Bump the go-modules group across 1 directory with 9 updates #528

dependabot · 2025-10-23T13:09:22Z

Bumps the go-modules group with 5 updates in the / directory:

Package	From	To
github.com/paketo-buildpacks/occam	`0.30.1`	`0.30.2`
github.com/anchore/syft	`1.34.2`	`1.36.0`
github.com/aws/aws-sdk-go-v2/config	`1.31.13`	`1.31.14`
github.com/aws/aws-sdk-go-v2/service/s3	`1.88.5`	`1.88.6`
google.golang.org/api	`0.252.0`	`0.253.0`

Updates github.com/paketo-buildpacks/occam from 0.30.1 to 0.30.2

Release notes

Sourced from github.com/paketo-buildpacks/occam's releases.

v0.30.2

What's Changed

Updates github-config by @paketo-bot in paketo-buildpacks/occam#436

Using pack CLI --cache flag to always specify the volumes by @pacostas in paketo-buildpacks/occam#437

chore(deps): updated module github.com/paketo-buildpacks/packit/v2 from v2.25.0 to v2.25.2 by @paketo-bot in paketo-buildpacks/occam#434

chore(deps): updated module github.com/docker/docker from v28.4.0+incompatible to v28.5.1+incompatible by @paketo-bot in paketo-buildpacks/occam#435

Full Changelog: paketo-buildpacks/occam@v0.30.1...v0.30.2

Commits

4325ba8 chore(deps): updated module github.com/docker/docker from v28.4.0+incompatibl...
ca18701 chore(deps): updated module github.com/paketo-buildpacks/packit/v2 from v2.25...
9cb6d44 fix: always setting the cache volumes (#437)
8a84072 Updating github-config
See full diff in compare view

Updates github.com/anchore/syft from 1.34.2 to 1.36.0

Release notes

Sourced from github.com/anchore/syft's releases.

v1.36.0

Added Features

Add the ability to fetch remote licenses for pnpm-lock.yaml files [#4286 @timols]

support universal (fat) mach-o binary files [#4278 @JoeyShapiro]

pdm support [#2709 #4234 @paulslaby]

Bug Fixes

Remove duplicate image source providers [#4289 @Rupikz]

syft can't extract go module information from executables on Windows [#4271 #4285 @JoeyShapiro]

(Full Changelog)

Commits

8be4639 chore(deps): update tools to latest versions (#4302)
44b7b09 chore(deps): bump github.com/github/go-spdx/v2 from 2.3.3 to 2.3.4 (#4301)
675075e chore(deps): bump github/codeql-action from 4.30.8 to 4.30.9 (#4299)
31b2c4c support universal (fat) mach-o binary files (#4278)
07029ea chore(deps): bump sigstore/cosign-installer from 3.10.0 to 4.0.0 (#4296)
f4de1e8 chore(deps): bump anchore/sbom-action from 0.20.7 to 0.20.8 (#4297)
538b4a2 convert posix path back to windows (#4285)
fc74b07 Remove duplicate image source providers (#4289)
6627c52 chore(deps): bump anchore/sbom-action from 0.20.6 to 0.20.7 (#4293)
c0f32e1 feat: add option to fetch remote licenses for pnpm-lock.yaml files (#4286)
Additional commits viewable in compare view

Updates github.com/aws/aws-sdk-go-v2/config from 1.31.13 to 1.31.14

Commits

a0c74d2 Release 2025-10-22
eb61154 Regenerated Clients
e20d3e4 Update endpoints model
9acd5fa Update API model
a91cc6c Speed up unit tests by removing duplicate work (#3216)
7cdc7c8 Release 2025-10-21
feadc37 Regenerated Clients
0d16eb2 Update API model
ff236e2 remove superfluous goDirective (#3212)
4718b0d ci: scope down GitHub Token permissions (#3217)
Additional commits viewable in compare view

Updates github.com/aws/aws-sdk-go-v2/credentials from 1.18.17 to 1.18.18

Changelog

Sourced from github.com/aws/aws-sdk-go-v2/credentials's changelog.

Release (2023-03-16)

General Highlights

Dependency Update: Updated to the latest SDK module versions

Module Highlights

github.com/aws/aws-sdk-go-v2/config: v1.18.18

Bug Fix: Allow RoleARN to be set as functional option on STS WebIdentityRoleOptions. Fixes aws/aws-sdk-go-v22.

github.com/aws/aws-sdk-go-v2/service/guardduty: v1.18.0

Feature: Updated 9 APIs for feature enablement to reflect expansion of GuardDuty to features. Added new APIs and updated existing APIs to support RDS Protection GA.

github.com/aws/aws-sdk-go-v2/service/resourceexplorer2: v1.2.7

Documentation: Documentation updates for APIs.

github.com/aws/aws-sdk-go-v2/service/sagemakerruntime: v1.18.7

Documentation: Documentation updates for SageMaker Runtime

Release (2023-03-15)

Module Highlights

github.com/aws/aws-sdk-go-v2/service/migrationhubstrategy: v1.9.0

Feature: This release adds the binary analysis that analyzes IIS application DLLs on Windows and Java applications on Linux to provide anti-pattern report without configuring access to the source code.

github.com/aws/aws-sdk-go-v2/service/s3control: v1.31.0

Feature: Added support for S3 Object Lambda aliases.

github.com/aws/aws-sdk-go-v2/service/securitylake: v1.3.0

Feature: Make Create/Get/ListSubscribers APIs return resource share ARN and name so they can be used to validate the RAM resource share to accept. GetDatalake can be used to track status of UpdateDatalake and DeleteDatalake requests.

Release (2023-03-14)

General Highlights

Dependency Update: Updated to the latest SDK module versions

Module Highlights

github.com/aws/aws-sdk-go-v2/feature/ec2/imds: v1.13.0

Feature: Add flag to disable IMDSv1 fallback

github.com/aws/aws-sdk-go-v2/service/applicationautoscaling: v1.18.0

Feature: Application Auto Scaling customers can now use mathematical functions to customize the metric used with Target Tracking policies within the policy configuration itself, saving the cost and effort of publishing the customizations as a separate metric.

github.com/aws/aws-sdk-go-v2/service/dataexchange: v1.19.0

Feature: This release enables data providers to license direct access to S3 objects encrypted with Customer Managed Keys (CMK) in AWS KMS through AWS Data Exchange. Subscribers can use these keys to decrypt, then use the encrypted S3 objects shared with them, without creating or managing copies.

github.com/aws/aws-sdk-go-v2/service/directconnect: v1.18.7

Documentation: describe-direct-connect-gateway-associations includes a new status, updating, indicating that the association is currently in-process of updating.

github.com/aws/aws-sdk-go-v2/service/ec2: v1.90.0

Feature: This release adds a new DnsOptions key (PrivateDnsOnlyForInboundResolverEndpoint) to CreateVpcEndpoint and ModifyVpcEndpoint APIs.

github.com/aws/aws-sdk-go-v2/service/iam: v1.19.6

Documentation: Documentation only updates to correct customer-reported issues

github.com/aws/aws-sdk-go-v2/service/keyspaces: v1.2.0

Feature: Adding support for client-side timestamps

github.com/aws/aws-sdk-go-v2/service/support: v1.14.6

Announcement: Model regenerated with support for null string values to properly implement support service operations DescribeTrustedAdvisorCheckRefreshStatuses and DescribeTrustedAdvisorCheckSummaries

Release (2023-03-13)

... (truncated)

Commits

4b96187 Release 2023-03-16
06ad3fe Regenerated Clients
f15a20d Update endpoints model
92cb133 Update API model
601e6aa delay WebIdentityRoleOptions validation (#2030)
03dd7e4 Release 2023-03-15
b47bc7f Regenerated Clients
49db781 Update endpoints model
27738b7 Update API model
See full diff in compare view

Updates github.com/aws/aws-sdk-go-v2/service/s3 from 1.88.5 to 1.88.6

Commits

a0c74d2 Release 2025-10-22
eb61154 Regenerated Clients
e20d3e4 Update endpoints model
9acd5fa Update API model
a91cc6c Speed up unit tests by removing duplicate work (#3216)
7cdc7c8 Release 2025-10-21
feadc37 Regenerated Clients
0d16eb2 Update API model
ff236e2 remove superfluous goDirective (#3212)
4718b0d ci: scope down GitHub Token permissions (#3217)
Additional commits viewable in compare view

Updates github.com/aws/aws-sdk-go-v2/service/sts from 1.38.7 to 1.38.8

Commits

676a8b1 Release 2025-01-24
1737386 Regenerated Clients
3bc09da Update API model
cb98dee Fix flex checksum validation cfg (#2981)
9c76401 fix bad changelog type
ed8a3ca Reduce fmt.Sprintf allocations in query encoding (#2919)
d5773a9 Add FixUnmarshalIndividualSetValues option to DecoderOptions of dynamodb (#2896)
58e23dc fix codegen test failing in main
640d919 fix broken jmespath waiters in cloudwatch and autoscaling (#2984)
613a6cf Optimize/directory traversal (#2970)
Additional commits viewable in compare view

Updates github.com/github/go-spdx/v2 from 2.3.3 to 2.3.4

Release notes

Sourced from github.com/github/go-spdx/v2's releases.

Release v2.3.4

What's Changed

update licenses

bump dependencies

Full Changelog: github/go-spdx@v2.3.3...v2.3.4

Commits

3ea60cf Merge pull request #109 from github/auto-update-licenses
108cb58 Add updated license files
9e5ecc4 Merge pull request #116 from github/dependabot/github_actions/actions/setup-go-6
ff1cc1c Merge branch 'main' into dependabot/github_actions/actions/setup-go-6
b3240be Merge pull request #114 from github/dependabot/github_actions/actions/checkout-5
d4dc9f2 Bump actions/setup-go from 5 to 6
f63665b Bump actions/checkout from 4 to 5
7a705d1 Merge pull request #110 from github/elr/update-gomod
a9ed7b0 minor dependency update trigger autosubmission
936b224 Merge pull request #107 from github/elr/limit-pr-autogen
Additional commits viewable in compare view

Updates google.golang.org/api from 0.252.0 to 0.253.0

Release notes

Sourced from google.golang.org/api's releases.

v0.253.0

0.253.0 (2025-10-22)

Features

all: Auto-regenerate discovery clients (#3337) (40f2752)

all: Auto-regenerate discovery clients (#3339) (d1ef976)

all: Auto-regenerate discovery clients (#3340) (580c65f)

all: Auto-regenerate discovery clients (#3341) (9d031c4)

all: Auto-regenerate discovery clients (#3342) (ca2b9ad)

all: Auto-regenerate discovery clients (#3344) (844753e)

all: Auto-regenerate discovery clients (#3345) (3de8a5b)

all: Auto-regenerate discovery clients (#3346) (a590b9a)

all: Auto-regenerate discovery clients (#3347) (40ca8fe)

Changelog

Sourced from google.golang.org/api's changelog.

0.253.0 (2025-10-22)

Features

all: Auto-regenerate discovery clients (#3337) (40f2752)

all: Auto-regenerate discovery clients (#3339) (d1ef976)

all: Auto-regenerate discovery clients (#3340) (580c65f)

all: Auto-regenerate discovery clients (#3341) (9d031c4)

all: Auto-regenerate discovery clients (#3342) (ca2b9ad)

all: Auto-regenerate discovery clients (#3344) (844753e)

all: Auto-regenerate discovery clients (#3345) (3de8a5b)

all: Auto-regenerate discovery clients (#3346) (a590b9a)

all: Auto-regenerate discovery clients (#3347) (40ca8fe)

Commits

bf0e302 chore(main): release 0.253.0 (#3338)
40ca8fe feat(all): auto-regenerate discovery clients (#3347)
a590b9a feat(all): auto-regenerate discovery clients (#3346)
3de8a5b feat(all): auto-regenerate discovery clients (#3345)
8012a7b chore(all): update all (#3343)
844753e feat(all): auto-regenerate discovery clients (#3344)
ca2b9ad feat(all): auto-regenerate discovery clients (#3342)
9d031c4 feat(all): auto-regenerate discovery clients (#3341)
580c65f feat(all): auto-regenerate discovery clients (#3340)
d1ef976 feat(all): auto-regenerate discovery clients (#3339)
Additional commits viewable in compare view

Updates google.golang.org/genproto/googleapis/rpc from 0.0.0-20251002232023-7c0ddcbb5797 to 0.0.0-20251014184007-4626949a642f

Commits

See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the go-modules group with 5 updates in the / directory: | Package | From | To | | --- | --- | --- | | [github.com/paketo-buildpacks/occam](https://github.com/paketo-buildpacks/occam) | `0.30.1` | `0.30.2` | | [github.com/anchore/syft](https://github.com/anchore/syft) | `1.34.2` | `1.36.0` | | [github.com/aws/aws-sdk-go-v2/config](https://github.com/aws/aws-sdk-go-v2) | `1.31.13` | `1.31.14` | | [github.com/aws/aws-sdk-go-v2/service/s3](https://github.com/aws/aws-sdk-go-v2) | `1.88.5` | `1.88.6` | | [google.golang.org/api](https://github.com/googleapis/google-api-go-client) | `0.252.0` | `0.253.0` | Updates `github.com/paketo-buildpacks/occam` from 0.30.1 to 0.30.2 - [Release notes](https://github.com/paketo-buildpacks/occam/releases) - [Commits](paketo-buildpacks/occam@v0.30.1...v0.30.2) Updates `github.com/anchore/syft` from 1.34.2 to 1.36.0 - [Release notes](https://github.com/anchore/syft/releases) - [Changelog](https://github.com/anchore/syft/blob/main/.goreleaser.yaml) - [Commits](anchore/syft@v1.34.2...v1.36.0) Updates `github.com/aws/aws-sdk-go-v2/config` from 1.31.13 to 1.31.14 - [Release notes](https://github.com/aws/aws-sdk-go-v2/releases) - [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/changelog-template.json) - [Commits](aws/aws-sdk-go-v2@config/v1.31.13...config/v1.31.14) Updates `github.com/aws/aws-sdk-go-v2/credentials` from 1.18.17 to 1.18.18 - [Release notes](https://github.com/aws/aws-sdk-go-v2/releases) - [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/config/v1.18.18/CHANGELOG.md) - [Commits](aws/aws-sdk-go-v2@config/v1.18.17...config/v1.18.18) Updates `github.com/aws/aws-sdk-go-v2/service/s3` from 1.88.5 to 1.88.6 - [Release notes](https://github.com/aws/aws-sdk-go-v2/releases) - [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/changelog-template.json) - [Commits](aws/aws-sdk-go-v2@service/s3/v1.88.5...service/s3/v1.88.6) Updates `github.com/aws/aws-sdk-go-v2/service/sts` from 1.38.7 to 1.38.8 - [Release notes](https://github.com/aws/aws-sdk-go-v2/releases) - [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/changelog-template.json) - [Commits](aws/aws-sdk-go-v2@service/sts/v1.38.7...service/iam/v1.38.8) Updates `github.com/github/go-spdx/v2` from 2.3.3 to 2.3.4 - [Release notes](https://github.com/github/go-spdx/releases) - [Commits](github/go-spdx@v2.3.3...v2.3.4) Updates `google.golang.org/api` from 0.252.0 to 0.253.0 - [Release notes](https://github.com/googleapis/google-api-go-client/releases) - [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md) - [Commits](googleapis/google-api-go-client@v0.252.0...v0.253.0) Updates `google.golang.org/genproto/googleapis/rpc` from 0.0.0-20251002232023-7c0ddcbb5797 to 0.0.0-20251014184007-4626949a642f - [Commits](https://github.com/googleapis/go-genproto/commits) --- updated-dependencies: - dependency-name: github.com/paketo-buildpacks/occam dependency-version: 0.30.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go-modules - dependency-name: github.com/anchore/syft dependency-version: 1.36.0 dependency-type: indirect update-type: version-update:semver-minor dependency-group: go-modules - dependency-name: github.com/aws/aws-sdk-go-v2/config dependency-version: 1.31.14 dependency-type: indirect update-type: version-update:semver-patch dependency-group: go-modules - dependency-name: github.com/aws/aws-sdk-go-v2/credentials dependency-version: 1.18.18 dependency-type: indirect update-type: version-update:semver-patch dependency-group: go-modules - dependency-name: github.com/aws/aws-sdk-go-v2/service/s3 dependency-version: 1.88.6 dependency-type: indirect update-type: version-update:semver-patch dependency-group: go-modules - dependency-name: github.com/aws/aws-sdk-go-v2/service/sts dependency-version: 1.38.8 dependency-type: indirect update-type: version-update:semver-patch dependency-group: go-modules - dependency-name: github.com/github/go-spdx/v2 dependency-version: 2.3.4 dependency-type: indirect update-type: version-update:semver-patch dependency-group: go-modules - dependency-name: google.golang.org/api dependency-version: 0.253.0 dependency-type: indirect update-type: version-update:semver-minor dependency-group: go-modules - dependency-name: google.golang.org/genproto/googleapis/rpc dependency-version: 0.0.0-20251014184007-4626949a642f dependency-type: indirect update-type: version-update:semver-patch dependency-group: go-modules ... Signed-off-by: dependabot[bot] <[email protected]>

dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update go code labels Oct 23, 2025

dependabot bot requested a review from a team as a code owner October 23, 2025 13:09

paketo-bot added the semver:patch A change requiring a patch version bump label Oct 23, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Bump the go-modules group across 1 directory with 9 updates #528

Bump the go-modules group across 1 directory with 9 updates #528

Uh oh!

dependabot bot commented on behalf of github Oct 23, 2025

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Bump the go-modules group across 1 directory with 9 updates #528

Are you sure you want to change the base?

Bump the go-modules group across 1 directory with 9 updates #528

Uh oh!

Conversation

dependabot bot commented on behalf of github Oct 23, 2025

v0.30.2

What's Changed

v1.36.0

Added Features

Bug Fixes

Release (2023-03-16)

General Highlights

Module Highlights

Release (2023-03-15)

Module Highlights

Release (2023-03-14)

General Highlights

Module Highlights

Release (2023-03-13)

Release v2.3.4

What's Changed

v0.253.0

0.253.0 (2025-10-22)

Features

0.253.0 (2025-10-22)

Features

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant