chore(deps): bump the go-minor group across 1 directory with 30 updates by dependabot[bot] · Pull Request #6425 · akuity/kargo

dependabot · 2026-06-07T05:27:27Z

Bumps the go-minor group with 18 updates in the / directory:

Package	From	To
code.gitea.io/sdk/gitea	`0.22.1`	`0.25.1`
github.com/Azure/azure-sdk-for-go/sdk/azcore	`1.20.0`	`1.22.0`
github.com/Masterminds/semver/v3	`3.4.0`	`3.5.0`
github.com/aws/aws-sdk-go-v2/service/ecr	`1.55.4`	`1.58.3`
github.com/aws/aws-sdk-go-v2/service/sts	`1.42.1`	`1.43.2`
github.com/bmatcuk/doublestar/v4	`4.9.2`	`4.10.0`
github.com/coreos/go-oidc/v3	`3.17.0`	`3.18.0`
github.com/gin-gonic/gin	`1.11.0`	`1.12.0`
github.com/go-openapi/runtime	`0.31.0`	`0.32.3`
github.com/google/go-containerregistry	`0.20.7`	`0.21.6`
github.com/jferrl/go-githubauth	`1.5.1`	`1.6.0`
github.com/pelletier/go-toml/v2	`2.2.4`	`2.3.1`
gitlab.com/gitlab-org/api/client-go	`1.13.0`	`1.46.0`
go.uber.org/zap	`1.27.1`	`1.28.0`
golang.org/x/crypto	`0.51.0`	`0.52.0`
google.golang.org/api	`0.259.0`	`0.283.0`
helm.sh/helm/v3	`3.19.5`	`3.21.0`
sigs.k8s.io/controller-runtime	`0.22.4`	`0.23.3`

Updates code.gitea.io/sdk/gitea from 0.22.1 to 0.25.1

Updates github.com/Azure/azure-sdk-for-go/sdk/azcore from 1.20.0 to 1.22.0

Release notes

Sourced from github.com/Azure/azure-sdk-for-go/sdk/azcore's releases.

sdk/azcore/v1.22.0

1.22.0 (2026-06-04)

Features Added

Added type datetime.RFC7231 for date/time values in RFC 1123 format with a fixed GMT timezone.

Other Changes

Upgraded dependencies.

Commits

a19f613 Prep azcore@v1.22.0 for release (#26926)
5803c0e Increment package version after release of storage/azblob (#26935) (#26943)
9a979ff [Automation] Regenerate SDK based on typespec-go branch main 【batch 6】 (#26939)
711094d eng/tools/generator: release v0.4.14 (#26934)
20bd677 Deprecate Change Analysis SDK (#26913)
92a31ec [Automation] Regenerate SDK based on typespec-go branch main 【batch 5】 (#26932)
768459d azcertificates: live recording for PlatformManaged + review fixes (follow-up ...
e845f72 Update codeowners (#26918)
118bb35 eng/tools/internal/exports: handle untyped const with selector expr value (#2...
2b3767b Configurations: 'specification/containerservice/resource-manager/Microsoft.C...
Additional commits viewable in compare view

Updates github.com/Masterminds/semver/v3 from 3.4.0 to 3.5.0

Release notes

Sourced from github.com/Masterminds/semver/v3's releases.

v3.5.0

What's Changed

Adding more prerelease tests by @mattfarina in Masterminds/semver#273

Update constraint error messages by @mattfarina in Masterminds/semver#278

Fix edge cases by @mattfarina in Masterminds/semver#279

Adding some checks in by @mattfarina in Masterminds/semver#280

Updating deps by @mattfarina in Masterminds/semver#281

Bump github/codeql-action from 4.35.1 to 4.35.2 by @dependabot[bot] in Masterminds/semver#282

Bump actions/cache from 4.2.3 to 5.0.5 by @dependabot[bot] in Masterminds/semver#283

Bump golangci/golangci-lint-action from 7.0.1 to 9.2.0 by @dependabot[bot] in Masterminds/semver#284

Updating gitignore for devcontainers by @mattfarina in Masterminds/semver#286

Fixing some quality issues by @mattfarina in Masterminds/semver#287

New Contributors

@dependabot[bot] made their first contribution in Masterminds/semver#282

Full Changelog: Masterminds/semver@v3.4.0...v3.5.0

Changelog

Sourced from github.com/Masterminds/semver/v3's changelog.

Changelog

Commits

8b89c86 Merge pull request #287 from mattfarina/fix-da-issues
29d51d0 Fixing some quality issues
87f651d Merge pull request #286 from mattfarina/update-devcontainer
158a685 Updating gitignore for devcontainers
7e83c08 Merge pull request #284 from Masterminds/dependabot/github_actions/golangci/g...
697e27f Merge pull request #283 from Masterminds/dependabot/github_actions/actions/ca...
1591f8e Merge pull request #282 from Masterminds/dependabot/github_actions/github/cod...
3f5ff17 Bump golangci/golangci-lint-action from 7.0.1 to 9.2.0
04baa33 Bump actions/cache from 4.2.3 to 5.0.5
45939fe Bump github/codeql-action from 4.35.1 to 4.35.2
Additional commits viewable in compare view

Updates github.com/aws/aws-sdk-go-v2/service/ecr from 1.55.4 to 1.58.3

Commits

5102c2e Release 2024-08-02
001b1fd Regenerated Clients
0897137 Update API model
a274795 add assurance tests for auth scheme select (#2730)
2d43bf8 Release 2024-08-01
5bd193d Regenerated Clients
5954703 Update API model
0c73d2b Release 2024-07-30
3102b1f Regenerated Clients
348b939 Update endpoints model
Additional commits viewable in compare view

Updates github.com/aws/aws-sdk-go-v2/service/sts from 1.42.1 to 1.43.2

Commits

b4d02c5 Release 2026-06-02
48e375b Regenerated Clients
b8a4fc1 Update API model
e8627b4 Merge pull request #3430 from aws/fix-remove-ioutil
4e258a3 chore: update changelog description per review
e1176df chore: add changelog entry
a157f15 chore: regenerate SDK with new smithy-go
0d4a893 chore: bump SMITHY_GO_CODEGEN_VERSION for ioutil cleanup
858d954 fix: remove deprecated io/ioutil from codegen templates
35a3c50 Release 2026-06-01
Additional commits viewable in compare view

Updates github.com/bmatcuk/doublestar/v4 from 4.9.2 to 4.10.0

Release notes

Sourced from github.com/bmatcuk/doublestar/v4's releases.

Added WithNoHidden option

Added support for a WithNoHidden option to ignore hidden files in patterns that might unintentionally match them. For example, a .config directory would not be matched by * or recursed into by **, but would be matched by .* or recursed by .config/**.

Thanks to @lukasngl for the initial PR and idea!

What's Changed

feat: add WithNoHidden option to skip hidden files by @lukasngl in bmatcuk/doublestar#109

New Contributors

@lukasngl made their first contribution in bmatcuk/doublestar#109

Full Changelog: bmatcuk/doublestar@v4.9.2...v4.10.0

Commits

a9ad9e0 allow starting test manually
9987c0c update docs
d3b2184 windows support for WithNoHidden; better tests
5d6a6cd Merge branch 'lukasngl-feat/no-hidden'
e8319d2 run tests when a branch/tag is created
614b331 run tests when a branch/tag is created
df2e03f feat: add WithNoHidden option to skip hidden files
See full diff in compare view

Updates github.com/coreos/go-oidc/v3 from 3.17.0 to 3.18.0

Release notes

Sourced from github.com/coreos/go-oidc/v3's releases.

v3.18.0

What's Changed

.github: configure dependabot by @ericchiang in coreos/go-oidc#477

.github: update go versions in CI by @ericchiang in coreos/go-oidc#480

build(deps): bump golang.org/x/oauth2 from 0.28.0 to 0.36.0 by @dependabot[bot] in coreos/go-oidc#478

build(deps): bump github.com/go-jose/go-jose/v4 from 4.1.3 to 4.1.4 by @dependabot[bot] in coreos/go-oidc#479

Full Changelog: coreos/go-oidc@v3.17.0...v3.18.0

Commits

da6b3bf build(deps): bump github.com/go-jose/go-jose/v4 from 4.1.3 to 4.1.4
7f80694 build(deps): bump golang.org/x/oauth2 from 0.28.0 to 0.36.0
7271de5 .github: update go versions in CI
3ccf20f .github: configure dependabot
See full diff in compare view

Updates github.com/gin-gonic/gin from 1.11.0 to 1.12.0

Release notes

Sourced from github.com/gin-gonic/gin's releases.

v1.12.0

Changelog

Features

192ac89eefc1c30f7c97ae48a9ffb1c6f1c8c8bc: feat(binding): add support for encoding.UnmarshalText in uri/query binding (#4203) (@takanuva15)

53410d2e07054369e0960fbe2eed97e1b9966f12: feat(context): add GetError and GetErrorSlice methods for error retrieval (#4502) (@raju-mechatronics)

acc55e049e33b401e810dbd8c0d6dcb6b3ba2b05: feat(context): add Protocol Buffers support to content negotiation (#4423) (@1911860538)

38e765119241d990705169bedb5002a29ae0cbd1: feat(context): implemented Delete method (@Spyder01)

771dcc6476d7bc6abb9ec0235ecefa4d38fe6fb0: feat(gin): add option to use escaped path (#4420) (@ldesauw)

4dec17afdff48e8018c83618fbbe69fceeb2b41d: feat(logger): color latency (#4146) (@wsyqn6)

d7776de7d444935ea4385999711bd6331a98fecb: feat(render): add bson protocol (#4145) (@laurentcau)

Bug fixes

b917b14ff9d189f16a7492be79d123a47806ee19: fix(binding): empty value error (#2169) (@guonaihong)

c3d1092b3b48addf6f9cd00fe274ec3bd14650eb: fix(binding): improve empty slice/array handling in form binding (#4380) (@1911860538)

9914178584e42458ff7d23891463a880f58c9d86: fix(context): ClientIP handling for multiple X-Forwarded-For header values (#4472) (@Nurysso)

2a794cd0b0faa7d829291375b27a3467ea972b0d: fix(debug): version mismatch (#4403) (@zeek0x)

c3d5a28ed6d3849da820195b6774d212bcc038a9: fix(gin): close os.File in RunFd to prevent resource leak (#4422) (@1911860538)

5fad976b372e381312f8de69f0969f1284d229d3: fix(gin): literal colon routes not working with engine.Handler() (#4415) (@pawannn)

63dd3e60cab89c27fb66bce1423bd268d52abad1: fix(recover): suppress http.ErrAbortHandler in recover (#4336) (@MondayCha)

5c00df8afadd06cc5be530dde00fe6d9fa4a2e4a: fix(render): write content length in Data.Render (#4206) (@dengaleev)

234a6d4c00cb77af9852aca0b8289745d5529b4b: fix(response): refine hijack behavior for response lifecycle (#4373) (@appleboy)

472d086af2acd924cb4b9d7be0525f7d790f69bc: fix(tree): panic in findCaseInsensitivePathRec with RedirectFixedPath (#4535) (@veeceey)

8e07d37c63e5536eb25f4af4c91eabeee4011fba: fix: Correct typos, improve documentation clarity, and remove dead code (#4511) (@mahanadh)

Enhancements

ba093d19477b896ac89a7fc3246af23d290b8e26: chore(binding): upgrade bson dependency to mongo-driver v2 (#4549) (@BobDu)

b2b489dbf4826c2c630717a77fd5e42774625410: chore(context): always trust xff headers from unix socket (#3359) (@WeidiDeng)

ecb3f7b5e2f3915bf1db240ed5eee572f8dbea36: chore(deps): upgrade golang.org/x/crypto to v0.45.0 (#4449) (@appleboy)

af6e8b70b8261bb0c99ad094fe552ab92991620a: chore(deps): upgrade quic-go to v0.57.1 (@appleboy)

db309081bc5c137b2aa15701ef53f7f19788da25: chore(logger): allow skipping query string output (#4547) (@USA-RedDragon)

26c3a628655cad2388380cb8102d6ce7d4875f3b: chore(response): prevent Flush() panic when http.Flusher (#4479) (@Twacqwq)

5dd833f1f26de0eb30eae47b17e05ced2482dc41: chore: bump minimum Go version to 1.24 and update workflows (#4388) (@appleboy)

Refactor

39858a0859c914bd26948fa950477e11bd8d3823: refactor(binding): use maps.Copy for cleaner map handling (#4352) (@russcoss)

c0048f645ee945c4db30593afdea10123e2c30a6: refactor(context): omit the return value names (#4395) (@wanghaolong613)

915e4c90d28ec4cffc6eb146e208ab5a65eac772: refactor(context): replace hardcoded localhost IPs with constants (#4481) (@pauloappbr)

414de60574449457f3192a7a1d5528940db2836d: refactor(context): using maps.Clone (#4333) (@cuiweixie)

59e9d4a794f12c4f9a6c7bed441b9644e5f6d99b: refactor(ginS): use sync.OnceValue to simplify engine function (#4314) (@1911860538)

3ab698dc5110af1977d57226e4995c57dd34c233: refactor(recovery): smart error comparison (#4142) (@zeek0x)

d1a15347b1e45a8ee816193d3578a93bfd73b70f: refactor(utils): move util functions to utils.go (#4467) (@zeek0x)

e3118cc378d263454098924ebbde7e8d1dd2e904: refactor: for loop can be modernized using range over int (#4392) (@wanghaolong613)

488f8c3ffa579a8d19beb2bae95ff8ef36b3d53f: refactor: replace magic numbers with named constants in bodyAllowedForStatus (#4529) (@veeceey)

9968c4bf9d5a99edc3eee2c068a4c9160ece8915: refactor: use b.Loop() to simplify the code and improve performance (#4389) (@reddaisyy)

a85ef5ce4d0cda8834c59c855068ed48b51192d1: refactor: use b.Loop() to simplify the code and improve performance (#4432) (@efcking)

Build process updates

61b67de522a189b568aced4c5c16917c558e3387: ci(bot): increase frequency and group updates for dependencies (#4367) (@appleboy)

fb27ef26c2fdfe25344b4c039d8a53551f9e912c: ci(lint): refactor test assertions and linter configuration (#4436) (@appleboy)

93ff771e6dbf10e432864b30f3719ac5c84a4d4a: ci(sec): improve type safety and server organization in HTTP middleware (#4437) (@appleboy)

e88fc8927a52b74f55bec0351604a56ac0aa1c51: ci(sec): schedule Trivy security scans to run daily at midnight UTC (#4439) (@appleboy)

5e5ff3ace496a31b138b0820136a146bfb5de0ef: ci: replace vulnerability scanning workflow with Trivy integration (#4421) (@appleboy)

00900fb3e1ea9dde33985a0e4f6afec793d5e786: ci: update CI workflows and standardize Trivy config quotes (#4531) (@appleboy)

ae3f524974fc4f55d18c9e7fae4614503c015226: ci: update Go version support to 1.25+ across CI and docs (#4550) (@appleboy)

... (truncated)

Changelog

Sourced from github.com/gin-gonic/gin's changelog.

Gin v1.12.0

Features

feat(render): add bson protocol (#4145)

feat(context): add GetError and GetErrorSlice methods for error retrieval (#4502)

feat(binding): add support for encoding.UnmarshalText in uri/query binding (#4203)

feat(gin): add option to use escaped path (#4420)

feat(context): add Protocol Buffers support to content negotiation (#4423)

feat(context): implemented Delete method (#38e7651)

feat(logger): color latency (#4146)

Enhancements

perf(tree): reduce allocations in findCaseInsensitivePath (#4417)

perf(recovery): optimize line reading in stack function (#4466)

perf(path): replace regex with custom functions in redirectTrailingSlash (#4414)

perf(tree): optimize path parsing using strings.Count (#4246)

chore(logger): allow skipping query string output (#4547)

chore(context): always trust xff headers from unix socket (#3359)

chore(response): prevent Flush() panic when the underlying ResponseWriter does not implement http.Flusher (#4479)

refactor(recovery): smart error comparison (#4142)

refactor(context): replace hardcoded localhost IPs with constants (#4481)

refactor(utils): move util functions to utils.go (#4467)

refactor(binding): use maps.Copy for cleaner map handling (#4352)

refactor(context): using maps.Clone (#4333)

refactor(ginS): use sync.OnceValue to simplify engine function (#4314)

refactor: replace magic numbers with named constants in bodyAllowedForStatus (#4529)

refactor: for loop can be modernized using range over int (#4392)

Bug Fixes

fix(tree): panic in findCaseInsensitivePathRec with RedirectFixedPath (#4535)

fix(render): write content length in Data.Render (#4206)

fix(context): ClientIP handling for multiple X-Forwarded-For header values (#4472)

fix(binding): empty value error (#2169)

fix(recover): suppress http.ErrAbortHandler in recover (#4336)

fix(gin): literal colon routes not working with engine.Handler() (#4415)

fix(gin): close os.File in RunFd to prevent resource leak (#4422)

fix(response): refine hijack behavior for response lifecycle (#4373)

fix(binding): improve empty slice/array handling in form binding (#4380)

fix(debug): version mismatch (#4403)

fix: correct typos, improve documentation clarity, and remove dead code (#4511)

Build process updates / CI

ci: update Go version support to 1.25+ across CI and docs (#4550)

chore(binding): upgrade bson dependency to mongo-driver v2 (#4549)

Commits

73726dc docs: update documentation to reflect Go version changes (#4552)
e292e5c docs: document and finalize Gin v1.12.0 release (#4551)
ae3f524 ci: update Go version support to 1.25+ across CI and docs (#4550)
38534e2 chore(deps): bump golang.org/x/net from 0.50.0 to 0.51.0 (#4548)
472d086 fix(tree): panic in findCaseInsensitivePathRec with RedirectFixedPath (#4535)
fb25834 test(context): use http.StatusContinue constant instead of magic number 100 (...
6f1d5fe test(render): add comprehensive error handling tests (#4541)
5c00df8 fix(render): write content length in Data.Render (#4206)
db30908 chore(logger): allow skipping query string output (#4547)
ba093d1 chore(binding): upgrade bson dependency to mongo-driver v2 (#4549)
Additional commits viewable in compare view

Updates github.com/go-openapi/runtime from 0.31.0 to 0.32.3

Release notes

Sourced from github.com/go-openapi/runtime's releases.

v0.32.3

0.32.3 - 2026-06-02

Full Changelog: go-openapi/runtime@v0.32.2...v0.32.3

6 commits in this release.

Implemented enhancements

feat(ci): added shared workflow for bot-pr monitoring by @fredbi ...

Documentation

doc: updated contributors file by @bot-go-openapi[bot] in #478 ...

Miscellaneous tasks

chore: prepare release v0.32.3 by @bot-go-openapi[bot] in #480 ...

chore: updated dependencies by @fredbi in #479 ...

Updates

build(deps): bump the other-dependencies group across 2 directories with 3 updates by @dependabot[bot] in #477 ...

build(deps): bump the go-openapi-dependencies group across 2 directories with 1 update by @dependabot[bot] in #476 ...

People who contributed to this release

@fredbi

runtime license terms

Per-module changes

... (truncated)

Commits

6c3a7fd chore: prepare release v0.32.3
1733ca7 chore: updated dependencies (#479)
7a7ea03 feat(ci): added shared workflow for bot-pr monitoring
d4d7f7d doc: updated contributors file
6937b17 build(deps): bump the other-dependencies group across 2 directories with 3 up...
4361051 build(deps): bump the go-openapi-dependencies group across 2 directories with...
a357ecf chore: prepare release v0.32.2
10b4d12 fix(client): added a guard to avoid the client to panic (#474)
ea80e5a chore: prepare release v0.32.1
01f5c55 doc: documented SkipAuth feature with build tag (#472)
Additional commits viewable in compare view

Updates github.com/go-openapi/strfmt from 0.26.2 to 0.26.3

Release notes

Sourced from github.com/go-openapi/strfmt's releases.

v0.26.3

0.26.3 - 2026-05-31

Full Changelog: go-openapi/strfmt@v0.26.2...v0.26.3

15 commits in this release.

Documentation

fix(ci): typo in sha by @fredbi ...

doc: updated contributors file by @bot-go-openapi[bot] in #258 ...

doc: updated contributors file by @bot-go-openapi[bot] in #251 ...

Miscellaneous tasks

chore: prepare release v0.26.3 by @bot-go-openapi[bot] in #260 ...

fix(ci): monitor - work around dependabot identity requirements by @fredbi ...

fix(ci): updated shared ci worflows (fix monitor-bot identity) by @fredbi ...

fix(ci): updated shared ci worflows (fix monitor-bot permissions) by @fredbi ...

fix(ci): updated shared ci worflows (fix monitor-bot filter) by @fredbi in #259 ...

ci: schedule bot PR monitoring by @fredbi in #257 ...

Updates

build(deps): bump the other-dependencies group across 3 directories with 2 updates by @dependabot[bot] in #252 ...

build(deps): bump golang.org/x/net from 0.54.0 to 0.55.0 in the golang-org-dependencies group across 1 directory by @dependabot[bot] in #255 ...

build(deps): bump the go-openapi-dependencies group across 2 directories with 1 update by @dependabot[bot] in #256 ...

build(deps): bump the development-dependencies group with 8 updates by @dependabot[bot] in #254 ...

build(deps): bump golang.org/x/net from 0.53.0 to 0.54.0 in the golang-org-dependencies group across 1 directory by @dependabot[bot] in #253 ...

build(deps): bump the go-openapi-dependencies group across 2 directories with 1 update by @dependabot[bot] in #249 ...

People who contributed to this release

@fredbi

strfmt license terms

[][license-url]

... (truncated)

Commits

d93543f chore: prepare release v0.26.3
7841767 build(deps): bump the other-dependencies group across 3 directories with 2 up...
f041a88 build(deps): bump golang.org/x/net
6ac9968 build(deps): bump the go-openapi-dependencies group across 2 directories with...
1d31844 fix(ci): monitor - work around dependabot identity requirements
1531efc fix(ci): typo in sha
cb7dd25 fix(ci): updated shared ci worflows (fix monitor-bot identity)
62db01a fix(ci): updated shared ci worflows (fix monitor-bot permissions)
c7cf6fb fix(ci): updated shared ci worflows (fix monitor-bot filter) (#259)
c2e3626 doc: updated contributors file
Additional commits viewable in compare view

Updates github.com/goccy/go-yaml from 1.18.0 to 1.19.2

Release notes

Sourced from github.com/goccy/go-yaml's releases.

1.19.2

What's Changed

Fix anchor reference regression in nested structures by @linyows in goccy/go-yaml#839

New Contributors

@linyows made their first contribution in goccy/go-yaml#839

Full Changelog: goccy/go-yaml@v1.19.1...v1.19.2

1.19.1

What's Changed

Fix decoding of integer keys of map type by @goccy in goccy/go-yaml#829

Support line comment for flow sequence or flow map by @goccy in goccy/go-yaml#834

Full Changelog: goccy/go-yaml@v1.19.0...v1.19.1

1.19.0

What's Changed

Revert "feat: Dont make copies of structs for validation" by @shuheiktgw in goccy/go-yaml#763

Add decode option that allows specific field prefixes by @cpuguy83 in goccy/go-yaml#795

Normalize CR and CRLF in multi-line strings by @shuheiktgw in goccy/go-yaml#754

Support non string map keys by @shuheiktgw in goccy/go-yaml#756

Skip directive in path operations by @shuheiktgw in goccy/go-yaml#758

Add indentation to flow values on new lines by @shuheiktgw in goccy/go-yaml#759

Add support for RawMessage, similar to json.RawMessage by @thanethomson in goccy/go-yaml#790

New Contributors

@cpuguy83 made their first contribution in goccy/go-yaml#795

@thanethomson made their first contribution in goccy/go-yaml#790

Full Changelog: goccy/go-yaml@v1.18.0...v1.19.0

Commits

92bc79c Fix anchor reference regression in nested structures (#839)
b0ab069 Support line comment for flow sequence or flow map (#834)
9e98b0c Fix decoding of integer keys of map type (#829)
a7b4bfb Add support for RawMessage, similar to json.RawMessage (#790)
07c09c0 Add indentation to flow values on new lines (#759)
0040ab4 Skip directive in path operations (#758)
7901e98 Support non string map keys (#756)
f4d1347 Normalize CR and CRLF in multi-line strings (#754)
90e8525 Add decode option that allows specific field prefixes (#795)
25e5d90 Revert "feat: Dont make copies of structs for validation (#737)" (#763)
See full diff in compare view

Updates github.com/google/go-containerregistry from 0.20.7 to 0.21.6

Release notes

Sourced from github.com/google/go-containerregistry's releases.

v0.21.6

What's Changed

fix: update dependencies to use new azure sdk components by @gaganhr94 in google/go-containerregistry#2262

transport: restore resp.Body in retryError so CheckError can parse it by @alliasgher in google/go-containerregistry#2264

pkg/registry: return 202 Accepted for PATCH chunk uploads by @alliasgher in google/go-containerregistry#2265

Follow OCI distribution spec for artifactType and annotations by @malt3 in google/go-containerregistry#2269

actions: attach Codecov token to coverage tests on main by @Subserial in google/go-containerregistry#2270

remote: use DeleteScope (with "delete" action) for manifest deletion by @alliasgher in google/go-containerregistry#2266

remote: limit concurrent layer pulls by @gnix0 in google/go-containerregistry#2271

pkg/registry: reject corrupt disk blobs by @gnix0 in google/go-containerregistry#2272

mutate: close layer readers during export by @gnix0 in google/go-containerregistry#2277

crane/flatten: preserve image media type when flattening by @alliasgher in google/go-containerregistry#2267

build(deps): bump goreleaser/goreleaser-action from 7.0.0 to 7.2.1 in the actions group across 1 directory by @dependabot[bot] in google/go-containerregistry#2273

build(deps): bump go.opentelemetry.io/otel from 1.36.0 to 1.41.0 by @dependabot[bot] in google/go-containerregistry#2278

build(deps): bump the go-deps group across 3 directories with 6 updates by @dependabot[bot] in google/go-containerregistry#2280

Replace go-homedir with os.UserHomeDir by @jammie-jelly in google/go-containerregistry#2282

pkg/name: only treat .localhost as non-HTTPS, not .local by @blackwell-systems in google/go-containerregistry#2281

transport: block unspecified IPs (0.0.0.0, ::) in validateRealmURL by @marwan9696 in google/go-containerregistry#2285

test(mutate): add Extract round-trip test for filesystem object preservation by @blackwell-systems in google/go-containerregistry#2283

experiments: remove deprecated support for estargz by @thaJeztah in google/go-containerregistry#2288

build(deps): bump aws-actions/configure-aws-credentials from 6.1.0 to 6.1.1 in the actions group by @dependabot[bot] in google/go-containerregistry#2289

fix: limit HTTP response body reads to prevent OOM by @evilgensec in google/go-containerregistry#2296

build(deps): bump the go-deps group across 3 directories with 6 updates by @dependabot[bot] in google/go-containerregistry#2297

transport: block redirects from token server to private/link-local addresses (SSRF fix) by @evilgensec in google/go-containerregistry#2292

pkg/v1/mutate: preserve relative symlinks that stay within rootfs in Extract by @anishesg in google/go-containerregistry#2279

validate: skip non-layer layers by @imjasonh in google/go-contain...
Description has been truncated

Bumps the go-minor group with 18 updates in the / directory: | Package | From | To | | --- | --- | --- | | code.gitea.io/sdk/gitea | `0.22.1` | `0.25.1` | | [github.com/Azure/azure-sdk-for-go/sdk/azcore](https://github.com/Azure/azure-sdk-for-go) | `1.20.0` | `1.22.0` | | [github.com/Masterminds/semver/v3](https://github.com/Masterminds/semver) | `3.4.0` | `3.5.0` | | [github.com/aws/aws-sdk-go-v2/service/ecr](https://github.com/aws/aws-sdk-go-v2) | `1.55.4` | `1.58.3` | | [github.com/aws/aws-sdk-go-v2/service/sts](https://github.com/aws/aws-sdk-go-v2) | `1.42.1` | `1.43.2` | | [github.com/bmatcuk/doublestar/v4](https://github.com/bmatcuk/doublestar) | `4.9.2` | `4.10.0` | | [github.com/coreos/go-oidc/v3](https://github.com/coreos/go-oidc) | `3.17.0` | `3.18.0` | | [github.com/gin-gonic/gin](https://github.com/gin-gonic/gin) | `1.11.0` | `1.12.0` | | [github.com/go-openapi/runtime](https://github.com/go-openapi/runtime) | `0.31.0` | `0.32.3` | | [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry) | `0.20.7` | `0.21.6` | | [github.com/jferrl/go-githubauth](https://github.com/jferrl/go-githubauth) | `1.5.1` | `1.6.0` | | [github.com/pelletier/go-toml/v2](https://github.com/pelletier/go-toml) | `2.2.4` | `2.3.1` | | [gitlab.com/gitlab-org/api/client-go](https://gitlab.com/gitlab-org/api/client-go) | `1.13.0` | `1.46.0` | | [go.uber.org/zap](https://github.com/uber-go/zap) | `1.27.1` | `1.28.0` | | [golang.org/x/crypto](https://github.com/golang/crypto) | `0.51.0` | `0.52.0` | | [google.golang.org/api](https://github.com/googleapis/google-api-go-client) | `0.259.0` | `0.283.0` | | [helm.sh/helm/v3](https://github.com/helm/helm) | `3.19.5` | `3.21.0` | | [sigs.k8s.io/controller-runtime](https://github.com/kubernetes-sigs/controller-runtime) | `0.22.4` | `0.23.3` | Updates `code.gitea.io/sdk/gitea` from 0.22.1 to 0.25.1 Updates `github.com/Azure/azure-sdk-for-go/sdk/azcore` from 1.20.0 to 1.22.0 - [Release notes](https://github.com/Azure/azure-sdk-for-go/releases) - [Commits](Azure/azure-sdk-for-go@sdk/azcore/v1.20.0...sdk/azcore/v1.22.0) Updates `github.com/Masterminds/semver/v3` from 3.4.0 to 3.5.0 - [Release notes](https://github.com/Masterminds/semver/releases) - [Changelog](https://github.com/Masterminds/semver/blob/master/CHANGELOG.md) - [Commits](Masterminds/semver@v3.4.0...v3.5.0) Updates `github.com/aws/aws-sdk-go-v2/service/ecr` from 1.55.4 to 1.58.3 - [Release notes](https://github.com/aws/aws-sdk-go-v2/releases) - [Commits](aws/aws-sdk-go-v2@service/ecr/v1.55.4...service/s3/v1.58.3) Updates `github.com/aws/aws-sdk-go-v2/service/sts` from 1.42.1 to 1.43.2 - [Release notes](https://github.com/aws/aws-sdk-go-v2/releases) - [Commits](aws/aws-sdk-go-v2@service/s3/v1.42.1...service/amp/v1.43.2) Updates `github.com/bmatcuk/doublestar/v4` from 4.9.2 to 4.10.0 - [Release notes](https://github.com/bmatcuk/doublestar/releases) - [Commits](bmatcuk/doublestar@v4.9.2...v4.10.0) Updates `github.com/coreos/go-oidc/v3` from 3.17.0 to 3.18.0 - [Release notes](https://github.com/coreos/go-oidc/releases) - [Commits](coreos/go-oidc@v3.17.0...v3.18.0) Updates `github.com/gin-gonic/gin` from 1.11.0 to 1.12.0 - [Release notes](https://github.com/gin-gonic/gin/releases) - [Changelog](https://github.com/gin-gonic/gin/blob/master/CHANGELOG.md) - [Commits](gin-gonic/gin@v1.11.0...v1.12.0) Updates `github.com/go-openapi/runtime` from 0.31.0 to 0.32.3 - [Release notes](https://github.com/go-openapi/runtime/releases) - [Commits](go-openapi/runtime@v0.31.0...v0.32.3) Updates `github.com/go-openapi/strfmt` from 0.26.2 to 0.26.3 - [Release notes](https://github.com/go-openapi/strfmt/releases) - [Commits](go-openapi/strfmt@v0.26.2...v0.26.3) Updates `github.com/goccy/go-yaml` from 1.18.0 to 1.19.2 - [Release notes](https://github.com/goccy/go-yaml/releases) - [Changelog](https://github.com/goccy/go-yaml/blob/master/CHANGELOG.md) - [Commits](goccy/go-yaml@v1.18.0...v1.19.2) Updates `github.com/google/go-containerregistry` from 0.20.7 to 0.21.6 - [Release notes](https://github.com/google/go-containerregistry/releases) - [Commits](google/go-containerregistry@v0.20.7...v0.21.6) Updates `github.com/jferrl/go-githubauth` from 1.5.1 to 1.6.0 - [Release notes](https://github.com/jferrl/go-githubauth/releases) - [Changelog](https://github.com/jferrl/go-githubauth/blob/main/CHANGELOG.md) - [Commits](jferrl/go-githubauth@v1.5.1...v1.6.0) Updates `github.com/klauspost/compress` from 1.18.5 to 1.18.6 - [Release notes](https://github.com/klauspost/compress/releases) - [Commits](klauspost/compress@v1.18.5...v1.18.6) Updates `github.com/pelletier/go-toml/v2` from 2.2.4 to 2.3.1 - [Release notes](https://github.com/pelletier/go-toml/releases) - [Commits](pelletier/go-toml@v2.2.4...v2.3.1) Updates `gitlab.com/gitlab-org/api/client-go` from 1.13.0 to 1.46.0 - [Release notes](https://gitlab.com/gitlab-org/api/client-go/tags) - [Changelog](https://gitlab.com/gitlab-org/api/client-go/blob/main/CHANGELOG.md) - [Commits](https://gitlab.com/gitlab-org/api/client-go/compare/v1.13.0...v1.46.0) Updates `go.uber.org/zap` from 1.27.1 to 1.28.0 - [Release notes](https://github.com/uber-go/zap/releases) - [Changelog](https://github.com/uber-go/zap/blob/master/CHANGELOG.md) - [Commits](uber-go/zap@v1.27.1...v1.28.0) Updates `golang.org/x/crypto` from 0.51.0 to 0.52.0 - [Commits](golang/crypto@v0.51.0...v0.52.0) Updates `golang.org/x/oauth2` from 0.34.0 to 0.36.0 - [Commits](golang/oauth2@v0.34.0...v0.36.0) Updates `google.golang.org/api` from 0.259.0 to 0.283.0 - [Release notes](https://github.com/googleapis/google-api-go-client/releases) - [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md) - [Commits](googleapis/google-api-go-client@v0.259.0...v0.283.0) Updates `google.golang.org/grpc` from 1.79.3 to 1.81.1 - [Release notes](https://github.com/grpc/grpc-go/releases) - [Commits](grpc/grpc-go@v1.79.3...v1.81.1) Updates `helm.sh/helm/v3` from 3.19.5 to 3.21.0 - [Release notes](https://github.com/helm/helm/releases) - [Commits](helm/helm@v3.19.5...v3.21.0) Updates `k8s.io/api` from 0.34.3 to 0.35.1 - [Commits](kubernetes/api@v0.34.3...v0.35.1) Updates `k8s.io/apiextensions-apiserver` from 0.34.3 to 0.35.1 - [Release notes](https://github.com/kubernetes/apiextensions-apiserver/releases) - [Commits](kubernetes/apiextensions-apiserver@v0.34.3...v0.35.1) Updates `k8s.io/apimachinery` from 0.34.3 to 0.35.1 - [Commits](kubernetes/apimachinery@v0.34.3...v0.35.1) Updates `k8s.io/apiserver` from 0.34.3 to 0.35.1 - [Commits](kubernetes/apiserver@v0.34.3...v0.35.1) Updates `k8s.io/cli-runtime` from 0.34.3 to 0.35.1 - [Commits](kubernetes/cli-runtime@v0.34.3...v0.35.1) Updates `k8s.io/client-go` from 0.34.3 to 0.35.1 - [Changelog](https://github.com/kubernetes/client-go/blob/master/CHANGELOG.md) - [Commits](kubernetes/client-go@v0.34.3...v0.35.1) Updates `k8s.io/utils` from 0.0.0-20250604170112-4c0f3b243397 to 0.0.0-20251002143259-bc988d571ff4 - [Commits](https://github.com/kubernetes/utils/commits) Updates `sigs.k8s.io/controller-runtime` from 0.22.4 to 0.23.3 - [Release notes](https://github.com/kubernetes-sigs/controller-runtime/releases) - [Changelog](https://github.com/kubernetes-sigs/controller-runtime/blob/main/RELEASE.md) - [Commits](kubernetes-sigs/controller-runtime@v0.22.4...v0.23.3) --- updated-dependencies: - dependency-name: code.gitea.io/sdk/gitea dependency-version: 0.25.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-minor - dependency-name: github.com/Azure/azure-sdk-for-go/sdk/azcore dependency-version: 1.22.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-minor - dependency-name: github.com/Masterminds/semver/v3 dependency-version: 3.5.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-minor - dependency-name: github.com/aws/aws-sdk-go-v2/service/ecr dependency-version: 1.58.3 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-minor - dependency-name: github.com/aws/aws-sdk-go-v2/service/sts dependency-version: 1.43.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-minor - dependency-name: github.com/bmatcuk/doublestar/v4 dependency-version: 4.10.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-minor - dependency-name: github.com/coreos/go-oidc/v3 dependency-version: 3.18.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-minor - dependency-name: github.com/gin-gonic/gin dependency-version: 1.12.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-minor - dependency-name: github.com/go-openapi/runtime dependency-version: 0.32.3 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-minor - dependency-name: github.com/go-openapi/strfmt dependency-version: 0.26.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go-minor - dependency-name: github.com/goccy/go-yaml dependency-version: 1.19.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-minor - dependency-name: github.com/google/go-containerregistry dependency-version: 0.21.6 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-minor - dependency-name: github.com/jferrl/go-githubauth dependency-version: 1.6.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-minor - dependency-name: github.com/klauspost/compress dependency-version: 1.18.6 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go-minor - dependency-name: github.com/pelletier/go-toml/v2 dependency-version: 2.3.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-minor - dependency-name: gitlab.com/gitlab-org/api/client-go dependency-version: 1.46.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-minor - dependency-name: go.uber.org/zap dependency-version: 1.28.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-minor - dependency-name: golang.org/x/crypto dependency-version: 0.52.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-minor - dependency-name: golang.org/x/oauth2 dependency-version: 0.36.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-minor - dependency-name: google.golang.org/api dependency-version: 0.283.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-minor - dependency-name: google.golang.org/grpc dependency-version: 1.81.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-minor - dependency-name: helm.sh/helm/v3 dependency-version: 3.21.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-minor - dependency-name: k8s.io/api dependency-version: 0.35.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-minor - dependency-name: k8s.io/apiextensions-apiserver dependency-version: 0.35.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-minor - dependency-name: k8s.io/apimachinery dependency-version: 0.35.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-minor - dependency-name: k8s.io/apiserver dependency-version: 0.35.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-minor - dependency-name: k8s.io/cli-runtime dependency-version: 0.35.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-minor - dependency-name: k8s.io/client-go dependency-version: 0.35.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-minor - dependency-name: k8s.io/utils dependency-version: 0.0.0-20251002143259-bc988d571ff4 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go-minor - dependency-name: sigs.k8s.io/controller-runtime dependency-version: 0.23.3 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-minor ... Signed-off-by: dependabot[bot] <support@github.com>

netlify · 2026-06-07T05:27:32Z

✅ Deploy Preview for docs-kargo-io ready!

Name	Link
🔨 Latest commit	`9773fc8`
🔍 Latest deploy log	https://app.netlify.com/projects/docs-kargo-io/deploys/6a250142a4e03100093388eb
😎 Deploy Preview	https://deploy-preview-6425.docs.kargo.io
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify project configuration.

dependabot Bot added dependencies Pull requests that update a dependency file; mainly used by Dependabot go Pull requests that update Go code labels Jun 7, 2026

dependabot Bot requested a review from a team as a code owner June 7, 2026 05:27

dependabot Bot added dependencies Pull requests that update a dependency file; mainly used by Dependabot go Pull requests that update Go code labels Jun 7, 2026

kargo-governance-bot Bot added needs/area Issue or PR needs to be labeled to indicate what parts of the code base are affected needs/kind Issue or PR needs to be labeled to clarify its nature labels Jun 7, 2026

kargo-governance-bot Bot added the needs/priority Priority has not yet been determined; a good signal that maintainers aren't fully committed label Jun 7, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): bump the go-minor group across 1 directory with 30 updates#6425

chore(deps): bump the go-minor group across 1 directory with 30 updates#6425
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/go_modules/go-minor-a497899a76

dependabot Bot commented on behalf of github Jun 7, 2026

Uh oh!

netlify Bot commented Jun 7, 2026 •

edited

Loading

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot Bot commented on behalf of github Jun 7, 2026

sdk/azcore/v1.22.0

1.22.0 (2026-06-04)

Features Added

Other Changes

v3.5.0

What's Changed

New Contributors

Changelog

Added WithNoHidden option

What's Changed

New Contributors

v3.18.0

What's Changed

v1.12.0

Changelog

Features

Bug fixes

Enhancements

Refactor

Build process updates

Gin v1.12.0

Features

Enhancements

Bug Fixes

Build process updates / CI

v0.32.3

0.32.3 - 2026-06-02

Implemented enhancements

Documentation

Miscellaneous tasks

Updates

People who contributed to this release

Per-module changes

v0.26.3

0.26.3 - 2026-05-31

Documentation

Miscellaneous tasks

Updates

People who contributed to this release

1.19.2

What's Changed

New Contributors

1.19.1

What's Changed

1.19.0

What's Changed

New Contributors

v0.21.6

What's Changed

Uh oh!

netlify Bot commented Jun 7, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

✅ Deploy Preview for docs-kargo-io ready!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

netlify Bot commented Jun 7, 2026 •

edited

Loading