build(deps): bump the dependencies group across 1 directory with 12 updates by dependabot[bot] · Pull Request #6011 · nektos/act

dependabot · 2026-02-25T19:58:13Z

Bumps the dependencies group with 12 updates in the / directory:

Package	From	To
github.com/docker/cli	`28.4.0+incompatible`	`29.2.1+incompatible`
github.com/docker/docker	`28.4.0+incompatible`	`28.5.2+incompatible`
github.com/go-git/go-billy/v5	`5.6.2`	`5.8.0`
github.com/go-git/go-git/v5	`5.16.5`	`5.17.0`
github.com/rhysd/actionlint	`1.7.7`	`1.7.11`
github.com/sirupsen/logrus	`1.9.3`	`1.9.4`
github.com/spf13/cobra	`1.10.1`	`1.10.2`
github.com/spf13/pflag	`1.0.9`	`1.0.10`
golang.org/x/term	`0.38.0`	`0.40.0`
github.com/golang-jwt/jwt/v5	`5.3.0`	`5.3.1`
github.com/moby/go-archive	`0.1.0`	`0.2.0`
google.golang.org/protobuf	`1.36.9`	`1.36.11`

Updates github.com/docker/cli from 28.4.0+incompatible to 29.2.1+incompatible

Commits

a5c7197 Merge pull request #6772 from thaJeztah/cleanup_testfile
435384f Merge pull request #6773 from thaJeztah/improve_mountopts
df3e923 opts: MountOpt: extract utility functions and don't set empty values
d781df8 opts: MountOpt: extract validation to a separate function
f35fb0f cli/command: TestGetDefaultAuthConfig: cleanup test file
fe1af92 opts: MountOpt: improve validation of boolean values
5de99e6 opts: MountOpt: improve validation for whitespace in values
9620e41 opts: MountOpt: improve validation for whitespace in options
e888a6e opts: remove outdated comment
b22f1ae Merge pull request #6771 from thaJeztah/allow_empty_target
Additional commits viewable in compare view

Updates github.com/docker/docker from 28.4.0+incompatible to 28.5.2+incompatible

Release notes

Sourced from github.com/docker/docker's releases.

v28.5.2

28.5.2

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

docker/cli, 28.5.2 milestone

moby/moby, 28.5.2 milestone

[!CAUTION] This release contains fixes for three high-severity security vulnerabilities in runc:

CVE-2025-31133

CVE-2025-52565

CVE-2025-52881

All three vulnerabilities ultimately allow (through different methods) for full container breakouts by bypassing runc's restrictions for writing to arbitrary /proc files.

Packaging updates

Update runc to v1.3.3. moby/moby#51394

Bug fixes and enhancements

dockerd-rootless.sh: if slirp4netns is not installed, try using pasta (passt). moby/moby#51162

Update Go runtime to 1.24.9. moby/moby#51387, docker/cli#6613

Deprecations

Go-SDK: cli/command/image/build: deprecate DefaultDockerfileName, DetectArchiveReader, WriteTempDockerfile, ResolveAndValidateContextPath. These utilities were only used internally and will be removed in the next release. docker/cli#6610

Go-SDK: cli/command/image/build: deprecate IsArchive utility. docker/cli#6560

Go-SDK: opts: deprecate ValidateMACAddress. docker/cli#6560

Go-SDK: opts: deprecate ListOpts.Delete(). docker/cli#6560

v28.5.1

28.5.1

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

docker/cli, 28.5.1 milestone

moby/moby, 28.5.1 milestone

Deprecated and removed features, see Deprecated Features.

Changes to the Engine API, see API version history.

Bug fixes and enhancements

Update BuildKit to v0.25.1. moby/moby#51137

Update Go runtime to 1.24.8. moby/moby#51133, docker/cli#6541

Deprecations

api/types/image: InspectResponse: deprecate Parent and DockerVersion fields. moby/moby#51105

api/types/plugin: deprecate Config.DockerVersion field. moby/moby#51110

... (truncated)

Commits

89c5e8f Merge pull request #51396 from thaJeztah/28.x_backport_api_docs
9b93878 Merge pull request #51395 from thaJeztah/28.x_backport_rootless_reject
6178456 Merge pull request #51398 from vvoland/51397-28.x
0cae4e5 vendor: github.com/moby/buildkit v0.25.2
33cc06f Merge pull request #51394 from vvoland/51393-28.x
d525277 api/docs: remove BuildCache.Parent field for API v1.42 and up
2fbc51b dockerd-rootless.sh: reject DOCKERD_ROOTLESS_ROOTLESSKIT_NET=host
bd98008 integration-cli: Adjust nofile limits
1967515 Dockerfile: update runc binary to v1.3.3
4489660 Merge pull request #51387 from thaJeztah/28.x_bump_go
Additional commits viewable in compare view

Updates github.com/go-git/go-billy/v5 from 5.6.2 to 5.8.0

Release notes

Sourced from github.com/go-git/go-billy/v5's releases.

v5.8.0

What's Changed

build: Update module golang.org/x/net to v0.45.0 [SECURITY] (releases/v5.x) by @go-git-renovate[bot] in go-git/go-billy#183

v5: Ensure Chmod behaviour across BoundOS and ChrootOS by @pjbgf in go-git/go-billy#187

Full Changelog: go-git/go-billy@v5.7.0...v5.8.0

v5.7.0

What's Changed

Add support for Chmod on billy.Filesystem by @bitfehler in go-git/go-billy#171

build: Update module golang.org/x/net to v0.38.0 [SECURITY] (releases/v5.x) by @go-git-renovate[bot] in go-git/go-billy#177

Full Changelog: go-git/go-billy@v5.6.2...v5.7.0

Commits

8662784 Merge pull request #187 from pjbgf/windows-rename
f387d62 build: Update test workflow to rely on oldstable/stable
915dae9 polyfill: Add support for Chmod
f3d5600 osfs: Create dir for BoundOS Tempfiles
247a741 Merge pull request #183 from go-git/renovate/releases/v5.x-go-golang.org-x-ne...
1c0c9d5 build: Update module golang.org/x/net to v0.45.0 [SECURITY]
cc50ee7 Merge pull request #177 from go-git/renovate/releases/v5.x-go-golang.org-x-ne...
c3a9003 build: Update module golang.org/x/net to v0.38.0 [SECURITY]
9263834 Merge pull request #171 from bitfehler/releases/v5.x
94b84fc Add support for Chmod on billy.Filesystem
See full diff in compare view

Updates github.com/go-git/go-git/v5 from 5.16.5 to 5.17.0

Release notes

Sourced from github.com/go-git/go-git/v5's releases.

v5.17.0

What's Changed

build: Update module github.com/go-git/go-git/v5 to v5.16.5 [SECURITY] (releases/v5.x) by @go-git-renovate[bot] in go-git/go-git#1839

git: worktree, optimize infiles function for very large repos by @k-anshul in go-git/go-git#1853

git: Add strict checks for supported extensions by @pjbgf in go-git/go-git#1861

backport, git: Improve Status() speed with new index.ModTime check by @cedric-appdirect in go-git/go-git#1862

storage: filesystem, Avoid overwriting loose obj files by @pjbgf in go-git/go-git#1864

Full Changelog: go-git/go-git@v5.16.5...v5.17.0

Commits

bdf0688 Merge pull request #1864 from pjbgf/v5-issue-55
5290e52 storage: filesystem, Avoid overwriting loose obj files. Fixes #55
5d20a62 storage: filesystem, Fix permissions for loose and packed objs
8ed442c backport, git: Improve Status() speed with new index.ModTime check (#1862)
c7b5960 build: Align test workflow with main
8e71edf git: Add strict checks for supported extensions
438a37f git: worktree, optimize infiles function for very large repos (#1853)
67c7006 Merge pull request #1839 from go-git/renovate/releases/v5.x-go-github.com-go-...
4ca3f02 build: Update module github.com/go-git/go-git/v5 to v5.16.5 [SECURITY]
See full diff in compare view

Updates github.com/rhysd/actionlint from 1.7.7 to 1.7.11

Release notes

Sourced from github.com/rhysd/actionlint's releases.

v1.7.11
Support the case() function in ${{ }} expressions which was recently added to GitHub Actions. (#612, #614, thanks @heppu)
env:
  # ERROR: case() requires an odd number of arguments
  ENVIRONMENT: |-
    ${{ case(
      github.ref == 'refs/heads/main', 'production',
      github.ref == 'refs/heads/staging', 'staging'
    ) }}
Support new macos-26-large and windows-2025-vs2026 runner labels. See the GitHub's announce for more details. (#615, thanks @hugovk and @muzimuzhi)
Enable Artifact attestations for the released binaries. From v1.7.11 gh command can verify the integrity of the downloaded binaries as follows. The verification is highly recommended in terms of supply chain security. (#608, thanks @takaram)
$ gh release download --repo rhysd/actionlint --pattern '*_darwin_amd64.tar.gz' v1.7.11
$ gh attestation verify --repo rhysd/actionlint actionlint_1.7.11_darwin_amd64.tar.gz
Loaded digest sha256:17ffc17fed8f0258ef6ad4aed932d3272464c7ef7d64e1cb0d65aa97c9752107 for file://actionlint_1.7.11_darwin_amd64.tar.gz
Loaded 1 attestation from GitHub API
The following policy criteria will be enforced:

Predicate type must match:................ https://slsa.dev/provenance/v1
Source Repository Owner URI must match:... https://github.com/rhysd
Source Repository URI must match:......... https://github.com/rhysd/actionlint
Subject Alternative Name must match regex: (?i)^https://github.com/rhysd/actionlint/
OIDC Issuer must match:................... https://token.actions.githubusercontent.com

✓ Verification succeeded!
The following 1 attestation matched the policy criteria

Attestation #1

Build repo:..... rhysd/actionlint
Build workflow:. .github/workflows/release.yaml@refs/tags/v1.7.11
Signer repo:.... rhysd/actionlint
Signer workflow: .github/workflows/release.yaml@refs/tags/v1.7.11
Report path filters with ./ as error because they never match anything. (#521)
on:
  push:
    paths:
      # ERROR: This never matches anything. `foo/bar.txt` is correct.
      - ./foo/bar.txt
Fix comparing matrix items when an item is a super set of another item. (#523, #613, thanks @michaelgruenewald)

Fix stack overflow crash by a recursive anchor in matrix items. (#610)

Fix an unassigned variable false positive from shellcheck by disabling SC2153 rule. (#573)

Reduce the number of memory allocations on resolving anchors.

Update the popular actions data set to the latest.

Update Go dependencies to the latest.

... (truncated)

Changelog

Sourced from github.com/rhysd/actionlint's changelog.

v1.7.11 - 2026-02-14
Support the case() function in ${{ }} expressions which was recently added to GitHub Actions. (#612, #614, thanks @heppu)
env:
  # ERROR: case() requires an odd number of arguments
  ENVIRONMENT: |-
    ${{ case(
      github.ref == 'refs/heads/main', 'production',
      github.ref == 'refs/heads/staging', 'staging'
    ) }}
Support new macos-26-large and windows-2025-vs2026 runner labels. See the GitHub's announce for more details. (#615, thanks @hugovk and @muzimuzhi)
Enable Artifact attestations for the released binaries. From v1.7.11 gh command can verify the integrity of the downloaded binaries as follows. The verification is highly recommended in terms of supply chain security. (#608, thanks @takaram)
$ gh release download --repo rhysd/actionlint --pattern '*_darwin_amd64.tar.gz' v1.7.11
$ gh attestation verify --repo rhysd/actionlint actionlint_1.7.11_darwin_amd64.tar.gz
Loaded digest sha256:17ffc17fed8f0258ef6ad4aed932d3272464c7ef7d64e1cb0d65aa97c9752107 for file://actionlint_1.7.11_darwin_amd64.tar.gz
Loaded 1 attestation from GitHub API
The following policy criteria will be enforced:

Predicate type must match:................ https://slsa.dev/provenance/v1
Source Repository Owner URI must match:... https://github.com/rhysd
Source Repository URI must match:......... https://github.com/rhysd/actionlint
Subject Alternative Name must match regex: (?i)^https://github.com/rhysd/actionlint/
OIDC Issuer must match:................... https://token.actions.githubusercontent.com

✓ Verification succeeded!
The following 1 attestation matched the policy criteria

Attestation #1

Build repo:..... rhysd/actionlint
Build workflow:. .github/workflows/release.yaml@refs/tags/v1.7.11
Signer repo:.... rhysd/actionlint
Signer workflow: .github/workflows/release.yaml@refs/tags/v1.7.11
Report path filters with ./ because they never match anything. (#521)
on:
  push:
    paths:
      # ERROR: This never matches anything. `foo/bar.txt` is correct.
      - ./foo/bar.txt
Fix comparing matrix items when an item is a super set of another item. (#523, #613, thanks @michaelgruenewald)

Fix stack overflow crash by a recursive anchor in matrix items. (#610)

Fix a unassigned variable false positive from shellcheck by disabling SC2153 rule. (#573)

Reduce the number of memory allocations on resolving anchors.

Update the popular actions data set to the latest.

... (truncated)

Commits

393031a bump up version to v1.7.11
63589e8 add link to the release note of the version in playground heading
58a2626 remove legacy Homebrew formula
d22c104 fix test script for download script to check error case failures
50d2134 describe how to download and verify artifact using gh (fix #617)
226bb4a update playground npm deps including jsdom v28
1e85edb disable SC2153 shellcheck rule to avoid unassigned variable false positive (f...
8776d64 Merge pull request #619 from takaram/patch-1
e3eb8cb reduce memory allocations on resolving anchors
db08cec Fix variable name in release workflow
Additional commits viewable in compare view

Updates github.com/sirupsen/logrus from 1.9.3 to 1.9.4

Release notes

Sourced from github.com/sirupsen/logrus's releases.

v1.9.4

Notable changes

go.mod: update minimum supported go version to v1.17 sirupsen/logrus#1460

go.mod: bump up dependencies sirupsen/logrus#1460

Touch-up godoc and add "doc" links.

README: fix links, grammar, and update examples.

Add GNU/Hurd support sirupsen/logrus#1364

Add WASI wasip1 support sirupsen/logrus#1388

Remove uses of deprecated ioutil package sirupsen/logrus#1472

CI: update actions and golangci-lint sirupsen/logrus#1459

CI: remove appveyor, add macOS sirupsen/logrus#1460

Full Changelog: sirupsen/logrus@v1.9.3...v1.9.4

Commits

b61f268 Merge pull request #1472 from goldlinker/master
15c29db refactor: replace the deprecated function in the ioutil package
cb253f3 Merge pull request #1464 from thaJeztah/touchup_godoc
29b2337 Merge pull request #1468 from thaJeztah/touchup_readme
d916819 Merge pull request #1427 from dolmen/fix-testify-usage
135e482 README: small touch-ups
2c5fa36 Merge pull request #1467 from thaJeztah/rm_old_badge
877ecec README: remove travis badge
55cf256 Merge pull request #1393 from jsoref/grammar
21bae50 Merge pull request #1426 from dolmen/testing-fix-use-of-math-rand
Additional commits viewable in compare view

Updates github.com/spf13/cobra from 1.10.1 to 1.10.2

Release notes

Sourced from github.com/spf13/cobra's releases.

v1.10.2

🔧 Dependencies

chore: Migrate from gopkg.in/yaml.v3 to go.yaml.in/yaml/v3 by @dims in spf13/cobra#2336 - the gopkg.in/yaml.v3 package has been deprecated for some time: this should significantly cleanup dependency/supply-chains for consumers of spf13/cobra

📈 CI/CD

Fix linter and allow CI to pass by @marckhouzam in spf13/cobra#2327

fix: actions/setup-go v6 by @jpmcb in spf13/cobra#2337

🔥✍🏼 Docs

Add documentation for repeated flags functionality by @rvergis in spf13/cobra#2316

🍂 Refactors

refactor: replace several vars with consts by @htoyoda18 in spf13/cobra#2328

refactor: change minUsagePadding from var to const by @ssam18 in spf13/cobra#2325

🤗 New Contributors

@rvergis made their first contribution in spf13/cobra#2316

@htoyoda18 made their first contribution in spf13/cobra#2328

@ssam18 made their first contribution in spf13/cobra#2325

@dims made their first contribution in spf13/cobra#2336

Full Changelog: spf13/cobra@v1.10.1...v1.10.2

Thank you to our amazing contributors!!!!! 🐍 🚀

Commits

88b30ab chore: Migrate from gopkg.in/yaml.v3 to go.yaml.in/yaml/v3 (#2336)
346d408 fix: actions/setup-go v6 (#2337)
fc81d20 refactor: change minUsagePadding from var to const (#2325)
117698a refactor: replace several vars with consts (#2328)
e2dd29d Add documentation for repeated flags functionality (#2316)
0629892 Fix linter (#2327)
See full diff in compare view

Updates github.com/spf13/pflag from 1.0.9 to 1.0.10

Release notes

Sourced from github.com/spf13/pflag's releases.

v1.0.10

What's Changed

fix deprecation comment for (FlagSet.)ParseErrorsWhitelist by @thaJeztah in spf13/pflag#447

remove uses of errors.Is, which requires go1.13, move go1.16/go1.21 tests to separate file by @thaJeztah in spf13/pflag#448

New Contributors

@thaJeztah made their first contribution in spf13/pflag#447

Full Changelog: spf13/pflag@v1.0.9...v1.0.10

Commits

0491e57 Merge pull request #448 from thaJeztah/fix_go_version
72abab1 Merge pull request #447 from thaJeztah/fix_deprecation_comment
7e4dfb1 Test on Go 1.12
18a9d17 move Func, BoolFunc, tests as they require go1.21
c5b9e98 remove uses of errors.Is, which requires go1.13
45a4873 fix deprecation comment for (FlagSet.)ParseErrorsWhitelist
See full diff in compare view

Updates golang.org/x/term from 0.38.0 to 0.40.0

Commits

3aff304 go.mod: update golang.org/x dependencies
a7e5b04 go.mod: update golang.org/x dependencies
943f25d x/term: handle transpose
9b991dd x/term: handle delete key
See full diff in compare view

Updates github.com/golang-jwt/jwt/v5 from 5.3.0 to 5.3.1

Release notes

Sourced from github.com/golang-jwt/jwt/v5's releases.

v5.3.1

What's Changed

🔐 Features

Add spellcheck Github action to catch common spelling mistakes by @equalsgibson in golang-jwt/jwt#458

Add WithNotBeforeRequired parser option and add test coverage by @equalsgibson in golang-jwt/jwt#456

Update godoc example func to properly refer to NewWithClaims() by @equalsgibson in golang-jwt/jwt#459

Update github workflows by @mfridman in golang-jwt/jwt#462

Additional test for CustomClaims that validates unmarshalling behaviour by @equalsgibson in golang-jwt/jwt#457

Fix early file close in jwt cli by @mfridman in golang-jwt/jwt#472

Add TPM signature reference by @salrashid123 in golang-jwt/jwt#473

Remove misleading ParserOptions documentation in golang-jwt/jwt#484

Save signature to Token struct after successful signing by @EgorSheff in golang-jwt/jwt#417

Set token.Signature in ParseUnverified by @slickwilli in golang-jwt/jwt#414

👒 Dependencies

Bump crate-ci/typos from 1.34.0 to 1.35.3 by @dependabot[bot] in golang-jwt/jwt#461

Bump crate-ci/typos from 1.35.4 to 1.36.2 by @dependabot[bot] in golang-jwt/jwt#470

Bump github/codeql-action from 3 to 4 by @dependabot[bot] in golang-jwt/jwt#478

Bump crate-ci/typos from 1.36.2 to 1.39.0 by @dependabot[bot] in golang-jwt/jwt#480

Bump golangci/golangci-lint-action from 8 to 9 by @dependabot[bot] in golang-jwt/jwt#481

Bump actions/setup-go from 5 to 6 by @dependabot[bot] in golang-jwt/jwt#469

Bump crate-ci/typos from 1.39.0 to 1.40.0 by @dependabot[bot] in golang-jwt/jwt#488

Bump actions/checkout from 5 to 6 by @dependabot[bot] in golang-jwt/jwt#487

Bump crate-ci/typos from 1.40.0 to 1.41.0 by @dependabot[bot] in golang-jwt/jwt#490

Bump crate-ci/typos from 1.41.0 to 1.42.1 by @dependabot[bot] in golang-jwt/jwt#492

New Contributors

@equalsgibson made their first contribution in golang-jwt/jwt#458

@salrashid123 made their first contribution in golang-jwt/jwt#473

@EgorSheff made their first contribution in golang-jwt/jwt#417

@slickwilli made their first contribution in golang-jwt/jwt#414

Full Changelog: golang-jwt/jwt@v5.3.0...v5.3.1

Commits

7ceae61 Add release.yml for changelog configuration
dce8e4d Set token.Signature in ParseUnverified (#414)
8889e20 Save signature to Token struct after successful signing (#417)
d237f82 ci: update github-actions schedule interval to monthly
d8dce95 Bump crate-ci/typos from 1.41.0 to 1.42.1 (#492)
e931803 Bump crate-ci/typos from 1.40.0 to 1.41.0 (#490)
e6a0afa Bump actions/checkout from 5 to 6 (#487)
9f85c9e Bump crate-ci/typos from 1.39.0 to 1.40.0 (#488)
60a8669 Bump actions/setup-go from 5 to 6 (#469)
76f5828 Remove misleading ParserOptions documentation (#484)
Additional commits viewable in compare view

Updates github.com/moby/go-archive from 0.1.0 to 0.2.0

Release notes

Sourced from github.com/moby/go-archive's releases.

v0.2.0

What's Changed

remove aliases for deprecated types and functions moby/go-archive#10

chrootarchive: remove redundant "init" mitigation for CVE-2019-14271 moby/go-archive#11

xattr: Fix OS matching moby/go-archive#20

TestOverlayTarUntar: remove redundant cmpopts.EquateEmpty moby/go-archive#9

go.mod: bump github.com/klauspost/compress v1.18.2 moby/go-archive#19

gha: update actions moby/go-archive#18

Full Changelog: moby/go-archive@v0.1.0...v0.2.0

Commits

263611f Merge pull request #20 from thaJeztah/carry_17
a1d4e73 Merge pull request #18 from thaJeztah/bump_gha
da4e566 xattr: Fix OS matching.
df87f45 Merge pull request #19 from thaJeztah/bump_deps
8996f22 gha: update CodeQL Action to v4
985c60f gha: codeql: use go stable
4752b25 gha: update actions/setup-go@v6
280f775 gha: update actions/checkout@v6
4c912d3 gha: update golangci/golangci-lint-action@v9
2cd730e go.mod: bump github.com/klauspost/compress v1.18.2
Additional commits viewable in compare view

Updates google.golang.org/protobuf from 1.36.9 to 1.36.11

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

…pdates Bumps the dependencies group with 12 updates in the / directory: | Package | From | To | | --- | --- | --- | | [github.com/docker/cli](https://github.com/docker/cli) | `28.4.0+incompatible` | `29.2.1+incompatible` | | [github.com/docker/docker](https://github.com/docker/docker) | `28.4.0+incompatible` | `28.5.2+incompatible` | | [github.com/go-git/go-billy/v5](https://github.com/go-git/go-billy) | `5.6.2` | `5.8.0` | | [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) | `5.16.5` | `5.17.0` | | [github.com/rhysd/actionlint](https://github.com/rhysd/actionlint) | `1.7.7` | `1.7.11` | | [github.com/sirupsen/logrus](https://github.com/sirupsen/logrus) | `1.9.3` | `1.9.4` | | [github.com/spf13/cobra](https://github.com/spf13/cobra) | `1.10.1` | `1.10.2` | | [github.com/spf13/pflag](https://github.com/spf13/pflag) | `1.0.9` | `1.0.10` | | [golang.org/x/term](https://github.com/golang/term) | `0.38.0` | `0.40.0` | | [github.com/golang-jwt/jwt/v5](https://github.com/golang-jwt/jwt) | `5.3.0` | `5.3.1` | | [github.com/moby/go-archive](https://github.com/moby/go-archive) | `0.1.0` | `0.2.0` | | google.golang.org/protobuf | `1.36.9` | `1.36.11` | Updates `github.com/docker/cli` from 28.4.0+incompatible to 29.2.1+incompatible - [Commits](docker/cli@v28.4.0...v29.2.1) Updates `github.com/docker/docker` from 28.4.0+incompatible to 28.5.2+incompatible - [Release notes](https://github.com/docker/docker/releases) - [Commits](moby/moby@v28.4.0...v28.5.2) Updates `github.com/go-git/go-billy/v5` from 5.6.2 to 5.8.0 - [Release notes](https://github.com/go-git/go-billy/releases) - [Commits](go-git/go-billy@v5.6.2...v5.8.0) Updates `github.com/go-git/go-git/v5` from 5.16.5 to 5.17.0 - [Release notes](https://github.com/go-git/go-git/releases) - [Commits](go-git/go-git@v5.16.5...v5.17.0) Updates `github.com/rhysd/actionlint` from 1.7.7 to 1.7.11 - [Release notes](https://github.com/rhysd/actionlint/releases) - [Changelog](https://github.com/rhysd/actionlint/blob/main/CHANGELOG.md) - [Commits](rhysd/actionlint@v1.7.7...v1.7.11) Updates `github.com/sirupsen/logrus` from 1.9.3 to 1.9.4 - [Release notes](https://github.com/sirupsen/logrus/releases) - [Changelog](https://github.com/sirupsen/logrus/blob/master/CHANGELOG.md) - [Commits](sirupsen/logrus@v1.9.3...v1.9.4) Updates `github.com/spf13/cobra` from 1.10.1 to 1.10.2 - [Release notes](https://github.com/spf13/cobra/releases) - [Commits](spf13/cobra@v1.10.1...v1.10.2) Updates `github.com/spf13/pflag` from 1.0.9 to 1.0.10 - [Release notes](https://github.com/spf13/pflag/releases) - [Commits](spf13/pflag@v1.0.9...v1.0.10) Updates `golang.org/x/term` from 0.38.0 to 0.40.0 - [Commits](golang/term@v0.38.0...v0.40.0) Updates `github.com/golang-jwt/jwt/v5` from 5.3.0 to 5.3.1 - [Release notes](https://github.com/golang-jwt/jwt/releases) - [Commits](golang-jwt/jwt@v5.3.0...v5.3.1) Updates `github.com/moby/go-archive` from 0.1.0 to 0.2.0 - [Release notes](https://github.com/moby/go-archive/releases) - [Changelog](https://github.com/moby/go-archive/blob/main/changes_test.go) - [Commits](moby/go-archive@v0.1.0...v0.2.0) Updates `google.golang.org/protobuf` from 1.36.9 to 1.36.11 --- updated-dependencies: - dependency-name: github.com/docker/cli dependency-version: 29.2.1+incompatible dependency-type: direct:production update-type: version-update:semver-major dependency-group: dependencies - dependency-name: github.com/docker/docker dependency-version: 28.5.2+incompatible dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies - dependency-name: github.com/go-git/go-billy/v5 dependency-version: 5.8.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies - dependency-name: github.com/go-git/go-git/v5 dependency-version: 5.17.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies - dependency-name: github.com/rhysd/actionlint dependency-version: 1.7.11 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dependencies - dependency-name: github.com/sirupsen/logrus dependency-version: 1.9.4 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dependencies - dependency-name: github.com/spf13/cobra dependency-version: 1.10.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dependencies - dependency-name: github.com/spf13/pflag dependency-version: 1.0.10 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dependencies - dependency-name: golang.org/x/term dependency-version: 0.40.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies - dependency-name: github.com/golang-jwt/jwt/v5 dependency-version: 5.3.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dependencies - dependency-name: github.com/moby/go-archive dependency-version: 0.2.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies - dependency-name: google.golang.org/protobuf dependency-version: 1.36.11 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dependencies ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Feb 25, 2026

pull-request-size bot added the size/M label Feb 25, 2026

mergify bot added needs-work Extra attention is needed conflict PR has conflicts labels Feb 25, 2026

dependabot bot force-pushed the dependabot/go_modules/dependencies-37e48349cd branch from 7d2a0b4 to 1e5ca25 Compare March 1, 2026 22:39

mergify bot removed the conflict PR has conflicts label Mar 1, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

build(deps): bump the dependencies group across 1 directory with 12 updates#6011

build(deps): bump the dependencies group across 1 directory with 12 updates#6011
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/go_modules/dependencies-37e48349cd

dependabot bot commented on behalf of github Feb 25, 2026 •

edited

Loading

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Uh oh!

Conversation

dependabot bot commented on behalf of github Feb 25, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

v28.5.2

28.5.2

Packaging updates

Bug fixes and enhancements

Deprecations

v28.5.1

28.5.1

Bug fixes and enhancements

Deprecations

v5.8.0

What's Changed

v5.7.0

What's Changed

v5.17.0

What's Changed

v1.7.11

v1.7.11 - 2026-02-14

v1.9.4

Notable changes

v1.10.2

🔧 Dependencies

📈 CI/CD

🔥✍🏼 Docs

🍂 Refactors

🤗 New Contributors

v1.0.10

What's Changed

New Contributors

v5.3.1

What's Changed

🔐 Features

👒 Dependencies

New Contributors

v0.2.0

What's Changed

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

dependabot bot commented on behalf of github Feb 25, 2026 •

edited

Loading