Skip to content

Bump the go-dependencies group with 5 updates#1620

Merged
jabrown85 merged 1 commit intomainfrom
dependabot/go_modules/go-dependencies-a26144c13d
Mar 13, 2026
Merged

Bump the go-dependencies group with 5 updates#1620
jabrown85 merged 1 commit intomainfrom
dependabot/go_modules/go-dependencies-a26144c13d

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Mar 10, 2026

Bumps the go-dependencies group with 5 updates:

Package From To
github.com/moby/moby/api 1.53.0 1.54.0
github.com/moby/moby/client 0.2.2 0.3.0
github.com/osscontainertools/kaniko 1.26.6 1.27.0
golang.org/x/sync 0.19.0 0.20.0
golang.org/x/sys 0.41.0 0.42.0

Updates github.com/moby/moby/api from 1.53.0 to 1.54.0

Release notes

Sourced from github.com/moby/moby/api's releases.

api/v1.54.0

1.54.0

New

  • GET /images/json now supports an identity query parameter. When set, the response includes manifest summaries and may include an Identity field for each manifest with trusted identity and origin information. moby/moby#52030

Bug fixes and enhancements

  • api/types/swarm: PortConfig: add Compare method. moby/moby#52047
  • api: swagger: document "platform" param for GET /image/{name}/json. moby/moby#52082
  • Fix swagger/OpenAPI return value specification for /system/df endpoint. moby/moby#52124
  • Add a MediaType pseudo-type to help discoverability of available mediatypes. moby/moby#52089
  • api/types/jsonstream: Add sanity-check for Message marshaling. moby/moby#52059
  • api/types/jsonstream: Prevent panic on nil-Error. moby/moby#52059
Commits
  • 7f1a670 Merge pull request #52140 from vvoland/drop-replace
  • 4569055 Drop replace rules
  • 37cc25c Merge pull request #52040 from vvoland/network-connect-macaddres
  • 2fa6029 network/connect: Support MacAddress
  • c0625f2 Merge pull request #52124 from chemodax/patch-1
  • 4c19a01 Merge pull request #52048 from shiv-tyagi/vendor-detection
  • 018cdea Merge pull request #52119 from ricardobranco777/saveload
  • 6d771cc Merge pull request #52137 from vvoland/label-notesting
  • 71c4815 gha/labeler: Remove *_test.go from area/testing label
  • 13a8626 daemon/devices: Turn RegisterGPUDeviceDrivers into func
  • Additional commits viewable in compare view

Updates github.com/moby/moby/client from 0.2.2 to 0.3.0

Release notes

Sourced from github.com/moby/moby/client's releases.

client/v0.3.0

0.3.0

New

  • client: ImageListOptions now supports Identity field. When set, the response includes manifest summaries and may include an Identity field for each manifest with trusted identity and origin information. moby/moby#52030

Bug fixes and enhancements

  • Lower minimum API version from v1.44. to v1.40 (Docker 19.03). moby/moby#52067
  • client/pkg/jsonmessage.DisplayJSONMessages now accepts an iter.Seq2[jsonstream.Message, error] instead of only a JSONMessagesStream,. moby/moby#52062
Changelog

Sourced from github.com/moby/moby/client's changelog.

0.3.0 (2013-05-06)

  • Registry: Implement the new registry
  • Documentation: new example: sharing data between 2 couchdb databases
  • Runtime: Fix the command existance check
  • Runtime: strings.Split may return an empty string on no match
  • Runtime: Fix an index out of range crash if cgroup memory is not
  • Documentation: Various improvments
  • Vagrant: Use only one deb line in /etc/apt
Commits
  • 4f202cd Bumped version to 0.3.0
  • da01dd3 Merge remote-tracking branch 'origin/registry-update'
  • 09f1cba Fixed imports
  • c9994ed Moved the Debugf message in a registry to a more useful place
  • b0e076f Add output to checksums, code cleaning
  • 00266df Fixed public pull + Added some verbosity about what is happening
  • 3febeb9 Added help message to invite to login when getting a 401
  • bcdf030 Fixed pulling repositories from library
  • a372f98 Switching to prod index server
  • d985050 gofmt pass
  • Additional commits viewable in compare view

Updates github.com/osscontainertools/kaniko from 1.26.6 to 1.27.0

Release notes

Sourced from github.com/osscontainertools/kaniko's releases.

v1.27.0 Release 2026-03-05

Update Notice

In this Release we activated two feature-flags:

This will allow you to use the type=secret mount option in your dockerfile RUN steps.

RUN --mount=type=secret,id=netrc,target=/root/.netrc \
  uv pip install -r requirements.txt

Note: The secret is not stored securely during the build and may be recoverable by other RUN steps even without explicitly mounting it. It should therefore not be considered confidential within the context of the build. The secret is never added to the image and never pushed.

Note: The mediatype of your output image might change from dockerv2 to ociv1, if it's a multistage build and the base image is ociv1, as we no longer enforce dockerv2 during stage transitions.

You can roll-back those changes by overriding them in the environment ie.

job:
  variables:
    FF_KANIKO_RUN_MOUNT_SECRET: "0"
    FF_KANIKO_OCI_STAGES: "0"

Please also notify us by filing a new issue.

We further deprecated these feature-flags and cli-options:

  • FF_KANIKO_RUN_MOUNT_CACHE
  • FF_KANIKO_NEW_CACHE_LAYOUT
  • --skip-unused-stages

They have no effect and can be removed.

If you rely on --skip-unused-stages to build multiple stages, you can now explicitly target multiple stages in a single build instead:

--target final --target test

Note: The order is important to avoid accidentally pushing the wrong image. The convention introduced here is that the first target listed denotes the image that will be pushed, if a push is desired. There is currently no option to push multiple targets.

Community Update

Many thanks to @​sentoz for reporting an issue fixed in this release.

What's Changed

Security

Bugfixes

... (truncated)

Changelog

Sourced from github.com/osscontainertools/kaniko's changelog.

v1.27.0 Release 2026-03-05

Update Notice

In this Release we activated two feature-flags:

This will allow you to use the type=secret mount option in your dockerfile RUN steps.

RUN --mount=type=secret,id=netrc,target=/root/.netrc \
  uv pip install -r requirements.txt

Note: The secret is not stored securely during the build and may be recoverable by other RUN steps even without explicitly mounting it. It should therefore not be considered confidential within the context of the build. The secret is never added to the image and never pushed.

Note: The mediatype of your output image might change from dockerv2 to ociv1, if it's a multistage build and the base image is ociv1, as we no longer enforce dockerv2 during stage transitions.

You can roll-back those changes by overriding them in the environment ie.

job:
  variables:
    FF_KANIKO_RUN_MOUNT_SECRET: "0"
    FF_KANIKO_OCI_STAGES: "0"

Please also notify us by filing a new issue.

We further deprecated these feature-flags and cli-options:

  • FF_KANIKO_RUN_MOUNT_CACHE
  • FF_KANIKO_NEW_CACHE_LAYOUT
  • --skip-unused-stages

They have no effect and can be removed.

If you rely on --skip-unused-stages to build multiple stages, you can now explicitly target multiple stages in a single build instead:

--target final --target test

Note: The order is important to avoid accidentally pushing the wrong image. The convention introduced here is that the first target listed denotes the image that will be pushed, if a push is desired. There is currently no option to push multiple targets.

Community Update

Many thanks to @​sentoz for reporting an issue fixed in this release.

What's Changed

Security

Bugfixes

... (truncated)

Commits
  • 4a9c396 Merge pull request #559 from osscontainertools/release-v1.27.0
  • 3281f80 release
  • 056bb9a activate featureflags for v1.27.0 release (#554)
  • 4ec1c19 Merge pull request #555 from osscontainertools/dependabot/go_modules/github.c...
  • 098697e Merge pull request #556 from osscontainertools/dependabot/github_actions/acti...
  • da69559 Merge pull request #557 from osscontainertools/dependabot/go_modules/github.c...
  • 01fbbaf Merge pull request #558 from osscontainertools/dependabot/github_actions/dock...
  • 4277bbb chore(deps): bump docker/setup-buildx-action from 3.12.0 to 4.0.0
  • 9976a66 chore(deps): bump github.com/moby/moby/api from 1.53.0 to 1.54.0
  • 2ff7e17 chore(deps): bump dominikh/staticcheck-action in the actions group
  • Additional commits viewable in compare view

Updates golang.org/x/sync from 0.19.0 to 0.20.0

Commits
  • ec11c4a errgroup: fix a typo in the documentation
  • 1a58307 all: modernize interface{} -> any
  • 3172ca5 all: upgrade go directive to at least 1.25.0 [generated]
  • See full diff in compare view

Updates golang.org/x/sys from 0.41.0 to 0.42.0

Commits
  • eaaaaee windows/registry: correct KeyInfo.ModTime calculation
  • 942780b cpu: darwin/arm64 feature detection
  • acef388 unix/linux: Prefixmsg and PrefixCacheinfo structs
  • 3687fbd cpu: better defaults on darwin ARM64
  • 48062e9 plan9: change Note to alias syscall.Note
  • 4f23f80 windows: change Signal to alias syscall.Signal
  • 7548802 all: upgrade go directive to at least 1.25.0 [generated]
  • See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Bump the go-dependencies group with 5 updates
e3b943c 
Bumps the go-dependencies group with 5 updates:

| Package | From | To |
| --- | --- | --- |
| [github.com/moby/moby/api](https://github.com/moby/moby) | `1.53.0` | `1.54.0` |
| [github.com/moby/moby/client](https://github.com/moby/moby) | `0.2.2` | `0.3.0` |
| [github.com/osscontainertools/kaniko](https://github.com/osscontainertools/kaniko) | `1.26.6` | `1.27.0` |
| [golang.org/x/sync](https://github.com/golang/sync) | `0.19.0` | `0.20.0` |
| [golang.org/x/sys](https://github.com/golang/sys) | `0.41.0` | `0.42.0` |


Updates `github.com/moby/moby/api` from 1.53.0 to 1.54.0
- [Release notes](https://github.com/moby/moby/releases)
- [Commits](moby/moby@api/v1.53.0...api/v1.54.0)

Updates `github.com/moby/moby/client` from 0.2.2 to 0.3.0
- [Release notes](https://github.com/moby/moby/releases)
- [Changelog](https://github.com/moby/moby/blob/v0.3.0/CHANGELOG.md)
- [Commits](moby/moby@v0.2.2...v0.3.0)

Updates `github.com/osscontainertools/kaniko` from 1.26.6 to 1.27.0
- [Release notes](https://github.com/osscontainertools/kaniko/releases)
- [Changelog](https://github.com/osscontainertools/kaniko/blob/main/CHANGELOG.md)
- [Commits](osscontainertools/kaniko@v1.26.6...v1.27.0)

Updates `golang.org/x/sync` from 0.19.0 to 0.20.0
- [Commits](golang/sync@v0.19.0...v0.20.0)

Updates `golang.org/x/sys` from 0.41.0 to 0.42.0
- [Commits](golang/sys@v0.41.0...v0.42.0)

---
updated-dependencies:
- dependency-name: github.com/moby/moby/api
  dependency-version: 1.54.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-dependencies
- dependency-name: github.com/moby/moby/client
  dependency-version: 0.3.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-dependencies
- dependency-name: github.com/osscontainertools/kaniko
  dependency-version: 1.27.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-dependencies
- dependency-name: golang.org/x/sync
  dependency-version: 0.20.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-dependencies
- dependency-name: golang.org/x/sys
  dependency-version: 0.42.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Mar 10, 2026
@dependabot dependabot bot requested a review from a team as a code owner March 10, 2026 23:12
@dependabot dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Mar 10, 2026
@jabrown85 jabrown85 merged commit 3a8f709 into main Mar 13, 2026
6 checks passed
@jabrown85 jabrown85 deleted the dependabot/go_modules/go-dependencies-a26144c13d branch March 13, 2026 16:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jabrown85 jabrown85 jabrown85 approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file go Pull requests that update Go code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@jabrown85