Skip to content

Bump dependencies using scripts/bump-deps.sh#1861

Merged
sondavidb merged 1 commit into
mainfrom
create-pull-request/patch
Feb 13, 2026
Merged

Bump dependencies using scripts/bump-deps.sh#1861
sondavidb merged 1 commit into
mainfrom
create-pull-request/patch

Conversation

@github-actions
Copy link
Copy Markdown

@github-actions github-actions Bot commented Feb 10, 2026

This PR created by create-pull-request must be closed and reopened manually to trigger automated checks.

@github-actions
Bump dependencies using scripts/bump-deps.sh
be2427f 
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
@github-actions github-actions Bot requested a review from a team as a code owner February 10, 2026 10:18
@github-actions github-actions Bot added the dependencies Pull requests that update a dependency file label Feb 10, 2026
@sondavidb sondavidb closed this Feb 12, 2026
@sondavidb sondavidb reopened this Feb 12, 2026
@github-actions
Copy link
Copy Markdown
Author

github-actions Bot commented Feb 12, 2026

Dependency Review

The following issues were found:
  • ✅ 0 vulnerable package(s)
  • ✅ 0 package(s) with incompatible licenses
  • ✅ 0 package(s) with invalid SPDX license definitions
  • ⚠️ 9 package(s) with unknown licenses.
See the Details below.

License Issues

cmd/go.mod

PackageVersionLicenseIssue Type
golang.org/x/sys0.41.0NullUnknown License
golang.org/x/term0.40.0NullUnknown License
golang.org/x/text0.34.0NullUnknown License
github.com/klauspost/compress1.18.4NullUnknown License

go.mod

PackageVersionLicenseIssue Type
golang.org/x/crypto0.48.0NullUnknown License
golang.org/x/sys0.41.0NullUnknown License
golang.org/x/term0.40.0NullUnknown License
golang.org/x/text0.34.0NullUnknown License
github.com/klauspost/compress1.18.4NullUnknown License
Allowed Licenses: Apache-2.0, BSD-2-Clause, BSD-2-Clause-FreeBSD, BSD-3-Clause, LicenseRef-scancode-google-patent-license-golang, MIT, ISC, Python-2.0, PostgreSQL, X11, Zlib
Excluded from license check: pkg:golang/github.com/hashicorp/go-retryablehttp, pkg:golang/github.com/hashicorp/errwrap, pkg:golang/github.com/hashicorp/go-cleanhttp, pkg:golang/github.com/hashicorp/go-multierror

OpenSSF Scorecard

Scorecard details
PackageVersionScoreDetails
gomod/github.com/klauspost/compress 1.18.4 🟢 6.9
Details
CheckScoreReason
Code-Review🟢 3Found 7/21 approved changesets -- score normalized to 3
Maintained🟢 1012 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10
Security-Policy🟢 10security policy file detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Binary-Artifacts🟢 10no binaries found in the repo
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Pinned-Dependencies🟢 3dependency not pinned by hash detected -- score normalized to 3
License🟢 9license file detected
Fuzzing🟢 10project is fuzzed
Packaging🟢 10packaging workflow detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
Vulnerabilities🟢 100 existing vulnerabilities detected
SAST🟢 10SAST tool is run on all commits
gomod/golang.org/x/net 0.49.0 UnknownUnknown
gomod/golang.org/x/sys 0.41.0 UnknownUnknown
gomod/golang.org/x/term 0.40.0 UnknownUnknown
gomod/golang.org/x/text 0.34.0 UnknownUnknown
gomod/github.com/klauspost/compress 1.18.4 🟢 6.9
Details
CheckScoreReason
Code-Review🟢 3Found 7/21 approved changesets -- score normalized to 3
Maintained🟢 1012 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10
Security-Policy🟢 10security policy file detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Binary-Artifacts🟢 10no binaries found in the repo
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Pinned-Dependencies🟢 3dependency not pinned by hash detected -- score normalized to 3
License🟢 9license file detected
Fuzzing🟢 10project is fuzzed
Packaging🟢 10packaging workflow detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
Vulnerabilities🟢 100 existing vulnerabilities detected
SAST🟢 10SAST tool is run on all commits
gomod/golang.org/x/crypto 0.48.0 UnknownUnknown
gomod/golang.org/x/net 0.49.0 UnknownUnknown
gomod/golang.org/x/sys 0.41.0 UnknownUnknown
gomod/golang.org/x/term 0.40.0 UnknownUnknown
gomod/golang.org/x/text 0.34.0 UnknownUnknown

Scanned Files

  • cmd/go.mod
  • go.mod

@sondavidb sondavidb merged commit bf86675 into main Feb 13, 2026
71 of 75 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Swapnanil-Gupta Swapnanil-Gupta Swapnanil-Gupta approved these changes

@sondavidb sondavidb sondavidb approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Swapnanil-Gupta @sondavidb