Skip to content

🌱 Bump the gomod group across 2 directories with 8 updates #4815

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Oct 10, 2025
Merged

🌱 Bump the gomod group across 2 directories with 8 updates #4815

merged 1 commit into from
Oct 10, 2025

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Oct 6, 2025

Bumps the gomod group with 7 updates in the / directory:

Package From To
cloud.google.com/go/bigquery 1.70.0 1.71.0
github.com/bradleyfalzon/ghinstallation/v2 2.16.0 2.17.0
github.com/go-git/go-git/v5 5.16.2 5.16.3
github.com/moby/buildkit 0.24.0 0.25.0
google.golang.org/protobuf 1.36.9 1.36.10
github.com/onsi/ginkgo/v2 2.25.3 2.26.0
gitlab.com/gitlab-org/api/client-go 0.148.1 0.151.0

Bumps the gomod group with 3 updates in the /tools directory: google.golang.org/protobuf, github.com/onsi/ginkgo/v2 and github.com/goreleaser/goreleaser/v2.

Updates cloud.google.com/go/bigquery from 1.70.0 to 1.71.0

Release notes

Sourced from cloud.google.com/go/bigquery's releases.

bigquery: v1.71.0

1.71.0 (2025-09-30)

Features

  • bigquery/analyticshub: You can now configure listings for multiple regions for shared datasets and linked dataset replicas in BigQuery sharing (10e67ef)
  • bigquery/reservation: Add a new field failover_mode to .google.cloud.bigquery.reservation.v1.FailoverReservationRequest that allows users to choose between the HARD or SOFT failover modes when they initiate a failover operation on a reservation (10e67ef)
  • bigquery/reservation: Add a new field soft_failover_start_time in the existing replication_status in .google.cloud.bigquery.reservation.v1.Reservation to provide visibility into the state of ongoing soft failover operations on the reservation (10e67ef)
  • bigquery: Add support for MaxSlots (#12958) (a3c0aca)
Commits
  • 36c1280 chore(main): release spanner 1.71.0 (#11009)
  • d81a1a7 feat(spanner): client built in metrics (#10998)
  • 1e27b43 chore(main): release storage 1.46.0 (#11010)
  • e1f67b1 chore: get publish docs build working with new release process (#11069)
  • 4fb2a0f fix: do not override credentials if build providers a SECRET_MANAGER_PROJECT_...
  • 37191c6 fix: fix type in SECRET_MANAGER_PROJECT_ID name (#11065)
  • 8a055ce chore(storage): bump auth dependency (#11067)
  • fc52b21 chore: update build scripts to be able to support migration to use release ko...
  • 6c6a6a1 chore(main): release bigquery 1.64.0 (#10978)
  • 16a1f95 chore(main): release auth/oauth2adapt 0.2.5 (#11063)
  • Additional commits viewable in compare view

Updates github.com/bradleyfalzon/ghinstallation/v2 from 2.16.0 to 2.17.0

Release notes

Sourced from github.com/bradleyfalzon/ghinstallation/v2's releases.

v2.17.0

What's Changed

New Contributors

Full Changelog: bradleyfalzon/ghinstallation@v2.16.0...v2.17.0

Commits
  • 6efd7de Update google/go-github to v75
  • a41d4c3 fix branch name
  • 8faada7 update golangci-lint to v2.2.x
  • fed3685 Update go-github to v73
  • 050fa87 Update README: improve formatting, replace GoDoc with GoReference
  • See full diff in compare view

Updates github.com/go-git/go-git/v5 from 5.16.2 to 5.16.3

Release notes

Sourced from github.com/go-git/go-git/v5's releases.

v5.16.3

What's Changed

Full Changelog: go-git/go-git@v5.16.2...v5.16.3

Commits
  • ad9a3a5 Merge pull request #1633 from baloo/baloo/release-5.x/jj-signed-commits
  • f2c3467 plumbing: support extra headers, support jujutsu signed commit [5.x]
  • c12263d Merge pull request #1646 from baloo/baloo/release-5.x/fixup-windows-ci
  • 111f374 build: disable fuzzing on maintenance branch
  • 15d46ce build: raise timeouts for windows CI tests
  • ce83ba1 Merge pull request #1644 from baloo/baloo/release-5.x/fixup-build
  • b486201 internal: Expand regex to fix build
  • See full diff in compare view

Updates github.com/moby/buildkit from 0.24.0 to 0.25.0

Release notes

Sourced from github.com/moby/buildkit's releases.

v0.25.0

buildkit 0.25.0

Welcome to the v0.25.0 release of buildkit!

Please try out the release binaries and report any issues at https://github.com/moby/buildkit/issues.

Contributors

  • Tõnis Tiigi
  • CrazyMax
  • Jonathan A. Sternberg
  • Akihiro Suda
  • Brian Goff
  • greggu
  • Sebastiaan van Stijn
  • Søren Hansen
  • Vigilans
  • Sam Oluwalana
  • Shivam
  • Tianon Gravi
  • nikelborm

Notable Changes

  • Git sources now support working with SHA-256 based code repositories. #6194
  • New Checksum has been added to llb.Image to specify verification digest of the image. Unlike the existing digest in the image reference, where digest overrides the tag if both are set, in this mode, the image is resolved by the tag and only verified by checksum. #6234
  • The remote cache exporter (also used in provenance creation) has been completely rewritten to solve various concurrency and loop issues. There should be no user-visible changes in the cache format itself. #6129
  • BuildKit daemon now supports a way to add custom fields to the provenance attestation to specify the environment BuildKit is running in. Additional field are picked up from config files in /etc/buildkitd/provenance.d directory. #6210
  • Containerd executor on Windows now supports HyperVIsolation option. #6224
  • Included runc container runtime has been updated to v1.3.1 #6236
  • CNI plugins have been updated to v1.8.0 #6185
  • Qemu emulation binaries have been updated to v10.0.4. #6215
  • Fix possible infinite loop when exporting cache #6186
  • Fix issue where some errors could lose their source or stack information when wrapped with errors.Join. #6226
  • Multiple fixes to how the builds from Git context are recorded in provenance. #6213
  • Fix issue where build arguments could be missing in the history record's provenance attestation. #6221
  • Fix issue where materials=false could be incorrectly set in provenance attestation for a build that used frontend inputs. #6203
  • Fix not setting the platform in the subject descriptor of the OCI artifact-style attestation manifest. This confused some registries. #6191
  • Fix some improper formatting in error messages. #6192
  • Fix issue with checking out annotated tags by full reference. #6244

Dependency Changes

  • github.com/docker/cli v28.3.3 -> v28.4.0
  • google.golang.org/protobuf v1.36.6 -> v1.36.9

... (truncated)

Commits
  • 14d1ccb Merge pull request #6255 from jsternberg/v0.25-picks-0.25.0
  • 9558f8a git: fix issue with checking out annotated tags by full ref
  • f2a7ec9 Fix grpcerrors.AsGRPCStatus to ignore OK and Unknown status codes for
  • 8b248a9 alpine: fix issue with openssh pkg in 3.22
  • d369dc1 dockerfile: skip customenv tests in dockerd worker
  • c8fad61 Merge pull request #6237 from jsternberg/hack-compose
  • 2777c1b Merge pull request #6236 from tonistiigi/runc-v1.3.1
  • 916074c hack: update hack/compose with newer otel collector
  • eb49527 Merge pull request #6234 from tonistiigi/llb-image-checksum
  • b7176d5 update runc to v1.3.1
  • Additional commits viewable in compare view

Updates google.golang.org/protobuf from 1.36.9 to 1.36.10

Updates github.com/onsi/ginkgo/v2 from 2.25.3 to 2.26.0

Release notes

Sourced from github.com/onsi/ginkgo/v2's releases.

v2.26.0

2.26.0

Features

Ginkgo can now generate json-formatted reports that are compatible with the go test json format. Use ginkgo --gojson-report=report.go.json. This is not intended to be a replacement for Ginkgo's native json format which is more information rich and better models Ginkgo's test structure semantics.

Changelog

Sourced from github.com/onsi/ginkgo/v2's changelog.

2.26.0

Features

Ginkgo can now generate json-formatted reports that are compatible with the go test json format. Use ginkgo --gojson-report=report.go.json. This is not intended to be a replacement for Ginkgo's native json format which is more information rich and better models Ginkgo's test structure semantics.

Commits

Updates gitlab.com/gitlab-org/api/client-go from 0.148.1 to 0.151.0

Release notes

Sourced from gitlab.com/gitlab-org/api/client-go's releases.

v0.151.0

0.151.0

🚀 Features

🔄 Other Changes

  • docs(no-release): Make it easier to find the docs on issues (!2497) by Heidi Berry

0.151.0 (2025-10-04)

Features

  • api: add api support for delete enterprise user (36ca8ab)

v0.150.0

0.150.0

🚀 Features

🔄 Other Changes

  • chore(deps): update module buf.build/gen/go/bufbuild/protovalidate/protocolbuffers/go to v1.36.10-20250912141014-52f32327d4b0.1 (!2495) by GitLab Dependency Bot
  • chore(deps): update module github.com/danieljoos/wincred to v1.2.3 (!2494) by GitLab Dependency Bot

0.150.0 (2025-10-03)

Features

  • add Project Aliases API support (4ece88e)

v0.149.0

0.149.0

🚀 Features

🔄 Other Changes

... (truncated)

Changelog

Sourced from gitlab.com/gitlab-org/api/client-go's changelog.

0.151.0

🚀 Features

🔄 Other Changes

  • docs(no-release): Make it easier to find the docs on issues (!2497) by Heidi Berry

0.151.0 (2025-10-04)

Features

  • api: add api support for delete enterprise user (36ca8ab)

0.150.0

🚀 Features

🔄 Other Changes

  • chore(deps): update module buf.build/gen/go/bufbuild/protovalidate/protocolbuffers/go to v1.36.10-20250912141014-52f32327d4b0.1 (!2495) by GitLab Dependency Bot
  • chore(deps): update module github.com/danieljoos/wincred to v1.2.3 (!2494) by GitLab Dependency Bot

0.150.0 (2025-10-03)

Features

  • add Project Aliases API support (4ece88e)

0.149.0

🚀 Features

🔄 Other Changes

... (truncated)

Commits
  • ae40a60 chore(release): 0.151.0 [skip ci]
  • a285314 Merge branch 'feature/api-delete-enterprise-user' into 'main'
  • 36ca8ab feat(api): add api support for delete enterprise user
  • cc1e3e1 Merge branch 'update-issue-template' into 'main'
  • 138737e docs(no-release): Make it easier to find the docs on issues
  • 04dd1cb chore(release): 0.150.0 [skip ci]
  • b8a54f4 Merge branch 'feature/create-api' into 'main'
  • 4ece88e feat: add Project Aliases API support
  • 01b5299 Merge branch 'renovate/buf.build-gen-go-bufbuild-protovalidate-protocolbuffer...
  • d478474 Merge branch 'renovate/github.com-danieljoos-wincred-1.x' into 'main'
  • Additional commits viewable in compare view

Updates google.golang.org/protobuf from 1.36.9 to 1.36.10

Updates github.com/onsi/ginkgo/v2 from 2.25.3 to 2.26.0

Release notes

Sourced from github.com/onsi/ginkgo/v2's releases.

v2.26.0

2.26.0

Features

Ginkgo can now generate json-formatted reports that are compatible with the go test json format. Use ginkgo --gojson-report=report.go.json. This is not intended to be a replacement for Ginkgo's native json format which is more information rich and better models Ginkgo's test structure semantics.

Changelog

Sourced from github.com/onsi/ginkgo/v2's changelog.

2.26.0

Features

Ginkgo can now generate json-formatted reports that are compatible with the go test json format. Use ginkgo --gojson-report=report.go.json. This is not intended to be a replacement for Ginkgo's native json format which is more information rich and better models Ginkgo's test structure semantics.

Commits

Updates github.com/goreleaser/goreleaser/v2 from 2.12.3 to 2.12.5

Release notes

Sourced from github.com/goreleaser/goreleaser/v2's releases.

v2.12.5

Announcement

Read the official announcement: Announcing GoReleaser v2.12.

Changelog

Full Changelog: goreleaser/goreleaser@v2.12.4...v2.12.5

Helping out

This release is only possible thanks to all the support of some awesome people!

Want to be one of them? You can sponsor, get a Pro License or contribute with code.

Where to go next?

v2.12.4

Announcement

Read the official announcement: Announcing GoReleaser v2.12.

Changelog

Bug fixes

  • 5991ec91496c03a47697fcd079ff6e38d9a0b6c2: fix(deps): update fang, fix error handler (@​caarlos0)
  • ed03d582220e93c25d84a352435ae19a6f403781: fix(docker/v2): handle bad COPY/ADD (@​caarlos0)
  • 6c058569c53da9de5c5cd54fa1568e182fa6b004: fix(docker/v2): more logs (@​caarlos0)
  • 806492d3ff2621b95458f89f676d0d521582a7b5: fix(makeself): path to script, better tests (@​caarlos0)
  • 0ffcd8f444653cab8a4c95fad1290dcb9b39f48d: fix: error handling in github actions (@​caarlos0)

Full Changelog: goreleaser/goreleaser@v2.12.3...v2.12.4

Helping out

This release is only possible thanks to all the support of some awesome people!

Want to be one of them? You can sponsor, get a Pro License or contribute with code.

Where to go next?

  • Find examples and commented usage of all options in our website.

... (truncated)

Commits
  • 8696231 chore(deps): bump squidfunk/mkdocs-material from 86d21da to 00f9276 in /w...
  • a054c27 chore(deps): bump mkdocs-material from 9.6.20 to 9.6.21 in /www (#6134)
  • a402b93 chore(deps): bump github.com/mark3labs/mcp-go from 0.41.0 to 0.41.1 (#6132)
  • 93904a8 chore(deps): bump github.com/charmbracelet/fang from 0.4.2 to 0.4.3 (#6133)
  • 6b88cc1 chore(deps): bump astral-sh/setup-uv from 6.7.0 to 6.8.0 (#6131)
  • e935173 chore(deps): bump ossf/scorecard-action from 2.4.2 to 2.4.3 (#6130)
  • 2fdc921 chore: auto-update generated files
  • 5d21342 chore: auto-update generated files
  • 806492d fix(makeself): path to script, better tests
  • 5991ec9 fix(deps): update fang, fix error handler
  • Additional commits viewable in compare view

Most Recent Ignore Conditions Applied to This Pull Request
Dependency Name Ignore Conditions
gitlab.com/gitlab-org/api/client-go [>= 0.118.a, < 0.119]
gitlab.com/gitlab-org/api/client-go [>= 0.117.a, < 0.118]

You can trigger a rebase of this PR by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
🌱 Bump the gomod group across 2 directories with 8 updates
990c918 
Bumps the gomod group with 7 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [cloud.google.com/go/bigquery](https://github.com/googleapis/google-cloud-go) | `1.70.0` | `1.71.0` |
| [github.com/bradleyfalzon/ghinstallation/v2](https://github.com/bradleyfalzon/ghinstallation) | `2.16.0` | `2.17.0` |
| [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) | `5.16.2` | `5.16.3` |
| [github.com/moby/buildkit](https://github.com/moby/buildkit) | `0.24.0` | `0.25.0` |
| google.golang.org/protobuf | `1.36.9` | `1.36.10` |
| [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo) | `2.25.3` | `2.26.0` |
| [gitlab.com/gitlab-org/api/client-go](https://gitlab.com/gitlab-org/api/client-go) | `0.148.1` | `0.151.0` |

Bumps the gomod group with 3 updates in the /tools directory: google.golang.org/protobuf, [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo) and [github.com/goreleaser/goreleaser/v2](https://github.com/goreleaser/goreleaser).


Updates `cloud.google.com/go/bigquery` from 1.70.0 to 1.71.0
- [Release notes](https://github.com/googleapis/google-cloud-go/releases)
- [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/CHANGES.md)
- [Commits](googleapis/google-cloud-go@spanner/v1.70.0...spanner/v1.71.0)

Updates `github.com/bradleyfalzon/ghinstallation/v2` from 2.16.0 to 2.17.0
- [Release notes](https://github.com/bradleyfalzon/ghinstallation/releases)
- [Commits](bradleyfalzon/ghinstallation@v2.16.0...v2.17.0)

Updates `github.com/go-git/go-git/v5` from 5.16.2 to 5.16.3
- [Release notes](https://github.com/go-git/go-git/releases)
- [Commits](go-git/go-git@v5.16.2...v5.16.3)

Updates `github.com/moby/buildkit` from 0.24.0 to 0.25.0
- [Release notes](https://github.com/moby/buildkit/releases)
- [Commits](moby/buildkit@v0.24.0...v0.25.0)

Updates `google.golang.org/protobuf` from 1.36.9 to 1.36.10

Updates `github.com/onsi/ginkgo/v2` from 2.25.3 to 2.26.0
- [Release notes](https://github.com/onsi/ginkgo/releases)
- [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md)
- [Commits](onsi/ginkgo@v2.25.3...v2.26.0)

Updates `gitlab.com/gitlab-org/api/client-go` from 0.148.1 to 0.151.0
- [Release notes](https://gitlab.com/gitlab-org/api/client-go/tags)
- [Changelog](https://gitlab.com/gitlab-org/api/client-go/blob/main/CHANGELOG.md)
- [Commits](https://gitlab.com/gitlab-org/api/client-go/compare/v0.148.1...v0.151.0)

Updates `google.golang.org/protobuf` from 1.36.9 to 1.36.10

Updates `github.com/onsi/ginkgo/v2` from 2.25.3 to 2.26.0
- [Release notes](https://github.com/onsi/ginkgo/releases)
- [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md)
- [Commits](onsi/ginkgo@v2.25.3...v2.26.0)

Updates `github.com/goreleaser/goreleaser/v2` from 2.12.3 to 2.12.5
- [Release notes](https://github.com/goreleaser/goreleaser/releases)
- [Changelog](https://github.com/goreleaser/goreleaser/blob/main/.goreleaser.yaml)
- [Commits](goreleaser/goreleaser@v2.12.3...v2.12.5)

---
updated-dependencies:
- dependency-name: cloud.google.com/go/bigquery
  dependency-version: 1.71.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gomod
- dependency-name: github.com/bradleyfalzon/ghinstallation/v2
  dependency-version: 2.17.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gomod
- dependency-name: github.com/go-git/go-git/v5
  dependency-version: 5.16.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: gomod
- dependency-name: github.com/moby/buildkit
  dependency-version: 0.25.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gomod
- dependency-name: google.golang.org/protobuf
  dependency-version: 1.36.10
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: gomod
- dependency-name: github.com/onsi/ginkgo/v2
  dependency-version: 2.26.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gomod
- dependency-name: gitlab.com/gitlab-org/api/client-go
  dependency-version: 0.151.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gomod
- dependency-name: google.golang.org/protobuf
  dependency-version: 1.36.10
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: gomod
- dependency-name: github.com/onsi/ginkgo/v2
  dependency-version: 2.26.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gomod
- dependency-name: github.com/goreleaser/goreleaser/v2
  dependency-version: 2.12.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: gomod
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Oct 6, 2025
@dependabot dependabot bot requested a review from a team as a code owner October 6, 2025 08:15
@dependabot dependabot bot requested review from AdamKorcz and raghavkaul and removed request for a team October 6, 2025 08:15
@dependabot dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Oct 6, 2025
@dosubot dosubot bot added the size:M This PR changes 30-99 lines, ignoring generated files. label Oct 6, 2025
@dependabot dependabot bot temporarily deployed to integration-test October 6, 2025 08:16 Inactive
spencerschrock
spencerschrock approved these changes Oct 10, 2025
View reviewed changes
Copy link
Member

@spencerschrock spencerschrock left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@dependabot squash and merge

@dependabot Dependabot
Copy link
Contributor Author

dependabot bot commented on behalf of github Oct 10, 2025

Beginning January 27, 2026, Dependabot will no longer support the @dependabot squash and merge command. Please use GitHub's native pull request controls instead. Please see the changelog announcement for additional details.

@dependabot dependabot bot merged commit f3671d9 into main Oct 10, 2025
39 checks passed
@dependabot dependabot bot deleted the dependabot/go_modules/gomod-4038fed5ab branch October 10, 2025 23:47
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@spencerschrock spencerschrock spencerschrock approved these changes

@raghavkaul raghavkaul Awaiting requested review from raghavkaul raghavkaul is a code owner automatically assigned from ossf/scorecard-maintainers

@AdamKorcz AdamKorcz Awaiting requested review from AdamKorcz AdamKorcz is a code owner automatically assigned from ossf/scorecard-maintainers

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file go Pull requests that update Go code size:M This PR changes 30-99 lines, ignoring generated files.

Projects

OpenSSF Scorecard
Status: Done

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@spencerschrock