fix(deps): update module github.com/grafana/loki/v3 to v3.6.4 [security]

[renovate]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Change	Age	Confidence
github.com/grafana/loki/v3	v3.4.2 → v3.6.4

---

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

---

Grafana Loki Path Traversal - CVE-2021-36156 Bypass

CVE-2026-21726 / GHSA-497x-rrr9-68jp

More information

Details

The CVE-2021-36156 fix validates the namespace parameter for path traversal sequences after a single URL decode, by double encoding, an attacker can read files at the Ruler API endpoint /loki/api/v1/rules/{namespace}

Thanks to Prasanth Sundararajan for reporting this vulnerability.

Severity

• CVSS Score: 5.3 / 10 (Medium)
• Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

References

• https://nvd.nist.gov/vuln/detail/CVE-2026-21726
• https://grafana.com/security/security-advisories/cve-2026-21726
• https://github.com/advisories/GHSA-497x-rrr9-68jp

This data is provided by the GitHub Advisory Database (CC-BY 4.0).

---

Release Notes

grafana/loki (github.com/grafana/loki/v3)

v3.6.4

Compare Source

Features

• add rules check for namespace and group (#​20437) (#​20463) (7733ab1)

Bug Fixes

• Backport gzip fix release 3.6.x (#​20514) (d805266)
• deps: [Release 3.6.x] Update dskit to resolve Otel conflict (#​20368) (fb05a36)

v3.6.3

Compare Source

⚠ BREAKING CHANGES

• engine: Make scheduler aware of total compute capacity (#​19876)
• parsed labels should not override structured metadata (#​19991)
• engine: Share worker threads across all scheduler connections (#​20229)

Features

• ability to send query context for limit enforcement (#​19900) (1a66d2d)
• add downscalePermittedFunc to check downscale is permitted (#​20171) (c0c27b3)
• add gauge to track in-flight bytes (#​20091) (23ef8ec)
• add histogram loki_dataobj_consumer_flush_duration_seconds (#​20304) (5a5e90e)
• add loki health command (#​20313) (ef69cfd)
• add metric to track flush failures (#​20399) (ed4f27e)
• Add new dataobj builder flush criteria (#​20323) (498656b)
• Add partition state to consumption lag metric (#​19912) (91d4eb6)
• add prepare downscale handler (#​20007) (677b2ec)
• add processed records metric (#​20191) (333da73)
• add race tolerance to query-tee (#​20228) (014520a)
• Add resolved policy to blocked and enforced label error (#​19826) (48d13d1)
• add segmentation keys and resolver (#​19927) (c853f2c)
• add support for cancelation to copy and sort (#​20370) (6a8b879)
• Add support for storing chunk deletion markers in object storage instead of local disk (#​19689) (856c11d)
• add support for UpdateRates RPC to distributors (#​19918) (9018886)
• Add UpdateRates RPC, update rates from the frontend, return no-op in the service (#​19894) (e173cf4)
• canary: Support passing arbitrary set of labels to use for the query (#​17008) (993b3ae)
• check partition state in parallel (#​19884) (b8536aa)
• Client side index gateway shuffle sharding (#​20124) (326c7d1)
• dataobj-consumer add processed bytes metric (#​20303) (fba0c5d)
• decouple dataobj consumers from the reader service (#​20315) (c3e909d)
• disambiguate metadata for better scans (#​20245) (66fd9d8)
• don't tee unsampled queries (#​20306) (b975e48)
• enable racing in the querytee (#​20156) (23948c4)
• Enable support for max, min, max_over_time, min_over_time for new engine (#​19841) (b9a51f0)
• engine: add regexp parser support for log queries (#​20286) (5663f9c)
• engine: delegate metastore queries to engine (#​20189) (3a74fe7)
• engine: implement strict and keepEmpty logfmt parsing (#​19668) (01cab53)
• goldfish: add endpoints for serving stored results (#​19640) (e17ae2d)
• goldfish: mv comparison_status to db, add stats endpoint (#​19698) (c22e05c)
• Handle state change lock in prepare downscale (#​20141) (de092da)
• helm: nameOverride now passed through helm tpl function. (#​19590) (7f56fd2)
• helm: Add ability to toggle grpclb port for query frontend service (#​19609) (9c4f022)
• helm: Add startupProbe to distributor (#​20073) (5b76589)
• helm: allow configuration of service trafficDistribution parameter (#​19558) (55f95e3)
• helm: allow set topologySpreadConstraints on singleBinary (#​19534) (265601f)
• helm: make loki-canary readinessProbe configurable via values.yaml (#​19328) (7231766)
• helm: use fsGroupChangePolicy=OnRootMismatch to speed up pod starts (#​13942) (c7cec3a)
• implement query splitting in the query-tee (#​20039) (aab9e46)
• logcli: Allow custom headers to be passed (#​20231) (c524203)
• lokitool: Add regex namespace filtering (#​20209) (0c1561d)
• metastore: metastore DI (#​20253) (9be17c7)
• metastore: shard sections queries over index files (#​20134) (08e3c43)
• metastore: use arrow for scanning and blooms (#​20234) (e4ec844)
• operator: add option to disable ingress (#​19382) (9dc71a6)
• randomly distribute requests to the ingest-limits frontend (#​19840) (1605a38)
• remove final flush (#​20360) (3acb310)
• shuffle shard on tenant rate limit (#​19990) (3904c2b)
• ui: proxy analyze-labels to series with org id (#​19862) (e268173)
• write to dataobj partitions based on segmentation key (#​19946) (3a24f5d)

Bug Fixes

• apply missing middlewares to query-tee (#​20184) (b9c7ddd)
• avoid recalculating the segmentation key hash twice (#​19961) (8b78f79)
• bump helm deps, publish loki-helm-test w/ release (#​19939) (7e4e34e)
• cd: add loki-image to needs (#​19870) (a2c4ea6)
• compactor file descriptor leak (#​20077) (0c3dd8c)
• config: migrate renovate config (#​19436) (97745fe)
• dataobj: Flush into multiple index objects when ErrBuilderFull (#​19223) (32dbef9)
• deadlock on shutdown (#​20384) (272a278)
• deps: update dataobj-inspect transitive deps version (#​19813) (5b212b7)
• deps: update module cloud.google.com/go/bigtable to v1.41.0 (main) (#​20352) (6102309)
• deps: update module cloud.google.com/go/pubsub to v1.50.1 (main) (#​18624) (46038e4)
• deps: update module cloud.google.com/go/pubsub to v2 (main) (#​19803) (d47dde3)
• deps: update module cloud.google.com/go/storage to v1.57.1 (main) (#​19749) (7ce0bf0)
• deps: update module cloud.google.com/go/storage to v1.57.2 (main) (#​19893) (e342642)
• deps: update module cloud.google.com/go/storage to v1.58.0 (main) (#​20159) (e859215)
• deps: update module cloud.google.com/go/storage to v1.59.0 (main) (#​20407) (5c71db6)
• deps: update module github.com/alecthomas/chroma/v2 to v2.21.1 (main) (#​20353) (6ef5f5c)
• deps: update module github.com/alecthomas/chroma/v2 to v2.22.0 (main) (#​20409) (c64f044)
• deps: update module github.com/apache/arrow-go/v18 to v18.4.1 (main) (#​19750) (d76b3bf)
• deps: update module github.com/apache/arrow-go/v18 to v18.5.0 (main) (#​20354) (d0861a1)
• deps: update module github.com/aws/aws-sdk-go-v2 to v1.39.6 (main) (#​19751) (e2a5d59)
• deps: update module github.com/aws/aws-sdk-go-v2 to v1.40.1 (main) (#​20137) (e106809)
• deps: update module github.com/aws/aws-sdk-go-v2/config to v1.31.17 (main) (#​19773) (06ada46)
• deps: update module github.com/aws/aws-sdk-go-v2/config to v1.31.18 (main) (#​19844) (72c5d09)
• deps: update module github.com/aws/aws-sdk-go-v2/config to v1.31.20 (main) (#​19879) (47560eb)
• deps: update module github.com/aws/aws-sdk-go-v2/config to v1.32.0 (main) (#​19979) (08e7418)
• deps: update module github.com/aws/aws-sdk-go-v2/config to v1.32.1 (main) (#​20002) (e37d83f)
• deps: update module github.com/aws/aws-sdk-go-v2/config to v1.32.2 (main) (#​20059) (32f414c)
• deps: update module github.com/aws/aws-sdk-go-v2/config to v1.32.3 (main) (#​20138) (0d7444a)
• deps: update module github.com/aws/aws-sdk-go-v2/config to v1.32.6 (main) (#​20338) (6338096)
• deps: update module github.com/aws/aws-sdk-go-v2/config to v1.32.7 (main) (#​20401) (50ce71a)
• deps: update module github.com/aws/aws-sdk-go-v2/credentials to v1.18.21 (main) (#​19752) (aebeb3c)
• deps: update module github.com/aws/aws-sdk-go-v2/credentials to v1.18.24 (main) (#​19845) (7e78f8c)
• deps: update module github.com/aws/aws-sdk-go-v2/credentials to v1.19.2 (main) (#​19980) (c392438)
• deps: update module github.com/aws/aws-sdk-go-v2/credentials to v1.19.6 (main) (#​20339) (3f29cae)
• deps: update module github.com/aws/aws-sdk-go-v2/credentials to v1.19.7 (main) (#​20402) (f20228d)
• deps: update module github.com/aws/aws-sdk-go-v2/service/dynamodb to v1.52.4 (main) (#​19774) (b5b8dd0)
• deps: update module github.com/aws/aws-sdk-go-v2/service/dynamodb to v1.52.6 (main) (#​19846) (0b25758)
• deps: update module github.com/aws/aws-sdk-go-v2/service/dynamodb to v1.53.1 (main) (#​19981) (c45abe6)
• deps: update module github.com/aws/aws-sdk-go-v2/service/dynamodb to v1.53.2 (main) (#​20060) (36079fa)
• deps: update module github.com/aws/aws-sdk-go-v2/service/dynamodb to v1.53.3 (main) (#​20140) (bfa8c38)
• deps: update module github.com/aws/aws-sdk-go-v2/service/dynamodb to v1.53.5 (main) (#​20340) (6d5d21e)
• deps: update module github.com/aws/aws-sdk-go-v2/service/dynamodb to v1.53.6 (main) (#​20403) (31a870c)
• deps: update module github.com/aws/aws-sdk-go-v2/service/s3 to v1.88.4 (main) (#​19341) (0b0faf1)
• deps: update module github.com/aws/aws-sdk-go-v2/service/s3 to v1.89.2 (main) (#​19775) (0f37e57)
• deps: update module github.com/aws/aws-sdk-go-v2/service/s3 to v1.90.0 (main) (#​19785) (877a768)
• deps: update module github.com/aws/aws-sdk-go-v2/service/s3 to v1.90.2 (main) (#​19847) (b50f3e3)
• deps: update module github.com/aws/aws-sdk-go-v2/service/s3 to v1.92.0 (main) (#​19982) (db87de8)
• deps: update module github.com/aws/aws-sdk-go-v2/service/s3 to v1.92.1 (main) (#​20061) (a44b63c)
• deps: update module github.com/aws/aws-sdk-go-v2/service/s3 to v1.93.0 (main) (#​20142) (87f3b59)
• deps: update module github.com/aws/aws-sdk-go-v2/service/s3 to v1.95.0 (main) (#​20355) (d98d48b)
• deps: update module github.com/aws/aws-sdk-go-v2/service/s3 to v1.95.1 (main) (#​20406) (c7c1411)
• deps: update module github.com/aws/smithy-go to v1.23.2 (main) (#​19753) (61b8049)
• deps: update module github.com/aws/smithy-go to v1.24.0 (main) (#​20117) (b0efa70)
• deps: update module github.com/axiomhq/hyperloglog to v0.2.6 (main) (#​20341) (4469f82)
• deps: update module github.com/baidubce/bce-sdk-go to v0.9.251 (main) (#​19754) (7257d31)
• deps: update module github.com/baidubce/bce-sdk-go to v0.9.252 (main) (#​19972) (c4c5ed7)
• deps: update module github.com/baidubce/bce-sdk-go to v0.9.253 (main) (#​20125) (d28862b)
• deps: update module github.com/baidubce/bce-sdk-go to v0.9.256 (main) (#​20342) (69e6254)
• deps: update module github.com/bits-and-blooms/bloom/v3 to v3.7.1 (main) (#​19755) (af47e1f)
• deps: update module github.com/bmatcuk/doublestar/v4 to v4.9.2 (main) (#​20418) (078dc94)
• deps: update module github.com/coder/quartz to v0.3.0 (main) (#​19786) (6f784f9)
• deps: update module github.com/docker/docker to v28.5.2+incompatible (main) (#​19756) (1007ee4)
• deps: update module github.com/gocql/gocql to v2 (main) (#​19794) (898b6d2)
• deps: update module github.com/google/renameio/v2 to v2.0.1 (main) (#​19935) (f943b39)
• deps: update module github.com/google/renameio/v2 to v2.0.2 (main) (#​20411) (cc43074)
• deps: update module github.com/grafana/loki/v3 to v3.5.8 (main) (#​19757) (7c0921c)
• deps: update module github.com/grafana/loki/v3 to v3.6.0 (main) (#​19943) (2d00410)
• deps: update module github.com/grafana/loki/v3 to v3.6.1 (main) (#​19993) (116aa1c)
• deps: update module github.com/grafana/loki/v3 to v3.6.2 (main) (#​20057) (b4f6138)
• deps: update module github.com/grafana/loki/v3 to v3.6.3 (main) (#​20343) (d1ae7a1)
• deps: update module github.com/grpc-ecosystem/go-grpc-middleware/v2 to v2.3.3 (main) (#​19758) (8133da9)
• deps: update module github.com/hashicorp/consul/api to v1.33.0 (main) (#​19788) (e417259)
• deps: update module github.com/ibm/go-sdk-core/v5 to v5.21.1 (main) (#​19950) (cd408bc)
• deps: update module github.com/ibm/go-sdk-core/v5 to v5.21.2 (main) (#​19988) (d8ab970)
• deps: update module github.com/ibm/ibm-cos-sdk-go to v1.12.4 (main) (#​20146) (a80774b)
• deps: update module github.com/ibm/ibm-cos-sdk-go to v1.13.0 (main) (#​20364) (52d1d8d)
• deps: update module github.com/ibm/sarama to v1.46.3 (main) (#​19760) (4a19787)
• deps: update module github.com/influxdata/telegraf to v1.36.3 (main) (#​19796) (4911c98)
• deps: update module github.com/influxdata/telegraf to v1.36.4 (main) (#​19938) (d6147d8)
• deps: update module github.com/influxdata/telegraf to v1.37.0 (main) (#​20356) (dc1e0ae)
• deps: update module github.com/klauspost/compress to v1.18.1 (main) (#​19761) (c5e7293)
• deps: update module github.com/klauspost/compress to v1.18.2 (main) (#​20108) (f4f2b2a)
• deps: update module github.com/leodido/go-syslog/v4 to v4.3.0 (main) (#​19416) (036387b)
• deps: update module github.com/minio/minio-go/v7 to v7.0.97 (main) (#​19762) (ee2b424)
• deps: update module github.com/minio/minio-go/v7 to v7.0.98 (main) (#​20436) (cf89342)
• deps: update module github.com/ncw/swift/v2 to v2.0.5 (main) (#​19764) (fa5e144)
• deps: update module github.com/oschwald/geoip2-golang to v2 (main) (#​19799) (33eeab6)
• deps: update module github.com/oschwald/geoip2-golang/v2 to v2.0.1 (main) (#​20065) (ac5df60)
• deps: update module github.com/oschwald/geoip2-golang/v2 to v2.1.0 (main) (#​20357) (8853d71)
• deps: update module github.com/parquet-go/parquet-go to v0.26.0 (main) (#​20170) (9ffe31e)
• deps: update module github.com/parquet-go/parquet-go to v0.26.4 (main) (#​20344) (caa21ae)
• deps: update module github.com/parquet-go/parquet-go to v0.27.0 (main) (#​20426) (a283eac)
• deps: update module github.com/prometheus/alertmanager to v0.29.0 (main) (#​19797) (5ec7ddc)
• deps: update module github.com/prometheus/alertmanager to v0.30.0 (main) (#​20358) (f53a609)
• deps: update module github.com/prometheus/client_golang to v1.23.2 (main) (#​19763) (8317f7e)
• deps: update module github.com/prometheus/common to v0.67.3 (main) (#​19906) (aafc579)
• deps: update module github.com/prometheus/common to v0.67.4 (main) (#​19994) (ccc6d73)
• deps: update module github.com/prometheus/common to v0.67.5 (main) (#​20363) (aaacbf4)
• deps: update module github.com/prometheus/prometheus to v0.307.3 (main) (#​19800) (7912a67)
• deps: update module github.com/prometheus/prometheus to v0.308.0 (main) (#​20131) (0aac50b)
• deps: update module github.com/prometheus/prometheus to v0.308.1 (main) (#​20346) (393d4cd)
• deps: update module github.com/prometheus/prometheus to v0.309.1 (main) (#​20388) (bf79bcf)
• deps: update module github.com/prometheus/sigv4 to v0.3.0 (main) (#​19801) (adaf758)
• deps: update module github.com/prometheus/sigv4 to v0.4.0 (main) (#​20386) (2f80526)
• deps: update module github.com/redis/go-redis/v9 to v9.16.0 (main) (#​19819) (ea00c15)
• deps: update module github.com/redis/go-redis/v9 to v9.17.0 (main) (#​19977) (723ff2d)
• deps: update module github.com/redis/go-redis/v9 to v9.17.1 (main) (#​20063) (69fdd6c)
• deps: update module github.com/redis/go-redis/v9 to v9.17.2 (main) (#​20116) (434a929)
• deps: update module github.com/schollz/progressbar/v3 to v3.19.0 (main) (#​20365) (0b238bc)
• deps: update module github.com/shirou/gopsutil/v4 to v4.25.10 (main) (#​19765) (363dd11)
• deps: update module github.com/shirou/gopsutil/v4 to v4.25.11 (main) (#​20066) (76cc947)
• deps: update module github.com/shirou/gopsutil/v4 to v4.25.12 (main) (#​20347) (0740eb8)
• deps: update module github.com/sirupsen/logrus to v1.9.4 (main) (#​20447) (35c8df7)
• deps: update module github.com/sony/gobreaker/v2 to v2.4.0 (main) (#​20366) (090ffd5)
• deps: update module github.com/tjhop/slog-gokit to v0.1.5 (main) (#​19808) (615413e)
• deps: update module github.com/twmb/franz-go to v1.20.2 (main) (#​19789) (5264a7e)
• deps: update module github.com/twmb/franz-go to v1.20.3 (main) (#​19812) (ceb7c84)
• deps: update module github.com/twmb/franz-go to v1.20.4 (main) (#​19902) (57b8346)
• deps: update module github.com/twmb/franz-go to v1.20.5 (main) (#​20038) (c9a30b1)
• deps: update module github.com/twmb/franz-go to v1.20.6 (main) (#​20348) (5ee4fee)
• deps: update module github.com/twmb/franz-go/pkg/kadm to v1.17.1 (main) (#​19790) (1dad0be)
• deps: update module github.com/twmb/franz-go/pkg/kmsg to v1.12.0 (main) (#​19791) (f28c247)
• deps: update module github.com/workiva/go-datastructures to v1.1.7 (main) (#​19766) (f5e0683)
• deps: update module github.com/xdg-go/scram to v1.2.0 (main) (#​20046) (9e52320)
• deps: update module go.opentelemetry.io/collector/pdata to v1.46.0 (main) (#​19802) (87b558c)
• deps: update module go.opentelemetry.io/collector/pdata to v1.47.0 (main) (#​20112) (e5bf3bc)
• deps: update module go.opentelemetry.io/collector/pdata to v1.49.0 (main) (#​20371) (7d759f2)
• deps: update module go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc to v0.64.0 (main) (#​20372) (9da1b1b)
• deps: update module go.opentelemetry.io/contrib/instrumentation/net/http/httptrace/otelhttptrace to v0.64.0 (main) (#​20373) (719635a)
• deps: update module go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp to v0.64.0 (main) (#​20374) (f1b3e1b)
• deps: update module go.opentelemetry.io/otel/sdk to v1.39.0 (main) (#​20376) (95b82d6)
• deps: update module golang.org/x/crypto to v0.44.0 (main) (#​19776) (c85c67a)
• deps: update module golang.org/x/net to v0.46.0 (main) (#​19777) (27740ca)
• deps: update module golang.org/x/net to v0.47.0 (main) (#​19850) (5c422a6)
• deps: update module golang.org/x/oauth2 to v0.33.0 (main) (#​19778) (1954778)
• deps: update module golang.org/x/oauth2 to v0.34.0 (main) (#​20160) (ebf7b93)
• deps: update module golang.org/x/sync to v0.18.0 (main) (#​19779) (8772fad)
• deps: update module golang.org/x/sync to v0.19.0 (main) (#​20161) (817b9d8)
• deps: update module golang.org/x/sys to v0.38.0 (main) (#​19780) (92a8518)
• deps: update module golang.org/x/sys to v0.39.0 (main) (#​20162) (f0a9bae)
• deps: update module golang.org/x/sys to v0.40.0 (main) (#​20378) (9538b20)
• deps: update module golang.org/x/text to v0.30.0 (main) (#​19781) (61e06a3)
• deps: update module golang.org/x/text to v0.31.0 (main) (#​19851) (af03168)
• deps: update module golang.org/x/text to v0.33.0 (main) (#​20408) (9fd6733)
• deps: update module golang.org/x/time to v0.14.0 (main) (#​19782) (74f68fa)
• deps: update module google.golang.org/api to v0.255.0 (main) (#​19792) (aba027b)
• deps: update module google.golang.org/api to v0.256.0 (main) (#​19852) (145b063)
• deps: update module google.golang.org/api to v0.257.0 (main) (#​20143) (5f1da75)
• deps: update module google.golang.org/grpc to v1.76.0 (main) (#​19422) (2e1c644)
• deps: update module google.golang.org/grpc to v1.77.0 (main) (#​19945) (f3213bb)
• deps: update module google.golang.org/protobuf to v1.36.11 (main) (#​20349) (a80b52e)
• deps: update module k8s.io/apimachinery to v0.34.2 (main) (#​19793) (6d4cf98)
• deps: update module k8s.io/apimachinery to v0.34.3 (main) (#​20187) (d4814ec)
• deps: update module k8s.io/apimachinery to v0.35.0 (main) (#​20381) (731e067)
• Do not override S3 region if already specified in configuration chain (#​20127) (0046bfb)
• docker: missing permissions to start docker (#​19947) (39d2bea)
• docker: set WORKDIR to root in loki Dockerfiles (#​19941) (13f2b1a)
• Empty keys are returned if desired in v2 engine (#​19717) (36613bd)
• engine: unset write and read deadlines for wire listeners (#​19828) (9b001df)
• enginev2: Always compute summary when creating the stats object (#​20224) (ea88458)
• enginev2: Close pipeline before building query results (#​20100) (99ba51e)
• errors in parse pipeline (#​19667) (dd6b314)
• Evaluation time in Goldfish query comparator (#​20425) (e772ef4)
• expose RDS args for goldfish ui (#​19724) (b2396e1)
• Fix regression in S3 client configuration (#​20110) (d3f9532), closes #​19908
• goldfish: add tolerance check to mismatches in the query-tee (#​20004) (581519e)
• helm: Add startup probe read (#​19708) (bce87fb)
• helm: Apply fix from #​14126 to example (#​20252) (716563a)
• helm: correct GEL provisioner tenant creation instructions (#​20271) ([9

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • ""
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[renovate]

ℹ️ Artifact update notice

File name: go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

• 36 additional dependencies were updated

Details:

Package	Change
github.com/prometheus/prometheus	v0.303.1 -> v0.305.1-0.20250806170547-208187eaa19b
github.com/stretchr/testify	v1.10.0 -> v1.11.1
dario.cat/mergo	v1.0.1 -> v1.0.2
github.com/go-logfmt/logfmt	v0.6.0 -> v0.6.1
github.com/grafana/dskit	v0.0.0-20241007172036-53283a0f6b41 -> v0.0.0-20250917065751-798f5a8fa154
github.com/grafana/gomemcache	v0.0.0-20240229205252-cd6a66d6fb56 -> v0.0.0-20250828162811-a96f6acee2fe
github.com/grafana/loki/pkg/push	v0.0.0-20240924133635-758364c7775f -> v0.0.0-20250630054201-94c0ba7b0952
github.com/hashicorp/consul/api	v1.32.0 -> v1.32.1
github.com/hashicorp/go-msgpack/v2	v2.1.1 -> v2.1.2
github.com/hashicorp/memberlist	v0.5.1 -> v0.5.3
github.com/hashicorp/serf	v0.10.1 -> v0.10.2
github.com/mattn/go-colorable	v0.1.13 -> v0.1.14
github.com/miekg/dns	v1.1.66 -> v1.1.68
github.com/modern-go/reflect2	v1.0.2 -> v1.0.3-0.20250322232337-35a7c28c31ee
github.com/opentracing-contrib/go-grpc	v0.1.1 -> v0.1.2
github.com/prometheus/procfs	v0.16.1 -> v0.17.0
github.com/redis/go-redis/v9	v9.7.0 -> v9.10.0
github.com/sony/gobreaker/v2	v2.1.0 -> v2.3.0
github.com/spf13/cast	v1.7.0 -> v1.7.1
go.etcd.io/etcd/api/v3	v3.5.21 -> v3.6.6
go.opentelemetry.io/collector/pdata	v1.35.0 -> v1.43.0
golang.org/x/crypto	v0.41.0 -> v0.45.0
golang.org/x/exp	v0.0.0-20250408133849-7e4ce0ab07d0 -> v0.0.0-20250711185948-6ae5c78190dc
golang.org/x/mod	v0.27.0 -> v0.29.0
golang.org/x/net	v0.43.0 -> v0.47.0
golang.org/x/oauth2	v0.30.0 -> v0.31.0
golang.org/x/sync	v0.16.0 -> v0.18.0
golang.org/x/sys	v0.35.0 -> v0.38.0
golang.org/x/term	v0.34.0 -> v0.37.0
golang.org/x/text	v0.28.0 -> v0.31.0
golang.org/x/time	v0.12.0 -> v0.13.0
golang.org/x/tools	v0.36.0 -> v0.38.0
google.golang.org/genproto/googleapis/api	v0.0.0-20250603155806-513f23925822 -> v0.0.0-20250818200422-3122310a409c
google.golang.org/genproto/googleapis/rpc	v0.0.0-20250603155806-513f23925822 -> v0.0.0-20251002232023-7c0ddcbb5797
google.golang.org/grpc	v1.73.0 -> v1.75.1
google.golang.org/protobuf	v1.36.6 -> v1.36.10