build(deps): bump chainguard.dev/melange in the chainguard group (#1848)

dependabot[bot] · web-flow · commit 4a80fef4359e · 2026-01-29T17:45:44.000+01:00
Bumps the chainguard group with 1 update: [chainguard.dev/melange](https://github.com/chainguard-dev/melange). Updates `chainguard.dev/melange` from 0.40.0 to 0.40.2 - [Release notes](https://github.com/chainguard-dev/melange/releases) - [Changelog](https://github.com/chainguard-dev/melange/blob/main/NEWS.md) - [Commits](chainguard-dev/melange@v0.40.0...v0.40.2) --- updated-dependencies: - dependency-name: chainguard.dev/melange dependency-version: 0.40.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: chainguard ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
diff --git a/go.mod b/go.mod
@@ -12,7 +12,7 @@ replace modernc.org/sqlite v1.33.0 => modernc.org/sqlite v1.32.0
 
 require (
 	chainguard.dev/apko v1.0.5
-	chainguard.dev/melange v0.40.0
+	chainguard.dev/melange v0.40.2
 	cloud.google.com/go/storage v1.59.1
 	github.com/adrg/xdg v0.5.3
 	github.com/anchore/grype v0.104.1
@@ -181,7 +181,7 @@ require (
 	github.com/deitch/magic v0.0.0-20240306090643-c67ab88f10cb // indirect
 	github.com/diskfs/go-diskfs v1.7.0 // indirect
 	github.com/distribution/reference v0.6.0 // indirect
-	github.com/docker/cli v29.1.5+incompatible // indirect
+	github.com/docker/cli v29.2.0+incompatible // indirect
 	github.com/docker/distribution v2.8.3+incompatible // indirect
 	github.com/docker/docker v28.5.2+incompatible // indirect
 	github.com/docker/docker-credential-helpers v0.9.4 // indirect
diff --git a/go.sum b/go.sum
@@ -4,8 +4,8 @@ chainguard.dev/apko v1.0.5 h1:8FudG9/TKER72yb+g4RPrZx67hwjLMhfvED1AWUUods=
 chainguard.dev/apko v1.0.5/go.mod h1:NZypbx3cU7xLpojOpI41VF3OjTf8RyaPAiO7c3z7g6g=
 chainguard.dev/go-grpc-kit v0.17.15 h1:y+FBjta2lsC0XxlkG+W5P1VxYl0zG74GRvoYN2o+p7s=
 chainguard.dev/go-grpc-kit v0.17.15/go.mod h1:1wAVAX2CCamtFlfMs9PFzfgQQxX1/TQyF6cbWApbJ2U=
-chainguard.dev/melange v0.40.0 h1:+aRGBHGaK6e2hA+sal+t4ZALPJT/S9QDsdRj/WHPQ2Y=
-chainguard.dev/melange v0.40.0/go.mod h1:1h3+n7M0NwqEA2MvWz3fpG8YJ+Xco0FmoKP2pHmgvds=
+chainguard.dev/melange v0.40.2 h1:BLwRau6+9/geS608W96ZxMu4i+jvtwLivEybJvhTHew=
+chainguard.dev/melange v0.40.2/go.mod h1:rKhb/JgT3xPSePVmezYZMJVnp7CowauU9OsQ7rOnXKA=
 chainguard.dev/sdk v0.1.47 h1:BQEVQWj1ZnL9DNgHWcAVbj8BNNN/blAZHhbWGKSKzZI=
 chainguard.dev/sdk v0.1.47/go.mod h1:b4isqRFaCBaRuVcHUrFeaqvt3d8J9GNOMS0RAyoawXw=
 cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
@@ -378,8 +378,8 @@ github.com/djherbis/times v1.6.0 h1:w2ctJ92J8fBvWPxugmXIv7Nz7Q3iDMKNx9v5ocVH20c=
 github.com/djherbis/times v1.6.0/go.mod h1:gOHeRAz2h+VJNZ5Gmc/o7iD9k4wW7NMVqieYCY99oc0=
 github.com/dlclark/regexp2 v1.11.0 h1:G/nrcoOa7ZXlpoa/91N3X7mM3r8eIlMBBJZvsz/mxKI=
 github.com/dlclark/regexp2 v1.11.0/go.mod h1:DHkYz0B9wPfa6wondMfaivmHpzrQ3v9q8cnmRbL6yW8=
-github.com/docker/cli v29.1.5+incompatible h1:GckbANUt3j+lsnQ6eCcQd70mNSOismSHWt8vk2AX8ao=
-github.com/docker/cli v29.1.5+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
+github.com/docker/cli v29.2.0+incompatible h1:9oBd9+YM7rxjZLfyMGxjraKBKE4/nVyvVfN4qNl9XRM=
+github.com/docker/cli v29.2.0+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
 github.com/docker/distribution v2.8.3+incompatible h1:AtKxIZ36LoNK51+Z6RpzLpddBirtxJnzDrHLEKxTAYk=
 github.com/docker/distribution v2.8.3+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
 github.com/docker/docker v28.5.2+incompatible h1:DBX0Y0zAjZbSrm1uzOkdr1onVghKaftjlSWt4AFexzM=
