Skip to content

Chore(deps): Bump the go-dependencies group across 1 directory with 9 updates#3553

Closed
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/go_modules/go-dependencies-0ce9c95420
Closed

Chore(deps): Bump the go-dependencies group across 1 directory with 9 updates#3553
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/go_modules/go-dependencies-0ce9c95420

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Feb 25, 2026
edited
Loading

Bumps the go-dependencies group with 4 updates in the / directory: github.com/cnabio/cnab-go, github.com/cnabio/cnab-to-oci, github.com/docker/buildx and github.com/google/go-containerregistry.

Updates github.com/cnabio/cnab-go from 0.26.0 to 0.26.1

Release notes

Sourced from github.com/cnabio/cnab-go's releases.

v0.26.1

What's Changed

Full Changelog: cnabio/cnab-go@v0.26.0...v0.26.1

Commits

Updates github.com/cnabio/cnab-to-oci from 0.5.1 to 0.5.3

Release notes

Sourced from github.com/cnabio/cnab-to-oci's releases.

v0.5.3

What's Changed

Full Changelog: cnabio/cnab-to-oci@v0.5.2...v0.5.3

v0.5.2

What's Changed

Full Changelog: cnabio/cnab-to-oci@v0.5.1...v0.5.2

Commits
  • 05a2950 Merge pull request #208 from cnabio/dependabot/go_modules/go-dependencies-eba...
  • f3df649 Bumped to go 1.25
  • b5ff231 Bump github.com/cnabio/cnab-go in the go-dependencies group
  • c257296 Merge pull request #207 from cnabio/dependabot/go_modules/go-dependencies-bab...
  • 65adc1f Bump the go-dependencies group with 3 updates
  • 31c4f61 Merge pull request #206 from cnabio/dependabot/go_modules/go-dependencies-6d5...
  • 7d99ec6 Bump github.com/docker/cli in the go-dependencies group
  • 0196238 Merge pull request #205 from cnabio/dependabot/go_modules/go-dependencies-d5e...
  • fb3a3a9 Bump github.com/containerd/containerd in the go-dependencies group
  • b2bc6f1 Merge pull request #204 from cnabio/dependabot/go_modules/go-dependencies-7e8...
  • Additional commits viewable in compare view

Updates github.com/cnabio/image-relocation from 0.9.1 to 0.9.2

Release notes

Sourced from github.com/cnabio/image-relocation's releases.

v0.9.2

What's Changed

New Contributors

Full Changelog: cnabio/image-relocation@v0.9.1...v0.9.2

Commits
  • 27face6 Merge pull request #17 from cnabio/dependabot/github_actions/actions/setup-go-6
  • 97ffc0a Merge pull request #16 from cnabio/dependabot/github_actions/actions/checkout-6
  • f563986 Merge pull request #15 from cnabio/dependabot/github_actions/actions/cache-4
  • 7babefd Merge pull request #14 from cnabio/dependabot/github_actions/codecov/codecov-...
  • 567d7c4 Bump actions/setup-go from 3 to 6
  • 6f4b254 Bump actions/checkout from 3 to 6
  • a941ed4 Bump actions/cache from 3 to 4
  • 154e292 Bump codecov/codecov-action from 3 to 5
  • 102822f Merge pull request #13 from dgannon991/chore/bump-deps-and-introduce-dependabot
  • 4fb00bf Introduced dependabot and set a good baseline
  • See full diff in compare view

Updates github.com/containerd/containerd from 1.7.29 to 1.7.30

Release notes

Sourced from github.com/containerd/containerd's releases.

containerd 1.7.30

Welcome to the v1.7.30 release of containerd!

The thirtieth patch release for containerd 1.7 contains various fixes and updates.

Highlights

Container Runtime Interface (CRI)

  • Fix NRI dropping requested CDI devices silently (#12650)
  • Redact all query parameters in CRI error logs (#12551)

Runtime

  • Update runc binary to v1.3.4 (#12619)

Please try out the release binaries and report any issues at https://github.com/containerd/containerd/issues.

Contributors

  • Derek McGowan
  • Akihiro Suda
  • Austin Vazquez
  • Mike Brown
  • Wei Fu
  • Andrey Noskov
  • CrazyMax
  • Davanum Srinivas
  • Jin Dong
  • Krisztian Litkey
  • Maksym Pavlenko
  • Paweł Gronowski
  • Phil Estes
  • Samuel Karp

Changes

  • Prepare release notes for v1.7.30 (#12652)
    • 3d0ca6d2e Prepare release notes for v1.7.30
  • Fix NRI dropping requested CDI devices silently (#12650)
    • 0bc74f47e cri,nri: don't drop requested CDI devices silently.
  • script/setup/install-cni: install CNI plugins v1.9.0 (#12660)
    • 7db16b562 script/setup/install-cni: install CNI plugins v1.9.0
  • go.mod: golang.org/x/crypto v0.45.0 (drop support for Go 1.23) (#12640)

... (truncated)

Commits
  • 71c1c86 Merge pull request #12652 from dmcgowan/prepare-1.7.30
  • 3d0ca6d Prepare release notes for v1.7.30
  • a8ce78b Merge pull request #12650 from klihub/fixes/1.7.x/nri-cdi-device-injection
  • ba2b3a2 Merge pull request #12660 from AkihiroSuda/cni-1.9.0-1.7
  • 0bc74f4 cri,nri: don't drop requested CDI devices silently.
  • 7db16b5 script/setup/install-cni: install CNI plugins v1.9.0
  • 3b655c2 Merge pull request #12640 from AkihiroSuda/dev-1.7
  • bca897b go.mod: golang.org/x/crypto v0.45.0
  • 37cbd22 CI: drop Go 1.23
  • ee49d17 Update Go requirements in BUILDING
  • Additional commits viewable in compare view

Updates github.com/docker/buildx from 0.30.1 to 0.31.1

Release notes

Sourced from github.com/docker/buildx's releases.

v0.31.1

buildx 0.31.1

Welcome to the v0.31.1 release of buildx!

Please try out the release binaries and report any issues at https://github.com/docker/buildx/issues.

Contributors

  • Tõnis Tiigi

Notable Changes

  • Fix excessive HTTP requests when using buildx imagetools create command #3632

Dependency Changes

This release has no dependency changes

Previous release can be found at v0.31.0

v0.31.0

buildx 0.31.0

Welcome to the v0.31.0 release of buildx!

Please try out the release binaries and report any issues at https://github.com/docker/buildx/issues.

Contributors

  • Tõnis Tiigi
  • CrazyMax
  • Sebastiaan van Stijn
  • Jonathan A. Sternberg
  • Justin Chadwell
  • Akihiro Suda
  • Brian Goff
  • David Karlsson
  • Paweł Gronowski
  • Sergei Khomenkov
  • guimove

Notable Changes

... (truncated)

Commits
  • a267595 Merge pull request #3632 from tonistiigi/v0.31.1-picks
  • 3fba856 imagetools: avoid pushing to same repo in parallel
  • d841330 imagetools: avoid trying to load attestations inline references
  • 95e1563 imagetools: fix excessive copies on create command
  • 44945d7 Merge pull request #3621 from tonistiigi/vendor-buildkit-v0.27
  • 08e5e8e vendor: update buildkit to v0.27.0
  • 79763c6 Merge pull request #3616 from thaJeztah/bump_cli
  • 0d343ef vendor: github.com/docker/cli v29.1.5
  • 9c33ef3 Merge pull request #3612 from tonistiigi/dhi-auth
  • 9567f7f Merge pull request #3614 from tonistiigi/policy-json-stub
  • Additional commits viewable in compare view

Updates github.com/docker/cli from 28.5.2+incompatible to 29.1.5+incompatible

Commits
  • 0e6fee6 Merge pull request #6698 from thaJeztah/inline_parseWindowsDevice
  • 88be588 Merge pull request #6709 from vvoland/img-list-all-doc
  • f7ddc8a docs: Update --all flag description to clarify it shows dangling images
  • 00e23cf Merge pull request #6706 from docker/dependabot/github_actions/actions/upload...
  • 4d7a8b0 build(deps): bump actions/upload-artifact from 5 to 6
  • f52814d Merge pull request #6705 from vvoland/list-fix
  • 0f03c31 image/list: Fix dangling=false handling
  • 1e25906 cli/tree: Remove unused all field
  • 4d6fc33 Merge pull request #6704 from vvoland/list-fix
  • 09a4664 image/tree: Add golden test
  • Additional commits viewable in compare view

Updates github.com/google/go-containerregistry from 0.20.6 to 0.21.1

Release notes

Sourced from github.com/google/go-containerregistry's releases.

v0.21.1

This release fixes a regression in crane introduced in the previous release.

What's Changed

New Contributors

Full Changelog: google/go-containerregistry@v0.21.0...v0.21.1

v0.21.0

This release updates the minimum Go version to 1.25.6.

What's Changed

New Contributors

Full Changelog: google/go-containerregistry@v0.20.7...v0.21.0

v0.20.7

What's Changed

New Contributors

... (truncated)

Commits

Updates github.com/moby/buildkit from 0.26.1 to 0.27.0

Release notes

Sourced from github.com/moby/buildkit's releases.

v0.27.0

buildkit 0.27.0

Welcome to the v0.27.0 release of buildkit!

Please try out the release binaries and report any issues at https://github.com/moby/buildkit/issues.

Contributors

  • Tõnis Tiigi
  • CrazyMax
  • Akihiro Suda
  • Sebastiaan van Stijn
  • Justin Chadwell
  • Jonathan A. Sternberg
  • David Karlsson
  • Dawei Wei
  • Natnael Gebremariam
  • Aleksandr Karpinskii
  • Amr Mahdi
  • Brian Goff
  • Joyal George K J
  • Matt Coster
  • Roberto Villarreal
  • Rodolfo Carvalho
  • Silvin Lubecki
  • Tiger Kaovilai

Notable Changes

  • Built-in Dockerfile frontend has been updated to v1.21.0
  • This is a first version of BuildKit with signed release images and artifacts built using Docker Github Builder
  • Allow convert decisions from Session Source Policy implementations #6427
  • Github Cache backend now support optional signed cache that is cryptographically verified on import #6397
  • Provide a gateway interface for reading container filesystems during builds #6262
  • Push registry remote cache blobs in parallel for faster uploads #6455
  • Cache attestation chain pull-through responses for better performance #6435
  • Allow custom AuthConfig providers in client #6408
  • Surface policy deny messages in build errors #6458
  • Fix Git 2.52 support for matching some error conditions #6452
  • Expose the build reference in exporter buildinfo #6424
  • Improve expired keys handling in Git signature verification #6412
  • Cache gateway forwarder mounts and deduplicate snapshot responses #6387
  • Remove development gateway frontend options in favor of build-contexts #6350
  • Prevent status stream from closing too early by using an inactivity timeout #6396
  • Recover from history.db corruption #6371
  • Fix xattr copy failures on SELinux systems #6015

... (truncated)

Commits
  • 2bcd66d Merge pull request #6482 from tonistiigi/v0.27-picks-2
  • 6c53e9e forwarder: fix concurrent map write panic in the gateway forwarder
  • 64bc21a Merge pull request #6479 from tonistiigi/v0.27-picks
  • 6f380e6 vendor: align google.golang.org/genproto/xxx versions
  • a9c91f7 vendor: update go-actions-cache to 54bc28c2
  • b2fc80e Merge pull request #6473 from tonistiigi/attestation-index-error
  • a50e8a1 source: avoid error when attestation asked from non-index
  • faed462 Merge pull request #6464 from tonistiigi/image-attestation-lease-fix
  • 870da9c Merge pull request #6465 from thaJeztah/bump_logrus
  • 98291f1 vendor: github.com/sirupsen/logrus v1.9.4
  • Additional commits viewable in compare view

Updates k8s.io/utils from 0.0.0-20250604170112-4c0f3b243397 to 0.0.0-20251002143259-bc988d571ff4

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Chore(deps): Bump the go-dependencies group across 1 directory with 9…
7859df4 
… updates

Bumps the go-dependencies group with 4 updates in the / directory: [github.com/cnabio/cnab-go](https://github.com/cnabio/cnab-go), [github.com/cnabio/cnab-to-oci](https://github.com/cnabio/cnab-to-oci), [github.com/docker/buildx](https://github.com/docker/buildx) and [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry).


Updates `github.com/cnabio/cnab-go` from 0.26.0 to 0.26.1
- [Release notes](https://github.com/cnabio/cnab-go/releases)
- [Commits](cnabio/cnab-go@v0.26.0...v0.26.1)

Updates `github.com/cnabio/cnab-to-oci` from 0.5.1 to 0.5.3
- [Release notes](https://github.com/cnabio/cnab-to-oci/releases)
- [Commits](cnabio/cnab-to-oci@v0.5.1...v0.5.3)

Updates `github.com/cnabio/image-relocation` from 0.9.1 to 0.9.2
- [Release notes](https://github.com/cnabio/image-relocation/releases)
- [Commits](cnabio/image-relocation@v0.9.1...v0.9.2)

Updates `github.com/containerd/containerd` from 1.7.29 to 1.7.30
- [Release notes](https://github.com/containerd/containerd/releases)
- [Changelog](https://github.com/containerd/containerd/blob/main/RELEASES.md)
- [Commits](containerd/containerd@v1.7.29...v1.7.30)

Updates `github.com/docker/buildx` from 0.30.1 to 0.31.1
- [Release notes](https://github.com/docker/buildx/releases)
- [Commits](docker/buildx@v0.30.1...v0.31.1)

Updates `github.com/docker/cli` from 28.5.2+incompatible to 29.1.5+incompatible
- [Commits](docker/cli@v28.5.2...v29.1.5)

Updates `github.com/google/go-containerregistry` from 0.20.6 to 0.21.1
- [Release notes](https://github.com/google/go-containerregistry/releases)
- [Commits](google/go-containerregistry@v0.20.6...v0.21.1)

Updates `github.com/moby/buildkit` from 0.26.1 to 0.27.0
- [Release notes](https://github.com/moby/buildkit/releases)
- [Commits](moby/buildkit@v0.26.1...v0.27.0)

Updates `k8s.io/utils` from 0.0.0-20250604170112-4c0f3b243397 to 0.0.0-20251002143259-bc988d571ff4
- [Commits](https://github.com/kubernetes/utils/commits)

---
updated-dependencies:
- dependency-name: github.com/cnabio/cnab-go
  dependency-version: 0.26.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go-dependencies
- dependency-name: github.com/cnabio/cnab-to-oci
  dependency-version: 0.5.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go-dependencies
- dependency-name: github.com/cnabio/image-relocation
  dependency-version: 0.9.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go-dependencies
- dependency-name: github.com/containerd/containerd
  dependency-version: 1.7.30
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go-dependencies
- dependency-name: github.com/docker/buildx
  dependency-version: 0.31.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-dependencies
- dependency-name: github.com/docker/cli
  dependency-version: 29.1.5+incompatible
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: go-dependencies
- dependency-name: github.com/google/go-containerregistry
  dependency-version: 0.21.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-dependencies
- dependency-name: github.com/moby/buildkit
  dependency-version: 0.27.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-dependencies
- dependency-name: k8s.io/utils
  dependency-version: 0.0.0-20251002143259-bc988d571ff4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added the dependabot 🤖 Created by the dependabot label Feb 25, 2026
@dependabot dependabot Bot requested a review from a team as a code owner February 25, 2026 12:38
@dependabot dependabot Bot added the dependabot 🤖 Created by the dependabot label Feb 25, 2026
@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot Bot commented on behalf of github Mar 1, 2026

Looks like these dependencies are updatable in another way, so this is no longer needed.

@dependabot dependabot Bot closed this Mar 1, 2026
@dependabot dependabot Bot deleted the dependabot/go_modules/go-dependencies-0ce9c95420 branch March 1, 2026 04:53
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependabot 🤖 Created by the dependabot

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants