chore(deps): bump the go_modules group across 2 directories with 11 updates

[dependabot]

Bumps the go_modules group with 1 update in the /api directory: golang.org/x/net.
Bumps the go_modules group with 2 updates in the /grype-server directory: golang.org/x/net and github.com/anchore/grype.

Updates golang.org/x/net from 0.23.0 to 0.38.0

Commits

• e1fcd82 html: properly handle trailing solidus in unquoted attribute value in foreign...
• ebed060 internal/http3: fix build of tests with GOEXPERIMENT=nosynctest
• 1f1fa29 publicsuffix: regenerate table
• 1215081 http2: improve error when server sends HTTP/1
• 312450e html: ensure <search> tag closes <p> and update tests
• 09731f9 http2: improve handling of lost PING in Server
• 55989e2 http2/h2c: use ResponseController for hijacking connections
• 2914f46 websocket: re-recommend gorilla/websocket
• 99b3ae0 go.mod: update golang.org/x dependencies
• 85d1d54 go.mod: update golang.org/x dependencies
• Additional commits viewable in compare view

Updates golang.org/x/net from 0.30.0 to 0.38.0

Commits

• e1fcd82 html: properly handle trailing solidus in unquoted attribute value in foreign...
• ebed060 internal/http3: fix build of tests with GOEXPERIMENT=nosynctest
• 1f1fa29 publicsuffix: regenerate table
• 1215081 http2: improve error when server sends HTTP/1
• 312450e html: ensure <search> tag closes <p> and update tests
• 09731f9 http2: improve handling of lost PING in Server
• 55989e2 http2/h2c: use ResponseController for hijacking connections
• 2914f46 websocket: re-recommend gorilla/websocket
• 99b3ae0 go.mod: update golang.org/x dependencies
• 85d1d54 go.mod: update golang.org/x dependencies
• Additional commits viewable in compare view

Updates github.com/anchore/grype from 0.82.2 to 0.104.1

Release notes

Sourced from github.com/anchore/grype's releases.

v0.104.1

Bug Fixes

• Redact during file output [#3068 @​kzantow]
• Unaffected match table does not filter results if CPE matching is enabled [#3056 #3066 @​kzantow]

Additional Changes

• Migrate grype to use mholt/archives instead of anchore fork [#3036 @​joonas]

(Full Changelog)

v0.104.0

Added Features

• Add --from flag [#3035 @​wagoodman]
• Let a suppression expire to prevent that one will forget to resolve a vulnerability [#3031]

Bug Fixes

• Unnormalized fix version triggers false-positive in mssql-jdbc [#3042 #3034 @​jamestexas]

Additional Changes

• junit template use CDATA block to prevent XML parse errors [#3019 @​nvtkaszpir]
• Keep nested loggers labeled [#3040 @​wagoodman]

(Full Changelog)

v0.103.0

Added Features

• Allow hyphen in version string [#3021 @​willmurphyscode]
• Respect rpmmod PURL qualifier [#3020 @​willmurphyscode]

(Full Changelog)

v0.102.0

Added Features

• Use Alma Linux specific advisories for Alma Linux scans [#2745 #2939 @​willmurphyscode]

Bug Fixes

• Bitnami packages with CPEs are not matched against CPE-based vulnerabilities [#2997]

Additional Changes

• add markdown template [#2987 @​sebdanielsson]

... (truncated)

Commits

• 39f7fa1 fix: redact during file output (#3068)
• 029bd47 fix: unaffected package ignore rules (#3066)
• 947857a chore: migrate grype to use mholt/archives instead of anchore fork (#3036)
• 12b72ab chore(deps): update tools to latest versions (#3051)
• 68c4672 chore(deps): bump actions/checkout from 5.0.0 to 5.0.1 (#3059)
• aa54c0c chore(deps): bump anchore/sbom-action from 0.20.9 to 0.20.10 (#3060)
• 50d343d chore(deps): bump github/codeql-action from 4.31.2 to 4.31.4 (#3061)
• 99a1d80 chore(deps): bump golang.org/x/crypto from 0.44.0 to 0.45.0 (#3063)
• 644e571 chore(deps): bump actions/setup-go in /.github/actions/bootstrap (#3064)
• b1706ca chore(deps): update anchore dependencies (#3055)
• Additional commits viewable in compare view

Updates github.com/cloudflare/circl from 1.3.8 to 1.6.1

Release notes

Sourced from github.com/cloudflare/circl's releases.

CIRCL v1.6.1

• Fixes some point checks on the FourQ curve.
• Hybrid KEM fails on low-order points.

What's Changed

• kem/hybrid: ensure X25519 hybrids fails with low order points by @​Lekensteyn in cloudflare/circl#541
• .github: Use native ARM64 builders instead of QEMU by @​Lekensteyn in cloudflare/circl#542
• Fixes several errors on twisted Edwards curves. by @​armfazh in cloudflare/circl#545
• Release v1.6.1 by @​armfazh in cloudflare/circl#546

Full Changelog: cloudflare/circl@v1.6.0...v1.6.1

CIRCL v1.6.0

New!

• Prio3 Verifiable Distributed Aggregation Function (draft-irtf-cfrg-vdaf).
• X-Wing: general-purpose hybrid post-quantum KEM (draft-connolly-cfrg-xwing-kem)

What's Changed

• Add OIDs to ML-DSA by @​bwesterb in cloudflare/circl#519
• Adds Prio3 a set of verifiable distributed aggregation functions. by @​armfazh in cloudflare/circl#522
• Run semgrep cronjob only in upstream repository. by @​armfazh in cloudflare/circl#526
• X-Wing PQ/T hybrid by @​bwesterb in cloudflare/circl#471
• ckem: move crypto/elliptic to crypto/ecdh by @​MingLLuo in cloudflare/circl#529
• hpke: Update HPKE code to use ecdh stdlib package. by @​armfazh in cloudflare/circl#530
• prio3: Adds polynomial multiplication using NTT by @​armfazh in cloudflare/circl#532
• Add Prio3 in readme. by @​armfazh in cloudflare/circl#527

New Contributors

• @​MingLLuo made their first contribution in cloudflare/circl#529

Full Changelog: cloudflare/circl@v1.5.0...v1.6.0

CIRCL v1.5.0

New: ML-DSA, Module-Lattice-based Digital Signature Algorithm.

What's Changed

• kem: add X25519MLKEM768 TLS hybrid KEM by @​bwesterb in cloudflare/circl#510
• Create semgrep.yml by @​hrushikeshdeshpande in cloudflare/circl#514
• repo: Some fixes reported by CodeQL by @​armfazh in cloudflare/circl#515
• Add ML-DSA (FIPS204) by @​bwesterb in cloudflare/circl#480
• sign/mldsa: Add test for ML-DSA signature verification. by @​armfazh in cloudflare/circl#517
• Release v1.5.0 by @​armfazh in cloudflare/circl#518

New Contributors

• @​hrushikeshdeshpande made their first contribution in cloudflare/circl#514

Full Changelog: cloudflare/circl@v1.4.0...v1.5.0

... (truncated)

Commits

• c6d33e3 Release v1.6.1
• 0c3868e curve4q: Shared must fail with low order points.
• 9fd570d curve4q: Test showing DH does not fails on identity point.
• c988ceb fourq: Correctly unmarshalling point.
• ef2611d fourq: Test showing point unmarshal fails.
• 05eba44 fourq: Handle the case of Z=0 for IsOnCurve and IsEqual.
• eef0878 fourq: Test showing isEqual and IsOnCurve fail.
• 2298474 goldilocks; Handling points with z=0.
• 5a940a1 goldilocks: Test for IsEqual must fail with Z=0
• 48c3b6a ed25519: Fix isEqual to handle points with Z=0.
• Additional commits viewable in compare view

Updates github.com/containerd/containerd from 1.7.23 to 1.7.29

Release notes

Sourced from github.com/containerd/containerd's releases.

containerd 1.7.29

Welcome to the v1.7.29 release of containerd!

The twenty-ninth patch release for containerd 1.7 contains various fixes and updates including security patches.

Security Updates

• containerd

  • GHSA-pwhc-rpq9-4c8w
  • GHSA-m6hq-p25p-ffr2

• runc

  • GHSA-qw9x-cqr3-wc7r
  • GHSA-cgrx-mc8f-2prm
  • GHSA-9493-h29p-rfm2

Highlights

Image Distribution

• Update differ to handle zstd media types (#12018)

Runtime

• Update runc binary to v1.3.3 (#12480)
• Fix lost container logs from quickly closing io (#12375)

Please try out the release binaries and report any issues at https://github.com/containerd/containerd/issues.

Contributors

• Derek McGowan
• Akihiro Suda
• Phil Estes
• Austin Vazquez
• Sebastiaan van Stijn
• ningmingxiao
• Maksym Pavlenko
• StepSecurity Bot
• wheat2018

Changes

• 442cb34bd Merge commit from fork
• 0450f046e Fix directory permissions
• e5cb6ddb7 Merge commit from fork

... (truncated)

Commits

• 442cb34 Merge commit from fork
• e5cb6dd Merge commit from fork
• 9772966 Merge pull request #12486 from dmcgowan/prepare-v1.7.29
• 1fc2daa Prepare release notes for v1.7.29
• 93f710a Merge pull request #12480 from k8s-infra-cherrypick-robot/cherry-pick-12475-t...
• 68d04be Merge pull request #12471 from austinvazquez/1_7_update_ci_go_and_images
• 3f5f9f8 runc: Update runc binary to v1.3.3
• 667409f ci: bump Go 1.24.9, 1.25.3
• 294f8c0 Update GHA runners to use latest images for basic binaries build
• cf66b41 Update GHA runners to use latest image for most jobs
• Additional commits viewable in compare view

Updates github.com/docker/docker from 27.3.1+incompatible to 28.5.2+incompatible

Release notes

Sourced from github.com/docker/docker's releases.

v28.5.2

28.5.2

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

• docker/cli, 28.5.2 milestone
• moby/moby, 28.5.2 milestone

[!CAUTION] This release contains fixes for three high-severity security vulnerabilities in runc:

• CVE-2025-31133
• CVE-2025-52565
• CVE-2025-52881

All three vulnerabilities ultimately allow (through different methods) for full container breakouts by bypassing runc's restrictions for writing to arbitrary /proc files.

Packaging updates

• Update runc to v1.3.3. moby/moby#51394

Bug fixes and enhancements

• dockerd-rootless.sh: if slirp4netns is not installed, try using pasta (passt). moby/moby#51162
• Update Go runtime to 1.24.9. moby/moby#51387, docker/cli#6613

Deprecations

• Go-SDK: cli/command/image/build: deprecate DefaultDockerfileName, DetectArchiveReader, WriteTempDockerfile, ResolveAndValidateContextPath. These utilities were only used internally and will be removed in the next release. docker/cli#6610
• Go-SDK: cli/command/image/build: deprecate IsArchive utility. docker/cli#6560
• Go-SDK: opts: deprecate ValidateMACAddress. docker/cli#6560
• Go-SDK: opts: deprecate ListOpts.Delete(). docker/cli#6560

v28.5.1

28.5.1

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

• docker/cli, 28.5.1 milestone
• moby/moby, 28.5.1 milestone
• Deprecated and removed features, see Deprecated Features.
• Changes to the Engine API, see API version history.

Bug fixes and enhancements

• Update BuildKit to v0.25.1. moby/moby#51137
• Update Go runtime to 1.24.8. moby/moby#51133, docker/cli#6541

Deprecations

• api/types/image: InspectResponse: deprecate Parent and DockerVersion fields. moby/moby#51105
• api/types/plugin: deprecate Config.DockerVersion field. moby/moby#51110

... (truncated)

Commits

• 89c5e8f Merge pull request #51396 from thaJeztah/28.x_backport_api_docs
• 9b93878 Merge pull request #51395 from thaJeztah/28.x_backport_rootless_reject
• 6178456 Merge pull request #51398 from vvoland/51397-28.x
• 0cae4e5 vendor: github.com/moby/buildkit v0.25.2
• 33cc06f Merge pull request #51394 from vvoland/51393-28.x
• d525277 api/docs: remove BuildCache.Parent field for API v1.42 and up
• 2fbc51b dockerd-rootless.sh: reject DOCKERD_ROOTLESS_ROOTLESSKIT_NET=host
• bd98008 integration-cli: Adjust nofile limits
• 1967515 Dockerfile: update runc binary to v1.3.3
• 4489660 Merge pull request #51387 from thaJeztah/28.x_bump_go
• Additional commits viewable in compare view

Updates github.com/go-git/go-git/v5 from 5.12.0 to 5.16.3

Release notes

Sourced from github.com/go-git/go-git/v5's releases.

v5.16.3

What's Changed

• internal: Expand regex to fix build [5.x] by @​baloo in go-git/go-git#1644
• build: raise timeouts for windows CI tests and disable CIFuzz [5.x] by @​baloo in go-git/go-git#1646
• plumbing: support commits extra headers, support jujutsu signed commit [5.x] by @​baloo in go-git/go-git#1633

Full Changelog: go-git/go-git@v5.16.2...v5.16.3

v5.16.2

What's Changed

• utils: fix diff so subpaths work for sparse checkouts, fixes 1455 to releases/v5.x by @​kane8n in go-git/go-git#1567

Full Changelog: go-git/go-git@v5.16.1...v5.16.2

v5.16.1

What's Changed

• utils: merkletrie, Fix diff on sparse-checkout index. Fixes #1406 to releases/v5.x by @​kane8n in go-git/go-git#1561

New Contributors

• @​kane8n made their first contribution in go-git/go-git#1561

Full Changelog: go-git/go-git@v5.16.0...v5.16.1

v5.16.0

What's Changed

• [v5] plumbing: support mTLS for HTTPS protocol by @​hiddeco in go-git/go-git#1510
• v5: plumbing: transport, Reintroduce SetHostKeyCallback. Fix #1514 by @​pjbgf in go-git/go-git#1515

Full Changelog: go-git/go-git@v5.15.0...v5.16.0

v5.15.0

What's Changed

• plumbing: add cert auth support to releases/v5.x by @​Javier-varez in go-git/go-git#1482
• v5: Bump dependencies by @​pjbgf in go-git/go-git#1505

Full Changelog: go-git/go-git@v5.14.0...v5.15.0

v5.14.0

What's Changed

• v5: Bump Go and dependencies to mitigate GO-2025-3487 by @​pjbgf in go-git/go-git#1436

⚠️ Note that this version requires Go 1.23, due to the bump to golang.org/x/crypto@v0.35.0 which mitigates the CVE above. User's that can't bump to Go 1.23 will need to remain on the previous v5.13.x release.

Full Changelog: go-git/go-git@v5.13.2...v5.14.0

v5.13.2

... (truncated)

Commits

• ad9a3a5 Merge pull request #1633 from baloo/baloo/release-5.x/jj-signed-commits
• f2c3467 plumbing: support extra headers, support jujutsu signed commit [5.x]
• c12263d Merge pull request #1646 from baloo/baloo/release-5.x/fixup-windows-ci
• 111f374 build: disable fuzzing on maintenance branch
• 15d46ce build: raise timeouts for windows CI tests
• ce83ba1 Merge pull request #1644 from baloo/baloo/release-5.x/fixup-build
• b486201 internal: Expand regex to fix build
• ed8216c Merge pull request #1567 from kane8n/backport-to-v5-patricsss/fix-1455
• 4f35eba Merge pull request #1484 from patricsss/patricsss/fix-1455
• fd1a836 Merge pull request #1561 from kane8n/backport-to-v5-fix-sparse-checkout-status
• Additional commits viewable in compare view

Updates github.com/hashicorp/go-getter from 1.7.6 to 1.8.3

Release notes

Sourced from github.com/hashicorp/go-getter's releases.

v1.8.3

What's Changed

• [chore] : Bump actions/cache from 4.2.4 to 4.3.0 in the actions group by @​dependabot[bot] in hashicorp/go-getter#562
• [chore] : Bump aws-actions/configure-aws-credentials from 5.0.0 to 5.1.0 in the actions group by @​dependabot[bot] in hashicorp/go-getter#563
• Remove failed decompressed files by @​allisonlarson in hashicorp/go-getter#564

New Contributors

• @​allisonlarson made their first contribution in hashicorp/go-getter#564

Full Changelog: hashicorp/go-getter@v1.8.2...v1.8.3

v1.8.2

What's Changed

• Ensure temporary directory symlinks do not cause errors by @​cam-stitt in hashicorp/go-getter#560

New Contributors

• @​cam-stitt made their first contribution in hashicorp/go-getter#560

Full Changelog: hashicorp/go-getter@v1.8.1...v1.8.2

v1.8.1

What's Changed

• chore(deps): bump ulikunitz/xz to v0.5.15 by @​thevilledev in hashicorp/go-getter#550
• Improve CI/CD, fix tests by @​YakDriver in hashicorp/go-getter#554
• [fix] Windows junction handling by @​YakDriver in hashicorp/go-getter#557

New Contributors

• @​thevilledev made their first contribution in hashicorp/go-getter#550

Full Changelog: hashicorp/go-getter@v1.8.0...v1.8.1

v1.8.0

What's Changed

• [chore] : Bump the actions group with 2 updates by @​dependabot[bot] in hashicorp/go-getter#543
• [chore] : Bump google-github-actions/auth from 2.1.12 to 3.0.0 in the actions group by @​dependabot[bot] in hashicorp/go-getter#546
• go: bump ulikunitz/xz to v.0.5.14 to resolve GHSA-jc7w-c686-c4v9 by @​ryancragun in hashicorp/go-getter#547
• Upgrade to aws-sdk-go-v2, v1 is unsupported by @​YakDriver in hashicorp/go-getter#548
• Modernize codebase: Fix linting issues, update CI/CD workflow, and improve test categorization by @​YakDriver in hashicorp/go-getter#549

New Contributors

• @​ryancragun made their first contribution in hashicorp/go-getter#547
• @​YakDriver made their first contribution in hashicorp/go-getter#548

Full Changelog: hashicorp/go-getter@v1.7.9...v1.8.0

v1.7.9

What's Changed

• Speed up XZ decompression by 5x with bufio wrapper by @​vsarunas in hashicorp/go-getter#520
• Fix CI Workflow by @​mohanmanikanta2299 in hashicorp/go-getter#522
• test: Remove use of "mitchellh/go-testing-interface" for stdlib by @​jrasell in hashicorp/go-getter#523

... (truncated)

Commits

• 13f1bb2 Merge pull request #564 from allisonlarson/b-chmod-failed-tar
• c0ef527 close file before removing
• d1113d8 Handle failed decompressed files
• cfc3a4f Merge pull request #563 from hashicorp/dependabot/github_actions/actions-e02f...
• 0c1f668 [chore] : Bump aws-actions/configure-aws-credentials
• 5e2f62a Merge pull request #562 from hashicorp/dependabot/github_actions/actions-f175...
• 5b4c45f [chore] : Bump actions/cache from 4.2.4 to 4.3.0 in the actions group
• 60a3d53 Ensure temporary directory symlinks do not cause errors (#560)
• d2e581e [fix] Windows junction handling (#557)
• 928ae39 [chore] : Bump actions/setup-go from 5.5.0 to 6.0.0 in the actions group (#558)
• Additional commits viewable in compare view

Updates github.com/opencontainers/selinux from 1.11.0 to 1.13.0

Release notes

Sourced from github.com/opencontainers/selinux's releases.

v1.13.0

What's Changed

• Switch to golangci-lint v2 by @​kolyshkin in opencontainers/selinux#230
• build(deps): bump actions/checkout from 4 to 5 by @​dependabot[bot] in opencontainers/selinux#233
• build(deps): bump actions/setup-go from 5 to 6 by @​dependabot[bot] in opencontainers/selinux#234
• keyring: fix typo in EACCES check by @​cyphar in opencontainers/selinux#235
• Add Go 1.25, drop go 1.23, bump golangci-lint by @​kolyshkin in opencontainers/selinux#236
• selinux: migrate to pathrs-lite procfs API by @​cyphar in opencontainers/selinux#237

Full Changelog: opencontainers/selinux@v1.12.0...v1.13.0

v1.12.0

This release removes deprecated functions from the label package, and improves documentation and error reporting of SetCreateKey.

What's Changed

• VERSION: remove by @​kolyshkin in opencontainers/selinux#217
• CI: add AlmaLinux 8, CentOS Stream 9, and Fedora by @​AkihiroSuda in opencontainers/selinux#221
• ci: install git-core by @​kolyshkin in opencontainers/selinux#224
• CI: add openSUSE Tumbleweed by @​AkihiroSuda in opencontainers/selinux#223
• Bump Go version, deps, fix some linter issues... by @​kolyshkin in opencontainers/selinux#218
• label: remove deprecated stuff by @​kolyshkin in opencontainers/selinux#228
• Improve SetKeyCreate error reporting, fix test flakes by @​kolyshkin in opencontainers/selinux#227

Full Changelog: opencontainers/selinux@v1.11.1...v1.12.0

v1.11.1

What's Changed

• Bump to v1.11.0 by @​rhatdan in opencontainers/selinux#197
• fix some error by @​ningmingxiao in opencontainers/selinux#200
• ci: update Go 1.21 support by @​michalbiesek in opencontainers/selinux#202
• Extend build-cross target with riscv64 arch by @​michalbiesek in opencontainers/selinux#201
• Remove nolint annotations for unix errno comparisons by @​kolyshkin in opencontainers/selinux#203
• ci: bump some actions by @​kolyshkin in opencontainers/selinux#205
• Misc nitpicks by @​kolyshkin in opencontainers/selinux#206
• pwalk, pwalkdir: fix walk vs remove race by @​kolyshkin in opencontainers/selinux#204
• Update GitHub Actions CI Go matrix for Go v1.22 by @​austinvazquez in opencontainers/selinux#209
• Update GitHub Actions packages to resolve deprecation warnings. by @​austinvazquez in opencontainers/selinux#208
• Add dependabot config by @​kolyshkin in opencontainers/selinux#210
• build(deps): bump tim-actions/get-pr-commits from 1.3.0 to 1.3.1 by @​dependabot in opencontainers/selinux#211
• build(deps): bump golangci/golangci-lint-action from 4 to 6 by @​dependabot in opencontainers/selinux#213
• Show SELinux label on failure by @​rhatdan in opencontainers/selinux#216

New Contributors

• @​ningmingxiao made their first contribution in opencontainers/selinux#200
• @​michalbiesek made their first contribution in opencontainers/selinux#202
• @​dependabot made their first contribution in opencontainers/selinux#211

... (truncated)

Commits

• 4be9937 Merge pull request #237 from cyphar/selinux-safe-procfs
• c8cfa6f selinux: migrate to pathrs-lite procfs API
• f2424d8 Merge pull request #236 from kolyshkin/modernize-ci
• 648ce7f ci: add go 1.25
• 916cab9 ci: bump golangci-lint to v2.5
• b42e5c8 all: format sources with latest gofumpt
• 74393ea Merge pull request #235 from cyphar/fix-keyring-err-check
• 6ec194b keyring: fix typo in EACCES check
• 879a755 Merge pull request #234 from opencontainers/dependabot/github_actions/actions...
• 3c1bd9a build(deps): bump actions/setup-go from 5 to 6
• Additional commits viewable in compare view

Updates github.com/ulikunitz/xz from 0.5.12 to 0.5.15

Commits

• 7eee8a8 v9.5.15: release notes and formatting
• 235be8d lzma: Fix default for ReaderConfig.DictCap
• 7184815 Preparation of release v0.5.14
• 88ddf1d Address Security Issue GHSA-jc7w-c686-c4v9
• c8314b8 Add new package xio with WriteCloserStack
• See full diff in compare view

Updates golang.org/x/crypto from 0.31.0 to 0.45.0

Commits

• 4e0068c go.mod: update golang.org/x dependencies
• e79546e ssh: curb GSSAPI DoS risk by limiting number of specified OIDs
• f91f7a7 ssh/agent: prevent panic on malformed constraint
• 2df4153 acme/autocert: let automatic renewal work with short lifetime certs
• bcf6a84 acme: pass context to request
• b4f2b62 ssh: fix error message on unsupported cipher
• 79ec3a5 ssh: allow to bind to a hostname in remote forwarding
• 122a78f go.mod: update golang.org/x dependencies
• c0531f9 all: eliminate vet diagnostics
• 0997000 all: fix some comments
• Additional commits viewable in compare view

Updates golang.org/x/oauth2 from 0.19.0 to 0.30.0

Commits

• cf14319 oauth2: fix expiration time window check
• 32d34ef internal: include clientID in auth style cache key
• 2d34e30 oauth2: replace a magic number with AuthStyleUnknown
• 696f7b3 all: modernize with doc links and any
• 471209b oauth2: drop dependency on go-cmp
• 6968da2 oauth2: sync Token.ExpiresIn from internal Token
• d2c4e0a oauth2: context instead of golang.org/x/net/context in doc
• 883dc3c endpoints: add various endpoints from stale CLs
• 1c06e87 all: make use of oauth.Token.ExpiresIn
• 65c15a3 oauth2: remove extra period
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.