chore(deps): bump the go_modules group across 10 directories with 5 updates #4

dependabot · 2025-04-14T18:09:49Z

Bumps the go_modules group with 1 update in the /modules/api directory: golang.org/x/net.
Bumps the go_modules group with 2 updates in the /modules/auth directory: golang.org/x/net and github.com/golang-jwt/jwt/v4.
Bumps the go_modules group with 1 update in the /modules/common/certificates directory: golang.org/x/net.
Bumps the go_modules group with 1 update in the /modules/common/client directory: golang.org/x/net.
Bumps the go_modules group with 1 update in the /modules/common/errors directory: golang.org/x/net.
Bumps the go_modules group with 1 update in the /modules/common/helpers directory: golang.org/x/net.
Bumps the go_modules group with 3 updates in the /modules/common/tools directory: golang.org/x/net, github.com/go-git/go-git/v5 and github.com/gohugoio/hugo.
Bumps the go_modules group with 1 update in the /modules/common/types directory: golang.org/x/net.
Bumps the go_modules group with 1 update in the /modules/metrics-scraper directory: golang.org/x/net.
Bumps the go_modules group with 1 update in the /modules/web directory: golang.org/x/net.

Updates golang.org/x/net from 0.26.0 to 0.36.0

Commits

85d1d54 go.mod: update golang.org/x dependencies
cde1dda proxy, http/httpproxy: do not mismatch IPv6 zone ids against hosts
fe7f039 publicsuffix: spruce up code gen and speed up PublicSuffix
459513d internal/http3: move more common stream processing to genericConn
aad0180 http2: fix flakiness from t.Log when GOOS=js
b73e574 http2: don't log expected errors from writing invalid trailers
5f45c77 internal/http3: make read-data tests usable for server handlers
43c2540 http2, internal/httpcommon: reject userinfo in :authority
1d78a08 http2, internal/httpcommon: factor out server header logic for h2/h3
0d7dc54 quic: add Conn.ConnectionState
Additional commits viewable in compare view

Updates golang.org/x/crypto from 0.24.0 to 0.35.0

Commits

7292932 ssh: limit the size of the internal packet queue while waiting for KEX
f66f74b acme/autocert: check host policy before probing the cache
b0784b7 x509roots/fallback: drop obsolete build constraint
911360c all: bump golang.org/x/crypto dependencies of asm generators
89ff08d all: upgrade go directive to at least 1.23.0 [generated]
e47973b all: update certs for go1.24
9290511 go.mod: update golang.org/x dependencies
fa5273e x509roots/fallback: update bundle
a8ea4be ssh: add ServerConfig.PreAuthConnCallback, ServerPreAuthConn (banner) interface
71d3a4c acme: support challenges that require the ACME client to send a non-empty JSO...
Additional commits viewable in compare view

Updates golang.org/x/net from 0.23.0 to 0.36.0

Commits

85d1d54 go.mod: update golang.org/x dependencies
cde1dda proxy, http/httpproxy: do not mismatch IPv6 zone ids against hosts
fe7f039 publicsuffix: spruce up code gen and speed up PublicSuffix
459513d internal/http3: move more common stream processing to genericConn
aad0180 http2: fix flakiness from t.Log when GOOS=js
b73e574 http2: don't log expected errors from writing invalid trailers
5f45c77 internal/http3: make read-data tests usable for server handlers
43c2540 http2, internal/httpcommon: reject userinfo in :authority
1d78a08 http2, internal/httpcommon: factor out server header logic for h2/h3
0d7dc54 quic: add Conn.ConnectionState
Additional commits viewable in compare view

Updates golang.org/x/crypto from 0.21.0 to 0.35.0

Commits

7292932 ssh: limit the size of the internal packet queue while waiting for KEX
f66f74b acme/autocert: check host policy before probing the cache
b0784b7 x509roots/fallback: drop obsolete build constraint
911360c all: bump golang.org/x/crypto dependencies of asm generators
89ff08d all: upgrade go directive to at least 1.23.0 [generated]
e47973b all: update certs for go1.24
9290511 go.mod: update golang.org/x dependencies
fa5273e x509roots/fallback: update bundle
a8ea4be ssh: add ServerConfig.PreAuthConnCallback, ServerPreAuthConn (banner) interface
71d3a4c acme: support challenges that require the ACME client to send a non-empty JSO...
Additional commits viewable in compare view

Updates github.com/golang-jwt/jwt/v4 from 4.5.0 to 4.5.2

Release notes

Sourced from github.com/golang-jwt/jwt/v4's releases.

v4.5.2

See GHSA-mh63-6h87-95cp

Full Changelog: golang-jwt/jwt@v4.5.1...v4.5.2

v4.5.1

Security

Unclear documentation of the error behavior in ParseWithClaims in <= 4.5.0 could lead to situation where users are potentially not checking errors in the way they should be. Especially, if a token is both expired and invalid, the errors returned by ParseWithClaims return both error codes. If users only check for the jwt.ErrTokenExpired using error.Is, they will ignore the embedded jwt.ErrTokenSignatureInvalid and thus potentially accept invalid tokens.

This issue was documented in GHSA-29wx-vh33-7x7r and fixed in this release.

Note: v5 was not affected by this issue. So upgrading to this release version is also recommended.

What's Changed

Back-ported error-handling logic in ParseWithClaims from v5 branch. This fixes GHSA-29wx-vh33-7x7r.

Full Changelog: golang-jwt/jwt@v4.5.0...v4.5.1

Commits

2f0e9ad Backporting 0951d18 to v4
7b1c1c0 Merge commit from fork
See full diff in compare view

Updates golang.org/x/net from 0.23.0 to 0.36.0

Commits

85d1d54 go.mod: update golang.org/x dependencies
cde1dda proxy, http/httpproxy: do not mismatch IPv6 zone ids against hosts
fe7f039 publicsuffix: spruce up code gen and speed up PublicSuffix
459513d internal/http3: move more common stream processing to genericConn
aad0180 http2: fix flakiness from t.Log when GOOS=js
b73e574 http2: don't log expected errors from writing invalid trailers
5f45c77 internal/http3: make read-data tests usable for server handlers
43c2540 http2, internal/httpcommon: reject userinfo in :authority
1d78a08 http2, internal/httpcommon: factor out server header logic for h2/h3
0d7dc54 quic: add Conn.ConnectionState
Additional commits viewable in compare view

Updates golang.org/x/net from 0.23.0 to 0.36.0

Commits

85d1d54 go.mod: update golang.org/x dependencies
cde1dda proxy, http/httpproxy: do not mismatch IPv6 zone ids against hosts
fe7f039 publicsuffix: spruce up code gen and speed up PublicSuffix
459513d internal/http3: move more common stream processing to genericConn
aad0180 http2: fix flakiness from t.Log when GOOS=js
b73e574 http2: don't log expected errors from writing invalid trailers
5f45c77 internal/http3: make read-data tests usable for server handlers
43c2540 http2, internal/httpcommon: reject userinfo in :authority
1d78a08 http2, internal/httpcommon: factor out server header logic for h2/h3
0d7dc54 quic: add Conn.ConnectionState
Additional commits viewable in compare view

Updates golang.org/x/net from 0.23.0 to 0.36.0

Commits

85d1d54 go.mod: update golang.org/x dependencies
cde1dda proxy, http/httpproxy: do not mismatch IPv6 zone ids against hosts
fe7f039 publicsuffix: spruce up code gen and speed up PublicSuffix
459513d internal/http3: move more common stream processing to genericConn
aad0180 http2: fix flakiness from t.Log when GOOS=js
b73e574 http2: don't log expected errors from writing invalid trailers
5f45c77 internal/http3: make read-data tests usable for server handlers
43c2540 http2, internal/httpcommon: reject userinfo in :authority
1d78a08 http2, internal/httpcommon: factor out server header logic for h2/h3
0d7dc54 quic: add Conn.ConnectionState
Additional commits viewable in compare view

Updates golang.org/x/net from 0.23.0 to 0.36.0

Commits

85d1d54 go.mod: update golang.org/x dependencies
cde1dda proxy, http/httpproxy: do not mismatch IPv6 zone ids against hosts
fe7f039 publicsuffix: spruce up code gen and speed up PublicSuffix
459513d internal/http3: move more common stream processing to genericConn
aad0180 http2: fix flakiness from t.Log when GOOS=js
b73e574 http2: don't log expected errors from writing invalid trailers
5f45c77 internal/http3: make read-data tests usable for server handlers
43c2540 http2, internal/httpcommon: reject userinfo in :authority
1d78a08 http2, internal/httpcommon: factor out server header logic for h2/h3
0d7dc54 quic: add Conn.ConnectionState
Additional commits viewable in compare view

Updates golang.org/x/net from 0.26.0 to 0.36.0

Commits

85d1d54 go.mod: update golang.org/x dependencies
cde1dda proxy, http/httpproxy: do not mismatch IPv6 zone ids against hosts
fe7f039 publicsuffix: spruce up code gen and speed up PublicSuffix
459513d internal/http3: move more common stream processing to genericConn
aad0180 http2: fix flakiness from t.Log when GOOS=js
b73e574 http2: don't log expected errors from writing invalid trailers
5f45c77 internal/http3: make read-data tests usable for server handlers
43c2540 http2, internal/httpcommon: reject userinfo in :authority
1d78a08 http2, internal/httpcommon: factor out server header logic for h2/h3
0d7dc54 quic: add Conn.ConnectionState
Additional commits viewable in compare view

Updates golang.org/x/crypto from 0.24.0 to 0.35.0

Commits

7292932 ssh: limit the size of the internal packet queue while waiting for KEX
f66f74b acme/autocert: check host policy before probing the cache
b0784b7 x509roots/fallback: drop obsolete build constraint
911360c all: bump golang.org/x/crypto dependencies of asm generators
89ff08d all: upgrade go directive to at least 1.23.0 [generated]
e47973b all: update certs for go1.24
9290511 go.mod: update golang.org/x dependencies
fa5273e x509roots/fallback: update bundle
a8ea4be ssh: add ServerConfig.PreAuthConnCallback, ServerPreAuthConn (banner) interface
71d3a4c acme: support challenges that require the ACME client to send a non-empty JSO...
Additional commits viewable in compare view

Updates github.com/go-git/go-git/v5 from 5.11.0 to 5.13.0

Release notes

Sourced from github.com/go-git/go-git/v5's releases.

v5.13.0

What's Changed

build: bump github.com/go-git/go-git/v5 from 5.11.0 to 5.12.0 in /cli/go-git by @dependabot in go-git/go-git#1065

build: bump golang.org/x/net from 0.22.0 to 0.23.0 by @dependabot in go-git/go-git#1068

build: bump golang.org/x/net from 0.23.0 to 0.24.0 by @dependabot in go-git/go-git#1071

Properly support skipping of non-mandatory extensions by @codablock in go-git/go-git#1066

git: Refine some codes in test and non-test. by @onee-only in go-git/go-git#1077

plumbing: protocol/packp, client-side filter capability support by @edigaryev in go-git/go-git#1000

build: bump golang.org/x/net from 0.22.0 to 0.23.0 in /cli/go-git by @dependabot in go-git/go-git#1078

plumbing: fix sideband demux on flush by @aymanbagabas in go-git/go-git#1084

storage: dotgit, head reference usually comes first by @aymanbagabas in go-git/go-git#1085

build: bump golang.org/x/text from 0.14.0 to 0.15.0 by @dependabot in go-git/go-git#1091

build: bump golang.org/x/crypto from 0.22.0 to 0.23.0 by @dependabot in go-git/go-git#1094

build: bump golang.org/x/net from 0.24.0 to 0.25.0 by @dependabot in go-git/go-git#1093

git: Added an example for Repository.Branches by @johnmatthiggins in go-git/go-git#1088

git: worktree_commit, Modify checking empty commit. Fixes #723 by @onee-only in go-git/go-git#1050

plumbing: transport/http, Wrap http errors to return reason. Fixes #1097 by @ggambetti in go-git/go-git#1100

build: bump golang.org/x/sys from 0.20.0 to 0.21.0 by @dependabot in go-git/go-git#1106

build: bump golang.org/x/text from 0.15.0 to 0.16.0 by @dependabot in go-git/go-git#1107

Bumps Go versions and go-billy by @pjbgf in go-git/go-git#1056

_examples: Fixed a dead link COMPATIBILITY.md by @gecko655 in go-git/go-git#1109

build: bump github.com/jessevdk/go-flags from 1.5.0 to 1.6.1 in /cli/go-git by @dependabot in go-git/go-git#1115

build: bump github.com/elazarl/goproxy from v0.0.0-20230808193330-2592e75ae04a to v0.0.0-20240618083138-03be62527ccb by @hbelmiro in go-git/go-git#1124

build: bump golang.org/x/net from 0.25.0 to 0.26.0 by @dependabot in go-git/go-git#1104

Add option approximating git clean -x flag. by @msuozzo in go-git/go-git#995

Revert "Add option approximating git clean -x flag." by @pjbgf in go-git/go-git#1129

Fix reference updated concurrently error for the filesystem storer by @Javier-varez in go-git/go-git#1116

build: bump golang.org/x/net from 0.26.0 to 0.27.0 by @dependabot in go-git/go-git#1134

utils: merkletrie, Align error message with upstream by @pjbgf in go-git/go-git#1142

plumbing: transport/file, Change paths to absolute by @pjbgf in go-git/go-git#1141

plumbing: gitignore, Fix loading of ignored .gitignore files. by @Achilleshiel in go-git/go-git#1114

build: bump github.com/skeema/knownhosts from 1.2.2 to 1.3.0 by @dependabot in go-git/go-git#1147

plumbing: transport/ssh, Add support for SSH @cert-authority. by @Javier-varez in go-git/go-git#1157

build: run example tests during CI workflow by @crazybolillo in go-git/go-git#1030

storage: filesystem, Fix object cache not working due to uninitialised objects being put into cache by @SatelliteMind in go-git/go-git#1138

git: Fix fetching missing commits by @AriehSchneier in go-git/go-git#1032

plumbing: format/packfile, remove duplicate checks in findMatch() by @edigaryev in go-git/go-git#1152

git: worktree, Fix file reported as Untracked while it is committed by @rodrigocam in go-git/go-git#1023

build: bump golang.org/x/sys from 0.22.0 to 0.23.0 by @dependabot in go-git/go-git#1160

plumbing: filemode, Remove check for setting size of .git/index file by @nicholasSUSE in go-git/go-git#1159

build: bump golang.org/x/net from 0.27.0 to 0.28.0 by @dependabot in go-git/go-git#1163

Fix some lint warning and increase stalebot to 180 days by @pjbgf in go-git/go-git#1128

adjust path extracted from file: url on Windows by @tomqwpl in go-git/go-git#416

build: bump golang.org/x/sys from 0.23.0 to 0.24.0 by @dependabot in go-git/go-git#1164

Add RestoreStaged to Worktree that mimics the behaviour of git restore --staged ... by @ben-tbotlabs in go-git/go-git#493

plumbing: signature, support the same x509 signature formats as git by @yoavamit in go-git/go-git#1169

fix: allow discovery of non bare repos in fsLoader by @jakobmoellerdev in go-git/go-git#1170

build: bump golang.org/x/sys from 0.24.0 to 0.25.0 by @dependabot in go-git/go-git#1178

build: bump golang.org/x/text from 0.17.0 to 0.18.0 by @dependabot in go-git/go-git#1179

build: bump golang.org/x/net from 0.28.0 to 0.29.0 by @dependabot in go-git/go-git#1184

... (truncated)

Commits

94bd4af Merge pull request #1261 from BeChris/issue680
8b7f5ba Merge pull request #1262 from go-git/dependabot/go_modules/github.com/elazarl...
41d80a0 build: bump github.com/elazarl/goproxy
4998140 git: worktree_commit, sanitize author and commiter name and email before crea...
9049625 Merge pull request #1260 from go-git/dependabot/github_actions/github/codeql-...
dae48b4 build: bump github/codeql-action from 3.27.9 to 3.28.0
7d6fbc2 Merge pull request #1220 from BeChris/accept_uppercase_hexa_in_pktline_length
62a77b7 plumbing: Fix invalid reference name error while cloning branches containing ...
5e11196 plumbing: format/pktline, accept upercase hexadecimal value as pktline length...
65f5e1a Merge pull request #1256 from go-git/dependabot/go_modules/golang-org-232a611e2d
Additional commits viewable in compare view

Updates github.com/gohugoio/hugo from 0.125.3 to 0.139.4

Release notes

Sourced from github.com/gohugoio/hugo's releases.

v0.139.4

This release contains a security fix. See this Security Advisory for details. Note that this is only relevant if you don't trust your content (e.g. Markdown) files.

What's Changed

tpl/tplimpl: Escape Markdown attributes in render hooks and shortcodes 54398f8d5 @jmooring

deps: Upgrade github.com/bep/godartsass/v2 v2.3.1 => v2.3.2 b8c15f245 @bep

common/maps: Simplify TestScratchSetInMap/DeleteInMap d0dc51884 @alexandear

markup/tableofcontents: Cast Fragments.ToHTML args to int b52985900 @jmooring #13107

v0.139.3

What's Changed

Fix server edits of resources included in shortcode/hooks c1dc35dd7 @bep #13093

commands: Fix flaw in the livereload logic dea158c88 @bep

build(deps): bump github.com/bep/godartsass/v2 from 2.3.0 to 2.3.1 7e130e34f @dependabot[bot]

build(deps): bump github.com/tetratelabs/wazero from 1.8.1 to 1.8.2 88b7868fb @dependabot[bot]

Fix some typos fc3d1cbad @thirdkeyword

v0.139.2

Note that this is the second patch release today. See v0.139.1. We had to do this release to get the Hugo Docs build running.

What's Changed

modules: Skip empty lines in modules.txt 0ab81896d @bep #13084

v0.139.1

What's Changed

Revert "build(deps): bump github.com/tdewolff/minify/v2 from 2.20.37 to 2.21.1" aa3dd197f @bep #13082

minifiers: Add failing test for upstream bug 5a50eee9d @bep #13082

dartsass: Fix nilpointer on Close when Dart Sass isn't installed 8d017a60f @bep #13076

v0.139.0

This release is mostly about removing code that has been deprecated for a long time. This has been shown as an ERROR in the build log and failed the build for at least the last 6 minor Hugo versions, in most cases much longer.

But this is also a full dependency refresh, and there are also some new stuff. For one, we added a -O flag to hugo server to open up the site in your browser after start. This is now my (@bep) shortcut to start the server:
function h() {
</tr></table> 

... (truncated)

Commits

3afe91d releaser: Bump versions for release of 0.139.4
54398f8 tpl/tplimpl: Escape Markdown attributes in render hooks and shortcodes
b8c15f2 deps: Upgrade github.com/bep/godartsass/v2 v2.3.1 => v2.3.2
d0dc518 common/maps: Simplify TestScratchSetInMap/DeleteInMap
b529859 markup/tableofcontents: Cast Fragments.ToHTML args to int
487bb96 releaser: Prepare repository for 0.140.0-DEV
2f68643 releaser: Bump versions for release of 0.139.3
c1dc35d Fix server edits of resources included in shortcode/hooks
fc3d1cb Fix some typos
7e130e3 build(deps): bump github.com/bep/godartsass/v2 from 2.3.0 to 2.3.1
Additional commits viewable in compare view

Updates golang.org/x/net from 0.23.0 to 0.36.0

Commits

85d1d54 go.mod: update golang.org/x dependencies
cde1dda proxy, http/httpproxy: do not mismatch IPv6 zone ids against hosts
fe7f039 publicsuffix: spruce up code gen and speed up PublicSuffix
459513d internal/http3: move more common stream processing to genericConn
aad0180 http2: fix flakiness from t.Log when GOOS=js
b73e574 http2: don't log expected errors from writing invalid trailers
5f45c77 internal/http3: make read-data tests usable for server handlers
43c2540 http2, internal/httpcommon: reject userinfo in :authority
1d78a08 http2, internal/httpcommon: factor out server header logic for h2/h3
0d7dc54 quic: add Conn.ConnectionState
Additional commits viewable in compare view

Updates golang.org/x/net from 0.23.0 to 0.36.0

Commits

85d1d54 go.mod: update golang.org/x dependencies
cde1dda proxy, http/httpproxy: do not mismatch IPv6 zone ids against hosts
fe7f039 publicsuffix: spruce up code gen and speed up PublicSuffix
459513d internal/http3: move more common stream processing to genericConn
aad0180 http2: fix flakiness from t.Log when GOOS=js
b73e574 http2: don't log expected errors from writing invalid trailers
5f45c77 internal/http3: make read-data tests usable for server handlers
43c2540 http2, internal/httpcommon: reject userinfo in :authority
1d78a08 http2, internal/httpcommon: factor out server header logic for h2/h3
0d7dc54 quic: add Conn.ConnectionState
Additional commits viewable in compare view

Updates golang.org/x/net from 0.25.0 to 0.36.0

Commits

85d1d54 go.mod: update golang.org/x dependencies
cde1dda proxy, http/httpproxy: do not mismatch IPv6 zone ids against hosts
fe7f039 publicsuffix: spruce up code gen and speed up PublicSuffix
459513d internal/http3: move more common stream processing to genericConn
aad0180 http2: fix flakiness from t.Log when GOOS=js
b73e574 http2: don't log expected errors from writing invalid trailers
5f45c77 internal/http3: make read-data tests usable for server handlers
43c2540 http2, internal/httpcommon: reject userinfo in :authority
1d78a08 http2, internal/httpcommon: factor out server header logic for h2/h3
0d7dc54 quic: add Conn.ConnectionState
Additional commits viewable in compare view

Updates golang.org/x/crypto from 0.23.0 to 0.35.0

Commits

7292932 ssh: limit the size of the internal packet queue while waiting for KEX
f66f74b acme/autocert: check host policy before probing the cache
b0784b7 x509roots/fallback: drop obsolete build constraint
911360c all: bump golang.org/x/crypto dependencies of asm generators
89ff08d all: upgrade go directive to at least 1.23.0 [generated]
e47973b all: update certs for go1.24
9290511 go.mod: update golang.org/x dependencies
fa5273e x509roots/fallback: update bundle
a8ea4be ssh: add ServerConfig.PreAuthConnCallback, ServerPreAuthConn (banner) interface
71d3a4c acme: support challenges that require the ACME client to send a non-empty JSO...
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
You can disable automated security fix PRs for this repo from the Security Alerts page.

…pdates Bumps the go_modules group with 1 update in the /modules/api directory: [golang.org/x/net](https://github.com/golang/net). Bumps the go_modules group with 2 updates in the /modules/auth directory: [golang.org/x/net](https://github.com/golang/net) and [github.com/golang-jwt/jwt/v4](https://github.com/golang-jwt/jwt). Bumps the go_modules group with 1 update in the /modules/common/certificates directory: [golang.org/x/net](https://github.com/golang/net). Bumps the go_modules group with 1 update in the /modules/common/client directory: [golang.org/x/net](https://github.com/golang/net). Bumps the go_modules group with 1 update in the /modules/common/errors directory: [golang.org/x/net](https://github.com/golang/net). Bumps the go_modules group with 1 update in the /modules/common/helpers directory: [golang.org/x/net](https://github.com/golang/net). Bumps the go_modules group with 3 updates in the /modules/common/tools directory: [golang.org/x/net](https://github.com/golang/net), [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) and [github.com/gohugoio/hugo](https://github.com/gohugoio/hugo). Bumps the go_modules group with 1 update in the /modules/common/types directory: [golang.org/x/net](https://github.com/golang/net). Bumps the go_modules group with 1 update in the /modules/metrics-scraper directory: [golang.org/x/net](https://github.com/golang/net). Bumps the go_modules group with 1 update in the /modules/web directory: [golang.org/x/net](https://github.com/golang/net). Updates `golang.org/x/net` from 0.26.0 to 0.36.0 - [Commits](golang/net@v0.26.0...v0.36.0) Updates `golang.org/x/crypto` from 0.24.0 to 0.35.0 - [Commits](golang/crypto@v0.24.0...v0.35.0) Updates `golang.org/x/net` from 0.23.0 to 0.36.0 - [Commits](golang/net@v0.26.0...v0.36.0) Updates `golang.org/x/crypto` from 0.21.0 to 0.35.0 - [Commits](golang/crypto@v0.24.0...v0.35.0) Updates `github.com/golang-jwt/jwt/v4` from 4.5.0 to 4.5.2 - [Release notes](https://github.com/golang-jwt/jwt/releases) - [Changelog](https://github.com/golang-jwt/jwt/blob/main/VERSION_HISTORY.md) - [Commits](golang-jwt/jwt@v4.5.0...v4.5.2) Updates `golang.org/x/net` from 0.23.0 to 0.36.0 - [Commits](golang/net@v0.26.0...v0.36.0) Updates `golang.org/x/net` from 0.23.0 to 0.36.0 - [Commits](golang/net@v0.26.0...v0.36.0) Updates `golang.org/x/net` from 0.23.0 to 0.36.0 - [Commits](golang/net@v0.26.0...v0.36.0) Updates `golang.org/x/net` from 0.23.0 to 0.36.0 - [Commits](golang/net@v0.26.0...v0.36.0) Updates `golang.org/x/net` from 0.26.0 to 0.36.0 - [Commits](golang/net@v0.26.0...v0.36.0) Updates `golang.org/x/crypto` from 0.24.0 to 0.35.0 - [Commits](golang/crypto@v0.24.0...v0.35.0) Updates `github.com/go-git/go-git/v5` from 5.11.0 to 5.13.0 - [Release notes](https://github.com/go-git/go-git/releases) - [Commits](go-git/go-git@v5.11.0...v5.13.0) Updates `github.com/gohugoio/hugo` from 0.125.3 to 0.139.4 - [Release notes](https://github.com/gohugoio/hugo/releases) - [Changelog](https://github.com/gohugoio/hugo/blob/master/hugoreleaser.yaml) - [Commits](gohugoio/hugo@v0.125.3...v0.139.4) Updates `golang.org/x/net` from 0.23.0 to 0.36.0 - [Commits](golang/net@v0.26.0...v0.36.0) Updates `golang.org/x/net` from 0.23.0 to 0.36.0 - [Commits](golang/net@v0.26.0...v0.36.0) Updates `golang.org/x/net` from 0.25.0 to 0.36.0 - [Commits](golang/net@v0.26.0...v0.36.0) Updates `golang.org/x/crypto` from 0.23.0 to 0.35.0 - [Commits](golang/crypto@v0.24.0...v0.35.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-version: 0.36.0 dependency-type: direct:production dependency-group: go_modules - dependency-name: golang.org/x/crypto dependency-version: 0.35.0 dependency-type: indirect dependency-group: go_modules - dependency-name: golang.org/x/net dependency-version: 0.36.0 dependency-type: direct:production dependency-group: go_modules - dependency-name: golang.org/x/crypto dependency-version: 0.35.0 dependency-type: indirect dependency-group: go_modules - dependency-name: github.com/golang-jwt/jwt/v4 dependency-version: 4.5.2 dependency-type: direct:production dependency-group: go_modules - dependency-name: golang.org/x/net dependency-version: 0.36.0 dependency-type: indirect dependency-group: go_modules - dependency-name: golang.org/x/net dependency-version: 0.36.0 dependency-type: indirect dependency-group: go_modules - dependency-name: golang.org/x/net dependency-version: 0.36.0 dependency-type: indirect dependency-group: go_modules - dependency-name: golang.org/x/net dependency-version: 0.36.0 dependency-type: indirect dependency-group: go_modules - dependency-name: golang.org/x/net dependency-version: 0.36.0 dependency-type: indirect dependency-group: go_modules - dependency-name: golang.org/x/crypto dependency-version: 0.35.0 dependency-type: indirect dependency-group: go_modules - dependency-name: github.com/go-git/go-git/v5 dependency-version: 5.13.0 dependency-type: indirect dependency-group: go_modules - dependency-name: github.com/gohugoio/hugo dependency-version: 0.139.4 dependency-type: indirect dependency-group: go_modules - dependency-name: golang.org/x/net dependency-version: 0.36.0 dependency-type: indirect dependency-group: go_modules - dependency-name: golang.org/x/net dependency-version: 0.36.0 dependency-type: indirect dependency-group: go_modules - dependency-name: golang.org/x/net dependency-version: 0.36.0 dependency-type: indirect dependency-group: go_modules - dependency-name: golang.org/x/crypto dependency-version: 0.35.0 dependency-type: indirect dependency-group: go_modules ... Signed-off-by: dependabot[bot] <[email protected]>

dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Apr 14, 2025

dependabot bot mentioned this pull request Apr 14, 2025

chore(deps): bump the go_modules group across 1 directory with 2 updates #2

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): bump the go_modules group across 10 directories with 5 updates #4

chore(deps): bump the go_modules group across 10 directories with 5 updates #4

dependabot bot commented on behalf of github Apr 14, 2025

chore(deps): bump the go_modules group across 10 directories with 5 updates #4

Are you sure you want to change the base?

chore(deps): bump the go_modules group across 10 directories with 5 updates #4

Conversation

dependabot bot commented on behalf of github Apr 14, 2025

v4.5.2

v4.5.1

Security

What's Changed

v5.13.0

What's Changed

v0.139.4

What's Changed

v0.139.3

What's Changed

v0.139.2

What's Changed

v0.139.1

What's Changed

v0.139.0