build(deps): bump the go-modules group across 1 directory with 5 updates

[dependabot]

Bumps the go-modules group with 5 updates in the / directory:

Package	From	To
github.com/paketo-buildpacks/occam	0.31.1	0.31.2
github.com/google/go-containerregistry	0.21.2	0.21.3
github.com/klauspost/compress	1.18.4	1.18.5
github.com/paketo-buildpacks/packit/v2	2.25.4	2.25.5
google.golang.org/grpc	1.79.2	1.79.3

Updates github.com/paketo-buildpacks/occam from 0.31.1 to 0.31.2

Release notes

Sourced from github.com/paketo-buildpacks/occam's releases.

v0.31.2

What's Changed

• chore(deps): updated module github.com/testcontainers/testcontainers-go from v0.39.0 to v0.40.0 by @​paketo-bot in paketo-buildpacks/occam#441
• chore(deps): updated module github.com/docker/docker from v28.5.1+incompatible to v28.5.2+incompatible by @​paketo-bot in paketo-buildpacks/occam#440
• chore(deps): updated module github.com/onsi/gomega from v1.38.3 to v1.39.1 by @​paketo-bot in paketo-buildpacks/occam#452
• Updates github-config by @​paketo-bot in paketo-buildpacks/occam#446
• Updates go mod version to 1.26.1 by @​paketo-bot in paketo-buildpacks/occam#455

Full Changelog: paketo-buildpacks/occam@v0.31.1...v0.31.2

Commits

• 6914d4b Updates go mod version to 1.26.1
• a2ee454 Fix linter issues (#456)
• 99c82d2 Updating github-config
• 0277272 Updating github-config
• cdd83bd Updating github-config
• f46bf41 chore(deps): updated module github.com/onsi/gomega from v1.38.3 to v1.39.1 (#...
• 1c6c42d chore(deps): updated module github.com/docker/docker from v28.5.1+incompatibl...
• 7162009 chore(deps): updated module github.com/testcontainers/testcontainers-go from ...
• See full diff in compare view

Updates github.com/google/go-containerregistry from 0.21.2 to 0.21.3

Release notes

Sourced from github.com/google/go-containerregistry's releases.

v0.21.3

What's Changed

• Adds local file support to the crane index subcommand by @​edwardthiele in google/go-containerregistry#2223
• migrate to github.com/moby/moby modules by @​thaJeztah in google/go-containerregistry#2228
• Bump the go-deps group across 4 directories with 7 updates by @​dependabot[bot] in google/go-containerregistry#2233
• Bump goreleaser/goreleaser-action from 6.4.0 to 7.0.0 in the actions group by @​dependabot[bot] in google/go-containerregistry#2220
• mutate: reject path traversal and symlink escape in Extract by @​KevinZhao in google/go-containerregistry#2227
• tarball: detect symlink cycles in extractFileFromTar by @​vnykmshr in google/go-containerregistry#2232
• bump golang to 1.25.7 by @​Subserial in google/go-containerregistry#2236

New Contributors

• @​edwardthiele made their first contribution in google/go-containerregistry#2223
• @​thaJeztah made their first contribution in google/go-containerregistry#2228
• @​KevinZhao made their first contribution in google/go-containerregistry#2227
• @​vnykmshr made their first contribution in google/go-containerregistry#2232

Full Changelog: google/go-containerregistry@v0.21.2...v0.21.3

Commits

• 3888fb8 bump golang to 1.25.7 (#2236)
• f439624 tarball: detect symlink cycles in extractFileFromTar (#2232)
• 400c263 mutate: reject path traversal and symlink escape in Extract (#2227)
• 47eedc9 Bump goreleaser/goreleaser-action in the actions group (#2220)
• be0a845 Bump the go-deps group across 4 directories with 7 updates (#2233)
• e916301 migrate to github.com/moby/moby modules (#2228)
• 8b2478e Adds local file support to the crane index subcommand (#2223)
• See full diff in compare view

Updates github.com/klauspost/compress from 1.18.4 to 1.18.5

Release notes

Sourced from github.com/klauspost/compress's releases.

v1.18.5

What's Changed

• zstd: Fix crash when changing encoder dictionary with same ID by @​klauspost in klauspost/compress#1135
• zstd: Default to full zero frames by @​klauspost in klauspost/compress#1134
• flate: Clean up histogram order by @​klauspost in klauspost/compress#1133

Full Changelog: klauspost/compress@v1.18.4...v1.18.5

Commits

• c5e0077 zstd: Fix encoder changing dictionary with same ID (#1135)
• fd3f23e zstd: Default to full zero frames (#1134)
• 8233c58 flate: Clean up histogram order (#1133)
• bcf0d12 build(deps): bump the github-actions group with 3 updates (#1132)
• cf758fe ci: Upgrade Go versions, clean up (#1130)
• 77cc520 Add v1.18.4
• See full diff in compare view

Updates github.com/paketo-buildpacks/packit/v2 from 2.25.4 to 2.25.5

Release notes

Sourced from github.com/paketo-buildpacks/packit/v2's releases.

v2.25.5

What's Changed

• Bump github.com/anchore/syft from 1.40.0 to 1.40.1 by @​dependabot[bot] in paketo-buildpacks/packit#729
• Bump modernc.org/sqlite from 1.44.0 to 1.44.1 by @​dependabot[bot] in paketo-buildpacks/packit#730
• Bump modernc.org/sqlite from 1.44.1 to 1.44.2 by @​dependabot[bot] in paketo-buildpacks/packit#732
• Updates go mod version to 1.25.6 by @​paketo-bot in paketo-buildpacks/packit#731
• Bump modernc.org/sqlite from 1.44.2 to 1.44.3 by @​dependabot[bot] in paketo-buildpacks/packit#733
• Bump github.com/anchore/syft from 1.40.1 to 1.41.0 by @​dependabot[bot] in paketo-buildpacks/packit#734
• Bump github.com/onsi/gomega from 1.39.0 to 1.39.1 by @​dependabot[bot] in paketo-buildpacks/packit#735
• Bump github.com/anchore/syft from 1.41.0 to 1.41.1 by @​dependabot[bot] in paketo-buildpacks/packit#736
• Bump github.com/gabriel-vasile/mimetype from 1.4.12 to 1.4.13 by @​dependabot[bot] in paketo-buildpacks/packit#737
• Updates go mod version to 1.25.7 by @​paketo-bot in paketo-buildpacks/packit#739
• Bump github.com/anchore/syft from 1.41.1 to 1.41.2 by @​dependabot[bot] in paketo-buildpacks/packit#738
• Bump modernc.org/sqlite from 1.44.3 to 1.45.0 by @​dependabot[bot] in paketo-buildpacks/packit#741
• Bump github.com/go-git/go-git/v5 from 5.16.4 to 5.16.5 by @​dependabot[bot] in paketo-buildpacks/packit#740
• Bump github.com/anchore/syft from 1.41.2 to 1.42.0 by @​dependabot[bot] in paketo-buildpacks/packit#742
• Updates go mod version to 1.26.0 by @​paketo-bot in paketo-buildpacks/packit#743
• Bump modernc.org/sqlite from 1.45.0 to 1.46.0 by @​dependabot[bot] in paketo-buildpacks/packit#744
• Bump modernc.org/sqlite from 1.46.0 to 1.46.1 by @​dependabot[bot] in paketo-buildpacks/packit#745
• Bump github.com/anchore/syft from 1.42.0 to 1.42.1 by @​dependabot[bot] in paketo-buildpacks/packit#746
• Bump github.com/cloudflare/circl from 1.6.1 to 1.6.3 by @​dependabot[bot] in paketo-buildpacks/packit#747
• Bump go.opentelemetry.io/otel/sdk from 1.39.0 to 1.40.0 by @​dependabot[bot] in paketo-buildpacks/packit#748
• Bump github.com/anchore/syft from 1.42.1 to 1.42.2 by @​dependabot[bot] in paketo-buildpacks/packit#751
• Bump modernc.org/sqlite from 1.46.1 to 1.46.2 by @​dependabot[bot] in paketo-buildpacks/packit#752
• Bump modernc.org/sqlite from 1.46.2 to 1.47.0 by @​dependabot[bot] in paketo-buildpacks/packit#753
• Structure re-usability for the extension by @​pacostas in paketo-buildpacks/packit#754
• Updates github-config by @​paketo-bot in paketo-buildpacks/packit#749
• Updates go mod version to 1.26.1 by @​paketo-bot in paketo-buildpacks/packit#750

Full Changelog: paketo-buildpacks/packit@v2.25.4...v2.25.5

Commits

• 388f655 Updates go mod version to 1.26.1
• ec5163e Updating github-config
• 1ed4352 Structure re-usability for the extension (#754)
• 1178810 Bump modernc.org/sqlite from 1.46.2 to 1.47.0
• dc41ad0 Bump modernc.org/sqlite from 1.46.1 to 1.46.2
• 66b11fa Bump github.com/anchore/syft from 1.42.1 to 1.42.2
• 0172ef8 Bump go.opentelemetry.io/otel/sdk from 1.39.0 to 1.40.0
• f3c1964 Bump github.com/cloudflare/circl from 1.6.1 to 1.6.3
• 82aea99 Bump github.com/anchore/syft from 1.42.0 to 1.42.1
• e16f8b8 Bump modernc.org/sqlite from 1.46.0 to 1.46.1
• Additional commits viewable in compare view

Updates google.golang.org/grpc from 1.79.2 to 1.79.3

Release notes

Sourced from google.golang.org/grpc's releases.

Release 1.79.3

Security

• server: fix an authorization bypass where malformed :path headers (missing the leading slash) could bypass path-based restricted "deny" rules in interceptors like grpc/authz. Any request with a non-canonical path is now immediately rejected with an Unimplemented error. (#8981)

Commits

• dda86db Change version to 1.79.3 (#8983)
• 72186f1 grpc: enforce strict path checking for incoming requests on the server (#8981)
• 97ca352 Changing version to 1.79.3-dev (#8954)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions