⬆️ Bump github.com/git-pkgs/spdx from 0.1.2 to 0.1.3 in /utils (#861)

dependabot[bot] · monty-bot · joshjennings98 · web-flow · commit 97b28fc17dca · 2026-05-07T15:03:01.000+01:00
Bumps [github.com/git-pkgs/spdx](https://github.com/git-pkgs/spdx) from 0.1.2 to 0.1.3. <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/git-pkgs/spdx/commit/bec1b076b15596445f19987447f662f2127d428d"><code>bec1b07</code></a> Add input length cap and parenthesis depth limit to expression parser (<a href="https://redirect.github.com/git-pkgs/spdx/issues/13">#13</a>)</li> <li><a href="https://github.com/git-pkgs/spdx/commit/72d07c76037f125deccb55de8485c5cf56340195"><code>72d07c7</code></a> Cap word count in normalizeLicenseWords to prevent quadratic CPU use (<a href="https://redirect.github.com/git-pkgs/spdx/issues/12">#12</a>)</li> <li><a href="https://github.com/git-pkgs/spdx/commit/d3d3665d857fe9ec44f2df845a7cbfb595064f2b"><code>d3d3665</code></a> Merge pull request <a href="https://redirect.github.com/git-pkgs/spdx/issues/10">#10</a> from git-pkgs/dependabot/github_actions/peter-evans/cr...</li> <li><a href="https://github.com/git-pkgs/spdx/commit/08e026bc67e0011e370f9c8a2dfb064bf2cf8868"><code>08e026b</code></a> Merge pull request <a href="https://redirect.github.com/git-pkgs/spdx/issues/11">#11</a> from git-pkgs/dependabot/go_modules/github.com/github/...</li> <li><a href="https://github.com/git-pkgs/spdx/commit/8882923bfe72647f6abbe5a85fa9f6f4465da81b"><code>8882923</code></a> Bump github.com/github/go-spdx/v2 from 2.4.0 to 2.6.0</li> <li><a href="https://github.com/git-pkgs/spdx/commit/efd3224c28f01d7c9a667ac36a5d4645a03f6e82"><code>efd3224</code></a> Bump peter-evans/create-pull-request from 8.1.0 to 8.1.1</li> <li><a href="https://github.com/git-pkgs/spdx/commit/d184dc326d6047431579e6f50e5b0d7ee1530adf"><code>d184dc3</code></a> Merge pull request <a href="https://redirect.github.com/git-pkgs/spdx/issues/9">#9</a> from git-pkgs/dependabot/github_actions/actions/setup-g...</li> <li><a href="https://github.com/git-pkgs/spdx/commit/a7f3320c81b854c8964ee4bc87bf2c6e80f71b2c"><code>a7f3320</code></a> Bump actions/setup-go from 6.3.0 to 6.4.0</li> <li><a href="https://github.com/git-pkgs/spdx/commit/d303ecd6a7da033b174f89d879d54f90f92d70dc"><code>d303ecd</code></a> Merge pull request <a href="https://redirect.github.com/git-pkgs/spdx/issues/8">#8</a> from git-pkgs/fix/lint-issues</li> <li>See full diff in <a href="https://github.com/git-pkgs/spdx/compare/v0.1.2...v0.1.3">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/git-pkgs/spdx&package-manager=go_modules&previous-version=0.1.2&new-version=0.1.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) You can trigger a rebase of this PR by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Monty Bot <monty-bot@arm.com> Co-authored-by: Josh <josh.jennings@arm.com>
diff --git a/changes/20260504122618.bugfix b/changes/20260504122618.bugfix
@@ -0,0 +1 @@
+Dependency upgrade: spdx-0.1.3
diff --git a/utils/go.mod b/utils/go.mod
@@ -12,7 +12,7 @@ require (
 	github.com/djherbis/times v1.6.0
 	github.com/dolmen-go/contextio v1.0.0
 	github.com/evanphx/hclogr v0.2.0
-	github.com/git-pkgs/spdx v0.1.2
+	github.com/git-pkgs/spdx v0.1.3
 	github.com/go-faker/faker/v4 v4.7.0
 	github.com/go-git/go-git/v5 v5.18.0
 	github.com/go-http-utils/headers v0.0.0-20181008091004-fed159eddc2a
@@ -70,7 +70,7 @@ require (
 	github.com/emirpasic/gods v1.18.1 // indirect
 	github.com/fatih/color v1.16.0 // indirect
 	github.com/fsnotify/fsnotify v1.9.0 // indirect
-	github.com/github/go-spdx/v2 v2.4.0 // indirect
+	github.com/github/go-spdx/v2 v2.6.0 // indirect
 	github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 // indirect
 	github.com/go-git/go-billy/v5 v5.8.0 // indirect
 	github.com/go-ole/go-ole v1.2.6 // indirect
diff --git a/utils/go.sum b/utils/go.sum
@@ -63,10 +63,10 @@ github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMo
 github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ=
 github.com/fsnotify/fsnotify v1.9.0 h1:2Ml+OJNzbYCTzsxtv8vKSFD9PbJjmhYF14k/jKC7S9k=
 github.com/fsnotify/fsnotify v1.9.0/go.mod h1:8jBTzvmWwFyi3Pb8djgCCO5IBqzKJ/Jwo8TRcHyHii0=
-github.com/git-pkgs/spdx v0.1.2 h1:wHSK+CqFsO5N7yDTPvxDmer5LgNEa7vAsiZhi5Aci0A=
-github.com/git-pkgs/spdx v0.1.2/go.mod h1:V98MgZapNgYw54/pdGR82d7RU93qzJoybahbpZqTfw8=
-github.com/github/go-spdx/v2 v2.4.0 h1:+4IwVwJJbm3rzvrQ6P1nI9BDMcy3la4RchRy5uehV/M=
-github.com/github/go-spdx/v2 v2.4.0/go.mod h1:/5rwgS0txhGtRdUZwc02bTglzg6HK3FfuEbECKlK2Sg=
+github.com/git-pkgs/spdx v0.1.3 h1:YQou23mLfzbW//6JlHUuc5x1P5VNIIDSku5gvauf86I=
+github.com/git-pkgs/spdx v0.1.3/go.mod h1:4HGGWyC8tg4DjOhrtBTYl4Lu+5i2BFuauGX8zcVcYPg=
+github.com/github/go-spdx/v2 v2.6.0 h1:Y/Chr7L8oG85Ilbzl11xkUSQFUfG1kGkLP18LyInvhg=
+github.com/github/go-spdx/v2 v2.6.0/go.mod h1:Ftc45YYG1WzpzwEPKRVm9Jv8vDqOrN4gWoCkK+bHer0=
 github.com/gliderlabs/ssh v0.3.8 h1:a4YXD1V7xMF9g5nTkdfnja3Sxy1PVDCj1Zg4Wb8vY6c=
 github.com/gliderlabs/ssh v0.3.8/go.mod h1:xYoytBv1sV0aL3CavoDuJIQNURXkkfPA/wxQ1pL1fAU=
 github.com/go-faker/faker/v4 v4.7.0 h1:VboC02cXHl/NuQh5lM2W8b87yp4iFXIu59x4w0RZi4E=
