Skip to content

build(deps): bump the common group across 1 directory with 7 updates#2973

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/go_modules/common-5dda17047c
Open

build(deps): bump the common group across 1 directory with 7 updates#2973
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/go_modules/common-5dda17047c

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 24, 2026

Bumps the common group with 6 updates in the / directory:

Package From To
github.com/CycloneDX/cyclonedx-go 0.10.0 0.11.0
github.com/aws/aws-sdk-go-v2 1.41.1 1.41.7
github.com/google/go-containerregistry 0.21.0 0.21.5
github.com/magefile/mage 1.15.0 1.17.2
github.com/onsi/ginkgo/v2 2.28.1 2.28.3
github.com/samber/lo 1.52.0 1.53.0

Updates github.com/CycloneDX/cyclonedx-go from 0.10.0 to 0.11.0

Release notes

Sourced from github.com/CycloneDX/cyclonedx-go's releases.

v0.11.0

Changelog

Building and Packaging

  • 32221d4829e8ec6007896af2d7f11fd6ba13d6c5: build(deps): bump actions/setup-go from 6.2.0 to 6.4.0 (#261) (@​dependabot[bot])
  • a42a4dd9163df91c4173d41db2cc7ed67f0db0b6: build(deps): bump gitpod/workspace-go from 08a7c68 to 00059ff (#255) (@​dependabot[bot])
  • 9810ab9f48d46f134ad9a13bbabd1397cc64804e: build(deps): bump goreleaser/goreleaser-action from 6.4.0 to 7.2.1 (#263) (@​dependabot[bot])

Others

  • 2cef05662cba14b4ae948b1858fee532f8adadd1: Add comprehensive support for CycloneDX 1.7 specification (#257) (@​alistair-mclean)
  • 3ed34da50502f9b9d6ac9dff64df8b08e53aa2a5: Added 5 missing fields to match CycloneDX 1.6 spec: (#256) (@​alistair-mclean)
Commits
  • a42a4dd build(deps): bump gitpod/workspace-go from 08a7c68 to 00059ff (#255)
  • 9810ab9 build(deps): bump goreleaser/goreleaser-action from 6.4.0 to 7.2.1 (#263)
  • 32221d4 build(deps): bump actions/setup-go from 6.2.0 to 6.4.0 (#261)
  • 2cef056 Add comprehensive support for CycloneDX 1.7 specification (#257)
  • 3ed34da Added 5 missing fields to match CycloneDX 1.6 spec: (#256)
  • See full diff in compare view

Updates github.com/aws/aws-sdk-go-v2 from 1.41.1 to 1.41.7

Commits

Updates github.com/google/go-containerregistry from 0.21.0 to 0.21.5

Release notes

Sourced from github.com/google/go-containerregistry's releases.

v0.21.5

What's Changed

Full Changelog: google/go-containerregistry@v0.21.4...v0.21.5

v0.21.4

What's Changed

New Contributors

Full Changelog: google/go-containerregistry@v0.21.3...v0.21.4

v0.21.3

What's Changed

New Contributors

Full Changelog: google/go-containerregistry@v0.21.2...v0.21.3

v0.21.2

What's Changed

... (truncated)

Commits
  • 5b80281 build(deps): bump golang.org/x/tools from 0.43.0 to 0.44.0 in the go-deps gro...
  • b99bca2 build(deps): bump aws-actions/configure-aws-credentials (#2257)
  • f8be1d4 update to Go 1.26.2 (#2255)
  • 87ad88b Bump docker/cli v29.4.0, moby/api v1.54.1, moby/client v0.4.0 (#2254)
  • e8813dd goreleaser: Update goreleaser config and GH action for releases (#2253)
  • e90447d replace gcloud in binary calls in pkg/v1/google tests (#2085)
  • 0d0368c revert path traversal and symlink escape changes (#2250)
  • a2f47d4 transport: validate Bearer realm URL to prevent SSRF (#2243)
  • 19a36cd fork distribution client v3 auth-challenge as an internal package (squashed) ...
  • c612a9b Bump codecov/codecov-action from 5.5.2 to 5.5.3 in the actions group (#2240)
  • Additional commits viewable in compare view

Updates github.com/magefile/mage from 1.15.0 to 1.17.2

Release notes

Sourced from github.com/magefile/mage's releases.

v1.17.2 - Tab Completion

What's New

Tab completion is now available by running mage -install <shell> where the currently supported shells are zsh, bash, fish, and powershell. This was a long-requested feature that always made me nervous because it presumes a lot about your local machine... but I guess we're in for it now. Please report any issues you see.... it's rather a hard feature to test. But... it works on my machine? 😬

Fixed a backtick bug in comments and mage -l and mage -h no longer require compiling a binary, so they're way faster now.

Changelog

  • 0953947c1673fd745a51c032aadeb3c63f9f3368 make -h no long require compiling (#552)
  • 791a5b40794d4bcdd840f7e7523d886ac25b2a96 Support Tab Completion (#551)
  • cff82a6fab83f756a382e841029a537714bd9a02 fix bug #537 - backticks in comments break output (#544)

v1.17.1 - Fix for Asset Naming

Changelog

  • 00dd13d9f6e84a3d212618dc1456cef0c661b231 chore(goreleaser): fix release asset names (#547)
  • 88c49b7253eafc9256130e095dac79d11655ccef support for inline doc comments on optional flags (#549)

What's Changed

New Contributors

Full Changelog: magefile/mage@v1.17.0...v1.17.1

v1.17.0 - Multiline help text output

Changelog

  • 707313f6ee76e8547dd185dc3ef817dea3389429 add support for retaining multiline comments (#546)
  • 0ac910f894e5a9fed8b5f94c47af7d07468eaff6 add a bunch more tests (#543)
  • b11eb445c2a1eb62f55766f48ea7d6cce56ca143 update goreleaser to v2 (#541)
  • 35943471019e2d9c616eb09a5d347c90c76a00e0 Set up linter (#539)

v1.16.0 Optional Arguments!

What's Changed

New Contributors

... (truncated)

Commits

Updates github.com/onsi/ginkgo/v2 from 2.28.1 to 2.28.3

Release notes

Sourced from github.com/onsi/ginkgo/v2's releases.

v2.28.3

2.28.3

Maintenance

Bump all dependencies

v2.28.2

2.28.2

  • Add ArtifactDir() to support Go 1.26 testing.TB interface [f3a36b6]
  • Implement shell completion [94151c8]
  • Add asan CLI option mirroring msan implementation [4d21dbb]
  • Bump uri from 1.0.3 to 1.0.4 in /docs (#1630) [c102161]
  • fix aspect ratio [9619647]
  • update logos [5779304]
Changelog

Sourced from github.com/onsi/ginkgo/v2's changelog.

2.28.3

Maintenance

Bump all dependencies

2.28.2

  • Add ArtifactDir() to support Go 1.26 testing.TB interface [f3a36b6]
  • Implement shell completion [94151c8]
  • Add asan CLI option mirroring msan implementation [4d21dbb]
  • Bump uri from 1.0.3 to 1.0.4 in /docs (#1630) [c102161]
  • fix aspect ratio [9619647]
  • update logos [5779304]
Commits

Updates github.com/onsi/gomega from 1.39.1 to 1.40.0

Release notes

Sourced from github.com/onsi/gomega's releases.

v1.40.0

1.40.0

We're adopting a new release strategy to minimize dependency bloat in projects that consume Gomega. It is a limitation of the go mod toolchain that test subdependencies of your project's direct dependencies get pulled in as indirect dependencies. In the case of Gomega, this ends up pulling in all of Ginkgo into your go.mod even if you are only using Gomega (Gomega uses Ginkgo for its own tests).

Going forward, releases will strip out all tests, tidy up the go.mod and then push this stripped down version to a new master-lite branch. These stripped-down versions will receive the vx.y.z git tag and will be picked up by the go toolchain.

Please open an issue if this new release process causes unexpected changes for your projects.

Changelog

Sourced from github.com/onsi/gomega's changelog.

1.40.0

We're adopting a new release strategy to minimize dependency bloat in projects that consume Gomega. It is a limitation of the go mod toolchain that test subdependencies of your project's direct dependencies get pulled in as indirect dependencies. In the case of Gomega, this ends up pulling in all of Ginkgo into your go.mod even if you are only using Gomega (Gomega uses Ginkgo for its own tests).

Going forward, releases will strip out all tests, tidy up the go.mod and then push this stripped down version to a new master-lite branch. These stripped-down versions will receive the vx.y.z git tag and will be picked up by the go toolchain.

Please open an issue if this new release process causes unexpected changes for your projects.

Commits

Updates github.com/samber/lo from 1.52.0 to 1.53.0

Release notes

Sourced from github.com/samber/lo's releases.

v1.53.0

Announcing the latest release of lo with lots of good gifts! 🎁

🌊 First, a big thanks to @​d-enk for making lots of performance improvements in the recent weeks.

🧪 Second, this release introduces a new simd experimental package. If you run on an amd64 architecture and a recent CPU, you can perform very fast operations thanks to SIMD CPU instructions. -> Documentation: https://lo.samber.dev/docs/experimental/simd

💥 Third, this version adds *Err variants of many lo helpers (like MapErr, FlatMapErr, ReduceErr, etc.) whose callbacks can return an error and short-circuit execution when one occurs.

[!NOTE] The simd sub-package is considered not stable. We might break the initial API based on developers' feedback in the coming months.

Features & improvements

Deprecation

Performance improvements

... (truncated)

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
build(deps): bump the common group across 1 directory with 7 updates
3464b99 
Bumps the common group with 6 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [github.com/CycloneDX/cyclonedx-go](https://github.com/CycloneDX/cyclonedx-go) | `0.10.0` | `0.11.0` |
| [github.com/aws/aws-sdk-go-v2](https://github.com/aws/aws-sdk-go-v2) | `1.41.1` | `1.41.7` |
| [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry) | `0.21.0` | `0.21.5` |
| [github.com/magefile/mage](https://github.com/magefile/mage) | `1.15.0` | `1.17.2` |
| [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo) | `2.28.1` | `2.28.3` |
| [github.com/samber/lo](https://github.com/samber/lo) | `1.52.0` | `1.53.0` |



Updates `github.com/CycloneDX/cyclonedx-go` from 0.10.0 to 0.11.0
- [Release notes](https://github.com/CycloneDX/cyclonedx-go/releases)
- [Commits](CycloneDX/cyclonedx-go@v0.10.0...v0.11.0)

Updates `github.com/aws/aws-sdk-go-v2` from 1.41.1 to 1.41.7
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](aws/aws-sdk-go-v2@v1.41.1...v1.41.7)

Updates `github.com/google/go-containerregistry` from 0.21.0 to 0.21.5
- [Release notes](https://github.com/google/go-containerregistry/releases)
- [Commits](google/go-containerregistry@v0.21.0...v0.21.5)

Updates `github.com/magefile/mage` from 1.15.0 to 1.17.2
- [Release notes](https://github.com/magefile/mage/releases)
- [Commits](magefile/mage@v1.15.0...v1.17.2)

Updates `github.com/onsi/ginkgo/v2` from 2.28.1 to 2.28.3
- [Release notes](https://github.com/onsi/ginkgo/releases)
- [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md)
- [Commits](onsi/ginkgo@v2.28.1...v2.28.3)

Updates `github.com/onsi/gomega` from 1.39.1 to 1.40.0
- [Release notes](https://github.com/onsi/gomega/releases)
- [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md)
- [Commits](onsi/gomega@v1.39.1...v1.40.0)

Updates `github.com/samber/lo` from 1.52.0 to 1.53.0
- [Release notes](https://github.com/samber/lo/releases)
- [Commits](samber/lo@v1.52.0...v1.53.0)

---
updated-dependencies:
- dependency-name: github.com/CycloneDX/cyclonedx-go
  dependency-version: 0.11.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: common
- dependency-name: github.com/aws/aws-sdk-go-v2
  dependency-version: 1.41.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: common
- dependency-name: github.com/google/go-containerregistry
  dependency-version: 0.21.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: common
- dependency-name: github.com/magefile/mage
  dependency-version: 1.17.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: common
- dependency-name: github.com/onsi/ginkgo/v2
  dependency-version: 2.28.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: common
- dependency-name: github.com/onsi/gomega
  dependency-version: 1.40.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: common
- dependency-name: github.com/samber/lo
  dependency-version: 1.53.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: common
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels May 24, 2026
@dependabot dependabot Bot requested review from afdesk and eyalke as code owners May 24, 2026 16:14
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels May 24, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@eyalke eyalke Awaiting requested review from eyalke eyalke is a code owner

@afdesk afdesk Awaiting requested review from afdesk afdesk is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file go Pull requests that update Go code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants