Skip to content

🌱 Bump the gomod group across 2 directories with 7 updates #4857

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
dependabot wants to merge 1 commit into from
Closed

🌱 Bump the gomod group across 2 directories with 7 updates #4857

dependabot wants to merge 1 commit into from

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Nov 24, 2025
edited
Loading

Bumps the gomod group with 6 updates in the / directory:

Package From To
github.com/go-git/go-git/v5 5.16.3 5.16.4
github.com/moby/buildkit 0.25.2 0.26.2
golang.org/x/text 0.30.0 0.31.0
github.com/google/osv-scanner/v2 2.2.4 2.3.0
gitlab.com/gitlab-org/api/client-go 0.159.0 0.160.1
cloud.google.com/go/storage 1.57.1 1.57.2

Bumps the gomod group with 1 update in the /tools directory: github.com/golangci/golangci-lint/v2.

Updates github.com/go-git/go-git/v5 from 5.16.3 to 5.16.4

Release notes

Sourced from github.com/go-git/go-git/v5's releases.

v5.16.4

What's Changed

Full Changelog: go-git/go-git@v5.16.3...v5.16.4

Commits
  • de8ecc3 Merge pull request #1743 from go-git/renovate/releases/v5.x-go-github.com-go-...
  • 3e752f0 build: Update module github.com/go-git/go-git/v5 to v5.13.0 [SECURITY]
  • 3a31754 Merge pull request #1741 from go-git/renovate/releases/v5.x-go-github.com-clo...
  • acc28f1 build: Update module github.com/cloudflare/circl to v1.6.1 [SECURITY]
  • 95f3880 Merge pull request #1742 from go-git/renovate/releases/v5.x-go-golang.org-x-n...
  • 329f926 build: Update module golang.org/x/net to v0.38.0 [SECURITY]
  • 399e04b Merge pull request #1734 from pjbgf/fix-ci
  • 2025eae build: test, Fix build on Windows.
  • fb6806f Merge pull request #1732 from swills/find-hash-panic-fix-backport
  • 382530f plumbing: format/idxfile, prevent panic
  • See full diff in compare view

Updates github.com/moby/buildkit from 0.25.2 to 0.26.2

Release notes

Sourced from github.com/moby/buildkit's releases.

v0.26.2

Welcome to the v0.26.2 release of buildkit!

Please try out the release binaries and report any issues at https://github.com/moby/buildkit/issues.

Contributors

  • CrazyMax
  • Tõnis Tiigi

Notable Changes

  • Fix possible error when uploading big files to S3 cache exporter #6373

Dependency Changes

This release has no dependency changes

Previous release can be found at v0.26.1

v0.26.1

Welcome to the v0.26.1 release of buildkit!

Please try out the release binaries and report any issues at https://github.com/moby/buildkit/issues.

Contributors

  • Tõnis Tiigi

Notable Changes

  • Fix excessive chunking when fetching blobs #6366

Dependency Changes

This release has no dependency changes

Previous release can be found at v0.26.0

v0.26.0

buildkit 0.26.0

Welcome to the v0.26.0 release of buildkit!

... (truncated)

Commits
  • be1f38e Merge pull request #6374 from crazy-max/0.26_picks_0.26.2
  • 8a34dcd cache(s3): request checksum calculation when required
  • 29fc55f Merge pull request #6367 from tonistiigi/v0.26-picks
  • 247e13c contentutil: avoid defaulting to ReadAt for fetch
  • a8e548f Merge pull request #4673 from bpascard/master
  • cc2d332 Merge pull request #6351 from thaJeztah/bump_tarsplit
  • 640f8bb Merge pull request #6349 from tonistiigi/dockerd-test-fixes
  • c3fd6a3 vendor: github.com/vbatts/tar-split v0.12.2
  • 2224254 test: test updates for dockerd
  • a2a940e Merge pull request #6345 from tonistiigi/cap-session-policy
  • Additional commits viewable in compare view

Updates golang.org/x/text from 0.30.0 to 0.31.0

Commits
  • e7ff6b3 go.mod: update golang.org/x dependencies
  • fbf012b all: use reflect.TypeFor instead of reflect.TypeOf
  • See full diff in compare view

Updates github.com/google/osv-scanner/v2 from 2.2.4 to 2.3.0

Release notes

Sourced from github.com/google/osv-scanner/v2's releases.

v2.3.0

This release migrates to the new osv.dev and osv-schema proto bindings for its internal data models (#2328). This is primarily an internal change and should not impact users.

Features:

Fixes:

New Contributors

Full Changelog: google/osv-scanner@v2.2.4...v2.3.0

Changelog

Sourced from github.com/google/osv-scanner/v2's changelog.

v2.3.0

This release migrates to the new osv.dev and osv-schema proto bindings for its internal data models (#2328). This is primarily an internal change and should not impact users.

Features:

Fixes:

Commits

Updates gitlab.com/gitlab-org/api/client-go from 0.159.0 to 0.160.1

Release notes

Sourced from gitlab.com/gitlab-org/api/client-go's releases.

v0.160.1

0.160.1

🐛 Bug Fixes

  • fix: update input field from "key" to "name" in pipeline schedules to prevent an API error (!2580) by Zubeen

🔄 Other Changes

0.160.1 (2025-11-19)

Bug Fixes

  • update input field from "key" to "name" in pipeline schedules to prevent an API error (062133f)

v0.160.0

0.160.0

🚀 Features

  • feat (project_members): Add show_seat_info option to ProjectMembers (!2572) by Zubeen

🔄 Other Changes

0.160.0 (2025-11-12)

Changelog

Sourced from gitlab.com/gitlab-org/api/client-go's changelog.

0.160.1

🐛 Bug Fixes

  • fix: update input field from "key" to "name" in pipeline schedules to prevent an API error (!2580) by Zubeen

🔄 Other Changes

0.160.1 (2025-11-19)

Bug Fixes

  • update input field from "key" to "name" in pipeline schedules to prevent an API error (062133f)

0.160.0

🚀 Features

  • feat (project_members): Add show_seat_info option to ProjectMembers (!2572) by Zubeen

🔄 Other Changes

0.160.0 (2025-11-12)

Commits
  • 34e3ffd chore(release): 0.160.1 [skip ci]
  • 6a71725 Merge branch 'fixInputFieldName' into 'main'
  • 062133f fix: update input field from "key" to "name" in pipeline schedules to prevent...
  • 18823b5 Merge branch 'feature/code-refactor-9' into 'main'
  • 0fd2aa8 Code Refactor Using Request Handlers - 9
  • b3b9f27 Merge branch 'feature/code-refactor-7' into 'main'
  • 2034055 Code Refactor Using Request Handlers - 7
  • 8261c35 Merge branch 'feature/code-refactor-5' into 'main'
  • 5bf85d3 Code Refactor Using Request Handlers - 5
  • 25df49f Merge branch 'feature/code-refactor-2' into 'main'
  • Additional commits viewable in compare view

Updates cloud.google.com/go/storage from 1.57.1 to 1.57.2

Release notes

Sourced from cloud.google.com/go/storage's releases.

storage 1.57.2

1.57.2 (2025-11-14)

Features

Bug Fixes

Documentation

  • updates to docs and docs formatting (PiperOrigin-RevId: 828488192) (93ca68d5)
Commits
  • 54f5f63 chore: librarian release pull request: 20251114T145800Z (#13361)
  • 315f65b fix(spanner): decoding spanner rows using SelectAll should map values in corr...
  • d1224e8 test(spanner): additional tests for SelectAll() (#13360)
  • b9196cf feat: Add grpc.xds.resource_type label to xDS client metrics (#13358)
  • b0f1362 fix(storage): Handle redirect on takeover. (#13354)
  • 5574f5b chore: librarian update image pull request: 20251113T211851Z (#13355)
  • 3fef58b chore(internal/librariangen): bump gapic-generator-go to 0.55.1 (#13352)
  • e978a68 chore: update the go version in renovate.json (#13348)
  • 29b6c97 chore: librarian update image pull request: 20251112T170525Z (#13346)
  • 1f4da37 chore(internal/librariangen): bump gapic-generator-go to 0.55.0 (#13345)
  • Additional commits viewable in compare view

Updates github.com/golangci/golangci-lint/v2 from 2.6.1 to 2.6.2

Release notes

Sourced from github.com/golangci/golangci-lint/v2's releases.

v2.6.2

golangci-lint is a free and open-source project built by volunteers.

If you value it, consider supporting us, the maintainers and linter authors.

We appreciate it! ❤️

For key updates, see the changelog.

Changelog

  • a237b8294c2776c7da0eddcc72eb3632223488c1 build(deps): bump github.com/maratori/testableexamples from 1.0.0 to 1.0.1 (#6182)
  • 7255b2cff8787ddd0b062d543a08c5afa7989c78 build(deps): bump github.com/maratori/testpackage from 1.1.1 to 1.1.2 (#6183)
  • f07ab6ad97df981f3e2ffb11bf1d54d39088cefd build(deps): bump golang.org/x/oauth2 from 0.32.0 to 0.33.0 in /scripts/gen_github_action_config in the scripts group (#6185)
  • 79163b62ba480ed49e1f3bb4ef346ea1f912331b build(deps): bump golang.org/x/sync from 0.17.0 to 0.18.0 (#6181)
  • 7bcb236705fdd83923d5dfe2487d9244cc6585c2 build(deps): bump golangci/golangci-lint-action from 8.0.0 to 9.0.0 in the github-actions group (#6186)
  • a8a12dba5f526b14e31be424b0f1e6cc1e922269 fix: fmt command with symlinks (#6187)
  • c128d127c8593eaef27d541221c24e972b6df150 fix: use file depending on build configuration to invalidate cache (#6179)
Changelog

Sourced from github.com/golangci/golangci-lint/v2's changelog.

v2.6.2

Released on 2025-11-14

  1. Bug fixes
    • fmt command with symlinks
    • use file depending on build configuration to invalidate cache
  2. Linters bug fixes
    • testableexamples: from 1.0.0 to 1.0.1
    • testpackage: from 1.1.1 to 1.1.2
Commits
  • dc16cf4 chore: prepare release
  • a8a12db fix: fmt command with symlinks (#6187)
  • 7bcb236 build(deps): bump golangci/golangci-lint-action from 8.0.0 to 9.0.0 in the gi...
  • f07ab6a build(deps): bump golang.org/x/oauth2 from 0.32.0 to 0.33.0 in /scripts/gen_g...
  • 7255b2c build(deps): bump github.com/maratori/testpackage from 1.1.1 to 1.1.2 (#6183)
  • a237b82 build(deps): bump github.com/maratori/testableexamples from 1.0.0 to 1.0.1 (#...
  • 79163b6 build(deps): bump golang.org/x/sync from 0.17.0 to 0.18.0 (#6181)
  • c128d12 fix: use file depending on build configuration to invalidate cache (#6179)
  • b92f577 docs: improve fix flag description (#6175)
  • fb3e4b2 docs: fix changelog
  • Additional commits viewable in compare view

Most Recent Ignore Conditions Applied to This Pull Request
Dependency Name Ignore Conditions
gitlab.com/gitlab-org/api/client-go [>= 0.118.a, < 0.119]
gitlab.com/gitlab-org/api/client-go [>= 0.117.a, < 0.118]

You can trigger a rebase of this PR by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
🌱 Bump the gomod group across 2 directories with 7 updates
7c2ed7e 
Bumps the gomod group with 6 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) | `5.16.3` | `5.16.4` |
| [github.com/moby/buildkit](https://github.com/moby/buildkit) | `0.25.2` | `0.26.2` |
| [golang.org/x/text](https://github.com/golang/text) | `0.30.0` | `0.31.0` |
| [github.com/google/osv-scanner/v2](https://github.com/google/osv-scanner) | `2.2.4` | `2.3.0` |
| [gitlab.com/gitlab-org/api/client-go](https://gitlab.com/gitlab-org/api/client-go) | `0.159.0` | `0.160.1` |
| [cloud.google.com/go/storage](https://github.com/googleapis/google-cloud-go) | `1.57.1` | `1.57.2` |

Bumps the gomod group with 1 update in the /tools directory: [github.com/golangci/golangci-lint/v2](https://github.com/golangci/golangci-lint).


Updates `github.com/go-git/go-git/v5` from 5.16.3 to 5.16.4
- [Release notes](https://github.com/go-git/go-git/releases)
- [Commits](go-git/go-git@v5.16.3...v5.16.4)

Updates `github.com/moby/buildkit` from 0.25.2 to 0.26.2
- [Release notes](https://github.com/moby/buildkit/releases)
- [Commits](moby/buildkit@v0.25.2...v0.26.2)

Updates `golang.org/x/text` from 0.30.0 to 0.31.0
- [Release notes](https://github.com/golang/text/releases)
- [Commits](golang/text@v0.30.0...v0.31.0)

Updates `github.com/google/osv-scanner/v2` from 2.2.4 to 2.3.0
- [Release notes](https://github.com/google/osv-scanner/releases)
- [Changelog](https://github.com/google/osv-scanner/blob/main/CHANGELOG.md)
- [Commits](google/osv-scanner@v2.2.4...v2.3.0)

Updates `gitlab.com/gitlab-org/api/client-go` from 0.159.0 to 0.160.1
- [Release notes](https://gitlab.com/gitlab-org/api/client-go/tags)
- [Changelog](https://gitlab.com/gitlab-org/api/client-go/blob/main/CHANGELOG.md)
- [Commits](https://gitlab.com/gitlab-org/api/client-go/compare/v0.159.0...v0.160.1)

Updates `cloud.google.com/go/storage` from 1.57.1 to 1.57.2
- [Release notes](https://github.com/googleapis/google-cloud-go/releases)
- [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/CHANGES.md)
- [Commits](googleapis/google-cloud-go@storage/v1.57.1...storage/v1.57.2)

Updates `github.com/golangci/golangci-lint/v2` from 2.6.1 to 2.6.2
- [Release notes](https://github.com/golangci/golangci-lint/releases)
- [Changelog](https://github.com/golangci/golangci-lint/blob/main/CHANGELOG.md)
- [Commits](golangci/golangci-lint@v2.6.1...v2.6.2)

---
updated-dependencies:
- dependency-name: github.com/go-git/go-git/v5
  dependency-version: 5.16.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: gomod
- dependency-name: github.com/moby/buildkit
  dependency-version: 0.26.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gomod
- dependency-name: golang.org/x/text
  dependency-version: 0.31.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gomod
- dependency-name: github.com/google/osv-scanner/v2
  dependency-version: 2.3.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gomod
- dependency-name: gitlab.com/gitlab-org/api/client-go
  dependency-version: 0.160.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gomod
- dependency-name: cloud.google.com/go/storage
  dependency-version: 1.57.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: gomod
- dependency-name: github.com/golangci/golangci-lint/v2
  dependency-version: 2.6.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: gomod
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Nov 24, 2025
@dependabot dependabot bot requested a review from a team as a code owner November 24, 2025 08:19
@dependabot dependabot bot requested review from jeffmendoza and spencerschrock and removed request for a team November 24, 2025 08:19
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Nov 24, 2025
@dependabot dependabot bot added the go Pull requests that update Go code label Nov 24, 2025
@dosubot dosubot bot added the size:L This PR changes 100-499 lines, ignoring generated files. label Nov 24, 2025
@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Dec 1, 2025

Looks like these dependencies are updatable in another way, so this is no longer needed.

@dependabot dependabot bot closed this Dec 1, 2025
@dependabot dependabot bot deleted the dependabot/go_modules/gomod-b31e46f4f3 branch December 1, 2025 10:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jeffmendoza jeffmendoza Awaiting requested review from jeffmendoza jeffmendoza is a code owner automatically assigned from ossf/scorecard-maintainers

@spencerschrock spencerschrock Awaiting requested review from spencerschrock spencerschrock is a code owner automatically assigned from ossf/scorecard-maintainers

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file go Pull requests that update Go code size:L This PR changes 100-499 lines, ignoring generated files.

Projects

OpenSSF Scorecard
Status: Done

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants