build(deps): Bump the go_modules group across 1 directory with 5 updates #701

dependabot · 2025-07-09T01:16:41Z

Bumps the go_modules group with 5 updates in the / directory:

Package	From	To
github.com/anchore/stereoscope	`0.0.0-20230925132944-bf05af58eb44`	`0.0.1`
github.com/cloudflare/circl	`1.3.7`	`1.6.1`
github.com/containerd/containerd	`1.7.23`	`1.7.27`
github.com/docker/docker	`28.2.2+incompatible`	`28.3.1+incompatible`
github.com/go-git/go-git/v5	`5.11.0`	`5.13.0`

Updates github.com/anchore/stereoscope from 0.0.0-20230925132944-bf05af58eb44 to 0.0.1

Release notes

Sourced from github.com/anchore/stereoscope's releases.

v0.0.1

Security Fixes

Fix tar path traversal issue by @wagoodman in anchore/stereoscope#214

Full Changelog: https://github.com/anchore/stereoscope/commits/v0.0.1

Commits

See full diff in compare view

Updates github.com/cloudflare/circl from 1.3.7 to 1.6.1

Release notes

Sourced from github.com/cloudflare/circl's releases.

CIRCL v1.6.1

Fixes some point checks on the FourQ curve.

Hybrid KEM fails on low-order points.

What's Changed

kem/hybrid: ensure X25519 hybrids fails with low order points by @Lekensteyn in cloudflare/circl#541

.github: Use native ARM64 builders instead of QEMU by @Lekensteyn in cloudflare/circl#542

Fixes several errors on twisted Edwards curves. by @armfazh in cloudflare/circl#545

Release v1.6.1 by @armfazh in cloudflare/circl#546

Full Changelog: cloudflare/circl@v1.6.0...v1.6.1

CIRCL v1.6.0

New!

Prio3 Verifiable Distributed Aggregation Function (draft-irtf-cfrg-vdaf).

X-Wing: general-purpose hybrid post-quantum KEM (draft-connolly-cfrg-xwing-kem)

What's Changed

Add OIDs to ML-DSA by @bwesterb in cloudflare/circl#519

Adds Prio3 a set of verifiable distributed aggregation functions. by @armfazh in cloudflare/circl#522

Run semgrep cronjob only in upstream repository. by @armfazh in cloudflare/circl#526

X-Wing PQ/T hybrid by @bwesterb in cloudflare/circl#471

ckem: move crypto/elliptic to crypto/ecdh by @MingLLuo in cloudflare/circl#529

hpke: Update HPKE code to use ecdh stdlib package. by @armfazh in cloudflare/circl#530

prio3: Adds polynomial multiplication using NTT by @armfazh in cloudflare/circl#532

Add Prio3 in readme. by @armfazh in cloudflare/circl#527

New Contributors

@MingLLuo made their first contribution in cloudflare/circl#529

Full Changelog: cloudflare/circl@v1.5.0...v1.6.0

CIRCL v1.5.0

New: ML-DSA, Module-Lattice-based Digital Signature Algorithm.

What's Changed

kem: add X25519MLKEM768 TLS hybrid KEM by @bwesterb in cloudflare/circl#510

Create semgrep.yml by @hrushikeshdeshpande in cloudflare/circl#514

repo: Some fixes reported by CodeQL by @armfazh in cloudflare/circl#515

Add ML-DSA (FIPS204) by @bwesterb in cloudflare/circl#480

sign/mldsa: Add test for ML-DSA signature verification. by @armfazh in cloudflare/circl#517

Release v1.5.0 by @armfazh in cloudflare/circl#518

New Contributors

@hrushikeshdeshpande made their first contribution in cloudflare/circl#514

Full Changelog: cloudflare/circl@v1.4.0...v1.5.0

... (truncated)

Commits

c6d33e3 Release v1.6.1
0c3868e curve4q: Shared must fail with low order points.
9fd570d curve4q: Test showing DH does not fails on identity point.
c988ceb fourq: Correctly unmarshalling point.
ef2611d fourq: Test showing point unmarshal fails.
05eba44 fourq: Handle the case of Z=0 for IsOnCurve and IsEqual.
eef0878 fourq: Test showing isEqual and IsOnCurve fail.
2298474 goldilocks; Handling points with z=0.
5a940a1 goldilocks: Test for IsEqual must fail with Z=0
48c3b6a ed25519: Fix isEqual to handle points with Z=0.
Additional commits viewable in compare view

Updates github.com/containerd/containerd from 1.7.23 to 1.7.27

Release notes

Sourced from github.com/containerd/containerd's releases.

containerd 1.7.27

Welcome to the v1.7.27 release of containerd!

The twenty-seventh patch release for containerd 1.7 contains various fixes and updates.

Highlights

Fix integer overflow in User ID handling (GHSA-265r-hfxg-fhmg)

Update image type checks to avoid unnecessary logs for attestations (#11538)

Please try out the release binaries and report any issues at https://github.com/containerd/containerd/issues.

Contributors

Jin Dong

Akhil Mohan

Derek McGowan

Maksym Pavlenko

Paweł Gronowski

Phil Estes

Akihiro Suda

Craig Ingram

Krisztian Litkey

Samuel Karp

Changes

05044ec0a Merge commit from fork

11504c3fc validate uid/gid

Prepare release notes for v1.7.27 (#11540)

1be04be6c Prepare release notes for v1.7.27

Update image type checks to avoid unnecessary logs for attestations (#11538)

82b5c43fe core/remotes: Handle attestations in MakeRefKey

2c670e79b core/images: Ignore attestations when traversing children

update build to go1.23.7, test go1.24.1 (#11515)

a39863c9f update build to go1.23.7, test go1.24.1

Remove hashicorp/go-multierror dependency and fix CI (#11499)

49537b3a7 e2e: use the shim bundled with containerd artifact

fe490b76f Bump up github.com/intel/goresctrl to 0.5.0

13fc9d313 update containerd/project-checks to 1.2.1

585699c94 Remove unnecessary joinError unwrap

4b9df59be Remove hashicorp/go-multierror

go.{mod,sum}: bump CDI deps to v0.8.1. (#11422)

5ba28f8dc go.{mod,sum}: bump CDI deps to v0.8.1, re-vendor.

CI: arm64-8core-32gb -> ubuntu-24.04-arm (#11437)

85f10bd92 CI: arm64-8core-32gb -> ubuntu-24.04-arm

... (truncated)

Commits

05044ec Merge commit from fork
0b7f2a5 Merge pull request #11540 from dmcgowan/prepare-1.7.27
574a304 Merge pull request #11538 from dmcgowan/backport-11327
1be04be Prepare release notes for v1.7.27
82b5c43 core/remotes: Handle attestations in MakeRefKey
2c670e7 core/images: Ignore attestations when traversing children
11504c3 validate uid/gid
576178b Merge pull request #11515 from akhilerm/1.7-updatego1.24.1
a39863c update build to go1.23.7, test go1.24.1
8946aa0 Merge pull request #11499 from djdongjin/1-7-remove-hashi-multierror
Additional commits viewable in compare view

Updates github.com/docker/docker from 28.2.2+incompatible to 28.3.1+incompatible

Release notes

Sourced from github.com/docker/docker's releases.

28.3.1

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

docker/cli, 28.3.1 milestone

moby/moby, 28.3.1 milestone

Deprecated and removed features, see Deprecated Features.

Changes to the Engine API, see API version history.

Packaging updates

Update BuildKit to v0.23.2. moby/moby#50309

Update Compose to v2.38.1. docker/docker-ce-packaging#1221

Update Model to v0.1.32 which adds the support for the new top-level models: key in Docker Compose. docker/docker-ce-packaging#1222

28.3.0

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

docker/cli, 28.3.0 milestone

moby/moby, 28.3.0 milestone

Deprecated and removed features, see Deprecated Features.

Changes to the Engine API, see API version history.

New

Add support for AMD GPUs in docker run --gpus. moby/moby#49952

Use DOCKER_AUTH_CONFIG as a credential store. docker/cli#6008

Bug fixes and enhancements

Ensure that the state of the container in the daemon database (used by /containers/json API) is up to date when the container is stopped using the /containers/{id}/stop API (before response of API). moby/moby#50136

Fix docker image inspect inspect omitting empty fields. moby/moby#50135

Fix docker images --tree not marking images as in-use when the containerd image store is disabled. docker/cli#6140

Fix docker pull/push hang in non-interactive when authentication is required caused by prompting for login credentials. docker/cli#6141

Fix a potential resource leak when a node leaves a Swarm. moby/moby#50115

Fix a regression where a login prompt on docker pull would show Docker Hub-specific hints when logging in on other registries. docker/cli#6135

Fix an issue where all new tasks in the Swarm could get stuck in the PENDING state forever after scaling up a service with placement preferences. moby/moby#50211

Remove an undocumented, hidden, top-level docker remove command that was accidentally introduced in Docker 23.0. docker/cli#6144

Validate registry-mirrors configuration as part of dockerd --validate and improve error messages for invalid mirrors. moby/moby#50240

dockerd-rootless-setuptool.sh: Fix the script from silently returning with no error message when subuid/subgid system requirements are not satisfied. moby/moby#50059

containerd image store: Fix docker push not creating a tag on the remote repository. moby/moby#50199

containerd image store: Improve handling of errors returned by the token server during docker pull/push. moby/moby#50176

Packaging updates

Allow customizing containerd service name for OpenRC. moby/moby#50156

Update BuildKit to v0.23.1. moby/moby#50243

Update Buildx to v0.25.0. docker/docker-ce-packaging#1217

Update Compose to v2.37.2. docker/docker-ce-packaging#1219

... (truncated)

Commits

5beb93d Merge pull request #50309 from crazy-max/28.x_pick_buildkit-0.23.2
e17e96e vendor: update buildkit to v0.23.2
e018347 Merge pull request #50264 from vvoland/50263-28.x
a2af8bd gha/bin-image: add major and minor version image tags
265f709 Merge pull request #50247 from vvoland/50245-28.x
b2a9318 docs: cut api docs for v1.51
b3e2e22 Merge pull request #50244 from vvoland/50177-28.x
c571cd8 Merge pull request #50243 from vvoland/50238-28.x
8c713c1 gha: lower timeouts on "build" and "merge" steps
539c115 Merge pull request #50240 from thaJeztah/28.x_backport_validate_mirrors
Additional commits viewable in compare view

Updates github.com/go-git/go-git/v5 from 5.11.0 to 5.13.0

Release notes

Sourced from github.com/go-git/go-git/v5's releases.

v5.13.0

What's Changed

build: bump github.com/go-git/go-git/v5 from 5.11.0 to 5.12.0 in /cli/go-git by @dependabot in go-git/go-git#1065

build: bump golang.org/x/net from 0.22.0 to 0.23.0 by @dependabot in go-git/go-git#1068

build: bump golang.org/x/net from 0.23.0 to 0.24.0 by @dependabot in go-git/go-git#1071

Properly support skipping of non-mandatory extensions by @codablock in go-git/go-git#1066

git: Refine some codes in test and non-test. by @onee-only in go-git/go-git#1077

plumbing: protocol/packp, client-side filter capability support by @edigaryev in go-git/go-git#1000

build: bump golang.org/x/net from 0.22.0 to 0.23.0 in /cli/go-git by @dependabot in go-git/go-git#1078

plumbing: fix sideband demux on flush by @aymanbagabas in go-git/go-git#1084

storage: dotgit, head reference usually comes first by @aymanbagabas in go-git/go-git#1085

build: bump golang.org/x/text from 0.14.0 to 0.15.0 by @dependabot in go-git/go-git#1091

build: bump golang.org/x/crypto from 0.22.0 to 0.23.0 by @dependabot in go-git/go-git#1094

build: bump golang.org/x/net from 0.24.0 to 0.25.0 by @dependabot in go-git/go-git#1093

git: Added an example for Repository.Branches by @johnmatthiggins in go-git/go-git#1088

git: worktree_commit, Modify checking empty commit. Fixes #723 by @onee-only in go-git/go-git#1050

plumbing: transport/http, Wrap http errors to return reason. Fixes #1097 by @ggambetti in go-git/go-git#1100

build: bump golang.org/x/sys from 0.20.0 to 0.21.0 by @dependabot in go-git/go-git#1106

build: bump golang.org/x/text from 0.15.0 to 0.16.0 by @dependabot in go-git/go-git#1107

Bumps Go versions and go-billy by @pjbgf in go-git/go-git#1056

_examples: Fixed a dead link COMPATIBILITY.md by @gecko655 in go-git/go-git#1109

build: bump github.com/jessevdk/go-flags from 1.5.0 to 1.6.1 in /cli/go-git by @dependabot in go-git/go-git#1115

build: bump github.com/elazarl/goproxy from v0.0.0-20230808193330-2592e75ae04a to v0.0.0-20240618083138-03be62527ccb by @hbelmiro in go-git/go-git#1124

build: bump golang.org/x/net from 0.25.0 to 0.26.0 by @dependabot in go-git/go-git#1104

Add option approximating git clean -x flag. by @msuozzo in go-git/go-git#995

Revert "Add option approximating git clean -x flag." by @pjbgf in go-git/go-git#1129

Fix reference updated concurrently error for the filesystem storer by @Javier-varez in go-git/go-git#1116

build: bump golang.org/x/net from 0.26.0 to 0.27.0 by @dependabot in go-git/go-git#1134

utils: merkletrie, Align error message with upstream by @pjbgf in go-git/go-git#1142

plumbing: transport/file, Change paths to absolute by @pjbgf in go-git/go-git#1141

plumbing: gitignore, Fix loading of ignored .gitignore files. by @Achilleshiel in go-git/go-git#1114

build: bump github.com/skeema/knownhosts from 1.2.2 to 1.3.0 by @dependabot in go-git/go-git#1147

plumbing: transport/ssh, Add support for SSH @cert-authority. by @Javier-varez in go-git/go-git#1157

build: run example tests during CI workflow by @crazybolillo in go-git/go-git#1030

storage: filesystem, Fix object cache not working due to uninitialised objects being put into cache by @SatelliteMind in go-git/go-git#1138

git: Fix fetching missing commits by @AriehSchneier in go-git/go-git#1032

plumbing: format/packfile, remove duplicate checks in findMatch() by @edigaryev in go-git/go-git#1152

git: worktree, Fix file reported as Untracked while it is committed by @rodrigocam in go-git/go-git#1023

build: bump golang.org/x/sys from 0.22.0 to 0.23.0 by @dependabot in go-git/go-git#1160

plumbing: filemode, Remove check for setting size of .git/index file by @nicholasSUSE in go-git/go-git#1159

build: bump golang.org/x/net from 0.27.0 to 0.28.0 by @dependabot in go-git/go-git#1163

Fix some lint warning and increase stalebot to 180 days by @pjbgf in go-git/go-git#1128

adjust path extracted from file: url on Windows by @tomqwpl in go-git/go-git#416

build: bump golang.org/x/sys from 0.23.0 to 0.24.0 by @dependabot in go-git/go-git#1164

Add RestoreStaged to Worktree that mimics the behaviour of git restore --staged ... by @ben-tbotlabs in go-git/go-git#493

plumbing: signature, support the same x509 signature formats as git by @yoavamit in go-git/go-git#1169

fix: allow discovery of non bare repos in fsLoader by @jakobmoellerdev in go-git/go-git#1170

build: bump golang.org/x/sys from 0.24.0 to 0.25.0 by @dependabot in go-git/go-git#1178

build: bump golang.org/x/text from 0.17.0 to 0.18.0 by @dependabot in go-git/go-git#1179

build: bump golang.org/x/net from 0.28.0 to 0.29.0 by @dependabot in go-git/go-git#1184

... (truncated)

Commits

94bd4af Merge pull request #1261 from BeChris/issue680
8b7f5ba Merge pull request #1262 from go-git/dependabot/go_modules/github.com/elazarl...
41d80a0 build: bump github.com/elazarl/goproxy
4998140 git: worktree_commit, sanitize author and commiter name and email before crea...
9049625 Merge pull request #1260 from go-git/dependabot/github_actions/github/codeql-...
dae48b4 build: bump github/codeql-action from 3.27.9 to 3.28.0
7d6fbc2 Merge pull request #1220 from BeChris/accept_uppercase_hexa_in_pktline_length
62a77b7 plumbing: Fix invalid reference name error while cloning branches containing ...
5e11196 plumbing: format/pktline, accept upercase hexadecimal value as pktline length...
65f5e1a Merge pull request #1256 from go-git/dependabot/go_modules/golang-org-232a611e2d
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
You can disable automated security fix PRs for this repo from the Security Alerts page.

Bumps the go_modules group with 5 updates in the / directory: | Package | From | To | | --- | --- | --- | | [github.com/anchore/stereoscope](https://github.com/anchore/stereoscope) | `0.0.0-20230925132944-bf05af58eb44` | `0.0.1` | | [github.com/cloudflare/circl](https://github.com/cloudflare/circl) | `1.3.7` | `1.6.1` | | [github.com/containerd/containerd](https://github.com/containerd/containerd) | `1.7.23` | `1.7.27` | | [github.com/docker/docker](https://github.com/docker/docker) | `28.2.2+incompatible` | `28.3.1+incompatible` | | [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) | `5.11.0` | `5.13.0` | Updates `github.com/anchore/stereoscope` from 0.0.0-20230925132944-bf05af58eb44 to 0.0.1 - [Release notes](https://github.com/anchore/stereoscope/releases) - [Changelog](https://github.com/anchore/stereoscope/blob/main/RELEASE.md) - [Commits](https://github.com/anchore/stereoscope/commits/v0.0.1) Updates `github.com/cloudflare/circl` from 1.3.7 to 1.6.1 - [Release notes](https://github.com/cloudflare/circl/releases) - [Commits](cloudflare/circl@v1.3.7...v1.6.1) Updates `github.com/containerd/containerd` from 1.7.23 to 1.7.27 - [Release notes](https://github.com/containerd/containerd/releases) - [Changelog](https://github.com/containerd/containerd/blob/main/RELEASES.md) - [Commits](containerd/containerd@v1.7.23...v1.7.27) Updates `github.com/docker/docker` from 28.2.2+incompatible to 28.3.1+incompatible - [Release notes](https://github.com/docker/docker/releases) - [Commits](moby/moby@v28.2.2...v28.3.1) Updates `github.com/go-git/go-git/v5` from 5.11.0 to 5.13.0 - [Release notes](https://github.com/go-git/go-git/releases) - [Commits](go-git/go-git@v5.11.0...v5.13.0) --- updated-dependencies: - dependency-name: github.com/anchore/stereoscope dependency-version: 0.0.1 dependency-type: indirect dependency-group: go_modules - dependency-name: github.com/cloudflare/circl dependency-version: 1.6.1 dependency-type: indirect dependency-group: go_modules - dependency-name: github.com/containerd/containerd dependency-version: 1.7.27 dependency-type: indirect dependency-group: go_modules - dependency-name: github.com/docker/docker dependency-version: 28.3.1+incompatible dependency-type: indirect dependency-group: go_modules - dependency-name: github.com/go-git/go-git/v5 dependency-version: 5.13.0 dependency-type: indirect dependency-group: go_modules ... Signed-off-by: dependabot[bot] <[email protected]>

…h 5 updates (project-stacker#701)" This reverts commit b892200.

* Revert "build(deps): Bump the go_modules group across 1 directory with 5 updates (#701)" This reverts commit b892200. * Revert "build(deps): Bump github.com/containers/image/v5 from 5.24.2 to 5.35.0 (#691)" This reverts commit 049224b. * Revert "build(deps): Bump github.com/cheggaaa/pb/v3 from 3.1.2 to 3.1.7 (#700)" This reverts commit 335b3cd. * Revert "build(deps): Bump benjlevesque/short-sha from 2.1 to 3.0 (#683)" This reverts commit 82da84f. * Revert "build(deps): Bump github.com/moby/buildkit from 0.11.4 to 0.23.2 (#699)" This reverts commit d6c7079.

dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Jul 9, 2025

dependabot bot requested review from hallyn, rchincha and smoser as code owners July 9, 2025 01:16

hallyn merged commit b892200 into main Jul 9, 2025
3 of 12 checks passed

dependabot bot deleted the dependabot/go_modules/go_modules-bd4115231e branch July 9, 2025 01:27

hallyn added a commit to hallyn/stacker-1 that referenced this pull request Jul 24, 2025

Revert "build(deps): Bump the go_modules group across 1 directory wit…

0a65123

…h 5 updates (project-stacker#701)" This reverts commit b892200.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

build(deps): Bump the go_modules group across 1 directory with 5 updates #701

build(deps): Bump the go_modules group across 1 directory with 5 updates #701

Uh oh!

dependabot bot commented on behalf of github Jul 9, 2025

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

build(deps): Bump the go_modules group across 1 directory with 5 updates #701

build(deps): Bump the go_modules group across 1 directory with 5 updates #701

Uh oh!

Conversation

dependabot bot commented on behalf of github Jul 9, 2025

v0.0.1

Security Fixes

CIRCL v1.6.1

What's Changed

CIRCL v1.6.0

New!

What's Changed

New Contributors

CIRCL v1.5.0

What's Changed

New Contributors

containerd 1.7.27

Highlights

Contributors

Changes

28.3.1

Packaging updates

28.3.0

New

Bug fixes and enhancements

Packaging updates

v5.13.0

What's Changed

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants