Skip to content

chore(deps): bump the all-dependencies group with 9 updates #2037

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

chore(deps): bump the all-dependencies group with 9 updates #2037

wants to merge 1 commit into from
+53 −47

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Sep 1, 2025
edited
Loading

Bumps the all-dependencies group with 9 updates:

Package From To
github.com/containers/image/v5 5.36.0 5.36.1
github.com/docker/cli 28.3.2+incompatible 28.3.3+incompatible
github.com/docker/docker 28.3.2+incompatible 28.3.3+incompatible
github.com/docker/go-connections 0.5.0 0.6.0
github.com/onsi/ginkgo/v2 2.23.4 2.25.2
github.com/onsi/gomega 1.38.0 1.38.2
github.com/stretchr/testify 1.10.0 1.11.1
golang.org/x/crypto 0.40.0 0.41.0
golang.org/x/term 0.33.0 0.34.0

Updates github.com/containers/image/v5 from 5.36.0 to 5.36.1

Release notes

Sourced from github.com/containers/image/v5's releases.

v5.36.1

What's Changed

Full Changelog: containers/image@v5.36.0...v5.36.1

Commits
  • f6ca2da [release-5.36] Bump to c/image v5.36.1
  • d18da19 [release-5.36] Bump c/storage to v1.59.1
  • ae0c9f3 Merge pull request #2913 from TomSweeneyRedHat/dev/tsweeney/cherrypick2907
  • 40d1027 [release-5.36] Update the CI image, to match Skopeo's updated test code
  • See full diff in compare view

Updates github.com/docker/cli from 28.3.2+incompatible to 28.3.3+incompatible

Commits
  • 980b856 Merge pull request #6183 from thaJeztah/diff_simplify
  • 9c25614 Merge pull request #6181 from thaJeztah/fork_readCloserWrapper
  • bc01f84 Merge pull request #6182 from thaJeztah/fork_longpath
  • ea2a0c3 Merge pull request #6177 from thaJeztah/rm_aliases
  • 3d98579 cli/command: remove some redundant import-aliases
  • f5f3b02 Merge pull request #6178 from thaJeztah/bump_dev_tools
  • 143f361 Merge pull request #6179 from thaJeztah/bump_gotestsum
  • d7181e4 Merge pull request #6185 from thaJeztah/alpine_doc
  • 8b6436e Dockerfile: document ALPINE_VERSION build-arg
  • 7d574b8 Merge pull request #6180 from thaJeztah/truncate_id
  • Additional commits viewable in compare view

Updates github.com/docker/docker from 28.3.2+incompatible to 28.3.3+incompatible

Release notes

Sourced from github.com/docker/docker's releases.

v28.3.3

28.3.3

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

Security

This release fixes an issue where, after a firewalld reload, published container ports could be accessed directly from the local network, even when they were intended to be accessible only via a loopback address. CVE-2025-54388 / GHSA-x4rx-4gw3-53p4 / moby/moby#50506.

Packaging updates

Go SDK

  • cli/command/formatter: add TrunateID() utility as alternative for github.com/docker/docker/pkg/stringid.TrunateID(). docker/cli#6180
Commits
  • bea959c Merge pull request #50506 from robmry/backport-28.x/fix_firewalld_reload
  • 3e9ff78 bridge: Reapply endpoint iptables rules on firewalld reload
  • 29ed80a bridge: Trigger firewalld reload during bridge integration tests
  • da489a1 Merge pull request #50478 from thaJeztah/28.x_backport_gha_bump_bk
  • f173e45 Merge pull request #50480 from austinvazquez/cherry-pick-ea29dffaa541289591aa...
  • e4b1f89 daemon/server: remove compatibility with API v1.4 auth-config on push
  • 0c9e14d hack/buildkit-ref: temporarily bump BuildKit to head of v0.23 branch
  • bf6d688 Merge pull request #50471 from austinvazquez/cherry-pick-b1ce0c89f0214cc6711c...
  • 4205776 client: always send (empty) body on push
  • See full diff in compare view

Updates github.com/docker/go-connections from 0.5.0 to 0.6.0

Commits
  • 42faf79 Merge pull request #138 from thaJeztah/sockets_move_unix_options
  • 9ffab7e sockets: make NewUnixSocket, WithChown, WithChmod unix-only
  • 6bb1d15 Merge pull request #135 from thaJeztah/rename_test_files
  • b6c843d sockets: rename files to be considered test files
  • 80898b6 Merge pull request #133 from thaJeztah/deprecate_socket_dialpipe
  • a4399e5 socket: deprecate DialPipe
  • b071e04 Merge pull request #128 from thaJeztah/remove_old_cyphers
  • 578bfde Merge pull request #132 from thaJeztah/optimize_ParsePortSpec
  • deccd71 tlsconfig: align client and server defaults, remove weak CBC ciphers
  • 30b91c8 nat: ParsePortSpec: combine some conditions
  • Additional commits viewable in compare view

Updates github.com/onsi/ginkgo/v2 from 2.23.4 to 2.25.2

Release notes

Sourced from github.com/onsi/ginkgo/v2's releases.

v2.25.2

2.25.2

Fixes

Add github output group for progress report content

Maintenance

Bump Gomega

v2.25.1

2.25.1

Fixes

  • fix(types): ignore nameless nodes on FullText() [10866d3]
  • chore: fix some CodeQL warnings [2e42cff]

v2.25.0

2.25.0

AroundNode

This release introduces a new decorator to support more complex spec setup usecases.

AroundNode registers a function that runs before each individual node. This is considered a more advanced decorator.

Please read the docs for more information and some examples.

Allowed signatures:

  • AroundNode(func()) - func will be called before the node is run.
  • AroundNode(func(ctx context.Context) context.Context) - func can wrap the passed in context and return a new one which will be passed on to the node.
  • AroundNode(func(ctx context.Context, body func(ctx context.Context))) - ctx is the context for the node and body is a function that must be called to run the node. This gives you complete control over what runs before and after the node.

Multiple AroundNode decorators can be applied to a single node and they will run in the order they are applied.

Unlike setup nodes like BeforeEach and DeferCleanup, AroundNode is guaranteed to run in the same goroutine as the decorated node. This is necessary when working with lower-level libraries that must run on a single thread (you can call runtime.LockOSThread() in the AroundNode to ensure that the node runs on a single thread).

Since AroundNode allows you to modify the context you can also use AroundNode to implement shared setup that attaches values to the context.

If applied to a container, AroundNode will run before every node in the container. Including setup nodes like BeforeEach and DeferCleanup.

AroundNode can also be applied to RunSpecs to run before every node in the suite. This opens up new mechanisms for instrumenting individual nodes across an entire suite.

v2.24.0

2.24.0

Features

Specs can now be decorated with (e.g.) SemVerConstraint("2.1.0") and ginkgo --sem-ver-filter="2.1.1" will only run constrained specs that match the requested version. Learn more in the docs here! Thanks to @​Icarus9913 for the PR.

... (truncated)

Changelog

Sourced from github.com/onsi/ginkgo/v2's changelog.

2.25.2

Fixes

Add github output group for progress report content

Maintenance

Bump Gomega

2.25.1

Fixes

  • fix(types): ignore nameless nodes on FullText() [10866d3]
  • chore: fix some CodeQL warnings [2e42cff]

2.25.0

AroundNode

This release introduces a new decorator to support more complex spec setup usecases.

AroundNode registers a function that runs before each individual node. This is considered a more advanced decorator.

Please read the docs for more information and some examples.

Allowed signatures:

  • AroundNode(func()) - func will be called before the node is run.
  • AroundNode(func(ctx context.Context) context.Context) - func can wrap the passed in context and return a new one which will be passed on to the node.
  • AroundNode(func(ctx context.Context, body func(ctx context.Context))) - ctx is the context for the node and body is a function that must be called to run the node. This gives you complete control over what runs before and after the node.

Multiple AroundNode decorators can be applied to a single node and they will run in the order they are applied.

Unlike setup nodes like BeforeEach and DeferCleanup, AroundNode is guaranteed to run in the same goroutine as the decorated node. This is necessary when working with lower-level libraries that must run on a single thread (you can call runtime.LockOSThread() in the AroundNode to ensure that the node runs on a single thread).

Since AroundNode allows you to modify the context you can also use AroundNode to implement shared setup that attaches values to the context.

If applied to a container, AroundNode will run before every node in the container. Including setup nodes like BeforeEach and DeferCleanup.

AroundNode can also be applied to RunSpecs to run before every node in the suite. This opens up new mechanisms for instrumenting individual nodes across an entire suite.

2.24.0

Features

Specs can now be decorated with (e.g.) SemVerConstraint("2.1.0") and ginkgo --sem-ver-filter="2.1.1" will only run constrained specs that match the requested version. Learn more in the docs here! Thanks to @​Icarus9913 for the PR.

Fixes

  • remove -o from run command [3f5d379]. fixes #1582

... (truncated)

Commits

Updates github.com/onsi/gomega from 1.38.0 to 1.38.2

Release notes

Sourced from github.com/onsi/gomega's releases.

v1.38.2

1.38.2

  • roll back to go 1.23.0 [c404969]

v1.38.1

1.38.1

Fixes

Numerous minor fixes and dependency bumps

Changelog

Sourced from github.com/onsi/gomega's changelog.

1.38.2

  • roll back to go 1.23.0 [c404969]

1.38.1

Fixes

Numerous minor fixes and dependency bumps

Commits

Updates github.com/stretchr/testify from 1.10.0 to 1.11.1

Release notes

Sourced from github.com/stretchr/testify's releases.

v1.11.1

This release fixes #1785 introduced in v1.11.0 where expected argument values implementing the stringer interface (String() string) with a method which mutates their value, when passed to mock.Mock.On (m.On("Method", <expected>).Return()) or actual argument values passed to mock.Mock.Called may no longer match one another where they previously did match. The behaviour prior to v1.11.0 where the stringer is always called is restored. Future testify releases may not call the stringer method at all in this case.

What's Changed

Full Changelog: stretchr/testify@v1.11.0...v1.11.1

v1.11.0

What's Changed

Functional Changes

v1.11.0 Includes a number of performance improvements.

Fixes

Documentation, Build & CI

... (truncated)

Commits
  • 2a57335 Merge pull request #1788 from brackendawson/1785-backport-1.11
  • af8c912 Backport #1786 to release/1.11
  • b7801fb Merge pull request #1778 from stretchr/dependabot/github_actions/actions/chec...
  • 69831f3 build(deps): bump actions/checkout from 4 to 5
  • a53be35 Improve captureTestingT helper
  • aafb604 mock: improve formatting of error message
  • 7218e03 improve error msg
  • 929a212 Merge pull request #1758 from stretchr/dolmen/suite-faster-method-filtering
  • bc7459e suite: faster filtering of methods (-testify.m)
  • 7d37b5c suite: refactor methodFilter
  • Additional commits viewable in compare view

Updates golang.org/x/crypto from 0.40.0 to 0.41.0

Commits
  • ef5341b go.mod: update golang.org/x dependencies
  • b999374 acme: fix pebble subprocess output data race
  • c247dea x509roots/fallback: store bundle certs directly in DER
  • 1fda731 acme: increase pebble test waitForServer attempts
  • 1b4c3d2 x509roots/fallback: update bundle
  • b903b53 acme: capture pebble test subprocess stdout/stderr
  • See full diff in compare view

Updates golang.org/x/term from 0.33.0 to 0.34.0

Commits
  • a35244d go.mod: update golang.org/x dependencies
  • 4f53e0c term: allow multi-line bracketed paste to not create single line with verbati...
  • 27f29d8 term: remove duplicate flag and add comment on windows
  • See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
chore(deps): bump the all-dependencies group with 9 updates
a54275a 
Bumps the all-dependencies group with 9 updates:

| Package | From | To |
| --- | --- | --- |
| [github.com/containers/image/v5](https://github.com/containers/image) | `5.36.0` | `5.36.1` |
| [github.com/docker/cli](https://github.com/docker/cli) | `28.3.2+incompatible` | `28.3.3+incompatible` |
| [github.com/docker/docker](https://github.com/docker/docker) | `28.3.2+incompatible` | `28.3.3+incompatible` |
| [github.com/docker/go-connections](https://github.com/docker/go-connections) | `0.5.0` | `0.6.0` |
| [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo) | `2.23.4` | `2.25.2` |
| [github.com/onsi/gomega](https://github.com/onsi/gomega) | `1.38.0` | `1.38.2` |
| [github.com/stretchr/testify](https://github.com/stretchr/testify) | `1.10.0` | `1.11.1` |
| [golang.org/x/crypto](https://github.com/golang/crypto) | `0.40.0` | `0.41.0` |
| [golang.org/x/term](https://github.com/golang/term) | `0.33.0` | `0.34.0` |


Updates `github.com/containers/image/v5` from 5.36.0 to 5.36.1
- [Release notes](https://github.com/containers/image/releases)
- [Commits](containers/image@v5.36.0...v5.36.1)

Updates `github.com/docker/cli` from 28.3.2+incompatible to 28.3.3+incompatible
- [Commits](docker/cli@v28.3.2...v28.3.3)

Updates `github.com/docker/docker` from 28.3.2+incompatible to 28.3.3+incompatible
- [Release notes](https://github.com/docker/docker/releases)
- [Commits](moby/moby@v28.3.2...v28.3.3)

Updates `github.com/docker/go-connections` from 0.5.0 to 0.6.0
- [Commits](docker/go-connections@v0.5.0...v0.6.0)

Updates `github.com/onsi/ginkgo/v2` from 2.23.4 to 2.25.2
- [Release notes](https://github.com/onsi/ginkgo/releases)
- [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md)
- [Commits](onsi/ginkgo@v2.23.4...v2.25.2)

Updates `github.com/onsi/gomega` from 1.38.0 to 1.38.2
- [Release notes](https://github.com/onsi/gomega/releases)
- [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md)
- [Commits](onsi/gomega@v1.38.0...v1.38.2)

Updates `github.com/stretchr/testify` from 1.10.0 to 1.11.1
- [Release notes](https://github.com/stretchr/testify/releases)
- [Commits](stretchr/testify@v1.10.0...v1.11.1)

Updates `golang.org/x/crypto` from 0.40.0 to 0.41.0
- [Commits](golang/crypto@v0.40.0...v0.41.0)

Updates `golang.org/x/term` from 0.33.0 to 0.34.0
- [Commits](golang/term@v0.33.0...v0.34.0)

---
updated-dependencies:
- dependency-name: github.com/containers/image/v5
  dependency-version: 5.36.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all-dependencies
- dependency-name: github.com/docker/cli
  dependency-version: 28.3.3+incompatible
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all-dependencies
- dependency-name: github.com/docker/docker
  dependency-version: 28.3.3+incompatible
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all-dependencies
- dependency-name: github.com/docker/go-connections
  dependency-version: 0.6.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-dependencies
- dependency-name: github.com/onsi/ginkgo/v2
  dependency-version: 2.25.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-dependencies
- dependency-name: github.com/onsi/gomega
  dependency-version: 1.38.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all-dependencies
- dependency-name: github.com/stretchr/testify
  dependency-version: 1.11.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-dependencies
- dependency-name: golang.org/x/crypto
  dependency-version: 0.41.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-dependencies
- dependency-name: golang.org/x/term
  dependency-version: 0.34.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-dependencies
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Sep 1, 2025
@dependabot dependabot bot requested a review from gaocegege as a code owner September 1, 2025 06:18
@dependabot dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Sep 1, 2025
@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Oct 1, 2025

Looks like these dependencies are updatable in another way, so this is no longer needed.

@dependabot dependabot bot closed this Oct 1, 2025
@dependabot dependabot bot deleted the dependabot/go_modules/all-dependencies-cf168d5ded branch October 1, 2025 02:51
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@gaocegege gaocegege Awaiting requested review from gaocegege gaocegege is a code owner

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file go Pull requests that update Go code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant