Skip to content

[skip-release] Update bump-dependencies #14

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
renovate wants to merge 1 commit into
base: main
Choose a base branch
from
Open

[skip-release] Update bump-dependencies #14

renovate wants to merge 1 commit into from

Conversation

@renovate
Copy link
Contributor

@renovate renovate bot commented Nov 12, 2025
edited
Loading

This PR contains the following updates:

Package Type Update Change
actions/checkout (changelog) action digest 08eba0b34e1148
actions/setup-go (changelog) action digest d35c59a40f1582
golang final digest 331bde4b4dbd29
gosu minor 1.171.19

Release Notes

tianon/gosu (gosu)

v1.19

Compare Source

  • built on Go 1.24.6, github.com/moby/sys/user 0.1.0, golang.org/x/sys(/unix) 0.1.0;
    see SECURITY.md for CVE/security advice

  • update for https://pkg.go.dev/vuln/GO-2025-3956 (#​163)

    I don't think this is a critical issue with gosu (as it requires a misconfigured environment and we only invoke LookPath after we've dropped from root), but one worth updating for.

full changelog: tianon/gosu@1.18...1.19

4096R / B42F 6819 007F 00F8 8E36 4FD4 036A 9C25 BF35 7DD4

See INSTALL.md for (example) installation instructions.

v1.18

Compare Source

  • built on Go 1.24.0, github.com/moby/sys/user 0.1.0, golang.org/x/sys(/unix) 0.1.0;
    see SECURITY.md for CVE/security advice

  • add -trimpath for cleaner binaries (#​137)

  • remove explicit use of text/template, fmt, log, path/filepath, strings, and io for smaller binaries / package import tree (#​138, #​139, ccc5c46)

  • use https://github.com/tianon/fake-git to embed version numbers in release binaries (#​155)

full changelog: tianon/gosu@1.17...1.18

4096R / B42F 6819 007F 00F8 8E36 4FD4 036A 9C25 BF35 7DD4

See INSTALL.md for (example) installation instructions.

Configuration

📅 Schedule: Branch creation - Between 12:00 PM and 12:59 PM, only on Wednesday ( * 12 * * 3 ) (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot changed the title Update bump-dependencies [skip-release] Update bump-dependencies Nov 19, 2025
@renovate renovate bot force-pushed the renovate.bump-dependencies branch from a62ccfa to 2deb824 Compare November 19, 2025 18:25
@renovate renovate bot force-pushed the renovate.bump-dependencies branch from 2deb824 to df40cdf Compare December 2, 2025 20:36
@renovate renovate bot force-pushed the renovate.bump-dependencies branch from df40cdf to cf62c0f Compare December 16, 2025 05:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant