Skip to content

🌱 Bump github.com/go-git/go-git/v5 from 5.12.0 to 5.16.5 in /hack/tools #248

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
dependabot wants to merge 1 commit into
base: master
Choose a base branch
from
Open

🌱 Bump github.com/go-git/go-git/v5 from 5.12.0 to 5.16.5 in /hack/tools #248

dependabot wants to merge 1 commit into from

Conversation

@dependabot
Copy link

@dependabot dependabot bot commented on behalf of github Feb 10, 2026

Bumps github.com/go-git/go-git/v5 from 5.12.0 to 5.16.5.

Release notes

Sourced from github.com/go-git/go-git/v5's releases.

v5.16.5

What's Changed

Full Changelog: go-git/go-git@v5.16.4...v5.16.5

v5.16.4

What's Changed

Full Changelog: go-git/go-git@v5.16.3...v5.16.4

v5.16.3

What's Changed

Full Changelog: go-git/go-git@v5.16.2...v5.16.3

v5.16.2

What's Changed

Full Changelog: go-git/go-git@v5.16.1...v5.16.2

v5.16.1

What's Changed

New Contributors

Full Changelog: go-git/go-git@v5.16.0...v5.16.1

v5.16.0

What's Changed

... (truncated)

Commits
  • 48a1ae0 Merge pull request #1836 from go-git/check-v5
  • 42bdf1f storage: filesystem, Verify idx matches pack file
  • 4146a56 plumbing: format/idxfile, Verify idxfile's checksum
  • 63d78ec plumbing: format/packfile, Add new ErrMalformedPackFile
  • 25f1624 Merge pull request #1800 from Ch00k/no-delete-untracked-v5
  • 600fb13 git: worktree, Don't delete local untracked files when resetting worktree
  • 390a569 Merge pull request #1746 from pjbgf/bump-go
  • 61c8b85 build: Bump Go test versions to 1.23-1.25 (v5)
  • e5a05ec Merge pull request #1744 from go-git/renovate/releases/v5.x-go-golang.org-x-c...
  • 1495930 plumbing: Remove use of non-constant format strings
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
🌱 Bump github.com/go-git/go-git/v5 in /hack/tools
78d21bf 
Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) from 5.12.0 to 5.16.5.
- [Release notes](https://github.com/go-git/go-git/releases)
- [Commits](go-git/go-git@v5.12.0...v5.16.5)

---
updated-dependencies:
- dependency-name: github.com/go-git/go-git/v5
  dependency-version: 5.16.5
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot @github
Copy link
Author

dependabot bot commented on behalf of github Feb 10, 2026

Labels

The following labels could not be found: area/dependency. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

@spectro-prow
Copy link

spectro-prow commented Feb 10, 2026

Hi @dependabot[bot]. Thanks for your PR.

I'm waiting for a spectrocloud member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@spectro-prow
Copy link

spectro-prow commented Feb 10, 2026

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: dependabot[bot]
To complete the pull request process, please assign after the PR has been reviewed.
You can assign the PR to them by writing /assign in a comment when ready.

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

bulwark-spectrocloud[bot]
bulwark-spectrocloud bot requested changes Feb 10, 2026
View reviewed changes
Copy link

@bulwark-spectrocloud bulwark-spectrocloud bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ GoVulnCheck scan found vulnerabilities:

  1. GO-2025-3754
    • Module: github.com/cloudflare/circl
    • Found in: v1.3.7
    • Fixed in: v1.6.1
    • Example Traces:
      1. cmd/clusterctl/internal/test/fake_github.go:24:2: test.init calls github.init, which eventually calls ed25519.init
      2. cmd/clusterctl/internal/test/fake_github.go:24:2: test.init calls github.init, which eventually calls ecc.init
      3. cmd/clusterctl/internal/test/fake_github.go:24:2: test.init calls github.init, which eventually calls ed25519.init
      4. cmd/clusterctl/internal/test/fake_github.go:24:2: test.init calls github.init, which eventually calls goldilocks.init
      5. cmd/clusterctl/internal/test/fake_github.go:24:2: test.init calls github.init, which eventually calls ed448.init

Please review these findings and fix the issues before merging.

bulwark-spectrocloud[bot]
bulwark-spectrocloud bot requested changes Feb 10, 2026
View reviewed changes
Copy link

@bulwark-spectrocloud bulwark-spectrocloud bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ GoSec scan found code issues:

  1. G115: integer overflow conversion int64 -> int32, Severity: HIGH
      1. File: /home/runner/_work/bulwark/bulwark/target-repo/internal/controllers/cluster/cluster_controller_status.go:107:63
      1. File: /home/runner/_work/bulwark/bulwark/target-repo/internal/controllers/cluster/cluster_controller_status.go:104:70
      1. File: /home/runner/_work/bulwark/bulwark/target-repo/internal/contract/types.go:129:22
      1. File: /home/runner/_work/bulwark/bulwark/target-repo/internal/test/envtest/environment.go:93:47
      1. File: /home/runner/_work/bulwark/bulwark/target-repo/internal/controllers/machineset/machineset_controller_status.go:189:26
      1. File: /home/runner/_work/bulwark/bulwark/target-repo/internal/controllers/machineset/machineset_controller_status.go:123:26
      1. File: /home/runner/_work/bulwark/bulwark/target-repo/internal/controllers/machineset/machineset_controller.go:1214:37
      1. File: /home/runner/_work/bulwark/bulwark/target-repo/internal/controllers/machineset/machineset_controller.go:1213:33
      1. File: /home/runner/_work/bulwark/bulwark/target-repo/internal/controllers/machineset/machineset_controller.go:1212:40
      1. File: /home/runner/_work/bulwark/bulwark/target-repo/internal/controllers/machineset/machineset_controller.go:1211:28
      1. File: /home/runner/_work/bulwark/bulwark/target-repo/internal/controllers/machinehealthcheck/machinehealthcheck_controller.go:678:26
      1. File: /home/runner/_work/bulwark/bulwark/target-repo/internal/controllers/machinehealthcheck/machinehealthcheck_controller.go:666:27
      1. File: /home/runner/_work/bulwark/bulwark/target-repo/internal/controllers/machinehealthcheck/machinehealthcheck_controller.go:241:33
      1. File: /home/runner/_work/bulwark/bulwark/target-repo/internal/controllers/machinehealthcheck/machinehealthcheck_controller.go:226:35
      1. File: /home/runner/_work/bulwark/bulwark/target-repo/internal/controllers/machinedeployment/mdutil/util.go:726:14
    • ... (truncated), run gosec locally to capture all failure for the rule G115
  2. G404: Use of weak random number generator (math/rand or math/rand/v2 instead of crypto/rand), Severity: HIGH
      1. File: /home/runner/_work/bulwark/bulwark/target-repo/util/util.go:61:8
      1. File: /home/runner/_work/bulwark/bulwark/target-repo/util/conversion/conversion.go:160:18
      1. File: /home/runner/_work/bulwark/bulwark/target-repo/test/infrastructure/inmemory/internal/controllers/inmemorymachine_controller.go:616:43
      1. File: /home/runner/_work/bulwark/bulwark/target-repo/test/infrastructure/inmemory/internal/controllers/inmemorymachine_controller.go:478:33
      1. File: /home/runner/_work/bulwark/bulwark/target-repo/test/infrastructure/inmemory/internal/controllers/inmemorymachine_controller.go:468:40
      1. File: /home/runner/_work/bulwark/bulwark/target-repo/test/infrastructure/inmemory/internal/controllers/inmemorymachine_controller.go:411:43
      1. File: /home/runner/_work/bulwark/bulwark/target-repo/test/infrastructure/inmemory/internal/controllers/inmemorymachine_controller.go:307:43
      1. File: /home/runner/_work/bulwark/bulwark/target-repo/test/infrastructure/inmemory/internal/controllers/inmemorymachine_controller.go:269:43
      1. File: /home/runner/_work/bulwark/bulwark/target-repo/test/infrastructure/docker/exp/internal/controllers/dockermachinepool_controller_phases.go:95:18
      1. File: /home/runner/_work/bulwark/bulwark/target-repo/test/framework/machinedeployment_helpers.go:379:100
      1. File: /home/runner/_work/bulwark/bulwark/target-repo/test/framework/machinedeployment_helpers.go:378:96
      1. File: /home/runner/_work/bulwark/bulwark/target-repo/test/framework/machinedeployment_helpers.go:377:93
      1. File: /home/runner/_work/bulwark/bulwark/target-repo/test/e2e/clusterclass_rollout.go:226:46
      1. File: /home/runner/_work/bulwark/bulwark/target-repo/test/e2e/clusterclass_rollout.go:225:81
      1. File: /home/runner/_work/bulwark/bulwark/target-repo/test/e2e/clusterclass_rollout.go:224:77
    • ... (truncated), run gosec locally to capture all failure for the rule G404
  3. G402: TLS InsecureSkipVerify set true., Severity: HIGH
      1. File: /home/runner/_work/bulwark/bulwark/target-repo/test/infrastructure/inmemory/pkg/server/mux.go:466:24
      1. File: /home/runner/_work/bulwark/bulwark/target-repo/controlplane/kubeadm/internal/workload_cluster.go:469:62

Please review these findings and fix the issues before merging.

@sumitmishra-spectro
Copy link

sumitmishra-spectro commented Feb 10, 2026

This PR is related to - https://spectrocloud.atlassian.net/browse/PCP-6007

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@bulwark-spectrocloud bulwark-spectrocloud[bot] bulwark-spectrocloud[bot] requested changes

Assignees

No one assigned

Labels

needs-ok-to-test ok-to-test size/L

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@spectro-prow @sumitmishra-spectro