Skip to content

build(deps): bump the gomod group across 1 directory with 5 updates#2580

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/go_modules/gomod-50d4636036
Closed

build(deps): bump the gomod group across 1 directory with 5 updates#2580
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/go_modules/gomod-50d4636036

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 29, 2026

Copy link
Copy Markdown
Contributor

Bumps the gomod group with 5 updates in the / directory:

Package From To
chainguard.dev/apko 1.2.17 1.2.19
github.com/chainguard-dev/clog 1.8.0 1.8.1
github.com/chainguard-dev/yam 0.2.63 0.2.65
github.com/docker/cli 29.5.3+incompatible 29.6.1+incompatible
github.com/google/go-containerregistry 0.21.6 0.21.7

Updates chainguard.dev/apko from 1.2.17 to 1.2.19

Release notes

Sourced from chainguard.dev/apko's releases.

Release v1.2.19

Changelog

  • e5786e98da1197260cc5e50720790f219275d94a Lower SBOM duplicate-package log from info to debug (#2293)
  • ed31a4b905bccd8c6c4d6aa30059e4fdaa0be6a1 build(deps): bump actions/checkout from 6.0.3 to 7.0.0 (#2291)
  • 3c28f352b04ceca6f64a351c1b29d49ca7626a80 build(deps): bump chainguard-dev/actions from 1.6.22 to 1.6.24 (#2292)
  • d6207d87bc02b5ba9684d1bef6f4d4b0bce6baac build(deps): bump chainguard.dev/sdk from 0.1.57 to 0.1.74 (#2290)
  • fa27c7c1345e2d5ba79f095c1332eee19f8456f5 build(deps): bump go.step.sm/crypto from 0.82.0 to 0.83.0 (#2280)
  • c6336e444560d92e2ac8e49d04f812b71bb12009 build(deps): bump golang.org/x/term from 0.43.0 to 0.44.0 (#2277)
  • bea498510167f23a17a8fd9646f94a231c566de5 build(deps): bump google.golang.org/api from 0.283.0 to 0.285.0 (#2287)
  • 5558f35b5b5fd27b50fe000f64395d8c6616216f paths: honor recursive for type: permissions, make uid/gid nullable (#2281)

Release v1.2.18

Changelog

  • ebd9255d91996b81a9b88723efbc9d563cfd863c build(deps): bump k8s.io/apimachinery from 0.36.1 to 0.36.2 (#2279)
Commits
  • 5558f35 paths: honor recursive for type: permissions, make uid/gid nullable (#2281)
  • e5786e9 Lower SBOM duplicate-package log from info to debug (#2293)
  • c6336e4 build(deps): bump golang.org/x/term from 0.43.0 to 0.44.0 (#2277)
  • fa27c7c build(deps): bump go.step.sm/crypto from 0.82.0 to 0.83.0 (#2280)
  • bea4985 build(deps): bump google.golang.org/api from 0.283.0 to 0.285.0 (#2287)
  • ed31a4b build(deps): bump actions/checkout from 6.0.3 to 7.0.0 (#2291)
  • d6207d8 build(deps): bump chainguard.dev/sdk from 0.1.57 to 0.1.74 (#2290)
  • 3c28f35 build(deps): bump chainguard-dev/actions from 1.6.22 to 1.6.24 (#2292)
  • ebd9255 build(deps): bump k8s.io/apimachinery from 0.36.1 to 0.36.2 (#2279)
  • See full diff in compare view

Updates github.com/chainguard-dev/clog from 1.8.0 to 1.8.1

Release notes

Sourced from github.com/chainguard-dev/clog's releases.

v1.8.1

What's Changed

New Contributors

Full Changelog: chainguard-dev/clog@v1.8.0...v1.8.1

Commits
  • 01a0244 fix: convert WARN string for cloud batch (#76)
  • e522bdd fix(ci): add persist-credentials: false and zizmor pedantic config (#69)
  • a29ba66 Bump step-security/harden-runner from 2.18.0 to 2.19.0 (#67)
  • f2e76c2 Bump step-security/harden-runner from 2.15.1 to 2.18.0 (#65)
  • ca1e61d chore(workflows): add actionlint and zizmor action linters [SECINT-75] (#61)
  • 0d6447e Bump step-security/harden-runner from 2.13.3 to 2.15.1 (#60)
  • See full diff in compare view

Updates github.com/chainguard-dev/yam from 0.2.63 to 0.2.65

Commits
  • 2600f9f build(deps): bump actions/setup-go from 6.4.0 to 6.5.0 (#231)
  • 1dc4e48 build(deps): bump chainguard-dev/actions from 1.6.21 to 1.6.23 (#225)
  • See full diff in compare view

Updates github.com/docker/cli from 29.5.3+incompatible to 29.6.1+incompatible

Commits
  • 8900f1d Merge pull request #7074 from thaJeztah/version
  • 22b8f13 Merge pull request #7069 from docker-agent/auto/migrate-to-docker-agent-action
  • d9c59c9 version 29.6.1
  • 6430751 Merge pull request #7073 from thaJeztah/bump_moby_user
  • 8fda97b vendor: github.com/moby/sys/user v0.4.1
  • f9dc4e4 chore: bump docker-agent-action to v2.0.1
  • f8a2d2b Merge pull request #7070 from docker/dependabot/github_actions/actions/checko...
  • 7eb15d3 build(deps): bump actions/checkout from 6.0.3 to 7.0.0
  • 033b0ff Merge pull request #7063 from docker/dependabot/github_actions/crazy-max/dot-...
  • 317bfd1 Merge pull request #7067 from docker/dependabot/github_actions/docker/cagent-...
  • Additional commits viewable in compare view

Updates github.com/google/go-containerregistry from 0.21.6 to 0.21.7

Release notes

Sourced from github.com/google/go-containerregistry's releases.

v0.21.7

What's Changed

New Contributors

Full Changelog: google/go-containerregistry@v0.21.6...v0.21.7

Commits
  • c68d899 Bump go version to 1.26.4 (#2350)
  • da61d86 transport: do not re-attach bearer token after cross-host redirect (#2349)
  • 09fe1e5 fix(tarball): normalize paths when matching files (#2334)
  • 5baa399 build(deps): bump the go-deps group across 3 directories with 4 updates (#2348)
  • 97a8a17 fix(transport): apply refreshed bearer token after cross-host redirect (#2337)
  • e963497 internal/gzip: fix goroutine leak in ReadCloserLevel (#2347)
  • 02649ea fix: prevent SSRF in google.List() pagination (#2332)
  • 7204b40 build(deps): bump the actions group across 1 directory with 2 updates (#2344)
  • 4cfaa93 build(deps): bump the go-deps group across 1 directory with 2 updates (#2343)
  • 6849394 pkg/registry: export RedirectError (#2177)
  • Additional commits viewable in compare view

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Jun 29, 2026
@egibs

egibs commented Jul 1, 2026

Copy link
Copy Markdown
Member

@dependabot recreate

@dependabot dependabot Bot force-pushed the dependabot/go_modules/gomod-50d4636036 branch from c6e4f1b to e3a66f0 Compare July 1, 2026 14:17
Bumps the gomod group with 5 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [chainguard.dev/apko](https://github.com/chainguard-dev/apko) | `1.2.17` | `1.2.19` |
| [github.com/chainguard-dev/clog](https://github.com/chainguard-dev/clog) | `1.8.0` | `1.8.1` |
| [github.com/chainguard-dev/yam](https://github.com/chainguard-dev/yam) | `0.2.63` | `0.2.65` |
| [github.com/docker/cli](https://github.com/docker/cli) | `29.5.3+incompatible` | `29.6.1+incompatible` |
| [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry) | `0.21.6` | `0.21.7` |



Updates `chainguard.dev/apko` from 1.2.17 to 1.2.19
- [Release notes](https://github.com/chainguard-dev/apko/releases)
- [Changelog](https://github.com/chainguard-dev/apko/blob/main/NEWS.md)
- [Commits](chainguard-dev/apko@v1.2.17...v1.2.19)

Updates `github.com/chainguard-dev/clog` from 1.8.0 to 1.8.1
- [Release notes](https://github.com/chainguard-dev/clog/releases)
- [Commits](chainguard-dev/clog@v1.8.0...v1.8.1)

Updates `github.com/chainguard-dev/yam` from 0.2.63 to 0.2.65
- [Commits](chainguard-dev/yam@v0.2.63...v0.2.65)

Updates `github.com/docker/cli` from 29.5.3+incompatible to 29.6.1+incompatible
- [Commits](docker/cli@v29.5.3...v29.6.1)

Updates `github.com/google/go-containerregistry` from 0.21.6 to 0.21.7
- [Release notes](https://github.com/google/go-containerregistry/releases)
- [Commits](google/go-containerregistry@v0.21.6...v0.21.7)

---
updated-dependencies:
- dependency-name: chainguard.dev/apko
  dependency-version: 1.2.19
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: gomod
- dependency-name: github.com/chainguard-dev/clog
  dependency-version: 1.8.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: gomod
- dependency-name: github.com/chainguard-dev/yam
  dependency-version: 0.2.65
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: gomod
- dependency-name: github.com/docker/cli
  dependency-version: 29.6.1+incompatible
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gomod
- dependency-name: github.com/google/go-containerregistry
  dependency-version: 0.21.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: gomod
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/go_modules/gomod-50d4636036 branch from e3a66f0 to cd28fb4 Compare July 2, 2026 15:23
@dependabot @github

dependabot Bot commented on behalf of github Jul 3, 2026

Copy link
Copy Markdown
Contributor Author

Looks like these dependencies are updatable in another way, so this is no longer needed.

@dependabot dependabot Bot closed this Jul 3, 2026
@dependabot dependabot Bot deleted the dependabot/go_modules/gomod-50d4636036 branch July 3, 2026 15:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file go Pull requests that update Go code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant