Skip to content

Bump the go-modules group with 6 updates#796

Merged
paketo-bot merged 1 commit into
mainfrom
dependabot/go_modules/go-modules-7421074b26
Apr 15, 2026
Merged

Bump the go-modules group with 6 updates#796
paketo-bot merged 1 commit into
mainfrom
dependabot/go_modules/go-modules-7421074b26

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Apr 15, 2026

Bumps the go-modules group with 6 updates:

Package From To
github.com/containerd/containerd/v2 2.2.2 2.2.3
github.com/github/go-spdx/v2 2.4.0 2.5.0
github.com/goccy/go-json 0.10.5 0.10.6
github.com/google/go-containerregistry 0.21.3 0.21.5
github.com/googleapis/gax-go/v2 2.21.0 2.22.0
google.golang.org/api 0.274.0 0.276.0

Updates github.com/containerd/containerd/v2 from 2.2.2 to 2.2.3

Release notes

Sourced from github.com/containerd/containerd/v2's releases.

containerd 2.2.3

Welcome to the v2.2.3 release of containerd!

The third patch release for containerd 2.2 contains various fixes and updates including a security patch.

Security Updates

Highlights

Container Runtime Interface (CRI)

  • Preserve cgroup mount options for privileged containers (#13120)
  • Ensure UpdatePodSandbox returns Unimplemented instead of a generic error (#13023)

Go client

  • Handle absolute symlinks in rootfs user lookup to fix regressions when using Go 1.24 (#13015)

Image Distribution

  • Enable mount manager in diff walking to fix layer extraction errors with some snapshotters (e.g., EROFS) (#13198)
  • Apply hardening to prevent TOCTOU race during tar extraction (#12971)

Runtime

  • Restore support for client-mounted roots in Windows containers using process isolation (#13195)
  • Update runc to v1.3.5 (#13061)
  • Apply absolute symlink resolution to /etc/group in OCI spec to fix lookups on NixOS-style systems (#13019)
  • Handle absolute symlinks in rootfs user lookup to fix regressions when using Go 1.24 (#13015)

Snapshotters

  • Fix bug that caused whiteouts to be ignored when parallel unpack was used (#13125)

Please try out the release binaries and report any issues at https://github.com/containerd/containerd/issues.

Contributors

  • Samuel Karp
  • Sebastiaan van Stijn
  • Maksym Pavlenko
  • Chris Henzie
  • Derek McGowan
  • Paulo Oliveira
  • Henry Wang

... (truncated)

Commits
  • 77c8424 Merge pull request #13224 from samuelkarp/prepare-release-2.2.3
  • 8a0f4ed Prepare release notes for v2.2.3
  • 1383828 Merge pull request #13217 from samuelkarp/update-spdystream-2.2
  • 31bd34a update github.com/moby/spdystream v0.5.1
  • d2c2fc3 Merge pull request #13197 from thaJeztah/2.2_bump_compress
  • 6b3c2de Merge pull request #13198 from k8s-infra-cherrypick-robot/cherry-pick-13186-t...
  • 409f75b diff/walking: enable mount manager
  • 1336f6c vendor: github.com/klauspost/compress v1.18.5
  • 33e9334 Merge pull request #13195 from thaJeztah/2.2_bump_runhcs
  • 0d85aef Merge pull request #13196 from thaJeztah/2.2_bump_hcsshim
  • Additional commits viewable in compare view

Updates github.com/github/go-spdx/v2 from 2.4.0 to 2.5.0

Release notes

Sourced from github.com/github/go-spdx/v2's releases.

v2.5.0

What's Changed

Full Changelog: github/go-spdx@v2.4.0...v2.5.0

Commits
  • cc0143f Merge pull request #142 from github/dependabot/github_actions/peter-evans/cre...
  • 4e7a48e Merge pull request #143 from github/update-2.5.0
  • 5a8068e Update version to v2.5.0
  • d0e0c1d Bump peter-evans/create-pull-request from 8.1.0 to 8.1.1
  • dc84df6 Merge pull request #131 from github/dependabot/github_actions/peter-evans/cre...
  • 03e23fc Merge branch 'main' into dependabot/github_actions/peter-evans/create-pull-re...
  • b950282 Merge pull request #135 from github/auto-update-licenses
  • 412c69e Merge branch 'main' into dependabot/github_actions/peter-evans/create-pull-re...
  • 8d9bb8d Merge branch 'main' into auto-update-licenses
  • ad24e72 Merge pull request #139 from github/138-extract-licenses-hang
  • Additional commits viewable in compare view

Updates github.com/goccy/go-json from 0.10.5 to 0.10.6

Release notes

Sourced from github.com/goccy/go-json's releases.

0.10.6

What's Changed

New Contributors

Full Changelog: goccy/go-json@v0.10.5...v0.10.6

Commits

Updates github.com/google/go-containerregistry from 0.21.3 to 0.21.5

Release notes

Sourced from github.com/google/go-containerregistry's releases.

v0.21.5

What's Changed

Full Changelog: google/go-containerregistry@v0.21.4...v0.21.5

v0.21.4

What's Changed

New Contributors

Full Changelog: google/go-containerregistry@v0.21.3...v0.21.4

Commits
  • 5b80281 build(deps): bump golang.org/x/tools from 0.43.0 to 0.44.0 in the go-deps gro...
  • b99bca2 build(deps): bump aws-actions/configure-aws-credentials (#2257)
  • f8be1d4 update to Go 1.26.2 (#2255)
  • 87ad88b Bump docker/cli v29.4.0, moby/api v1.54.1, moby/client v0.4.0 (#2254)
  • e8813dd goreleaser: Update goreleaser config and GH action for releases (#2253)
  • e90447d replace gcloud in binary calls in pkg/v1/google tests (#2085)
  • 0d0368c revert path traversal and symlink escape changes (#2250)
  • a2f47d4 transport: validate Bearer realm URL to prevent SSRF (#2243)
  • 19a36cd fork distribution client v3 auth-challenge as an internal package (squashed) ...
  • c612a9b Bump codecov/codecov-action from 5.5.2 to 5.5.3 in the actions group (#2240)
  • Additional commits viewable in compare view

Updates github.com/googleapis/gax-go/v2 from 2.21.0 to 2.22.0

Release notes

Sourced from github.com/googleapis/gax-go/v2's releases.

v2: v2.22.0

v2.22.0 (2026-04-14)

Commits

Updates google.golang.org/api from 0.274.0 to 0.276.0

Release notes

Sourced from google.golang.org/api's releases.

v0.276.0

0.276.0 (2026-04-14)

Features

v0.275.0

0.275.0 (2026-04-07)

Features

Changelog

Sourced from google.golang.org/api's changelog.

0.276.0 (2026-04-14)

Features

0.275.0 (2026-04-07)

Features

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Bump the go-modules group with 6 updates
2d0074e 
Bumps the go-modules group with 6 updates:

| Package | From | To |
| --- | --- | --- |
| [github.com/containerd/containerd/v2](https://github.com/containerd/containerd) | `2.2.2` | `2.2.3` |
| [github.com/github/go-spdx/v2](https://github.com/github/go-spdx) | `2.4.0` | `2.5.0` |
| [github.com/goccy/go-json](https://github.com/goccy/go-json) | `0.10.5` | `0.10.6` |
| [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry) | `0.21.3` | `0.21.5` |
| [github.com/googleapis/gax-go/v2](https://github.com/googleapis/gax-go) | `2.21.0` | `2.22.0` |
| [google.golang.org/api](https://github.com/googleapis/google-api-go-client) | `0.274.0` | `0.276.0` |


Updates `github.com/containerd/containerd/v2` from 2.2.2 to 2.2.3
- [Release notes](https://github.com/containerd/containerd/releases)
- [Changelog](https://github.com/containerd/containerd/blob/main/RELEASES.md)
- [Commits](containerd/containerd@v2.2.2...v2.2.3)

Updates `github.com/github/go-spdx/v2` from 2.4.0 to 2.5.0
- [Release notes](https://github.com/github/go-spdx/releases)
- [Commits](github/go-spdx@v2.4.0...v2.5.0)

Updates `github.com/goccy/go-json` from 0.10.5 to 0.10.6
- [Release notes](https://github.com/goccy/go-json/releases)
- [Changelog](https://github.com/goccy/go-json/blob/master/CHANGELOG.md)
- [Commits](goccy/go-json@v0.10.5...v0.10.6)

Updates `github.com/google/go-containerregistry` from 0.21.3 to 0.21.5
- [Release notes](https://github.com/google/go-containerregistry/releases)
- [Commits](google/go-containerregistry@v0.21.3...v0.21.5)

Updates `github.com/googleapis/gax-go/v2` from 2.21.0 to 2.22.0
- [Release notes](https://github.com/googleapis/gax-go/releases)
- [Commits](googleapis/gax-go@v2.21.0...v2.22.0)

Updates `google.golang.org/api` from 0.274.0 to 0.276.0
- [Release notes](https://github.com/googleapis/google-api-go-client/releases)
- [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md)
- [Commits](googleapis/google-api-go-client@v0.274.0...v0.276.0)

---
updated-dependencies:
- dependency-name: github.com/containerd/containerd/v2
  dependency-version: 2.2.3
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: go-modules
- dependency-name: github.com/github/go-spdx/v2
  dependency-version: 2.5.0
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: go-modules
- dependency-name: github.com/goccy/go-json
  dependency-version: 0.10.6
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: go-modules
- dependency-name: github.com/google/go-containerregistry
  dependency-version: 0.21.5
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: go-modules
- dependency-name: github.com/googleapis/gax-go/v2
  dependency-version: 2.22.0
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: go-modules
- dependency-name: google.golang.org/api
  dependency-version: 0.276.0
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: go-modules
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update go code labels Apr 15, 2026
@dependabot dependabot Bot requested a review from a team as a code owner April 15, 2026 03:54
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update go code labels Apr 15, 2026
@paketo-bot paketo-bot added the semver:patch A change requiring a patch version bump label Apr 15, 2026
@paketo-bot paketo-bot merged commit f51663a into main Apr 15, 2026
10 of 11 checks passed
@paketo-bot paketo-bot deleted the dependabot/go_modules/go-modules-7421074b26 branch April 15, 2026 04:10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@paketo-bot-reviewer paketo-bot-reviewer paketo-bot-reviewer approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file go Pull requests that update go code semver:patch A change requiring a patch version bump

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@paketo-bot-reviewer @paketo-bot