Skip to content

chore(deps): bump the go-minor-patch group across 1 directory with 30 updates#124

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/go_modules/go-minor-patch-99fd9f1a2f
Open

chore(deps): bump the go-minor-patch group across 1 directory with 30 updates#124
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/go_modules/go-minor-patch-99fd9f1a2f

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 29, 2026

Copy link
Copy Markdown
Contributor

Bumps the go-minor-patch group with 18 updates in the / directory:

Package From To
chainguard.dev/apko 1.2.7 1.2.19
chainguard.dev/melange 0.48.2 0.55.0
cloud.google.com/go/iam 1.7.0 1.11.0
github.com/DataDog/datadog-go/v5 5.8.3 5.9.0
github.com/Masterminds/semver/v3 3.4.0 3.5.0
github.com/anchore/clio 0.0.0-20250715152405-a0fa658e5084 0.1.1
github.com/anchore/grype 0.110.0 0.115.0
github.com/anthropics/anthropic-sdk-go 1.30.0 1.53.0
github.com/aws/aws-sdk-go-v2/feature/s3/manager 1.22.12 1.22.28
github.com/aws/aws-sdk-go-v2/service/ecr 1.56.2 1.58.4
github.com/go-openapi/strfmt 0.26.1 0.26.4
github.com/jackc/pgx/v5 5.9.2 5.10.0
github.com/sigstore/cosign/v2 2.6.2 2.6.3
github.com/sigstore/fulcio 1.8.5 1.8.7
github.com/sigstore/rekor 1.5.1 1.5.2
github.com/testcontainers/testcontainers-go 0.41.0 0.43.0
github.com/testcontainers/testcontainers-go/modules/minio 0.41.0 0.43.0
github.com/testcontainers/testcontainers-go/modules/postgres 0.41.0 0.43.0

Updates chainguard.dev/apko from 1.2.7 to 1.2.19

Release notes

Sourced from chainguard.dev/apko's releases.

Release v1.2.19

Changelog

  • e5786e98da1197260cc5e50720790f219275d94a Lower SBOM duplicate-package log from info to debug (#2293)
  • ed31a4b905bccd8c6c4d6aa30059e4fdaa0be6a1 build(deps): bump actions/checkout from 6.0.3 to 7.0.0 (#2291)
  • 3c28f352b04ceca6f64a351c1b29d49ca7626a80 build(deps): bump chainguard-dev/actions from 1.6.22 to 1.6.24 (#2292)
  • d6207d87bc02b5ba9684d1bef6f4d4b0bce6baac build(deps): bump chainguard.dev/sdk from 0.1.57 to 0.1.74 (#2290)
  • fa27c7c1345e2d5ba79f095c1332eee19f8456f5 build(deps): bump go.step.sm/crypto from 0.82.0 to 0.83.0 (#2280)
  • c6336e444560d92e2ac8e49d04f812b71bb12009 build(deps): bump golang.org/x/term from 0.43.0 to 0.44.0 (#2277)
  • bea498510167f23a17a8fd9646f94a231c566de5 build(deps): bump google.golang.org/api from 0.283.0 to 0.285.0 (#2287)
  • 5558f35b5b5fd27b50fe000f64395d8c6616216f paths: honor recursive for type: permissions, make uid/gid nullable (#2281)

Release v1.2.18

Changelog

  • ebd9255d91996b81a9b88723efbc9d563cfd863c build(deps): bump k8s.io/apimachinery from 0.36.1 to 0.36.2 (#2279)

Release v1.2.17

Changelog

  • 8a34ba83954913da4b79bd8a40ff124782f8f2cb Match apk-tools' provider comparison ordering in the solver (#2271)
  • 6b57924d877dc28152db9f2da9ad3d0cb99ae7eb build(deps): bump actions/checkout from 6.0.2 to 6.0.3 (#2264)
  • 5f564a223a51b616929ed196703913876c15a131 build(deps): bump chainguard-dev/actions from 1.6.19 to 1.6.22 (#2272)
  • a12506c066e3bac80f79412cd1aa3b12a6880ad6 build(deps): bump chainguard.dev/sdk from 0.1.55 to 0.1.57 (#2275)
  • b16043b42041f042965719cf4778895ed7cb5da5 build(deps): bump github/codeql-action from 4.36.0 to 4.36.2 (#2267)
  • 879c4e55e6e7cd73945e671c77ff0d322cd1f6bf build(deps): bump go.opentelemetry.io/otel from 1.43.0 to 1.44.0 (#2258)
  • 301fd0d625c79684d29b2de779b7fd882e8fd822 build(deps): bump go.opentelemetry.io/otel/trace from 1.43.0 to 1.44.0 (#2256)
  • cafdeae691a2964120fdf86389e3a794e38ccdb3 build(deps): bump go.step.sm/crypto from 0.81.0 to 0.82.0 (#2270)
  • a3baa98fd9e4dcee50e3ba777a63bcdd134c24ad build(deps): bump golang.org/x/sync from 0.20.0 to 0.21.0 (#2265)
  • 7fd8b427838dbe812616e798ce884ed45c40c0fd build(deps): bump golang.org/x/sys from 0.45.0 to 0.46.0 (#2266)
  • 620f3009eac5282e006b8b319be3c6f13510a02f build(deps): bump google.golang.org/api from 0.280.0 to 0.283.0 (#2262)
  • bdddef26c13348e24c8f2a274662f3bcd4def4e8 build(deps): bump gopkg.in/ini.v1 from 1.67.2 to 1.67.3 (#2273)
  • 1fe85deeaca6ba534aec2f88a0f68e644725216e expandapk: materialize uncompressed .dat.tar atomically (#2269)
  • ef578c30be29d5c1074cf6934e5dac58a84f6cc4 fix(auth): let chainctl write to terminal for interactive login (#2276)
  • be89e64e9c769e8d9d5a2446e9bc65db2d2b194b paths: preserve setuid/setgid/sticky bits in permissions (#2274)

Release v1.2.16

Changelog

  • f39c3fa47ca6af5ae27c1e466c5a841b9b80f8d9 build(deps): bump docker/setup-qemu-action from 4.0.0 to 4.1.0 (#2254)
  • 8bf905593d457345beafe51490dd28a619d0690a build(deps): bump github/codeql-action from 4.35.5 to 4.36.0 (#2246)
  • 003b4011dd3a7398b1d7b9dd51cea9a61f2a4915 build(deps): bump imjasonh/setup-crane from 0.5 to 0.6 (#2260)

Release v1.2.15

Changelog

  • 3e28547cefa08f7c86e04c9fc0f387b511038692 build(deps): bump github.com/go-git/go-git/v5 from 5.19.0 to 5.19.1 in the go_modules group across 1 directory (#2239)
  • cf1f1ef14c0e4cad83023de649602dc6a9123cec build(deps): bump golang.org/x/sys from 0.44.0 to 0.45.0 (#2244)
  • 16754c8752a57f045947d1de41fde340e149f875 build(deps): bump golangci/golangci-lint-action from 9.2.0 to 9.2.1 (#2247)
  • 78799c7fa53fc024fcedaf7a31ae378839e530fe build(deps): bump google.golang.org/api from 0.279.0 to 0.280.0 (#2245)
  • aa8297690dd86e01779546a64c912932703d4f68 build(deps): bump goreleaser/goreleaser-action from 7.2.1 to 7.2.2 (#2241)
  • 442b9db17b8bfa054a6f82c525d8ce8fa5d1cc0b build(deps): bump step-security/harden-runner from 2.19.3 to 2.19.4 (#2248)
  • 74e64086fae76d1ab743bfe0ae2736c6d5f3ed99 build(deps): bump zizmorcore/zizmor-action from 0.5.5 to 0.5.6 (#2240)
  • dda427e47efc02b31648f8ee2fb82ddbf5212f9c chore(harden-runner): add production.cloudfront.docker.com endpoint (#2250)

... (truncated)

Commits
  • 5558f35 paths: honor recursive for type: permissions, make uid/gid nullable (#2281)
  • e5786e9 Lower SBOM duplicate-package log from info to debug (#2293)
  • c6336e4 build(deps): bump golang.org/x/term from 0.43.0 to 0.44.0 (#2277)
  • fa27c7c build(deps): bump go.step.sm/crypto from 0.82.0 to 0.83.0 (#2280)
  • bea4985 build(deps): bump google.golang.org/api from 0.283.0 to 0.285.0 (#2287)
  • ed31a4b build(deps): bump actions/checkout from 6.0.3 to 7.0.0 (#2291)
  • d6207d8 build(deps): bump chainguard.dev/sdk from 0.1.57 to 0.1.74 (#2290)
  • 3c28f35 build(deps): bump chainguard-dev/actions from 1.6.22 to 1.6.24 (#2292)
  • ebd9255 build(deps): bump k8s.io/apimachinery from 0.36.1 to 0.36.2 (#2279)
  • 301fd0d build(deps): bump go.opentelemetry.io/otel/trace from 1.43.0 to 1.44.0 (#2256)
  • Additional commits viewable in compare view

Updates chainguard.dev/melange from 0.48.2 to 0.55.0

Release notes

Sourced from chainguard.dev/melange's releases.

Release v0.55.0

What's Changed

Full Changelog: chainguard-dev/melange@v0.54.0...v0.55.0

Release v0.54.0

What's Changed

Full Changelog: chainguard-dev/melange@v0.53.3...v0.54.0

Release v0.53.3

What's Changed

Full Changelog: chainguard-dev/melange@v0.53.2...v0.53.3

Release v0.53.2

What's Changed

Full Changelog: chainguard-dev/melange@v0.53.1...v0.53.2

Release v0.53.1

What's Changed

Full Changelog: chainguard-dev/melange@v0.53.0...v0.53.1

Release v0.53.0

What's Changed

New Contributors

Full Changelog: chainguard-dev/melange@v0.52.1...v0.53.0

... (truncated)

Commits
  • ef24ddf fix(build): make MutateWith deterministic for forwarded inputs (#2577)
  • 6e37def feat: pipelines: split/dev: Add prefix input (#2574)
  • 321652e feat: pipelines: autoconf: Add targets input for make and make-install (#2573)
  • 7fb1d6a feat(git-checkout): log resolved clone URL after successful clone (#2572)
  • 24f25f7 build(deps): bump chainguard.dev/apko from 1.2.16 to 1.2.17 in the gomod grou...
  • d6b81b9 fix(qemu): pass SLIRP DNS address via kernel cmdline when QEMU_NET_CIDR is se...
  • ad5661f build(deps): bump golang.org/x/crypto from 0.52.0 to 0.53.0 in the gomod grou...
  • ddad5a6 build(deps): bump the gomod group across 1 directory with 12 updates (#2567)
  • 496af91 fix(qemu): skip empty QEMU_NET_CIDR instead of erroring (#2568)
  • 65ed1ab feat(qemu): add QEMU_NET_CIDR to override SLIRP internal network (#2564)
  • Additional commits viewable in compare view

Updates cloud.google.com/go/iam from 1.7.0 to 1.11.0

Release notes

Sourced from cloud.google.com/go/iam's releases.

support: v1.11.0

v1.11.0 (2026-05-21)

Features

Changelog

Sourced from cloud.google.com/go/iam's changelog.

1.7.0 (2023-01-31)

Features

  • documentai: Add REST client (06a54a1)
  • documentai: Added advanced_ocr_options field in OcrConfig (45c70e3)
  • documentai: Added field_mask field in DocumentOutputConfig.GcsOutputConfig in document_io.proto (2a0b1ae)
  • documentai: Added font_family to document.proto feat: added ImageQualityScores message to document.proto feat: added PropertyMetadata and EntityTypeMetadata to document_schema.proto (9c5d6c8)
  • documentai: Added TrainProcessorVersion, EvaluateProcessorVersion, GetEvaluation, and ListEvaluations v1beta3 APIs feat: added evaluation.proto feat: added document_schema field in ProcessorVersion processor.proto feat: added image_quality_scores field in Document.Page in document.proto feat: added font_family field in Document.Style in document.proto (ac0c5c2)
  • documentai: Exposed GetProcessorType to v1 (447afdd)
  • documentai: Exposed GetProcessorType to v1beta3 (447afdd)
  • documentai: Rewrite signatures in terms of new location (3c4b2b3)
  • documentai: Rewrite signatures in terms of new types for betas (9f303f9)
  • documentai: Start generating proto message types (563f546)
  • documentai: Start generating stubs dir (de2d180)

1.6.0 (2023-01-26)

Features

  • documentai/apiv1beta3: Add REST transport (f7b0822)
  • documentai: Add REST client (06a54a1)
  • documentai: Added field_mask field in DocumentOutputConfig.GcsOutputConfig in document_io.proto (2a0b1ae)
  • documentai: Added font_family to document.proto feat: added ImageQualityScores message to document.proto feat: added PropertyMetadata and EntityTypeMetadata to document_schema.proto (9c5d6c8)
  • documentai: Added TrainProcessorVersion, EvaluateProcessorVersion, GetEvaluation, and ListEvaluations v1beta3 APIs feat: added evaluation.proto feat: added document_schema field in ProcessorVersion processor.proto feat: added image_quality_scores field in Document.Page in document.proto feat: added font_family field in Document.Style in document.proto (ac0c5c2)
  • documentai: Exposed GetProcessorType to v1 (447afdd)
  • documentai: Exposed GetProcessorType to v1beta3 (447afdd)
  • documentai: Rewrite signatures in terms of new location (3c4b2b3)
  • documentai: Rewrite signatures in terms of new types for betas (9f303f9)
  • documentai: Start generating proto message types (563f546)
  • documentai: Start generating stubs dir (de2d180)

1.5.0 (2023-01-26)

⚠ BREAKING CHANGES

  • documentai: Changed the name field for ProcessRequest and BatchProcessorRequest to accept * so the name field can accept Processor and ProcessorVersion.

Features

  • documentai/apiv1beta3: Add REST transport (f7b0822)
  • documentai: Add REST client (06a54a1)
  • documentai: Added field_mask field in DocumentOutputConfig.GcsOutputConfig in document_io.proto (2a0b1ae)
  • documentai: Added field_mask to ProcessRequest object in document_processor_service.proto feat: Added parent_ids to Revision object in document.proto feat: Added integer_values, float_values and non_present to Entity object in document.proto feat: Added corrected_key_text, correct_value_text to FormField object in document.proto feat: Added OperationMetadata resource feat!: Added Processor Management and Processor Version support to v1 library (370e23e)
  • documentai: Added font_family to document.proto feat: added ImageQualityScores message to document.proto feat: added PropertyMetadata and EntityTypeMetadata to document_schema.proto (9c5d6c8)
  • documentai: Added TrainProcessorVersion, EvaluateProcessorVersion, GetEvaluation, and ListEvaluations v1beta3 APIs feat: added evaluation.proto feat: added document_schema field in ProcessorVersion processor.proto feat: added image_quality_scores field in Document.Page in document.proto feat: added font_family field in Document.Style in document.proto (ac0c5c2)
  • documentai: Exposed GetProcessorType to v1 (447afdd)

... (truncated)

Commits
  • 06584bf chore: librarian release pull request: 20260413T221959Z (#14427)
  • 74eab64 feat: enable open telemetry attrs (#14426)
  • ec20708 fix(pubsub/v2): fix span linking and add missing attributes (#14326)
  • 5b553fe chore(all): add telemetry features to GAPIC libraries (#14380)
  • f4b10ee chore: librarian release pull request: 20260413T041034Z (#14421)
  • dc245af feat(storage): add client feature tracking support (#14320)
  • cfdd7ba chore(.github/CODEOWNERS): Add AION SDK as code owners for the auth library (...
  • e2d578c test(datastore): skip flaky tests due to datastore contention (#14416)
  • 56e1a62 chore: librarian release pull request: 20260409T222456Z (#14413)
  • 5ca653a chore: regenerate libraries using protobuf 31, and update generation check wo...
  • Additional commits viewable in compare view

Updates github.com/DataDog/datadog-go/v5 from 5.8.3 to 5.9.0

Release notes

Sourced from github.com/DataDog/datadog-go/v5's releases.

v5.9.0

See the Changelog for the details.

Changelog

Sourced from github.com/DataDog/datadog-go/v5's changelog.

5.9.0 / 2026-06-24

  • [IMPROVEMENT] Improve aggregator performance: inline shard allocation, FNV-1a metric context hashing, and cache-line padding on shards. See #389[].
  • [IMPROVEMENT] Make externalEnv an atomic to reduce lock contention on the sampling hot path. See #380[], thanks [@​KowalskiThomas][].
  • [IMPROVEMENT] Optimize origin-detection condition check order. See #381[], thanks [@​KowalskiThomas][].
  • [BUGFIX] Fix payload length calculation for aggregated metrics to prevent datagram truncation when container ID, external env, or cardinality are set. See #368[].
  • [BUGFIX] Fix data race when reading the origin-detection container ID. See #379[], thanks [@​KowalskiThomas][].
  • [BUGFIX] Fix telemetry metrics not using the client's configured cardinality setting. See #367[].
  • [BUGFIX] Replace vulnerable logrus v1.7.0 transitive dependency (CVE-2025-65637). See #358[], thanks [@​nadavshatz][].
Commits

Updates github.com/Masterminds/semver/v3 from 3.4.0 to 3.5.0

Release notes

Sourced from github.com/Masterminds/semver/v3's releases.

v3.5.0

What's Changed

New Contributors

Full Changelog: Masterminds/semver@v3.4.0...v3.5.0

Changelog

Sourced from github.com/Masterminds/semver/v3's changelog.

Changelog

Commits
  • 8b89c86 Merge pull request #287 from mattfarina/fix-da-issues
  • 29d51d0 Fixing some quality issues
  • 87f651d Merge pull request #286 from mattfarina/update-devcontainer
  • 158a685 Updating gitignore for devcontainers
  • 7e83c08 Merge pull request #284 from Masterminds/dependabot/github_actions/golangci/g...
  • 697e27f Merge pull request #283 from Masterminds/dependabot/github_actions/actions/ca...
  • 1591f8e Merge pull request #282 from Masterminds/dependabot/github_actions/github/cod...
  • 3f5ff17 Bump golangci/golangci-lint-action from 7.0.1 to 9.2.0
  • 04baa33 Bump actions/cache from 4.2.3 to 5.0.5
  • 45939fe Bump github/codeql-action from 4.35.1 to 4.35.2
  • Additional commits viewable in compare view

Updates github.com/anchore/clio from 0.0.0-20250715152405-a0fa658e5084 to 0.1.1

Release notes

Sourced from github.com/anchore/clio's releases.

v0.1.1

Additional Changes

Dependencies

20 dependency changes (18 updated, 2 removed). 1 vulnerability remediated.

🟢 Remediated (1)

Toolchains (1)

  • Go minimum version: 1.24.01.25.0
  • dario.cat/mergo v1.0.1v1.0.2
  • github.com/anchore/fangs v0.0.0-a269841v0.1.1
  • github.com/anchore/go-homedir v0.0.0-c296685v0.1.1
  • github.com/anchore/go-logger v0.0.0-07ae343v0.1.1
  • github.com/anchore/go-make v0.1.0v0.8.0
  • github.com/fsnotify/fsnotify v1.8.0v1.9.0
  • github.com/go-viper/mapstructure/v2 v2.4.0v2.5.0
  • github.com/gookit/color v1.6.0v1.6.1
  • github.com/pelletier/go-toml/v2 v2.2.3v2.2.4
  • github.com/sagikazarmark/locafero v0.7.0v0.11.0
  • github.com/sourcegraph/conc v0.3.0v0.3.1-0.5f936ab
  • github.com/spf13/afero v1.12.0v1.15.0
  • github.com/spf13/cast v1.7.1v1.10.0
  • github.com/spf13/viper v1.20.0v1.21.0
  • golang.org/x/mod v0.34.0v0.37.0
  • golang.org/x/sys v0.41.0v0.46.0 (🟢 remediated GO-2026-5024)
  • golang.org/x/term v0.40.0v0.44.0
  • golang.org/x/text v0.23.0v0.28.0
  • go.uber.org/atomic v1.9.0

... (truncated)

Commits

Updates github.com/anchore/grype from 0.110.0 to 0.115.0

Release notes

Sourced from github.com/anchore/grype's releases.

v0.115.0

Added Features

Bug Fixes

Additional Changes

  • Security: bump golang.org/x/crypto to v0.52.0 to resolve multiple CVEs [Issue #3493]
  • Security: bump golang.org/x/net to v0.55.0 to resolve CVEs [Issue #3494]

Dependencies

35 dependency changes (31 updated, 3 added, 1 removed). 5 vulnerabilities remediated.

🟢 Remediated (5)

  • github.com/ProtonMail/go-crypto v1.4.0v1.4.1
  • github.com/anchore/bubbly v0.2.0v0.2.1
  • github.com/anchore/clio v0.1.0v0.1.1
  • github.com/anchore/fangs v0.1.0v0.1.1
  • github.com/anchore/go-collections v0.1.0v0.1.1
  • github.com/anchore/go-homedir v0.1.0v0.1.1
  • github.com/anchore/go-logger v0.1.0v0.1.1
  • github.com/anchore/go-lzo v0.1.0v0.1.1
  • github.com/anchore/go-macholibre v0.1.0v0.1.1
  • github.com/anchore/go-make v0.5.0v0.8.0
  • github.com/anchore/go-struct-converter v0.1.0v0.2.0-rc2

... (truncated)

Commits
  • fa8b7e2 chore(deps): update anchore dependencies (#3498)
  • f759905 feat(govulndb): emit golang.org/x/net vulns from govlundb (#3534)
  • 095cea9 chore(units): account for changes in Syft and fix stale listing file (#3532)
  • 219a3b8 Update go-make to v0.8.0 (#3528)
  • fa5977b fix(govulndb): only emit records for stdlib (#3527)
  • 80c4dcb fix(govulndb): mix floors from custom ranges as appropriate (#3522)
  • 7bf3e63 chore(deps): bump github.com/containerd/containerd/v2 (#3525)
  • ef6e791 refactor release pipeline: TAG_TOKEN, skip-checks gate, go-make bump, dependa...
  • 931e487 fix(hummingbird): mark hummingbird distro as rolling (#3521)
  • 7e7b75f chore(deps): bump the go-minor-patch group across 1 directory with 2 updates ...
  • Additional commits viewable in compare view

Updates github.com/anchore/stereoscope from 0.1.22 to 0.2.2

Release notes

Sourced from github.com/anchore/stereoscope's releases.

v0.2.2

Dependencies

28 dependency changes (26 updated, 2 removed). 6 vulnerabilities remediated.

🟢 Remediated (6)

Toolchains (1)

  • Go minimum version: 1.26.21.26.3
  • github.com/anchore/go-collections v0.1.0v0.1.1
  • github.com/anchore/go-homedir v0.1.0v0.1.1
  • github.com/anchore/go-logger v0.1.0v0.1.1
  • github.com/containerd/containerd/api v1.11.0v1.11.1
  • github.com/containerd/containerd/v2 v2.3.0v2.3.2 (🟢 remediated GHSA-33vj-92qq-66hc, GHSA-cvxm-645q-p574, GHSA-fqw6-gf59-qr4w, GHSA-jpcc-p29g-p8mq, GHSA-rgh6-rfwx-v388, GHSA-xhf5-7wjv-pqxp)
  • github.com/docker/cli v29.4.3+incompatiblev29.5.3+incompatible
  • github.com/docker/go-connections v0.6.0v0.7.0
  • github.com/gkampitakis/ciinfo v0.3.2v0.3.4
  • github.com/gkampitakis/go-snaps v0.5.21v0.5.22
  • github.com/go-test/deep v1.0.8v1.1.1
  • github.com/goccy/go-yaml v1.18.0v1.19.2
  • github.com/google/go-containerregistry v0.21.5v0.21.7
  • github.com/klauspost/compress v1.18.5v1.18.6
  • github.com/maruel/natural v1.1.1v1.3.0
  • github.com/moby/moby/api v1.54.1v1.54.2
  • github.com/moby/moby/client v0.4.0v0.4.1
  • github.com/sylabs/sif/v2 v2.24.0v2.24.1
  • github.com/tidwall/gjson v1.18.0v1.19.0
  • golang.org/x/crypto v0.50.0v0.53.0
  • golang.org/x/mod v0.35.0v0.37.0
  • golang.org/x/net v0.52.0v0.56.0
  • golang.org/x/sync v0.20.0v0.21.0
  • golang.org/x/sys v0.43.0v0.46.0
  • golang.org/x/term v0.42.0v0.44.0
  • golang.org/x/text v0.36.0v0.38.0
  • golang.org/x/tools v0.44.0v0.46.0

... (truncated)

Commits
  • 2d7c4a9 chore(deps): bump github.com/google/go-containerregistry (#618)
  • 566349c chore(deps): bump github.com/sylabs/sif/v2 from 2.24.0 to 2.24.1 (#626)
  • 18d3722 chore(deps): update anchore dependencies (#577)
  • fe34d2b Update go-make to v0.8.0 (#628)
  • 31354bc chore(deps): bump github.com/gkampitakis/go-snaps from 0.5.21 to 0.5.22 (#624)
  • c373c16 chore(deps): bump github.com/containerd/containerd/v2 (#627)
  • 2eceb55 chore(deps): bump golang.org/x/tools from 0.45.0 to 0.46.0 (#620)
  • a59230e chore(deps): bump github.com/docker/cli (#621)
  • 6bd68d3 chore(deps): bump github.com/go-test/deep from 1.0.8 to 1.1.1 (#622)
  • 4bd618d refactor release pipeline: TAG_TOKEN, skip-checks gate, go-make bump, dependa...
  • Additional commits viewable in compare view

Updates github.com/anchore/syft from 1.42.3 to 1.46.0

Release notes

Sourced from github.com/anchore/syft's releases.

v1.46.0

Added Features

Bug Fixes

  • respect arch qualifier [PR #4987 @​willmurphyscode]
  • Preserve dependency edges when a compliance stub changes a package ID [PR #4993 @​wagoodman]
  • Support envoy binary various versions [Issue #4590] [PR #4605 @​rezmoss]
  • .net deps.json cataloger shows phantom pkgs for reference assembly library entries [Issue #4970] [PR #4971 @​rezmoss]
  • Syft does not extract package licenses from opkg manager [Issue #4940] [PR #4963 @​Dashtid]
  • squashfs breaks with godisk-fs 1.8.0 [Issue #4718]
  • requirements.txt cataloger silently drops PEP 440 local version identifiers, producing incorrect PURL [Issue #4958] [PR

… updates

Bumps the go-minor-patch group with 18 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [chainguard.dev/apko](https://github.com/chainguard-dev/apko) | `1.2.7` | `1.2.19` |
| [chainguard.dev/melange](https://github.com/chainguard-dev/melange) | `0.48.2` | `0.55.0` |
| [cloud.google.com/go/iam](https://github.com/googleapis/google-cloud-go) | `1.7.0` | `1.11.0` |
| [github.com/DataDog/datadog-go/v5](https://github.com/DataDog/datadog-go) | `5.8.3` | `5.9.0` |
| [github.com/Masterminds/semver/v3](https://github.com/Masterminds/semver) | `3.4.0` | `3.5.0` |
| [github.com/anchore/clio](https://github.com/anchore/clio) | `0.0.0-20250715152405-a0fa658e5084` | `0.1.1` |
| [github.com/anchore/grype](https://github.com/anchore/grype) | `0.110.0` | `0.115.0` |
| [github.com/anthropics/anthropic-sdk-go](https://github.com/anthropics/anthropic-sdk-go) | `1.30.0` | `1.53.0` |
| [github.com/aws/aws-sdk-go-v2/feature/s3/manager](https://github.com/aws/aws-sdk-go-v2) | `1.22.12` | `1.22.28` |
| [github.com/aws/aws-sdk-go-v2/service/ecr](https://github.com/aws/aws-sdk-go-v2) | `1.56.2` | `1.58.4` |
| [github.com/go-openapi/strfmt](https://github.com/go-openapi/strfmt) | `0.26.1` | `0.26.4` |
| [github.com/jackc/pgx/v5](https://github.com/jackc/pgx) | `5.9.2` | `5.10.0` |
| [github.com/sigstore/cosign/v2](https://github.com/sigstore/cosign) | `2.6.2` | `2.6.3` |
| [github.com/sigstore/fulcio](https://github.com/sigstore/fulcio) | `1.8.5` | `1.8.7` |
| [github.com/sigstore/rekor](https://github.com/sigstore/rekor) | `1.5.1` | `1.5.2` |
| [github.com/testcontainers/testcontainers-go](https://github.com/testcontainers/testcontainers-go) | `0.41.0` | `0.43.0` |
| [github.com/testcontainers/testcontainers-go/modules/minio](https://github.com/testcontainers/testcontainers-go) | `0.41.0` | `0.43.0` |
| [github.com/testcontainers/testcontainers-go/modules/postgres](https://github.com/testcontainers/testcontainers-go) | `0.41.0` | `0.43.0` |



Updates `chainguard.dev/apko` from 1.2.7 to 1.2.19
- [Release notes](https://github.com/chainguard-dev/apko/releases)
- [Changelog](https://github.com/chainguard-dev/apko/blob/main/NEWS.md)
- [Commits](chainguard-dev/apko@v1.2.7...v1.2.19)

Updates `chainguard.dev/melange` from 0.48.2 to 0.55.0
- [Release notes](https://github.com/chainguard-dev/melange/releases)
- [Changelog](https://github.com/chainguard-dev/melange/blob/main/NEWS.md)
- [Commits](chainguard-dev/melange@v0.48.2...v0.55.0)

Updates `cloud.google.com/go/iam` from 1.7.0 to 1.11.0
- [Release notes](https://github.com/googleapis/google-cloud-go/releases)
- [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/documentai/CHANGES.md)
- [Commits](googleapis/google-cloud-go@tpu/v1.7.0...iot/v1.11.0)

Updates `github.com/DataDog/datadog-go/v5` from 5.8.3 to 5.9.0
- [Release notes](https://github.com/DataDog/datadog-go/releases)
- [Changelog](https://github.com/DataDog/datadog-go/blob/master/CHANGELOG.md)
- [Commits](DataDog/datadog-go@v5.8.3...v5.9.0)

Updates `github.com/Masterminds/semver/v3` from 3.4.0 to 3.5.0
- [Release notes](https://github.com/Masterminds/semver/releases)
- [Changelog](https://github.com/Masterminds/semver/blob/master/CHANGELOG.md)
- [Commits](Masterminds/semver@v3.4.0...v3.5.0)

Updates `github.com/anchore/clio` from 0.0.0-20250715152405-a0fa658e5084 to 0.1.1
- [Release notes](https://github.com/anchore/clio/releases)
- [Commits](https://github.com/anchore/clio/commits/v0.1.1)

Updates `github.com/anchore/grype` from 0.110.0 to 0.115.0
- [Release notes](https://github.com/anchore/grype/releases)
- [Changelog](https://github.com/anchore/grype/blob/main/RELEASE.md)
- [Commits](anchore/grype@v0.110.0...v0.115.0)

Updates `github.com/anchore/stereoscope` from 0.1.22 to 0.2.2
- [Release notes](https://github.com/anchore/stereoscope/releases)
- [Changelog](https://github.com/anchore/stereoscope/blob/main/RELEASE.md)
- [Commits](anchore/stereoscope@v0.1.22...v0.2.2)

Updates `github.com/anchore/syft` from 1.42.3 to 1.46.0
- [Release notes](https://github.com/anchore/syft/releases)
- [Changelog](https://github.com/anchore/syft/blob/main/RELEASE.md)
- [Commits](anchore/syft@v1.42.3...v1.46.0)

Updates `github.com/anthropics/anthropic-sdk-go` from 1.30.0 to 1.53.0
- [Release notes](https://github.com/anthropics/anthropic-sdk-go/releases)
- [Changelog](https://github.com/anthropics/anthropic-sdk-go/blob/main/CHANGELOG.md)
- [Commits](anthropics/anthropic-sdk-go@v1.30.0...v1.53.0)

Updates `github.com/aws/aws-sdk-go-v2` from 1.41.5 to 1.41.11
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](aws/aws-sdk-go-v2@v1.41.5...v1.41.11)

Updates `github.com/aws/aws-sdk-go-v2/config` from 1.32.14 to 1.32.22
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](aws/aws-sdk-go-v2@config/v1.32.14...config/v1.32.22)

Updates `github.com/aws/aws-sdk-go-v2/credentials` from 1.19.14 to 1.19.21
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](aws/aws-sdk-go-v2@credentials/v1.19.14...credentials/v1.19.21)

Updates `github.com/aws/aws-sdk-go-v2/feature/s3/manager` from 1.22.12 to 1.22.28
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](aws/aws-sdk-go-v2@service/mq/v1.22.12...feature/s3/manager/v1.22.28)

Updates `github.com/aws/aws-sdk-go-v2/service/ecr` from 1.56.2 to 1.58.4
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](aws/aws-sdk-go-v2@service/ssm/v1.56.2...service/ecr/v1.58.4)

Updates `github.com/aws/aws-sdk-go-v2/service/s3` from 1.98.0 to 1.104.0
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](aws/aws-sdk-go-v2@service/s3/v1.98.0...service/s3/v1.104.0)

Updates `github.com/go-openapi/strfmt` from 0.26.1 to 0.26.4
- [Release notes](https://github.com/go-openapi/strfmt/releases)
- [Commits](go-openapi/strfmt@v0.26.1...v0.26.4)

Updates `github.com/google/go-containerregistry` from 0.21.5 to 0.21.7
- [Release notes](https://github.com/google/go-containerregistry/releases)
- [Commits](google/go-containerregistry@v0.21.5...v0.21.7)

Updates `github.com/jackc/pgx/v5` from 5.9.2 to 5.10.0
- [Changelog](https://github.com/jackc/pgx/blob/master/CHANGELOG.md)
- [Commits](jackc/pgx@v5.9.2...v5.10.0)

Updates `github.com/sigstore/cosign/v2` from 2.6.2 to 2.6.3
- [Release notes](https://github.com/sigstore/cosign/releases)
- [Changelog](https://github.com/sigstore/cosign/blob/main/CHANGELOG.md)
- [Commits](sigstore/cosign@v2.6.2...v2.6.3)

Updates `github.com/sigstore/fulcio` from 1.8.5 to 1.8.7
- [Release notes](https://github.com/sigstore/fulcio/releases)
- [Changelog](https://github.com/sigstore/fulcio/blob/main/CHANGELOG.md)
- [Commits](sigstore/fulcio@v1.8.5...v1.8.7)

Updates `github.com/sigstore/rekor` from 1.5.1 to 1.5.2
- [Release notes](https://github.com/sigstore/rekor/releases)
- [Changelog](https://github.com/sigstore/rekor/blob/main/CHANGELOG.md)
- [Commits](sigstore/rekor@v1.5.1...v1.5.2)

Updates `github.com/sigstore/sigstore` from 1.10.5 to 1.10.8
- [Release notes](https://github.com/sigstore/sigstore/releases)
- [Commits](sigstore/sigstore@v1.10.5...v1.10.8)

Updates `github.com/testcontainers/testcontainers-go` from 0.41.0 to 0.43.0
- [Release notes](https://github.com/testcontainers/testcontainers-go/releases)
- [Commits](testcontainers/testcontainers-go@v0.41.0...v0.43.0)

Updates `github.com/testcontainers/testcontainers-go/modules/minio` from 0.41.0 to 0.43.0
- [Release notes](https://github.com/testcontainers/testcontainers-go/releases)
- [Commits](testcontainers/testcontainers-go@v0.41.0...v0.43.0)

Updates `github.com/testcontainers/testcontainers-go/modules/postgres` from 0.41.0 to 0.43.0
- [Release notes](https://github.com/testcontainers/testcontainers-go/releases)
- [Commits](testcontainers/testcontainers-go@v0.41.0...v0.43.0)

Updates `go.uber.org/zap` from 1.27.1 to 1.28.0
- [Release notes](https://github.com/uber-go/zap/releases)
- [Changelog](https://github.com/uber-go/zap/blob/master/CHANGELOG.md)
- [Commits](uber-go/zap@v1.27.1...v1.28.0)

Updates `golang.org/x/crypto` from 0.52.0 to 0.53.0
- [Commits](golang/crypto@v0.52.0...v0.53.0)

Updates `google.golang.org/api` from 0.276.0 to 0.285.0
- [Release notes](https://github.com/googleapis/google-api-go-client/releases)
- [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md)
- [Commits](googleapis/google-api-go-client@v0.276.0...v0.285.0)

Updates `google.golang.org/protobuf` from 1.36.11 to 1.36.12-0.20260120151049-f2248ac996af

---
updated-dependencies:
- dependency-name: chainguard.dev/apko
  dependency-version: 1.2.19
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go-minor-patch
- dependency-name: chainguard.dev/melange
  dependency-version: 0.55.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-minor-patch
- dependency-name: cloud.google.com/go/iam
  dependency-version: 1.11.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-minor-patch
- dependency-name: github.com/DataDog/datadog-go/v5
  dependency-version: 5.9.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-minor-patch
- dependency-name: github.com/Masterminds/semver/v3
  dependency-version: 3.5.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-minor-patch
- dependency-name: github.com/anchore/clio
  dependency-version: 0.1.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-minor-patch
- dependency-name: github.com/anchore/grype
  dependency-version: 0.115.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-minor-patch
- dependency-name: github.com/anchore/stereoscope
  dependency-version: 0.2.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-minor-patch
- dependency-name: github.com/anchore/syft
  dependency-version: 1.46.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-minor-patch
- dependency-name: github.com/anthropics/anthropic-sdk-go
  dependency-version: 1.53.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-minor-patch
- dependency-name: github.com/aws/aws-sdk-go-v2
  dependency-version: 1.41.11
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go-minor-patch
- dependency-name: github.com/aws/aws-sdk-go-v2/config
  dependency-version: 1.32.22
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go-minor-patch
- dependency-name: github.com/aws/aws-sdk-go-v2/credentials
  dependency-version: 1.19.21
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go-minor-patch
- dependency-name: github.com/aws/aws-sdk-go-v2/feature/s3/manager
  dependency-version: 1.22.28
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go-minor-patch
- dependency-name: github.com/aws/aws-sdk-go-v2/service/ecr
  dependency-version: 1.58.4
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-minor-patch
- dependency-name: github.com/aws/aws-sdk-go-v2/service/s3
  dependency-version: 1.104.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-minor-patch
- dependency-name: github.com/go-openapi/strfmt
  dependency-version: 0.26.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go-minor-patch
- dependency-name: github.com/google/go-containerregistry
  dependency-version: 0.21.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go-minor-patch
- dependency-name: github.com/jackc/pgx/v5
  dependency-version: 5.10.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-minor-patch
- dependency-name: github.com/sigstore/cosign/v2
  dependency-version: 2.6.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go-minor-patch
- dependency-name: github.com/sigstore/fulcio
  dependency-version: 1.8.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go-minor-patch
- dependency-name: github.com/sigstore/rekor
  dependency-version: 1.5.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go-minor-patch
- dependency-name: github.com/sigstore/sigstore
  dependency-version: 1.10.8
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go-minor-patch
- dependency-name: github.com/testcontainers/testcontainers-go
  dependency-version: 0.43.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-minor-patch
- dependency-name: github.com/testcontainers/testcontainers-go/modules/minio
  dependency-version: 0.43.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-minor-patch
- dependency-name: github.com/testcontainers/testcontainers-go/modules/postgres
  dependency-version: 0.43.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-minor-patch
- dependency-name: go.uber.org/zap
  dependency-version: 1.28.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-minor-patch
- dependency-name: golang.org/x/crypto
  dependency-version: 0.53.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-minor-patch
- dependency-name: google.golang.org/api
  dependency-version: 0.285.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-minor-patch
- dependency-name: google.golang.org/protobuf
  dependency-version: 1.36.12-0.20260120151049-f2248ac996af
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go-minor-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot @github

dependabot Bot commented on behalf of github Jun 29, 2026

Copy link
Copy Markdown
Contributor Author

Labels

The following labels could not be found: dependencies, go, securebuild-worker. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

@dependabot dependabot Bot requested a review from a team as a code owner June 29, 2026 16:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants