Skip to content

chore(deps): bump github.com/buildpacks/pack from 0.39.1 to 0.40.8#328

Open
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/go_modules/github.com/buildpacks/pack-0.40.8
Open

chore(deps): bump github.com/buildpacks/pack from 0.39.1 to 0.40.8#328
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/go_modules/github.com/buildpacks/pack-0.40.8

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 14, 2026

Copy link
Copy Markdown

Bumps github.com/buildpacks/pack from 0.39.1 to 0.40.8.

Release notes

Sourced from github.com/buildpacks/pack's releases.

pack v0.40.8

Prerequisites

  • A container runtime such as Docker or podman must be available to execute builds.

Install

For instructions on installing pack, see our installation docs.

Run

Run the command pack.

You should see the following output

CLI for building apps using Cloud Native Buildpacks

Usage: pack [command]

Available Commands: build Generate app image from source code builder Interact with builders buildpack Interact with buildpacks extension Interact with extensions config Interact with your local pack config file inspect Show information about a built app image stack (deprecated) Interact with stacks rebase Rebase app image with latest run image sbom Interact with SBoM completion Outputs completion script location report Display useful information for reporting an issue version Show current 'pack' version help Help about any command

Flags: --force-color Force color output -h, --help Help for 'pack' --no-color Disable color output -q, --quiet Show less output --timestamps Enable timestamps in output -v, --verbose Show more output --version Show current 'pack' version

Use "pack [command] --help" for more information about a command.

Info

... (truncated)

Commits
  • 3253355 build(deps): bump Go to 1.25.12 and safe x/* deps to fix CVEs (#2653)
  • a469ae3 build(deps): bump safe go-dependencies (kaniko, tcell, gomega, x/mod) (#2647)
  • 02d2e69 Add license scan report and status (#2638)
  • 2df3b8c chore: suppress unreachable docker daemon CVEs in grype config (#2644)
  • 7f2f74e build(deps): bump Go directive to 1.25.11 for stdlib security fixes (#2642)
  • 5185a57 build(deps): bump x/crypto, x/net, and go-git for security fixes (#2641)
  • e0e21cd fix(buildpack): fix malformed yank PR template body (#2631)
  • e7ca39a chore: remove direct dependency on github.com/docker/docker (#2617)
  • a7f39ca Suggest heroku/builder:26 instead of heroku/builder:24 (#2611)
  • 7640af9 Merge remote-tracking branch 'origin/release/0.40.5'
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [github.com/buildpacks/pack](https://github.com/buildpacks/pack) from 0.39.1 to 0.40.8.
- [Release notes](https://github.com/buildpacks/pack/releases)
- [Changelog](https://github.com/buildpacks/pack/blob/main/RELEASE.md)
- [Commits](buildpacks/pack@v0.39.1...v0.40.8)

---
updated-dependencies:
- dependency-name: github.com/buildpacks/pack
  dependency-version: 0.40.8
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Jul 14, 2026
@dependabot dependabot Bot requested a review from remyleone as a code owner July 14, 2026 07:32
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Jul 14, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file go Pull requests that update Go code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants