Bump the go-modules group across 1 directory with 4 updates by dependabot[bot] · Pull Request #1245 · paketo-buildpacks/npm-install

dependabot · 2026-05-13T20:18:10Z

Bumps the go-modules group with 3 updates in the / directory: github.com/github/go-spdx/v2, github.com/tklauser/go-sysconf and google.golang.org/api.

Updates github.com/github/go-spdx/v2 from 2.6.0 to 2.7.0

Release notes

Sourced from github.com/github/go-spdx/v2's releases.

Release v2.7.0

Overview

This release makes one changes:

new validation function that returns the normalized/deduped list of valid licenses

validate, normalize, and dedup licenses

A new function was added, ValidateAndNormalizeLicensesWithOptions. It is functionally equivalent to ValidateLicensesWithOptions with options:

FailComplexExpressions - rejects license that includes a conjunctive (e.g. "MIT AND Apache-2.0")

FailDeprecatedLicenses - rejects deprecated SPDX license identifiers (e.g. "eCos-2.0")

FailAllLicenseRefs - rejects all SPDX license references (e.g. "LicenseRef-MyLicense")

FailAllDocumentRefs - rejects all SPDX document references (e.g. "DocumentRef-MyDocument")

ValidateLicensesWithOptions returns a boolean indicating whether all licenses are valid (i.e. true) or one of more are invalid (i.e. false). It also returns a list of any licenses that were invalid.

ValidateAndNormalizeLicensesWithOptions does not return a boolean. It returns 2 lists. The first is the list of normalized valid licenses that have been deduped. The second is a list of of any licenses that were invalid. If the invalid list is empty, then all licenses are valid.

Normalization and Deduping
licenses: `"mit", "apache-2.0"`
normalized: `"MIT", "Apache-2.0"`
licenses: &quot;mit&quot;, &quot;MIT&quot;, &quot; MIT &quot;, &quot;apache-2.0&quot;

normalized: MIT, Apache-2.0
What's Changed

add function ValidateAndNormalizeLicensesWithOptions (#149) @elrayle

license updates (#146)

Full Changelog: github/go-spdx@v2.6.0...v2.7.0

Commits

3c1ca93 Merge pull request #150 from github/v2.7.0-prep
9a7907a update version in prep to release 2.7.0
810a0d3 Merge pull request #146 from github/auto-update-licenses
13a7257 Merge branch 'main' into auto-update-licenses
dbbda01 Merge pull request #149 from github/elr/normalize
74a38f6 no need to test for allValid for ValidateAndNormalize
7d11f4c do not dedup invalid licenses as this represents a behavior change
7c92c07 fix formatting
43cb893 Add ability to get normalized licenses when validating
4508074 add function to reconstruct expressions
Additional commits viewable in compare view

Updates github.com/tklauser/go-sysconf from 0.3.16 to 0.4.0

Release notes

Sourced from github.com/tklauser/go-sysconf's releases.

v0.4.0

What's Changed

.github: bump actions/checkout from 5.0.0 to 5.0.1 by @dependabot[bot] in tklauser/go-sysconf#164

.github: bump actions/checkout from 5.0.1 to 6.0.0 by @dependabot[bot] in tklauser/go-sysconf#165

.github: bump actions/setup-go from 6.0.0 to 6.1.0 by @dependabot[bot] in tklauser/go-sysconf#166

ci: test on macOS 26 by @tklauser in tklauser/go-sysconf#167

.github: bump actions/checkout from 6.0.0 to 6.0.1 by @dependabot[bot] in tklauser/go-sysconf#168

go.mod: bump golang.org/x/sys from 0.38.0 to 0.39.0 by @dependabot[bot] in tklauser/go-sysconf#169

.cirrus.yml: update Go to 1.25.5, FreeBSD to 14.3 and 15.0 by @tklauser in tklauser/go-sysconf#170

go.mod: bump golang.org/x/sys from 0.39.0 to 0.40.0 by @dependabot[bot] in tklauser/go-sysconf#171

.github: bump actions/setup-go from 6.1.0 to 6.2.0 by @dependabot[bot] in tklauser/go-sysconf#172

.github: bump actions/checkout from 6.0.1 to 6.0.2 by @dependabot[bot] in tklauser/go-sysconf#173

go.mod: bump golang.org/x/sys from 0.40.0 to 0.41.0 by @dependabot[bot] in tklauser/go-sysconf#174

.github: bump actions/setup-go from 6.2.0 to 6.3.0 by @dependabot[bot] in tklauser/go-sysconf#175

ci: update minimum Go version to 1.25, add Go 1.26 by @tklauser in tklauser/go-sysconf#177

go.mod: bump golang.org/x/sys from 0.41.0 to 0.42.0 by @dependabot[bot] in tklauser/go-sysconf#176

.github: bump actions/setup-go from 6.3.0 to 6.4.0 by @dependabot[bot] in tklauser/go-sysconf#178

go.mod: bump golang.org/x/sys from 0.42.0 to 0.43.0 by @dependabot[bot] in tklauser/go-sysconf#179

Remove max function shadowing Go 1.21+ max builtin by @tklauser in tklauser/go-sysconf#180

Fix SC_OPEN_MAX/SC_STREAM_MAX RLIM_INFINITY check by @tklauser in tklauser/go-sysconf#181

Consistently return -1 for SC_PHYS_PAGES on error by @tklauser in tklauser/go-sysconf#182

go.mod: bump golang.org/x/sys from 0.43.0 to 0.44.0 by @dependabot[bot] in tklauser/go-sysconf#183

Don't panic on empty /proc file on Linux by @tklauser in tklauser/go-sysconf#184

go.mod: update github.com/tklauser/numcpus to v0.12.0 by @tklauser in tklauser/go-sysconf#185

Full Changelog: tklauser/go-sysconf@v0.3.16...v0.4.0

Commits

93984ea go.mod: update github.com/tklauser/numcpus to v0.12.0
e1639de Don't panic on empty /proc file on Linux
857431c go.mod: bump golang.org/x/sys from 0.43.0 to 0.44.0
7561e7f Consistently return -1 for SC_PHYS_PAGES on error
c02a313 Fix SC_OPEN_MAX/SC_STREAM_MAX RLIM_INFINITY check
9705845 Remove max function shadowing Go 1.21+ max builtin
3a47e5a go.mod: bump golang.org/x/sys from 0.42.0 to 0.43.0
ea7a0e9 .github: bump actions/setup-go from 6.3.0 to 6.4.0
d0fee56 go.mod: bump golang.org/x/sys from 0.41.0 to 0.42.0
1cfbfc0 ci: update minimum Go version to 1.25, add Go 1.26
Additional commits viewable in compare view

Updates github.com/tklauser/numcpus from 0.11.0 to 0.12.0

Release notes

Sourced from github.com/tklauser/numcpus's releases.

v0.12.0

What's Changed

.github: bump actions/checkout from 5.0.0 to 5.0.1 by @dependabot[bot] in tklauser/numcpus#139

.github: bump actions/setup-go from 6.0.0 to 6.1.0 by @dependabot[bot] in tklauser/numcpus#140

.github: bump actions/checkout from 5.0.1 to 6.0.0 by @dependabot[bot] in tklauser/numcpus#141

ci: test on macOS 26 by @tklauser in tklauser/numcpus#142

.github: bump actions/checkout from 6.0.0 to 6.0.1 by @dependabot[bot] in tklauser/numcpus#143

go.mod: bump golang.org/x/sys from 0.38.0 to 0.39.0 by @dependabot[bot] in tklauser/numcpus#144

.cirrus.yml: update Go to 1.25.5, FreeBSD to 14.3 and 15.0 by @tklauser in tklauser/numcpus#145

go.mod: bump golang.org/x/sys from 0.39.0 to 0.40.0 by @dependabot[bot] in tklauser/numcpus#146

.github: bump actions/setup-go from 6.1.0 to 6.2.0 by @dependabot[bot] in tklauser/numcpus#147

.github: bump actions/checkout from 6.0.1 to 6.0.2 by @dependabot[bot] in tklauser/numcpus#148

go.mod: bump golang.org/x/sys from 0.40.0 to 0.41.0 by @dependabot[bot] in tklauser/numcpus#149

.github: bump actions/setup-go from 6.2.0 to 6.3.0 by @dependabot[bot] in tklauser/numcpus#150

ci: update minimum Go version to 1.25, add Go 1.26 by @tklauser in tklauser/numcpus#152

go.mod: bump golang.org/x/sys from 0.41.0 to 0.42.0 by @dependabot[bot] in tklauser/numcpus#151

.github: bump actions/setup-go from 6.3.0 to 6.4.0 by @dependabot[bot] in tklauser/numcpus#153

go.mod: bump golang.org/x/sys from 0.42.0 to 0.43.0 by @dependabot[bot] in tklauser/numcpus#154

ci: fix version comments for actions/setup-go by @tklauser in tklauser/numcpus#155

Improve implementation on Linux by @tklauser in tklauser/numcpus#156

go.mod: bump golang.org/x/sys from 0.43.0 to 0.44.0 by @dependabot[bot] in tklauser/numcpus#157

Full Changelog: tklauser/numcpus@v0.11.0...v0.12.0

Commits

28ffdd9 go.mod: bump golang.org/x/sys from 0.43.0 to 0.44.0
b42d144 Return on error in examples
f0569b0 Implement countCPURange using listCPURange
ab28d9c Use 64-bit integer for parsing kernel_max
3dec912 Use os.ReadDir instead of os.Open/(*os.File).Readdir
f5037b7 ci: fix version comments for actions/setup-go
5e4452a go.mod: bump golang.org/x/sys from 0.42.0 to 0.43.0
8baa579 .github: bump actions/setup-go from 6.3.0 to 6.4.0
84a431d go.mod: bump golang.org/x/sys from 0.41.0 to 0.42.0
a704e1e ci: update minimum Go version to 1.25, add Go 1.26
Additional commits viewable in compare view

Updates google.golang.org/api from 0.278.0 to 0.279.0

Release notes

Sourced from google.golang.org/api's releases.

v0.279.0

0.279.0 (2026-05-12)

Features

all: Auto-regenerate discovery clients (#3585) (09db0e3)

all: Auto-regenerate discovery clients (#3587) (e87e376)

all: Auto-regenerate discovery clients (#3590) (d4241ea)

Changelog

Sourced from google.golang.org/api's changelog.

0.279.0 (2026-05-12)

Features

all: Auto-regenerate discovery clients (#3585) (09db0e3)

all: Auto-regenerate discovery clients (#3587) (e87e376)

all: Auto-regenerate discovery clients (#3590) (d4241ea)

Commits

e446d4c chore(main): release 0.279.0 (#3586)
d4241ea feat(all): auto-regenerate discovery clients (#3590)
8452ed1 chore(all): update module github.com/go-git/go-git/v5 to v5.19.0 [SECURITY] (...
e87e376 feat(all): auto-regenerate discovery clients (#3587)
09db0e3 feat(all): auto-regenerate discovery clients (#3585)
See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the go-modules group with 3 updates in the / directory: [github.com/github/go-spdx/v2](https://github.com/github/go-spdx), [github.com/tklauser/go-sysconf](https://github.com/tklauser/go-sysconf) and [google.golang.org/api](https://github.com/googleapis/google-api-go-client). Updates `github.com/github/go-spdx/v2` from 2.6.0 to 2.7.0 - [Release notes](https://github.com/github/go-spdx/releases) - [Commits](github/go-spdx@v2.6.0...v2.7.0) Updates `github.com/tklauser/go-sysconf` from 0.3.16 to 0.4.0 - [Release notes](https://github.com/tklauser/go-sysconf/releases) - [Commits](tklauser/go-sysconf@v0.3.16...v0.4.0) Updates `github.com/tklauser/numcpus` from 0.11.0 to 0.12.0 - [Release notes](https://github.com/tklauser/numcpus/releases) - [Commits](tklauser/numcpus@v0.11.0...v0.12.0) Updates `google.golang.org/api` from 0.278.0 to 0.279.0 - [Release notes](https://github.com/googleapis/google-api-go-client/releases) - [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md) - [Commits](googleapis/google-api-go-client@v0.278.0...v0.279.0) --- updated-dependencies: - dependency-name: github.com/github/go-spdx/v2 dependency-version: 2.7.0 dependency-type: indirect update-type: version-update:semver-minor dependency-group: go-modules - dependency-name: github.com/tklauser/go-sysconf dependency-version: 0.4.0 dependency-type: indirect update-type: version-update:semver-minor dependency-group: go-modules - dependency-name: github.com/tklauser/numcpus dependency-version: 0.12.0 dependency-type: indirect update-type: version-update:semver-minor dependency-group: go-modules - dependency-name: google.golang.org/api dependency-version: 0.279.0 dependency-type: indirect update-type: version-update:semver-minor dependency-group: go-modules ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update go code labels May 13, 2026

dependabot Bot requested review from a team as code owners May 13, 2026 20:18

dependabot Bot removed the request for review from a team May 13, 2026 20:18

dependabot Bot added the dependencies Pull requests that update a dependency file label May 13, 2026

dependabot Bot requested review from pacostas and paketo-bot-reviewer May 13, 2026 20:18

dependabot Bot added the go Pull requests that update go code label May 13, 2026

paketo-bot added the semver:patch A change requiring a patch version bump label May 13, 2026

paketo-bot-reviewer approved these changes May 13, 2026

View reviewed changes

paketo-bot merged commit 1dff324 into main May 13, 2026
14 of 15 checks passed

paketo-bot deleted the dependabot/go_modules/go-modules-34c9fbbbb5 branch May 13, 2026 20:46

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump the go-modules group across 1 directory with 4 updates#1245

Bump the go-modules group across 1 directory with 4 updates#1245
paketo-bot merged 1 commit into
mainfrom
dependabot/go_modules/go-modules-34c9fbbbb5

dependabot Bot commented on behalf of github May 13, 2026

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Conversation

dependabot Bot commented on behalf of github May 13, 2026

Release v2.7.0

Overview

validate, normalize, and dedup licenses

Normalization and Deduping

What's Changed

v0.4.0

What's Changed

v0.12.0

What's Changed

v0.279.0

0.279.0 (2026-05-12)

Features

0.279.0 (2026-05-12)

Features

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants