Skip to content

Bump the go-modules group with 5 updates#806

Merged
paketo-bot merged 1 commit into
mainfrom
dependabot/go_modules/go-modules-53fef9fa9e
Apr 29, 2026
Merged

Bump the go-modules group with 5 updates#806
paketo-bot merged 1 commit into
mainfrom
dependabot/go_modules/go-modules-53fef9fa9e

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Apr 29, 2026

Bumps the go-modules group with 5 updates:

Package From To
github.com/onsi/gomega 1.39.1 1.40.0
github.com/bodgit/sevenzip 1.6.1 1.6.2
github.com/containerd/continuity 0.4.5 0.5.0
github.com/containerd/plugin 1.0.0 1.1.0
go4.org 0.0.0-20230225012048-214862532bf5 0.0.0-20260112195520-a5071408f32f

Updates github.com/onsi/gomega from 1.39.1 to 1.40.0

Release notes

Sourced from github.com/onsi/gomega's releases.

v1.40.0

1.40.0

We're adopting a new release strategy to minimize dependency bloat in projects that consume Gomega. It is a limitation of the go mod toolchain that test subdependencies of your project's direct dependencies get pulled in as indirect dependencies. In the case of Gomega, this ends up pulling in all of Ginkgo into your go.mod even if you are only using Gomega (Gomega uses Ginkgo for its own tests).

Going forward, releases will strip out all tests, tidy up the go.mod and then push this stripped down version to a new master-lite branch. These stripped-down versions will receive the vx.y.z git tag and will be picked up by the go toolchain.

Please open an issue if this new release process causes unexpected changes for your projects.

Changelog

Sourced from github.com/onsi/gomega's changelog.

1.40.0

We're adopting a new release strategy to minimize dependency bloat in projects that consume Gomega. It is a limitation of the go mod toolchain that test subdependencies of your project's direct dependencies get pulled in as indirect dependencies. In the case of Gomega, this ends up pulling in all of Ginkgo into your go.mod even if you are only using Gomega (Gomega uses Ginkgo for its own tests).

Going forward, releases will strip out all tests, tidy up the go.mod and then push this stripped down version to a new master-lite branch. These stripped-down versions will receive the vx.y.z git tag and will be picked up by the go toolchain.

Please open an issue if this new release process causes unexpected changes for your projects.

Commits

Updates github.com/bodgit/sevenzip from 1.6.1 to 1.6.2

Release notes

Sourced from github.com/bodgit/sevenzip's releases.

v1.6.2

1.6.2 (2026-04-28)

Bug Fixes

  • Add ARM64 filter support (#395) (8648ac7)
  • deps: update go4.org digest to a507140 (#422) (367448a)
  • deps: update module github.com/andybalholm/brotli to v1.2.1 (#425) (63d4609)
  • deps: update module github.com/klauspost/compress to v1.18.5 (#426) (c01c118)
  • deps: update module github.com/pierrec/lz4/v4 to v4.1.26 (#427) (189b20d)
  • deps: update module github.com/spf13/afero to v1.15.0 (#431) (960c916)
  • deps: update module golang.org/x/sync to v0.20.0 (#432) (aa1e391)
  • deps: update module golang.org/x/text to v0.36.0 (#433) (dbed104)
  • Handle streams with no files (#401) (fe03793)
  • Prevent panics discovered by fuzzing (#402) (740fcf9)
Changelog

Sourced from github.com/bodgit/sevenzip's changelog.

1.6.2 (2026-04-28)

Bug Fixes

  • Add ARM64 filter support (#395) (8648ac7)
  • deps: update go4.org digest to a507140 (#422) (367448a)
  • deps: update module github.com/andybalholm/brotli to v1.2.1 (#425) (63d4609)
  • deps: update module github.com/klauspost/compress to v1.18.5 (#426) (c01c118)
  • deps: update module github.com/pierrec/lz4/v4 to v4.1.26 (#427) (189b20d)
  • deps: update module github.com/spf13/afero to v1.15.0 (#431) (960c916)
  • deps: update module golang.org/x/sync to v0.20.0 (#432) (aa1e391)
  • deps: update module golang.org/x/text to v0.36.0 (#433) (dbed104)
  • Handle streams with no files (#401) (fe03793)
  • Prevent panics discovered by fuzzing (#402) (740fcf9)
Commits
  • d6c1f14 chore(main): release 1.6.2 (#420)
  • 740fcf9 fix: Prevent panics discovered by fuzzing (#402)
  • 10f0674 chore(deps): update github/codeql-action action to v4.35.2 (#439)
  • 7abcd56 chore(deps): update marocchino/sticky-pull-request-comment action to v3 (#436)
  • 00b55e9 chore(deps): update actions/upload-artifact action to v7 (#435)
  • 60169dd chore(deps): update pre-commit hook pre-commit/pre-commit-hooks to v6 (#438)
  • 2625d26 chore(deps): update actions/checkout action to v6 (#434)
  • 8344328 chore(deps): update pre-commit hook commitizen-tools/commitizen to v4 (#437)
  • 849dc25 chore(deps): update pre-commit hook golangci/golangci-lint to v2.11.4 (#429)
  • 37a8e9d chore(deps): update pre-commit hook gitleaks/gitleaks to v8.30.1 (#428)
  • Additional commits viewable in compare view

Updates github.com/containerd/continuity from 0.4.5 to 0.5.0

Release notes

Sourced from github.com/containerd/continuity's releases.

v0.5.0

What's Changed

New Contributors

Full Changelog: containerd/continuity@v0.4.5...v0.5.0

Commits
  • ed9828d Merge pull request #274 from jellor/handle-no-xattr
  • 9a4a220 Merge pull request #269 from eldondev/main
  • fcfd613 fs: handle ENOTSUP error in compareCapabilities function
  • 8c2afd9 Merge pull request #283 from containerd/dependabot/github_actions/github/code...
  • 42ba1ba build(deps): bump github/codeql-action from 4.35.1 to 4.35.2
  • 9426626 Merge pull request #276 from dcantah/linux-cp-sparse-aware
  • 49d1748 Merge pull request #280 from dmcgowan/add-ext4-library
  • 3b6686d Merge pull request #282 from containerd/dependabot/github_actions/github/code...
  • 27d93b0 build(deps): bump github/codeql-action from 3.35.1 to 4.35.1
  • a424ba1 Linux: Make copyFile sparse aware
  • Additional commits viewable in compare view

Updates github.com/containerd/plugin from 1.0.0 to 1.1.0

Release notes

Sourced from github.com/containerd/plugin's releases.

v1.1.0

What's Changed

Full Changelog: containerd/plugin@v1.0.0...v1.1.0

Commits
  • eaf7e69 Merge pull request #16 from austinvazquez/use-go-stable-in-ci
  • bd83b31 Merge pull request #17 from austinvazquez/bump-golangci-lint-2.7.2
  • 0d02bbc ci: bump golangci-lint to v2.7.2
  • 8050603 ci: use Go stable
  • f351829 Merge pull request #13 from dmcgowan/simplify-graph
  • e8139c6 Add check for plugin requiring itself
  • 01f62ae Fix circular dependency detection
  • 8599102 Simply handling of disabled and added plugins
  • 51bd9b0 Add test for handling registration errors
  • d120f94 Merge pull request #15 from dmcgowan/update-ci-versions
  • Additional commits viewable in compare view

Updates go4.org from 0.0.0-20230225012048-214862532bf5 to 0.0.0-20260112195520-a5071408f32f

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Bump the go-modules group with 5 updates
2879389 
Bumps the go-modules group with 5 updates:

| Package | From | To |
| --- | --- | --- |
| [github.com/onsi/gomega](https://github.com/onsi/gomega) | `1.39.1` | `1.40.0` |
| [github.com/bodgit/sevenzip](https://github.com/bodgit/sevenzip) | `1.6.1` | `1.6.2` |
| [github.com/containerd/continuity](https://github.com/containerd/continuity) | `0.4.5` | `0.5.0` |
| [github.com/containerd/plugin](https://github.com/containerd/plugin) | `1.0.0` | `1.1.0` |
| [go4.org](https://github.com/go4org/go4) | `0.0.0-20230225012048-214862532bf5` | `0.0.0-20260112195520-a5071408f32f` |


Updates `github.com/onsi/gomega` from 1.39.1 to 1.40.0
- [Release notes](https://github.com/onsi/gomega/releases)
- [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md)
- [Commits](onsi/gomega@v1.39.1...v1.40.0)

Updates `github.com/bodgit/sevenzip` from 1.6.1 to 1.6.2
- [Release notes](https://github.com/bodgit/sevenzip/releases)
- [Changelog](https://github.com/bodgit/sevenzip/blob/main/CHANGELOG.md)
- [Commits](bodgit/sevenzip@v1.6.1...v1.6.2)

Updates `github.com/containerd/continuity` from 0.4.5 to 0.5.0
- [Release notes](https://github.com/containerd/continuity/releases)
- [Commits](containerd/continuity@v0.4.5...v0.5.0)

Updates `github.com/containerd/plugin` from 1.0.0 to 1.1.0
- [Release notes](https://github.com/containerd/plugin/releases)
- [Commits](containerd/plugin@v1.0.0...v1.1.0)

Updates `go4.org` from 0.0.0-20230225012048-214862532bf5 to 0.0.0-20260112195520-a5071408f32f
- [Commits](https://github.com/go4org/go4/commits)

---
updated-dependencies:
- dependency-name: github.com/onsi/gomega
  dependency-version: 1.40.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-modules
- dependency-name: github.com/bodgit/sevenzip
  dependency-version: 1.6.2
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: go-modules
- dependency-name: github.com/containerd/continuity
  dependency-version: 0.5.0
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: go-modules
- dependency-name: github.com/containerd/plugin
  dependency-version: 1.1.0
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: go-modules
- dependency-name: go4.org
  dependency-version: 0.0.0-20260112195520-a5071408f32f
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: go-modules
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update go code labels Apr 29, 2026
@dependabot dependabot Bot requested a review from a team as a code owner April 29, 2026 03:54
@dependabot dependabot Bot added the go Pull requests that update go code label Apr 29, 2026
@paketo-bot paketo-bot added the semver:patch A change requiring a patch version bump label Apr 29, 2026
@paketo-bot paketo-bot merged commit cdd723d into main Apr 29, 2026
9 of 10 checks passed
@paketo-bot paketo-bot deleted the dependabot/go_modules/go-modules-53fef9fa9e branch April 29, 2026 04:09
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@paketo-bot-reviewer paketo-bot-reviewer paketo-bot-reviewer approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file go Pull requests that update go code semver:patch A change requiring a patch version bump

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@paketo-bot-reviewer @paketo-bot