Bump the go-modules group across 1 directory with 8 updates by dependabot[bot] · Pull Request #1350 · paketo-buildpacks/nodejs

dependabot · 2026-03-20T15:03:01Z

Bumps the go-modules group with 7 updates in the / directory:

Package	From	To
github.com/paketo-buildpacks/occam	`0.31.1`	`0.31.2`
github.com/google/go-containerregistry	`0.21.2`	`0.21.3`
github.com/klauspost/compress	`1.18.4`	`1.18.5`
github.com/paketo-buildpacks/packit/v2	`2.25.4`	`2.25.5`
github.com/testcontainers/testcontainers-go	`0.40.0`	`0.41.0`
golang.org/x/crypto	`0.48.0`	`0.49.0`
golang.org/x/net	`0.51.0`	`0.52.0`

Updates github.com/paketo-buildpacks/occam from 0.31.1 to 0.31.2

Release notes

Sourced from github.com/paketo-buildpacks/occam's releases.

v0.31.2

What's Changed

chore(deps): updated module github.com/testcontainers/testcontainers-go from v0.39.0 to v0.40.0 by @paketo-bot in paketo-buildpacks/occam#441

chore(deps): updated module github.com/docker/docker from v28.5.1+incompatible to v28.5.2+incompatible by @paketo-bot in paketo-buildpacks/occam#440

chore(deps): updated module github.com/onsi/gomega from v1.38.3 to v1.39.1 by @paketo-bot in paketo-buildpacks/occam#452

Updates github-config by @paketo-bot in paketo-buildpacks/occam#446

Updates go mod version to 1.26.1 by @paketo-bot in paketo-buildpacks/occam#455

Full Changelog: paketo-buildpacks/occam@v0.31.1...v0.31.2

Commits

6914d4b Updates go mod version to 1.26.1
a2ee454 Fix linter issues (#456)
99c82d2 Updating github-config
0277272 Updating github-config
cdd83bd Updating github-config
f46bf41 chore(deps): updated module github.com/onsi/gomega from v1.38.3 to v1.39.1 (#...
1c6c42d chore(deps): updated module github.com/docker/docker from v28.5.1+incompatibl...
7162009 chore(deps): updated module github.com/testcontainers/testcontainers-go from ...
See full diff in compare view

Updates github.com/google/go-containerregistry from 0.21.2 to 0.21.3

Release notes

Sourced from github.com/google/go-containerregistry's releases.

v0.21.3

What's Changed

Adds local file support to the crane index subcommand by @edwardthiele in google/go-containerregistry#2223

migrate to github.com/moby/moby modules by @thaJeztah in google/go-containerregistry#2228

Bump the go-deps group across 4 directories with 7 updates by @dependabot[bot] in google/go-containerregistry#2233

Bump goreleaser/goreleaser-action from 6.4.0 to 7.0.0 in the actions group by @dependabot[bot] in google/go-containerregistry#2220

mutate: reject path traversal and symlink escape in Extract by @KevinZhao in google/go-containerregistry#2227

tarball: detect symlink cycles in extractFileFromTar by @vnykmshr in google/go-containerregistry#2232

bump golang to 1.25.7 by @Subserial in google/go-containerregistry#2236

New Contributors

@edwardthiele made their first contribution in google/go-containerregistry#2223

@thaJeztah made their first contribution in google/go-containerregistry#2228

@KevinZhao made their first contribution in google/go-containerregistry#2227

@vnykmshr made their first contribution in google/go-containerregistry#2232

Full Changelog: google/go-containerregistry@v0.21.2...v0.21.3

Commits

3888fb8 bump golang to 1.25.7 (#2236)
f439624 tarball: detect symlink cycles in extractFileFromTar (#2232)
400c263 mutate: reject path traversal and symlink escape in Extract (#2227)
47eedc9 Bump goreleaser/goreleaser-action in the actions group (#2220)
be0a845 Bump the go-deps group across 4 directories with 7 updates (#2233)
e916301 migrate to github.com/moby/moby modules (#2228)
8b2478e Adds local file support to the crane index subcommand (#2223)
See full diff in compare view

Updates github.com/klauspost/compress from 1.18.4 to 1.18.5

Release notes

Sourced from github.com/klauspost/compress's releases.

v1.18.5

What's Changed

zstd: Fix crash when changing encoder dictionary with same ID by @klauspost in klauspost/compress#1135

zstd: Default to full zero frames by @klauspost in klauspost/compress#1134

flate: Clean up histogram order by @klauspost in klauspost/compress#1133

Full Changelog: klauspost/compress@v1.18.4...v1.18.5

Commits

c5e0077 zstd: Fix encoder changing dictionary with same ID (#1135)
fd3f23e zstd: Default to full zero frames (#1134)
8233c58 flate: Clean up histogram order (#1133)
bcf0d12 build(deps): bump the github-actions group with 3 updates (#1132)
cf758fe ci: Upgrade Go versions, clean up (#1130)
77cc520 Add v1.18.4
See full diff in compare view

Updates github.com/paketo-buildpacks/packit/v2 from 2.25.4 to 2.25.5

Release notes

Sourced from github.com/paketo-buildpacks/packit/v2's releases.

v2.25.5

What's Changed

Bump github.com/anchore/syft from 1.40.0 to 1.40.1 by @dependabot[bot] in paketo-buildpacks/packit#729

Bump modernc.org/sqlite from 1.44.0 to 1.44.1 by @dependabot[bot] in paketo-buildpacks/packit#730

Bump modernc.org/sqlite from 1.44.1 to 1.44.2 by @dependabot[bot] in paketo-buildpacks/packit#732

Updates go mod version to 1.25.6 by @paketo-bot in paketo-buildpacks/packit#731

Bump modernc.org/sqlite from 1.44.2 to 1.44.3 by @dependabot[bot] in paketo-buildpacks/packit#733

Bump github.com/anchore/syft from 1.40.1 to 1.41.0 by @dependabot[bot] in paketo-buildpacks/packit#734

Bump github.com/onsi/gomega from 1.39.0 to 1.39.1 by @dependabot[bot] in paketo-buildpacks/packit#735

Bump github.com/anchore/syft from 1.41.0 to 1.41.1 by @dependabot[bot] in paketo-buildpacks/packit#736

Bump github.com/gabriel-vasile/mimetype from 1.4.12 to 1.4.13 by @dependabot[bot] in paketo-buildpacks/packit#737

Updates go mod version to 1.25.7 by @paketo-bot in paketo-buildpacks/packit#739

Bump github.com/anchore/syft from 1.41.1 to 1.41.2 by @dependabot[bot] in paketo-buildpacks/packit#738

Bump modernc.org/sqlite from 1.44.3 to 1.45.0 by @dependabot[bot] in paketo-buildpacks/packit#741

Bump github.com/go-git/go-git/v5 from 5.16.4 to 5.16.5 by @dependabot[bot] in paketo-buildpacks/packit#740

Bump github.com/anchore/syft from 1.41.2 to 1.42.0 by @dependabot[bot] in paketo-buildpacks/packit#742

Updates go mod version to 1.26.0 by @paketo-bot in paketo-buildpacks/packit#743

Bump modernc.org/sqlite from 1.45.0 to 1.46.0 by @dependabot[bot] in paketo-buildpacks/packit#744

Bump modernc.org/sqlite from 1.46.0 to 1.46.1 by @dependabot[bot] in paketo-buildpacks/packit#745

Bump github.com/anchore/syft from 1.42.0 to 1.42.1 by @dependabot[bot] in paketo-buildpacks/packit#746

Bump github.com/cloudflare/circl from 1.6.1 to 1.6.3 by @dependabot[bot] in paketo-buildpacks/packit#747

Bump go.opentelemetry.io/otel/sdk from 1.39.0 to 1.40.0 by @dependabot[bot] in paketo-buildpacks/packit#748

Bump github.com/anchore/syft from 1.42.1 to 1.42.2 by @dependabot[bot] in paketo-buildpacks/packit#751

Bump modernc.org/sqlite from 1.46.1 to 1.46.2 by @dependabot[bot] in paketo-buildpacks/packit#752

Bump modernc.org/sqlite from 1.46.2 to 1.47.0 by @dependabot[bot] in paketo-buildpacks/packit#753

Structure re-usability for the extension by @pacostas in paketo-buildpacks/packit#754

Updates github-config by @paketo-bot in paketo-buildpacks/packit#749

Updates go mod version to 1.26.1 by @paketo-bot in paketo-buildpacks/packit#750

Full Changelog: paketo-buildpacks/packit@v2.25.4...v2.25.5

Commits

388f655 Updates go mod version to 1.26.1
ec5163e Updating github-config
1ed4352 Structure re-usability for the extension (#754)
1178810 Bump modernc.org/sqlite from 1.46.2 to 1.47.0
dc41ad0 Bump modernc.org/sqlite from 1.46.1 to 1.46.2
66b11fa Bump github.com/anchore/syft from 1.42.1 to 1.42.2
0172ef8 Bump go.opentelemetry.io/otel/sdk from 1.39.0 to 1.40.0
f3c1964 Bump github.com/cloudflare/circl from 1.6.1 to 1.6.3
82aea99 Bump github.com/anchore/syft from 1.42.0 to 1.42.1
e16f8b8 Bump modernc.org/sqlite from 1.46.0 to 1.46.1
Additional commits viewable in compare view

Updates github.com/testcontainers/testcontainers-go from 0.40.0 to 0.41.0

Release notes

Sourced from github.com/testcontainers/testcontainers-go's releases.

v0.41.0

What's Changed

🚀 Features

feat: add TiDB module (#3575) @iyiola-dev

feat: add Forgejo module (#3556) @s04

feat: improve container conflict detection (#3574) @Desuuuu

feat(azure): add lowkey vault container (#3542) @nagyesta

feat(chroma): update to chroma 1.x (#3552) @tazarov

feat(cassandra): add ssl option cassandra (#3151) @MitulShah1

🐛 Bug Fixes

fix(redpanda): closing provider in test after use (#3539) @mabrarov

fix: docker auth for docker.io images (#3482) @LaurentGoderre

fix(solace): set ulimits for container (#3497) @mdelapenya

fix(kafka): strip architecture suffix from Kafka image tags for semver parsing (#3276) @asahasrabuddhe

📖 Documentation

docs(metrics): automate usage metrics collection and publish it in the docs site (#3495) @mdelapenya

🧹 Housekeeping

chore(deps): bump actions/checkout from 6.0.1 to 6.0.2 (#3560) @dependabot[bot]

chore(pulsar): bump base image to 4.x, replacing the wait for log strategy with wait for listening port (deterministic) (#3573) @mdelapenya

chore(deps): bump github.com/modelcontextprotocol/go-sdk from 1.0.0 to 1.3.1 in /modules/dockermcpgateway (#3557) @dependabot[bot]

chore: update usage metrics (2026-03-02) (#3565) @github-actions[bot]

chore(deps): bump mkdocs-include-markdown-plugin from 7.2.0 to 7.2.1 (#3547) @dependabot[bot]

chore(deps): bump tj-actions/changed-files from 47.0.0 to 47.0.1 (#3546) @dependabot[bot]

chore(deps): bump actions/upload-artifact from 4.6.2 to 6.0.0 (#3545) @dependabot[bot]

chore: update usage metrics (2026-02-02) (#3551) @github-actions[bot]

chore(deps): bump pymdown-extensions from 10.8.1 to 10.16.1 (#3513) @dependabot[bot]

chore: update usage metrics (2026-01-01) (#3515) @github-actions[bot]

chore: update usage metrics (2025-12-01) (#3506) @github-actions[bot]

chore(metrics): allow sending PRs from the workflow (#3503) @mdelapenya

fix(metrics): use the right CSV file (#3502) @mdelapenya

fix(metrics): use the right CSV file (#3501) @mdelapenya

chore(metrics): even better rate limit strategy (#3500) @mdelapenya

chore(metrics): properly detect rate limits (#3499) @mdelapenya

fix(metrics): set GH _TOKEN in workflow (#3498) @mdelapenya

📦 Dependency updates

fix: update compose-replace Makefile target to use compose/v5 (#3590) @mdelapenya

chore(deps): bump atomicjar/testcontainers-cloud-setup-action from 1.3.0 to 1.4.0 (#3559) @dependabot[bot]

chore(deps): bump golang.org/x/text from 0.14.0 to 0.34.0 in /modulegen (#3582) @dependabot[bot]

chore(deps): bump mkdocs-codeinclude-plugin from 0.2.1 to 0.3.1 (#3579) @dependabot[bot]

chore(deps): bump golang.org/x/mod from 0.16.0 to 0.33.0 in /modulegen (#3583) @dependabot[bot]

chore(deps): bump github.com/aerospike/aerospike-client-go/v8 from 8.2.0 to 8.6.0 in /modules/aerospike (#3584) @dependabot[bot]

... (truncated)

Commits

2ea97c8 chore: use new version (v0.41.0) in modules and examples
9a663f7 fix: update compose-replace Makefile target to use compose/v5 (#3590)
10481c2 chore(deps): bump atomicjar/testcontainers-cloud-setup-action (#3559)
bdb12dd chore(deps): bump golang.org/x/text from 0.14.0 to 0.34.0 in /modulegen (#3582)
5bd7f07 chore(deps): bump mkdocs-codeinclude-plugin from 0.2.1 to 0.3.1 (#3579)
c9ccfc5 chore(deps): bump golang.org/x/mod from 0.16.0 to 0.33.0 in /modulegen (#3583)
21ec740 chore(deps): bump github.com/aerospike/aerospike-client-go/v8 from 8.2.0 to 8...
fb47b82 chore(deps): bump golang.org/x/mod in /modules/localstack (#3587)
6686e31 chore(deps): bump golang.org/x/mod in /modules/elasticsearch (#3585)
0656548 chore(deps): bump golang.org/x/mod in /modules/redpanda (#3588)
Additional commits viewable in compare view

Updates golang.org/x/crypto from 0.48.0 to 0.49.0

Commits

982eaa6 go.mod: update golang.org/x dependencies
159944f ssh,acme: clean up tautological/impossible nil conditions
a408498 acme: only require prompt if server has terms of service
cab0f71 all: upgrade go directive to at least 1.25.0 [generated]
2f26647 x509roots/fallback: update bundle
See full diff in compare view

Updates golang.org/x/net from 0.51.0 to 0.52.0

Commits

316e20c go.mod: update golang.org/x dependencies
9767a42 internal/http3: add support for plugging into net/http
4a81284 http2: update docs to disrecommend this package
dec6603 dns/dnsmessage: reject too large of names early during unpack
8afa12f http2: deprecate write schedulers
38019a2 http2: add missing copyright header to export_test.go
039b87f internal/http3: return error when Write is used after status 304 is set
6267c6c internal/http3: add HTTP 103 Early Hints support to ClientConn
591bdf3 internal/http3: add HTTP 103 Early Hints support to Server
1faa6d8 internal/http3: avoid potential race when aborting RoundTrip
Additional commits viewable in compare view

Updates golang.org/x/text from 0.34.0 to 0.35.0

Commits

7ca2c6d go.mod: update golang.org/x dependencies
73d1ba9 all: upgrade go directive to at least 1.25.0 [generated]
See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the go-modules group with 7 updates in the / directory: | Package | From | To | | --- | --- | --- | | [github.com/paketo-buildpacks/occam](https://github.com/paketo-buildpacks/occam) | `0.31.1` | `0.31.2` | | [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry) | `0.21.2` | `0.21.3` | | [github.com/klauspost/compress](https://github.com/klauspost/compress) | `1.18.4` | `1.18.5` | | [github.com/paketo-buildpacks/packit/v2](https://github.com/paketo-buildpacks/packit) | `2.25.4` | `2.25.5` | | [github.com/testcontainers/testcontainers-go](https://github.com/testcontainers/testcontainers-go) | `0.40.0` | `0.41.0` | | [golang.org/x/crypto](https://github.com/golang/crypto) | `0.48.0` | `0.49.0` | | [golang.org/x/net](https://github.com/golang/net) | `0.51.0` | `0.52.0` | Updates `github.com/paketo-buildpacks/occam` from 0.31.1 to 0.31.2 - [Release notes](https://github.com/paketo-buildpacks/occam/releases) - [Commits](paketo-buildpacks/occam@v0.31.1...v0.31.2) Updates `github.com/google/go-containerregistry` from 0.21.2 to 0.21.3 - [Release notes](https://github.com/google/go-containerregistry/releases) - [Commits](google/go-containerregistry@v0.21.2...v0.21.3) Updates `github.com/klauspost/compress` from 1.18.4 to 1.18.5 - [Release notes](https://github.com/klauspost/compress/releases) - [Commits](klauspost/compress@v1.18.4...v1.18.5) Updates `github.com/paketo-buildpacks/packit/v2` from 2.25.4 to 2.25.5 - [Release notes](https://github.com/paketo-buildpacks/packit/releases) - [Commits](paketo-buildpacks/packit@v2.25.4...v2.25.5) Updates `github.com/testcontainers/testcontainers-go` from 0.40.0 to 0.41.0 - [Release notes](https://github.com/testcontainers/testcontainers-go/releases) - [Commits](testcontainers/testcontainers-go@v0.40.0...v0.41.0) Updates `golang.org/x/crypto` from 0.48.0 to 0.49.0 - [Commits](golang/crypto@v0.48.0...v0.49.0) Updates `golang.org/x/net` from 0.51.0 to 0.52.0 - [Commits](golang/net@v0.51.0...v0.52.0) Updates `golang.org/x/text` from 0.34.0 to 0.35.0 - [Release notes](https://github.com/golang/text/releases) - [Commits](golang/text@v0.34.0...v0.35.0) --- updated-dependencies: - dependency-name: github.com/paketo-buildpacks/occam dependency-version: 0.31.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go-modules - dependency-name: github.com/google/go-containerregistry dependency-version: 0.21.3 dependency-type: indirect update-type: version-update:semver-patch dependency-group: go-modules - dependency-name: github.com/klauspost/compress dependency-version: 1.18.5 dependency-type: indirect update-type: version-update:semver-patch dependency-group: go-modules - dependency-name: github.com/paketo-buildpacks/packit/v2 dependency-version: 2.25.5 dependency-type: indirect update-type: version-update:semver-patch dependency-group: go-modules - dependency-name: github.com/testcontainers/testcontainers-go dependency-version: 0.41.0 dependency-type: indirect update-type: version-update:semver-minor dependency-group: go-modules - dependency-name: golang.org/x/crypto dependency-version: 0.49.0 dependency-type: indirect update-type: version-update:semver-minor dependency-group: go-modules - dependency-name: golang.org/x/net dependency-version: 0.52.0 dependency-type: indirect update-type: version-update:semver-minor dependency-group: go-modules - dependency-name: golang.org/x/text dependency-version: 0.35.0 dependency-type: indirect update-type: version-update:semver-minor dependency-group: go-modules ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot · 2026-03-23T15:23:41Z

Looks like these dependencies are updatable in another way, so this is no longer needed.

dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update go code labels Mar 20, 2026

dependabot bot requested a review from a team as a code owner March 20, 2026 15:03

dependabot bot requested review from mhdawson and paketo-bot-reviewer and removed request for a team March 20, 2026 15:03

dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update go code labels Mar 20, 2026

paketo-bot added the semver:patch A change requiring a patch version bump label Mar 20, 2026

dependabot bot closed this Mar 23, 2026

dependabot bot deleted the dependabot/go_modules/go-modules-67b5b6a35a branch March 23, 2026 15:23

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump the go-modules group across 1 directory with 8 updates#1350

Bump the go-modules group across 1 directory with 8 updates#1350
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/go_modules/go-modules-67b5b6a35a

dependabot bot commented on behalf of github Mar 20, 2026 •

edited

Loading

Uh oh!

dependabot bot commented on behalf of github Mar 23, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Conversation

dependabot bot commented on behalf of github Mar 20, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

v0.31.2

What's Changed

v0.21.3

What's Changed

New Contributors

v1.18.5

What's Changed

v2.25.5

What's Changed

v0.41.0

What's Changed

🚀 Features

🐛 Bug Fixes

📖 Documentation

🧹 Housekeeping

📦 Dependency updates

Uh oh!

dependabot bot commented on behalf of github Mar 23, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

dependabot bot commented on behalf of github Mar 20, 2026 •

edited

Loading