Skip to content

Bump the go-modules group with 7 updates#1206

Merged
paketo-bot merged 1 commit intomainfrom
dependabot/go_modules/go-modules-e0108e0535
Mar 10, 2026
Merged

Bump the go-modules group with 7 updates#1206
paketo-bot merged 1 commit intomainfrom
dependabot/go_modules/go-modules-e0108e0535

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Mar 10, 2026

Bumps the go-modules group with 7 updates:

Package From To
cloud.google.com/go/storage 1.60.0 1.61.0
github.com/anchore/stereoscope 0.1.20 0.1.21
github.com/anchore/syft 1.42.1 1.42.2
github.com/charmbracelet/colorprofile 0.4.2 0.4.3
github.com/minio/minlz 1.0.1 1.1.0
github.com/wagoodman/go-progress 0.0.0-20230925121702-07e42b3cdba0 0.0.0-20260303201901-10176f79b2c0
google.golang.org/api 0.269.0 0.270.0

Updates cloud.google.com/go/storage from 1.60.0 to 1.61.0

Release notes

Sourced from cloud.google.com/go/storage's releases.

storage: v1.61.0

v1.61.0 (2026-03-10)

Features

  • add bucket encryption enforcement configuration (#13874) (245c8d76)

  • add multistream options to MRD (#13758) (4557675e)

  • add a DeleteFolderRecursive API definition (PiperOrigin-RevId: 866471251) (6f310199)

  • add multistream support to MRD (#13792) (ffa7268c)

Bug Fixes

Commits

Updates github.com/anchore/stereoscope from 0.1.20 to 0.1.21

Release notes

Sourced from github.com/anchore/stereoscope's releases.

v0.1.21

Bug Fixes

Dependency Updates

Additional Changes

(Full Changelog)

Commits
  • 5de95df chore(deps): update tools to latest versions (#538)
  • 6980a63 chore(deps): bump github.com/moby/moby/client from 0.2.1 to 0.2.2 (#535)
  • 99ed0b6 chore: migrate test-fixtures to testdata (#531)
  • 3f24d4c chore(deps): bump actions/upload-artifact in /.github/workflows (#536)
  • 8701800 chore(deps): bump github.com/google/go-containerregistry (#534)
  • e1e847a chore(deps): bump github.com/awslabs/amazon-ecr-credential-helper/ecr-login (...
  • a3ecd38 chore(deps): bump actions/setup-go in /.github/actions/bootstrap (#532)
  • 78486e6 fix(providers): clean up temp storage on errors (#537)
  • fe7e5b5 chore(deps): bump github.com/sylabs/sif/v2 from 2.22.0 to 2.23.0 (#526)
  • 7b5e393 migrate to github.com/moby/moby/client module (#500)
  • Additional commits viewable in compare view

Updates github.com/anchore/syft from 1.42.1 to 1.42.2

Release notes

Sourced from github.com/anchore/syft's releases.

v1.42.2

Bug Fixes

Additional Changes

(Full Changelog)

Commits
  • 75455f0 chore(deps): update anchore dependencies (#4631)
  • 22e78c7 chore(deps): update tools to latest versions (#4630)
  • d2461a9 chore(deps): update SPDX license list (#4637)
  • 01f0e33 chore(deps): bump actions/download-artifact from 7.0.0 to 8.0.0 (#4658)
  • c88051d chore(deps): bump github.com/cloudflare/circl from 1.6.1 to 1.6.3 (#4638)
  • 7d3d1c6 chore(deps): bump the actions-minor-patch group across 2 directories with 2 u...
  • dcba765 chore(deps): bump actions/upload-artifact from 6.0.0 to 7.0.0 (#4659)
  • 2c20146 chore(deps): bump go.opentelemetry.io/otel/sdk from 1.39.0 to 1.40.0 (#4646)
  • c583da1 chore(deps): update CPE dictionary index (#4647)
  • 22014b6 chore(deps): bump the go-minor-patch group across 1 directory with 5 updates ...
  • Additional commits viewable in compare view

Updates github.com/charmbracelet/colorprofile from 0.4.2 to 0.4.3

Release notes

Sourced from github.com/charmbracelet/colorprofile's releases.

v0.4.3

This release fixes an important issue where the writer when used as a middleware can cause short write errors. Kudos to @​abhinav for reporting this one.

Changelog

Fixed

  • d085584efb48f2ad470e96cd0f3dcb8cc68a034b: fix(writer): ensure Write returns the number of processed bytes (#75) (@​aymanbagabas)

Thoughts? Questions? We love hearing from you. Feel free to reach out on X, Discord, Slack, The Fediverse, Bluesky.

Commits
  • d085584 fix(writer): ensure Write returns the number of processed bytes (#75)
  • cf47ee4 chore(deps): bump golang.org/x/sys in the all group (#73)
  • See full diff in compare view

Updates github.com/minio/minlz from 1.0.1 to 1.1.0

Release notes

Sourced from github.com/minio/minlz's releases.

v1.1.0

What's Changed

Full Changelog: minio/minlz@V1.0.1...v1.1.0

Commits
  • 4599c83 Bump the github-actions group with 3 updates (#34)
  • c63f0af Add block visualizer (#32)
  • 5a44d11 Add faster compression mode for speed extremely sensitive applications (#30)
  • de1ccac Bump the github-actions group with 3 updates (#33)
  • 845e64f perf: Add arm64 decompression assembly (#29)
  • 8430409 Add -follow to decompression (#27)
  • 49f019e Add nicer looking block debug print (#26)
  • 336ffce Bump the github-actions group with 2 updates (#28)
  • 25a858e Bump the github-actions group with 3 updates (#25)
  • cd4ae6e Bump github/codeql-action in the github-actions group (#24)
  • Additional commits viewable in compare view

Updates github.com/wagoodman/go-progress from 0.0.0-20230925121702-07e42b3cdba0 to 0.0.0-20260303201901-10176f79b2c0

Commits

Updates google.golang.org/api from 0.269.0 to 0.270.0

Release notes

Sourced from google.golang.org/api's releases.

v0.270.0

0.270.0 (2026-03-08)

Features

Changelog

Sourced from google.golang.org/api's changelog.

0.270.0 (2026-03-08)

Features

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Bump the go-modules group with 7 updates
e7dab30 
Bumps the go-modules group with 7 updates:

| Package | From | To |
| --- | --- | --- |
| [cloud.google.com/go/storage](https://github.com/googleapis/google-cloud-go) | `1.60.0` | `1.61.0` |
| [github.com/anchore/stereoscope](https://github.com/anchore/stereoscope) | `0.1.20` | `0.1.21` |
| [github.com/anchore/syft](https://github.com/anchore/syft) | `1.42.1` | `1.42.2` |
| [github.com/charmbracelet/colorprofile](https://github.com/charmbracelet/colorprofile) | `0.4.2` | `0.4.3` |
| [github.com/minio/minlz](https://github.com/minio/minlz) | `1.0.1` | `1.1.0` |
| [github.com/wagoodman/go-progress](https://github.com/wagoodman/go-progress) | `0.0.0-20230925121702-07e42b3cdba0` | `0.0.0-20260303201901-10176f79b2c0` |
| [google.golang.org/api](https://github.com/googleapis/google-api-go-client) | `0.269.0` | `0.270.0` |


Updates `cloud.google.com/go/storage` from 1.60.0 to 1.61.0
- [Release notes](https://github.com/googleapis/google-cloud-go/releases)
- [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/CHANGES.md)
- [Commits](googleapis/google-cloud-go@spanner/v1.60.0...spanner/v1.61.0)

Updates `github.com/anchore/stereoscope` from 0.1.20 to 0.1.21
- [Release notes](https://github.com/anchore/stereoscope/releases)
- [Changelog](https://github.com/anchore/stereoscope/blob/main/RELEASE.md)
- [Commits](anchore/stereoscope@v0.1.20...v0.1.21)

Updates `github.com/anchore/syft` from 1.42.1 to 1.42.2
- [Release notes](https://github.com/anchore/syft/releases)
- [Changelog](https://github.com/anchore/syft/blob/main/RELEASE.md)
- [Commits](anchore/syft@v1.42.1...v1.42.2)

Updates `github.com/charmbracelet/colorprofile` from 0.4.2 to 0.4.3
- [Release notes](https://github.com/charmbracelet/colorprofile/releases)
- [Commits](charmbracelet/colorprofile@v0.4.2...v0.4.3)

Updates `github.com/minio/minlz` from 1.0.1 to 1.1.0
- [Release notes](https://github.com/minio/minlz/releases)
- [Commits](minio/minlz@V1.0.1...v1.1.0)

Updates `github.com/wagoodman/go-progress` from 0.0.0-20230925121702-07e42b3cdba0 to 0.0.0-20260303201901-10176f79b2c0
- [Commits](https://github.com/wagoodman/go-progress/commits)

Updates `google.golang.org/api` from 0.269.0 to 0.270.0
- [Release notes](https://github.com/googleapis/google-api-go-client/releases)
- [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md)
- [Commits](googleapis/google-api-go-client@v0.269.0...v0.270.0)

---
updated-dependencies:
- dependency-name: cloud.google.com/go/storage
  dependency-version: 1.61.0
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: go-modules
- dependency-name: github.com/anchore/stereoscope
  dependency-version: 0.1.21
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: go-modules
- dependency-name: github.com/anchore/syft
  dependency-version: 1.42.2
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: go-modules
- dependency-name: github.com/charmbracelet/colorprofile
  dependency-version: 0.4.3
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: go-modules
- dependency-name: github.com/minio/minlz
  dependency-version: 1.1.0
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: go-modules
- dependency-name: github.com/wagoodman/go-progress
  dependency-version: 0.0.0-20260303201901-10176f79b2c0
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: go-modules
- dependency-name: google.golang.org/api
  dependency-version: 0.270.0
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: go-modules
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update go code labels Mar 10, 2026
@dependabot dependabot bot requested review from a team as code owners March 10, 2026 11:13
@dependabot dependabot bot requested review from mhdawson and pacostas March 10, 2026 11:13
@dependabot dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update go code labels Mar 10, 2026
@paketo-bot paketo-bot added the semver:patch A change requiring a patch version bump label Mar 10, 2026
@paketo-bot paketo-bot merged commit ac49eda into main Mar 10, 2026
14 of 15 checks passed
@paketo-bot paketo-bot deleted the dependabot/go_modules/go-modules-e0108e0535 branch March 10, 2026 11:32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@paketo-bot-reviewer paketo-bot-reviewer paketo-bot-reviewer approved these changes

@mhdawson mhdawson Awaiting requested review from mhdawson mhdawson is a code owner automatically assigned from paketo-buildpacks/nodejs-maintainers

@pacostas pacostas Awaiting requested review from pacostas pacostas is a code owner automatically assigned from paketo-buildpacks/nodejs-maintainers

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file go Pull requests that update go code semver:patch A change requiring a patch version bump

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@paketo-bot-reviewer @paketo-bot