Skip to content

Bump the go-modules group with 4 updates#730

Merged
paketo-bot merged 1 commit intomainfrom
dependabot/go_modules/go-modules-6bc6d5fe80
Apr 15, 2026
Merged

Bump the go-modules group with 4 updates#730
paketo-bot merged 1 commit intomainfrom
dependabot/go_modules/go-modules-6bc6d5fe80

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Apr 15, 2026

Bumps the go-modules group with 4 updates: github.com/containerd/containerd/v2, github.com/github/go-spdx/v2, github.com/googleapis/gax-go/v2 and google.golang.org/api.

Updates github.com/containerd/containerd/v2 from 2.2.2 to 2.2.3

Release notes

Sourced from github.com/containerd/containerd/v2's releases.

containerd 2.2.3

Welcome to the v2.2.3 release of containerd!

The third patch release for containerd 2.2 contains various fixes and updates including a security patch.

Security Updates

Highlights

Container Runtime Interface (CRI)

  • Preserve cgroup mount options for privileged containers (#13120)
  • Ensure UpdatePodSandbox returns Unimplemented instead of a generic error (#13023)

Go client

  • Handle absolute symlinks in rootfs user lookup to fix regressions when using Go 1.24 (#13015)

Image Distribution

  • Enable mount manager in diff walking to fix layer extraction errors with some snapshotters (e.g., EROFS) (#13198)
  • Apply hardening to prevent TOCTOU race during tar extraction (#12971)

Runtime

  • Restore support for client-mounted roots in Windows containers using process isolation (#13195)
  • Update runc to v1.3.5 (#13061)
  • Apply absolute symlink resolution to /etc/group in OCI spec to fix lookups on NixOS-style systems (#13019)
  • Handle absolute symlinks in rootfs user lookup to fix regressions when using Go 1.24 (#13015)

Snapshotters

  • Fix bug that caused whiteouts to be ignored when parallel unpack was used (#13125)

Please try out the release binaries and report any issues at https://github.com/containerd/containerd/issues.

Contributors

  • Samuel Karp
  • Sebastiaan van Stijn
  • Maksym Pavlenko
  • Chris Henzie
  • Derek McGowan
  • Paulo Oliveira
  • Henry Wang

... (truncated)

Commits
  • 77c8424 Merge pull request #13224 from samuelkarp/prepare-release-2.2.3
  • 8a0f4ed Prepare release notes for v2.2.3
  • 1383828 Merge pull request #13217 from samuelkarp/update-spdystream-2.2
  • 31bd34a update github.com/moby/spdystream v0.5.1
  • d2c2fc3 Merge pull request #13197 from thaJeztah/2.2_bump_compress
  • 6b3c2de Merge pull request #13198 from k8s-infra-cherrypick-robot/cherry-pick-13186-t...
  • 409f75b diff/walking: enable mount manager
  • 1336f6c vendor: github.com/klauspost/compress v1.18.5
  • 33e9334 Merge pull request #13195 from thaJeztah/2.2_bump_runhcs
  • 0d85aef Merge pull request #13196 from thaJeztah/2.2_bump_hcsshim
  • Additional commits viewable in compare view

Updates github.com/github/go-spdx/v2 from 2.4.0 to 2.5.0

Release notes

Sourced from github.com/github/go-spdx/v2's releases.

v2.5.0

What's Changed

Full Changelog: github/go-spdx@v2.4.0...v2.5.0

Commits
  • cc0143f Merge pull request #142 from github/dependabot/github_actions/peter-evans/cre...
  • 4e7a48e Merge pull request #143 from github/update-2.5.0
  • 5a8068e Update version to v2.5.0
  • d0e0c1d Bump peter-evans/create-pull-request from 8.1.0 to 8.1.1
  • dc84df6 Merge pull request #131 from github/dependabot/github_actions/peter-evans/cre...
  • 03e23fc Merge branch 'main' into dependabot/github_actions/peter-evans/create-pull-re...
  • b950282 Merge pull request #135 from github/auto-update-licenses
  • 412c69e Merge branch 'main' into dependabot/github_actions/peter-evans/create-pull-re...
  • 8d9bb8d Merge branch 'main' into auto-update-licenses
  • ad24e72 Merge pull request #139 from github/138-extract-licenses-hang
  • Additional commits viewable in compare view

Updates github.com/googleapis/gax-go/v2 from 2.21.0 to 2.22.0

Release notes

Sourced from github.com/googleapis/gax-go/v2's releases.

v2: v2.22.0

v2.22.0 (2026-04-14)

Commits

Updates google.golang.org/api from 0.275.0 to 0.276.0

Release notes

Sourced from google.golang.org/api's releases.

v0.276.0

0.276.0 (2026-04-14)

Features

Changelog

Sourced from google.golang.org/api's changelog.

0.276.0 (2026-04-14)

Features

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Bump the go-modules group with 4 updates
21506b3 
Bumps the go-modules group with 4 updates: [github.com/containerd/containerd/v2](https://github.com/containerd/containerd), [github.com/github/go-spdx/v2](https://github.com/github/go-spdx), [github.com/googleapis/gax-go/v2](https://github.com/googleapis/gax-go) and [google.golang.org/api](https://github.com/googleapis/google-api-go-client).


Updates `github.com/containerd/containerd/v2` from 2.2.2 to 2.2.3
- [Release notes](https://github.com/containerd/containerd/releases)
- [Changelog](https://github.com/containerd/containerd/blob/main/RELEASES.md)
- [Commits](containerd/containerd@v2.2.2...v2.2.3)

Updates `github.com/github/go-spdx/v2` from 2.4.0 to 2.5.0
- [Release notes](https://github.com/github/go-spdx/releases)
- [Commits](github/go-spdx@v2.4.0...v2.5.0)

Updates `github.com/googleapis/gax-go/v2` from 2.21.0 to 2.22.0
- [Release notes](https://github.com/googleapis/gax-go/releases)
- [Commits](googleapis/gax-go@v2.21.0...v2.22.0)

Updates `google.golang.org/api` from 0.275.0 to 0.276.0
- [Release notes](https://github.com/googleapis/google-api-go-client/releases)
- [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md)
- [Commits](googleapis/google-api-go-client@v0.275.0...v0.276.0)

---
updated-dependencies:
- dependency-name: github.com/containerd/containerd/v2
  dependency-version: 2.2.3
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: go-modules
- dependency-name: github.com/github/go-spdx/v2
  dependency-version: 2.5.0
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: go-modules
- dependency-name: github.com/googleapis/gax-go/v2
  dependency-version: 2.22.0
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: go-modules
- dependency-name: google.golang.org/api
  dependency-version: 0.276.0
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: go-modules
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update go code labels Apr 15, 2026
@dependabot dependabot Bot requested a review from a team as a code owner April 15, 2026 14:06
@dependabot dependabot Bot requested review from ForestEckhardt and dmikusa April 15, 2026 14:06
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update go code labels Apr 15, 2026
@paketo-bot paketo-bot added the semver:patch A change requiring a patch version bump label Apr 15, 2026
@paketo-bot paketo-bot merged commit 8e3d0f2 into main Apr 15, 2026
11 of 12 checks passed
@paketo-bot paketo-bot deleted the dependabot/go_modules/go-modules-6bc6d5fe80 branch April 15, 2026 14:15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@paketo-bot-reviewer paketo-bot-reviewer paketo-bot-reviewer approved these changes

@dmikusa dmikusa Awaiting requested review from dmikusa dmikusa is a code owner automatically assigned from paketo-buildpacks/dotnet-core-maintainers

@ForestEckhardt ForestEckhardt Awaiting requested review from ForestEckhardt ForestEckhardt is a code owner automatically assigned from paketo-buildpacks/dotnet-core-maintainers

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file go Pull requests that update go code semver:patch A change requiring a patch version bump

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@paketo-bot-reviewer @paketo-bot