chore(deps): bump the go group with 10 updates by dependabot[bot] · Pull Request #1953 · open-component-model/ocm

dependabot · 2026-05-10T08:26:45Z

Bumps the go group with 10 updates:

Package	From	To
github.com/aws/aws-sdk-go-v2/feature/s3/transfermanager	`0.1.20`	`0.1.21`
github.com/aws/aws-sdk-go-v2/service/s3	`1.100.1`	`1.101.0`
github.com/docker/cli	`29.4.2+incompatible`	`29.4.3+incompatible`
github.com/fluxcd/pkg/ssa	`0.73.0`	`0.74.0`
github.com/go-git/go-billy/v5	`5.8.0`	`5.9.0`
github.com/go-git/go-git/v5	`5.18.0`	`5.19.0`
golang.org/x/crypto	`0.50.0`	`0.51.0`
golang.org/x/exp	`0.0.0-20251219203646-944ab1f22d93`	`0.0.0-20260410095643-746e56fc9e2f`
golang.org/x/net	`0.53.0`	`0.54.0`
golang.org/x/text	`0.36.0`	`0.37.0`

Updates github.com/aws/aws-sdk-go-v2/feature/s3/transfermanager from 0.1.20 to 0.1.21

Commits

84ddd08 Release 2026-05-06
23645b4 Regenerated Clients
848eb59 Update API model
1d7b134 Release 2026-05-05
5bbbc97 Regenerated Clients
8dbb936 Update endpoints model
369e649 Update API model
dc2d13f Release 2026-05-04
da4bcff Regenerated Clients
a8b1180 Update API model
Additional commits viewable in compare view

Updates github.com/aws/aws-sdk-go-v2/service/s3 from 1.100.1 to 1.101.0

Commits

84ddd08 Release 2026-05-06
23645b4 Regenerated Clients
848eb59 Update API model
1d7b134 Release 2026-05-05
5bbbc97 Regenerated Clients
8dbb936 Update endpoints model
369e649 Update API model
dc2d13f Release 2026-05-04
da4bcff Regenerated Clients
a8b1180 Update API model
Additional commits viewable in compare view

Updates github.com/docker/cli from 29.4.2+incompatible to 29.4.3+incompatible

Commits

See full diff in compare view

Updates github.com/fluxcd/pkg/ssa from 0.73.0 to 0.74.0

Commits

f3ad4b5 Merge pull request #1195 from fluxcd/release-main
f35b4fd Prepare for release
18e165c Merge pull request #1194 from fluxcd/k8s-1.36
fe43778 Update controller-gen to v0.21.0
2498ab4 Update cloud auth SDKs
b3bb0e0 Update go-git to v5.19.0
545dc4f Update distribution to v3.1.1
b23cbf9 Update Kubernetes packages to 1.36
c604281 Update Go to 1.26
939c616 ssa: Fix race condition in CRD tests
Additional commits viewable in compare view

Updates github.com/go-git/go-billy/v5 from 5.8.0 to 5.9.0

Release notes

Sourced from github.com/go-git/go-billy/v5's releases.

v5.9.0

What's Changed

Use path.Clean instead of filepath.Clean in iofs.Open by @puerco in go-git/go-billy#197

Deprecate ChrootOS in favour of BoundOS by @pjbgf in go-git/go-billy#201

General Improvements by @pjbgf in go-git/go-billy#203

osfs: ChrootOS eval baseDir on creation by @pjbgf in go-git/go-billy#205

Run go-git tests as part of integration tests by @pjbgf in go-git/go-billy#206

Full Changelog: go-git/go-billy@v5.8.0...v5.9.0

Commits

237e529 Merge pull request #206 from pjbgf/v5-improvements
04edb39 build: Add go-git integration test
d8efefd osfs: preserve empty ChrootOS base
07f2a0b Merge pull request #205 from pjbgf/v5-improvements
25207c8 build: Bump Go versions in workflows
2fda229 osfs: ChrootOS eval baseDir on creation
427b27f Merge pull request #203 from pjbgf/v5-improvements
7d5a23e chroot: Reject symlink loops
2c2287a util: avoid following symlinks in RemoveAll fallback
cbd88e9 Fix mount path handling
Additional commits viewable in compare view

Updates github.com/go-git/go-git/v5 from 5.18.0 to 5.19.0

Release notes

Sourced from github.com/go-git/go-git/v5's releases.

v5.19.0

What's Changed

build: Update module github.com/go-git/go-git/v5 to v5.18.0 [SECURITY] (releases/v5.x) by @go-git-renovate[bot] in go-git/go-git#2010

v5: Bump sha1cd and go-billy by @pjbgf in go-git/go-git#2060

v5: Align object encoding with upstream by @pjbgf in go-git/go-git#2065

Full Changelog: go-git/go-git@v5.18.0...v5.19.0

Commits

bc930f4 Merge pull request #2065 from go-git/commit-v5
d315264 plumbing: object, Reset object before decode
6e1d348 plumbing: object, Align Tree handling with upstream
e134ba3 tests: Skip double checks in Git v2.11
1971422 tests: Add git conformance tests for signing verification
a387aa8 plumbing: object, Add ErrMalformedTag
f415670 plumbing: object, Decode Tag headers via a state machine
5b0cd38 plumbing: object, Reject multi-signature commits at Verify
fe8ed62 plumbing: object, Align Tag.EncodeWithoutSignature with Commit
98e337d plumbing: object, Add support for Tag.SignatureSHA256
Additional commits viewable in compare view

Updates golang.org/x/crypto from 0.50.0 to 0.51.0

Commits

b8a14a8 go.mod: update golang.org/x dependencies
9d9d507 x509roots/fallback/bundle: fix bundle test with Go 1.27+
fd0b90d acme: include Problem in OrderError.Error
b9e5359 pbkdf2: turn into a wrapper for crypto/pbkdf2
cc0e4fc hkdf: forward Extract to the standard library
a8e9237 x509roots/fallback: update bundle
See full diff in compare view

Updates golang.org/x/exp from 0.0.0-20251219203646-944ab1f22d93 to 0.0.0-20260410095643-746e56fc9e2f

Commits

See full diff in compare view

Updates golang.org/x/net from 0.53.0 to 0.54.0

Commits

b138e06 go.mod: update golang.org/x dependencies
689f70a quic: fix wrong final size being used for RESET_STREAM frame
208f306 http3: increase handshake timeout
49810da http2: enable net/http wrapping when go >= 1.27
5e11a5a quic: fix data race in streamForFrame
8c63081 http2: use empty Transport rather than DefaultTransport in http2wrap
fc7b466 http2: add http2wrap test
15c2cb1 http2: avoid overflowing 32-bit int when http2wrap enabled
6465188 http2: add wrapped Server
72f419a http2: add wrapped ClientConn
Additional commits viewable in compare view

Updates golang.org/x/text from 0.36.0 to 0.37.0

Commits

3ef517e go.mod: update golang.org/x dependencies
See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the go group with 10 updates: | Package | From | To | | --- | --- | --- | | [github.com/aws/aws-sdk-go-v2/feature/s3/transfermanager](https://github.com/aws/aws-sdk-go-v2) | `0.1.20` | `0.1.21` | | [github.com/aws/aws-sdk-go-v2/service/s3](https://github.com/aws/aws-sdk-go-v2) | `1.100.1` | `1.101.0` | | [github.com/docker/cli](https://github.com/docker/cli) | `29.4.2+incompatible` | `29.4.3+incompatible` | | [github.com/fluxcd/pkg/ssa](https://github.com/fluxcd/pkg) | `0.73.0` | `0.74.0` | | [github.com/go-git/go-billy/v5](https://github.com/go-git/go-billy) | `5.8.0` | `5.9.0` | | [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) | `5.18.0` | `5.19.0` | | [golang.org/x/crypto](https://github.com/golang/crypto) | `0.50.0` | `0.51.0` | | [golang.org/x/exp](https://github.com/golang/exp) | `0.0.0-20251219203646-944ab1f22d93` | `0.0.0-20260410095643-746e56fc9e2f` | | [golang.org/x/net](https://github.com/golang/net) | `0.53.0` | `0.54.0` | | [golang.org/x/text](https://github.com/golang/text) | `0.36.0` | `0.37.0` | Updates `github.com/aws/aws-sdk-go-v2/feature/s3/transfermanager` from 0.1.20 to 0.1.21 - [Release notes](https://github.com/aws/aws-sdk-go-v2/releases) - [Commits](aws/aws-sdk-go-v2@feature/s3/transfermanager/v0.1.20...feature/s3/transfermanager/v0.1.21) Updates `github.com/aws/aws-sdk-go-v2/service/s3` from 1.100.1 to 1.101.0 - [Release notes](https://github.com/aws/aws-sdk-go-v2/releases) - [Commits](aws/aws-sdk-go-v2@service/s3/v1.100.1...service/s3/v1.101.0) Updates `github.com/docker/cli` from 29.4.2+incompatible to 29.4.3+incompatible - [Commits](docker/cli@v29.4.2...v29.4.3) Updates `github.com/fluxcd/pkg/ssa` from 0.73.0 to 0.74.0 - [Commits](fluxcd/pkg@ssa/v0.73.0...ssa/v0.74.0) Updates `github.com/go-git/go-billy/v5` from 5.8.0 to 5.9.0 - [Release notes](https://github.com/go-git/go-billy/releases) - [Commits](go-git/go-billy@v5.8.0...v5.9.0) Updates `github.com/go-git/go-git/v5` from 5.18.0 to 5.19.0 - [Release notes](https://github.com/go-git/go-git/releases) - [Changelog](https://github.com/go-git/go-git/blob/main/HISTORY.md) - [Commits](go-git/go-git@v5.18.0...v5.19.0) Updates `golang.org/x/crypto` from 0.50.0 to 0.51.0 - [Commits](golang/crypto@v0.50.0...v0.51.0) Updates `golang.org/x/exp` from 0.0.0-20251219203646-944ab1f22d93 to 0.0.0-20260410095643-746e56fc9e2f - [Commits](https://github.com/golang/exp/commits) Updates `golang.org/x/net` from 0.53.0 to 0.54.0 - [Commits](golang/net@v0.53.0...v0.54.0) Updates `golang.org/x/text` from 0.36.0 to 0.37.0 - [Release notes](https://github.com/golang/text/releases) - [Commits](golang/text@v0.36.0...v0.37.0) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go-v2/feature/s3/transfermanager dependency-version: 0.1.21 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go - dependency-name: github.com/aws/aws-sdk-go-v2/service/s3 dependency-version: 1.101.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go - dependency-name: github.com/docker/cli dependency-version: 29.4.3+incompatible dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go - dependency-name: github.com/fluxcd/pkg/ssa dependency-version: 0.74.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go - dependency-name: github.com/go-git/go-billy/v5 dependency-version: 5.9.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go - dependency-name: github.com/go-git/go-git/v5 dependency-version: 5.19.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go - dependency-name: golang.org/x/crypto dependency-version: 0.51.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go - dependency-name: golang.org/x/exp dependency-version: 0.0.0-20260410095643-746e56fc9e2f dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go - dependency-name: golang.org/x/net dependency-version: 0.54.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go - dependency-name: golang.org/x/text dependency-version: 0.37.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot · 2026-05-11T17:30:14Z

Looks like these dependencies are updatable in another way, so this is no longer needed.

dependabot Bot added kind/chore chore, maintenance, etc. kind/dependency dependency update, etc. labels May 10, 2026

dependabot Bot requested a review from a team as a code owner May 10, 2026 08:26

dependabot Bot added kind/dependency dependency update, etc. kind/chore chore, maintenance, etc. labels May 10, 2026

github-actions Bot added the size/s Small label May 10, 2026

matthiasbruns approved these changes May 11, 2026

View reviewed changes

dependabot Bot closed this May 11, 2026

dependabot Bot deleted the dependabot/go_modules/go-aa136184dd branch May 11, 2026 17:30

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): bump the go group with 10 updates#1953

chore(deps): bump the go group with 10 updates#1953
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/go_modules/go-aa136184dd

dependabot Bot commented on behalf of github May 10, 2026 •

edited

Loading

Uh oh!

dependabot Bot commented on behalf of github May 11, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Conversation

dependabot Bot commented on behalf of github May 10, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

v5.9.0

What's Changed

v5.19.0

What's Changed

Uh oh!

dependabot Bot commented on behalf of github May 11, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

dependabot Bot commented on behalf of github May 10, 2026 •

edited

Loading