Skip to content

chore(deps): bump the go-dependencies group across 1 directory with 4 updates#83

Merged
trly merged 1 commit into
mainfrom
dependabot/go_modules/go-dependencies-4268151aa9
Jun 7, 2026
Merged

chore(deps): bump the go-dependencies group across 1 directory with 4 updates#83
trly merged 1 commit into
mainfrom
dependabot/go_modules/go-dependencies-4268151aa9

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github May 22, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Bumps the go-dependencies group with 4 updates in the / directory: github.com/compose-spec/compose-go/v2, github.com/go-git/go-git/v5, github.com/google/go-containerregistry and gopkg.in/ini.v1.

Updates github.com/compose-spec/compose-go/v2 from 2.10.2 to 2.11.0

Release notes

Sourced from github.com/compose-spec/compose-go/v2's releases.

v2.11.0

What's Changed

New Contributors

Full Changelog: compose-spec/compose-go@v2.10.2...v2.11.0

Commits
  • 468e314 fix(reset): add caching and visit limits to alias resolution
  • c9079e9 fix: preserve empty slices in OmitEmpty for schema validation
  • e350f08 bump JSON Schema to draft 2020-12
  • f8882ec fix: use go.yaml.in/yaml/v4 instead of gopkg.in/yaml.v3
  • 514d71d refactor: use parseString method on receiver and reuse in DecodeMapstructure
  • 3db7330 fix: add UnmarshalJSON and UnmarshalYAML to UnitBytes for round-trip support
  • See full diff in compare view

Updates github.com/go-git/go-git/v5 from 5.18.0 to 5.19.1

Release notes

Sourced from github.com/go-git/go-git/v5's releases.

v5.19.1

What's Changed

Full Changelog: go-git/go-git@v5.19.0...v5.19.1

v5.19.0

What's Changed

Full Changelog: go-git/go-git@v5.18.0...v5.19.0

Commits
  • 3c3be60 Merge pull request #2137 from go-git/validate-v5
  • 3fba897 plumbing: format/packfile, cap delta chain depth in parser
  • a97d660 Merge pull request #2125 from hiddeco/v5/format-input-bounds
  • aeaa125 plumbing: format/objfile, require Header before Read
  • 1f38e17 plumbing: format/packfile, bound inflate size
  • f7545a0 plumbing: format/idxfile, bound nr by file size
  • 170b881 Merge pull request #2116 from pjbgf/symlink-v5
  • 7b6d994 Merge pull request #2117 from hiddeco/v5/worktree-fs-mkdirall-root-noop
  • f0709b3 git: Stop validating symlink target paths
  • 776d00f git: Allow MkdirAll on worktree-root paths
  • Additional commits viewable in compare view

Updates github.com/google/go-containerregistry from 0.21.5 to 0.21.6

Release notes

Sourced from github.com/google/go-containerregistry's releases.

v0.21.6

What's Changed

New Contributors

Full Changelog: google/go-containerregistry@v0.21.5...v0.21.6

Commits
  • 53f7e39 Update go version to 1.26.3 (#2300)
  • bf87c3b transport: allow bearer realm at same host:port as registry (#2302)
  • c55facd transport: retry HTTP 429 (Too Many Requests) (#2301)
  • 68a569e fix: preserve per-occurrence layer identity in Layers() (#2299)
  • 35b354b fix(mutate): preserve config blob and layers for non-Docker OCI artifacts (#2...
  • e5983f2 remote: block SSRF via private-IP Location headers in blob uploads (#2295)
  • 6dad820 remote: validate foreign layer URLs to prevent SSRF (fixes #2259) (#2293)
  • 78bdf1b validate: skip non-layer layers (#2298)
  • c29d91c pkg/v1/mutate: preserve relative symlinks that stay within rootfs in Extract ...
  • a70d75a transport: block redirects from token server to private/link-local addresses ...
  • Additional commits viewable in compare view

Updates gopkg.in/ini.v1 from 1.67.1 to 1.67.2

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
chore(deps): bump the go-dependencies group across 1 directory with 4…
9fa2c13 
… updates

Bumps the go-dependencies group with 4 updates in the / directory: [github.com/compose-spec/compose-go/v2](https://github.com/compose-spec/compose-go), [github.com/go-git/go-git/v5](https://github.com/go-git/go-git), [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry) and gopkg.in/ini.v1.


Updates `github.com/compose-spec/compose-go/v2` from 2.10.2 to 2.11.0
- [Release notes](https://github.com/compose-spec/compose-go/releases)
- [Commits](compose-spec/compose-go@v2.10.2...v2.11.0)

Updates `github.com/go-git/go-git/v5` from 5.18.0 to 5.19.1
- [Release notes](https://github.com/go-git/go-git/releases)
- [Changelog](https://github.com/go-git/go-git/blob/main/HISTORY.md)
- [Commits](go-git/go-git@v5.18.0...v5.19.1)

Updates `github.com/google/go-containerregistry` from 0.21.5 to 0.21.6
- [Release notes](https://github.com/google/go-containerregistry/releases)
- [Commits](google/go-containerregistry@v0.21.5...v0.21.6)

Updates `gopkg.in/ini.v1` from 1.67.1 to 1.67.2

---
updated-dependencies:
- dependency-name: github.com/compose-spec/compose-go/v2
  dependency-version: 2.11.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-dependencies
- dependency-name: github.com/go-git/go-git/v5
  dependency-version: 5.19.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-dependencies
- dependency-name: github.com/google/go-containerregistry
  dependency-version: 0.21.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go-dependencies
- dependency-name: gopkg.in/ini.v1
  dependency-version: 1.67.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update go code labels May 22, 2026
@codecov

codecov Bot commented May 22, 2026

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!

@trly trly merged commit 819c491 into main Jun 7, 2026
10 of 11 checks passed
@dependabot dependabot Bot deleted the dependabot/go_modules/go-dependencies-4268151aa9 branch June 7, 2026 13:50
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file go Pull requests that update go code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@trly