Bump github.com/IBM/sarama from 1.46.3 to 1.47.0

[dependabot]

Bumps github.com/IBM/sarama from 1.46.3 to 1.47.0.

Release notes

Sourced from github.com/IBM/sarama's releases.

Version 1.47.0 (2026-02-27)

What's Changed

🎉 New Features / Improvements

• perf(admin): modernize DescribeCluster RPC handling by @​DCjanus in IBM/sarama#3390
• test: expand Java interop tests to cover all compression codecs by @​dnwe in IBM/sarama#3423

🐛 Fixes

• fix(client): add nilguards to updateBroker by @​dnwe in IBM/sarama#3393
• fix(broker): auto-close broken connections by @​DCjanus in IBM/sarama#3412
• fix: set version from IBM/sarama, not main app by @​adamdecaf in IBM/sarama#3415

🔧 Maintenance

• chore: finish up the move to atomic types by @​puellanivis in IBM/sarama#3399
• chore: tear down zk in functional tests by @​edoardocomar in IBM/sarama#3420
• chore: migrate from eapache/go-xerial-snappy to klauspost/compress/sn… by @​edoardocomar in IBM/sarama#3421
• fix(test): resolve FVT issues in Kafka v2.x interop tests by @​edoardocomar in IBM/sarama#3424
• feat: add kafka 4.1.1 constants and use in FVT by @​dnwe in IBM/sarama#3437
• chore: add Kafka 4.0.1 and replace 4.0.0 in FVT by @​edoardocomar in IBM/sarama#3439
• ci(lint): unblock Go 1.26 lint and handle gosec noise by @​DCjanus in IBM/sarama#3454

📦 Dependency updates

• chore(deps): update module golang.org/x/crypto to v0.45.0 [security] → v0.48.0 by @​renovate[bot] in #3383, #3425
• chore(deps): bump golang.org/x/crypto from 0.42.0 to 0.45.0 across /examples (consumergroup, exactly_once, sasl_scram_client, http_server, txn_producer, interceptors) by @​dependabot[bot] in #3382, #3381, #3380, #3379, #3378, #3377
• fix(deps): update module golang.org/x/sync to v0.18.0 by @​renovate[bot] in #3385
• fix(deps): update module golang.org/x/net to v0.49.0 → v0.51.0 by @​renovate[bot] and @​dependabot[bot] in #3426, #3427, #3453
• chore(deps): update golangci/golangci-lint-action action to v9 → v9.2.0 by @​renovate[bot] in #3370, #3400
• chore(deps): update dependency golangci/golangci-lint to v2.6.2 → v2.8.0 by @​renovate[bot] in #3366, #3401
• chore(deps): update docker/bake-action action to v6.10.0 by @​renovate[bot] in #3392
• chore(deps): update docker/setup-buildx-action action to v3.12.0 by @​renovate[bot] in #3416
• chore(deps): bump github.com/klauspost/compress from 1.18.1 to 1.18.4 by @​dependabot[bot] in #3397, #3430, #3442
• chore(deps): bump github.com/pierrec/lz4/v4 from 4.1.22 to 4.1.25 by @​dependabot[bot] in #3411, #3432
• chore(deps): bump the golang-x group across 1 directory with 2 updates by @​dependabot[bot] in #3405
• chore(deps): bump github.com/xdg-go/scram from 1.1.2 to 1.2.0 in /examples/sasl_scram_client by @​dependabot[bot] in #3394
• chore(deps): update dependency dominikh/go-tools to v2026 by @​renovate[bot] in #3446

New Contributors

• @​DCjanus made their first contribution in IBM/sarama#3390
• @​edoardocomar made their first contribution in IBM/sarama#3420
• @​adamdecaf made their first contribution in IBM/sarama#3415

Full Changelog: IBM/sarama@v1.46.3...v1.47.0

Commits

• c6a7ea0 chore(deps): bump github.com/klauspost/compress from 1.18.3 to 1.18.4 (#3442)
• 66eabe8 chore(deps): update dependency dominikh/go-tools to v2026 (#3446)
• e46c213 ci(gosec): suppress G117 and G704 false positives
• 7f0e26c ci(workflows): bump golangci-lint to v2.10.1
• 7a33045 chore(ci): Update registry.access.redhat.com/ubi9/ubi-minimal:9.7 Docker dige...
• 34acfaa chore(ci): bump the actions group with 2 updates (#3450)
• 4df4d82 chore(ci): bump github/codeql-action from 4.31.10 to 4.32.4 (#3451)
• d4862ce chore(deps): bump golang.org/x/net from 0.50.0 to 0.51.0 in the golang-x grou...
• c1bf7ec chore: add ai-assistance guidelines to CONTRIBUTING.md (#3452)
• 0a3b6e3 chore(ci): Update registry.access.redhat.com/ubi9/ubi-minimal:9.7 Docker dige...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[github-actions]

🏗️ Release Candidate Build

RC Tag: 0.4.0-rc.268.a2bfd484
Target Release: v0.4.0
Commit: a2bfd484f1304437b67230bceece73957706a5e0

Docker Images

Service	Image
apigw	docker.sunet.se/iam_vc/apigw:0.4.0-rc.268.a2bfd484
verifier	docker.sunet.se/iam_vc/verifier:0.4.0-rc.268.a2bfd484
registry	docker.sunet.se/iam_vc/registry:0.4.0-rc.268.a2bfd484
mockas	docker.sunet.se/iam_vc/mockas:0.4.0-rc.268.a2bfd484
issuer	docker.sunet.se/iam_vc/issuer:0.4.0-rc.268.a2bfd484
ui	docker.sunet.se/iam_vc/ui:0.4.0-rc.268.a2bfd484

Deploy with: VERSION=0.4.0-rc.268.a2bfd484 docker compose pull

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud