Bump the go-modules group with 4 updates by dependabot[bot] · Pull Request #714 · paketo-buildpacks/pipenv-install

dependabot · 2026-04-29T13:54:25Z

Bumps the go-modules group with 4 updates: github.com/onsi/gomega, github.com/bodgit/sevenzip, github.com/containerd/continuity and github.com/containerd/plugin.

Updates github.com/onsi/gomega from 1.39.1 to 1.40.0

Release notes

Sourced from github.com/onsi/gomega's releases.

v1.40.0

1.40.0

We're adopting a new release strategy to minimize dependency bloat in projects that consume Gomega. It is a limitation of the go mod toolchain that test subdependencies of your project's direct dependencies get pulled in as indirect dependencies. In the case of Gomega, this ends up pulling in all of Ginkgo into your go.mod even if you are only using Gomega (Gomega uses Ginkgo for its own tests).

Going forward, releases will strip out all tests, tidy up the go.mod and then push this stripped down version to a new master-lite branch. These stripped-down versions will receive the vx.y.z git tag and will be picked up by the go toolchain.

Please open an issue if this new release process causes unexpected changes for your projects.

Changelog

Sourced from github.com/onsi/gomega's changelog.

1.40.0

We're adopting a new release strategy to minimize dependency bloat in projects that consume Gomega. It is a limitation of the go mod toolchain that test subdependencies of your project's direct dependencies get pulled in as indirect dependencies. In the case of Gomega, this ends up pulling in all of Ginkgo into your go.mod even if you are only using Gomega (Gomega uses Ginkgo for its own tests).

Going forward, releases will strip out all tests, tidy up the go.mod and then push this stripped down version to a new master-lite branch. These stripped-down versions will receive the vx.y.z git tag and will be picked up by the go toolchain.

Please open an issue if this new release process causes unexpected changes for your projects.

Commits

87ee9d3 v1.40.0
ea66027 v1.40.0 (full)
e3fd789 update docs to reflect new versioning strategy
7d4ee30 first push to master-lite
e4a82d1 Bump github/codeql-action from 3 to 4 (#875)
af62723 Bump rexml from 3.4.0 to 3.4.2 in /docs (#870)
e164221 Bump github.com/onsi/ginkgo/v2 from 2.28.0 to 2.28.1 (#895)
334a282 Bump faraday from 2.12.2 to 2.14.1 in /docs (#896)
See full diff in compare view

Updates github.com/bodgit/sevenzip from 1.6.1 to 1.6.2

Release notes

Sourced from github.com/bodgit/sevenzip's releases.

v1.6.2

1.6.2 (2026-04-28)

Bug Fixes

Add ARM64 filter support (#395) (8648ac7)

deps: update go4.org digest to a507140 (#422) (367448a)

deps: update module github.com/andybalholm/brotli to v1.2.1 (#425) (63d4609)

deps: update module github.com/klauspost/compress to v1.18.5 (#426) (c01c118)

deps: update module github.com/pierrec/lz4/v4 to v4.1.26 (#427) (189b20d)

deps: update module github.com/spf13/afero to v1.15.0 (#431) (960c916)

deps: update module golang.org/x/sync to v0.20.0 (#432) (aa1e391)

deps: update module golang.org/x/text to v0.36.0 (#433) (dbed104)

Handle streams with no files (#401) (fe03793)

Prevent panics discovered by fuzzing (#402) (740fcf9)

Changelog

Sourced from github.com/bodgit/sevenzip's changelog.

1.6.2 (2026-04-28)

Bug Fixes

Add ARM64 filter support (#395) (8648ac7)

deps: update go4.org digest to a507140 (#422) (367448a)

deps: update module github.com/andybalholm/brotli to v1.2.1 (#425) (63d4609)

deps: update module github.com/klauspost/compress to v1.18.5 (#426) (c01c118)

deps: update module github.com/pierrec/lz4/v4 to v4.1.26 (#427) (189b20d)

deps: update module github.com/spf13/afero to v1.15.0 (#431) (960c916)

deps: update module golang.org/x/sync to v0.20.0 (#432) (aa1e391)

deps: update module golang.org/x/text to v0.36.0 (#433) (dbed104)

Handle streams with no files (#401) (fe03793)

Prevent panics discovered by fuzzing (#402) (740fcf9)

Commits

d6c1f14 chore(main): release 1.6.2 (#420)
740fcf9 fix: Prevent panics discovered by fuzzing (#402)
10f0674 chore(deps): update github/codeql-action action to v4.35.2 (#439)
7abcd56 chore(deps): update marocchino/sticky-pull-request-comment action to v3 (#436)
00b55e9 chore(deps): update actions/upload-artifact action to v7 (#435)
60169dd chore(deps): update pre-commit hook pre-commit/pre-commit-hooks to v6 (#438)
2625d26 chore(deps): update actions/checkout action to v6 (#434)
8344328 chore(deps): update pre-commit hook commitizen-tools/commitizen to v4 (#437)
849dc25 chore(deps): update pre-commit hook golangci/golangci-lint to v2.11.4 (#429)
37a8e9d chore(deps): update pre-commit hook gitleaks/gitleaks to v8.30.1 (#428)
Additional commits viewable in compare view

Updates github.com/containerd/continuity from 0.4.5 to 0.5.0

Release notes

Sourced from github.com/containerd/continuity's releases.

v0.5.0

What's Changed

Bump CI runner image to macOS 13 by @austinvazquez in containerd/continuity#264

Bump golangci-lint to v1.62.0 by @austinvazquez in containerd/continuity#265

Enable dependabot updates for GitHub Actions packages by @austinvazquez in containerd/continuity#263

build(deps): bump containerd/project-checks from 1.1.0 to 1.2.2 by @dependabot[bot] in containerd/continuity#266

build(deps): bump actions/checkout from 3 to 4 by @dependabot[bot] in containerd/continuity#268

build(deps): bump actions/setup-go from 3 to 5 by @dependabot[bot] in containerd/continuity#267

Update CI to use latest versions by @dmcgowan in containerd/continuity#279

build(deps): bump actions/setup-go from 5 to 6 by @dependabot[bot] in containerd/continuity#271

build(deps): bump actions/checkout from 4 to 6 by @dependabot[bot] in containerd/continuity#273

build(deps): bump github/codeql-action from 3.35.1 to 4.35.1 by @dependabot[bot] in containerd/continuity#282

Add native Go ext4 filesystem image creator by @dmcgowan in containerd/continuity#280

Linux: Make copyFile sparse aware by @dcantah in containerd/continuity#276

build(deps): bump github/codeql-action from 4.35.1 to 4.35.2 by @dependabot[bot] in containerd/continuity#283

Fix error message on group ownership verification by @eldondev in containerd/continuity#269

fs: handle ENOTSUP error in compareCapabilities function by @jellor in containerd/continuity#274

New Contributors

@dcantah made their first contribution in containerd/continuity#276

@eldondev made their first contribution in containerd/continuity#269

@jellor made their first contribution in containerd/continuity#274

Full Changelog: containerd/continuity@v0.4.5...v0.5.0

Commits

ed9828d Merge pull request #274 from jellor/handle-no-xattr
9a4a220 Merge pull request #269 from eldondev/main
fcfd613 fs: handle ENOTSUP error in compareCapabilities function
8c2afd9 Merge pull request #283 from containerd/dependabot/github_actions/github/code...
42ba1ba build(deps): bump github/codeql-action from 4.35.1 to 4.35.2
9426626 Merge pull request #276 from dcantah/linux-cp-sparse-aware
49d1748 Merge pull request #280 from dmcgowan/add-ext4-library
3b6686d Merge pull request #282 from containerd/dependabot/github_actions/github/code...
27d93b0 build(deps): bump github/codeql-action from 3.35.1 to 4.35.1
a424ba1 Linux: Make copyFile sparse aware
Additional commits viewable in compare view

Updates github.com/containerd/plugin from 1.0.0 to 1.1.0

Release notes

Sourced from github.com/containerd/plugin's releases.

v1.1.0

What's Changed

Update github actions by @dmcgowan in containerd/plugin#9

Bump actions/checkout from 4 to 6 by @dependabot[bot] in containerd/plugin#11

Bump actions/setup-go from 5 to 6 by @dependabot[bot] in containerd/plugin#12

Add benchmark and optimize performance of common functions by @dmcgowan in containerd/plugin#8

Bump golangci lint version and minimum go version by @dmcgowan in containerd/plugin#14

Update GHA runner versions by @dmcgowan in containerd/plugin#15

Update graph logic and add further tests by @dmcgowan in containerd/plugin#13

ci: bump golangci-lint to v2.7.2 by @austinvazquez in containerd/plugin#17

ci: use Go stable by @austinvazquez in containerd/plugin#16

Full Changelog: containerd/plugin@v1.0.0...v1.1.0

Commits

eaf7e69 Merge pull request #16 from austinvazquez/use-go-stable-in-ci
bd83b31 Merge pull request #17 from austinvazquez/bump-golangci-lint-2.7.2
0d02bbc ci: bump golangci-lint to v2.7.2
8050603 ci: use Go stable
f351829 Merge pull request #13 from dmcgowan/simplify-graph
e8139c6 Add check for plugin requiring itself
01f62ae Fix circular dependency detection
8599102 Simply handling of disabled and added plugins
51bd9b0 Add test for handling registration errors
d120f94 Merge pull request #15 from dmcgowan/update-ci-versions
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the go-modules group with 4 updates: [github.com/onsi/gomega](https://github.com/onsi/gomega), [github.com/bodgit/sevenzip](https://github.com/bodgit/sevenzip), [github.com/containerd/continuity](https://github.com/containerd/continuity) and [github.com/containerd/plugin](https://github.com/containerd/plugin). Updates `github.com/onsi/gomega` from 1.39.1 to 1.40.0 - [Release notes](https://github.com/onsi/gomega/releases) - [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md) - [Commits](onsi/gomega@v1.39.1...v1.40.0) Updates `github.com/bodgit/sevenzip` from 1.6.1 to 1.6.2 - [Release notes](https://github.com/bodgit/sevenzip/releases) - [Changelog](https://github.com/bodgit/sevenzip/blob/main/CHANGELOG.md) - [Commits](bodgit/sevenzip@v1.6.1...v1.6.2) Updates `github.com/containerd/continuity` from 0.4.5 to 0.5.0 - [Release notes](https://github.com/containerd/continuity/releases) - [Commits](containerd/continuity@v0.4.5...v0.5.0) Updates `github.com/containerd/plugin` from 1.0.0 to 1.1.0 - [Release notes](https://github.com/containerd/plugin/releases) - [Commits](containerd/plugin@v1.0.0...v1.1.0) --- updated-dependencies: - dependency-name: github.com/onsi/gomega dependency-version: 1.40.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-modules - dependency-name: github.com/bodgit/sevenzip dependency-version: 1.6.2 dependency-type: indirect update-type: version-update:semver-patch dependency-group: go-modules - dependency-name: github.com/containerd/continuity dependency-version: 0.5.0 dependency-type: indirect update-type: version-update:semver-minor dependency-group: go-modules - dependency-name: github.com/containerd/plugin dependency-version: 1.1.0 dependency-type: indirect update-type: version-update:semver-minor dependency-group: go-modules ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update go code labels Apr 29, 2026

dependabot Bot requested review from a team as code owners April 29, 2026 13:54

dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update go code labels Apr 29, 2026

paketo-bot added the semver:patch A change requiring a patch version bump label Apr 29, 2026

paketo-bot-reviewer approved these changes Apr 29, 2026

View reviewed changes

paketo-bot merged commit c9c8809 into main Apr 29, 2026
11 of 12 checks passed

paketo-bot deleted the dependabot/go_modules/go-modules-341262dded branch April 29, 2026 14:11

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump the go-modules group with 4 updates#714

Bump the go-modules group with 4 updates#714
paketo-bot merged 1 commit into
mainfrom
dependabot/go_modules/go-modules-341262dded

dependabot Bot commented on behalf of github Apr 29, 2026

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Conversation

dependabot Bot commented on behalf of github Apr 29, 2026

v1.40.0

1.40.0

1.40.0

v1.6.2

1.6.2 (2026-04-28)

Bug Fixes

1.6.2 (2026-04-28)

Bug Fixes

v0.5.0

What's Changed

New Contributors

v1.1.0

What's Changed

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants