Skip to content

build(deps): bump the gomod group across 1 directory with 10 updates#2007

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/go_modules/gomod-5400756f15
Closed

build(deps): bump the gomod group across 1 directory with 10 updates#2007
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/go_modules/gomod-5400756f15

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github May 26, 2025

Copy link
Copy Markdown
Contributor

Bumps the gomod group with 4 updates in the / directory: chainguard.dev/apko, github.com/chainguard-dev/yam, github.com/github/go-spdx/v2 and github.com/google/go-containerregistry.

Updates chainguard.dev/apko from 0.27.2 to 0.27.7

Release notes

Sourced from chainguard.dev/apko's releases.

Release v0.27.7

Changelog

  • c0a179ee97c61c1c5bae7267166782d703c40a28 improve error messages in expandApk (#1675)

Release v0.27.6

What's Changed

Full Changelog: chainguard-dev/apko@v0.27.5...v0.27.6

Release v0.27.5

What's Changed

Full Changelog: chainguard-dev/apko@v0.27.4...v0.27.5

Release v0.27.4

What's Changed

New Contributors

Full Changelog: chainguard-dev/apko@v0.27.3...v0.27.4

Release v0.27.3

What's Changed

Full Changelog: chainguard-dev/apko@v0.27.2...v0.27.3

Commits

Updates github.com/chainguard-dev/yam from 0.2.12 to 0.2.17

Commits
  • 433473e Bump chainguard-dev/actions from 1.0.9 to 1.1.0 (#110)
  • fdb5b8c Bump chainguard-dev/actions from 1.0.8 to 1.0.9 (#109)
  • ac6b0d5 Bump chainguard-dev/actions from 1.0.7 to 1.0.8 (#107)
  • 4d1a5ac Bump actions/setup-go from 5.4.0 to 5.5.0 (#106)
  • 97deedb Bump golangci/golangci-lint-action from 7.0.0 to 8.0.0 (#104)
  • 65de5b5 Bump chainguard-dev/actions from 1.0.6 to 1.0.7 (#105)
  • f2d39f6 Bump chainguard-dev/actions from 1.0.4 to 1.0.6 (#103)
  • ab7a25a Go Upgrade / golangci-lint / ci clean up (#102)
  • 6e0ef8a Bump actions/setup-go from 5.3.0 to 5.4.0 (#97)
  • 761fcef Bump github.com/samber/lo from 1.49.1 to 1.50.0 (#101)
  • Additional commits viewable in compare view

Updates github.com/charmbracelet/log from 0.4.1 to 0.4.2

Release notes

Sourced from github.com/charmbracelet/log's releases.

v0.4.2

This release fixes an issue when using the JSON logger as a slog handler logging error type messages. It ensures we extract the error from the message when the error does not implement json.Marshaler.

Changelog

Bug fixes

  • 71b7e865482d1ba74a730351698671caa6e36b53: fix: ensure we recognize errors as slog.AnyValue (#171) (@​aymanbagabas)

Other work

  • 0e0124d8e155b8877d85add7d966df9a6bf2ce6a: ci: sync dependabot config (#169) (@​charmcli)
  • cf6e8671c6abbcd36a8528129c983a50f4898215: ci: sync golangci-lint config (#165) (@​github-actions[bot])
  • 0ca0612580218fdbb080d181836b7795b226565a: ci: sync golangci-lint config (#168) (@​github-actions[bot])

Thoughts? Questions? We love hearing from you. Feel free to reach out on Twitter, The Fediverse, or on Discord.

Commits

Updates github.com/github/go-spdx/v2 from 2.3.2 to 2.3.3

Release notes

Sourced from github.com/github/go-spdx/v2's releases.

Release v2.3.3

What's Changed

  • update licenses
  • bump dependencies
  • update maintainer list

Full Changelog: github/go-spdx@v2.3.2...v2.3.3

Commits
  • 59ab544 Merge pull request #105 from github/elr/update-for-release
  • bebc87d Merge branch 'main' into elr/update-for-release
  • 6e2c29b update version to v2.3.3 for the Go Reference link
  • 6405917 Merge pull request #91 from github/auto-update-licenses
  • 76a5c75 blank return at end to force tests to restart
  • 1d80dd2 update maintainer list
  • 52efc7f Add updated license files
  • d83c891 Merge pull request #100 from github/dependabot/github_actions/peter-evans/cre...
  • ddef224 Bump peter-evans/create-pull-request from 7.0.7 to 7.0.8
  • 360f41d Merge pull request #98 from github/dependabot/github_actions/golangci/golangc...
  • Additional commits viewable in compare view

Updates github.com/google/go-containerregistry from 0.20.4-0.20250225234217-098045d5e61f to 0.20.5

Release notes

Sourced from github.com/google/go-containerregistry's releases.

v0.20.5

What's Changed

New Contributors

Full Changelog: google/go-containerregistry@v0.20.3...v0.20.5

v0.20.4 - Not usable as a go module

🚨 This release was published to the Go module proxy and then re-tagged with a different commit. This means it's not usable as a Go module (google/go-containerregistry#2107) -- please us v0.20.5 instead.

What's Changed

New Contributors

Full Changelog: google/go-containerregistry@v0.20.3...v0.20.4

Commits

Updates golang.org/x/crypto from 0.37.0 to 0.38.0

Commits
  • aae6e61 go.mod: update golang.org/x dependencies
  • 9c1aa6a ssh/test: reset the random source before capturing a recording
  • 8819902 ssh/test: enable Diffie-Hellman key exchange algorithms
  • 3f311e4 acme: return error from pre-authorization when unsupported
  • 1f7c62c ssh/test: skip unsupported tests on js/wasm
  • a5f8048 acme/autocert: use standard functions to pick the cache directory
  • 958cde8 Revert "chacha20: add loong64 SIMD implementation"
  • 51f005c Revert "salsa20: add loong64 SIMD implementation"
  • 7c35866 Revert "argon2: add loong64 SIMD implementation"
  • 0091fc8 Revert "blake2s: add loong64 SIMD implementation"
  • Additional commits viewable in compare view

Updates golang.org/x/sync from 0.13.0 to 0.14.0

Commits

Updates golang.org/x/sys from 0.32.0 to 0.33.0

Commits
  • 3d9a6b8 windows: add WSADuplicateSocket
  • c0a9559 cpu: add crypto extensions detection for riscv64
  • 8e9e046 windows: add virtual key codes and console input consts
  • 7138967 windows: fix slicing of NTUnicodeString values
  • 6a85559 windows: fix dangling pointers in (*SECURITY_DESCRIPTOR).ToAbsolute
  • See full diff in compare view

Updates golang.org/x/term from 0.31.0 to 0.32.0

Commits

Updates golang.org/x/text from 0.24.0 to 0.25.0

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels May 26, 2025
Bumps the gomod group with 4 updates in the / directory: [chainguard.dev/apko](https://github.com/chainguard-dev/apko), [github.com/chainguard-dev/yam](https://github.com/chainguard-dev/yam), [github.com/github/go-spdx/v2](https://github.com/github/go-spdx) and [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry).


Updates `chainguard.dev/apko` from 0.27.2 to 0.27.7
- [Release notes](https://github.com/chainguard-dev/apko/releases)
- [Changelog](https://github.com/chainguard-dev/apko/blob/main/NEWS.md)
- [Commits](chainguard-dev/apko@v0.27.2...v0.27.7)

Updates `github.com/chainguard-dev/yam` from 0.2.12 to 0.2.17
- [Commits](chainguard-dev/yam@v0.2.12...v0.2.17)

Updates `github.com/charmbracelet/log` from 0.4.1 to 0.4.2
- [Release notes](https://github.com/charmbracelet/log/releases)
- [Commits](charmbracelet/log@v0.4.1...v0.4.2)

Updates `github.com/github/go-spdx/v2` from 2.3.2 to 2.3.3
- [Release notes](https://github.com/github/go-spdx/releases)
- [Commits](github/go-spdx@v2.3.2...v2.3.3)

Updates `github.com/google/go-containerregistry` from 0.20.4-0.20250225234217-098045d5e61f to 0.20.5
- [Release notes](https://github.com/google/go-containerregistry/releases)
- [Changelog](https://github.com/google/go-containerregistry/blob/main/.goreleaser.yml)
- [Commits](https://github.com/google/go-containerregistry/commits/v0.20.5)

Updates `golang.org/x/crypto` from 0.37.0 to 0.38.0
- [Commits](golang/crypto@v0.37.0...v0.38.0)

Updates `golang.org/x/sync` from 0.13.0 to 0.14.0
- [Commits](golang/sync@v0.13.0...v0.14.0)

Updates `golang.org/x/sys` from 0.32.0 to 0.33.0
- [Commits](golang/sys@v0.32.0...v0.33.0)

Updates `golang.org/x/term` from 0.31.0 to 0.32.0
- [Commits](golang/term@v0.31.0...v0.32.0)

Updates `golang.org/x/text` from 0.24.0 to 0.25.0
- [Release notes](https://github.com/golang/text/releases)
- [Commits](golang/text@v0.24.0...v0.25.0)

---
updated-dependencies:
- dependency-name: chainguard.dev/apko
  dependency-version: 0.27.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: gomod
- dependency-name: github.com/chainguard-dev/yam
  dependency-version: 0.2.17
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: gomod
- dependency-name: github.com/charmbracelet/log
  dependency-version: 0.4.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: gomod
- dependency-name: github.com/github/go-spdx/v2
  dependency-version: 2.3.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: gomod
- dependency-name: github.com/google/go-containerregistry
  dependency-version: 0.20.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: gomod
- dependency-name: golang.org/x/crypto
  dependency-version: 0.38.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gomod
- dependency-name: golang.org/x/sync
  dependency-version: 0.14.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gomod
- dependency-name: golang.org/x/sys
  dependency-version: 0.33.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gomod
- dependency-name: golang.org/x/term
  dependency-version: 0.32.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gomod
- dependency-name: golang.org/x/text
  dependency-version: 0.25.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gomod
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/go_modules/gomod-5400756f15 branch from 6d925e8 to fc9133a Compare June 2, 2025 16:23
@dependabot @github

dependabot Bot commented on behalf of github Jun 4, 2025

Copy link
Copy Markdown
Contributor Author

Looks like these dependencies are updatable in another way, so this is no longer needed.

@dependabot dependabot Bot closed this Jun 4, 2025
@dependabot dependabot Bot deleted the dependabot/go_modules/gomod-5400756f15 branch June 4, 2025 17:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file go Pull requests that update Go code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants