Skip to content

chore(deps): bump the go group across 1 directory with 12 updates#1973

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/go_modules/go-9bd29a39b7
Open

chore(deps): bump the go group across 1 directory with 12 updates#1973
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/go_modules/go-9bd29a39b7

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 26, 2026

Bumps the go group with 11 updates in the / directory:

Package From To
github.com/aws/aws-sdk-go-v2/config 1.32.17 1.32.18
github.com/aws/aws-sdk-go-v2/feature/s3/transfermanager 0.1.21 0.1.22
github.com/containerd/containerd/v2 2.3.0 2.3.1
github.com/docker/cli 29.5.0+incompatible 29.5.2+incompatible
github.com/go-git/go-git/v5 5.19.0 5.19.1
github.com/onsi/ginkgo/v2 2.28.3 2.29.0
github.com/onsi/gomega 1.40.0 1.41.0
github.com/sigstore/rekor 1.5.1 1.5.2
go.podman.io/image/v5 5.39.2 5.40.0
golang.org/x/crypto 0.51.0 0.52.0
golang.org/x/net 0.54.0 0.55.0

Updates github.com/aws/aws-sdk-go-v2/config from 1.32.17 to 1.32.18

Commits

Updates github.com/aws/aws-sdk-go-v2/credentials from 1.19.16 to 1.19.17

Commits

Updates github.com/aws/aws-sdk-go-v2/feature/s3/transfermanager from 0.1.21 to 0.1.22

Commits

Updates github.com/containerd/containerd/v2 from 2.3.0 to 2.3.1

Release notes

Sourced from github.com/containerd/containerd/v2's releases.

containerd 2.3.1

Welcome to the v2.3.1 release of containerd!

The first patch release for containerd 2.3 contains various fixes and improvements.

Security Updates

Highlights

  • Fix bug where failed gRPC plugins were not tolerated when starting listeners (#13390)

Image Storage

  • Ensure metadata and mount plugin boltdb files are closed on server shutdown (#13379)

Runtime

  • Fix handling of out-of-range USER values in OCI spec to avoid unexpected username/group lookups (#13447)
  • Fix sandbox task API endpoints for non-runc runtimes and deprecate task fields in Runc options (#13422)
  • Apply hardening to default seccomp socket policy by blocking AF_ALG (#13409)

Snapshotters

  • Disable overlayfs "rebase" capability when running in user namespace (#13394)
  • Fix transfer plugin error when EROFS differ is configured but mkfs.erofs is unavailable (#13364)

Please try out the release binaries and report any issues at https://github.com/containerd/containerd/issues.

Contributors

  • Maksym Pavlenko
  • Akihiro Suda
  • Derek McGowan
  • Paweł Gronowski
  • Brian Goff
  • Austin Vazquez
  • LEI WANG
  • Samuel Karp

Changes

  • Prepare release notes for v2.3.1 (#13405)
  • oci: return explicit error for out-of-range USER values (#13447)

... (truncated)

Commits
  • 64b425c Merge pull request #13405 from AkihiroSuda/prepare-release-2.3.1
  • 58af965 Prepare release notes for v2.3.1
  • 8f0b3ca Update api to v1.11.1
  • 9f8f453 Merge pull request #13447 from samuelkarp/oci-withuser-errrange-2.3
  • f822a91 Merge pull request #13444 from dmcgowan/prepare-api-v1.11.1
  • da7aef2 Prepare release notes for api/v1.11.1
  • a50a704 Merge pull request #13422 from k8s-infra-cherrypick-robot/cherry-pick-13360-t...
  • 5282d4e Wire task address and version fields
  • e44f5f9 protos: include task API address to CreateTaskRequest
  • 85f22f7 Merge pull request #13409 from k8s-infra-cherrypick-robot/cherry-pick-13327-t...
  • Additional commits viewable in compare view

Updates github.com/docker/cli from 29.5.0+incompatible to 29.5.2+incompatible

Commits
  • 79eb04c Merge pull request #3173 from rene-hermenau/patch-1
  • 1a3048f Merge pull request #6997 from vvoland/gha-fix
  • 9177c7f gha: Port validate milestones from Moby
  • 77cb156 Merge pull request #6994 from thaJeztah/bump_buildx
  • 382a92d Dockerfile: update buildx to v0.34.1
  • 5c0919a Merge pull request #6995 from thaJeztah/bump_version
  • a68dd7a bump VERSION to v29.5.2-dev
  • 2518b52 Merge pull request #6991 from mickael-docker/docs-clarify-authz
  • 9f18a0a docs: clarify authz content type
  • 2944fd1 Merge pull request #6989 from thaJeztah/bump_version
  • Additional commits viewable in compare view

Updates github.com/go-git/go-git/v5 from 5.19.0 to 5.19.1

Release notes

Sourced from github.com/go-git/go-git/v5's releases.

v5.19.1

What's Changed

Full Changelog: go-git/go-git@v5.19.0...v5.19.1

Commits
  • 3c3be60 Merge pull request #2137 from go-git/validate-v5
  • 3fba897 plumbing: format/packfile, cap delta chain depth in parser
  • a97d660 Merge pull request #2125 from hiddeco/v5/format-input-bounds
  • aeaa125 plumbing: format/objfile, require Header before Read
  • 1f38e17 plumbing: format/packfile, bound inflate size
  • f7545a0 plumbing: format/idxfile, bound nr by file size
  • 170b881 Merge pull request #2116 from pjbgf/symlink-v5
  • 7b6d994 Merge pull request #2117 from hiddeco/v5/worktree-fs-mkdirall-root-noop
  • f0709b3 git: Stop validating symlink target paths
  • 776d00f git: Allow MkdirAll on worktree-root paths
  • Additional commits viewable in compare view

Updates github.com/onsi/ginkgo/v2 from 2.28.3 to 2.29.0

Release notes

Sourced from github.com/onsi/ginkgo/v2's releases.

v2.29.0

2.29.0

GinkgoHelperGo makes it easier to write test helpers that need to run in goroutines. Specifically, it makes managing the failure state and capturing failure panics correctly straightforward.

ginkgo outline now includes entries defined in DescribeTableSubtree

Changelog

Sourced from github.com/onsi/ginkgo/v2's changelog.

2.29.0

GinkgoHelperGo makes it easier to write test helpers that need to run in goroutines. Specifically, it makes managing the failure state and capturing failure panics correctly straightforward.

ginkgo outline now includes entries defined in DescribeTableSubtree

Commits
  • 04b5bcb v2.29.0
  • 124232a docs: GinkgoHelperGo
  • ad9cee8 feat: GinkgoHelperGo, with integration tests
  • 9e56a0a chore: refactor devcontainer for better maintenance
  • 3d235a9 chore: ignore internal/tmp_*/ integration suite temporary dirs
  • 782666a feat: devcontainer configuration with local pkgsite and GH pages
  • 009dd04 Support DescribeTableSubtree in ginkgo outline
  • See full diff in compare view

Updates github.com/onsi/gomega from 1.40.0 to 1.41.0

Changelog

Sourced from github.com/onsi/gomega's changelog.

1.41.0

Features

Add BeASlice and BeAnArray matchers

Fixes

Object formatting now detects pointer cycles to avoid runaway formatting output.

Commits
  • af2bccb v1.41.0
  • 73e81f6 v1.41.0 (full)
  • e35a84f feat: devcontainer configuration with local pkgsite and GH pages
  • f12e5e1 fix(format): detect pointer cycles to avoid runaway formatting output
  • e14831f Add optionalDescription docs to AsyncAssertion and Assertion interfaces
  • 344b94d Add BeASlice and BeAnArray matchers
  • See full diff in compare view

Updates github.com/sigstore/rekor from 1.5.1 to 1.5.2

Commits
  • 3b75cd9 build(deps): Bump the all group across 1 directory with 7 updates (#2829)
  • 759b98e alpine: Enforce max size limit on decompression (#2831)
  • c7e77ee Support restricting kinds on insertion (#2814)
  • a10818a fix(trillianclient): strip dns:/// scheme from TLS ServerName in gRPC dial (#...
  • c31f3fc build(deps): Bump cloud.google.com/go/profiler from 0.4.3 to 0.6.0
  • f2a9fb0 build(deps): Bump go.uber.org/zap from 1.27.1 to 1.28.0
  • e3ba248 build(deps): Bump golang in the all group across 1 directory
  • 62e5ddd build(deps): Bump github.com/go-openapi/swag from 0.25.5 to 0.26.0
  • f4f91d5 build(deps): Bump github.com/tink-crypto/tink-go-awskms/v2 to v3 (#2827)
  • 9bc540f build(deps): Bump google.com/cloudsdktool/google-cloud-cli (#2820)
  • Additional commits viewable in compare view

Updates go.podman.io/image/v5 from 5.39.2 to 5.40.0

Commits
  • 3c2fa91 Bump to c/image v5.40
  • f871d19 Bump to c/storage v1.63.0 in c/image, c/image to v5.40
  • 550f62f Bump c/storage to v1.63.0
  • 4fa1864 Merge pull request #816 from alexlarsson/fix-composefs-verity
  • 32704ef Merge pull request #855 from containers/renovate/github.com-docker-cli-29.x
  • 98ff31a Merge pull request #853 from mheon/containers_conf_documentation_removals
  • 3e16145 Update module github.com/docker/cli to v29.5.1+incompatible
  • 206fff3 Manpage: remove slirp4netns/boltdb references
  • 3592bda Merge pull request #852 from containers/renovate/github.com-onsi-gomega-1.x
  • f04d9c8 Update module github.com/onsi/gomega to v1.41.0
  • Additional commits viewable in compare view

Updates golang.org/x/crypto from 0.51.0 to 0.52.0

Commits
  • a1c0d99 go.mod: update golang.org/x dependencies
  • 3c7c869 ssh: fix deadlock on unexpected channel responses
  • 533fb3f ssh: fix source-address critical option bypass
  • abbc44d ssh: fix incorrect operator order
  • e052873 ssh: fix infinite loop on large channel writes due to integer overflow
  • b61cf85 ssh: enforce user presence verification for security keys
  • 9c2cd33 ssh: enforce strict limits on DSA key parameters
  • 8907318 ssh: reject RSA keys with excessively large moduli
  • ffd87b4 ssh: fix panic when authority callbacks are nil
  • 4e7a738 ssh: fix deadlock on unexpected global responses
  • Additional commits viewable in compare view

Updates golang.org/x/net from 0.54.0 to 0.55.0

Commits
  • 7770ec4 go.mod: update golang.org/x dependencies
  • 4ece7b6 html: escape greater-than symbol in doctype identifiers
  • 08be507 html: improve Noah's Ark clause performance
  • a8fb2fe html: properly render fostered elements in foreign content
  • 0dc5b7a html: properly check namespace in "in body" any other end tag
  • a452f3c html: ignore duplicate attributes during tokenization
  • f865199 quic: fix appendMaxDataFrame erroneously accumulating sentLimit
  • 210ed3c quic: establish a "happened-before" relationship between stream write and read
  • ad8140e quic: fix buffer slicing when handling overlapping stream data
  • 23ee2ef http2: avoid API changes when built with go1.27
  • See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
chore(deps): bump the go group across 1 directory with 12 updates
704c033 
Bumps the go group with 11 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [github.com/aws/aws-sdk-go-v2/config](https://github.com/aws/aws-sdk-go-v2) | `1.32.17` | `1.32.18` |
| [github.com/aws/aws-sdk-go-v2/feature/s3/transfermanager](https://github.com/aws/aws-sdk-go-v2) | `0.1.21` | `0.1.22` |
| [github.com/containerd/containerd/v2](https://github.com/containerd/containerd) | `2.3.0` | `2.3.1` |
| [github.com/docker/cli](https://github.com/docker/cli) | `29.5.0+incompatible` | `29.5.2+incompatible` |
| [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) | `5.19.0` | `5.19.1` |
| [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo) | `2.28.3` | `2.29.0` |
| [github.com/onsi/gomega](https://github.com/onsi/gomega) | `1.40.0` | `1.41.0` |
| [github.com/sigstore/rekor](https://github.com/sigstore/rekor) | `1.5.1` | `1.5.2` |
| [go.podman.io/image/v5](https://github.com/containers/container-libs) | `5.39.2` | `5.40.0` |
| [golang.org/x/crypto](https://github.com/golang/crypto) | `0.51.0` | `0.52.0` |
| [golang.org/x/net](https://github.com/golang/net) | `0.54.0` | `0.55.0` |



Updates `github.com/aws/aws-sdk-go-v2/config` from 1.32.17 to 1.32.18
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](aws/aws-sdk-go-v2@config/v1.32.17...config/v1.32.18)

Updates `github.com/aws/aws-sdk-go-v2/credentials` from 1.19.16 to 1.19.17
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](aws/aws-sdk-go-v2@credentials/v1.19.16...credentials/v1.19.17)

Updates `github.com/aws/aws-sdk-go-v2/feature/s3/transfermanager` from 0.1.21 to 0.1.22
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](aws/aws-sdk-go-v2@feature/s3/transfermanager/v0.1.21...feature/s3/transfermanager/v0.1.22)

Updates `github.com/containerd/containerd/v2` from 2.3.0 to 2.3.1
- [Release notes](https://github.com/containerd/containerd/releases)
- [Changelog](https://github.com/containerd/containerd/blob/main/RELEASES.md)
- [Commits](containerd/containerd@v2.3.0...v2.3.1)

Updates `github.com/docker/cli` from 29.5.0+incompatible to 29.5.2+incompatible
- [Commits](docker/cli@v29.5.0...v29.5.2)

Updates `github.com/go-git/go-git/v5` from 5.19.0 to 5.19.1
- [Release notes](https://github.com/go-git/go-git/releases)
- [Changelog](https://github.com/go-git/go-git/blob/main/HISTORY.md)
- [Commits](go-git/go-git@v5.19.0...v5.19.1)

Updates `github.com/onsi/ginkgo/v2` from 2.28.3 to 2.29.0
- [Release notes](https://github.com/onsi/ginkgo/releases)
- [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md)
- [Commits](onsi/ginkgo@v2.28.3...v2.29.0)

Updates `github.com/onsi/gomega` from 1.40.0 to 1.41.0
- [Release notes](https://github.com/onsi/gomega/releases)
- [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md)
- [Commits](onsi/gomega@v1.40.0...v1.41.0)

Updates `github.com/sigstore/rekor` from 1.5.1 to 1.5.2
- [Release notes](https://github.com/sigstore/rekor/releases)
- [Changelog](https://github.com/sigstore/rekor/blob/main/CHANGELOG.md)
- [Commits](sigstore/rekor@v1.5.1...v1.5.2)

Updates `go.podman.io/image/v5` from 5.39.2 to 5.40.0
- [Release notes](https://github.com/containers/container-libs/releases)
- [Commits](containers/container-libs@image/v5.39.2...image/v5.40.0)

Updates `golang.org/x/crypto` from 0.51.0 to 0.52.0
- [Commits](golang/crypto@v0.51.0...v0.52.0)

Updates `golang.org/x/net` from 0.54.0 to 0.55.0
- [Commits](golang/net@v0.54.0...v0.55.0)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2/config
  dependency-version: 1.32.18
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go
- dependency-name: github.com/aws/aws-sdk-go-v2/credentials
  dependency-version: 1.19.17
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go
- dependency-name: github.com/aws/aws-sdk-go-v2/feature/s3/transfermanager
  dependency-version: 0.1.22
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go
- dependency-name: github.com/containerd/containerd/v2
  dependency-version: 2.3.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go
- dependency-name: github.com/docker/cli
  dependency-version: 29.5.2+incompatible
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go
- dependency-name: github.com/go-git/go-git/v5
  dependency-version: 5.19.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go
- dependency-name: github.com/onsi/ginkgo/v2
  dependency-version: 2.29.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: github.com/onsi/gomega
  dependency-version: 1.41.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: github.com/sigstore/rekor
  dependency-version: 1.5.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go
- dependency-name: go.podman.io/image/v5
  dependency-version: 5.40.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: golang.org/x/crypto
  dependency-version: 0.52.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: golang.org/x/net
  dependency-version: 0.55.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added kind/chore chore, maintenance, etc. kind/dependency dependency update, etc. labels May 26, 2026
@dependabot dependabot Bot requested a review from a team as a code owner May 26, 2026 05:18
@dependabot dependabot Bot added kind/dependency dependency update, etc. kind/chore chore, maintenance, etc. labels May 26, 2026
@github-actions github-actions Bot added the size/m Medium label May 26, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

kind/chore chore, maintenance, etc. kind/dependency dependency update, etc. size/m Medium

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants