chore: combine Dependabot bumps (x/net, certmagic, github-actions)#2504
Closed
alexandre-daubois wants to merge 4 commits into
Closed
chore: combine Dependabot bumps (x/net, certmagic, github-actions)#2504alexandre-daubois wants to merge 4 commits into
alexandre-daubois wants to merge 4 commits into
Conversation
Bumps the go-modules group with 1 update: [golang.org/x/net](https://github.com/golang/net). Updates `golang.org/x/net` from 0.55.0 to 0.56.0 - [Commits](golang/net@v0.55.0...v0.56.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-version: 0.56.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-modules ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps the go-modules group in /caddy with 1 update: [github.com/caddyserver/certmagic](https://github.com/caddyserver/certmagic). Updates `github.com/caddyserver/certmagic` from 0.25.3 to 0.25.4 - [Release notes](https://github.com/caddyserver/certmagic/releases) - [Commits](caddyserver/certmagic@v0.25.3...v0.25.4) --- updated-dependencies: - dependency-name: github.com/caddyserver/certmagic dependency-version: 0.25.4 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go-modules ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps the github-actions group with 7 updates in the / directory: | Package | From | To | | --- | --- | --- | | [dependabot/fetch-metadata](https://github.com/dependabot/fetch-metadata) | `2.5.0` | `3.1.0` | | [actions/checkout](https://github.com/actions/checkout) | `6.0.2` | `7.0.0` | | [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) | `4.0.0` | `4.1.0` | | [docker/login-action](https://github.com/docker/login-action) | `4.1.0` | `4.2.0` | | [docker/bake-action](https://github.com/docker/bake-action) | `7.1.0` | `7.2.0` | | [actions/cache](https://github.com/actions/cache) | `5.0.5` | `6.1.0` | | [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) | `9.2.0` | `9.2.1` | Updates `dependabot/fetch-metadata` from 2.5.0 to 3.1.0 - [Release notes](https://github.com/dependabot/fetch-metadata/releases) - [Commits](dependabot/fetch-metadata@21025c7...25dd0e3) Updates `actions/checkout` from 6.0.2 to 7.0.0 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@de0fac2...9c091bb) Updates `docker/setup-buildx-action` from 4.0.0 to 4.1.0 - [Release notes](https://github.com/docker/setup-buildx-action/releases) - [Commits](docker/setup-buildx-action@4d04d5d...d7f5e7f) Updates `docker/login-action` from 4.1.0 to 4.2.0 - [Release notes](https://github.com/docker/login-action/releases) - [Commits](docker/login-action@4907a6d...650006c) Updates `docker/bake-action` from 7.1.0 to 7.2.0 - [Release notes](https://github.com/docker/bake-action/releases) - [Commits](docker/bake-action@a66e1c8...6614cfa) Updates `actions/cache` from 5.0.5 to 6.1.0 - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](actions/cache@27d5ce7...55cc834) Updates `golangci/golangci-lint-action` from 9.2.0 to 9.2.1 - [Release notes](https://github.com/golangci/golangci-lint-action/releases) - [Commits](golangci/golangci-lint-action@1e7e51e...82606bf) --- updated-dependencies: - dependency-name: dependabot/fetch-metadata dependency-version: 3.1.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: actions/checkout dependency-version: 7.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: docker/setup-buildx-action dependency-version: 4.1.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: docker/login-action dependency-version: 4.2.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: docker/bake-action dependency-version: 7.2.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: actions/cache dependency-version: 6.1.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: golangci/golangci-lint-action dependency-version: 9.2.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions ... Signed-off-by: dependabot[bot] <support@github.com>
The root module's golang.org/x/net 0.56.0 bump (and the x/crypto, x/sync, x/sys, x/term, x/text versions it pulls in) propagates to caddy/go.mod, which uses `replace github.com/dunglas/frankenphp => ../`.
Contributor
There was a problem hiding this comment.
Pull request overview
This PR consolidates three Dependabot updates into a single change set, updating Go module dependencies (root and caddy/) and refreshing pinned GitHub Actions versions across CI workflows.
Changes:
- Bump
golang.org/x/nettov0.56.0(and propagate relatedgolang.org/x/*indirect updates). - Bump
github.com/caddyserver/certmagictov0.25.4incaddy/(withgo mod tidy-driven indirect updates). - Update multiple GitHub Actions pins (checkout/buildx/login/bake/cache/lint/fetch-metadata) to newer versions.
Reviewed changes
Copilot reviewed 11 out of 13 changed files in this pull request and generated no comments.
Show a summary per file
| File | Description |
|---|---|
| go.mod | Bumps golang.org/x/net and related indirect golang.org/x/* versions. |
| go.sum | Updates module checksums to match the bumped Go dependencies. |
| caddy/go.mod | Bumps certmagic and refreshes indirect golang.org/x/* versions via tidy. |
| caddy/go.sum | Updates module checksums for certmagic and indirect dependency bumps. |
| .github/workflows/windows.yaml | Updates actions/checkout pin to v7.0.0. |
| .github/workflows/translate.yaml | Updates actions/checkout pin to v7.0.0. |
| .github/workflows/tests.yaml | Updates actions/checkout and golangci-lint-action pins. |
| .github/workflows/static.yaml | Updates pins for checkout/buildx/login/bake across static build jobs. |
| .github/workflows/sanitizers.yaml | Updates actions/checkout and actions/cache pins. |
| .github/workflows/release.yaml | Updates actions/checkout pin to v7.0.0. |
| .github/workflows/lint.yaml | Updates actions/checkout pin to v7.0.0. |
| .github/workflows/docker.yaml | Updates pins for checkout/buildx/login/bake across Docker build jobs. |
| .github/workflows/dependabot.yaml | Updates dependabot/fetch-metadata pin to v3.1.0. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Supersedes #2493, #2494, #2498.