Bump the go-modules group across 1 directory with 11 updates #894

dependabot · 2025-10-08T10:05:36Z

Bumps the go-modules group with 10 updates in the / directory:

Package	From	To
github.com/paketo-buildpacks/packit/v2	`2.25.1`	`2.25.2`
github.com/aws/aws-sdk-go-v2/service/internal/checksum	`1.8.9`	`1.9.0`
github.com/aws/aws-sdk-go-v2/service/s3	`1.88.3`	`1.88.4`
github.com/go-git/go-git/v5	`5.16.2`	`5.16.3`
github.com/go-jose/go-jose/v4	`4.1.2`	`4.1.3`
github.com/nwaples/rardecode/v2	`2.1.1`	`2.2.0`
github.com/skeema/knownhosts	`1.3.1`	`1.3.2`
golang.org/x/net	`0.44.0`	`0.45.0`
google.golang.org/api	`0.251.0`	`0.252.0`
google.golang.org/grpc	`1.75.1`	`1.76.0`

Updates github.com/paketo-buildpacks/packit/v2 from 2.25.1 to 2.25.2

Release notes

Sourced from github.com/paketo-buildpacks/packit/v2's releases.

v2.25.2

What's Changed

Reverting commit with additional logging data by @pacostas in paketo-buildpacks/packit#693

Full Changelog: paketo-buildpacks/packit@v2.25.1...v2.25.2

Commits

65b2869 fix: reverting loging with additional data (#693)
See full diff in compare view

Updates github.com/aws/aws-sdk-go-v2/service/internal/checksum from 1.8.9 to 1.9.0

Changelog

Sourced from github.com/aws/aws-sdk-go-v2/service/internal/checksum's changelog.

Release (2021-08-27)

General Highlights

Feature: Updated github.com/aws/smithy-go to latest version

Dependency Update: Updated to the latest SDK module versions

Module Highlights

github.com/aws/aws-sdk-go-v2/credentials: v1.4.0

Feature: Adds support for Tags and TransitiveTagKeys to stscreds.AssumeRoleProvider. Closes aws/aws-sdk-go-v2#723

github.com/aws/aws-sdk-go-v2/feature/dynamodb/attributevalue: v1.2.0

Bug Fix: Fix unmarshaler's decoding of AttributeValueMemberN into a type that is a string alias.

github.com/aws/aws-sdk-go-v2/service/acmpca: v1.7.0

Feature: Updated API model to latest revision.

github.com/aws/aws-sdk-go-v2/service/amplify: v1.5.0

Feature: Updated API model to latest revision.

github.com/aws/aws-sdk-go-v2/service/amplifybackend: v1.4.0

Feature: Updated API model to latest revision.

github.com/aws/aws-sdk-go-v2/service/apigateway: v1.7.0

Feature: Updated API model to latest revision.

github.com/aws/aws-sdk-go-v2/service/apigatewaymanagementapi: v1.4.0

Feature: Updated API model to latest revision.

github.com/aws/aws-sdk-go-v2/service/appflow: v1.7.0

Feature: Updated API model to latest revision.

github.com/aws/aws-sdk-go-v2/service/applicationinsights: v1.4.0

Feature: Updated API model to latest revision.

github.com/aws/aws-sdk-go-v2/service/apprunner: v1.2.0

Feature: Updated API model to latest revision.

github.com/aws/aws-sdk-go-v2/service/appstream: v1.6.0

Feature: Updated API model to latest revision.

github.com/aws/aws-sdk-go-v2/service/appsync: v1.6.0

Feature: Updated API model to latest revision.

github.com/aws/aws-sdk-go-v2/service/athena: v1.6.0

Feature: Updated API model to latest revision.

github.com/aws/aws-sdk-go-v2/service/auditmanager: v1.8.0

Feature: Updated API model to latest revision.

github.com/aws/aws-sdk-go-v2/service/autoscalingplans: v1.5.0

Feature: Updated API model to latest revision.

github.com/aws/aws-sdk-go-v2/service/backup: v1.5.0

Feature: Updated API model to latest revision.

github.com/aws/aws-sdk-go-v2/service/batch: v1.7.0

Feature: Updated API model to latest revision.

github.com/aws/aws-sdk-go-v2/service/braket: v1.6.0

Feature: Updated API model to latest revision.

github.com/aws/aws-sdk-go-v2/service/chimesdkidentity: v1.1.0

Feature: Updated API model to latest revision.

github.com/aws/aws-sdk-go-v2/service/chimesdkmessaging: v1.1.0

Feature: Updated API model to latest revision.

github.com/aws/aws-sdk-go-v2/service/cloudtrail: v1.5.0

Feature: Updated API model to latest revision.

github.com/aws/aws-sdk-go-v2/service/cloudwatchevents: v1.6.0

... (truncated)

Commits

994cb2c Release 2021-08-27
1dfe70e Update smithy-go dependency version
2687a43 Update API Models for Release (#1395)
2c11b4f feature/dynamodb/attributevalue: Fix string alias unmarshal (#1388)
3dde893 Update SDK's API client and endpoints models (#1390)
c36a061 Adds support for Tags and TransitiveTagKeys to `stscreds.AssumeRoleProvid...
3ddb4d6 Release 2021-08-19
c03ac02 API Model update (#1385)
14923fe Updates SDK for Go 1.17 (#1381)
4fa06e5 Release 2021-08-12
Additional commits viewable in compare view

Updates github.com/aws/aws-sdk-go-v2/service/s3 from 1.88.3 to 1.88.4

Commits

f64c8d0 Release 2025-10-07
2ffc161 Regenerated Clients
e08a899 Update endpoints model
a4663ff Update API model
e4a4e2d Feat checksum reuse (#3199)
e9e5d66 Release 2025-10-06
08532b4 Regenerated Clients
b7bcc01 Update API model
f382571 Release 2025-10-03
cb116e9 Regenerated Clients
Additional commits viewable in compare view

Updates github.com/go-git/go-git/v5 from 5.16.2 to 5.16.3

Release notes

Sourced from github.com/go-git/go-git/v5's releases.

v5.16.3

What's Changed

internal: Expand regex to fix build [5.x] by @baloo in go-git/go-git#1644

build: raise timeouts for windows CI tests and disable CIFuzz [5.x] by @baloo in go-git/go-git#1646

plumbing: support commits extra headers, support jujutsu signed commit [5.x] by @baloo in go-git/go-git#1633

Full Changelog: go-git/go-git@v5.16.2...v5.16.3

Commits

ad9a3a5 Merge pull request #1633 from baloo/baloo/release-5.x/jj-signed-commits
f2c3467 plumbing: support extra headers, support jujutsu signed commit [5.x]
c12263d Merge pull request #1646 from baloo/baloo/release-5.x/fixup-windows-ci
111f374 build: disable fuzzing on maintenance branch
15d46ce build: raise timeouts for windows CI tests
ce83ba1 Merge pull request #1644 from baloo/baloo/release-5.x/fixup-build
b486201 internal: Expand regex to fix build
See full diff in compare view

Updates github.com/go-jose/go-jose/v4 from 4.1.2 to 4.1.3

Release notes

Sourced from github.com/go-jose/go-jose/v4's releases.

v4.1.3

This release drops Go 1.23 support as that Go release is no longer supported. With that, we can drop x/crypto and no longer have any external dependencies in go-jose outside of the standard library!

This release fixes a bug where a critical b64 header was ignored if in an unprotected header. It is now rejected instead of ignored.

What's Changed

Remove Go 1.23 support by @mcpherrinm in go-jose/go-jose#205

Reject JWS with an unprotected critical b64 header by @mcpherrinm in go-jose/go-jose#210

Full Changelog: go-jose/go-jose@v4.1.2...v4.1.3

Commits

5348b9a Reject JWS with an unprotected critical b64 header (#210)
9153a5e Bump actions/setup-python from 5 to 6 (#208)
2126e17 Bump actions/setup-go from 5 to 6 (#209)
9860c65 Bump actions/checkout from 4 to 5 (#206)
14239fd Remove Go 1.23 support (#205)
a16e158 Update CI to run on Go 1.24 and 1.25 (#204)
See full diff in compare view

Updates github.com/nwaples/rardecode/v2 from 2.1.1 to 2.2.0

Commits

52fb4e8 allow max dictionary size to be set, with default now at 4GB
9f4b0d1 dont let the dictionary be larger than the unpacked file size
153fdf5 Merge pull request #47 from nwaples/bytereader
3f140e5 document RarFS methods
b4fc922 change os.FileMode to fs.FileMode
edb01e7 add Seek support for uncompressed files
710bda2 add initial Seek support for limitedReader
9deacfb save offset in packetFileReader
4f0a750 change limitedReader to save offset internally
1c32663 split volume into readerVolume and fileVolume
Additional commits viewable in compare view

Updates github.com/skeema/knownhosts from 1.3.1 to 1.3.2

Commits

b9f50b4 ci: use Go 1.24 as per minimum in go.mod
3e58378 update golang.org/x/crypto to v0.42.0; revise IPv6 logic
5b6f59f tests: fix test logic for x/crypto 0.37.0 change
eef7455 update dependency golang.org/x/crypto to v0.39.0
e3098ef update dependency golang.org/x/crypto to v0.36.0
c884d65 ci: add govulncheck; pin goveralls version; use Go 1.23
a8761da comments: update to reflect golang.org/x/crypto/ssh/knownhosts change
See full diff in compare view

Updates golang.org/x/net from 0.44.0 to 0.45.0

Commits

59706cd html: impose open element stack size limit
6ec8895 html: align in row insertion mode with spec
5393563 http2: fix RFC 9218 write scheduler not being idempotent
b2ab371 internal/httpsfv: implement parsing support for date and display string
edb764c internal/httpsfv: add parsing functionality for types defined in RFC 8941
fbba2c2 internal/httpsfv: add support for consuming Display String and Date type
47a241f http2: make the error channel pool per-Server
51f657b webdav/internal/xml: use the built-in min function
f2e909b internal/httpsfv: implement parsing support for Dictionary and List type.
7d8cfce internal/httpsfv: add support for Bare Inner List and Item type.
Additional commits viewable in compare view

Updates google.golang.org/api from 0.251.0 to 0.252.0

Release notes

Sourced from google.golang.org/api's releases.

v0.252.0

0.252.0 (2025-10-07)

Features

all: Auto-regenerate discovery clients (#3326) (c992545)

all: Auto-regenerate discovery clients (#3328) (b9b915b)

all: Auto-regenerate discovery clients (#3330) (fcb7723)

all: Auto-regenerate discovery clients (#3331) (a67f44d)

all: Auto-regenerate discovery clients (#3332) (b9890fc)

all: Auto-regenerate discovery clients (#3334) (163216d)

all: Auto-regenerate discovery clients (#3336) (2c4dd78)

Changelog

Sourced from google.golang.org/api's changelog.

0.252.0 (2025-10-07)

Features

all: Auto-regenerate discovery clients (#3326) (c992545)

all: Auto-regenerate discovery clients (#3328) (b9b915b)

all: Auto-regenerate discovery clients (#3330) (fcb7723)

all: Auto-regenerate discovery clients (#3331) (a67f44d)

all: Auto-regenerate discovery clients (#3332) (b9890fc)

all: Auto-regenerate discovery clients (#3334) (163216d)

all: Auto-regenerate discovery clients (#3336) (2c4dd78)

Commits

88c288c chore(main): release 0.252.0 (#3327)
2c4dd78 feat(all): auto-regenerate discovery clients (#3336)
ceff1a1 chore(all): update all (#3333)
163216d feat(all): auto-regenerate discovery clients (#3334)
b9890fc feat(all): auto-regenerate discovery clients (#3332)
a67f44d feat(all): auto-regenerate discovery clients (#3331)
4312741 chore: update CODEOWNERS, remove blunderbuss (#3329)
fcb7723 feat(all): auto-regenerate discovery clients (#3330)
b9b915b feat(all): auto-regenerate discovery clients (#3328)
c992545 feat(all): auto-regenerate discovery clients (#3326)
See full diff in compare view

Updates google.golang.org/genproto/googleapis/rpc from 0.0.0-20250929231259-57b25ae835d4 to 0.0.0-20251002232023-7c0ddcbb5797

Commits

See full diff in compare view

Updates google.golang.org/grpc from 1.75.1 to 1.76.0

Release notes

Sourced from google.golang.org/grpc's releases.

Release 1.76.0

Dependencies

Minimum supported Go version is now 1.24 (#8509)

Special Thanks: @kevinGC

Bug Fixes

client: Return status INTERNAL when a server sends zero response messages for a unary or client-streaming RPC. (#8523)

client: Fail RPCs with status INTERNAL instead of UNKNOWN upon receiving http headers with status 1xx and END_STREAM flag set. (#8518)

Special Thanks: @vinothkumarr227

pick_first: Fix race condition that could cause pick_first to get stuck in IDLE state on backend address change. (#8615)

New Features

credentials: Add credentials/jwt package providing file-based JWT PerRPCCredentials (A97). (#8431)

Special Thanks: @dimpavloff

Performance Improvements

client: Improve HTTP/2 header size estimate to reduce re-allocations. (#8547)

encoding/proto: Avoid redundant message size calculation when marshaling. (#8569)

Special Thanks: @rs-unity

Commits

d96c2ef Change version to 1.76.0 (#8584)
79c553c Cherry pick #8610, #8615 to v1.76.x (#8621)
0513350 client: minor improvements to log messages (#8564)
ebaf486 credentials: implement file-based JWT Call Credentials (part 1 for A97) (#8431)
ca78c90 xds/resolver_test: fix flaky test ResolverBadServiceUpdate_NACKedWithoutCache...
83bead4 internal/buffer: set closed flag when closing channel in the Load method (#8575)
0f45079 encoding/proto: enable use cached size option (#8569)
8420f3f transport: avoid slice reallocation during header creation (#8547)
b36320e Revert "stats/opentelemetry: record retry attempts from clientStream (#8342)"...
c122250 stats/opentelemetry: record retry attempts from clientStream (#8342)
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the go-modules group with 10 updates in the / directory: | Package | From | To | | --- | --- | --- | | [github.com/paketo-buildpacks/packit/v2](https://github.com/paketo-buildpacks/packit) | `2.25.1` | `2.25.2` | | [github.com/aws/aws-sdk-go-v2/service/internal/checksum](https://github.com/aws/aws-sdk-go-v2) | `1.8.9` | `1.9.0` | | [github.com/aws/aws-sdk-go-v2/service/s3](https://github.com/aws/aws-sdk-go-v2) | `1.88.3` | `1.88.4` | | [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) | `5.16.2` | `5.16.3` | | [github.com/go-jose/go-jose/v4](https://github.com/go-jose/go-jose) | `4.1.2` | `4.1.3` | | [github.com/nwaples/rardecode/v2](https://github.com/nwaples/rardecode) | `2.1.1` | `2.2.0` | | [github.com/skeema/knownhosts](https://github.com/skeema/knownhosts) | `1.3.1` | `1.3.2` | | [golang.org/x/net](https://github.com/golang/net) | `0.44.0` | `0.45.0` | | [google.golang.org/api](https://github.com/googleapis/google-api-go-client) | `0.251.0` | `0.252.0` | | [google.golang.org/grpc](https://github.com/grpc/grpc-go) | `1.75.1` | `1.76.0` | Updates `github.com/paketo-buildpacks/packit/v2` from 2.25.1 to 2.25.2 - [Release notes](https://github.com/paketo-buildpacks/packit/releases) - [Commits](paketo-buildpacks/packit@v2.25.1...v2.25.2) Updates `github.com/aws/aws-sdk-go-v2/service/internal/checksum` from 1.8.9 to 1.9.0 - [Release notes](https://github.com/aws/aws-sdk-go-v2/releases) - [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/v1.9.0/CHANGELOG.md) - [Commits](aws/aws-sdk-go-v2@service/tnb/v1.8.9...v1.9.0) Updates `github.com/aws/aws-sdk-go-v2/service/s3` from 1.88.3 to 1.88.4 - [Release notes](https://github.com/aws/aws-sdk-go-v2/releases) - [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/changelog-template.json) - [Commits](aws/aws-sdk-go-v2@service/s3/v1.88.3...service/s3/v1.88.4) Updates `github.com/go-git/go-git/v5` from 5.16.2 to 5.16.3 - [Release notes](https://github.com/go-git/go-git/releases) - [Commits](go-git/go-git@v5.16.2...v5.16.3) Updates `github.com/go-jose/go-jose/v4` from 4.1.2 to 4.1.3 - [Release notes](https://github.com/go-jose/go-jose/releases) - [Commits](go-jose/go-jose@v4.1.2...v4.1.3) Updates `github.com/nwaples/rardecode/v2` from 2.1.1 to 2.2.0 - [Commits](nwaples/rardecode@v2.1.1...v2.2.0) Updates `github.com/skeema/knownhosts` from 1.3.1 to 1.3.2 - [Commits](skeema/knownhosts@v1.3.1...v1.3.2) Updates `golang.org/x/net` from 0.44.0 to 0.45.0 - [Commits](golang/net@v0.44.0...v0.45.0) Updates `google.golang.org/api` from 0.251.0 to 0.252.0 - [Release notes](https://github.com/googleapis/google-api-go-client/releases) - [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md) - [Commits](googleapis/google-api-go-client@v0.251.0...v0.252.0) Updates `google.golang.org/genproto/googleapis/rpc` from 0.0.0-20250929231259-57b25ae835d4 to 0.0.0-20251002232023-7c0ddcbb5797 - [Commits](https://github.com/googleapis/go-genproto/commits) Updates `google.golang.org/grpc` from 1.75.1 to 1.76.0 - [Release notes](https://github.com/grpc/grpc-go/releases) - [Commits](grpc/grpc-go@v1.75.1...v1.76.0) --- updated-dependencies: - dependency-name: github.com/paketo-buildpacks/packit/v2 dependency-version: 2.25.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go-modules - dependency-name: github.com/aws/aws-sdk-go-v2/service/internal/checksum dependency-version: 1.9.0 dependency-type: indirect update-type: version-update:semver-minor dependency-group: go-modules - dependency-name: github.com/aws/aws-sdk-go-v2/service/s3 dependency-version: 1.88.4 dependency-type: indirect update-type: version-update:semver-patch dependency-group: go-modules - dependency-name: github.com/go-git/go-git/v5 dependency-version: 5.16.3 dependency-type: indirect update-type: version-update:semver-patch dependency-group: go-modules - dependency-name: github.com/go-jose/go-jose/v4 dependency-version: 4.1.3 dependency-type: indirect update-type: version-update:semver-patch dependency-group: go-modules - dependency-name: github.com/nwaples/rardecode/v2 dependency-version: 2.2.0 dependency-type: indirect update-type: version-update:semver-minor dependency-group: go-modules - dependency-name: github.com/skeema/knownhosts dependency-version: 1.3.2 dependency-type: indirect update-type: version-update:semver-patch dependency-group: go-modules - dependency-name: golang.org/x/net dependency-version: 0.45.0 dependency-type: indirect update-type: version-update:semver-minor dependency-group: go-modules - dependency-name: google.golang.org/api dependency-version: 0.252.0 dependency-type: indirect update-type: version-update:semver-minor dependency-group: go-modules - dependency-name: google.golang.org/genproto/googleapis/rpc dependency-version: 0.0.0-20251002232023-7c0ddcbb5797 dependency-type: indirect update-type: version-update:semver-patch dependency-group: go-modules - dependency-name: google.golang.org/grpc dependency-version: 1.76.0 dependency-type: indirect update-type: version-update:semver-minor dependency-group: go-modules ... Signed-off-by: dependabot[bot] <[email protected]>

dependabot · 2025-10-09T10:03:09Z

Looks like these dependencies are updatable in another way, so this is no longer needed.

dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update go code labels Oct 8, 2025

dependabot bot requested a review from a team as a code owner October 8, 2025 10:05

dependabot bot requested review from mhdawson and paketo-bot-reviewer October 8, 2025 10:05

paketo-bot added the semver:patch A change requiring a patch version bump label Oct 8, 2025

dependabot bot closed this Oct 9, 2025

dependabot bot deleted the dependabot/go_modules/go-modules-28e656843b branch October 9, 2025 10:03

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Bump the go-modules group across 1 directory with 11 updates #894

Bump the go-modules group across 1 directory with 11 updates #894

Uh oh!

dependabot bot commented on behalf of github Oct 8, 2025 •

edited

Loading

Uh oh!

dependabot bot commented on behalf of github Oct 9, 2025

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Bump the go-modules group across 1 directory with 11 updates #894

Bump the go-modules group across 1 directory with 11 updates #894

Uh oh!

Conversation

dependabot bot commented on behalf of github Oct 8, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

v2.25.2

What's Changed

Release (2021-08-27)

General Highlights

Module Highlights

v5.16.3

What's Changed

v4.1.3

What's Changed

v0.252.0

0.252.0 (2025-10-07)

Features

0.252.0 (2025-10-07)

Features

Release 1.76.0

Dependencies

Bug Fixes

New Features

Performance Improvements

Uh oh!

dependabot bot commented on behalf of github Oct 9, 2025

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

dependabot bot commented on behalf of github Oct 8, 2025 •

edited

Loading