Skip to content

chore(deps): bump the gomod group across 1 directory with 11 updates#4776

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/go_modules/gomod-9d57d86dfd
Open

chore(deps): bump the gomod group across 1 directory with 11 updates#4776
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/go_modules/gomod-9d57d86dfd

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Mar 23, 2026

Bumps the gomod group with 5 updates in the / directory:

Package From To
github.com/go-openapi/runtime 0.29.2 0.29.3
github.com/google/go-containerregistry 0.21.2 0.21.3
github.com/sigstore/rekor 1.5.0 1.5.1
k8s.io/api 0.35.2 0.35.3
k8s.io/client-go 0.35.2 0.35.3

Updates github.com/go-openapi/runtime from 0.29.2 to 0.29.3

Release notes

Sourced from github.com/go-openapi/runtime's releases.

v0.29.3

0.29.3 - 2026-03-08

Full Changelog: go-openapi/runtime@v0.29.2...v0.29.3

27 commits in this release.

Fixed bugs

Documentation

Code quality

  • chore: updated dependencies (removed mongodb indirect dependency) by @​fredbi in #399 ...

Miscellaneous tasks

Updates

... (truncated)

Commits
  • b00b2f1 chore: prepare release v0.29.3
  • b5088b8 ci: fixed dropped trivy release - updated shared workflow
  • c9809a6 docs: add FAQ from resolved GitHub issues (#403)
  • 3d599d6 build(deps): bump the development-dependencies group across 2 directories wit...
  • 3b063c0 chore: updated dependencies (removed mongodb indirect dependency) (#399)
  • f9c40d3 build(deps): bump the other-dependencies group with 3 updates
  • adabde2 build(deps): bump the go-openapi-dependencies group with 6 updates
  • 2e68776 build(deps): bump the go-openapi-dependencies group with 2 updates
  • bb7e2f0 build(deps): bump the go-openapi-dependencies group with 2 updates
  • b3119ae build(deps): bump the go-openapi-dependencies group with 2 updates
  • Additional commits viewable in compare view

Updates github.com/go-openapi/strfmt from 0.25.0 to 0.26.0

Release notes

Sourced from github.com/go-openapi/strfmt's releases.

v0.26.0

0.26.0 - 2026-03-07

Dropped mongodb dependency - Kept backward-compatibility

Full Changelog: go-openapi/strfmt@v0.25.0...v0.26.0

43 commits in this release.

Documentation

Code quality

Testing

Miscellaneous tasks

Updates

... (truncated)

Commits
  • 189f0cc chore: prepare release v0.26.0
  • 8d2d66c test: updated testify/v2 (#226)
  • 397a475 build(deps): bump filippo.io/edwards25519 in /internal/testintegration (#221)
  • 56a7663 ci: fix coverage reporting for integration tests (#225)
  • f309793 build(deps): bump the development-dependencies group across 2 directories wit...
  • 435a1e4 refactor: decouple mongodb driver from root module (#222)
  • 7304ce1 Test/integration mariadb (#220)
  • 8b27f48 chore: reverted go requirement back to go1.24 (#219)
  • 6a4afe0 chore: doc, lint, test (#218)
  • cd99722 doc: updated contributors file
  • Additional commits viewable in compare view

Updates github.com/google/go-containerregistry from 0.21.2 to 0.21.3

Release notes

Sourced from github.com/google/go-containerregistry's releases.

v0.21.3

What's Changed

New Contributors

Full Changelog: google/go-containerregistry@v0.21.2...v0.21.3

Commits
  • 3888fb8 bump golang to 1.25.7 (#2236)
  • f439624 tarball: detect symlink cycles in extractFileFromTar (#2232)
  • 400c263 mutate: reject path traversal and symlink escape in Extract (#2227)
  • 47eedc9 Bump goreleaser/goreleaser-action in the actions group (#2220)
  • be0a845 Bump the go-deps group across 4 directories with 7 updates (#2233)
  • e916301 migrate to github.com/moby/moby modules (#2228)
  • 8b2478e Adds local file support to the crane index subcommand (#2223)
  • See full diff in compare view

Updates github.com/sigstore/rekor from 1.5.0 to 1.5.1

Release notes

Sourced from github.com/sigstore/rekor's releases.

v1.5.1

Changelog

  • 2d46808ce98c3dd26158364ae28f4c49921c9b0d optimize memory for DSSE v0.0.1 processing (#2766)
  • 6de110d1deb7fa2d9145584fd9446608ce1a777c return correct errors in rare failure situations (#2753)
  • 7ff7c692f51d6060c6eebba0480536f5ba28abb5 raise error if decoding hash fails during inclusion proof (#2754)

Thanks for all contributors!

Commits
  • bb573aa build(deps): Bump actions/upload-artifact from 6.0.0 to 7.0.0 (#2773)
  • 6188957 build(deps): Bump google.golang.org/api from 0.264.0 to 0.269.0 (#2770)
  • f76fb2a build(deps): Bump github/codeql-action in the all group (#2772)
  • ae85b80 build(deps): Bump github.com/redis/go-redis/v9 from 9.17.3 to 9.18.0 (#2769)
  • 9836e32 build(deps): Bump the all group with 11 updates (#2768)
  • b81ecd3 build(deps): Bump gocloud.dev from 0.40.0 to 0.44.0 (#2757)
  • 2d46808 optimize memory for DSSE v0.0.1 processing (#2766)
  • bd11cb9 build(deps): Bump go.step.sm/crypto from 0.74.0 to 0.76.2 (#2760)
  • c302fdb build(deps): Bump github.com/secure-systems-lab/go-securesystemslib (#2758)
  • 3444350 build(deps): Bump go.opentelemetry.io/otel/sdk from 1.39.0 to 1.40.0 (#2763)
  • Additional commits viewable in compare view

Updates golang.org/x/crypto from 0.48.0 to 0.49.0

Commits
  • 982eaa6 go.mod: update golang.org/x dependencies
  • 159944f ssh,acme: clean up tautological/impossible nil conditions
  • a408498 acme: only require prompt if server has terms of service
  • cab0f71 all: upgrade go directive to at least 1.25.0 [generated]
  • 2f26647 x509roots/fallback: update bundle
  • See full diff in compare view

Updates golang.org/x/oauth2 from 0.35.0 to 0.36.0

Commits
  • 4d954e6 all: upgrade go directive to at least 1.25.0 [generated]
  • See full diff in compare view

Updates golang.org/x/term from 0.40.0 to 0.41.0

Commits
  • 9d2dc07 go.mod: update golang.org/x dependencies
  • d954e03 all: upgrade go directive to at least 1.25.0 [generated]
  • See full diff in compare view

Updates google.golang.org/api from 0.267.0 to 0.269.0

Release notes

Sourced from google.golang.org/api's releases.

v0.269.0

0.269.0 (2026-02-24)

Features

Bug Fixes

  • generator: Handle preview version pkg name (#3511) (2a249ce)

v0.268.0

0.268.0 (2026-02-23)

Features

Changelog

Sourced from google.golang.org/api's changelog.

0.269.0 (2026-02-24)

Features

Bug Fixes

  • generator: Handle preview version pkg name (#3511) (2a249ce)

0.268.0 (2026-02-23)

Features

Commits

Updates k8s.io/api from 0.35.2 to 0.35.3

Commits

Updates k8s.io/apimachinery from 0.35.2 to 0.35.3

Commits

Updates k8s.io/client-go from 0.35.2 to 0.35.3

Commits
  • 4f1f0a2 Update dependencies to v0.35.3 tag
  • f80003c Merge pull request #136903pohly/automated-cherry-pick-of-#136455
  • 8b41556 fake client-go: un-deprecate NewSimpleClientset
  • See full diff in compare view

Most Recent Ignore Conditions Applied to This Pull Request
Dependency Name Ignore Conditions
k8s.io/apimachinery [>= 0.22.a, < 0.23]
k8s.io/client-go [>= 0.22.a, < 0.23]
k8s.io/api [>= 0.22.a, < 0.23]

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
chore(deps): bump the gomod group across 1 directory with 11 updates
65136f6 
Bumps the gomod group with 5 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [github.com/go-openapi/runtime](https://github.com/go-openapi/runtime) | `0.29.2` | `0.29.3` |
| [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry) | `0.21.2` | `0.21.3` |
| [github.com/sigstore/rekor](https://github.com/sigstore/rekor) | `1.5.0` | `1.5.1` |
| [k8s.io/api](https://github.com/kubernetes/api) | `0.35.2` | `0.35.3` |
| [k8s.io/client-go](https://github.com/kubernetes/client-go) | `0.35.2` | `0.35.3` |



Updates `github.com/go-openapi/runtime` from 0.29.2 to 0.29.3
- [Release notes](https://github.com/go-openapi/runtime/releases)
- [Commits](go-openapi/runtime@v0.29.2...v0.29.3)

Updates `github.com/go-openapi/strfmt` from 0.25.0 to 0.26.0
- [Release notes](https://github.com/go-openapi/strfmt/releases)
- [Commits](go-openapi/strfmt@v0.25.0...v0.26.0)

Updates `github.com/google/go-containerregistry` from 0.21.2 to 0.21.3
- [Release notes](https://github.com/google/go-containerregistry/releases)
- [Commits](google/go-containerregistry@v0.21.2...v0.21.3)

Updates `github.com/sigstore/rekor` from 1.5.0 to 1.5.1
- [Release notes](https://github.com/sigstore/rekor/releases)
- [Changelog](https://github.com/sigstore/rekor/blob/main/CHANGELOG.md)
- [Commits](sigstore/rekor@v1.5.0...v1.5.1)

Updates `golang.org/x/crypto` from 0.48.0 to 0.49.0
- [Commits](golang/crypto@v0.48.0...v0.49.0)

Updates `golang.org/x/oauth2` from 0.35.0 to 0.36.0
- [Commits](golang/oauth2@v0.35.0...v0.36.0)

Updates `golang.org/x/term` from 0.40.0 to 0.41.0
- [Commits](golang/term@v0.40.0...v0.41.0)

Updates `google.golang.org/api` from 0.267.0 to 0.269.0
- [Release notes](https://github.com/googleapis/google-api-go-client/releases)
- [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md)
- [Commits](googleapis/google-api-go-client@v0.267.0...v0.269.0)

Updates `k8s.io/api` from 0.35.2 to 0.35.3
- [Commits](kubernetes/api@v0.35.2...v0.35.3)

Updates `k8s.io/apimachinery` from 0.35.2 to 0.35.3
- [Commits](kubernetes/apimachinery@v0.35.2...v0.35.3)

Updates `k8s.io/client-go` from 0.35.2 to 0.35.3
- [Changelog](https://github.com/kubernetes/client-go/blob/master/CHANGELOG.md)
- [Commits](kubernetes/client-go@v0.35.2...v0.35.3)

---
updated-dependencies:
- dependency-name: github.com/go-openapi/runtime
  dependency-version: 0.29.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: gomod
- dependency-name: github.com/go-openapi/strfmt
  dependency-version: 0.26.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gomod
- dependency-name: github.com/google/go-containerregistry
  dependency-version: 0.21.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: gomod
- dependency-name: github.com/sigstore/rekor
  dependency-version: 1.5.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: gomod
- dependency-name: golang.org/x/crypto
  dependency-version: 0.49.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gomod
- dependency-name: golang.org/x/oauth2
  dependency-version: 0.36.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gomod
- dependency-name: golang.org/x/term
  dependency-version: 0.41.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gomod
- dependency-name: google.golang.org/api
  dependency-version: 0.269.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gomod
- dependency-name: k8s.io/api
  dependency-version: 0.35.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: gomod
- dependency-name: k8s.io/apimachinery
  dependency-version: 0.35.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: gomod
- dependency-name: k8s.io/client-go
  dependency-version: 0.35.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: gomod
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Mar 23, 2026
@dependabot dependabot bot requested a review from a team as a code owner March 23, 2026 16:57
@dependabot dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Mar 23, 2026
@dependabot dependabot bot mentioned this pull request Mar 23, 2026
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file go Pull requests that update Go code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants