witchcraze
03d6399b0c
fix: update erlang classifier ( #4766 )
...
Signed-off-by: witchcraze <witchcraze@gmail.com>
2026-04-13 11:31:19 -04:00
anchore-oss-update-bot
1e08f703d0
chore(deps): update CPE dictionary index ( #4767 )
...
Signed-off-by: anchore-oss-update-bot <anchore-oss-update-bot@users.noreply.github.com>
Co-authored-by: anchore-oss-update-bot <anchore-oss-update-bot@users.noreply.github.com>
2026-04-13 11:28:50 -04:00
witchcraze
e420322494
fix: more istio classifier matching ( #4645 )
...
Signed-off-by: witchcraze <witchcraze@gmail.com>
2026-04-12 10:54:08 -04:00
Benjamin Grandfond
cc3b8eb48f
fix(json): use value alias in Document.UnmarshalJSON to prevent infinite recursion with encoding/json/v2 ( #4748 )
...
The pattern 'type Alias *Document' does not strip methods under
encoding/json/v2 (GOEXPERIMENT=jsonv2), causing UnmarshalJSON to call
itself infinitely until the goroutine stack overflows (1GB limit).
Change to 'type Alias Document' with (*Alias)(d) cast — the standard
Go pattern that works correctly with both encoding/json v1 and v2.
Adds a regression test that uses debug.SetMaxStack to shrink the
goroutine stack limit to 8MB, making the overflow happen in milliseconds
rather than minutes if the recursion is reintroduced.
Ref: https://github.com/golang/go/issues/75361
Signed-off-by: Benjamin Grandfond <benjamin.grandfond@docker.com>
2026-04-10 13:36:07 -04:00
Alex Goodman
d0ee9098cf
bump version ( #4756 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2026-04-09 21:11:47 +00:00
Alex Goodman
344d1f47a1
support single arch images without manifests when checking platform ( #4753 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2026-04-09 15:54:41 +00:00
anchore-oss-update-bot
f618917527
chore(deps): update CPE dictionary index ( #4745 )
...
Signed-off-by: anchore-oss-update-bot <anchore-oss-update-bot@users.noreply.github.com>
Co-authored-by: anchore-oss-update-bot <anchore-oss-update-bot@users.noreply.github.com>
2026-04-08 13:06:28 -04:00
Will Murphy
99158be0ba
chore: move test fixtures to oss-cache repo ( #4733 )
...
* chore: move test fixtures to oss-cache repo
Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com>
* pr feedback: sort vars in taskfile
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com>
---------
Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
2026-04-02 20:50:43 +00:00
Alex Goodman
2089d086fe
chore: update zizmor workflow triggers ( #4732 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2026-04-02 14:56:46 -04:00
Alex Goodman
b0dc65a4fb
improve automation ( #4730 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2026-04-02 12:44:54 -04:00
Alex Goodman
611a24fcae
(chore): removing automations ( #4727 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2026-04-01 14:27:29 -04:00
anchore-oss-update-bot
da601363ed
chore(deps): update CPE dictionary index ( #4726 )
...
Signed-off-by: anchore-oss-update-bot <anchore-oss-update-bot@users.noreply.github.com>
Co-authored-by: anchore-oss-update-bot <anchore-oss-update-bot@users.noreply.github.com>
2026-04-01 10:24:27 -04:00
Will Murphy
0d748ec700
chore: cpe index update job needs tools ( #4725 )
...
Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com>
2026-04-01 09:35:17 -04:00
Will Murphy
d60e43f822
chore: move CPE cache to oss-cache repo ( #4723 )
...
Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com>
2026-04-01 06:57:47 -04:00
anchore-actions-token-generator[bot]
2884cc77fc
chore(deps): update CPE dictionary index ( #4715 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: wagoodman <590471+wagoodman@users.noreply.github.com>
2026-03-31 14:28:15 -04:00
anchore-oss-update-bot
c11a79ef19
chore(deps): update tool versions ( #4706 )
...
Signed-off-by: anchore-oss-update-bot <anchore-oss-update-bot@users.noreply.github.com>
Co-authored-by: anchore-oss-update-bot <anchore-oss-update-bot@users.noreply.github.com>
2026-03-31 14:06:07 -04:00
Josh Bressers
90198da04d
Add a trust boundary section ( #4716 )
...
Signed-off-by: Josh Bressers <josh@bress.net>
2026-03-30 11:29:37 -05:00
dependabot[bot]
d71b747cd1
chore(deps): bump slackapi/slack-github-action from 2.1.1 to 3.0.1 ( #4684 )
...
Bumps [slackapi/slack-github-action](https://github.com/slackapi/slack-github-action ) from 2.1.1 to 3.0.1.
- [Release notes](https://github.com/slackapi/slack-github-action/releases )
- [Commits](91efab103c...af78098f53
2026-03-26 11:12:33 -04:00
dependabot[bot]
58a8a95e26
chore(deps): bump marocchino/sticky-pull-request-comment ( #4685 )
...
Bumps [marocchino/sticky-pull-request-comment](https://github.com/marocchino/sticky-pull-request-comment ) from 2.9.4 to 3.0.2.
- [Release notes](https://github.com/marocchino/sticky-pull-request-comment/releases )
- [Commits](773744901b...70d2764d1a
2026-03-25 19:27:59 -04:00
dependabot[bot]
78a21b9c88
chore(deps): bump the go-minor-patch group with 2 updates ( #4697 )
...
Bumps the go-minor-patch group with 2 updates: [github.com/gkampitakis/go-snaps](https://github.com/gkampitakis/go-snaps ) and [modernc.org/sqlite](https://gitlab.com/cznic/sqlite ).
Updates `github.com/gkampitakis/go-snaps` from 0.5.20 to 0.5.21
- [Release notes](https://github.com/gkampitakis/go-snaps/releases )
- [Commits](https://github.com/gkampitakis/go-snaps/compare/v0.5.20...v0.5.21 )
Updates `modernc.org/sqlite` from 1.46.1 to 1.46.2
- [Changelog](https://gitlab.com/cznic/sqlite/blob/master/CHANGELOG.md )
- [Commits](https://gitlab.com/cznic/sqlite/compare/v1.46.1...v1.46.2 )
---
updated-dependencies:
- dependency-name: github.com/gkampitakis/go-snaps
dependency-version: 0.5.21
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: go-minor-patch
- dependency-name: modernc.org/sqlite
dependency-version: 1.46.2
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: go-minor-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-03-25 19:27:50 -04:00
dependabot[bot]
7d3882a425
chore(deps): bump actions/create-github-app-token from 2.2.1 to 3.0.0 ( #4699 )
...
Bumps [actions/create-github-app-token](https://github.com/actions/create-github-app-token ) from 2.2.1 to 3.0.0.
- [Release notes](https://github.com/actions/create-github-app-token/releases )
- [Commits](29824e69f5...f8d387b68d
2026-03-25 19:27:31 -04:00
anchore-actions-token-generator[bot]
673c85754c
chore(deps): update CPE dictionary index ( #4689 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: wagoodman <590471+wagoodman@users.noreply.github.com>
2026-03-25 08:38:49 -04:00
Will Murphy
c5114fd745
chore(deps): ignore some dependabot deps ( #4696 )
...
Prevent some packages from being updated.
Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com>
2026-03-24 08:12:50 -04:00
Weston Steimel
f68a7cc899
ci: further pr target code checkout assurances ( #4695 )
...
Signed-off-by: Weston Steimel <author@code.w.steimel.me.uk>
2026-03-24 07:16:16 -04:00
witchcraze
7800b16529
fix: update arangodb classifier and capture-snippet.sh ( #4662 )
...
Signed-off-by: witchcraze <witchcraze@gmail.com>
2026-03-23 16:29:39 -04:00
Keith Zantow
834ddcb1c0
fix: golang version file regex ( #4694 )
...
Signed-off-by: Keith Zantow <kzantow@gmail.com>
2026-03-23 15:56:29 -04:00
Weston Steimel
f5d318d934
ci: add explicit ref to main and warning for pull_request_target workflow ( #4693 )
...
Signed-off-by: Weston Steimel <author@code.w.steimel.me.uk>
2026-03-23 16:45:18 +00:00
anchore-actions-token-generator[bot]
8531e1917b
chore(deps): update tools to latest versions ( #4690 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com>
2026-03-23 12:01:27 -04:00
anchore-actions-token-generator[bot]
860126c650
chore(deps): update anchore dependencies ( #4681 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: willmurphyscode <12529630+willmurphyscode@users.noreply.github.com>
2026-03-19 16:44:55 +00:00
Will Murphy
36639f136b
chore(deps): bump github.com/buger/jsonsparser to v1.1.2 ( #4680 )
...
Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com>
2026-03-19 15:08:18 +00:00
dependabot[bot]
f32238c268
chore(deps): bump the go-minor-patch group with 2 updates ( #4678 )
...
Bumps the go-minor-patch group with 2 updates: [golang.org/x/net](https://github.com/golang/net ) and [golang.org/x/tools](https://github.com/golang/tools ).
Updates `golang.org/x/net` from 0.51.0 to 0.52.0
- [Commits](https://github.com/golang/net/compare/v0.51.0...v0.52.0 )
Updates `golang.org/x/tools` from 0.42.0 to 0.43.0
- [Release notes](https://github.com/golang/tools/releases )
- [Commits](https://github.com/golang/tools/compare/v0.42.0...v0.43.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/net
dependency-version: 0.52.0
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: go-minor-patch
- dependency-name: golang.org/x/tools
dependency-version: 0.43.0
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: go-minor-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-03-19 10:25:19 -04:00
dependabot[bot]
0c8eef65f0
chore(deps): bump google.golang.org/grpc from 1.78.0 to 1.79.3 ( #4675 )
...
Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go ) from 1.78.0 to 1.79.3.
- [Release notes](https://github.com/grpc/grpc-go/releases )
- [Commits](https://github.com/grpc/grpc-go/compare/v1.78.0...v1.79.3 )
---
updated-dependencies:
- dependency-name: google.golang.org/grpc
dependency-version: 1.79.3
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-03-18 16:55:30 -04:00
dependabot[bot]
4d42f8af32
chore(deps): bump the go-minor-patch group with 2 updates ( #4674 )
...
Bumps the go-minor-patch group with 2 updates: [github.com/hashicorp/go-getter](https://github.com/hashicorp/go-getter ) and [golang.org/x/mod](https://github.com/golang/mod ).
Updates `github.com/hashicorp/go-getter` from 1.8.4 to 1.8.5
- [Release notes](https://github.com/hashicorp/go-getter/releases )
- [Commits](https://github.com/hashicorp/go-getter/compare/v1.8.4...v1.8.5 )
Updates `golang.org/x/mod` from 0.33.0 to 0.34.0
- [Commits](https://github.com/golang/mod/compare/v0.33.0...v0.34.0 )
---
updated-dependencies:
- dependency-name: github.com/hashicorp/go-getter
dependency-version: 1.8.5
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: go-minor-patch
- dependency-name: golang.org/x/mod
dependency-version: 0.34.0
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: go-minor-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-03-18 16:13:35 -04:00
Will Murphy
e38851143e
chore: centralize temp files and prefer streaming IO ( #4668 )
...
* chore: centralize temp files and prefer streaming IO
Catalogers that create temp files ad-hoc can easily forget cleanup,
leaking files on disk. Similarly, io.ReadAll is convenient but risks
OOM on large or malicious inputs.
Introduce internal/tmpdir to manage all cataloger temp storage under
a single root directory with automatic cleanup. Prefer streaming
parsers (bufio.Scanner, json/yaml.NewDecoder, io.LimitReader) over
buffering entire inputs into memory. Add ruleguard rules to enforce
both practices going forward.
Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com>
* chore: go back to old release parsing
Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com>
* simplify to limit reader in version check
Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com>
* chore: regex change postponed
Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com>
* simplify supplement release to limitreader
Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com>
---------
Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com>
2026-03-18 10:53:51 -04:00
anchore-actions-token-generator[bot]
a3dacf5ecd
chore(deps): update tools to latest versions ( #4663 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com>
2026-03-16 11:26:06 -04:00
dependabot[bot]
cccc9bf7f9
chore(deps): bump the go-minor-patch group with 3 updates ( #4669 )
...
Bumps the go-minor-patch group with 3 updates: [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry ), [github.com/olekukonko/tablewriter](https://github.com/olekukonko/tablewriter ) and [golang.org/x/time](https://github.com/golang/time ).
Updates `github.com/google/go-containerregistry` from 0.21.1 to 0.21.2
- [Release notes](https://github.com/google/go-containerregistry/releases )
- [Commits](https://github.com/google/go-containerregistry/compare/v0.21.1...v0.21.2 )
Updates `github.com/olekukonko/tablewriter` from 1.1.3 to 1.1.4
- [Release notes](https://github.com/olekukonko/tablewriter/releases )
- [Commits](https://github.com/olekukonko/tablewriter/compare/v1.1.3...v1.1.4 )
Updates `golang.org/x/time` from 0.14.0 to 0.15.0
- [Commits](https://github.com/golang/time/compare/v0.14.0...v0.15.0 )
---
updated-dependencies:
- dependency-name: github.com/google/go-containerregistry
dependency-version: 0.21.2
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: go-minor-patch
- dependency-name: github.com/olekukonko/tablewriter
dependency-version: 1.1.4
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: go-minor-patch
- dependency-name: golang.org/x/time
dependency-version: 0.15.0
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: go-minor-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-03-16 11:25:41 -04:00
dependabot[bot]
59f7725d0d
chore(deps): bump github/codeql-action ( #4670 )
...
Bumps the actions-minor-patch group with 1 update in the / directory: [github/codeql-action](https://github.com/github/codeql-action ).
Updates `github/codeql-action` from 4.32.3 to 4.32.6
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](9e907b5e64...0d579ffd05
2026-03-16 11:25:27 -04:00
dependabot[bot]
7a6b1575ae
chore(deps): bump docker/login-action from 3.7.0 to 4.0.0 ( #4671 )
...
Bumps [docker/login-action](https://github.com/docker/login-action ) from 3.7.0 to 4.0.0.
- [Release notes](https://github.com/docker/login-action/releases )
- [Commits](c94ce9fb46...b45d80f862
2026-03-16 11:25:16 -04:00
anchore-actions-token-generator[bot]
92a6b36e89
chore(deps): update CPE dictionary index ( #4673 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: wagoodman <590471+wagoodman@users.noreply.github.com>
2026-03-16 11:25:05 -04:00
Will Murphy
7158535fe6
chore(tests): fix test fixture build on modern ARM Mac ( #4666 )
...
BUILDPLATFORM is automatically set to the host's platform in new Docker,
so having it defined as an arg results in it being overridden by this
automatic value. Since it was always assigned to a literal string in the
test files, just use that string.
Additionally, image platform is better pulled from the manifest, not the
image config, in containerd store, so try that first.
Additionally, python3 is on PATH on new macs by default, but not python.
Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com>
2026-03-11 09:37:40 -04:00
anchore-actions-token-generator[bot]
75455f050a
chore(deps): update anchore dependencies ( #4631 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: willmurphyscode <12529630+willmurphyscode@users.noreply.github.com>
2026-03-09 18:10:53 +00:00
anchore-actions-token-generator[bot]
22e78c7be1
chore(deps): update tools to latest versions ( #4630 )
...
* chore(deps): update tools to latest versions
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
* chore(lint): fix errors in new golangci-lint
Two fixes:
First, replace sb.WriteString(fmt.Sprintf(...)) with fmt.Fprintf(&sb, ...)
Second, suppress errors where we read from the local file system at a
user provided path. This is a CLI tool, and reads from user provided
paths on the local file system by design.
Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com>
---------
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com>
Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com>
Co-authored-by: Will Murphy <willmurphyscode@users.noreply.github.com>
2026-03-09 12:17:09 -04:00
anchore-actions-token-generator[bot]
d2461a9e0a
chore(deps): update SPDX license list ( #4637 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: wagoodman <590471+wagoodman@users.noreply.github.com>
2026-03-09 11:02:47 -04:00
dependabot[bot]
01f0e332c2
chore(deps): bump actions/download-artifact from 7.0.0 to 8.0.0 ( #4658 )
...
Bumps [actions/download-artifact](https://github.com/actions/download-artifact ) from 7.0.0 to 8.0.0.
- [Release notes](https://github.com/actions/download-artifact/releases )
- [Commits](37930b1c2a...70fc10c6e5
2026-03-09 10:37:33 -04:00
dependabot[bot]
c88051d74e
chore(deps): bump github.com/cloudflare/circl from 1.6.1 to 1.6.3 ( #4638 )
...
Bumps [github.com/cloudflare/circl](https://github.com/cloudflare/circl ) from 1.6.1 to 1.6.3.
- [Release notes](https://github.com/cloudflare/circl/releases )
- [Commits](https://github.com/cloudflare/circl/compare/v1.6.1...v1.6.3 )
---
updated-dependencies:
- dependency-name: github.com/cloudflare/circl
dependency-version: 1.6.3
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-03-09 10:34:11 -04:00
dependabot[bot]
7d3d1c6237
chore(deps): bump the actions-minor-patch group across 2 directories with 2 updates ( #4657 )
...
Bumps the actions-minor-patch group with 2 updates in the / directory: [actions/setup-go](https://github.com/actions/setup-go ) and [anchore/sbom-action](https://github.com/anchore/sbom-action ).
Bumps the actions-minor-patch group with 1 update in the /.github/actions/bootstrap directory: [actions/setup-go](https://github.com/actions/setup-go ).
Updates `actions/setup-go` from 6.2.0 to 6.3.0
- [Release notes](https://github.com/actions/setup-go/releases )
- [Commits](7a3fe6cf4c...4b73464bb3https://github.com/anchore/sbom-action/releases )
- [Changelog](https://github.com/anchore/sbom-action/blob/main/RELEASE.md )
- [Commits](28d71544de...17ae174017https://github.com/actions/setup-go/releases )
- [Commits](7a3fe6cf4c...4b73464bb3
2026-03-09 10:33:14 -04:00
dependabot[bot]
dcba765d86
chore(deps): bump actions/upload-artifact from 6.0.0 to 7.0.0 ( #4659 )
...
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact ) from 6.0.0 to 7.0.0.
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](b7c566a772...bbbca2ddaa
2026-03-09 10:32:22 -04:00
dependabot[bot]
2c201469c3
chore(deps): bump go.opentelemetry.io/otel/sdk from 1.39.0 to 1.40.0 ( #4646 )
...
Bumps [go.opentelemetry.io/otel/sdk](https://github.com/open-telemetry/opentelemetry-go ) from 1.39.0 to 1.40.0.
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases )
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md )
- [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.39.0...v1.40.0 )
---
updated-dependencies:
- dependency-name: go.opentelemetry.io/otel/sdk
dependency-version: 1.40.0
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-03-09 10:29:46 -04:00
anchore-actions-token-generator[bot]
c583da1c15
chore(deps): update CPE dictionary index ( #4647 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: wagoodman <590471+wagoodman@users.noreply.github.com>
2026-03-09 10:26:42 -04:00
dependabot[bot]
22014b6022
chore(deps): bump the go-minor-patch group across 1 directory with 5 updates ( #4661 )
...
Bumps the go-minor-patch group with 5 updates in the / directory:
| Package | From | To |
| --- | --- | --- |
| [github.com/github/go-spdx/v2](https://github.com/github/go-spdx ) | `2.3.6` | `2.4.0` |
| [github.com/go-git/go-billy/v5](https://github.com/go-git/go-billy ) | `5.7.0` | `5.8.0` |
| [github.com/go-git/go-git/v5](https://github.com/go-git/go-git ) | `5.16.5` | `5.17.0` |
| [golang.org/x/net](https://github.com/golang/net ) | `0.50.0` | `0.51.0` |
| [modernc.org/sqlite](https://gitlab.com/cznic/sqlite ) | `1.45.0` | `1.46.1` |
Updates `github.com/github/go-spdx/v2` from 2.3.6 to 2.4.0
- [Release notes](https://github.com/github/go-spdx/releases )
- [Commits](https://github.com/github/go-spdx/compare/v2.3.6...v2.4.0 )
Updates `github.com/go-git/go-billy/v5` from 5.7.0 to 5.8.0
- [Release notes](https://github.com/go-git/go-billy/releases )
- [Commits](https://github.com/go-git/go-billy/compare/v5.7.0...v5.8.0 )
Updates `github.com/go-git/go-git/v5` from 5.16.5 to 5.17.0
- [Release notes](https://github.com/go-git/go-git/releases )
- [Commits](https://github.com/go-git/go-git/compare/v5.16.5...v5.17.0 )
Updates `golang.org/x/net` from 0.50.0 to 0.51.0
- [Commits](https://github.com/golang/net/compare/v0.50.0...v0.51.0 )
Updates `modernc.org/sqlite` from 1.45.0 to 1.46.1
- [Changelog](https://gitlab.com/cznic/sqlite/blob/master/CHANGELOG.md )
- [Commits](https://gitlab.com/cznic/sqlite/compare/v1.45.0...v1.46.1 )
---
updated-dependencies:
- dependency-name: github.com/github/go-spdx/v2
dependency-version: 2.4.0
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: go-minor-patch
- dependency-name: github.com/go-git/go-billy/v5
dependency-version: 5.8.0
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: go-minor-patch
- dependency-name: github.com/go-git/go-git/v5
dependency-version: 5.17.0
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: go-minor-patch
- dependency-name: golang.org/x/net
dependency-version: 0.51.0
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: go-minor-patch
- dependency-name: modernc.org/sqlite
dependency-version: 1.46.1
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: go-minor-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-03-09 10:20:06 -04:00
