chore(deps): bump github.com/redpanda-data/connect/public/bundle/free/v4 from 4.94.1 to 4.95.0 in /collector in the benthos group across 1 directory

[dependabot]

Bumps the benthos group with 1 update in the /collector directory: github.com/redpanda-data/connect/public/bundle/free/v4.

Updates github.com/redpanda-data/connect/public/bundle/free/v4 from 4.94.1 to 4.95.0

Release notes

Sourced from github.com/redpanda-data/connect/public/bundle/free/v4's releases.

v4.95.0

For installation instructions check out the getting started guide.

Fixed

• kafka: Prevented spurious offset commits for revoked partitions during cooperative rebalances, strengthening the at-least-once delivery guarantee. (@​Jeffail, #4477)
• oracledb: Fixed a bug where integer-valued decimals from LogMiner redo were emitted as JSON numbers instead of canonical decimal strings, causing failures when encoding to Avro string-typed fields. (@​Jeffail, #4465)

The full change log can be found here.

Changelog

Sourced from github.com/redpanda-data/connect/public/bundle/free/v4's changelog.

4.95.0 - 2026-06-04

Fixed

• kafka: Prevented spurious offset commits for revoked partitions during cooperative rebalances, strengthening the at-least-once delivery guarantee. (@​Jeffail, #4477)
• oracledb: Fixed a bug where integer-valued decimals from LogMiner redo were emitted as JSON numbers instead of canonical decimal strings, causing failures when encoding to Avro string-typed fields. (@​Jeffail, #4465)

Commits

• 7cacf21 Update changelog for v4.95.0 (#4486)
• 2d15b6b deps: bump to Go 1.26.4 to address security fixes (#4483)
• 7057e7c kafka: prevent spurious offset commits for revoked partitions
• 26167f9 deps: update otel package to address cve in baggage package (#4470)
• 6a0b983 chore: update bundle dependencies for v4.94.1 (#4467)
• 6b47e2e changelog: bump v4.94.1 (#4466)
• See full diff in compare view

[greptile-apps]

Greptile Summary

This is a routine dependabot bump of github.com/redpanda-data/connect/public/bundle/free/v4 from v4.94.1 to v4.95.0 in the /collector module, along with a Go toolchain update from 1.26.3 to 1.26.4.

• Upgrades the Redpanda Connect free bundle to v4.95.0, which fixes spurious Kafka offset commits during cooperative rebalances and an OracleDB decimal-encoding bug; the upstream release also patches a CVE in the OpenTelemetry baggage package.
• Bumps the Go toolchain to 1.26.4 to incorporate upstream security fixes, and updates a transitive go-openapi/inflect dependency (v0.21.5 → v0.21.6).

Confidence Score: 5/5

Safe to merge — only dependency version bumps in go.mod/go.sum with no application code changes.

The change is limited to two auto-generated files (go.mod and go.sum). It bumps a patch-level release of the Redpanda Connect free bundle (bug fixes only: Kafka rebalance and OracleDB decimal encoding), updates the Go toolchain for security patches, and brings in a minor transitive dependency update. There are no behavioral changes to the collector application itself.

No files require special attention.

Important Files Changed

Filename	Overview
collector/go.mod	Bumps redpanda-data/connect bundles to v4.95.0 and Go toolchain to 1.26.4; changes are consistent and expected for this dependency upgrade.
collector/go.sum	Hash entries updated for redpanda-data/connect v4.95.0 and go-openapi/inflect v0.21.6; checksums are machine-generated and consistent with the go.mod changes.

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    A["collector module"] --> B["redpanda-data/connect/public/bundle/free/v4\nv4.94.1 → v4.95.0"]
    A --> C["redpanda-data/connect/v4\nv4.94.1 → v4.95.0 (indirect)"]
    A --> D["Go toolchain\n1.26.3 → 1.26.4"]
    B --> E["Fix: Kafka spurious offset commits\nduring cooperative rebalances"]
    B --> F["Fix: OracleDB integer decimal\nencoding for Avro"]
    B --> G["Fix: OpenTelemetry CVE\nin baggage package"]
    D --> H["Security fixes in Go runtime"]

Loading

%%{init: {'theme': 'base', 'themeVariables': {"darkMode": true, "background": "#0d1117", "primaryColor": "#21262d", "primaryTextColor": "#e6edf3", "primaryBorderColor": "#8b949e", "lineColor": "#8b949e", "textColor": "#e6edf3", "edgeLabelBackground": "#161b22", "actorBkg": "#21262d", "actorBorder": "#8b949e", "actorTextColor": "#e6edf3", "actorLineColor": "#8b949e", "signalColor": "#8b949e", "signalTextColor": "#e6edf3", "noteBkgColor": "#373320", "noteBorderColor": "#d4a72c", "noteTextColor": "#f0e6c0", "labelBoxBkgColor": "#21262d", "labelBoxBorderColor": "#8b949e", "labelTextColor": "#e6edf3", "loopTextColor": "#e6edf3", "activationBkgColor": "#30363d", "activationBorderColor": "#8b949e"}}}%%
flowchart TD
    A["collector module"] --> B["redpanda-data/connect/public/bundle/free/v4\nv4.94.1 → v4.95.0"]
    A --> C["redpanda-data/connect/v4\nv4.94.1 → v4.95.0 (indirect)"]
    A --> D["Go toolchain\n1.26.3 → 1.26.4"]
    B --> E["Fix: Kafka spurious offset commits\nduring cooperative rebalances"]
    B --> F["Fix: OracleDB integer decimal\nencoding for Avro"]
    B --> G["Fix: OpenTelemetry CVE\nin baggage package"]
    D --> H["Security fixes in Go runtime"]

Loading

_{Reviews (4): Last reviewed commit: "chore(deps): bump github.com/redpanda-da..." | Re-trigger Greptile}

[dependabot]

Looks like github.com/redpanda-data/connect/public/bundle/free/v4 is updatable in another way, so this is no longer needed.