Skip to content

Bump the go-modules group with 4 updates#1575

Merged
paketo-bot merged 1 commit into
mainfrom
dependabot/go_modules/go-modules-01e08e5374
May 22, 2026
Merged

Bump the go-modules group with 4 updates#1575
paketo-bot merged 1 commit into
mainfrom
dependabot/go_modules/go-modules-01e08e5374

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 22, 2026

Bumps the go-modules group with 4 updates: github.com/bodgit/sevenzip, golang.org/x/crypto, golang.org/x/net and golang.org/x/sys.

Updates github.com/bodgit/sevenzip from 1.6.2 to 1.6.3

Release notes

Sourced from github.com/bodgit/sevenzip's releases.

v1.6.3

1.6.3 (2026-05-22)

Bug Fixes

  • deps: update module github.com/klauspost/compress to v1.18.6 (#441) (e76b100)
  • deps: update module golang.org/x/text to v0.37.0 (#446) (fa85316)
  • ppmd support (#451) (f07faff)
  • protect against specially crafted archives setting high AES cycles (#448) (ec43e2b)
Changelog

Sourced from github.com/bodgit/sevenzip's changelog.

1.6.3 (2026-05-22)

Bug Fixes

  • deps: update module github.com/klauspost/compress to v1.18.6 (#441) (e76b100)
  • deps: update module golang.org/x/text to v0.37.0 (#446) (fa85316)
  • ppmd support (#451) (f07faff)
  • protect against specially crafted archives setting high AES cycles (#448) (ec43e2b)
Commits
  • a22d4a4 chore(main): release 1.6.3 (#452)
  • fa85316 fix(deps): update module golang.org/x/text to v0.37.0 (#446)
  • e76b100 fix(deps): update module github.com/klauspost/compress to v1.18.6 (#441)
  • ec43e2b fix: protect against specially crafted archives setting high AES cycles (#448)
  • f07faff fix: ppmd support (#451)
  • See full diff in compare view

Updates golang.org/x/crypto from 0.51.0 to 0.52.0

Commits
  • a1c0d99 go.mod: update golang.org/x dependencies
  • 3c7c869 ssh: fix deadlock on unexpected channel responses
  • 533fb3f ssh: fix source-address critical option bypass
  • abbc44d ssh: fix incorrect operator order
  • e052873 ssh: fix infinite loop on large channel writes due to integer overflow
  • b61cf85 ssh: enforce user presence verification for security keys
  • 9c2cd33 ssh: enforce strict limits on DSA key parameters
  • 8907318 ssh: reject RSA keys with excessively large moduli
  • ffd87b4 ssh: fix panic when authority callbacks are nil
  • 4e7a738 ssh: fix deadlock on unexpected global responses
  • Additional commits viewable in compare view

Updates golang.org/x/net from 0.54.0 to 0.55.0

Commits
  • 7770ec4 go.mod: update golang.org/x dependencies
  • 4ece7b6 html: escape greater-than symbol in doctype identifiers
  • 08be507 html: improve Noah's Ark clause performance
  • a8fb2fe html: properly render fostered elements in foreign content
  • 0dc5b7a html: properly check namespace in "in body" any other end tag
  • a452f3c html: ignore duplicate attributes during tokenization
  • f865199 quic: fix appendMaxDataFrame erroneously accumulating sentLimit
  • 210ed3c quic: establish a "happened-before" relationship between stream write and read
  • ad8140e quic: fix buffer slicing when handling overlapping stream data
  • 23ee2ef http2: avoid API changes when built with go1.27
  • See full diff in compare view

Updates golang.org/x/sys from 0.44.0 to 0.45.0

Commits
  • 397d5f8 unix: update to Linux kernel 7.0
  • 0a387f7 cpu: detect zbc extension on riscv64
  • 758f71c cpu: add LLACQ_SCREL, SCQ, DBAR_HINTS detection for loong64
  • 99666ae unix: merge Linux readv/writev implementation with Darwin/OpenBSD
  • e4444cb windows: add NtSetEaFile, NtQueryEaFile and NtQueryInformationFile
  • 04396e8 unix: add Readv, Writev, Preadv, Pwritev for OpenBSD
  • See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Bump the go-modules group with 4 updates
578569e 
Bumps the go-modules group with 4 updates: [github.com/bodgit/sevenzip](https://github.com/bodgit/sevenzip), [golang.org/x/crypto](https://github.com/golang/crypto), [golang.org/x/net](https://github.com/golang/net) and [golang.org/x/sys](https://github.com/golang/sys).


Updates `github.com/bodgit/sevenzip` from 1.6.2 to 1.6.3
- [Release notes](https://github.com/bodgit/sevenzip/releases)
- [Changelog](https://github.com/bodgit/sevenzip/blob/main/CHANGELOG.md)
- [Commits](bodgit/sevenzip@v1.6.2...v1.6.3)

Updates `golang.org/x/crypto` from 0.51.0 to 0.52.0
- [Commits](golang/crypto@v0.51.0...v0.52.0)

Updates `golang.org/x/net` from 0.54.0 to 0.55.0
- [Commits](golang/net@v0.54.0...v0.55.0)

Updates `golang.org/x/sys` from 0.44.0 to 0.45.0
- [Commits](golang/sys@v0.44.0...v0.45.0)

---
updated-dependencies:
- dependency-name: github.com/bodgit/sevenzip
  dependency-version: 1.6.3
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: go-modules
- dependency-name: golang.org/x/crypto
  dependency-version: 0.52.0
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: go-modules
- dependency-name: golang.org/x/net
  dependency-version: 0.55.0
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: go-modules
- dependency-name: golang.org/x/sys
  dependency-version: 0.45.0
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: go-modules
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels May 22, 2026
@dependabot dependabot Bot requested review from a team as code owners May 22, 2026 16:54
@dependabot dependabot Bot requested review from pacostas and removed request for a team May 22, 2026 16:54
@dependabot dependabot Bot added the go Pull requests that update Go code label May 22, 2026
@dependabot dependabot Bot requested a review from paketo-bot-reviewer May 22, 2026 16:54
@dependabot dependabot Bot added the dependencies Pull requests that update a dependency file label May 22, 2026
@paketo-bot paketo-bot added the semver:patch A change requiring a patch version bump label May 22, 2026
@paketo-bot paketo-bot merged commit 84c74f2 into main May 22, 2026
11 of 12 checks passed
@paketo-bot paketo-bot deleted the dependabot/go_modules/go-modules-01e08e5374 branch May 22, 2026 17:05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@paketo-bot-reviewer paketo-bot-reviewer paketo-bot-reviewer approved these changes

@pacostas pacostas Awaiting requested review from pacostas pacostas is a code owner automatically assigned from paketo-buildpacks/nodejs-maintainers

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file go Pull requests that update Go code semver:patch A change requiring a patch version bump

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@paketo-bot-reviewer @paketo-bot