Skip to content

chore: update dependencies #181

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

chore: update dependencies #181

wants to merge 1 commit into from

Conversation

@renovate
Copy link

@renovate renovate bot commented Jan 20, 2025
edited
Loading

Update Request | Renovate Bot

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
github.com/anchore/syft v1.37.0 -> v1.38.0 age adoption passing confidence
github.com/dsseng/syft v1.26.2-0.20250703101014-f39c35d156d9 -> v1.28.0 age adoption passing confidence
github.com/moby/buildkit v0.25.2 -> v0.26.2 age adoption passing confidence
go.yaml.in/yaml/v4 v4.0.0-rc.2 -> v4.0.0-rc.3 age adoption passing confidence
golang.org/x/sync v0.17.0 -> v0.18.0 age adoption passing confidence

Release Notes

anchore/syft (github.com/anchore/syft)

v1.38.0

Compare Source

Added Features
Bug Fixes
  • Support extras statements in Python PDM cataloger [#​4352 @​wagoodman]
  • Preserve --from argument order [#​4350 @​wagoodman]
  • SBOM generated by Syft 1.28 contains license elements missing id or name (causing CycloneDX parser error) [#​4363]
  • empty PURL output in dependency snapshot format breaks sbom-action [#​4311]
  • Interface includes constraint elements, can only be used in type parameters [#​4346]
  • Upgrade github.com/nwaples/rardecode@​v1.1.3 to 2.2.1 [#​4338]
  • Upgrade to Golang 1.25.4 [#​4341]
Additional Changes

(Full Changelog)

dsseng/syft (github.com/dsseng/syft)

v1.28.0

Compare Source

v1.27.1

Compare Source

moby/buildkit (github.com/moby/buildkit)

v0.26.2

Compare Source

Welcome to the v0.26.2 release of buildkit!

Please try out the release binaries and report any issues at
https://github.com/moby/buildkit/issues.

Contributors
  • CrazyMax
  • Tõnis Tiigi
Notable Changes
  • Fix possible error when uploading big files to S3 cache exporter #​6373
Dependency Changes

This release has no dependency changes

Previous release can be found at v0.26.1

v0.26.1

Compare Source

Welcome to the v0.26.1 release of buildkit!

Please try out the release binaries and report any issues at
https://github.com/moby/buildkit/issues.

Contributors
  • Tõnis Tiigi
Notable Changes
  • Fix excessive chunking when fetching blobs #​6366
Dependency Changes

This release has no dependency changes

Previous release can be found at v0.26.0

v0.26.0

Compare Source

buildkit 0.26.0

Welcome to the v0.26.0 release of buildkit!

Please try out the release binaries and report any issues at
https://github.com/moby/buildkit/issues.

Contributors
  • Tõnis Tiigi
  • CrazyMax
  • Akihiro Suda
  • Sebastiaan van Stijn
  • Jonathan A. Sternberg
  • Brian Goff
  • Dawei Wei
  • Alberto Garcia Hierro
  • Damon Holden
  • David Karlsson
  • Justin Chadwell
  • Mikhail Dmitrichenko
  • bpascard
Notable Changes
  • Change how file checksum is calculated when wildcards and include/exclude patterns are involved to better align with how they are calculated in the non-wildcard path. #​6238
  • LLB Copy operation now allows specifying required paths to be included in the copy. #​6229
  • Fixed race condition between cache and snapshot for the Git source. #​6281
  • Fixed race condition in HTTP cache key digest computation that could cause duplicate requests and digest mismatch errors. #​6292
  • Runc container runtime has been updated to v1.3.3. #​6331
  • Source metadata requests via ResolveSourceMeta, previously available for image sources, can now be performed for Git sources. This can be used to resolve Git commit and tag checksums and also to access the raw commit and tag objects for further verification. #​6283
  • Source metadata requests via ResolveSourceMeta, previously available for image sources, can now be performed for HTTP sources. This can be used to access artifact checksums, last-modified time etc. #​6285
  • Git sources can now perform verification of GPG or SSH signatures on commits and tags. Enable git signature checks via source policy. #​6300 #​6344
  • contentutil package now supports moving referrer objects when using CopyChain function. #​6336
  • Fix fetch by commit for git source when tags change or branch names are updated. #​6259
  • Fix http connection leak when resolving metadata from http source on non-2xx HTTP status codes. #​6313
  • A new type of source policies has been added that supports making policy decisions on the client side via session tunnel. #​6276
  • Add buildkit capability for detecting if source policy decisions can be made via session tunnel. #​6345
  • Avoid intermediate type wrappers for custom fields in provenance. #​6275
  • Add raw commit/tag object access when resolving git source metadata. #​6298
  • Move image source resolver away from the ResolveImageConfig type to ResolveSourceMetadata. #​6330 # probably not needed for changelog
  • Fix inline cache used with multiple exporters. #​6263
  • Fix handling multiple inline cache exporters configured for single build. #​6272
  • Fix handling of annotated Git tags. The pin of the annotated tag should be the SHA of the tag and not the commit it is pointing to. #​6251
  • Fix source policy attributes validation when multiple rules use the same identifier. #​6342
Dependency Changes
  • github.com/Azure/azure-sdk-for-go/sdk/azcore v1.16.0 -> v1.18.2
  • github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.8.0 -> v1.11.0
  • github.com/Azure/azure-sdk-for-go/sdk/internal v1.10.0 -> v1.11.2
  • github.com/AzureAD/microsoft-authentication-library-for-go v1.3.2 -> v1.4.2
  • github.com/Microsoft/hcsshim v0.13.0 -> v0.14.0-rc.1
  • github.com/ProtonMail/go-crypto v1.3.0 new
  • github.com/aws/aws-sdk-go-v2 v1.30.3 -> v1.38.1
  • github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.3 -> v1.7.0
  • github.com/aws/aws-sdk-go-v2/config v1.27.27 -> v1.31.3
  • github.com/aws/aws-sdk-go-v2/credentials v1.17.27 -> v1.18.7
  • github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.11 -> v1.18.4
  • github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.17.8 -> v1.17.10
  • github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.15 -> v1.4.4
  • github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.15 -> v2.7.4
  • github.com/aws/aws-sdk-go-v2/internal/ini v1.8.0 -> v1.8.3
  • github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.15 -> v1.4.4
  • github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.3 -> v1.13.0
  • github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.3.17 -> v1.8.4
  • github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.17 -> v1.13.4
  • github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.17.15 -> v1.19.4
  • github.com/aws/aws-sdk-go-v2/service/s3 v1.58.2 -> v1.87.1
  • github.com/aws/aws-sdk-go-v2/service/sso v1.22.4 -> v1.28.2
  • github.com/aws/aws-sdk-go-v2/service/ssooidc v1.26.4 -> v1.34.0
  • github.com/aws/aws-sdk-go-v2/service/sts v1.30.3 -> v1.38.0
  • github.com/aws/smithy-go v1.20.3 -> v1.22.5
  • github.com/cenkalti/backoff/v5 v5.0.3 new
  • github.com/cloudflare/circl v1.6.0 new
  • github.com/containerd/cgroups/v3 v3.0.5 -> v3.1.0
  • github.com/containerd/containerd/api v1.9.0 -> v1.10.0
  • github.com/containerd/containerd/v2 v2.1.4 -> v2.2.0
  • github.com/containerd/go-cni v1.1.12 -> v1.1.13
  • github.com/containerd/nydus-snapshotter v0.15.2 -> v0.15.4
  • github.com/containerd/platforms v1.0.0-rc.1 -> v1.0.0-rc.2
  • github.com/containerd/stargz-snapshotter v0.16.3 -> v0.17.0
  • github.com/containerd/stargz-snapshotter/estargz v0.16.3 -> v0.17.0
  • github.com/containernetworking/plugins v1.7.1 -> v1.8.0
  • github.com/coreos/go-systemd/v22 v22.5.0 -> v22.6.0
  • github.com/docker/cli v28.4.0 -> v28.5.0
  • github.com/fatih/color v1.18.0 new
  • github.com/go-logr/logr v1.4.2 -> v1.4.3
  • github.com/gofrs/flock v0.12.1 -> v0.13.0
  • github.com/golang-jwt/jwt/v5 v5.2.2 -> v5.3.0
  • github.com/golang/groupcache 41bb18b -> 2c02b82
  • github.com/google/pprof 27863c8 -> f64d9cf
  • github.com/grpc-ecosystem/grpc-gateway/v2 v2.26.1 -> v2.27.2
  • github.com/hanwen/go-fuse/v2 v2.6.3 -> v2.8.0
  • github.com/hashicorp/go-retryablehttp v0.7.7 -> v0.7.8
  • github.com/hiddeco/sshsig v0.2.0 new
  • github.com/klauspost/compress v1.18.0 -> v1.18.1
  • github.com/mattn/go-colorable v0.1.14 new
  • github.com/moby/policy-helpers bcaa71c new
  • github.com/moby/sys/capability v0.4.0 new
  • github.com/opencontainers/runtime-tools 2e043c6 -> 0ea5ed0
  • github.com/prometheus/client_golang v1.22.0 -> v1.23.2
  • github.com/prometheus/client_model v0.6.1 -> v0.6.2
  • github.com/prometheus/common v0.62.0 -> v0.66.1
  • github.com/prometheus/procfs v0.15.1 -> v0.16.1
  • github.com/secure-systems-lab/go-securesystemslib v0.6.0 -> v0.9.1
  • github.com/stretchr/testify v1.10.0 -> v1.11.1
  • github.com/vbatts/tar-split v0.12.1 -> v0.12.2
  • go.opentelemetry.io/auto/sdk v1.1.0 -> v1.2.1
  • go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.60.0 -> v0.61.0
  • go.opentelemetry.io/contrib/instrumentation/net/http/httptrace/otelhttptrace v0.60.0 -> v0.61.0
  • go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.60.0 -> v0.61.0
  • go.opentelemetry.io/otel v1.35.0 -> v1.38.0
  • go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v1.35.0 -> v1.38.0
  • go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp v1.35.0 -> v1.38.0
  • go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.35.0 -> v1.38.0
  • go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.35.0 -> v1.38.0
  • go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.35.0 -> v1.38.0
  • go.opentelemetry.io/otel/metric v1.35.0 -> v1.38.0
  • go.opentelemetry.io/otel/sdk v1.35.0 -> v1.38.0
  • go.opentelemetry.io/otel/sdk/metric v1.35.0 -> v1.38.0
  • go.opentelemetry.io/otel/trace v1.35.0 -> v1.38.0
  • go.opentelemetry.io/proto/otlp v1.5.0 -> v1.7.1
  • go.yaml.in/yaml/v2 v2.4.2 new
  • golang.org/x/crypto v0.37.0 -> v0.42.0
  • golang.org/x/exp 7e4ce0a -> df92998
  • golang.org/x/mod v0.24.0 -> v0.29.0
  • golang.org/x/net v0.39.0 -> v0.44.0
  • golang.org/x/sync v0.16.0 -> v0.17.0
  • golang.org/x/sys v0.33.0 -> v0.37.0
  • golang.org/x/text v0.24.0 -> v0.29.0
  • golang.org/x/time v0.11.0 -> v0.14.0
  • google.golang.org/genproto/googleapis/api 56aae31 -> c5933d9
  • google.golang.org/genproto/googleapis/rpc 56aae31 -> c5933d9
  • google.golang.org/grpc v1.72.2 -> v1.76.0
  • google.golang.org/protobuf v1.36.9 -> v1.36.10
  • sigs.k8s.io/yaml v1.4.0 -> v1.6.0

Previous release can be found at v0.25.2

yaml/go-yaml (go.yaml.in/yaml/v4)

v4.0.0-rc.3

Compare Source

Configuration

📅 Schedule: Branch creation - Between 12:00 AM and 03:59 AM, only on Monday ( * 0-3 * * 1 ) (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot force-pushed the renovate/dependencies branch 3 times, most recently from 3354daf to cfde7d9 Compare January 29, 2025 11:14
@renovate renovate bot changed the title chore: update dependencies chore: update module github.com/google/go-github/v67 to v68 Jan 29, 2025
@renovate renovate bot force-pushed the renovate/dependencies branch 5 times, most recently from 05a83df to 8ea2f28 Compare February 4, 2025 10:27
@renovate renovate bot changed the title chore: update module github.com/google/go-github/v67 to v68 chore: update module github.com/google/go-github/v67 to v69 Feb 6, 2025
@renovate renovate bot force-pushed the renovate/dependencies branch 2 times, most recently from 3ce4e87 to 925275e Compare February 6, 2025 16:24
@renovate renovate bot force-pushed the renovate/dependencies branch 2 times, most recently from 4e08731 to 64d4c52 Compare February 16, 2025 12:10
@renovate renovate bot changed the title chore: update module github.com/google/go-github/v67 to v69 chore: update dependencies Feb 16, 2025
@renovate renovate bot force-pushed the renovate/dependencies branch 2 times, most recently from 5e097a7 to 32c2c5d Compare February 20, 2025 03:47
@renovate renovate bot force-pushed the renovate/dependencies branch 2 times, most recently from 2c9e01a to 846acb8 Compare March 1, 2025 03:49
@renovate renovate bot force-pushed the renovate/dependencies branch 2 times, most recently from c973bcb to ec6b76d Compare March 11, 2025 04:18
@renovate renovate bot force-pushed the renovate/dependencies branch 2 times, most recently from db019cf to 15a4a4b Compare March 21, 2025 11:59
@renovate renovate bot changed the title chore: update dependencies chore: update module github.com/google/go-github/v67 to v70 Mar 21, 2025
@renovate renovate bot force-pushed the renovate/dependencies branch from 15a4a4b to 4217c4c Compare March 26, 2025 23:52
@renovate renovate bot changed the title chore: update module github.com/google/go-github/v67 to v70 chore: update dependencies Mar 26, 2025
@renovate renovate bot force-pushed the renovate/dependencies branch 2 times, most recently from d2056b1 to 9621e53 Compare April 8, 2025 04:05
@renovate renovate bot force-pushed the renovate/dependencies branch from 9621e53 to 71db350 Compare April 17, 2025 03:57
@renovate renovate bot force-pushed the renovate/dependencies branch from 71db350 to 78eb53a Compare May 1, 2025 16:03
@renovate renovate bot force-pushed the renovate/dependencies branch 2 times, most recently from 2634856 to 21ec2a8 Compare August 9, 2025 03:24
@renovate renovate bot force-pushed the renovate/dependencies branch 3 times, most recently from 3a208d8 to 3e5cfee Compare August 21, 2025 16:13
@renovate renovate bot force-pushed the renovate/dependencies branch 3 times, most recently from 05ea0d7 to bd7ffc6 Compare September 2, 2025 07:39
@renovate renovate bot force-pushed the renovate/dependencies branch 4 times, most recently from 903ac51 to 5e31832 Compare September 7, 2025 15:24
@renovate renovate bot force-pushed the renovate/dependencies branch 2 times, most recently from e2d6900 to aba4860 Compare September 17, 2025 23:25
@renovate renovate bot force-pushed the renovate/dependencies branch 3 times, most recently from 5306d03 to 87ed8c4 Compare October 4, 2025 07:14
@renovate renovate bot force-pushed the renovate/dependencies branch from 87ed8c4 to 32fdb67 Compare October 8, 2025 08:15
@renovate renovate bot force-pushed the renovate/dependencies branch 2 times, most recently from fe138e1 to 35c89be Compare October 18, 2025 06:38
@renovate renovate bot force-pushed the renovate/dependencies branch from 35c89be to 1d58d6f Compare October 23, 2025 07:47
@renovate renovate bot force-pushed the renovate/dependencies branch from 1d58d6f to b6983cb Compare November 7, 2025 08:28
@renovate renovate bot changed the title chore: update dependencies chore: update module github.com/dsseng/syft to v1.28.0 Nov 7, 2025
@renovate renovate bot force-pushed the renovate/dependencies branch from b6983cb to 8f834f5 Compare November 9, 2025 11:56
@renovate renovate bot changed the title chore: update module github.com/dsseng/syft to v1.28.0 chore: update dependencies Nov 9, 2025
@renovate renovate bot force-pushed the renovate/dependencies branch from 8f834f5 to 56be02c Compare November 16, 2025 11:35
@renovate
Copy link
Author

renovate bot commented Nov 16, 2025

ℹ Artifact update notice

File name: go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

  • 23 additional dependencies were updated

Details:

Package Change
github.com/containerd/containerd/v2 v2.1.4 -> v2.2.0
github.com/docker/cli v28.4.0+incompatible -> v28.5.0+incompatible
github.com/go-jose/go-jose/v4 v4.1.1 -> v4.1.2
github.com/google/pprof v0.0.0-20250630185457-6e76a2b096b5 -> v0.0.0-20250820193118-f64d9cf942d6
github.com/klauspost/compress v1.18.0 -> v1.18.1
github.com/secure-systems-lab/go-securesystemslib v0.9.0 -> v0.9.1
go.opentelemetry.io/auto/sdk v1.1.0 -> v1.2.1
go.opentelemetry.io/otel v1.37.0 -> v1.38.0
go.opentelemetry.io/otel/metric v1.37.0 -> v1.38.0
go.opentelemetry.io/otel/sdk v1.37.0 -> v1.38.0
go.opentelemetry.io/otel/sdk/metric v1.37.0 -> v1.38.0
go.opentelemetry.io/otel/trace v1.37.0 -> v1.38.0
golang.org/x/crypto v0.39.0 -> v0.42.0
golang.org/x/exp v0.0.0-20250620022241-b7579e27df2b -> v0.0.0-20250911091902-df9299821621
golang.org/x/net v0.41.0 -> v0.44.0
golang.org/x/sys v0.33.0 -> v0.37.0
golang.org/x/term v0.32.0 -> v0.35.0
golang.org/x/text v0.26.0 -> v0.29.0
golang.org/x/time v0.12.0 -> v0.14.0
google.golang.org/genproto/googleapis/api v0.0.0-20250707201910-8d1bb00bc6a7 -> v0.0.0-20250825161204-c5933d9347a5
google.golang.org/genproto/googleapis/rpc v0.0.0-20250707201910-8d1bb00bc6a7 -> v0.0.0-20250825161204-c5933d9347a5
google.golang.org/grpc v1.73.0 -> v1.76.0
google.golang.org/protobuf v1.36.9 -> v1.36.10

@renovate renovate bot force-pushed the renovate/dependencies branch from 56be02c to 47dfe65 Compare November 19, 2025 08:04
@renovate
chore: update dependencies
7b44941 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
@renovate renovate bot force-pushed the renovate/dependencies branch from 47dfe65 to 7b44941 Compare November 20, 2025 15:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant