Skip to content

build(deps): bump the gomod group across 3 directories with 8 updates#1423

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/go_modules/build/registry/gomod-f186c74c9e
Open

build(deps): bump the gomod group across 3 directories with 8 updates#1423
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/go_modules/build/registry/gomod-f186c74c9e

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 29, 2026

Copy link
Copy Markdown
Contributor

Bumps the gomod group with 2 updates in the /build/registry directory: github.com/onsi/gomega and oras.land/oras-go/v2.
Bumps the gomod group with 4 updates in the /plugins/cloudtrail directory: github.com/aws/aws-sdk-go-v2/config, github.com/aws/aws-sdk-go-v2/feature/s3/manager, github.com/aws/aws-sdk-go-v2/service/sqs and github.com/aws/smithy-go.
Bumps the gomod group with 1 update in the /shared/go/aws/config directory: github.com/aws/aws-sdk-go-v2/config.

Updates github.com/onsi/gomega from 1.42.0 to 1.42.1

Release notes

Sourced from github.com/onsi/gomega's releases.

v1.42.1

1.42.1

Bump Dependencies

Changelog

Sourced from github.com/onsi/gomega's changelog.

1.42.1

Bump Dependencies

Commits

Updates oras.land/oras-go/v2 from 2.6.0 to 2.6.1

Release notes

Sourced from oras.land/oras-go/v2's releases.

v2.6.1

This is a security patch release addressing five advisories in the authentication, remote, and content layers, plus accumulated bug fixes and maintenance since v2.6.0.

Security Fixes

  • Drop the Authorization header on cross-origin redirects to prevent origin credentials leaking to a redirect target on a different scheme/port of the same host (GHSA-vh4v-2xq2-g5cg)
  • Validate the bearer realm host before sending credentials to prevent credential exfiltration to an attacker-controlled token service, including TLS downgrades and IP-literal metadata endpoints; adds TrustedRealmHosts (GHSA-28r5-37g7-p6mp, GHSA-xf85-363p-868w)
  • Validate the Location host before blob upload to prevent credentials being forwarded to a cross-host upload endpoint (SSRF / CWE-918) (#1152, GHSA-jxpm-75mh-9fp7)
  • Reject descriptor sizes exceeding 32 MiB in content.ReadAll to prevent a crafted OCI layout from triggering a makeslice panic and crashing the process (#1153, GHSA-f36w-mj3v-6jqv)
  • Resolve symlinks when enforcing the workingDir write boundary in content/file, blocking writes that escape the boundary via a symlinked path component when AllowPathTraversalOnWrite=false

Bug Fixes

  • graph.Memory should use digest as map key (#1095)
  • Fix credentials key for the Docker registry-1 host (#966)
  • Support an empty credentials file (#959)

Other Changes

  • Add GitOps release workflow with goreleaser (#1161)
  • Shift the Go support window to [1.24, 1.25] (#991)
  • Run go modernize (#1005)
  • Sync CODEOWNERS and OWNERS.md from main to v2 (#1122)
  • Remove scripts reference from the Makefile (#960)
  • Bump golang.org/x/sync 0.14.0 → 0.20.0 (#971, #978, #1001, #1037, #1078, #1121)
  • Bump GitHub Actions: actions/checkout 4→5 (#989), actions/setup-go 5→6 (#998), actions/stale 9→10 (#997), github/codeql-action 3→4 (#1016)
Commits
  • 47b7c80 release: v2.6.1 (#1195)
  • 3c2e884 Merge commit from fork
  • cc323e5 Merge commit from fork
  • 7a9f4b0 Merge commit from fork
  • d593d50 feat: add gitops release workflow with goreleaser (#1161)
  • 5fd67f9 fix(content): reject descriptor sizes exceeding 32 MiB in ReadAll (#1153)
  • 4683c46 fix: validate Location host before blob upload to prevent credential leak (#1...
  • 4a3e611 build(deps): bump golang.org/x/sync from 0.19.0 to 0.20.0 (#1121)
  • 00de1f0 chore: sync CODEOWNERS and OWNERS.md from main to v2 (#1122)
  • d7b6f8e fix: graph.Memory should use digest as map key (#1095)
  • Additional commits viewable in compare view

Updates github.com/aws/aws-sdk-go-v2/config from 1.32.25 to 1.32.26

Commits
  • 26060c5 Release 2026-06-29
  • 24e918a Regenerated Clients
  • 334471f Update API model
  • 96d81dc Deprecate iotevents, ioteventsdata, panorama and simspaceweaver (#3458)
  • 30502cb feat: mark common plugins and fix per-op ordering for invokeOperation refacto...
  • 8881653 Revert "feat: mark common plugins and fix per-op ordering for invokeOperation...
  • eba2f01 feat: mark common plugins and fix per-op ordering for invokeOperation… (#3443)
  • 2c5e1db Release 2026-06-23
  • d09eeb5 Regenerated Clients
  • 2f5f5f9 Update API model
  • Additional commits viewable in compare view

Updates github.com/aws/aws-sdk-go-v2/feature/s3/manager from 1.22.27 to 1.22.29

Commits
  • 26060c5 Release 2026-06-29
  • 24e918a Regenerated Clients
  • 334471f Update API model
  • 96d81dc Deprecate iotevents, ioteventsdata, panorama and simspaceweaver (#3458)
  • 30502cb feat: mark common plugins and fix per-op ordering for invokeOperation refacto...
  • 8881653 Revert "feat: mark common plugins and fix per-op ordering for invokeOperation...
  • eba2f01 feat: mark common plugins and fix per-op ordering for invokeOperation… (#3443)
  • 2c5e1db Release 2026-06-23
  • d09eeb5 Regenerated Clients
  • 2f5f5f9 Update API model
  • Additional commits viewable in compare view

Updates github.com/aws/aws-sdk-go-v2/service/s3 from 1.103.3 to 1.104.1

Commits
  • 26060c5 Release 2026-06-29
  • 24e918a Regenerated Clients
  • 334471f Update API model
  • 96d81dc Deprecate iotevents, ioteventsdata, panorama and simspaceweaver (#3458)
  • 30502cb feat: mark common plugins and fix per-op ordering for invokeOperation refacto...
  • 8881653 Revert "feat: mark common plugins and fix per-op ordering for invokeOperation...
  • eba2f01 feat: mark common plugins and fix per-op ordering for invokeOperation… (#3443)
  • 2c5e1db Release 2026-06-23
  • d09eeb5 Regenerated Clients
  • 2f5f5f9 Update API model
  • Additional commits viewable in compare view

Updates github.com/aws/aws-sdk-go-v2/service/sqs from 1.44.0 to 1.44.1

Commits

Updates github.com/aws/smithy-go from 1.27.2 to 1.27.3

Changelog

Sourced from github.com/aws/smithy-go's changelog.

Release (2026-06-26)

General Highlights

  • Dependency Update: Updated to the latest SDK module versions

Module Highlights

  • github.com/aws/smithy-go: v1.27.3
    • Bug Fix: Fix bug in JSON doc encoder and endpoint host label format validation

Release (2026-06-05)

General Highlights

  • Dependency Update: Updated to the latest SDK module versions

Module Highlights

  • github.com/aws/smithy-go: v1.27.2
    • Bug Fix: Fix incorrect serialization of unions in CBOR-based protocols.

Release (2026-06-04)

General Highlights

  • Dependency Update: Updated to the latest SDK module versions

Module Highlights

  • github.com/aws/smithy-go: v1.27.1
    • Bug Fix: Fixed a deserialization failure in all protocols when encountering a union with explicit null members.
    • Bug Fix: Fixed a panic when deserializing nested unions in JSON- and CBOR-based protocols.

Release (2026-06-02)

General Highlights

  • Dependency Update: Updated to the latest SDK module versions

Module Highlights

  • github.com/aws/smithy-go: v1.27.0
    • Feature: Add APIs for schema-based serialization.
    • Feature: Add support for all current AWS and Smithy protocols.
    • Bug Fix: Enforce max nesting depth of 128 on CBOR payloads.
  • github.com/aws/smithy-go/aws-http-auth: v1.2.0
    • Feature: Add event stream signer.

Release (2026-05-27)

General Highlights

  • Dependency Update: Updated to the latest SDK module versions

Module Highlights

  • github.com/aws/smithy-go: v1.26.0
    • Feature: Add StringSlice to endpoint rulesfn.

... (truncated)

Commits
  • 9445927 Release 2026-06-26
  • 7617c7e add prefix/suffix hyphen rejection for host label validation based on rfc1123...
  • 49402bd Fix document.Number serialization and BigDecimal negative zero sign loss (#681)
  • 648e8ad feat: move common middlewares to shared addCommonMiddlewares (#674)
  • See full diff in compare view

Updates github.com/aws/aws-sdk-go-v2/config from 1.32.22 to 1.32.26

Commits
  • 26060c5 Release 2026-06-29
  • 24e918a Regenerated Clients
  • 334471f Update API model
  • 96d81dc Deprecate iotevents, ioteventsdata, panorama and simspaceweaver (#3458)
  • 30502cb feat: mark common plugins and fix per-op ordering for invokeOperation refacto...
  • 8881653 Revert "feat: mark common plugins and fix per-op ordering for invokeOperation...
  • eba2f01 feat: mark common plugins and fix per-op ordering for invokeOperation… (#3443)
  • 2c5e1db Release 2026-06-23
  • d09eeb5 Regenerated Clients
  • 2f5f5f9 Update API model
  • Additional commits viewable in compare view

Updates github.com/aws/aws-sdk-go-v2 from 1.41.11 to 1.42.0

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
build(deps): bump the gomod group across 3 directories with 8 updates
db8429d 
Bumps the gomod group with 2 updates in the /build/registry directory: [github.com/onsi/gomega](https://github.com/onsi/gomega) and [oras.land/oras-go/v2](https://github.com/oras-project/oras-go).
Bumps the gomod group with 4 updates in the /plugins/cloudtrail directory: [github.com/aws/aws-sdk-go-v2/config](https://github.com/aws/aws-sdk-go-v2), [github.com/aws/aws-sdk-go-v2/feature/s3/manager](https://github.com/aws/aws-sdk-go-v2), [github.com/aws/aws-sdk-go-v2/service/sqs](https://github.com/aws/aws-sdk-go-v2) and [github.com/aws/smithy-go](https://github.com/aws/smithy-go).
Bumps the gomod group with 1 update in the /shared/go/aws/config directory: [github.com/aws/aws-sdk-go-v2/config](https://github.com/aws/aws-sdk-go-v2).


Updates `github.com/onsi/gomega` from 1.42.0 to 1.42.1
- [Release notes](https://github.com/onsi/gomega/releases)
- [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md)
- [Commits](onsi/gomega@v1.42.0...v1.42.1)

Updates `oras.land/oras-go/v2` from 2.6.0 to 2.6.1
- [Release notes](https://github.com/oras-project/oras-go/releases)
- [Commits](oras-project/oras-go@v2.6.0...v2.6.1)

Updates `github.com/aws/aws-sdk-go-v2/config` from 1.32.25 to 1.32.26
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](aws/aws-sdk-go-v2@config/v1.32.25...config/v1.32.26)

Updates `github.com/aws/aws-sdk-go-v2/feature/s3/manager` from 1.22.27 to 1.22.29
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](aws/aws-sdk-go-v2@feature/s3/manager/v1.22.27...feature/s3/manager/v1.22.29)

Updates `github.com/aws/aws-sdk-go-v2/service/s3` from 1.103.3 to 1.104.1
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](aws/aws-sdk-go-v2@service/s3/v1.103.3...service/s3/v1.104.1)

Updates `github.com/aws/aws-sdk-go-v2/service/sqs` from 1.44.0 to 1.44.1
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](aws/aws-sdk-go-v2@service/s3/v1.44.0...service/iot/v1.44.1)

Updates `github.com/aws/smithy-go` from 1.27.2 to 1.27.3
- [Release notes](https://github.com/aws/smithy-go/releases)
- [Changelog](https://github.com/aws/smithy-go/blob/main/CHANGELOG.md)
- [Commits](aws/smithy-go@v1.27.2...v1.27.3)

Updates `github.com/aws/aws-sdk-go-v2/config` from 1.32.22 to 1.32.26
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](aws/aws-sdk-go-v2@config/v1.32.25...config/v1.32.26)

Updates `github.com/aws/aws-sdk-go-v2` from 1.41.11 to 1.42.0
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](aws/aws-sdk-go-v2@v1.41.11...v1.42.0)

---
updated-dependencies:
- dependency-name: github.com/onsi/gomega
  dependency-version: 1.42.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: gomod
- dependency-name: oras.land/oras-go/v2
  dependency-version: 2.6.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: gomod
- dependency-name: github.com/aws/aws-sdk-go-v2/config
  dependency-version: 1.32.26
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: gomod
- dependency-name: github.com/aws/aws-sdk-go-v2/feature/s3/manager
  dependency-version: 1.22.29
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: gomod
- dependency-name: github.com/aws/aws-sdk-go-v2/service/s3
  dependency-version: 1.104.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gomod
- dependency-name: github.com/aws/aws-sdk-go-v2/service/sqs
  dependency-version: 1.44.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: gomod
- dependency-name: github.com/aws/smithy-go
  dependency-version: 1.27.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: gomod
- dependency-name: github.com/aws/aws-sdk-go-v2/config
  dependency-version: 1.32.26
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: gomod
- dependency-name: github.com/aws/aws-sdk-go-v2
  dependency-version: 1.42.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gomod
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Jun 29, 2026
@poiana

poiana commented Jun 29, 2026

Copy link
Copy Markdown
Contributor

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: dependabot[bot]
Once this PR has been reviewed and has the lgtm label, please assign ekoops for approval. For more information see the Kubernetes Code Review Process.

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@poiana poiana requested review from ekoops and irozzo-1A June 29, 2026 20:52
@poiana poiana added the size/XL label Jun 29, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ekoops ekoops Awaiting requested review from ekoops
@irozzo-1A irozzo-1A Awaiting requested review from irozzo-1A

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

dco-signoff: yes dependencies Pull requests that update a dependency file go Pull requests that update Go code size/XL

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@poiana