.4 by github-actions[bot] · Pull Request #849 · overmindtech/cli

github-actions · 2026-06-04T13:31:13Z

Copybara Sync - Release v1.18.4

This PR was automatically created by Copybara, syncing changes from the overmindtech/workspace monorepo.

Original author: carabasdaniel (daniel.carabas@overmind.tech)

What happens when this PR is merged?

The tag-on-merge workflow will automatically create the v1.18.4 tag on main
This tag will trigger the release workflow, which will:
- Run tests
- Build and publish release binaries via GoReleaser
- Upload packages to Cloudsmith

Review Checklist

Changes look correct and match the expected monorepo sync
Tests pass (see CI checks below)

…ENT-190) (#5247)  ## Summary Implements **BRENT-190** (ENG-4517): dedicated Brent Auth0 tenant pair per environment, Post-Login Actions, 1Password fanout, and operator scope split (`admin:*` for brent-area51 / River UI / debug RPCs; `brent:*` for customer paths). ## Brent / Deviations check (78278262085) Addressed all four findings from the latest deviation analysis: | Finding | Resolution | | --- | --- | | River UI grant still allowed `brent:*` | Reverted to **admin-only** on `deploy/modules/brent/clients.tf` and `deploy/modules/ovm-centralised/brent.tf` per approved plan Part 3/6. OIDC + middleware still enforce `admin:write`. | | Missing `flows_id` on Brent module | Added `flows_id` variable (optional override), `flows_id` output, and conditional creation of the flows M2M client in `deploy/modules/brent/flows.tf`. | | Operator integration test incomplete | Replaced with table-driven tests covering all Part 6 operator RPCs (15 read + 3 write). | | Unrelated `sdpcache` flaky-test fix | Acknowledged: commit `d24deb906` fixes `TestDelete/ShardedCache` (1ms TTL → 10s); unrelated to Auth0 work. | ## Testing - `terraform validate` in `deploy/modules/brent/` - `go build -tags=integration ./service/...` (brent-backend) - CI: Terraform plan, Go tests, Brent deviation re-run expected on push ## Post-merge (Part 8 / ENG-4518) Manual JWT smoke, staff `Admin` role assignment on Brent tenants, and app repoint remain operator steps — see `docs/runbooks/brent-auth0-tenants.md`.  <div><a href="https://cursor.com/agents/bc-8b2418ea-921a-4145-9980-03a5bd9a0170"><picture><source media="(prefers-color-scheme: dark)" srcset="https://cursor.com/assets/images/open-in-web-dark.png"><source media="(prefers-color-scheme: light)" srcset="https://cursor.com/assets/images/open-in-web-light.png"><img alt="Open in Web" width="114" height="28" src="https://cursor.com/assets/images/open-in-web-dark.png"></picture></a> <a href="https://cursor.com/background-agent?bcId=bc-8b2418ea-921a-4145-9980-03a5bd9a0170"><picture><source media="(prefers-color-scheme: dark)" srcset="https://cursor.com/assets/images/open-in-cursor-dark.png"><source media="(prefers-color-scheme: light)" srcset="https://cursor.com/assets/images/open-in-cursor-light.png"><img alt="Open in Cursor" width="131" height="28" src="https://cursor.com/assets/images/open-in-cursor-dark.png"></picture></a> </div> --------- Co-authored-by: Cursor Agent <cursoragent@cursor.com> Co-authored-by: David Schmitt <DavidS-ovm@users.noreply.github.com> GitOrigin-RevId: fe4d6eeb386c70db4e94b23c2c7ef18338f68f14

> ℹ️ **Note** > > This PR body was truncated due to platform limits. This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | [github.com/aws/aws-sdk-go-v2](https://redirect.github.com/aws/aws-sdk-go-v2) | `v1.41.7` → `v1.41.8` | ![age](https://developer.mend.io/api/mc/badges/age/go/github.com%2faws%2faws-sdk-go-v2/v1.41.8?slim=true) | ![confidence](https://developer.mend.io/api/mc/badges/confidence/go/github.com%2faws%2faws-sdk-go-v2/v1.41.7/v1.41.8?slim=true) | | [github.com/aws/aws-sdk-go-v2/config](https://redirect.github.com/aws/aws-sdk-go-v2) | `v1.32.17` → `v1.32.19` | ![age](https://developer.mend.io/api/mc/badges/age/go/github.com%2faws%2faws-sdk-go-v2%2fconfig/v1.32.19?slim=true) | ![confidence](https://developer.mend.io/api/mc/badges/confidence/go/github.com%2faws%2faws-sdk-go-v2%2fconfig/v1.32.17/v1.32.19?slim=true) | | [github.com/aws/aws-sdk-go-v2/credentials](https://redirect.github.com/aws/aws-sdk-go-v2) | `v1.19.16` → `v1.19.18` | ![age](https://developer.mend.io/api/mc/badges/age/go/github.com%2faws%2faws-sdk-go-v2%2fcredentials/v1.19.18?slim=true) | ![confidence](https://developer.mend.io/api/mc/badges/confidence/go/github.com%2faws%2faws-sdk-go-v2%2fcredentials/v1.19.16/v1.19.18?slim=true) | | [github.com/aws/aws-sdk-go-v2/feature/ec2/imds](https://redirect.github.com/aws/aws-sdk-go-v2) | `v1.18.23` → `v1.18.24` | ![age](https://developer.mend.io/api/mc/badges/age/go/github.com%2faws%2faws-sdk-go-v2%2ffeature%2fec2%2fimds/v1.18.24?slim=true) | ![confidence](https://developer.mend.io/api/mc/badges/confidence/go/github.com%2faws%2faws-sdk-go-v2%2ffeature%2fec2%2fimds/v1.18.23/v1.18.24?slim=true) | | [github.com/aws/aws-sdk-go-v2/service/apigateway](https://redirect.github.com/aws/aws-sdk-go-v2) | `v1.40.0` → `v1.40.1` | ![age](https://developer.mend.io/api/mc/badges/age/go/github.com%2faws%2faws-sdk-go-v2%2fservice%2fapigateway/v1.40.1?slim=true) | ![confidence](https://developer.mend.io/api/mc/badges/confidence/go/github.com%2faws%2faws-sdk-go-v2%2fservice%2fapigateway/v1.40.0/v1.40.1?slim=true) | | [github.com/aws/aws-sdk-go-v2/service/autoscaling](https://redirect.github.com/aws/aws-sdk-go-v2) | `v1.66.2` → `v1.66.3` | ![age](https://developer.mend.io/api/mc/badges/age/go/github.com%2faws%2faws-sdk-go-v2%2fservice%2fautoscaling/v1.66.3?slim=true) | ![confidence](https://developer.mend.io/api/mc/badges/confidence/go/github.com%2faws%2faws-sdk-go-v2%2fservice%2fautoscaling/v1.66.2/v1.66.3?slim=true) | | [github.com/aws/aws-sdk-go-v2/service/cloudfront](https://redirect.github.com/aws/aws-sdk-go-v2) | `v1.64.0` → `v1.64.1` | ![age](https://developer.mend.io/api/mc/badges/age/go/github.com%2faws%2faws-sdk-go-v2%2fservice%2fcloudfront/v1.64.1?slim=true) | ![confidence](https://developer.mend.io/api/mc/badges/confidence/go/github.com%2faws%2faws-sdk-go-v2%2fservice%2fcloudfront/v1.64.0/v1.64.1?slim=true) | | [github.com/aws/aws-sdk-go-v2/service/cloudwatch](https://redirect.github.com/aws/aws-sdk-go-v2) | `v1.57.0` → `v1.57.1` | ![age](https://developer.mend.io/api/mc/badges/age/go/github.com%2faws%2faws-sdk-go-v2%2fservice%2fcloudwatch/v1.57.1?slim=true) | ![confidence](https://developer.mend.io/api/mc/badges/confidence/go/github.com%2faws%2faws-sdk-go-v2%2fservice%2fcloudwatch/v1.57.0/v1.57.1?slim=true) | | [github.com/aws/aws-sdk-go-v2/service/directconnect](https://redirect.github.com/aws/aws-sdk-go-v2) | `v1.38.17` → `v1.38.18` | ![age](https://developer.mend.io/api/mc/badges/age/go/github.com%2faws%2faws-sdk-go-v2%2fservice%2fdirectconnect/v1.38.18?slim=true) | ![confidence](https://developer.mend.io/api/mc/badges/confidence/go/github.com%2faws%2faws-sdk-go-v2%2fservice%2fdirectconnect/v1.38.17/v1.38.18?slim=true) | | [github.com/aws/aws-sdk-go-v2/service/dynamodb](https://redirect.github.com/aws/aws-sdk-go-v2) | `v1.57.3` → `v1.57.5` | ![age](https://developer.mend.io/api/mc/badges/age/go/github.com%2faws%2faws-sdk-go-v2%2fservice%2fdynamodb/v1.57.5?slim=true) | ![confidence](https://developer.mend.io/api/mc/badges/confidence/go/github.com%2faws%2faws-sdk-go-v2%2fservice%2fdynamodb/v1.57.3/v1.57.5?slim=true) | | [github.com/aws/aws-sdk-go-v2/service/ec2](https://redirect.github.com/aws/aws-sdk-go-v2) | `v1.303.0` → `v1.304.1` | ![age](https://developer.mend.io/api/mc/badges/age/go/github.com%2faws%2faws-sdk-go-v2%2fservice%2fec2/v1.304.1?slim=true) | ![confidence](https://developer.mend.io/api/mc/badges/confidence/go/github.com%2faws%2faws-sdk-go-v2%2fservice%2fec2/v1.303.0/v1.304.1?slim=true) | | [github.com/aws/aws-sdk-go-v2/service/ecs](https://redirect.github.com/aws/aws-sdk-go-v2) | `v1.80.0` → `v1.81.1` | ![age](https://developer.mend.io/api/mc/badges/age/go/github.com%2faws%2faws-sdk-go-v2%2fservice%2fecs/v1.81.1?slim=true) | ![confidence](https://developer.mend.io/api/mc/badges/confidence/go/github.com%2faws%2faws-sdk-go-v2%2fservice%2fecs/v1.80.0/v1.81.1?slim=true) | | [github.com/aws/aws-sdk-go-v2/service/efs](https://redirect.github.com/aws/aws-sdk-go-v2) | `v1.41.16` → `v1.41.17` | ![age](https://developer.mend.io/api/mc/badges/age/go/github.com%2faws%2faws-sdk-go-v2%2fservice%2fefs/v1.41.17?slim=true) | ![confidence](https://developer.mend.io/api/mc/badges/confidence/go/github.com%2faws%2faws-sdk-go-v2%2fservice%2fefs/v1.41.16/v1.41.17?slim=true) | | [github.com/aws/aws-sdk-go-v2/service/eks](https://redirect.github.com/aws/aws-sdk-go-v2) | `v1.84.0` → `v1.84.1` | ![age](https://developer.mend.io/api/mc/badges/age/go/github.com%2faws%2faws-sdk-go-v2%2fservice%2feks/v1.84.1?slim=true) | ![confidence](https://developer.mend.io/api/mc/badges/confidence/go/github.com%2faws%2faws-sdk-go-v2%2fservice%2feks/v1.84.0/v1.84.1?slim=true) | | [github.com/aws/aws-sdk-go-v2/service/elasticloadbalancing](https://redirect.github.com/aws/aws-sdk-go-v2) | `v1.33.25` → `v1.33.26` | ![age](https://developer.mend.io/api/mc/badges/age/go/github.com%2faws%2faws-sdk-go-v2%2fservice%2felasticloadbalancing/v1.33.26?slim=true) | ![confidence](https://developer.mend.io/api/mc/badges/confidence/go/github.com%2faws%2faws-sdk-go-v2%2fservice%2felasticloadbalancing/v1.33.25/v1.33.26?slim=true) | | [github.com/aws/aws-sdk-go-v2/service/elasticloadbalancingv2](https://redirect.github.com/aws/aws-sdk-go-v2) | `v1.54.12` → `v1.54.13` | ![age](https://developer.mend.io/api/mc/badges/age/go/github.com%2faws%2faws-sdk-go-v2%2fservice%2felasticloadbalancingv2/v1.54.13?slim=true) | ![confidence](https://developer.mend.io/api/mc/badges/confidence/go/github.com%2faws%2faws-sdk-go-v2%2fservice%2felasticloadbalancingv2/v1.54.12/v1.54.13?slim=true) | | [github.com/aws/aws-sdk-go-v2/service/iam](https://redirect.github.com/aws/aws-sdk-go-v2) | `v1.53.10` → `v1.53.11` | ![age](https://developer.mend.io/api/mc/badges/age/go/github.com%2faws%2faws-sdk-go-v2%2fservice%2fiam/v1.53.11?slim=true) | ![confidence](https://developer.mend.io/api/mc/badges/confidence/go/github.com%2faws%2faws-sdk-go-v2%2fservice%2fiam/v1.53.10/v1.53.11?slim=true) | | [github.com/aws/aws-sdk-go-v2/service/kms](https://redirect.github.com/aws/aws-sdk-go-v2) | `v1.52.0` → `v1.52.1` | ![age](https://developer.mend.io/api/mc/badges/age/go/github.com%2faws%2faws-sdk-go-v2%2fservice%2fkms/v1.52.1?slim=true) | ![confidence](https://developer.mend.io/api/mc/badges/confidence/go/github.com%2faws%2faws-sdk-go-v2%2fservice%2fkms/v1.52.0/v1.52.1?slim=true) | | [github.com/aws/aws-sdk-go-v2/service/lambda](https://redirect.github.com/aws/aws-sdk-go-v2) | `v1.90.1` → `v1.90.2` | ![age](https://developer.mend.io/api/mc/badges/age/go/github.com%2faws%2faws-sdk-go-v2%2fservice%2flambda/v1.90.2?slim=true) | ![confidence](https://developer.mend.io/api/mc/badges/confidence/go/github.com%2faws%2faws-sdk-go-v2%2fservice%2flambda/v1.90.1/v1.90.2?slim=true) | | [github.com/aws/aws-sdk-go-v2/service/networkfirewall](https://redirect.github.com/aws/aws-sdk-go-v2) | `v1.60.1` → `v1.61.1` | ![age](https://developer.mend.io/api/mc/badges/age/go/github.com%2faws%2faws-sdk-go-v2%2fservice%2fnetworkfirewall/v1.61.1?slim=true) | ![confidence](https://developer.mend.io/api/mc/badges/confidence/go/github.com%2faws%2faws-sdk-go-v2%2fservice%2fnetworkfirewall/v1.60.1/v1.61.1?slim=true) | | [github.com/aws/aws-sdk-go-v2/service/networkmanager](https://redirect.github.com/aws/aws-sdk-go-v2) | `v1.42.0` → `v1.42.1` | ![age](https://developer.mend.io/api/mc/badges/age/go/github.com%2faws%2faws-sdk-go-v2%2fservice%2fnetworkmanager/v1.42.1?slim=true) | ![confidence](https://developer.mend.io/api/mc/badges/confidence/go/github.com%2faws%2faws-sdk-go-v2%2fservice%2fnetworkmanager/v1.42.0/v1.42.1?slim=true) | | [github.com/aws/aws-sdk-go-v2/service/rds](https://redirect.github.com/aws/aws-sdk-go-v2) | `v1.118.2` → `v1.118.3` | ![age](https://developer.mend.io/api/mc/badges/age/go/github.com%2faws%2faws-sdk-go-v2%2fservice%2frds/v1.118.3?slim=true) | ![confidence](https://developer.mend.io/api/mc/badges/confidence/go/github.com%2faws%2faws-sdk-go-v2%2fservice%2frds/v1.118.2/v1.118.3?slim=true) | | [github.com/aws/aws-sdk-go-v2/service/route53](https://redirect.github.com/aws/aws-sdk-go-v2) | `v1.62.7` → `v1.62.8` | ![age](https://developer.mend.io/api/mc/badges/age/go/github.com%2faws%2faws-sdk-go-v2%2fservice%2froute53/v1.62.8?slim=true) | ![confidence](https://developer.mend.io/api/mc/badges/confidence/go/github.com%2faws%2faws-sdk-go-v2%2fservice%2froute53/v1.62.7/v1.62.8?slim=true) | | [github.com/aws/aws-sdk-go-v2/service/s3](https://redirect.github.com/aws/aws-sdk-go-v2) | `v1.101.0` → `v1.102.1` | ![age](https://developer.mend.io/api/mc/badges/age/go/github.com%2faws%2faws-sdk-go-v2%2fservice%2fs3/v1.102.1?slim=true) | ![confidence](https://developer.mend.io/api/mc/badges/confidence/go/github.com%2faws%2faws-sdk-go-v2%2fservice%2fs3/v1.101.0/v1.102.1?slim=true) | | [github.com/aws/aws-sdk-go-v2/service/sesv2](https://redirect.github.com/aws/aws-sdk-go-v2) | `v1.60.5` → `v1.61.1` | ![age](https://developer.mend.io/api/mc/badges/age/go/github.com%2faws%2faws-sdk-go-v2%2fservice%2fsesv2/v1.61.1?slim=true) | ![confidence](https://developer.mend.io/api/mc/badges/confidence/go/github.com%2faws%2faws-sdk-go-v2%2fservice%2fsesv2/v1.60.5/v1.61.1?slim=true) | | [github.com/aws/aws-sdk-go-v2/service/sns](https://redirect.github.com/aws/aws-sdk-go-v2) | `v1.39.17` → `v1.39.18` | ![age](https://developer.mend.io/api/mc/badges/age/go/github.com%2faws%2faws-sdk-go-v2%2fservice%2fsns/v1.39.18?slim=true) | ![confidence](https://developer.mend.io/api/mc/badges/confidence/go/github.com%2faws%2faws-sdk-go-v2%2fservice%2fsns/v1.39.17/v1.39.18?slim=true) | | [github.com/aws/aws-sdk-go-v2/service/sqs](https://redirect.github.com/aws/aws-sdk-go-v2) | `v1.42.27` → `v1.42.28` | ![age](https://developer.mend.io/api/mc/badges/age/go/github.com%2faws%2faws-sdk-go-v2%2fservice%2fsqs/v1.42.28?slim=true) | ![confidence](https://developer.mend.io/api/mc/badges/confidence/go/github.com%2faws%2faws-sdk-go-v2%2fservice%2fsqs/v1.42.27/v1.42.28?slim=true) | | [github.com/aws/aws-sdk-go-v2/service/ssm](https://redirect.github.com/aws/aws-sdk-go-v2) | `v1.68.6` → `v1.68.7` | ![age](https://developer.mend.io/api/mc/badges/age/go/github.com%2faws%2faws-sdk-go-v2%2fservice%2fssm/v1.68.7?slim=true) | ![confidence](https://developer.mend.io/api/mc/badges/confidence/go/github.com%2faws%2faws-sdk-go-v2%2fservice%2fssm/v1.68.6/v1.68.7?slim=true) | | [github.com/aws/aws-sdk-go-v2/service/sts](https://redirect.github.com/aws/aws-sdk-go-v2) | `v1.42.1` → `v1.42.2` | ![age](https://developer.mend.io/api/mc/badges/age/go/github.com%2faws%2faws-sdk-go-v2%2fservice%2fsts/v1.42.2?slim=true) | ![confidence](https://developer.mend.io/api/mc/badges/confidence/go/github.com%2faws%2faws-sdk-go-v2%2fservice%2fsts/v1.42.1/v1.42.2?slim=true) | --- > [!WARNING] > Some dependencies could not be looked up. Check the [Dependency Dashboard](../issues/370) for more information. --- ### Release Notes <details> <summary>aws/aws-sdk-go-v2 (github.com/aws/aws-sdk-go-v2)</summary> ### [`v1.41.8`](https://redirect.github.com/aws/aws-sdk-go-v2/blob/HEAD/CHANGELOG.md#Release-2026-03-26) [Compare Source](https://redirect.github.com/aws/aws-sdk-go-v2/compare/v1.41.7...v1.41.8) #### General Highlights - **Dependency Update**: Updated to the latest SDK module versions #### Module Highlights - `github.com/aws/aws-sdk-go-v2`: v1.41.5 - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/accessanalyzer`: [v1.45.12](service/accessanalyzer/CHANGELOG.md#v14512-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/account`: [v1.30.5](service/account/CHANGELOG.md#v1305-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/acm`: [v1.37.23](service/acm/CHANGELOG.md#v13723-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/acmpca`: [v1.46.12](service/acmpca/CHANGELOG.md#v14612-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/aiops`: [v1.6.21](service/aiops/CHANGELOG.md#v1621-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/amp`: [v1.42.9](service/amp/CHANGELOG.md#v1429-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/amplify`: [v1.38.14](service/amplify/CHANGELOG.md#v13814-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/amplifybackend`: [v1.32.20](service/amplifybackend/CHANGELOG.md#v13220-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/amplifyuibuilder`: [v1.28.20](service/amplifyuibuilder/CHANGELOG.md#v12820-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/apigateway`: [v1.39.1](service/apigateway/CHANGELOG.md#v1391-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/apigatewaymanagementapi`: [v1.29.14](service/apigatewaymanagementapi/CHANGELOG.md#v12914-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/apigatewayv2`: [v1.34.1](service/apigatewayv2/CHANGELOG.md#v1341-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/appconfig`: [v1.43.13](service/appconfig/CHANGELOG.md#v14313-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/appconfigdata`: [v1.23.22](service/appconfigdata/CHANGELOG.md#v12322-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/appfabric`: [v1.16.21](service/appfabric/CHANGELOG.md#v11621-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/appflow`: [v1.51.12](service/appflow/CHANGELOG.md#v15112-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/appintegrations`: [v1.37.7](service/appintegrations/CHANGELOG.md#v1377-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/applicationautoscaling`: [v1.41.14](service/applicationautoscaling/CHANGELOG.md#v14114-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/applicationcostprofiler`: [v1.27.12](service/applicationcostprofiler/CHANGELOG.md#v12712-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/applicationdiscoveryservice`: [v1.35.13](service/applicationdiscoveryservice/CHANGELOG.md#v13513-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/applicationinsights`: [v1.34.20](service/applicationinsights/CHANGELOG.md#v13420-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/applicationsignals`: [v1.19.1](service/applicationsignals/CHANGELOG.md#v1191-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/appmesh`: [v1.35.12](service/appmesh/CHANGELOG.md#v13512-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/apprunner`: [v1.39.14](service/apprunner/CHANGELOG.md#v13914-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/appstream`: [v1.54.4](service/appstream/CHANGELOG.md#v1544-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/appsync`: [v1.53.5](service/appsync/CHANGELOG.md#v1535-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/arcregionswitch`: [v1.6.3](service/arcregionswitch/CHANGELOG.md#v163-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/arczonalshift`: [v1.22.23](service/arczonalshift/CHANGELOG.md#v12223-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/artifact`: [v1.15.5](service/artifact/CHANGELOG.md#v1155-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/athena`: [v1.57.4](service/athena/CHANGELOG.md#v1574-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/auditmanager`: [v1.46.12](service/auditmanager/CHANGELOG.md#v14612-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/autoscaling`: [v1.64.4](service/autoscaling/CHANGELOG.md#v1644-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/autoscalingplans`: [v1.30.14](service/autoscalingplans/CHANGELOG.md#v13014-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/b2bi`: [v1.0.0-preview.100](service/b2bi/CHANGELOG.md#v100-preview100-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/backup`: [v1.54.11](service/backup/CHANGELOG.md#v15411-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/backupgateway`: [v1.26.3](service/backupgateway/CHANGELOG.md#v1263-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/backupsearch`: [v1.6.23](service/backupsearch/CHANGELOG.md#v1623-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/batch`: [v1.63.2](service/batch/CHANGELOG.md#v1632-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/bcmdashboards`: [v1.1.4](service/bcmdashboards/CHANGELOG.md#v114-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/bcmdataexports`: [v1.14.0](service/bcmdataexports/CHANGELOG.md#v1140-2026-03-26) - **Feature**: With this release we are providing an option to accounts to have their export delivered to an S3 bucket that is not owned by the account. - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/bcmpricingcalculator`: [v1.10.9](service/bcmpricingcalculator/CHANGELOG.md#v1109-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/bcmrecommendedactions`: [v1.1.5](service/bcmrecommendedactions/CHANGELOG.md#v115-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/bedrock`: [v1.57.1](service/bedrock/CHANGELOG.md#v1571-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/bedrockagent`: [v1.52.7](service/bedrockagent/CHANGELOG.md#v1527-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/bedrockagentcore`: [v1.15.2](service/bedrockagentcore/CHANGELOG.md#v1152-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/bedrockagentcorecontrol`: [v1.25.1](service/bedrockagentcorecontrol/CHANGELOG.md#v1251-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/bedrockagentruntime`: [v1.51.8](service/bedrockagentruntime/CHANGELOG.md#v1518-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/bedrockdataautomation`: [v1.13.5](service/bedrockdataautomation/CHANGELOG.md#v1135-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/bedrockdataautomationruntime`: [v1.10.4](service/bedrockdataautomationruntime/CHANGELOG.md#v1104-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/bedrockruntime`: [v1.50.4](service/bedrockruntime/CHANGELOG.md#v1504-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/billing`: [v1.10.4](service/billing/CHANGELOG.md#v1104-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/billingconductor`: [v1.28.5](service/billingconductor/CHANGELOG.md#v1285-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/braket`: [v1.39.8](service/braket/CHANGELOG.md#v1398-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/budgets`: [v1.43.4](service/budgets/CHANGELOG.md#v1434-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/chatbot`: [v1.14.21](service/chatbot/CHANGELOG.md#v11421-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/chime`: [v1.41.12](service/chime/CHANGELOG.md#v14112-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/chimesdkidentity`: [v1.27.20](service/chimesdkidentity/CHANGELOG.md#v12720-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/chimesdkmediapipelines`: [v1.26.21](service/chimesdkmediapipelines/CHANGELOG.md#v12621-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/chimesdkmeetings`: [v1.33.15](service/chimesdkmeetings/CHANGELOG.md#v13315-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/chimesdkmessaging`: [v1.32.17](service/chimesdkmessaging/CHANGELOG.md#v13217-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/chimesdkvoice`: [v1.28.13](service/chimesdkvoice/CHANGELOG.md#v12813-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/cleanrooms`: [v1.42.4](service/cleanrooms/CHANGELOG.md#v1424-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/cleanroomsml`: [v1.22.5](service/cleanroomsml/CHANGELOG.md#v1225-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/cloud9`: [v1.33.20](service/cloud9/CHANGELOG.md#v13320-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/cloudcontrol`: [v1.29.13](service/cloudcontrol/CHANGELOG.md#v12913-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/clouddirectory`: [v1.30.12](service/clouddirectory/CHANGELOG.md#v13012-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/cloudformation`: [v1.71.9](service/cloudformation/CHANGELOG.md#v1719-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/cloudfront`: [v1.60.4](service/cloudfront/CHANGELOG.md#v1604-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/cloudfrontkeyvaluestore`: [v1.12.24](service/cloudfrontkeyvaluestore/CHANGELOG.md#v11224-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/cloudhsm`: [v1.29.21](service/cloudhsm/CHANGELOG.md#v12921-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/cloudhsmv2`: [v1.34.21](service/cloudhsmv2/CHANGELOG.md#v13421-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/cloudsearch`: [v1.32.12](service/cloudsearch/CHANGELOG.md#v13212-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/cloudsearchdomain`: [v1.28.20](service/cloudsearchdomain/CHANGELOG.md#v12820-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/cloudtrail`: [v1.55.9](service/cloudtrail/CHANGELOG.md#v1559-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/cloudtraildata`: [v1.17.13](service/cloudtraildata/CHANGELOG.md#v11713-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/cloudwatch`: [v1.55.3](service/cloudwatch/CHANGELOG.md#v1553-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/cloudwatchevents`: [v1.32.23](service/cloudwatchevents/CHANGELOG.md#v13223-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs`: [v1.65.0](service/cloudwatchlogs/CHANGELOG.md#v1650-2026-03-26) - **Feature**: This release adds parameter support to saved queries in CloudWatch Logs Insights. Define reusable query templates with named placeholders, invoke them using start query. Available in Console, CLI and SDK - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/codeartifact`: [v1.38.21](service/codeartifact/CHANGELOG.md#v13821-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/codebuild`: [v1.68.13](service/codebuild/CHANGELOG.md#v16813-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/codecatalyst`: [v1.21.12](service/codecatalyst/CHANGELOG.md#v12112-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/codecommit`: [v1.33.12](service/codecommit/CHANGELOG.md#v13312-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/codeconnections`: [v1.10.20](service/codeconnections/CHANGELOG.md#v11020-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/codedeploy`: [v1.35.13](service/codedeploy/CHANGELOG.md#v13513-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/codeguruprofiler`: [v1.29.20](service/codeguruprofiler/CHANGELOG.md#v12920-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/codegurureviewer`: [v1.34.20](service/codegurureviewer/CHANGELOG.md#v13420-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/codegurusecurity`: [v1.16.24](service/codegurusecurity/CHANGELOG.md#v11624-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/codepipeline`: [v1.46.21](service/codepipeline/CHANGELOG.md#v14621-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/codestarconnections`: [v1.35.13](service/codestarconnections/CHANGELOG.md#v13513-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/codestarnotifications`: [v1.31.21](service/codestarnotifications/CHANGELOG.md#v13121-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/cognitoidentity`: [v1.33.22](service/cognitoidentity/CHANGELOG.md#v13322-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider`: [v1.59.3](service/cognitoidentityprovider/CHANGELOG.md#v1593-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/cognitosync`: [v1.29.12](service/cognitosync/CHANGELOG.md#v12912-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/comprehend`: [v1.40.21](service/comprehend/CHANGELOG.md#v14021-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/comprehendmedical`: [v1.31.21](service/comprehendmedical/CHANGELOG.md#v13121-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/computeoptimizer`: [v1.49.8](service/computeoptimizer/CHANGELOG.md#v1498-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/computeoptimizerautomation`: [v1.0.8](service/computeoptimizerautomation/CHANGELOG.md#v108-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/configservice`: [v1.62.1](service/configservice/CHANGELOG.md#v1621-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/connect`: [v1.166.1](service/connect/CHANGELOG.md#v11661-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/connectcampaigns`: [v1.20.20](service/connectcampaigns/CHANGELOG.md#v12020-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/connectcampaignsv2`: [v1.11.4](service/connectcampaignsv2/CHANGELOG.md#v1114-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/connectcases`: [v1.39.1](service/connectcases/CHANGELOG.md#v1391-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/connectcontactlens`: [v1.33.13](service/connectcontactlens/CHANGELOG.md#v13313-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/connecthealth`: [v1.0.3](service/connecthealth/CHANGELOG.md#v103-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/connectparticipant`: [v1.36.7](service/connectparticipant/CHANGELOG.md#v1367-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/controlcatalog`: [v1.14.9](service/controlcatalog/CHANGELOG.md#v1149-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/controltower`: [v1.28.9](service/controltower/CHANGELOG.md#v1289-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/costandusagereportservice`: [v1.34.13](service/costandusagereportservice/CHANGELOG.md#v13413-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/costexplorer`: [v1.63.6](service/costexplorer/CHANGELOG.md#v1636-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/costoptimizationhub`: [v1.22.8](service/costoptimizationhub/CHANGELOG.md#v1228-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/customerprofiles`: [v1.57.2](service/customerprofiles/CHANGELOG.md#v1572-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/databasemigrationservice`: [v1.61.10](service/databasemigrationservice/CHANGELOG.md#v16110-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/databrew`: [v1.39.14](service/databrew/CHANGELOG.md#v13914-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/dataexchange`: [v1.40.14](service/dataexchange/CHANGELOG.md#v14014-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/datapipeline`: [v1.30.20](service/datapipeline/CHANGELOG.md#v13020-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/datasync`: [v1.58.2](service/datasync/CHANGELOG.md#v1582-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/datazone`: [v1.54.2](service/datazone/CHANGELOG.md#v1542-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/dax`: [v1.29.16](service/dax/CHANGELOG.md#v12916-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/deadline`: [v1.26.2](service/deadline/CHANGELOG.md#v1262-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/detective`: [v1.38.13](service/detective/CHANGELOG.md#v13813-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/devicefarm`: [v1.38.8](service/devicefarm/CHANGELOG.md#v1388-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/devopsguru`: [v1.40.12](service/devopsguru/CHANGELOG.md#v14012-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/directconnect`: [v1.38.15](service/directconnect/CHANGELOG.md#v13815-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/directoryservice`: [v1.38.16](service/directoryservice/CHANGELOG.md#v13816-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/directoryservicedata`: [v1.7.21](service/directoryservicedata/CHANGELOG.md#v1721-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/dlm`: [v1.35.16](service/dlm/CHANGELOG.md#v13516-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/docdb`: [v1.48.13](service/docdb/CHANGELOG.md#v14813-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/docdbelastic`: [v1.20.13](service/docdbelastic/CHANGELOG.md#v12013-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/drs`: [v1.36.13](service/drs/CHANGELOG.md#v13613-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/dsql`: [v1.12.8](service/dsql/CHANGELOG.md#v1128-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/dynamodb`: [v1.57.1](service/dynamodb/CHANGELOG.md#v1571-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/dynamodbstreams`: [v1.32.14](service/dynamodbstreams/CHANGELOG.md#v13214-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/ebs`: [v1.33.14](service/ebs/CHANGELOG.md#v13314-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/ec2`: [v1.296.1](service/ec2/CHANGELOG.md#v12961-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/ec2instanceconnect`: [v1.32.20](service/ec2instanceconnect/CHANGELOG.md#v13220-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/ecr`: [v1.56.2](service/ecr/CHANGELOG.md#v1562-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/ecrpublic`: [v1.38.13](service/ecrpublic/CHANGELOG.md#v13813-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/ecs`: [v1.74.1](service/ecs/CHANGELOG.md#v1741-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/efs`: [v1.41.14](service/efs/CHANGELOG.md#v14114-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/eks`: [v1.81.2](service/eks/CHANGELOG.md#v1812-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/eksauth`: [v1.12.13](service/eksauth/CHANGELOG.md#v11213-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/elasticache`: [v1.51.13](service/elasticache/CHANGELOG.md#v15113-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/elasticbeanstalk`: [v1.34.2](service/elasticbeanstalk/CHANGELOG.md#v1342-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/elasticloadbalancing`: [v1.33.23](service/elasticloadbalancing/CHANGELOG.md#v13323-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/elasticloadbalancingv2`: [v1.54.10](service/elasticloadbalancingv2/CHANGELOG.md#v15410-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/elasticsearchservice`: [v1.39.2](service/elasticsearchservice/CHANGELOG.md#v1392-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/elementalinference`: [v1.0.3](service/elementalinference/CHANGELOG.md#v103-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/emr`: [v1.59.0](service/emr/CHANGELOG.md#v1590-2026-03-26) - **Feature**: Add StepExecutionRoleArn to RunJobFlow API - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/emrcontainers`: [v1.40.17](service/emrcontainers/CHANGELOG.md#v14017-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/emrserverless`: [v1.39.6](service/emrserverless/CHANGELOG.md#v1396-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/entityresolution`: [v1.26.5](service/entityresolution/CHANGELOG.md#v1265-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/eventbridge`: [v1.45.23](service/eventbridge/CHANGELOG.md#v14523-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/evs`: [v1.6.4](service/evs/CHANGELOG.md#v164-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/finspace`: [v1.33.21](service/finspace/CHANGELOG.md#v13321-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/finspacedata`: [v1.33.21](service/finspacedata/CHANGELOG.md#v13321-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/firehose`: [v1.42.13](service/firehose/CHANGELOG.md#v14213-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/fis`: [v1.37.20](service/fis/CHANGELOG.md#v13720-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/fms`: [v1.44.22](service/fms/CHANGELOG.md#v14422-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/forecast`: [v1.41.21](service/forecast/CHANGELOG.md#v14121-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/forecastquery`: [v1.29.21](service/forecastquery/CHANGELOG.md#v12921-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/frauddetector`: [v1.41.12](service/frauddetector/CHANGELOG.md#v14112-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/freetier`: [v1.13.14](service/freetier/CHANGELOG.md#v11314-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/fsx`: [v1.65.7](service/fsx/CHANGELOG.md#v1657-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/gamelift`: [v1.51.3](service/gamelift/CHANGELOG.md#v1513-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/gameliftstreams`: [v1.11.1](service/gameliftstreams/CHANGELOG.md#v1111-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/geomaps`: [v1.9.4](service/geomaps/CHANGELOG.md#v194-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/geoplaces`: [v1.8.5](service/geoplaces/CHANGELOG.md#v185-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/georoutes`: [v1.7.14](service/georoutes/CHANGELOG.md#v1714-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/glacier`: [v1.32.6](service/glacier/CHANGELOG.md#v1326-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/globalaccelerator`: [v1.35.15](service/globalaccelerator/CHANGELOG.md#v13515-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/glue`: [v1.139.1](service/glue/CHANG > ✂ **Note** > > PR body was truncated to here. </details> --- ### Configuration 📅 **Schedule**: (in timezone Europe/London) - Branch creation - "after 6pm on thursday,before 10am on friday" - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://redirect.github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/overmindtech/workspace).  Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> GitOrigin-RevId: dcbabe74f276147c0cfa26e4b50e1c51d66bcf5a

This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | [github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/authorization/armauthorization/v3](https://redirect.github.com/Azure/azure-sdk-for-go) | `v3.0.0-beta.2` → `v3.0.0-beta.3` | ![age](https://developer.mend.io/api/mc/badges/age/go/github.com%2fAzure%2fazure-sdk-for-go%2fsdk%2fresourcemanager%2fauthorization%2farmauthorization%2fv3/v3.0.0-beta.3?slim=true) | ![confidence](https://developer.mend.io/api/mc/badges/confidence/go/github.com%2fAzure%2fazure-sdk-for-go%2fsdk%2fresourcemanager%2fauthorization%2farmauthorization%2fv3/v3.0.0-beta.2/v3.0.0-beta.3?slim=true) | | [github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/sql/armsql/v2](https://redirect.github.com/Azure/azure-sdk-for-go) | `v2.0.0-beta.7` → `v2.0.0-beta.8` | ![age](https://developer.mend.io/api/mc/badges/age/go/github.com%2fAzure%2fazure-sdk-for-go%2fsdk%2fresourcemanager%2fsql%2farmsql%2fv2/v2.0.0-beta.8?slim=true) | ![confidence](https://developer.mend.io/api/mc/badges/confidence/go/github.com%2fAzure%2fazure-sdk-for-go%2fsdk%2fresourcemanager%2fsql%2farmsql%2fv2/v2.0.0-beta.7/v2.0.0-beta.8?slim=true) | --- > [!WARNING] > Some dependencies could not be looked up. Check the [Dependency Dashboard](../issues/370) for more information. --- ### Configuration 📅 **Schedule**: (in timezone Europe/London) - Branch creation - "after 6pm on thursday,before 10am on friday" - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://redirect.github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/overmindtech/workspace).  Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> GitOrigin-RevId: 6dff0571186813d8eb8f28c42a0d7d348308870c

This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [aws-actions/configure-aws-credentials](https://redirect.github.com/aws-actions/configure-aws-credentials) | action | patch | `v6.1.1` → `v6.1.3` | | [depot/build-push-action](https://redirect.github.com/depot/build-push-action) | action | minor | `v1.17.0` → `v1.18.0` | | postgres | service | minor | `16.8` → `16.11` | --- > [!WARNING] > Some dependencies could not be looked up. Check the [Dependency Dashboard](../issues/370) for more information. --- ### Release Notes <details> <summary>aws-actions/configure-aws-credentials (aws-actions/configure-aws-credentials)</summary> ### [`v6.1.3`](https://redirect.github.com/aws-actions/configure-aws-credentials/compare/v6.1.2...v6.1.3) [Compare Source](https://redirect.github.com/aws-actions/configure-aws-credentials/compare/v6.1.2...v6.1.3) ### [`v6.1.2`](https://redirect.github.com/aws-actions/configure-aws-credentials/compare/v6.1.1...v6.1.2) [Compare Source](https://redirect.github.com/aws-actions/configure-aws-credentials/compare/v6.1.1...v6.1.2) </details> <details> <summary>depot/build-push-action (depot/build-push-action)</summary> ### [`v1.18.0`](https://redirect.github.com/depot/build-push-action/releases/tag/v1.18.0) [Compare Source](https://redirect.github.com/depot/build-push-action/compare/v1.17.0...v1.18.0) #### What's Changed - Upgrade action runtime to Node 24 ([#48](https://redirect.github.com/depot/build-push-action/issues/48)) [@Akatama](https://redirect.github.com/Akatama) - Add Depot Registry save example ([#47](https://redirect.github.com/depot/build-push-action/issues/47)) [@maschwenk](https://redirect.github.com/maschwenk) </details> --- ### Configuration 📅 **Schedule**: (in timezone Europe/London) - Branch creation - "after 6pm on thursday,before 10am on friday" - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://redirect.github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/overmindtech/workspace).  Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> GitOrigin-RevId: 64c5ffd811b41c5deba57a9a8986fb8a96388113

This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [github.com/gocarina/gocsv](https://redirect.github.com/gocarina/gocsv) | require | digest | `78e41c7` → `c264028` | --- > [!WARNING] > Some dependencies could not be looked up. Check the [Dependency Dashboard](../issues/370) for more information. --- ### Configuration 📅 **Schedule**: (in timezone Europe/London) - Branch creation - "after 6pm on thursday,before 10am on friday" - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/overmindtech/workspace).  Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> GitOrigin-RevId: 5882005e427010fd0fcfeb65c9091f30b7c61568

This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | Type | Update | |---|---|---|---|---|---| | [cloud.google.com/go/bigtable](https://redirect.github.com/googleapis/google-cloud-go) | `v1.47.0` → `v1.48.0` | ![age](https://developer.mend.io/api/mc/badges/age/go/cloud.google.com%2fgo%2fbigtable/v1.48.0?slim=true) | ![confidence](https://developer.mend.io/api/mc/badges/confidence/go/cloud.google.com%2fgo%2fbigtable/v1.47.0/v1.48.0?slim=true) | require | minor | | [cloud.google.com/go/compute](https://redirect.github.com/googleapis/google-cloud-go) | `v1.63.0` → `v1.64.0` | ![age](https://developer.mend.io/api/mc/badges/age/go/cloud.google.com%2fgo%2fcompute/v1.64.0?slim=true) | ![confidence](https://developer.mend.io/api/mc/badges/confidence/go/cloud.google.com%2fgo%2fcompute/v1.63.0/v1.64.0?slim=true) | require | minor | | [cloud.google.com/go/dataplex](https://redirect.github.com/googleapis/google-cloud-go) | `v1.34.0` → `v1.35.0` | ![age](https://developer.mend.io/api/mc/badges/age/go/cloud.google.com%2fgo%2fdataplex/v1.35.0?slim=true) | ![confidence](https://developer.mend.io/api/mc/badges/confidence/go/cloud.google.com%2fgo%2fdataplex/v1.34.0/v1.35.0?slim=true) | require | minor | | [google.golang.org/api](https://redirect.github.com/googleapis/google-api-go-client) | `v0.280.0` → `v0.282.0` | ![age](https://developer.mend.io/api/mc/badges/age/go/google.golang.org%2fapi/v0.282.0?slim=true) | ![confidence](https://developer.mend.io/api/mc/badges/confidence/go/google.golang.org%2fapi/v0.280.0/v0.282.0?slim=true) | require | minor | | [google.golang.org/genproto/googleapis/rpc](https://redirect.github.com/googleapis/go-genproto) | `aa98bba` → `3dc84a4` | ![age](https://developer.mend.io/api/mc/badges/age/go/google.golang.org%2fgenproto%2fgoogleapis%2frpc/v0.0.0-20260526163538-3dc84a4a5aaa?slim=true) | ![confidence](https://developer.mend.io/api/mc/badges/confidence/go/google.golang.org%2fgenproto%2fgoogleapis%2frpc/v0.0.0-20260519071638-aa98bba5eb94/v0.0.0-20260526163538-3dc84a4a5aaa?slim=true) | require | digest | --- > [!WARNING] > Some dependencies could not be looked up. Check the [Dependency Dashboard](../issues/370) for more information. --- ### Release Notes <details> <summary>googleapis/google-api-go-client (google.golang.org/api)</summary> ### [`v0.282.0`](https://redirect.github.com/googleapis/google-api-go-client/releases/tag/v0.282.0) [Compare Source](https://redirect.github.com/googleapis/google-api-go-client/compare/v0.281.0...v0.282.0) ##### Features - **all:** Auto-regenerate discovery clients ([#3607](https://redirect.github.com/googleapis/google-api-go-client/issues/3607)) ([3c139a0](https://redirect.github.com/googleapis/google-api-go-client/commit/3c139a07f71096667d5a623591ddb37dacd38d55)) ### [`v0.281.0`](https://redirect.github.com/googleapis/google-api-go-client/releases/tag/v0.281.0) [Compare Source](https://redirect.github.com/googleapis/google-api-go-client/compare/v0.280.0...v0.281.0) ##### Features - **all:** Auto-regenerate discovery clients ([#3600](https://redirect.github.com/googleapis/google-api-go-client/issues/3600)) ([bcaee85](https://redirect.github.com/googleapis/google-api-go-client/commit/bcaee85f93824a21f5441c2ccd3b4d4811d97de7)) - **all:** Auto-regenerate discovery clients ([#3602](https://redirect.github.com/googleapis/google-api-go-client/issues/3602)) ([f0071d3](https://redirect.github.com/googleapis/google-api-go-client/commit/f0071d379f4443ffdae9994fe141b1b5e0c18a62)) - **all:** Auto-regenerate discovery clients ([#3603](https://redirect.github.com/googleapis/google-api-go-client/issues/3603)) ([b1aa9de](https://redirect.github.com/googleapis/google-api-go-client/commit/b1aa9dea8c3c0e539c8d9687c99c55ec3679c996)) - **all:** Auto-regenerate discovery clients ([#3604](https://redirect.github.com/googleapis/google-api-go-client/issues/3604)) ([711e008](https://redirect.github.com/googleapis/google-api-go-client/commit/711e008d9caf16e6fb68c860f83a28fd0a8c0f98)) - **all:** Auto-regenerate discovery clients ([#3606](https://redirect.github.com/googleapis/google-api-go-client/issues/3606)) ([3ad8e8e](https://redirect.github.com/googleapis/google-api-go-client/commit/3ad8e8e2ab4ae50862c0fc5b17efa2d3cda33d9a)) </details> --- ### Configuration 📅 **Schedule**: (in timezone Europe/London) - Branch creation - "after 6pm on thursday,before 10am on friday" - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://redirect.github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/overmindtech/workspace).   --- > [!NOTE] > **Low Risk** > Lockfile-only minor/digest dependency upgrades with no code changes; typical integration risk is limited to regenerated GCP client behavior at runtime. > > **Overview** > Renovate bumps several **direct** GCP-related modules in `go.mod` / `go.sum`: `cloud.google.com/go/bigtable`, `compute`, and `dataplex` (minor versions), plus `google.golang.org/api` **v0.280.0 → v0.282.0** and a newer `google.golang.org/genproto/googleapis/rpc` pseudo-version. > > The diff also **tidies** module metadata: Depot Buf modules move from **indirect** into the main `require` block, and transitive pins shift (e.g. `cloud.google.com/go/longrunning` **v0.9.0 → v1.0.0**, GCP OpenTelemetry metric exporter **0.55 → 0.56**, `enterprise-certificate-proxy` **0.3.15 → 0.3.16**, aligned `genproto/googleapis/api`). > > There are **no application `.go` changes**—only the module graph and checksums. > > <sup>Reviewed by [Cursor Bugbot](https://cursor.com/bugbot) for commit a294e509d341027239defced2a5b3d74f584192b. Bugbot is set up for automated code reviews on this repo. Configure [here](https://www.cursor.com/dashboard/bugbot).</sup>  --------- Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Cursor Agent <cursoragent@cursor.com> GitOrigin-RevId: c8679ecc5dc8ef520dc88ad25c26d3018224442b

…ge (#5305) ## Summary - Wrap Brent MCP OAuth in authorize/callback/token proxy handlers so Auth0 redirects to Brent instead of `cursor://`, then hand users to a brent-app completion page that reopens Cursor with the auth code. - Add Brent-branded success and error routes for MCP authorization (`/connections/brent-mcp/...`) with auto-open and fallback "Open Cursor" link. - Register MCP OAuth callback URLs in Auth0 Terraform for both the dedicated Brent tenant and legacy om-* client; add adminproxy nginx routes for local dev. ## Linear Ticket Fixes: [ENG-4615](https://linear.app/overmind/issue/ENG-4615/when-you-authorize-brent-the-page-doesnt-go-anywhere) — When you authorize Brent the page doesn't go anywhere - **Purpose**: After MCP authorization from Cursor, users should land on a Brent-branded completion page that confirms success and hands the auth code back to Cursor, instead of a stuck Auth0 tab. ## Changes - **brent-backend**: `MCPAuthProxy` handlers, oauthstate/oauthredirect extensions, metadata now advertises proxy URLs, unit tests. - **brent-app**: `McpAuthorizationComplete` component and success/error route branches for `brent-mcp`. - **go/auth**: `IsAllowedMCPRedirect` and metadata endpoint overrides. - **Terraform**: `brent_mcp_callbacks` in `deploy/modules/brent/clients.tf` (Brent tenant) and `deploy/modules/ovm-centralised/brent.tf` (legacy). - **devcontainer**: adminproxy nginx routes for `/brent/oauth/*`. Reviewers should focus on the OAuth handoff security (redirect allowlisting, state cookie, token proxy redirect_uri rewrite) and Terraform callback registration on the correct Auth0 tenant. ## Brent Plan - **Plan ID**: BRENT-193 - **Plan**: [MCP authorization completion page (ENG-4615)](https://brent-dev.overmind-demo.com/open/plans/c1f53053-7a59-4333-9d24-afe2c5514a6f?prompt=Use+the+Brent+MCP+server+to+call+get_plan+with+id+%22BRENT-193%22.+Download+the+plan+%28run+next_action.command+from+get_plan+when+available%29%2C+tell+me+the+full+filename+so+I+can+read+it%2C+share+your+opinion%2C+and+wait+for+my+verdict.+Do+not+write+code+or+change+the+codebase.+Do+not+call+submit_review+until+I+state+%22approved%22+or+%22rejected%22+in+my+own+words.+Do+not+infer+a+verdict+from+reading+the+plan+yourself.&target=cursor) - **Approved by**: Dylan Ratcliffe > Deviation analysis and reviewer assignment are handled automatically by the > pre-approved PR review automation (see docs/PREAPPROVED_CHANGES.md). Made with [Cursor](https://cursor.com)  --- > [!NOTE] > **High Risk** > Changes authentication and OAuth redirect/token handling with allowlisted handoffs; misconfiguration of Auth0 callbacks or redirect validation could break or weaken MCP login. > > **Overview** > Adds a **Brent MCP OAuth broker** so Cursor never receives Auth0 redirects directly on `cursor://`. MCP discovery now advertises Brent’s `/brent/oauth/authorize` and `/token` endpoints; **authorize** allowlists the client `redirect_uri`, stores handoff data in an HMAC state cookie, and sends Auth0 Brent’s `/brent/oauth/callback`. **Callback** validates state and sends users to **`/connections/brent-mcp/success`** with `code`, `cursor_state`, and `handoff`. **Token** rewrites `redirect_uri` on the authorization_code grant so it matches what Auth0 saw. > > The **brent-app** completion page (`McpAuthorizationComplete`) allowlists the handoff URL (mirroring `IsAllowedMCPRedirect`), auto-redirects to Cursor with the code, and MCP-specific error copy replaces “back to setup.” **Auth0 Terraform** registers `https://{domain}/brent/oauth/callback` (and localhost variants); **dev nginx** proxies the new OAuth paths. > > Proxy registration requires **River UI session secret**; shared `go/auth` metadata handler gains optional endpoint overrides for Brent only. > > <sup>Reviewed by [Cursor Bugbot](https://cursor.com/bugbot) for commit 0ba2f66908460d88684256cc99b2e6bbab276471. Bugbot is set up for automated code reviews on this repo. Configure [here](https://www.cursor.com/dashboard/bugbot).</sup>  --------- Co-authored-by: Cursor Agent <cursoragent@cursor.com> GitOrigin-RevId: bf367a07b8a058c4cbc4f342d3fb354874affaf3

… spans (#5323)  ## Summary Cuts Honeycomb event volume from two high-noise sources without changing business logic: 1. **Source health probes** — `Engine.ServeHealthProbes` now serves routes through `startup.WrapHandler` with Go 1.22 patterns (`GET /healthz/alive`, `GET /healthz/ready`). Probes emit a single otelhttp span with `http.route`, so the existing collector `drop-most-health-checks` policy (matching `^/healthz`) applies. Manual `healthcheck.liveness` / `healthcheck.readiness` spans are removed; `ovm.healthcheck.type` is preserved on the HTTP span. 2. **Revlink Part A** — `GetReverseEdges` no longer creates `GetNeo4jSession` or `RunNeo4jQuery` child spans. Session acquire and query timing are recorded as `neo4j.session_acquired` / `neo4j.query_run` events and `ovm.neo4j.*` attributes on the parent RPC span. Approved plan: BRENT-233 (trace span noise reduction). ## Documentation - `docs/LOGGING.md` — source-engine probe span name mapping - `docs/research/observability-blind-spots-research.md` — probe instrumentation status (post-`WrapHandler`) - `go/discovery/README.md`, `go/startup/README.md` — health probe tracing notes ## Bugbot Renamed `ovm.neo4j.session_acquire_ms` / `ovm.neo4j.query_run_ms` → `ovm.neo4j.sessionAcquireMs` / `ovm.neo4j.queryRunMs` per OTel naming convention. ## Testing - `go test ./go/discovery/... -run TestHealthProbe` - `go test ./services/revlink/service/... -run TestGetReverseEdgesTracing` (Neo4j required) - `golangci-lint run ./go/discovery/... ./services/revlink/service/...` ## Rollout Ship dogfood → prod as usual. Re-check prod Honeycomb usage-by-name tomorrow to confirm `healthcheck.*` and `GetNeo4jSession`/`RunNeo4jQuery` volumes collapse.  <div><a href="https://cursor.com/agents/bc-27b0bb78-6358-4400-8a65-941ab2a186b2"><picture><source media="(prefers-color-scheme: dark)" srcset="https://cursor.com/assets/images/open-in-web-dark.png"><source media="(prefers-color-scheme: light)" srcset="https://cursor.com/assets/images/open-in-web-light.png"><img alt="Open in Web" width="114" height="28" src="https://cursor.com/assets/images/open-in-web-dark.png"></picture></a> <a href="https://cursor.com/background-agent?bcId=bc-27b0bb78-6358-4400-8a65-941ab2a186b2"><picture><source media="(prefers-color-scheme: dark)" srcset="https://cursor.com/assets/images/open-in-cursor-dark.png"><source media="(prefers-color-scheme: light)" srcset="https://cursor.com/assets/images/open-in-cursor-light.png"><img alt="Open in Cursor" width="131" height="28" src="https://cursor.com/assets/images/open-in-cursor-dark.png"></picture></a> </div> GitOrigin-RevId: eab1cdcc0c14d4a9b110fa915f99d8ce9978138f

…863) (#5359)  ## Summary Fixes a HIGH severity finding where the Azure Key Vault secret adapter could expose `Properties.Value` in SDP item attributes when the management API returns plaintext secret material. ## Changes - **`keyvault-secret.go`**: Pass `"Properties.Value"` to `ToAttributesWithExclude` alongside `"tags"`. - **`sources/shared/util.go`**: Extend `ToAttributesWithExclude` to support dot-separated nested exclusions (case-insensitive JSON key matching), so paths like `Properties.Value` map to `properties.value` in serialized attributes. ## Verification - `go test ./sources/shared/... ./sources/azure/manual/ -run 'TestToAttributesWithExclude|TestKeyVaultSecret'` - `golangci-lint run ./sources/shared/... ./sources/azure/manual/...`  Linear Issue: [ENG-4863](https://linear.app/overmind/issue/ENG-4863/security-azure-key-vault-secret-adapter-does-not-exclude) <div><a href="https://cursor.com/agents/bc-53945296-b34e-471b-a249-6fbf051fcd16"><picture><source media="(prefers-color-scheme: dark)" srcset="https://cursor.com/assets/images/open-in-web-dark.png"><source media="(prefers-color-scheme: light)" srcset="https://cursor.com/assets/images/open-in-web-light.png"><img alt="Open in Web" width="114" height="28" src="https://cursor.com/assets/images/open-in-web-dark.png"></picture></a> <a href="https://cursor.com/background-agent?bcId=bc-53945296-b34e-471b-a249-6fbf051fcd16"><picture><source media="(prefers-color-scheme: dark)" srcset="https://cursor.com/assets/images/open-in-cursor-dark.png"><source media="(prefers-color-scheme: light)" srcset="https://cursor.com/assets/images/open-in-cursor-light.png"><img alt="Open in Cursor" width="131" height="28" src="https://cursor.com/assets/images/open-in-cursor-dark.png"></picture></a> </div> Co-authored-by: Cursor Agent <cursoragent@cursor.com> Co-authored-by: David Schmitt <DavidS-ovm@users.noreply.github.com> GitOrigin-RevId: 5070f2d951d9e4f2a0b64c2905f2e7201c435eb8

## Summary Removes plaintext Auth0 M2M client secrets from the repository by deleting the legacy `auth0-test-data/` directory. No runtime path consumed these values — CI and the devcontainer load credentials from GitHub org secrets and 1Password via `.devcontainer/env/op.local.env`. ## Changes - **Deleted** `auth0-test-data/` (`environment-setup.sh` + `README.md`) - **Updated** dangling references to point at `op run --env-file=./.devcontainer/env/op.local.env` and `docs/DEVELOPMENT_PLAYBOOKS.md`: - `.devcontainer/devcontainer.json` - `go/auth/auth_test.go` - `go/discovery/engine_test.go` - `services/api-server/service/shared_test.go` - **Added** `auth0-test-data/` to `.gitignore` (prevents accidental re-commit if someone re-clones the old repo) - **Kept** existing `.gitleaks.toml` allowlist entry for `auth0-test-data/` ## Verification - `gitleaks detect --source . --no-git --config .gitleaks.toml` — no leaks found - `golangci-lint run` on changed Go packages — clean ## Follow-up (human — Task 2) The leaked secrets are still valid until rotated in Auth0. After merge, rotate these three apps in the **overmind-development** tenant (`auth.overmind-demo.com`), then run `terraform apply` for dogfood: | App | Client ID | | --- | --- | | NATS test app (all permissions) | `R1jmPdjntWuOd6yj5JCUtfKLmaOVREHq` | | API Keys (dogfood) | `TRYMJyCxFCWU4FycHj1oztPyGyvtiv9f` | | frontend (dogfood) | `nxt9CsXX72tgqiLbq6CFL8LKTPWCImBL` |  Linear Issue: [ENG-4866](https://linear.app/overmind/issue/ENG-4866/security-auth0-development-tenant-client-secrets-committed-to-git) <div><a href="https://cursor.com/agents/bc-2922b6fa-d414-4896-9edd-3cd80c7a8271"><picture><source media="(prefers-color-scheme: dark)" srcset="https://cursor.com/assets/images/open-in-web-dark.png"><source media="(prefers-color-scheme: light)" srcset="https://cursor.com/assets/images/open-in-web-light.png"><img alt="Open in Web" width="114" height="28" src="https://cursor.com/assets/images/open-in-web-dark.png"></picture></a> <a href="https://cursor.com/background-agent?bcId=bc-2922b6fa-d414-4896-9edd-3cd80c7a8271"><picture><source media="(prefers-color-scheme: dark)" srcset="https://cursor.com/assets/images/open-in-cursor-dark.png"><source media="(prefers-color-scheme: light)" srcset="https://cursor.com/assets/images/open-in-cursor-light.png"><img alt="Open in Cursor" width="131" height="28" src="https://cursor.com/assets/images/open-in-cursor-dark.png"></picture></a> </div> Co-authored-by: Cursor Agent <cursoragent@cursor.com> Co-authored-by: David Schmitt <DavidS-ovm@users.noreply.github.com> GitOrigin-RevId: cb6fa0977fa91556a4ce01fa224280f506794767

…tes (#5358)  ## Summary The `lambda-function` adapter was serializing `Configuration.Environment.Variables` into SDP item attributes, exposing secrets (API keys, database passwords, etc.) to any authenticated user querying lambda-function items. ## Changes - Save environment variable values before serialization for link extraction - Nil `Configuration.Environment` before calling `ToAttributesWithExclude`, preventing env var names/values from flowing to the gateway, frontend, or Neo4j cache - Add regression test asserting env var keys and values are absent from serialized attributes ## Test plan - [x] `go test -race -run TestFunctionGetFunc ./aws-source/adapters/...` - [x] `golangci-lint run ./aws-source/adapters/...`  Linear Issue: [ENG-4862](https://linear.app/overmind/issue/ENG-4862/security-lambda-function-adapter-leaks-environment-variables-including) <div><a href="https://cursor.com/agents/bc-211b1c8b-6354-4801-bc06-b39eaa5dc6c9"><picture><source media="(prefers-color-scheme: dark)" srcset="https://cursor.com/assets/images/open-in-web-dark.png"><source media="(prefers-color-scheme: light)" srcset="https://cursor.com/assets/images/open-in-web-light.png"><img alt="Open in Web" width="114" height="28" src="https://cursor.com/assets/images/open-in-web-dark.png"></picture></a> <a href="https://cursor.com/background-agent?bcId=bc-211b1c8b-6354-4801-bc06-b39eaa5dc6c9"><picture><source media="(prefers-color-scheme: dark)" srcset="https://cursor.com/assets/images/open-in-cursor-dark.png"><source media="(prefers-color-scheme: light)" srcset="https://cursor.com/assets/images/open-in-cursor-light.png"><img alt="Open in Cursor" width="131" height="28" src="https://cursor.com/assets/images/open-in-cursor-dark.png"></picture></a> </div> --------- Co-authored-by: Cursor Agent <cursoragent@cursor.com> Co-authored-by: David Schmitt <DavidS-ovm@users.noreply.github.com> GitOrigin-RevId: 62cc075ce6ef55b9141b92f8e8b381df32d45151

…NG-4762) (#5365)  ## Summary Defensively excludes `private_key_data` and `public_key_data` when serializing GCP IAM ServiceAccountKey items into SDP attributes. GCP only returns private key material on `CreateServiceAccountKey` responses; this adapter only performs Get/List, so there is no current exploit path. The exclusion is cheap defense-in-depth against latent leakage if a create path is added later or GCP behaviour changes. ## Changes - `gcpIAMServiceAccountKeyToSDPItem` now calls `ToAttributesWithExclude(key, "private_key_data", "public_key_data")` using snake_case JSON tag names (matching sibling GCP adapters) - Added `ExcludesKeyMaterialFromAttributes` unit test with key material populated on the mock proto, plus PascalCase regression guard ## Verification - `go test ./sources/gcp/manual/... -run TestIAMServiceAccountKey -race` - `golangci-lint run ./sources/gcp/manual/...`  Linear Issue: [ENG-4762](https://linear.app/overmind/issue/ENG-4762/security-gcp-iam-serviceaccountkey-adapter-exclude-privatepublic-key) <div><a href="https://cursor.com/agents/bc-266b9d3f-36ea-44e0-9316-a049103c45ee"><picture><source media="(prefers-color-scheme: dark)" srcset="https://cursor.com/assets/images/open-in-web-dark.png"><source media="(prefers-color-scheme: light)" srcset="https://cursor.com/assets/images/open-in-web-light.png"><img alt="Open in Web" width="114" height="28" src="https://cursor.com/assets/images/open-in-web-dark.png"></picture></a> <a href="https://cursor.com/background-agent?bcId=bc-266b9d3f-36ea-44e0-9316-a049103c45ee"><picture><source media="(prefers-color-scheme: dark)" srcset="https://cursor.com/assets/images/open-in-cursor-dark.png"><source media="(prefers-color-scheme: light)" srcset="https://cursor.com/assets/images/open-in-cursor-light.png"><img alt="Open in Cursor" width="131" height="28" src="https://cursor.com/assets/images/open-in-cursor-dark.png"></picture></a> </div> Co-authored-by: Cursor Agent <cursoragent@cursor.com> Co-authored-by: David Schmitt <DavidS-ovm@users.noreply.github.com> GitOrigin-RevId: 6e5be7628c1c8c73b4379033db67694cb001e000

…5405) go/discovery/engine.go imported go/startup for the source health-probe otelhttp wrapper, but go/startup is excluded from copy.bara.sky, so the synced overmindtech/cli repo failed `go mod tidy` and blocked the cli release. Add a local wrapHealthProbeHandler in go/discovery covering the no-audit path of startup.WrapHandler (sentryhttp + otelhttp w/ pattern span name + http.route + ALB trace ID). Adds no new module deps — sentry-go and otelhttp are already pulled by discovery and cli. go/startup is left untouched; service callers are unaffected.  --- > [!NOTE] > **Low Risk** > Observability-only refactor with no probe route or health-check logic changes; main risk is future drift between this copy and go/startup.WrapHandler. > > **Overview** > Removes the **`go/startup`** dependency from source health probes by inlining the probe HTTP wrapper inside **`go/discovery`**, so Copybara-synced **`overmindtech/cli`** can run **`go mod tidy`** again. > > **`healthProbeHandler`** now returns **`wrapHealthProbeHandler`** instead of **`startup.WrapHandler`**. The new helper mirrors the no-audit **`WrapHandler`** path: **Sentry panic capture**, **otelhttp** spans (pattern-based span names), post-mux **`http.route`**, and **`X-Amzn-Trace-Id`** → **`aws.alb.trace_id`**. Comments call out that this subset must stay aligned with **`go/startup`** even though **`go/startup`** is not synced to cli. > > <sup>Reviewed by [Cursor Bugbot](https://cursor.com/bugbot) for commit 00136855b11e57798f0c2917f5027a10c35e5259. Bugbot is set up for automated code reviews on this repo. Configure [here](https://www.cursor.com/dashboard/bugbot).</sup>  GitOrigin-RevId: 8b706bf1acb09658a72fcfa12ef89f0fac854500

DavidS-ovm and others added 16 commits June 4, 2026 13:25

Run go mod tidy

7f40ece

carabasdaniel merged commit 616ea4f into main Jun 4, 2026

carabasdaniel deleted the copybara/v1.18.4 branch June 4, 2026 13:34

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Release v1.18.4#849

Release v1.18.4#849
carabasdaniel merged 16 commits into
mainfrom
copybara/v1.18.4

github-actions Bot commented Jun 4, 2026 •

edited by carabasdaniel

Loading

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

4 participants

Conversation

github-actions Bot commented Jun 4, 2026 • edited by carabasdaniel Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Copybara Sync - Release v1.18.4

What happens when this PR is merged?

Review Checklist

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

4 participants

github-actions Bot commented Jun 4, 2026 •

edited by carabasdaniel

Loading