Skip to content

chore(deps): bump the dependencies group with 10 updates #1099

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
github-actions merged 1 commit into from
Mar 1, 2025
Merged

chore(deps): bump the dependencies group with 10 updates #1099

github-actions merged 1 commit into from
Mar 1, 2025

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Mar 1, 2025

Bumps the dependencies group with 10 updates:

Package From To
github.com/cheggaaa/pb/v3 3.1.6 3.1.7
github.com/go-git/go-git/v5 5.13.2 5.14.0
golang.org/x/crypto 0.32.0 0.35.0
golang.org/x/term 0.28.0 0.29.0
golang.org/x/text 0.21.0 0.22.0
github.com/ProtonMail/go-crypto 1.1.5 1.1.6
github.com/cloudflare/circl 1.5.0 1.6.0
github.com/golang/groupcache 0.0.0-20210331224755-41bb18bfe9da 0.0.0-20241129210726-2c02b8208cf8
golang.org/x/net 0.34.0 0.35.0
golang.org/x/sys 0.29.0 0.30.0

Updates github.com/cheggaaa/pb/v3 from 3.1.6 to 3.1.7

Commits

Updates github.com/go-git/go-git/v5 from 5.13.2 to 5.14.0

Release notes

Sourced from github.com/go-git/go-git/v5's releases.

v5.14.0

What's Changed

⚠️ Note that this version requires Go 1.23, due to the bump to golang.org/x/crypto@v0.35.0 which mitigates the CVE above. User's that can't bump to Go 1.23 will need to remain on the previous v5.13.x release.

Full Changelog: go-git/go-git@v5.13.2...v5.14.0

Commits

Updates golang.org/x/crypto from 0.32.0 to 0.35.0

Commits
  • 7292932 ssh: limit the size of the internal packet queue while waiting for KEX
  • f66f74b acme/autocert: check host policy before probing the cache
  • b0784b7 x509roots/fallback: drop obsolete build constraint
  • 911360c all: bump golang.org/x/crypto dependencies of asm generators
  • 89ff08d all: upgrade go directive to at least 1.23.0 [generated]
  • e47973b all: update certs for go1.24
  • 9290511 go.mod: update golang.org/x dependencies
  • fa5273e x509roots/fallback: update bundle
  • a8ea4be ssh: add ServerConfig.PreAuthConnCallback, ServerPreAuthConn (banner) interface
  • 71d3a4c acme: support challenges that require the ACME client to send a non-empty JSO...
  • See full diff in compare view

Updates golang.org/x/term from 0.28.0 to 0.29.0

Commits

Updates golang.org/x/text from 0.21.0 to 0.22.0

Commits

Updates github.com/ProtonMail/go-crypto from 1.1.5 to 1.1.6

Release notes

Sourced from github.com/ProtonMail/go-crypto's releases.

Release v1.1.6

What's Changed

Full Changelog: ProtonMail/go-crypto@v1.1.5...v1.1.6

Release v1.1.6-proton

What's Changed

This release is v1.1.6 with support for the following non-standardized features:

Commits
  • e52eada Merge pull request #271 from ProtonMail/feat/improve-errors-key-selection
  • 4bf9d90 feat(v2): Improve error message for encryption key selection
  • d47bb38 Merge pull request #266 from caarlos0/issuer-key-id
  • 756ebbd Make Issuer Key ID signature subpacket non-critical
  • 44ef98c Merge pull request #276 from mdosch/fix-random-source-is-broken
  • b105e24 Merge branch 'main' into fix-random-source-is-broken
  • 89b0776 Only check that message signatures are newer than the key
  • 2b2dbe9 openpgp/clearsign: just use rand.Reader in tests
  • 2732e09 Merge pull request #275 from ProtonMail/only-check-msg-sig-newer-than-key
  • 8e272e7 Only check that message signatures are newer than the key
  • Additional commits viewable in compare view

Updates github.com/cloudflare/circl from 1.5.0 to 1.6.0

Release notes

Sourced from github.com/cloudflare/circl's releases.

CIRCL v1.6.0

New!

What's Changed

New Contributors

Full Changelog: cloudflare/circl@v1.5.0...v1.6.0

Commits
  • 89e658c Add X-Wing to the readme and bump version.
  • 6e910fd Add Prio3 in readme.
  • 4e35591 Adding polynomial multiplication based on NTT.
  • 830152f Passing NTT size.
  • 0a61b66 Removing deprecated use of elliptic in P384.
  • 342ad81 Update HPKE code to use ecdh stdlib package.
  • 4987803 ckem: move crypto/elliptic to crypto/ecdh (#529)
  • 9340445 Relax kem constaint from kem.AuthScheme to kem.Scheme.
  • 964fefa X-Wing PQ/T hybrid
  • cd157f0 Run semgrep cronjob only in upstream repository.
  • Additional commits viewable in compare view

Updates github.com/golang/groupcache from 0.0.0-20210331224755-41bb18bfe9da to 0.0.0-20241129210726-2c02b8208cf8

Commits

Updates golang.org/x/net from 0.34.0 to 0.35.0

Commits
  • df97a48 go.mod: update golang.org/x dependencies
  • 2dab271 route: treat short sockaddr lengths as unspecified
  • b914489 internal/http3: refactor in prep for sharing transport/server code
  • ebd23f8 route: fix parsing network address of length zero
  • 938a9fb internal/http3: add request/response body transfer
  • 145b2d7 internal/http3: add RoundTrip
  • 5bda71a internal/http3: define connection and stream error types
  • 3c1185a internal/http3: return error on mid-frame EOF
  • a6c2c7f http2, internal/httpcommon: factor out common request header logic for h2/h3
  • c72e89d internal/http3: QPACK encoding and decoding
  • Additional commits viewable in compare view

Updates golang.org/x/sys from 0.29.0 to 0.30.0

Commits
  • 863b3c4 unix: update glibc to 2.41
  • 4d4692e unix: add Auxv
  • b215a1c unix: update to Linux kernel 6.13
  • c756214 cpu: add support for AVX-VNNI and IFMA detection
  • 1c14dca unix: add GetPeerUcred and UcredGet for solaris
  • See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
chore(deps): bump the dependencies group with 10 updates
3fb77a3 
Bumps the dependencies group with 10 updates:

| Package | From | To |
| --- | --- | --- |
| [github.com/cheggaaa/pb/v3](https://github.com/cheggaaa/pb) | `3.1.6` | `3.1.7` |
| [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) | `5.13.2` | `5.14.0` |
| [golang.org/x/crypto](https://github.com/golang/crypto) | `0.32.0` | `0.35.0` |
| [golang.org/x/term](https://github.com/golang/term) | `0.28.0` | `0.29.0` |
| [golang.org/x/text](https://github.com/golang/text) | `0.21.0` | `0.22.0` |
| [github.com/ProtonMail/go-crypto](https://github.com/ProtonMail/go-crypto) | `1.1.5` | `1.1.6` |
| [github.com/cloudflare/circl](https://github.com/cloudflare/circl) | `1.5.0` | `1.6.0` |
| [github.com/golang/groupcache](https://github.com/golang/groupcache) | `0.0.0-20210331224755-41bb18bfe9da` | `0.0.0-20241129210726-2c02b8208cf8` |
| [golang.org/x/net](https://github.com/golang/net) | `0.34.0` | `0.35.0` |
| [golang.org/x/sys](https://github.com/golang/sys) | `0.29.0` | `0.30.0` |


Updates `github.com/cheggaaa/pb/v3` from 3.1.6 to 3.1.7
- [Commits](cheggaaa/pb@v3.1.6...v3.1.7)

Updates `github.com/go-git/go-git/v5` from 5.13.2 to 5.14.0
- [Release notes](https://github.com/go-git/go-git/releases)
- [Commits](go-git/go-git@v5.13.2...v5.14.0)

Updates `golang.org/x/crypto` from 0.32.0 to 0.35.0
- [Commits](golang/crypto@v0.32.0...v0.35.0)

Updates `golang.org/x/term` from 0.28.0 to 0.29.0
- [Commits](golang/term@v0.28.0...v0.29.0)

Updates `golang.org/x/text` from 0.21.0 to 0.22.0
- [Release notes](https://github.com/golang/text/releases)
- [Commits](golang/text@v0.21.0...v0.22.0)

Updates `github.com/ProtonMail/go-crypto` from 1.1.5 to 1.1.6
- [Release notes](https://github.com/ProtonMail/go-crypto/releases)
- [Commits](ProtonMail/go-crypto@v1.1.5...v1.1.6)

Updates `github.com/cloudflare/circl` from 1.5.0 to 1.6.0
- [Release notes](https://github.com/cloudflare/circl/releases)
- [Commits](cloudflare/circl@v1.5.0...v1.6.0)

Updates `github.com/golang/groupcache` from 0.0.0-20210331224755-41bb18bfe9da to 0.0.0-20241129210726-2c02b8208cf8
- [Commits](https://github.com/golang/groupcache/commits)

Updates `golang.org/x/net` from 0.34.0 to 0.35.0
- [Commits](golang/net@v0.34.0...v0.35.0)

Updates `golang.org/x/sys` from 0.29.0 to 0.30.0
- [Commits](golang/sys@v0.29.0...v0.30.0)

---
updated-dependencies:
- dependency-name: github.com/cheggaaa/pb/v3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: github.com/go-git/go-git/v5
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: golang.org/x/crypto
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: golang.org/x/term
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: golang.org/x/text
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: github.com/ProtonMail/go-crypto
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: github.com/cloudflare/circl
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: github.com/golang/groupcache
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: golang.org/x/net
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: golang.org/x/sys
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Mar 1, 2025
@dependabot dependabot bot requested a review from EtienneM March 1, 2025 00:40
@github-actions github-actions bot enabled auto-merge March 1, 2025 00:41
@github-actions github-actions bot merged commit d18a942 into master Mar 1, 2025
6 of 7 checks passed
@github-actions github-actions bot deleted the dependabot/go_modules/dependencies-bf0279d6ed branch March 1, 2025 00:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@github-actions github-actions[bot] github-actions[bot] approved these changes

@EtienneM EtienneM Awaiting requested review from EtienneM

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file go Pull requests that update Go code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant