Bump the go_modules group across 3 directories with 3 updates

[dependabot]

Bumps the go_modules group with 2 updates in the /galactic-agent directory: github.com/eclipse/paho.mqtt.golang and github.com/go-viper/mapstructure/v2.
Bumps the go_modules group with 2 updates in the /galactic-lab/platform/wsl/srv6-vpc-lab-attachment/galactic-agent directory: github.com/eclipse/paho.mqtt.golang and github.com/go-viper/mapstructure/v2.
Bumps the go_modules group with 1 update in the /galactic-operator directory: go.opentelemetry.io/otel/sdk.

Updates github.com/eclipse/paho.mqtt.golang from 1.5.0 to 1.5.1

Release notes

Sourced from github.com/eclipse/paho.mqtt.golang's releases.

v1.5.1

This is a minor release incorporating changes made in the 14 months since v1.5.0 (including updating dependencies, and raising the Go version to 1.24). The changes are relatively minor but address a potential security issue (CVE-2025-10543), possible panic, enable users to better monitor the connection status, and incorporate a few optimisations.

Thanks to those who have provided fixes/enhancements included in this release!

Special thanks to Paul Gerste at Sonar for reporting issue #730 via the Eclipse security team (fix was implemented in PR #714 in May, github issue created just prior to this release). This issue arose where a topic > 65535 bytes was passed to the Publish function, due to the way the data was encoded the topic could leak into the message body. Please see issue #730 or CVE-2025-10543 for further details.

What's Changed

• Updating go dependencies from pub and sub into the containers before building by @​JefJrFigueiredo in eclipse-paho/paho.mqtt.golang#691
• Optimize TCP connection logic by @​geekeryy in eclipse-paho/paho.mqtt.golang#713
• Fields over 65535 bytes not encoded correctly by @​MattBrittan in eclipse-paho/paho.mqtt.golang#714
• Reduce slice allocations in route dispatch by @​alespour in eclipse-paho/paho.mqtt.golang#710
• Add a ConnectionNotificationHandler by @​RangelReale in eclipse-paho/paho.mqtt.golang#727
• Potential panic when using manual ACK by @​MattBrittan in eclipse-paho/paho.mqtt.golang#729

Full Changelog: eclipse-paho/paho.mqtt.golang@v1.5.0...v1.5.1

Commits

• b305237 Update dependencies in docker examples
• 35ee03d Potential panic when using manual ACK
• 433bd22 address data race in test
• 4debe3a Potential panic when using manual ACK
• 601453b Resolve issues in fvt_client_test
• 439e2ab Dependency update (also rise Go version to 1.24)
• d276593 ConnectionNotificationHandler - generic callback for all types of connection ...
• 8a350a9 notifications
• 5620c5e notifications
• 45048cc notifications
• Additional commits viewable in compare view

Updates github.com/go-viper/mapstructure/v2 from 2.2.1 to 2.4.0

Release notes

Sourced from github.com/go-viper/mapstructure/v2's releases.

v2.4.0

What's Changed

• refactor: replace interface{} with any by @​sagikazarmark in go-viper/mapstructure#115
• build(deps): bump github/codeql-action from 3.29.0 to 3.29.2 by @​dependabot[bot] in go-viper/mapstructure#114
• Generic tests by @​sagikazarmark in go-viper/mapstructure#118
• Fix godoc reference link in README.md by @​peczenyj in go-viper/mapstructure#107
• feat: add StringToTimeLocationHookFunc to convert strings to *time.Location by @​ErfanMomeniii in go-viper/mapstructure#117
• feat: add back previous StringToSlice as a weak function by @​sagikazarmark in go-viper/mapstructure#119

New Contributors

• @​ErfanMomeniii made their first contribution in go-viper/mapstructure#117

Full Changelog: go-viper/mapstructure@v2.3.0...v2.4.0

v2.3.0

What's Changed

• build(deps): bump actions/checkout from 4.1.7 to 4.2.0 by @​dependabot in go-viper/mapstructure#46
• build(deps): bump golangci/golangci-lint-action from 6.1.0 to 6.1.1 by @​dependabot in go-viper/mapstructure#47
• [enhancement] Add check for reflect.Value in ComposeDecodeHookFunc by @​mahadzaryab1 in go-viper/mapstructure#52
• build(deps): bump actions/setup-go from 5.0.2 to 5.1.0 by @​dependabot in go-viper/mapstructure#51
• build(deps): bump actions/checkout from 4.2.0 to 4.2.2 by @​dependabot in go-viper/mapstructure#50
• build(deps): bump actions/setup-go from 5.1.0 to 5.2.0 by @​dependabot in go-viper/mapstructure#55
• build(deps): bump actions/setup-go from 5.2.0 to 5.3.0 by @​dependabot in go-viper/mapstructure#58
• ci: add Go 1.24 to the test matrix by @​sagikazarmark in go-viper/mapstructure#74
• build(deps): bump golangci/golangci-lint-action from 6.1.1 to 6.5.0 by @​dependabot in go-viper/mapstructure#72
• build(deps): bump golangci/golangci-lint-action from 6.5.0 to 6.5.1 by @​dependabot in go-viper/mapstructure#76
• build(deps): bump actions/setup-go from 5.3.0 to 5.4.0 by @​dependabot in go-viper/mapstructure#78
• feat: add decode hook for netip.Prefix by @​tklauser in go-viper/mapstructure#85
• Updates by @​sagikazarmark in go-viper/mapstructure#86
• build(deps): bump github/codeql-action from 2.13.4 to 3.28.15 by @​dependabot in go-viper/mapstructure#87
• build(deps): bump actions/setup-go from 5.4.0 to 5.5.0 by @​dependabot in go-viper/mapstructure#93
• build(deps): bump github/codeql-action from 3.28.15 to 3.28.17 by @​dependabot in go-viper/mapstructure#92
• build(deps): bump github/codeql-action from 3.28.17 to 3.28.19 by @​dependabot in go-viper/mapstructure#97
• build(deps): bump ossf/scorecard-action from 2.4.1 to 2.4.2 by @​dependabot in go-viper/mapstructure#96
• Update README.md by @​peczenyj in go-viper/mapstructure#90
• Add omitzero tag. by @​Crystalix007 in go-viper/mapstructure#98
• Use error structs instead of duplicated strings by @​m1k1o in go-viper/mapstructure#102
• build(deps): bump github/codeql-action from 3.28.19 to 3.29.0 by @​dependabot in go-viper/mapstructure#101
• feat: add common error interface by @​sagikazarmark in go-viper/mapstructure#105
• update linter by @​sagikazarmark in go-viper/mapstructure#106
• Feature allow unset pointer by @​rostislaved in go-viper/mapstructure#80

New Contributors

• @​tklauser made their first contribution in go-viper/mapstructure#85
• @​peczenyj made their first contribution in go-viper/mapstructure#90
• @​Crystalix007 made their first contribution in go-viper/mapstructure#98
• @​rostislaved made their first contribution in go-viper/mapstructure#80

Full Changelog: go-viper/mapstructure@v2.2.1...v2.3.0

Commits

• b9794a5 Merge pull request #119 from go-viper/string-to-weak-slice
• 17cdcb0 feat: add back previous StringToSlice as a weak function
• 3caca36 Merge pull request #117 from ErfanMomeniii/main
• 9a861bc Merge pull request #107 from peczenyj/patch-2
• 86ed5b5 refactor: update
• ace5b4e chore: add interface any linter
• 1a4f1ae Merge pull request #118 from go-viper/generic-tests
• a268909 fix: lint
• 17f1fd4 test: add more comments
• b48c856 test: expand tests
• Additional commits viewable in compare view

Updates github.com/eclipse/paho.mqtt.golang from 1.5.0 to 1.5.1

Release notes

Sourced from github.com/eclipse/paho.mqtt.golang's releases.

v1.5.1

This is a minor release incorporating changes made in the 14 months since v1.5.0 (including updating dependencies, and raising the Go version to 1.24). The changes are relatively minor but address a potential security issue (CVE-2025-10543), possible panic, enable users to better monitor the connection status, and incorporate a few optimisations.

Thanks to those who have provided fixes/enhancements included in this release!

Special thanks to Paul Gerste at Sonar for reporting issue #730 via the Eclipse security team (fix was implemented in PR #714 in May, github issue created just prior to this release). This issue arose where a topic > 65535 bytes was passed to the Publish function, due to the way the data was encoded the topic could leak into the message body. Please see issue #730 or CVE-2025-10543 for further details.

What's Changed

• Updating go dependencies from pub and sub into the containers before building by @​JefJrFigueiredo in eclipse-paho/paho.mqtt.golang#691
• Optimize TCP connection logic by @​geekeryy in eclipse-paho/paho.mqtt.golang#713
• Fields over 65535 bytes not encoded correctly by @​MattBrittan in eclipse-paho/paho.mqtt.golang#714
• Reduce slice allocations in route dispatch by @​alespour in eclipse-paho/paho.mqtt.golang#710
• Add a ConnectionNotificationHandler by @​RangelReale in eclipse-paho/paho.mqtt.golang#727
• Potential panic when using manual ACK by @​MattBrittan in eclipse-paho/paho.mqtt.golang#729

Full Changelog: eclipse-paho/paho.mqtt.golang@v1.5.0...v1.5.1

Commits

• b305237 Update dependencies in docker examples
• 35ee03d Potential panic when using manual ACK
• 433bd22 address data race in test
• 4debe3a Potential panic when using manual ACK
• 601453b Resolve issues in fvt_client_test
• 439e2ab Dependency update (also rise Go version to 1.24)
• d276593 ConnectionNotificationHandler - generic callback for all types of connection ...
• 8a350a9 notifications
• 5620c5e notifications
• 45048cc notifications
• Additional commits viewable in compare view

Updates github.com/go-viper/mapstructure/v2 from 2.2.1 to 2.4.0

Release notes

Sourced from github.com/go-viper/mapstructure/v2's releases.

v2.4.0

What's Changed

• refactor: replace interface{} with any by @​sagikazarmark in go-viper/mapstructure#115
• build(deps): bump github/codeql-action from 3.29.0 to 3.29.2 by @​dependabot[bot] in go-viper/mapstructure#114
• Generic tests by @​sagikazarmark in go-viper/mapstructure#118
• Fix godoc reference link in README.md by @​peczenyj in go-viper/mapstructure#107
• feat: add StringToTimeLocationHookFunc to convert strings to *time.Location by @​ErfanMomeniii in go-viper/mapstructure#117
• feat: add back previous StringToSlice as a weak function by @​sagikazarmark in go-viper/mapstructure#119

New Contributors

• @​ErfanMomeniii made their first contribution in go-viper/mapstructure#117

Full Changelog: go-viper/mapstructure@v2.3.0...v2.4.0

v2.3.0

What's Changed

• build(deps): bump actions/checkout from 4.1.7 to 4.2.0 by @​dependabot in go-viper/mapstructure#46
• build(deps): bump golangci/golangci-lint-action from 6.1.0 to 6.1.1 by @​dependabot in go-viper/mapstructure#47
• [enhancement] Add check for reflect.Value in ComposeDecodeHookFunc by @​mahadzaryab1 in go-viper/mapstructure#52
• build(deps): bump actions/setup-go from 5.0.2 to 5.1.0 by @​dependabot in go-viper/mapstructure#51
• build(deps): bump actions/checkout from 4.2.0 to 4.2.2 by @​dependabot in go-viper/mapstructure#50
• build(deps): bump actions/setup-go from 5.1.0 to 5.2.0 by @​dependabot in go-viper/mapstructure#55
• build(deps): bump actions/setup-go from 5.2.0 to 5.3.0 by @​dependabot in go-viper/mapstructure#58
• ci: add Go 1.24 to the test matrix by @​sagikazarmark in go-viper/mapstructure#74
• build(deps): bump golangci/golangci-lint-action from 6.1.1 to 6.5.0 by @​dependabot in go-viper/mapstructure#72
• build(deps): bump golangci/golangci-lint-action from 6.5.0 to 6.5.1 by @​dependabot in go-viper/mapstructure#76
• build(deps): bump actions/setup-go from 5.3.0 to 5.4.0 by @​dependabot in go-viper/mapstructure#78
• feat: add decode hook for netip.Prefix by @​tklauser in go-viper/mapstructure#85
• Updates by @​sagikazarmark in go-viper/mapstructure#86
• build(deps): bump github/codeql-action from 2.13.4 to 3.28.15 by @​dependabot in go-viper/mapstructure#87
• build(deps): bump actions/setup-go from 5.4.0 to 5.5.0 by @​dependabot in go-viper/mapstructure#93
• build(deps): bump github/codeql-action from 3.28.15 to 3.28.17 by @​dependabot in go-viper/mapstructure#92
• build(deps): bump github/codeql-action from 3.28.17 to 3.28.19 by @​dependabot in go-viper/mapstructure#97
• build(deps): bump ossf/scorecard-action from 2.4.1 to 2.4.2 by @​dependabot in go-viper/mapstructure#96
• Update README.md by @​peczenyj in go-viper/mapstructure#90
• Add omitzero tag. by @​Crystalix007 in go-viper/mapstructure#98
• Use error structs instead of duplicated strings by @​m1k1o in go-viper/mapstructure#102
• build(deps): bump github/codeql-action from 3.28.19 to 3.29.0 by @​dependabot in go-viper/mapstructure#101
• feat: add common error interface by @​sagikazarmark in go-viper/mapstructure#105
• update linter by @​sagikazarmark in go-viper/mapstructure#106
• Feature allow unset pointer by @​rostislaved in go-viper/mapstructure#80

New Contributors

• @​tklauser made their first contribution in go-viper/mapstructure#85
• @​peczenyj made their first contribution in go-viper/mapstructure#90
• @​Crystalix007 made their first contribution in go-viper/mapstructure#98
• @​rostislaved made their first contribution in go-viper/mapstructure#80

Full Changelog: go-viper/mapstructure@v2.2.1...v2.3.0

Commits

• b9794a5 Merge pull request #119 from go-viper/string-to-weak-slice
• 17cdcb0 feat: add back previous StringToSlice as a weak function
• 3caca36 Merge pull request #117 from ErfanMomeniii/main
• 9a861bc Merge pull request #107 from peczenyj/patch-2
• 86ed5b5 refactor: update
• ace5b4e chore: add interface any linter
• 1a4f1ae Merge pull request #118 from go-viper/generic-tests
• a268909 fix: lint
• 17f1fd4 test: add more comments
• b48c856 test: expand tests
• Additional commits viewable in compare view

Updates go.opentelemetry.io/otel/sdk from 1.33.0 to 1.40.0

Changelog

Sourced from go.opentelemetry.io/otel/sdk's changelog.

[1.40.0/0.62.0/0.16.0] 2026-02-02

Added

• Add AlwaysRecord sampler in go.opentelemetry.io/otel/sdk/trace. (#7724)
• Add Enabled method to all synchronous instrument interfaces (Float64Counter, Float64UpDownCounter, Float64Histogram, Float64Gauge, Int64Counter, Int64UpDownCounter, Int64Histogram, Int64Gauge,) in go.opentelemetry.io/otel/metric. This stabilizes the synchronous instrument enabled feature, allowing users to check if an instrument will process measurements before performing computationally expensive operations. (#7763)
• Add go.opentelemetry.io/otel/semconv/v1.39.0 package. The package contains semantic conventions from the v1.39.0 version of the OpenTelemetry Semantic Conventions. See the migration documentation for information on how to upgrade from go.opentelemetry.io/otel/semconv/v1.38.0. (#7783, #7789)

Changed

• Improve the concurrent performance of HistogramReservoir in go.opentelemetry.io/otel/sdk/metric/exemplar by 4x. (#7443)
• Improve the concurrent performance of FixedSizeReservoir in go.opentelemetry.io/otel/sdk/metric/exemplar. (#7447)
• Improve performance of concurrent histogram measurements in go.opentelemetry.io/otel/sdk/metric. (#7474)
• Improve performance of concurrent synchronous gauge measurements in go.opentelemetry.io/otel/sdk/metric. (#7478)
• Add experimental observability metrics in go.opentelemetry.io/otel/exporters/stdout/stdoutmetric. (#7492)
• Exporter in go.opentelemetry.io/otel/exporters/prometheus ignores metrics with the scope go.opentelemetry.io/contrib/bridges/prometheus. This prevents scrape failures when the Prometheus exporter is misconfigured to get data from the Prometheus bridge. (#7688)
• Improve performance of concurrent exponential histogram measurements in go.opentelemetry.io/otel/sdk/metric. (#7702)
• The rpc.grpc.status_code attribute in the experimental metrics emitted from go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc is replaced with the rpc.response.status_code attribute to align with the semantic conventions. (#7854)
• The rpc.grpc.status_code attribute in the experimental metrics emitted from go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc is replaced with the rpc.response.status_code attribute to align with the semantic conventions. (#7854)

Fixed

• Fix bad log message when key-value pairs are dropped because of key duplication in go.opentelemetry.io/otel/sdk/log. (#7662)
• Fix DroppedAttributes on Record in go.opentelemetry.io/otel/sdk/log to not count the non-attribute key-value pairs dropped because of key duplication. (#7662)
• Fix SetAttributes on Record in go.opentelemetry.io/otel/sdk/log to not log that attributes are dropped when they are actually not dropped. (#7662)
• Fix missing request.GetBody in go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp to correctly handle HTTP/2 GOAWAY frame. (#7794)
• WithHostID detector in go.opentelemetry.io/otel/sdk/resource to use full path for ioreg command on Darwin (macOS). (#7818)

Deprecated

• Deprecate go.opentelemetry.io/otel/exporters/zipkin. For more information, see the OTel blog post deprecating the Zipkin exporter. (#7670)

[1.39.0/0.61.0/0.15.0/0.0.14] 2025-12-05

Added

• Greatly reduce the cost of recording metrics in go.opentelemetry.io/otel/sdk/metric using hashing for map keys. (#7175)
• Add WithInstrumentationAttributeSet option to go.opentelemetry.io/otel/log, go.opentelemetry.io/otel/metric, and go.opentelemetry.io/otel/trace packages. This provides a concurrent-safe and performant alternative to WithInstrumentationAttributes by accepting a pre-constructed attribute.Set. (#7287)
• Add experimental observability for the Prometheus exporter in go.opentelemetry.io/otel/exporters/prometheus. Check the go.opentelemetry.io/otel/exporters/prometheus/internal/x package documentation for more information. (#7345)
• Add experimental observability metrics in go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc. (#7353)
• Add temporality selector functions DeltaTemporalitySelector, CumulativeTemporalitySelector, LowMemoryTemporalitySelector to go.opentelemetry.io/otel/sdk/metric. (#7434)
• Add experimental observability metrics for simple log processor in go.opentelemetry.io/otel/sdk/log. (#7548)
• Add experimental observability metrics in go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc. (#7459)

... (truncated)

Commits

• a3a5317 Release v1.40.0 (#7859)
• 77785da chore(deps): update github/codeql-action action to v4.32.1 (#7858)
• 56fa1c2 chore(deps): update module github.com/clipperhouse/uax29/v2 to v2.5.0 (#7857)
• 298cbed Upgrade semconv use to v1.39.0 (#7854)
• 3264bf1 refactor: modernize code (#7850)
• fd5d030 chore(deps): update module github.com/grpc-ecosystem/grpc-gateway/v2 to v2.27...
• 8d3b4cb chore(deps): update actions/cache action to v5.0.3 (#7847)
• 91f7cad chore(deps): update github.com/timakin/bodyclose digest to 73d1f95 (#7845)
• fdad1eb chore(deps): update module github.com/grpc-ecosystem/grpc-gateway/v2 to v2.27...
• c46d3ba chore(deps): update golang.org/x/telemetry digest to fcf36f6 (#7843)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[cla-assistant]

Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
_{You have signed the CLA already but the status is still pending? Let us recheck it.}