Skip to content

chore(deps): bump the go group with 11 updates#2035

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/go_modules/go-3c015ff500
Open

chore(deps): bump the go group with 11 updates#2035
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/go_modules/go-3c015ff500

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 12, 2026

Copy link
Copy Markdown
Contributor

Bumps the go group with 11 updates:

Package From To
github.com/aws/aws-sdk-go-v2/config 1.32.27 1.32.29
github.com/aws/aws-sdk-go-v2/credentials 1.19.26 1.19.28
github.com/aws/aws-sdk-go-v2/feature/s3/transfermanager 0.2.13 0.3.1
github.com/aws/aws-sdk-go-v2/service/ecr 1.58.6 1.59.0
github.com/aws/aws-sdk-go-v2/service/s3 1.104.2 1.105.0
github.com/containerd/containerd/v2 2.3.2 2.3.3
golang.org/x/crypto 0.53.0 0.54.0
golang.org/x/net 0.56.0 0.57.0
golang.org/x/text 0.38.0 0.40.0
helm.sh/helm/v4 4.2.2 4.2.3
oras.land/oras-go/v2 2.6.1 2.6.2

Updates github.com/aws/aws-sdk-go-v2/config from 1.32.27 to 1.32.29

Commits

Updates github.com/aws/aws-sdk-go-v2/credentials from 1.19.26 to 1.19.28

Commits

Updates github.com/aws/aws-sdk-go-v2/feature/s3/transfermanager from 0.2.13 to 0.3.1

Commits
  • eecb375 Release 2020-10-30
  • de723b1 checkout for release metadata
  • 8f61400 regenerated clients
  • ffc8bcd Update tests to use camel-cased enums
  • 0a71fb9 Update generated code
  • 1ea978e Automatically filter streaming operations
  • 472c933 Update generated code
  • 4f64b96 smithy-go replace commands (#865)
  • 0061141 Merge pull request #858 from aws/xmlnamespace-on-service
  • 72580de uncomment xmlns attr addition for putBucketAccelerateConfigration operation
  • Additional commits viewable in compare view

Updates github.com/aws/aws-sdk-go-v2/service/ecr from 1.58.6 to 1.59.0

Commits

Updates github.com/aws/aws-sdk-go-v2/service/s3 from 1.104.2 to 1.105.0

Commits

Updates github.com/containerd/containerd/v2 from 2.3.2 to 2.3.3

Release notes

Sourced from github.com/containerd/containerd/v2's releases.

containerd 2.3.3

Welcome to the v2.3.3 release of containerd!

The third patch release for containerd 2.3 contains various fixes and updates.

Highlights

  • Set SystemTemp environment variable on Windows so temp directory overrides work for SYSTEM services (#13694)

Container Runtime Interface (CRI)

  • Fix nil pointer dereference in NRI GetIPs during pod sandbox teardown or container exit (#13697)
  • Reject CreateContainer calls when the target sandbox is not running (#13668)
  • Ensure sandbox shutdown on RunPodSandbox hook failures to avoid mount leaks (#13645)

Image Distribution

  • Surface OCI error bodies in registry 403 responses by falling back to GET requests (#13738)

Snapshotters

  • Align default 4K mkfs block size for EROFS across all platforms (#13632)

Please try out the release binaries and report any issues at https://github.com/containerd/containerd/issues.

Contributors

  • Maksym Pavlenko
  • Samuel Karp
  • Chris Henzie
  • Phil Estes
  • Sebastiaan van Stijn
  • Akihiro Suda
  • Austin Vazquez
  • Chris Crone
  • Derek McGowan
  • Maksim An
  • crawfordxx
  • cshung
  • lauralorenz

Changes

  • Prepare release notes for v2.3.3 (#13750)
  • CI: migrate Vagrant to Lima (#13744)

... (truncated)

Commits
  • aad1100 Merge pull request #13750 from chrishenzie/prepare-v2.3.3
  • 7f6cee0 Prepare release notes for v2.3.3
  • bc63467 Merge pull request #13744 from AkihiroSuda/cherrypick-13728-2.3
  • 7316210 CI: migrate Vagrant to Lima
  • dc84019 Merge pull request #13738 from k8s-infra-cherrypick-robot/cherry-pick-13547-t...
  • 457fba3 remotes: surface OCI error body on HEAD 403 via GET fallback
  • 5e5581f Merge pull request #13732 from k8s-infra-cherrypick-robot/cherry-pick-13725-t...
  • dc2df93 Update go to 1.26.5
  • e2240ef Merge pull request #13711 from k8s-infra-cherrypick-robot/cherry-pick-13707-t...
  • 5be0495 ci: pin fog-json to resolve gem conflict
  • Additional commits viewable in compare view

Updates golang.org/x/crypto from 0.53.0 to 0.54.0

Commits
  • cdce021 go.mod: update golang.org/x dependencies
  • d9474cc openpgp: make the deprecation message more explicit
  • 7626c50 ssh: verify declared key type matches decoded key in authorized_keys
  • 0471e79 ssh/agent: enforce strict limits on DSA key parameters
  • 6435c37 ssh: sanitize client disconnect messages
  • 7d695da ssh/agent: drain channel stderr in agent forwarders
  • 5b7f841 acme/autocert: fix data race in Manager.createCert
  • 0b316e7 argon2: update RFC 9106 parameter recommendations
  • 55aec0a x509roots/fallback: update bundle
  • 5f2de1a internal: remove wycheproof tests
  • See full diff in compare view

Updates golang.org/x/net from 0.56.0 to 0.57.0

Commits
  • b8f09f6 go.mod: update golang.org/x dependencies
  • f05f21b idna: reject all-ASCII xn-- labels on all Go versions
  • 0f748cf internal/http3: clean up stream I/O methods usages in tests
  • 0bb961e internal/http3: add net/http.ResponseController support
  • 0ca694d webdav: document Dir's lack of defense against filesystem modification
  • bd5f1dc http2: initialize Transport on NewClientConn
  • 488ff63 bpf: add security considerations to package docs
  • 93d1f25 xsrftoken: avoid token collisions
  • 5a3baee internal/http3: prevent panic in QPACK decoder due to overflow
  • See full diff in compare view

Updates golang.org/x/text from 0.38.0 to 0.40.0

Commits
  • 724af9c go.mod: update golang.org/x dependencies
  • bf5b9d6 internal/export/idna: always treat Punycode encoding pure ASCII as an error
  • b326f3d go.mod: update golang.org/x dependencies
  • 5ae8e57 unicode/norm: avoid infinite loop on invalid input
  • 0dc94a2 all: fix some comments
  • See full diff in compare view

Updates helm.sh/helm/v4 from 4.2.2 to 4.2.3

Release notes

Sourced from helm.sh/helm/v4's releases.

Helm v4.2.3 is a patch release. Users are encouraged to upgrade for the best experience.

The community keeps growing, and we'd love to see you there!

  • Join the discussion in Kubernetes Slack:
    • for questions and just to hang out
    • for discussing PRs, code, and bugs
  • Hang out at the Public Developer Call: Thursday, 9:30 Pacific via Zoom
  • Test, debug, and contribute charts: ArtifactHub/packages

Installation and Upgrading

Download Helm v4.2.3. The common platform binaries are here:

The Quickstart Guide will get you going from there. For upgrade instructions or detailed installation notes, check the install guide. You can also use a script to install on any system with bash.

What's Next

  • 4.2.4 and 3.21.4 are the next patch releases scheduled for August 12, 2026
  • 4.3.0 and 3.22.0 are the next minor releases scheduled for September 9, 2026

Changelog

  • chore(deps): bump golang.org/x/crypto from 0.53.0 to 0.54.0 43e8b7feece8beb0fcba47059ec9b522fd929a64 (Terry Howe)
Commits
  • 43e8b7f chore(deps): bump golang.org/x/crypto from 0.53.0 to 0.54.0
  • See full diff in compare view

Updates oras.land/oras-go/v2 from 2.6.1 to 2.6.2

Release notes

Sourced from oras.land/oras-go/v2's releases.

v2.6.2

This is a security patch release addressing advisories in the content and remote layers, plus additional hardening and bug fixes since v2.6.1.

Security Fixes

  • Resolve the hardlink (TypeLink) target before passing it to os.Link, preventing a crafted OCI artifact from hardlinking a file outside the extraction directory via the process CWD (#1232, GHSA-fxhp-mv3v-67qp / CVE-2026-50163)
  • Bound tag and referrer list pagination to prevent a malicious or misbehaving registry from advertising an endless page chain and forcing unbounded client requests (client-side DoS) (#1215)

Bug Fixes

  • Bound content.ReadAll allocation by actual content read rather than the descriptor size, correcting the over-broad 32 MiB cap introduced for GHSA-f36w-mj3v-6jqv so legitimate in-memory Push/FetchAll/FetchBytes are not rejected (#1223)

Other Changes

  • Bump golang.org/x/sync from 0.20.0 to 0.21.0 (#1208)
Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the go group with 11 updates:

| Package | From | To |
| --- | --- | --- |
| [github.com/aws/aws-sdk-go-v2/config](https://github.com/aws/aws-sdk-go-v2) | `1.32.27` | `1.32.29` |
| [github.com/aws/aws-sdk-go-v2/credentials](https://github.com/aws/aws-sdk-go-v2) | `1.19.26` | `1.19.28` |
| [github.com/aws/aws-sdk-go-v2/feature/s3/transfermanager](https://github.com/aws/aws-sdk-go-v2) | `0.2.13` | `0.3.1` |
| [github.com/aws/aws-sdk-go-v2/service/ecr](https://github.com/aws/aws-sdk-go-v2) | `1.58.6` | `1.59.0` |
| [github.com/aws/aws-sdk-go-v2/service/s3](https://github.com/aws/aws-sdk-go-v2) | `1.104.2` | `1.105.0` |
| [github.com/containerd/containerd/v2](https://github.com/containerd/containerd) | `2.3.2` | `2.3.3` |
| [golang.org/x/crypto](https://github.com/golang/crypto) | `0.53.0` | `0.54.0` |
| [golang.org/x/net](https://github.com/golang/net) | `0.56.0` | `0.57.0` |
| [golang.org/x/text](https://github.com/golang/text) | `0.38.0` | `0.40.0` |
| [helm.sh/helm/v4](https://github.com/helm/helm) | `4.2.2` | `4.2.3` |
| [oras.land/oras-go/v2](https://github.com/oras-project/oras-go) | `2.6.1` | `2.6.2` |


Updates `github.com/aws/aws-sdk-go-v2/config` from 1.32.27 to 1.32.29
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](aws/aws-sdk-go-v2@config/v1.32.27...config/v1.32.29)

Updates `github.com/aws/aws-sdk-go-v2/credentials` from 1.19.26 to 1.19.28
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](aws/aws-sdk-go-v2@credentials/v1.19.26...credentials/v1.19.28)

Updates `github.com/aws/aws-sdk-go-v2/feature/s3/transfermanager` from 0.2.13 to 0.3.1
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](aws/aws-sdk-go-v2@feature/s3/transfermanager/v0.2.13...service/internal/s3shared/v0.3.1)

Updates `github.com/aws/aws-sdk-go-v2/service/ecr` from 1.58.6 to 1.59.0
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](aws/aws-sdk-go-v2@service/ecr/v1.58.6...service/s3/v1.59.0)

Updates `github.com/aws/aws-sdk-go-v2/service/s3` from 1.104.2 to 1.105.0
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](aws/aws-sdk-go-v2@service/s3/v1.104.2...service/s3/v1.105.0)

Updates `github.com/containerd/containerd/v2` from 2.3.2 to 2.3.3
- [Release notes](https://github.com/containerd/containerd/releases)
- [Changelog](https://github.com/containerd/containerd/blob/main/RELEASES.md)
- [Commits](containerd/containerd@v2.3.2...v2.3.3)

Updates `golang.org/x/crypto` from 0.53.0 to 0.54.0
- [Commits](golang/crypto@v0.53.0...v0.54.0)

Updates `golang.org/x/net` from 0.56.0 to 0.57.0
- [Commits](golang/net@v0.56.0...v0.57.0)

Updates `golang.org/x/text` from 0.38.0 to 0.40.0
- [Release notes](https://github.com/golang/text/releases)
- [Commits](golang/text@v0.38.0...v0.40.0)

Updates `helm.sh/helm/v4` from 4.2.2 to 4.2.3
- [Release notes](https://github.com/helm/helm/releases)
- [Commits](helm/helm@v4.2.2...v4.2.3)

Updates `oras.land/oras-go/v2` from 2.6.1 to 2.6.2
- [Release notes](https://github.com/oras-project/oras-go/releases)
- [Commits](oras-project/oras-go@v2.6.1...v2.6.2)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2/config
  dependency-version: 1.32.29
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go
- dependency-name: github.com/aws/aws-sdk-go-v2/credentials
  dependency-version: 1.19.28
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go
- dependency-name: github.com/aws/aws-sdk-go-v2/feature/s3/transfermanager
  dependency-version: 0.3.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: github.com/aws/aws-sdk-go-v2/service/ecr
  dependency-version: 1.59.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: github.com/aws/aws-sdk-go-v2/service/s3
  dependency-version: 1.105.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: github.com/containerd/containerd/v2
  dependency-version: 2.3.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go
- dependency-name: golang.org/x/crypto
  dependency-version: 0.54.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: golang.org/x/net
  dependency-version: 0.57.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: golang.org/x/text
  dependency-version: 0.40.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: helm.sh/helm/v4
  dependency-version: 4.2.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go
- dependency-name: oras.land/oras-go/v2
  dependency-version: 2.6.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added kind/chore chore, maintenance, etc. kind/dependency dependency update, etc. labels Jul 12, 2026
@dependabot dependabot Bot requested a review from a team as a code owner July 12, 2026 08:30
@dependabot dependabot Bot added kind/dependency dependency update, etc. kind/chore chore, maintenance, etc. labels Jul 12, 2026
@github-actions github-actions Bot added the size/m Medium label Jul 12, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

kind/chore chore, maintenance, etc. kind/dependency dependency update, etc. size/m Medium

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants