Skip to content

build(deps): bump the go-deps group with 13 updates#2101

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/go_modules/go-deps-bffba7aac3
Open

build(deps): bump the go-deps group with 13 updates#2101
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/go_modules/go-deps-bffba7aac3

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 1, 2026

Copy link
Copy Markdown
Contributor

Bumps the go-deps group with 13 updates:

Package From To
github.com/cyphar/filepath-securejoin 0.6.1 0.7.0
github.com/fluxcd/cli-utils 1.2.1 1.2.2
github.com/fluxcd/pkg/apis/event 0.27.0 0.28.0
github.com/fluxcd/pkg/apis/meta 1.30.0 1.31.0
github.com/fluxcd/pkg/artifact 0.18.0 0.19.0
github.com/fluxcd/pkg/auth 0.54.0 0.55.0
github.com/fluxcd/pkg/helmtestserver 0.40.0 0.41.0
github.com/fluxcd/pkg/runtime 0.110.0 0.111.0
github.com/minio/minio-go/v7 7.2.0 7.2.1
github.com/onsi/gomega 1.41.0 1.42.1
github.com/sigstore/cosign/v3 3.0.6 3.1.1
github.com/sigstore/sigstore-go 1.2.0 1.2.1
google.golang.org/api 0.283.0 0.287.0

Updates github.com/cyphar/filepath-securejoin from 0.6.1 to 0.7.0

Changelog

Sourced from github.com/cyphar/filepath-securejoin's changelog.

[0.7.0] - 2025-06-17

You talk of times of peace for all, and then prepare for war.

Changed

  • Update to cyphar.com/go-pathrs@0.2.5, which included a build-time API breakage that we needed to work around. The API of this library is unchanged by this, but users should make sure to update to v0.7.0 of filepath-securejoin if they use the libpathrs built tag and have update to libpathrs v0.2.5.
Commits
  • 8096a95 VERSION: release v0.7.0
  • 1324ccb merge #101 into cyphar/filepath-securejoin:main
  • dd8f0bb deps: bump to cyphar.com/go-pathrs@v0.2.5
  • c9a7725 gha: bump golangci-lint to v2.12
  • 2e968bd Merge pull request #91 from cyphar/dependabot/github_actions/actions/download...
  • 2879148 Merge pull request #90 from cyphar/dependabot/github_actions/actions/upload-a...
  • 07b805b build(deps): bump actions/download-artifact from 6 to 7
  • 8507844 build(deps): bump actions/upload-artifact from 5 to 6
  • daef0cf Merge pull request #89 from cyphar/dependabot/github_actions/actions/checkout-6
  • 95f8ea4 build(deps): bump actions/checkout from 5 to 6
  • Additional commits viewable in compare view

Updates github.com/fluxcd/cli-utils from 1.2.1 to 1.2.2

Release notes

Sourced from github.com/fluxcd/cli-utils's releases.

v1.2.2

What's Changed

Full Changelog: fluxcd/cli-utils@v1.2.1...v1.2.2

Commits

Updates github.com/fluxcd/pkg/apis/event from 0.27.0 to 0.28.0

Commits
  • 00782ed Merge pull request #917 from fluxcd/test-auth-providers
  • 3976c50 [RFC-0010] Add tests for auth providers
  • 182841a Merge pull request #916 from fluxcd/cache-op-label
  • 1e41450 Introduce operation label for cache event metric
  • aa3cde9 Merge pull request #909 from fluxcd/auth-azure
  • 9e0e8bc [RFC-0010] Add azure auth library
  • 7eae091 Merge pull request #908 from fluxcd/auth-gcp
  • 9f68942 Merge pull request #907 from fluxcd/auth-aws
  • bb7cb58 Merge pull request #906 from fluxcd/auth-core
  • 45fbfee [RFC-0010] Add gcp auth library
  • Additional commits viewable in compare view

Updates github.com/fluxcd/pkg/apis/meta from 1.30.0 to 1.31.0

Commits
  • b98e2b0 Merge pull request #1251 from fluxcd/release-main
  • 2dfcb7c Prepare for release
  • dd6b016 Merge pull request #1253 from fluxcd/upgrade-k8s-36.2
  • 2d00796 Upgrade kubernetes to 1.36.2
  • 827f6c3 Merge pull request #1249 from fluxcd/upgrade-go-git-providers
  • be6d462 Upgrade go-git-providers and go-github
  • 023a357 Merge pull request #1248 from fluxcd/label-2.9
  • 7e8856d Add backport label for Flux 2.9
  • ae10469 Merge pull request #1246 from fluxcd/ks-always-subst
  • 2cd36cb kustomize: add tests for empty vars with strict sub and omitted without
  • Additional commits viewable in compare view

Updates github.com/fluxcd/pkg/artifact from 0.18.0 to 0.19.0

Commits
  • e32ccc2 Merge pull request #763 from fluxcd/kubernetes-1.30
  • 2b974af Update sigs.k8s.io/controller-tools to v0.15.0
  • 52c1fc5 Update sigs.k8s.io/controller-runtime to v0.18.0
  • c906252 Update dependencies to Kubernetes 1.30
  • 92c1348 Merge pull request #764 from fluxcd/dependabot/github_actions/ci-e44cfae560
  • ccb916a build(deps): bump the ci group with 3 updates
  • 6081556 Merge pull request #761 from fluxcd/kustomize-name-prefix-suffix
  • abf5675 kustomize: Add support for namePrefix and nameSuffix
  • 98d2522 Merge pull request #760 from fluxcd/dependabot/github_actions/ci-8f082d4f6d
  • efcd824 build(deps): bump docker/setup-buildx-action in the ci group
  • Additional commits viewable in compare view

Updates github.com/fluxcd/pkg/auth from 0.54.0 to 0.55.0

Commits
  • 6ce1a83 Merge pull request #1019 from fluxcd/update-otel
  • 828f74f Prepare release
  • e7a2b15 Update otel to v1.38.0
  • d2f54dd Merge pull request #1018 from fluxcd/meta-artifact
  • 9adb480 apis: Add Artifact type to meta package
  • 7201e2c Merge pull request #1017 from fluxcd/kustomize-ignore-components
  • 929f4b4 kustomize: Add ignoreMissingComponents option
  • a5e02ce Merge pull request #1013 from fluxcd/meta-history
  • 71c0a08 Prepare release
  • 4aaf176 meta: Add History API for tracking reconcile runs in status
  • See full diff in compare view

Updates github.com/fluxcd/pkg/helmtestserver from 0.40.0 to 0.41.0

Commits
  • cde06a5 Merge pull request #1079 from fluxcd/kube-v0.35.0
  • 21a1946 auth: Fix Azure auth test for China and US Gov clouds
  • 125d607 Prepare for release
  • 4f26e76 Update dependencies to Kubernetes v0.35.0
  • 98667f8 Merge pull request #1069 from fluxcd/helm-4.1
  • 2aea89f Upgrade Helm to v4.1.0
  • 4895944 Merge pull request #1077 from fluxcd/ssa-custom-stage
  • 8a98478 ssa: introduce custom apply stage
  • See full diff in compare view

Updates github.com/fluxcd/pkg/runtime from 0.110.0 to 0.111.0

Commits
  • b98e2b0 Merge pull request #1251 from fluxcd/release-main
  • 2dfcb7c Prepare for release
  • dd6b016 Merge pull request #1253 from fluxcd/upgrade-k8s-36.2
  • 2d00796 Upgrade kubernetes to 1.36.2
  • 827f6c3 Merge pull request #1249 from fluxcd/upgrade-go-git-providers
  • be6d462 Upgrade go-git-providers and go-github
  • 023a357 Merge pull request #1248 from fluxcd/label-2.9
  • 7e8856d Add backport label for Flux 2.9
  • ae10469 Merge pull request #1246 from fluxcd/ks-always-subst
  • 2cd36cb kustomize: add tests for empty vars with strict sub and omitted without
  • Additional commits viewable in compare view

Updates github.com/minio/minio-go/v7 from 7.2.0 to 7.2.1

Commits

Updates github.com/onsi/gomega from 1.41.0 to 1.42.1

Release notes

Sourced from github.com/onsi/gomega's releases.

v1.42.1

1.42.1

Bump Dependencies

v1.42.0

1.42.0

Add a set of Claude skill as a marketplace plugin

Changelog

Sourced from github.com/onsi/gomega's changelog.

1.42.1

Bump Dependencies

1.42.0

Add a set of Claude skill as a marketplace plugin

Commits

Updates github.com/sigstore/cosign/v3 from 3.0.6 to 3.1.1

Release notes

Sourced from github.com/sigstore/cosign/v3's releases.

v3.1.1

What's Changed

Note: v3.1.0 was skipped due to a bug in our release pipeline. v3.1.1 is identical to v3.1.0

This release deprecates a number of flags related to verification material input for trust root material, as well as the bundle format, standardized across Sigstore SDKs, which is now the default output and input for signing and verifying respectively. You may continue to use the deprecated flags with Cosign v3.x releases. The deprecated flags will be removed in a future Cosign v4 release.

This release also updates the signing path for logging to Rekor v2. DSSE attestations will be logged as hashed entries, using the DSSE's pre-auth encoding (PAE). This should unblock developers who want to upload large signed DSSEs such as SBOMs.

Full Changelog: sigstore/cosign@v3.0.6...v3.1.1

Commits
  • 7914231 Fix build for Go version 1.26.3 (#4933)
  • d8e992a chore(deps): bump golang.org/x/crypto from 0.52.0 to 0.53.0 (#4929)
  • 305817b chore(deps): bump google.golang.org/api from 0.280.0 to 0.283.0 (#4925)
  • 09564f9 chore(deps): bump github.com/theupdateframework/go-tuf/v2 (#4926)
  • 702cbe0 chore(deps): bump golang in the all group across 1 directory
  • f3885a6 chore(deps): bump github.com/go-openapi/swag/conv in the gomod group
  • 76a5eec chore(deps): bump github.com/spiffe/go-spiffe/v2 from 2.6.0 to 2.7.0
  • df2a334 chore(deps): bump golang.org/x/term from 0.43.0 to 0.44.0
  • 2620da6 chore(deps): bump github.com/open-policy-agent/opa from 1.16.2 to 1.17.1
  • 282ff33 chore(deps): bump the actions group across 1 directory with 4 updates
  • Additional commits viewable in compare view

Updates github.com/sigstore/sigstore-go from 1.2.0 to 1.2.1

Release notes

Sourced from github.com/sigstore/sigstore-go's releases.

v1.2.1

What's Changed

v1.2.1 resolves GHSA-wqqc-jjcq-vfxm.

Full Changelog: sigstore/sigstore-go@v1.2.0...v1.2.1

Commits

Updates google.golang.org/api from 0.283.0 to 0.287.0

Release notes

Sourced from google.golang.org/api's releases.

v0.287.0

0.287.0 (2026-06-30)

Features

v0.286.0

0.286.0 (2026-06-22)

Features

v0.285.0

0.285.0 (2026-06-16)

Features

v0.284.0

0.284.0 (2026-06-09)

Features

Changelog

Sourced from google.golang.org/api's changelog.

0.287.0 (2026-06-30)

Features

0.286.0 (2026-06-22)

Features

0.285.0 (2026-06-16)

Features

0.284.0 (2026-06-09)

Features

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the go-deps group with 13 updates:

| Package | From | To |
| --- | --- | --- |
| [github.com/cyphar/filepath-securejoin](https://github.com/cyphar/filepath-securejoin) | `0.6.1` | `0.7.0` |
| [github.com/fluxcd/cli-utils](https://github.com/fluxcd/cli-utils) | `1.2.1` | `1.2.2` |
| [github.com/fluxcd/pkg/apis/event](https://github.com/fluxcd/pkg) | `0.27.0` | `0.28.0` |
| [github.com/fluxcd/pkg/apis/meta](https://github.com/fluxcd/pkg) | `1.30.0` | `1.31.0` |
| [github.com/fluxcd/pkg/artifact](https://github.com/fluxcd/pkg) | `0.18.0` | `0.19.0` |
| [github.com/fluxcd/pkg/auth](https://github.com/fluxcd/pkg) | `0.54.0` | `0.55.0` |
| [github.com/fluxcd/pkg/helmtestserver](https://github.com/fluxcd/pkg) | `0.40.0` | `0.41.0` |
| [github.com/fluxcd/pkg/runtime](https://github.com/fluxcd/pkg) | `0.110.0` | `0.111.0` |
| [github.com/minio/minio-go/v7](https://github.com/minio/minio-go) | `7.2.0` | `7.2.1` |
| [github.com/onsi/gomega](https://github.com/onsi/gomega) | `1.41.0` | `1.42.1` |
| [github.com/sigstore/cosign/v3](https://github.com/sigstore/cosign) | `3.0.6` | `3.1.1` |
| [github.com/sigstore/sigstore-go](https://github.com/sigstore/sigstore-go) | `1.2.0` | `1.2.1` |
| [google.golang.org/api](https://github.com/googleapis/google-api-go-client) | `0.283.0` | `0.287.0` |


Updates `github.com/cyphar/filepath-securejoin` from 0.6.1 to 0.7.0
- [Release notes](https://github.com/cyphar/filepath-securejoin/releases)
- [Changelog](https://github.com/cyphar/filepath-securejoin/blob/main/CHANGELOG.md)
- [Commits](cyphar/filepath-securejoin@v0.6.1...v0.7.0)

Updates `github.com/fluxcd/cli-utils` from 1.2.1 to 1.2.2
- [Release notes](https://github.com/fluxcd/cli-utils/releases)
- [Commits](fluxcd/cli-utils@v1.2.1...v1.2.2)

Updates `github.com/fluxcd/pkg/apis/event` from 0.27.0 to 0.28.0
- [Commits](fluxcd/pkg@git/v0.27.0...git/v0.28.0)

Updates `github.com/fluxcd/pkg/apis/meta` from 1.30.0 to 1.31.0
- [Commits](fluxcd/pkg@apis/meta/v1.30.0...apis/meta/v1.31.0)

Updates `github.com/fluxcd/pkg/artifact` from 0.18.0 to 0.19.0
- [Commits](fluxcd/pkg@git/v0.18.0...git/v0.19.0)

Updates `github.com/fluxcd/pkg/auth` from 0.54.0 to 0.55.0
- [Commits](fluxcd/pkg@oci/v0.54.0...oci/v0.55.0)

Updates `github.com/fluxcd/pkg/helmtestserver` from 0.40.0 to 0.41.0
- [Commits](fluxcd/pkg@git/v0.40.0...git/v0.41.0)

Updates `github.com/fluxcd/pkg/runtime` from 0.110.0 to 0.111.0
- [Commits](fluxcd/pkg@runtime/v0.110.0...runtime/v0.111.0)

Updates `github.com/minio/minio-go/v7` from 7.2.0 to 7.2.1
- [Release notes](https://github.com/minio/minio-go/releases)
- [Commits](minio/minio-go@v7.2.0...v7.2.1)

Updates `github.com/onsi/gomega` from 1.41.0 to 1.42.1
- [Release notes](https://github.com/onsi/gomega/releases)
- [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md)
- [Commits](onsi/gomega@v1.41.0...v1.42.1)

Updates `github.com/sigstore/cosign/v3` from 3.0.6 to 3.1.1
- [Release notes](https://github.com/sigstore/cosign/releases)
- [Changelog](https://github.com/sigstore/cosign/blob/main/CHANGELOG.md)
- [Commits](sigstore/cosign@v3.0.6...v3.1.1)

Updates `github.com/sigstore/sigstore-go` from 1.2.0 to 1.2.1
- [Release notes](https://github.com/sigstore/sigstore-go/releases)
- [Commits](sigstore/sigstore-go@v1.2.0...v1.2.1)

Updates `google.golang.org/api` from 0.283.0 to 0.287.0
- [Release notes](https://github.com/googleapis/google-api-go-client/releases)
- [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md)
- [Commits](googleapis/google-api-go-client@v0.283.0...v0.287.0)

---
updated-dependencies:
- dependency-name: github.com/cyphar/filepath-securejoin
  dependency-version: 0.7.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-deps
- dependency-name: github.com/fluxcd/cli-utils
  dependency-version: 1.2.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go-deps
- dependency-name: github.com/fluxcd/pkg/apis/event
  dependency-version: 0.28.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-deps
- dependency-name: github.com/fluxcd/pkg/apis/meta
  dependency-version: 1.31.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-deps
- dependency-name: github.com/fluxcd/pkg/artifact
  dependency-version: 0.19.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-deps
- dependency-name: github.com/fluxcd/pkg/auth
  dependency-version: 0.55.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-deps
- dependency-name: github.com/fluxcd/pkg/helmtestserver
  dependency-version: 0.41.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-deps
- dependency-name: github.com/fluxcd/pkg/runtime
  dependency-version: 0.111.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-deps
- dependency-name: github.com/minio/minio-go/v7
  dependency-version: 7.2.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go-deps
- dependency-name: github.com/onsi/gomega
  dependency-version: 1.42.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-deps
- dependency-name: github.com/sigstore/cosign/v3
  dependency-version: 3.1.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-deps
- dependency-name: github.com/sigstore/sigstore-go
  dependency-version: 1.2.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go-deps
- dependency-name: google.golang.org/api
  dependency-version: 0.287.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-deps
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added the dependencies Pull requests that update a dependency label Jul 1, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants