build(deps): bump the gomod group across 2 directories with 5 updates by dependabot[bot] · Pull Request #2268 · containerd/stargz-snapshotter

dependabot · 2026-03-12T20:54:32Z

Bumps the gomod group with 2 updates in the / directory: github.com/docker/cli and github.com/klauspost/compress.
Bumps the gomod group with 4 updates in the /cmd directory: github.com/klauspost/compress, github.com/bmatcuk/doublestar/v4, github.com/coreos/go-systemd/v22 and github.com/goccy/go-json.

Updates github.com/docker/cli from 29.1.5+incompatible to 29.3.0+incompatible

Commits

5927d80 Merge pull request #6844 from vvoland/update-docker
206fc8c vendor: github.com/moby/moby/client v0.3.0
874a8df vendor: github.com/moby/moby/api v1.54.0
964a6d2 Merge pull request #6792 from vvoland/bind-create
210147d Merge pull request #6843 from docker/dependabot/github_actions/docker/setup-b...
847f547 Merge pull request #6842 from docker/dependabot/github_actions/docker/login-a...
668b367 build(deps): bump docker/setup-buildx-action from 3 to 4
30a2ace build(deps): bump docker/login-action from 3 to 4
32aa575 docs/service: Document bind-create-src
c747cff container/opts: Add bind-create-src mount option
Additional commits viewable in compare view

Updates github.com/klauspost/compress from 1.18.3 to 1.18.4

Release notes

Sourced from github.com/klauspost/compress's releases.

v1.18.4

What's Changed

gzhttp: Add zstandard to server handler wrapper by @klauspost in klauspost/compress#1121

zstd: Add ResetWithOptions to encoder/decoder by @klauspost in klauspost/compress#1122

gzhttp: preserve qvalue when extra parameters follow in Accept-Encoding by @analytically in klauspost/compress#1116

New Contributors

@analytically made their first contribution in klauspost/compress#1116

@ethaizone made their first contribution in klauspost/compress#1124

@zwass made their first contribution in klauspost/compress#1125

Full Changelog: klauspost/compress@v1.18.2...v1.18.4

Commits

c03560f zstd: Add ResetWithOptions to encoder/decoder (#1122)
0874ab8 build(deps): bump the github-actions group with 3 updates (#1126)
4a36836 doc: Clarify documentation in readme (#1125)
4309644 zstd: document concurrency option handling in encoder (#1124)
c262ec6 Update README.md
861ca97 Downstream CVE-2025-61728 (#1123)
03de960 gzhttp: Add zstandard to server handler wrapper (#1121)
bb1ab3b build(deps): bump the github-actions group with 2 updates (#1120)
986a51e fix(gzhttp): preserve qvalue when extra parameters follow in Accept-Encoding ...
fbe3b12 build(deps): bump the github-actions group with 3 updates (#1118)
Additional commits viewable in compare view

Updates github.com/klauspost/compress from 1.18.3 to 1.18.4

Release notes

Sourced from github.com/klauspost/compress's releases.

v1.18.4

What's Changed

gzhttp: Add zstandard to server handler wrapper by @klauspost in klauspost/compress#1121

zstd: Add ResetWithOptions to encoder/decoder by @klauspost in klauspost/compress#1122

gzhttp: preserve qvalue when extra parameters follow in Accept-Encoding by @analytically in klauspost/compress#1116

New Contributors

@analytically made their first contribution in klauspost/compress#1116

@ethaizone made their first contribution in klauspost/compress#1124

@zwass made their first contribution in klauspost/compress#1125

Full Changelog: klauspost/compress@v1.18.2...v1.18.4

Commits

c03560f zstd: Add ResetWithOptions to encoder/decoder (#1122)
0874ab8 build(deps): bump the github-actions group with 3 updates (#1126)
4a36836 doc: Clarify documentation in readme (#1125)
4309644 zstd: document concurrency option handling in encoder (#1124)
c262ec6 Update README.md
861ca97 Downstream CVE-2025-61728 (#1123)
03de960 gzhttp: Add zstandard to server handler wrapper (#1121)
bb1ab3b build(deps): bump the github-actions group with 2 updates (#1120)
986a51e fix(gzhttp): preserve qvalue when extra parameters follow in Accept-Encoding ...
fbe3b12 build(deps): bump the github-actions group with 3 updates (#1118)
Additional commits viewable in compare view

Updates github.com/klauspost/compress from 1.18.3 to 1.18.4

Release notes

Sourced from github.com/klauspost/compress's releases.

v1.18.4

What's Changed

gzhttp: Add zstandard to server handler wrapper by @klauspost in klauspost/compress#1121

zstd: Add ResetWithOptions to encoder/decoder by @klauspost in klauspost/compress#1122

gzhttp: preserve qvalue when extra parameters follow in Accept-Encoding by @analytically in klauspost/compress#1116

New Contributors

@analytically made their first contribution in klauspost/compress#1116

@ethaizone made their first contribution in klauspost/compress#1124

@zwass made their first contribution in klauspost/compress#1125

Full Changelog: klauspost/compress@v1.18.2...v1.18.4

Commits

c03560f zstd: Add ResetWithOptions to encoder/decoder (#1122)
0874ab8 build(deps): bump the github-actions group with 3 updates (#1126)
4a36836 doc: Clarify documentation in readme (#1125)
4309644 zstd: document concurrency option handling in encoder (#1124)
c262ec6 Update README.md
861ca97 Downstream CVE-2025-61728 (#1123)
03de960 gzhttp: Add zstandard to server handler wrapper (#1121)
bb1ab3b build(deps): bump the github-actions group with 2 updates (#1120)
986a51e fix(gzhttp): preserve qvalue when extra parameters follow in Accept-Encoding ...
fbe3b12 build(deps): bump the github-actions group with 3 updates (#1118)
Additional commits viewable in compare view

Updates github.com/bmatcuk/doublestar/v4 from 4.9.2 to 4.10.0

Release notes

Sourced from github.com/bmatcuk/doublestar/v4's releases.

Added WithNoHidden option

Added support for a WithNoHidden option to ignore hidden files in patterns that might unintentionally match them. For example, a .config directory would not be matched by * or recursed into by **, but would be matched by .* or recursed by .config/**.

Thanks to @lukasngl for the initial PR and idea!

What's Changed

feat: add WithNoHidden option to skip hidden files by @lukasngl in bmatcuk/doublestar#109

New Contributors

@lukasngl made their first contribution in bmatcuk/doublestar#109

Full Changelog: bmatcuk/doublestar@v4.9.2...v4.10.0

Commits

a9ad9e0 allow starting test manually
9987c0c update docs
d3b2184 windows support for WithNoHidden; better tests
5d6a6cd Merge branch 'lukasngl-feat/no-hidden'
e8319d2 run tests when a branch/tag is created
614b331 run tests when a branch/tag is created
df2e03f feat: add WithNoHidden option to skip hidden files
See full diff in compare view

Updates github.com/coreos/go-systemd/v22 from 22.6.0 to 22.7.0

Release notes

Sourced from github.com/coreos/go-systemd/v22's releases.

v22.7.0

This release fixes an issue with multiple calls to (e.g.) StopUnit, simplifies and improves code and documentation, and adds a few new methods.

What's Changed

build(deps): bump actions/setup-go from 5 to 6 by @dependabot[bot] in coreos/go-systemd#473

Fixing error on negative value of LISTEN_FDS by @vporoshok in coreos/go-systemd#472

Misc error reporting improvements by @kolyshkin in coreos/go-systemd#475

daemon: add SdNotifyMonotonicUsec helper function by @corhere in coreos/go-systemd#435

build(deps): bump golangci/golangci-lint-action from 8 to 9 by @dependabot[bot] in coreos/go-systemd#481

build(deps): bump actions/checkout from 5 to 6 by @dependabot[bot] in coreos/go-systemd#483

dbus: fix TestSetUnitProperties wrt systemd >= 252 by @kolyshkin in coreos/go-systemd#489

Sync repo templates ⚙ by @coreosbot-releng in coreos/go-systemd#486

unit: simplify escape character by @huww98 in coreos/go-systemd#485

machine1: add missing close method to conn. by @maartensson in coreos/go-systemd#487

subscription: Added context cancellation and sync to subscription set by @NotSoFancyName in coreos/go-systemd#480

ci: improvements by @kolyshkin in coreos/go-systemd#490

import1: add missing close method to conn by @maartensson in coreos/go-systemd#492

sdjournal: fix copyrights by @kolyshkin in coreos/go-systemd#499

activation: simplify ListenersWithNames by @kolyshkin in coreos/go-systemd#498

dbus: allow multiple calls for the same unit to *Unit by @haircommander in coreos/go-systemd#496

Documentation nits by @kolyshkin in coreos/go-systemd#500

dbus: dedup result conversion code by @kolyshkin in coreos/go-systemd#493

add FilesWithNames() to activation by @MayCXC in coreos/go-systemd#497

Add support for transient units with auxiliary units by @gwenya in coreos/go-systemd#495

activation: stub out for plan9 by @flokli in coreos/go-systemd#440

New Contributors

@vporoshok made their first contribution in coreos/go-systemd#472

@corhere made their first contribution in coreos/go-systemd#435

@huww98 made their first contribution in coreos/go-systemd#485

@maartensson made their first contribution in coreos/go-systemd#487

@haircommander made their first contribution in coreos/go-systemd#496

@MayCXC made their first contribution in coreos/go-systemd#497

@gwenya made their first contribution in coreos/go-systemd#495

@flokli made their first contribution in coreos/go-systemd#440

Full Changelog: coreos/go-systemd@v22.6.0...v22.7.0

Commits

4dc4ee6 activation: stub out for plan9
8f5a75c dbus: add StartTransientUnitAux for starting transient units with auxiliary u...
9211a7b activation: add FilesWithNames()
2c3ebed dbus: dedup result conversion code
aac8e00 unit: fix Deserialize deprecation notice
d4795ce Fix doc references
abb50b3 dbus: allow multiple calls for the same unit to *Unit
27f6bea activation: simplify ListenersWithNames
e615438 sdjournal: fix copyrights
d25876d import1: add missing close method to conn
Additional commits viewable in compare view

Updates github.com/goccy/go-json from 0.10.5 to 0.10.6

Release notes

Sourced from github.com/goccy/go-json's releases.

0.10.6

What's Changed

fix: panic on embedded struct with recursive by @NgoKimPhu in goccy/go-json#483

New Contributors

@NgoKimPhu made their first contribution in goccy/go-json#483

Full Changelog: goccy/go-json@v0.10.5...v0.10.6

Commits

e4877d5 fix: panic on embedded struct with recursive (#483)
See full diff in compare view

Updates github.com/klauspost/compress from 1.18.3 to 1.18.4

Release notes

Sourced from github.com/klauspost/compress's releases.

v1.18.4

What's Changed

gzhttp: Add zstandard to server handler wrapper by @klauspost in klauspost/compress#1121

zstd: Add ResetWithOptions to encoder/decoder by @klauspost in klauspost/compress#1122

gzhttp: preserve qvalue when extra parameters follow in Accept-Encoding by @analytically in klauspost/compress#1116

New Contributors

@analytically made their first contribution in klauspost/compress#1116

@ethaizone made their first contribution in klauspost/compress#1124

@zwass made their first contribution in klauspost/compress#1125

Full Changelog: klauspost/compress@v1.18.2...v1.18.4

Commits

c03560f zstd: Add ResetWithOptions to encoder/decoder (#1122)
0874ab8 build(deps): bump the github-actions group with 3 updates (#1126)
4a36836 doc: Clarify documentation in readme (#1125)
4309644 zstd: document concurrency option handling in encoder (#1124)
c262ec6 Update README.md
861ca97 Downstream CVE-2025-61728 (#1123)
03de960 gzhttp: Add zstandard to server handler wrapper (#1121)
bb1ab3b build(deps): bump the github-actions group with 2 updates (#1120)
986a51e fix(gzhttp): preserve qvalue when extra parameters follow in Accept-Encoding ...
fbe3b12 build(deps): bump the github-actions group with 3 updates (#1118)
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

ktock · 2026-03-31T09:13:26Z

@dependabot rebase

Bumps the gomod group with 2 updates in the / directory: [github.com/docker/cli](https://github.com/docker/cli) and [github.com/klauspost/compress](https://github.com/klauspost/compress). Bumps the gomod group with 4 updates in the /cmd directory: [github.com/klauspost/compress](https://github.com/klauspost/compress), [github.com/bmatcuk/doublestar/v4](https://github.com/bmatcuk/doublestar), [github.com/coreos/go-systemd/v22](https://github.com/coreos/go-systemd) and [github.com/goccy/go-json](https://github.com/goccy/go-json). Updates `github.com/docker/cli` from 29.1.5+incompatible to 29.3.0+incompatible - [Commits](docker/cli@v29.1.5...v29.3.0) Updates `github.com/klauspost/compress` from 1.18.3 to 1.18.4 - [Release notes](https://github.com/klauspost/compress/releases) - [Commits](klauspost/compress@v1.18.3...v1.18.4) Updates `github.com/klauspost/compress` from 1.18.3 to 1.18.4 - [Release notes](https://github.com/klauspost/compress/releases) - [Commits](klauspost/compress@v1.18.3...v1.18.4) Updates `github.com/klauspost/compress` from 1.18.3 to 1.18.4 - [Release notes](https://github.com/klauspost/compress/releases) - [Commits](klauspost/compress@v1.18.3...v1.18.4) Updates `github.com/bmatcuk/doublestar/v4` from 4.9.2 to 4.10.0 - [Release notes](https://github.com/bmatcuk/doublestar/releases) - [Commits](bmatcuk/doublestar@v4.9.2...v4.10.0) Updates `github.com/coreos/go-systemd/v22` from 22.6.0 to 22.7.0 - [Release notes](https://github.com/coreos/go-systemd/releases) - [Commits](coreos/go-systemd@v22.6.0...v22.7.0) Updates `github.com/goccy/go-json` from 0.10.5 to 0.10.6 - [Release notes](https://github.com/goccy/go-json/releases) - [Changelog](https://github.com/goccy/go-json/blob/master/CHANGELOG.md) - [Commits](goccy/go-json@v0.10.5...v0.10.6) Updates `github.com/klauspost/compress` from 1.18.3 to 1.18.4 - [Release notes](https://github.com/klauspost/compress/releases) - [Commits](klauspost/compress@v1.18.3...v1.18.4) --- updated-dependencies: - dependency-name: github.com/docker/cli dependency-version: 29.3.0+incompatible dependency-type: direct:production update-type: version-update:semver-minor dependency-group: gomod - dependency-name: github.com/klauspost/compress dependency-version: 1.18.4 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gomod - dependency-name: github.com/klauspost/compress dependency-version: 1.18.4 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gomod - dependency-name: github.com/klauspost/compress dependency-version: 1.18.4 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gomod - dependency-name: github.com/bmatcuk/doublestar/v4 dependency-version: 4.10.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: gomod - dependency-name: github.com/coreos/go-systemd/v22 dependency-version: 22.7.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: gomod - dependency-name: github.com/goccy/go-json dependency-version: 0.10.6 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gomod - dependency-name: github.com/klauspost/compress dependency-version: 1.18.4 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gomod ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Mar 12, 2026

dependabot bot force-pushed the dependabot/go_modules/gomod-3ef5b0ab94 branch from 3c69db7 to d445374 Compare March 31, 2026 09:14

ktock approved these changes Apr 1, 2026

View reviewed changes

dependabot bot force-pushed the dependabot/go_modules/gomod-3ef5b0ab94 branch 3 times, most recently from abbc3f8 to 66a36d8 Compare April 2, 2026 01:30

dependabot bot force-pushed the dependabot/go_modules/gomod-3ef5b0ab94 branch from 66a36d8 to af49848 Compare April 3, 2026 20:54

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

build(deps): bump the gomod group across 2 directories with 5 updates#2268

build(deps): bump the gomod group across 2 directories with 5 updates#2268
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/go_modules/gomod-3ef5b0ab94

dependabot bot commented on behalf of github Mar 12, 2026 •

edited

Loading

Uh oh!

ktock commented Mar 31, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Conversation

dependabot bot commented on behalf of github Mar 12, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

v1.18.4

What's Changed

New Contributors

v1.18.4

What's Changed

New Contributors

v1.18.4

What's Changed

New Contributors

Added WithNoHidden option

What's Changed

New Contributors

v22.7.0

What's Changed

New Contributors

0.10.6

What's Changed

New Contributors

v1.18.4

What's Changed

New Contributors

Uh oh!

ktock commented Mar 31, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

dependabot bot commented on behalf of github Mar 12, 2026 •

edited

Loading