Skip to content

build(deps): bump the common group across 1 directory with 4 updates#2872

Merged
afdesk merged 1 commit intomainfrom
dependabot/go_modules/common-1dbfde4125
Feb 9, 2026
Merged

build(deps): bump the common group across 1 directory with 4 updates#2872
afdesk merged 1 commit intomainfrom
dependabot/go_modules/common-1dbfde4125

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Feb 3, 2026
edited
Loading

Bumps the common group with 3 updates in the / directory: github.com/CycloneDX/cyclonedx-go, github.com/aws/aws-sdk-go-v2 and github.com/onsi/ginkgo/v2.

Updates github.com/CycloneDX/cyclonedx-go from 0.9.3 to 0.10.0

Release notes

Sourced from github.com/CycloneDX/cyclonedx-go's releases.

v0.10.0

Changelog

Fixes

  • f724c55d9c13a6e79980cd4cc6a39f2696bc6c97: fix: add missing fields for v1.6 spec (#249) (@​alistair-mclean)
  • 48a212c7c5cd015cac8df92de3696e3d7e3531ef: fix: migrate golangci-lint config and address issues (@​nscuro)
  • 75662981bebea02c122b44d31fa65f134d6abd28: fix: unset component tags for spec version less than 1.6 (#253) (@​alistair-mclean)

Building and Packaging

  • ff55798700d8298a41813be8bf2dfbacd3179ea1: build(deps): bump actions/checkout from 4.2.2 to 5.0.0 (@​dependabot[bot])
  • 3781c74cf069aac093ca69feb0ede6b97eccc1ae: build(deps): bump actions/checkout from 5.0.0 to 6.0.2 (@​dependabot[bot])
  • 4a3ab35be2ded2e654818a3f9ea45a8cd19788e2: build(deps): bump actions/setup-go from 5.5.0 to 6.0.0 (@​dependabot[bot])
  • 49ee4a34713d50c1ec26b08e515eeca4b6226bd2: build(deps): bump actions/setup-go from 6.0.0 to 6.2.0 (@​dependabot[bot])
  • 521976f2f97e4690d75b0042374ed44dcf01e373: build(deps): bump apache/skywalking-eyes from 0.7.0 to 0.8.0 (@​dependabot[bot])
  • 11497919754dd4238eb10f357ed68800c617a233: build(deps): bump github.com/stretchr/testify from 1.10.0 to 1.11.1 (@​dependabot[bot])
  • 9fa7dc11aaf321c06eef3f86dc5ae2be694be33c: build(deps): bump gitpod/workspace-go from 8985eb7 to 08a7c68 (@​dependabot[bot])
  • af64af3762779ec64a6e77904524480ec4a60a44: build(deps): bump golangci/golangci-lint-action from 6.2.0 to 9.2.0 (@​dependabot[bot])
  • 8c642b2c7902e6473e9994656cdf078e24bd75f5: build(deps): bump goreleaser/goreleaser-action from 6.3.0 to 6.4.0 (@​dependabot[bot])

Others

  • 082681c2438c89ed961c4ad0a89d80b798d8e7f2: chore: bump minimum go version to 1.23 (@​nscuro)
Commits
  • 2270566 Merge pull request #254 from CycloneDX/bump-go-versions
  • 082681c chore: bump minimum go version to 1.23
  • 291671e Merge pull request #252 from CycloneDX/dependabot/github_actions/golangci/gol...
  • 48a212c fix: migrate golangci-lint config and address issues
  • f724c55 fix: add missing fields for v1.6 spec (#249)
  • 7566298 fix: unset component tags for spec version less than 1.6 (#253)
  • bc030ba Merge pull request #235 from CycloneDX/dependabot/docker/gitpod/workspace-go-...
  • b198226 Merge pull request #251 from CycloneDX/dependabot/github_actions/actions/setu...
  • e11807d Merge pull request #250 from CycloneDX/dependabot/github_actions/actions/chec...
  • af64af3 build(deps): bump golangci/golangci-lint-action from 6.2.0 to 9.2.0
  • Additional commits viewable in compare view

Updates github.com/aws/aws-sdk-go-v2 from 1.41.0 to 1.41.1

Commits

Updates github.com/onsi/ginkgo/v2 from 2.25.3 to 2.28.1

Release notes

Sourced from github.com/onsi/ginkgo/v2's releases.

v2.28.1

2.28.1

Update all dependencies. This auto-updated the required version of Go to 1.24, consistent with the fact that Go 1.23 has been out of support for almost six months.

v2.28.0

2.28.0

Ginkgo's SemVer filter now supports filtering multiple components by SemVer version:

It("should work in a specific version range (1.0.0, 2.0.0) and third-party dependency redis in [8.0.0, ~)", SemVerConstraint(">= 3.2.0"), ComponentSemVerConstraint("redis", ">= 8.0.0") func() {
    // This test will only run when version is between 1.0.0 (exclusive) and 2.0.0 (exclusive) and redis version is >= 8.0.0
})

can be filtered in or out with an invocation like:

ginkgo --sem-ver-filter="2.1.1, redis=8.2.0"

Huge thanks to @​Icarus9913 for working on this!

v2.27.5

2.27.5

Fixes

Don't make a new formatter for each GinkgoT(); that's just silly and uses precious memory

v2.27.4

2.27.4

Fixes

  • CurrentTreeConstructionNodeReport: fix for nested container nodes [59bc751]

v2.27.3

2.27.3

Fixes

report exit result in case of failure [1c9f356] fix data race [ece19c8]

v2.27.2

2.27.2

Fixes

  • inline automaxprocs to simplify dependencies; this will be removed when Go 1.26 comes out [a69113a]

Maintenance

... (truncated)

Changelog

Sourced from github.com/onsi/ginkgo/v2's changelog.

2.28.1

Update all dependencies. This auto-updated the required version of Go to 1.24, consistent with the fact that Go 1.23 has been out of support for almost six months.

2.28.0

Ginkgo's SemVer filter now supports filtering multiple components by SemVer version:

It("should work in a specific version range (1.0.0, 2.0.0) and third-party dependency redis in [8.0.0, ~)", SemVerConstraint(">= 3.2.0"), ComponentSemVerConstraint("redis", ">= 8.0.0") func() {
    // This test will only run when version is between 1.0.0 (exclusive) and 2.0.0 (exclusive) and redis version is >= 8.0.0
})

can be filtered in or out with an invocation like:

ginkgo --sem-ver-filter="2.1.1, redis=8.2.0"

Huge thanks to @​Icarus9913 for working on this!

2.27.5

Fixes

Don't make a new formatter for each GinkgoT(); that's just silly and uses precious memory

2.27.4

Fixes

  • CurrentTreeConstructionNodeReport: fix for nested container nodes [59bc751]

2.27.3

Fixes

report exit result in case of failure [1c9f356] fix data race [ece19c8]

2.27.2

Fixes

  • inline automaxprocs to simplify dependencies; this will be removed when Go 1.26 comes out [a69113a]

Maintenance

  • Fix syntax errors and typo [a99c6e0]
  • Fix paragraph position error [f993df5]

2.27.1

Fixes

... (truncated)

Commits

Updates github.com/onsi/gomega from 1.38.2 to 1.39.0

Release notes

Sourced from github.com/onsi/gomega's releases.

v1.39.0

1.39.0

Features

Add MatchErrorStrictly which only passes if errors.Is(actual, expected) returns true. MatchError, by contrast, will fallback to string comparison.

v1.38.3

1.38.3

Fixes

make string formatitng more consistent for users who use format.Object directly

Changelog

Sourced from github.com/onsi/gomega's changelog.

1.39.0

Features

Add MatchErrorStrictly which only passes if errors.Is(actual, expected) returns true. MatchError, by contrast, will fallback to string comparison.

1.38.3

Fixes

make string formatitng more consistent for users who use format.Object directly

Commits
  • 49561ad v1.39.0
  • 8f7f425 document MatchErrorStrictly
  • bae643d add matcher relecting errors.Is behavior
  • a3ca2ca v1.38.3
  • 4dada36 fix failing have http tests
  • d40c691 make string formatitng more consistent for users who use format.Object directly
  • 2a37b46 doc: fix typos
  • ee26170 docs: fix HaveValue example
  • cc85c05 Bump actions/setup-go from 5 to 6 (#866)
  • 8905788 Bump github.com/onsi/ginkgo/v2 from 2.25.1 to 2.25.3 (#865)
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Feb 3, 2026
@dependabot dependabot bot requested a review from simar7 as a code owner February 3, 2026 09:20
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Feb 3, 2026
@dependabot dependabot bot requested a review from afdesk as a code owner February 3, 2026 09:20
@dependabot dependabot bot added the go Pull requests that update Go code label Feb 3, 2026
@github-actions github-actions bot added the deps label Feb 3, 2026
@dependabot dependabot bot force-pushed the dependabot/go_modules/common-1dbfde4125 branch from feed3ba to 8d49378 Compare February 4, 2026 10:43
@dependabot
build(deps): bump the common group across 1 directory with 4 updates
eec6393 
Bumps the common group with 3 updates in the / directory: [github.com/CycloneDX/cyclonedx-go](https://github.com/CycloneDX/cyclonedx-go), [github.com/aws/aws-sdk-go-v2](https://github.com/aws/aws-sdk-go-v2) and [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo).


Updates `github.com/CycloneDX/cyclonedx-go` from 0.9.3 to 0.10.0
- [Release notes](https://github.com/CycloneDX/cyclonedx-go/releases)
- [Commits](CycloneDX/cyclonedx-go@v0.9.3...v0.10.0)

Updates `github.com/aws/aws-sdk-go-v2` from 1.41.0 to 1.41.1
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/changelog-template.json)
- [Commits](aws/aws-sdk-go-v2@v1.41.0...v1.41.1)

Updates `github.com/onsi/ginkgo/v2` from 2.25.3 to 2.28.1
- [Release notes](https://github.com/onsi/ginkgo/releases)
- [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md)
- [Commits](onsi/ginkgo@v2.25.3...v2.28.1)

Updates `github.com/onsi/gomega` from 1.38.2 to 1.39.0
- [Release notes](https://github.com/onsi/gomega/releases)
- [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md)
- [Commits](onsi/gomega@v1.38.2...v1.39.0)

---
updated-dependencies:
- dependency-name: github.com/CycloneDX/cyclonedx-go
  dependency-version: 0.10.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: common
- dependency-name: github.com/aws/aws-sdk-go-v2
  dependency-version: 1.41.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: common
- dependency-name: github.com/onsi/ginkgo/v2
  dependency-version: 2.28.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: common
- dependency-name: github.com/onsi/gomega
  dependency-version: 1.39.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: common
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot force-pushed the dependabot/go_modules/common-1dbfde4125 branch from 8d49378 to eec6393 Compare February 6, 2026 19:39
@afdesk afdesk merged commit 401dc15 into main Feb 9, 2026
10 checks passed
@dependabot dependabot bot deleted the dependabot/go_modules/common-1dbfde4125 branch February 9, 2026 07:03
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@simar7 simar7 Awaiting requested review from simar7 simar7 is a code owner

1 more reviewer

@afdesk afdesk afdesk approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file deps go Pull requests that update Go code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@afdesk