build(deps): bump the gomod group across 1 directory with 10 updates#2007
Closed
dependabot[bot] wants to merge 1 commit into
Closed
build(deps): bump the gomod group across 1 directory with 10 updates#2007dependabot[bot] wants to merge 1 commit into
dependabot[bot] wants to merge 1 commit into
Conversation
Bumps the gomod group with 4 updates in the / directory: [chainguard.dev/apko](https://github.com/chainguard-dev/apko), [github.com/chainguard-dev/yam](https://github.com/chainguard-dev/yam), [github.com/github/go-spdx/v2](https://github.com/github/go-spdx) and [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry). Updates `chainguard.dev/apko` from 0.27.2 to 0.27.7 - [Release notes](https://github.com/chainguard-dev/apko/releases) - [Changelog](https://github.com/chainguard-dev/apko/blob/main/NEWS.md) - [Commits](chainguard-dev/apko@v0.27.2...v0.27.7) Updates `github.com/chainguard-dev/yam` from 0.2.12 to 0.2.17 - [Commits](chainguard-dev/yam@v0.2.12...v0.2.17) Updates `github.com/charmbracelet/log` from 0.4.1 to 0.4.2 - [Release notes](https://github.com/charmbracelet/log/releases) - [Commits](charmbracelet/log@v0.4.1...v0.4.2) Updates `github.com/github/go-spdx/v2` from 2.3.2 to 2.3.3 - [Release notes](https://github.com/github/go-spdx/releases) - [Commits](github/go-spdx@v2.3.2...v2.3.3) Updates `github.com/google/go-containerregistry` from 0.20.4-0.20250225234217-098045d5e61f to 0.20.5 - [Release notes](https://github.com/google/go-containerregistry/releases) - [Changelog](https://github.com/google/go-containerregistry/blob/main/.goreleaser.yml) - [Commits](https://github.com/google/go-containerregistry/commits/v0.20.5) Updates `golang.org/x/crypto` from 0.37.0 to 0.38.0 - [Commits](golang/crypto@v0.37.0...v0.38.0) Updates `golang.org/x/sync` from 0.13.0 to 0.14.0 - [Commits](golang/sync@v0.13.0...v0.14.0) Updates `golang.org/x/sys` from 0.32.0 to 0.33.0 - [Commits](golang/sys@v0.32.0...v0.33.0) Updates `golang.org/x/term` from 0.31.0 to 0.32.0 - [Commits](golang/term@v0.31.0...v0.32.0) Updates `golang.org/x/text` from 0.24.0 to 0.25.0 - [Release notes](https://github.com/golang/text/releases) - [Commits](golang/text@v0.24.0...v0.25.0) --- updated-dependencies: - dependency-name: chainguard.dev/apko dependency-version: 0.27.7 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gomod - dependency-name: github.com/chainguard-dev/yam dependency-version: 0.2.17 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gomod - dependency-name: github.com/charmbracelet/log dependency-version: 0.4.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gomod - dependency-name: github.com/github/go-spdx/v2 dependency-version: 2.3.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gomod - dependency-name: github.com/google/go-containerregistry dependency-version: 0.20.5 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gomod - dependency-name: golang.org/x/crypto dependency-version: 0.38.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: gomod - dependency-name: golang.org/x/sync dependency-version: 0.14.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: gomod - dependency-name: golang.org/x/sys dependency-version: 0.33.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: gomod - dependency-name: golang.org/x/term dependency-version: 0.32.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: gomod - dependency-name: golang.org/x/text dependency-version: 0.25.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: gomod ... Signed-off-by: dependabot[bot] <support@github.com>
6d925e8 to
fc9133a
Compare
Contributor
Author
|
Looks like these dependencies are updatable in another way, so this is no longer needed. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bumps the gomod group with 4 updates in the / directory: chainguard.dev/apko, github.com/chainguard-dev/yam, github.com/github/go-spdx/v2 and github.com/google/go-containerregistry.
Updates
chainguard.dev/apkofrom 0.27.2 to 0.27.7Release notes
Sourced from chainguard.dev/apko's releases.
Commits
c0a179eimprove error messages in expandApk (#1675)0eaf50f[StepSecurity] Apply security best practices (#1674)c25f631sbom: resolve issues with missing/invalid image SBOM information (#1672)f19d835lock: fix up filter for wanted arches (#1670)b89fd6cldsocache snapshot/20250507 (#1665)a4d3a5fbuild(deps): bump github.com/charmbracelet/log from 0.4.1 to 0.4.2 (#1669)cf3f288Respect arch flags when using lockfiles (#1664)8d33435Guard against empty inputs list in unify() (#1668)e8cf036build(deps): bump actions/setup-go from 5.4.0 to 5.5.0 (#1666)8500ac6Remove link to "support" (#1662)Updates
github.com/chainguard-dev/yamfrom 0.2.12 to 0.2.17Commits
433473eBump chainguard-dev/actions from 1.0.9 to 1.1.0 (#110)fdb5b8cBump chainguard-dev/actions from 1.0.8 to 1.0.9 (#109)ac6b0d5Bump chainguard-dev/actions from 1.0.7 to 1.0.8 (#107)4d1a5acBump actions/setup-go from 5.4.0 to 5.5.0 (#106)97deedbBump golangci/golangci-lint-action from 7.0.0 to 8.0.0 (#104)65de5b5Bump chainguard-dev/actions from 1.0.6 to 1.0.7 (#105)f2d39f6Bump chainguard-dev/actions from 1.0.4 to 1.0.6 (#103)ab7a25aGo Upgrade / golangci-lint / ci clean up (#102)6e0ef8aBump actions/setup-go from 5.3.0 to 5.4.0 (#97)761fcefBump github.com/samber/lo from 1.49.1 to 1.50.0 (#101)Updates
github.com/charmbracelet/logfrom 0.4.1 to 0.4.2Release notes
Sourced from github.com/charmbracelet/log's releases.
Commits
4dcdb75chore(examples): bump dependencies71b7e86fix: ensure we recognize errors as slog.AnyValue (#171)0e0124dci: sync dependabot config (#169)0ca0612ci: sync golangci-lint config (#168)cf6e867ci: sync golangci-lint config (#165)e75da3achore(deps): bump github.com/charmbracelet/lipgloss from 1.0.0 to 1.1.0 (#163)Updates
github.com/github/go-spdx/v2from 2.3.2 to 2.3.3Release notes
Sourced from github.com/github/go-spdx/v2's releases.
Commits
59ab544Merge pull request #105 from github/elr/update-for-releasebebc87dMerge branch 'main' into elr/update-for-release6e2c29bupdate version to v2.3.3 for the Go Reference link6405917Merge pull request #91 from github/auto-update-licenses76a5c75blank return at end to force tests to restart1d80dd2update maintainer list52efc7fAdd updated license filesd83c891Merge pull request #100 from github/dependabot/github_actions/peter-evans/cre...ddef224Bump peter-evans/create-pull-request from 7.0.7 to 7.0.8360f41dMerge pull request #98 from github/dependabot/github_actions/golangci/golangc...Updates
github.com/google/go-containerregistryfrom 0.20.4-0.20250225234217-098045d5e61f to 0.20.5Release notes
Sourced from github.com/google/go-containerregistry's releases.
Commits
Updates
golang.org/x/cryptofrom 0.37.0 to 0.38.0Commits
aae6e61go.mod: update golang.org/x dependencies9c1aa6assh/test: reset the random source before capturing a recording8819902ssh/test: enable Diffie-Hellman key exchange algorithms3f311e4acme: return error from pre-authorization when unsupported1f7c62cssh/test: skip unsupported tests on js/wasma5f8048acme/autocert: use standard functions to pick the cache directory958cde8Revert "chacha20: add loong64 SIMD implementation"51f005cRevert "salsa20: add loong64 SIMD implementation"7c35866Revert "argon2: add loong64 SIMD implementation"0091fc8Revert "blake2s: add loong64 SIMD implementation"Updates
golang.org/x/syncfrom 0.13.0 to 0.14.0Commits
506c70ferrgroup: propagate panic and Goexit through WaitUpdates
golang.org/x/sysfrom 0.32.0 to 0.33.0Commits
3d9a6b8windows: add WSADuplicateSocketc0a9559cpu: add crypto extensions detection for riscv648e9e046windows: add virtual key codes and console input consts7138967windows: fix slicing of NTUnicodeString values6a85559windows: fix dangling pointers in (*SECURITY_DESCRIPTOR).ToAbsoluteUpdates
golang.org/x/termfrom 0.31.0 to 0.32.0Commits
2ec7864go.mod: update golang.org/x dependenciesa809085term: support pluggable historyUpdates
golang.org/x/textfrom 0.24.0 to 0.25.0Commits
700cc20go.mod: update golang.org/x dependenciesDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore <dependency name> major versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)@dependabot ignore <dependency name> minor versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)@dependabot ignore <dependency name>will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)@dependabot unignore <dependency name>will remove all of the ignore conditions of the specified dependency@dependabot unignore <dependency name> <ignore condition>will remove the ignore condition of the specified dependency and ignore conditions