Skip to content

chore: combine Dependabot bumps (x/net, certmagic, github-actions)#2504

Closed
alexandre-daubois wants to merge 4 commits into
php:mainfrom
alexandre-daubois:chore/dependency-bumps
Closed

chore: combine Dependabot bumps (x/net, certmagic, github-actions)#2504
alexandre-daubois wants to merge 4 commits into
php:mainfrom
alexandre-daubois:chore/dependency-bumps

Conversation

@alexandre-daubois

@alexandre-daubois alexandre-daubois commented Jul 6, 2026

Copy link
Copy Markdown
Member

Supersedes #2493, #2494, #2498.

dependabot Bot and others added 4 commits July 6, 2026 09:23
Bumps the go-modules group with 1 update: [golang.org/x/net](https://github.com/golang/net).


Updates `golang.org/x/net` from 0.55.0 to 0.56.0
- [Commits](golang/net@v0.55.0...v0.56.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-version: 0.56.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-modules
...

Signed-off-by: dependabot[bot] <support@github.com>
Bumps the go-modules group in /caddy with 1 update: [github.com/caddyserver/certmagic](https://github.com/caddyserver/certmagic).


Updates `github.com/caddyserver/certmagic` from 0.25.3 to 0.25.4
- [Release notes](https://github.com/caddyserver/certmagic/releases)
- [Commits](caddyserver/certmagic@v0.25.3...v0.25.4)

---
updated-dependencies:
- dependency-name: github.com/caddyserver/certmagic
  dependency-version: 0.25.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go-modules
...

Signed-off-by: dependabot[bot] <support@github.com>
Bumps the github-actions group with 7 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [dependabot/fetch-metadata](https://github.com/dependabot/fetch-metadata) | `2.5.0` | `3.1.0` |
| [actions/checkout](https://github.com/actions/checkout) | `6.0.2` | `7.0.0` |
| [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) | `4.0.0` | `4.1.0` |
| [docker/login-action](https://github.com/docker/login-action) | `4.1.0` | `4.2.0` |
| [docker/bake-action](https://github.com/docker/bake-action) | `7.1.0` | `7.2.0` |
| [actions/cache](https://github.com/actions/cache) | `5.0.5` | `6.1.0` |
| [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) | `9.2.0` | `9.2.1` |



Updates `dependabot/fetch-metadata` from 2.5.0 to 3.1.0
- [Release notes](https://github.com/dependabot/fetch-metadata/releases)
- [Commits](dependabot/fetch-metadata@21025c7...25dd0e3)

Updates `actions/checkout` from 6.0.2 to 7.0.0
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](actions/checkout@de0fac2...9c091bb)

Updates `docker/setup-buildx-action` from 4.0.0 to 4.1.0
- [Release notes](https://github.com/docker/setup-buildx-action/releases)
- [Commits](docker/setup-buildx-action@4d04d5d...d7f5e7f)

Updates `docker/login-action` from 4.1.0 to 4.2.0
- [Release notes](https://github.com/docker/login-action/releases)
- [Commits](docker/login-action@4907a6d...650006c)

Updates `docker/bake-action` from 7.1.0 to 7.2.0
- [Release notes](https://github.com/docker/bake-action/releases)
- [Commits](docker/bake-action@a66e1c8...6614cfa)

Updates `actions/cache` from 5.0.5 to 6.1.0
- [Release notes](https://github.com/actions/cache/releases)
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)
- [Commits](actions/cache@27d5ce7...55cc834)

Updates `golangci/golangci-lint-action` from 9.2.0 to 9.2.1
- [Release notes](https://github.com/golangci/golangci-lint-action/releases)
- [Commits](golangci/golangci-lint-action@1e7e51e...82606bf)

---
updated-dependencies:
- dependency-name: dependabot/fetch-metadata
  dependency-version: 3.1.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: actions/checkout
  dependency-version: 7.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: docker/setup-buildx-action
  dependency-version: 4.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: docker/login-action
  dependency-version: 4.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: docker/bake-action
  dependency-version: 7.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: actions/cache
  dependency-version: 6.1.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: golangci/golangci-lint-action
  dependency-version: 9.2.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
...

Signed-off-by: dependabot[bot] <support@github.com>
The root module's golang.org/x/net 0.56.0 bump (and the x/crypto,
x/sync, x/sys, x/term, x/text versions it pulls in) propagates to
caddy/go.mod, which uses `replace github.com/dunglas/frankenphp => ../`.
Copilot AI review requested due to automatic review settings July 6, 2026 08:00

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR consolidates three Dependabot updates into a single change set, updating Go module dependencies (root and caddy/) and refreshing pinned GitHub Actions versions across CI workflows.

Changes:

  • Bump golang.org/x/net to v0.56.0 (and propagate related golang.org/x/* indirect updates).
  • Bump github.com/caddyserver/certmagic to v0.25.4 in caddy/ (with go mod tidy-driven indirect updates).
  • Update multiple GitHub Actions pins (checkout/buildx/login/bake/cache/lint/fetch-metadata) to newer versions.

Reviewed changes

Copilot reviewed 11 out of 13 changed files in this pull request and generated no comments.

Show a summary per file
File Description
go.mod Bumps golang.org/x/net and related indirect golang.org/x/* versions.
go.sum Updates module checksums to match the bumped Go dependencies.
caddy/go.mod Bumps certmagic and refreshes indirect golang.org/x/* versions via tidy.
caddy/go.sum Updates module checksums for certmagic and indirect dependency bumps.
.github/workflows/windows.yaml Updates actions/checkout pin to v7.0.0.
.github/workflows/translate.yaml Updates actions/checkout pin to v7.0.0.
.github/workflows/tests.yaml Updates actions/checkout and golangci-lint-action pins.
.github/workflows/static.yaml Updates pins for checkout/buildx/login/bake across static build jobs.
.github/workflows/sanitizers.yaml Updates actions/checkout and actions/cache pins.
.github/workflows/release.yaml Updates actions/checkout pin to v7.0.0.
.github/workflows/lint.yaml Updates actions/checkout pin to v7.0.0.
.github/workflows/docker.yaml Updates pins for checkout/buildx/login/bake across Docker build jobs.
.github/workflows/dependabot.yaml Updates dependabot/fetch-metadata pin to v3.1.0.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants