Skip to content

chore(deps): bump github.com/netresearch/go-cron from 0.13.0 to 0.13.1#514

Merged
CybotTM merged 1 commit into
mainfrom
dependabot/go_modules/github.com/netresearch/go-cron-0.13.1
Mar 14, 2026
Merged

chore(deps): bump github.com/netresearch/go-cron from 0.13.0 to 0.13.1#514
CybotTM merged 1 commit into
mainfrom
dependabot/go_modules/github.com/netresearch/go-cron-0.13.1

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Mar 13, 2026
edited
Loading

Copy link
Copy Markdown

Bumps github.com/netresearch/go-cron from 0.13.0 to 0.13.1.

Release notes

Sourced from github.com/netresearch/go-cron's releases.

v0.13.1

Bug Fixes

  • Race condition in Entry/EntryByName and ScheduleJob (#336): When the scheduler is running, Entry/EntryByName now route lookups through the run loop channel, preventing concurrent map access. ScheduleJob now routes through the add channel when running, ensuring heap/map modifications happen atomically.
  • Entry copies are now mutation-safe: Entry(), EntryByName(), and Entries() return struct copies with cloned Tags slices, preventing callers from mutating internal scheduler state.

Internal

  • Convert flaky timing-based tests to FakeClock for deterministic execution
  • Add tests for Tags deep copy isolation and ScheduleJob-while-running behavior
  • Remove CodSpeed benchmarking integration
  • Remove gosec from golangci-lint (runs as separate CI job)
  • Add SPDX headers and DCO enforcement
  • Fix SLSA provenance race condition in release workflow
  • Fix CHANGELOG with missing version sections (v0.10.0, v0.12.0, v0.13.0)

Contributors

Supply Chain Security

This release includes:

  • SBOM: Software Bill of Materials in CycloneDX and SPDX formats
  • Checksums: SHA256 checksums for all artifacts
  • Signatures: Keyless Sigstore/Cosign signatures for verification
  • Attestations: GitHub artifact attestations with SLSA provenance

Verify with GitHub CLI (Recommended)

gh attestation verify sbom.cyclonedx.json -R netresearch/go-cron
gh attestation verify checksums.txt -R netresearch/go-cron

Verify with Cosign

gh release download v0.13.1 -R netresearch/go-cron
cosign verify-blob 
--certificate checksums.txt.pem 
--signature checksums.txt.sig 
--certificate-identity-regexp "https://github.com/netresearch/go-cron/*" 
--certificate-oidc-issuer "https://token.actions.githubusercontent.com" 
checksums.txt
sha256sum -c checksums.txt

... (truncated)

Changelog

Sourced from github.com/netresearch/go-cron's changelog.

[0.13.1] - 2026-03-08

Fixed

  • Race condition in Entry/EntryByName and ScheduleJob (PR#336): When the scheduler is running, Entry/EntryByName now route lookups through the run loop channel while holding runningMu, preventing concurrent map access. ScheduleJob now routes through the c.add channel when running, ensuring all heap/map modifications happen atomically in the run loop. Entry, EntryByName, and Entries now return struct copies with cloned Tags slices, preventing callers from mutating internal scheduler state.
Commits
  • c95a63f chore: release v0.13.1 (#343)
  • f6856f3 chore: prepare v0.13.1 release
  • 0d7a26d docs: fix CHANGELOG with missing v0.10.0, v0.12.0, v0.13.0 sections (#342)
  • 01ce791 docs: remove orphaned PR#341 link from CHANGELOG
  • a3b23bb docs: fix CHANGELOG with missing v0.10.0, v0.12.0, v0.13.0 sections
  • 3af2db7 test: add tests for PR #336 and fix pre-existing lint/flaky issues (#341)
  • 9e6bfb4 test: assert no duplicate job invocation in TestAddWhileRunningWithDelay
  • bac5aeb fix(lint): remove gosec from golangci-lint config
  • 795076c fix(lint): exclude gosec G118 in golangci-lint config
  • 4f035e0 fix: address review comments, remove CodSpeed, fix CI lint
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update go code labels Mar 13, 2026
@dependabot dependabot Bot requested a review from CybotTM as a code owner March 13, 2026 09:43
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update go code labels Mar 13, 2026
@github-actions github-actions Bot enabled auto-merge March 13, 2026 09:43
@github-actions

github-actions Bot commented Mar 13, 2026
edited
Loading

Copy link
Copy Markdown

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

PackageVersionScoreDetails
gomod/github.com/netresearch/go-cron 0.13.1 🟢 9.8
Details
CheckScoreReason
Dependency-Update-Tool🟢 10update tool detected
Code-Review🟢 10all changesets reviewed
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Security-Policy🟢 10security policy file detected
Maintained🟢 1030 commit(s) and 23 issue activity found in the last 90 days -- score normalized to 10
Binary-Artifacts🟢 10no binaries found in the repo
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
Pinned-Dependencies🟢 10all dependencies are pinned
CII-Best-Practices🟢 7badge detected: Silver
Vulnerabilities🟢 100 existing vulnerabilities detected
License🟢 10license file detected
Signed-Releases🟢 105 out of the last 5 releases have a total of 10 signed artifacts.
Branch-Protection🟢 8branch protection is not maximal on development and all release branches
SAST🟢 10SAST tool is run on all commits
Fuzzing🟢 10project is fuzzed
CI-Tests🟢 109 out of 9 merged PRs checked by a CI test -- score normalized to 10
Contributors🟢 10project has 3 contributing companies or organizations -- score normalized to 10

Scanned Files

  • go.mod

@github-actions github-actions Bot added this pull request to the merge queue Mar 13, 2026
@github-merge-queue github-merge-queue Bot removed this pull request from the merge queue due to no response for status checks Mar 13, 2026
@CybotTM

CybotTM commented Mar 14, 2026

Copy link
Copy Markdown
Member

@dependabot rebase

@dependabot @github

dependabot Bot commented on behalf of github Mar 14, 2026

Copy link
Copy Markdown
Author

Looks like this PR has been edited by someone other than Dependabot. That means Dependabot can't rebase it - sorry!

If you're happy for Dependabot to recreate it from scratch, overwriting any edits, you can request @dependabot recreate.

@CybotTM

CybotTM commented Mar 14, 2026

Copy link
Copy Markdown
Member

@dependabot recreate

@dependabot
chore(deps): bump github.com/netresearch/go-cron from 0.13.0 to 0.13.1
d271c32 
Bumps [github.com/netresearch/go-cron](https://github.com/netresearch/go-cron) from 0.13.0 to 0.13.1.
- [Release notes](https://github.com/netresearch/go-cron/releases)
- [Changelog](https://github.com/netresearch/go-cron/blob/main/CHANGELOG.md)
- [Commits](netresearch/go-cron@v0.13.0...v0.13.1)

---
updated-dependencies:
- dependency-name: github.com/netresearch/go-cron
  dependency-version: 0.13.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot Bot force-pushed the dependabot/go_modules/github.com/netresearch/go-cron-0.13.1 branch from 48acdde to d271c32 Compare March 14, 2026 12:29
@github-actions github-actions Bot enabled auto-merge March 14, 2026 12:29
@github-actions github-actions Bot added this pull request to the merge queue Mar 14, 2026
@CybotTM CybotTM removed this pull request from the merge queue due to a manual request Mar 14, 2026
@CybotTM CybotTM added this pull request to the merge queue Mar 14, 2026
Merged via the queue into main with commit 9178369 Mar 14, 2026
28 checks passed
@CybotTM CybotTM deleted the dependabot/go_modules/github.com/netresearch/go-cron-0.13.1 branch March 14, 2026 12:57
@github-actions github-actions Bot added the released:v0.21.2 Included in v0.21.2 release label Mar 14, 2026
@github-actions

github-actions Bot commented Mar 14, 2026

Copy link
Copy Markdown

🚀 Released in v0.21.2

Thank you for your contribution! 🙏

This is now available in the latest release. Please test and verify everything works as expected in your environment.

If you encounter any issues, please open a new issue.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@github-actions github-actions[bot] github-actions[bot] approved these changes

@CybotTM CybotTM Awaiting requested review from CybotTM CybotTM is a code owner

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file go Pull requests that update go code released:v0.21.2 Included in v0.21.2 release

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@CybotTM