build(deps): bump the go-dependencies group in /tools with 20 updates by dependabot[bot] · Pull Request #1831 · fastly/cli

dependabot · 2026-06-24T16:47:19Z

Bumps the go-dependencies group in /tools with 20 updates:

Package	From	To
github.com/anchore/go-macholibre	`0.1.0`	`0.1.1`
github.com/blacktop/go-macho	`1.1.281`	`1.1.282`
github.com/caarlos0/log	`0.6.0`	`0.6.2`
github.com/cloudflare/circl	`1.6.3`	`1.6.4`
github.com/coreos/go-oidc/v3	`3.18.0`	`3.19.0`
github.com/cyphar/filepath-securejoin	`0.6.1`	`0.7.0`
github.com/docker/cli	`29.5.3+incompatible`	`29.6.0+incompatible`
github.com/go-openapi/runtime	`0.32.3`	`0.32.4`
github.com/go-openapi/runtime/server-middleware	`0.32.3`	`0.32.4`
github.com/google/go-containerregistry	`0.21.6`	`0.21.7`
github.com/googleapis/enterprise-certificate-proxy	`0.3.16`	`0.3.17`
github.com/goreleaser/nfpm/v2	`2.46.3`	`2.47.0`
github.com/ipfs/go-datastore	`0.9.1`	`0.9.2`
github.com/moby/moby/api	`1.54.2`	`1.55.0`
github.com/moby/moby/client	`0.4.1`	`0.5.0`
github.com/pelletier/go-toml/v2	`2.4.0`	`2.4.2`
github.com/spiffe/go-spiffe/v2	`2.8.0`	`2.8.1`
go.yaml.in/yaml/v4	`4.0.0-rc.5`	`4.0.0-rc.6`
golang.org/x/image	`0.42.0`	`0.43.0`
google.golang.org/api	`0.285.0`	`0.286.0`

Updates github.com/anchore/go-macholibre from 0.1.0 to 0.1.1

Release notes

Sourced from github.com/anchore/go-macholibre's releases.

v0.1.1

Additional Changes

remove common workflows [PR #73 @wagoodman]

restore Go version to 1.21 [PR #71 @wagoodman]

update tool versions [PR #70 @anchore-oss-update-bot]

update Go version [PR #68 @anchore-oss-update-bot]

update tool versions [PR #67 @anchore-oss-update-bot]

Dependencies

1 dependency change (1 updated).

Toolchains (1)

Go minimum version: 1.17 → 1.21

github.com/google/go-cmp v0.6.0 → v0.7.0

(Full Changelog)

Commits

db61195 Update go-make to v0.8.0 (#85)
f4b827b refactor release pipeline: TAG_TOKEN, skip-checks gate, go-make bump, dependa...
d29b4f5 chore(deps): bump the actions-minor-patch group across 1 directory with 5 upd...
d171721 chore(deps): bump github.com/anchore/go-make (#79)
30d439b chore(deps): bump the actions-minor-patch group across 1 directory with 4 upd...
0bc2e12 chore(deps): bump the actions-minor-patch group across 1 directory with 5 upd...
1584de0 chore(deps): bump the actions-minor-patch group across 1 directory with 2 upd...
63a6c4c bump go-make and fix release permissions (#77)
63bb042 use released shared workflow (#76)
71f3fa5 chore(deps): bump github/codeql-action (#75)
Additional commits viewable in compare view

Updates github.com/blacktop/go-macho from 1.1.281 to 1.1.282

Commits

cf6f9d9 fix(file): make addrResolvable always use real read to detect bss gaps
6ffa877 feat(objc): detect and surface unavailable relative selector base
See full diff in compare view

Updates github.com/caarlos0/log from 0.6.0 to 0.6.2

Release notes

Sourced from github.com/caarlos0/log's releases.

v0.6.2

Changelog

Released with GoReleaser!

v0.6.1

Changelog

Other work

23d467a95e05ec3faad872ebe127b9dfb40f7e29: ci(deps): bump the actions group with 6 updates (#85) (dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>)

Released with GoReleaser Pro!

Commits

1697ecc chore: update golang.org/x/sys
23d467a ci(deps): bump the actions group with 6 updates (#85)
50a2fef chore(deps): bump charm.land/lipgloss/v2 from 2.0.2 to 2.0.3 in the go group ...
dbda082 ci(deps): bump the actions group with 3 updates (#84)
3ff8498 ci(deps): bump the actions group with 6 updates (#82)
cbd65d8 chore(deps): bump the go group with 2 updates (#81)
56f3c41 ci(deps): bump the actions group with 4 updates (#80)
025f226 chore(deps): bump the go group with 2 updates (#79)
See full diff in compare view

Updates github.com/cloudflare/circl from 1.6.3 to 1.6.4

Release notes

Sourced from github.com/cloudflare/circl's releases.

CIRCL v1.6.4

What's Changed

Fix typo: it's to its by @04cb in cloudflare/circl#588

ci: Bump Go version to 1.26 by @armfazh in cloudflare/circl#591

tss/rsa: polynomial evaluation using Horner's method by @armfazh in cloudflare/circl#590

zk/qndleq: Ensure large security parameter by @armfazh in cloudflare/circl#592

sign/bls: rejects aggregated signatures built with duplicated messages. by @armfazh in cloudflare/circl#595

Bump golang.org/x/crypto from 0.30.0 to 0.45.0 by @dependabot[bot] in cloudflare/circl#585

tss/rsa: avoiding overflow in lambda calculation with big.Int by @armfazh in cloudflare/circl#598

deps: Update CIRCL version in code generators. by @armfazh in cloudflare/circl#599

ci: add Semgrep OSS scanning workflow by @hrushikeshdeshpande in cloudflare/circl#601

zk/qndleq: Fixes challenge calculation by @armfazh in cloudflare/circl#596

sign/bls: Check that signature cannot be the identity point by @armfazh in cloudflare/circl#603

ml-dsa: Don't use tr pointer by @bwesterb in cloudflare/circl#606

ecc/bls12381: affinize must handle identity elements. by @armfazh in cloudflare/circl#604

pki: check pem.Decode returned nil block. by @z9z in cloudflare/circl#607

abe/cpabe/tkn20: fix AND-gate secret sharing. by @cjpatton in cloudflare/circl#610

hpke: fix verifyPSKInputs() to match spec. by @cjpatton in cloudflare/circl#612

hpke: Warn about nonce misuse during marshaling by @cjpatton in cloudflare/circl#613

hpke: don't panic when parsing on hybrid keys/ciphertexts. by @cjpatton in cloudflare/circl#614

blindsign/blindrsa: reject non-canonical signatures. by @cjpatton in cloudflare/circl#615

blindsign/blindrsa: reject message unless co-prime with modulus by @cjpatton in cloudflare/circl#616

oprf: reject identity element as public key. by @cjpatton in cloudflare/circl#619

Add AGENTS.md and REVIEW.md for contributor and AI agent guidance by @dotjs in cloudflare/circl#620

ecc/bls12381: check input length for infinity encoding in SetBytes. by @bwesterb in cloudflare/circl#618

abe/cpabe/tkn20: bound recursion depth when parsing policies. by @cjpatton in cloudflare/circl#622

abe/cpabe/tkn20: reject ciphertexts with trailing data. by @cjpatton in cloudflare/circl#621

abe/cpabe/tkn20: handle short ciphertexts as errors. by @cjpatton in cloudflare/circl#611

abe/cpabe/tkn20: enforce wire count matches policy. by @cjpatton in cloudflare/circl#624

abe/cpabe/tkn20: handle malformed ciphertext header. by @cjpatton in cloudflare/circl#623

abe/cpabe/tkn20: reject circuits with invalid topologies. by @cjpatton in cloudflare/circl#625

Release CIRCL v1.6.4 by @cjpatton in cloudflare/circl#626

New Contributors

@04cb made their first contribution in cloudflare/circl#588

@z9z made their first contribution in cloudflare/circl#607

@dotjs made their first contribution in cloudflare/circl#620

Full Changelog: cloudflare/circl@v1.6.3...v1.6.4

Commits

901199c Release CIRCL v1.6.4
5e37b40 abe/cpabe/tkn20: reject circuits with invalid topologies.
4ea7e90 abe/cpabe/tkn20: handle malformed ciphertext header.
ae0b5c4 abe/cpabe/tkn20: enforce wire count matches policy.
9547f48 abe/cpabe/tkn20: handle short ciphertexts as errors.
bfa7605 abe/cpabe/tkn20: reject ciphertexts with trailing data.
bdde3c7 abe/cpabe/tkn20: bound recursion depth when parsing policies.
03204f3 ecc/bls12381: check input length for infinity encoding in SetBytes. (#618)
e9bd81b Add AGENTS.md and REVIEW.md for AI agent and human reviewer guidance
02ab708 oprf: reject identity element as public key.
Additional commits viewable in compare view

Updates github.com/coreos/go-oidc/v3 from 3.18.0 to 3.19.0

Release notes

Sourced from github.com/coreos/go-oidc/v3's releases.

v3.19.0

What's Changed

fix: Key refresh should set no-cache to get most up to date keys by @Yanni8 in coreos/go-oidc#485

oidc: add support for validating back-channel logout tokens by @ericchiang in coreos/go-oidc#486

New Contributors

@Yanni8 made their first contribution in coreos/go-oidc#485

Full Changelog: coreos/go-oidc@v3.18.0...v3.19.0

Commits

4204f0b oidc: add support for validating back-channel logout tokens
f77e01c fix: Key refresh should set no-cache to get most up to date keys
See full diff in compare view

Updates github.com/cyphar/filepath-securejoin from 0.6.1 to 0.7.0

Changelog

Sourced from github.com/cyphar/filepath-securejoin's changelog.

[0.7.0] - 2025-06-17

You talk of times of peace for all, and then prepare for war.

Changed

Update to cyphar.com/go-pathrs@0.2.5, which included a build-time API breakage that we needed to work around. The API of this library is unchanged by this, but users should make sure to update to v0.7.0 of filepath-securejoin if they use the libpathrs built tag and have update to libpathrs v0.2.5.

Commits

8096a95 VERSION: release v0.7.0
1324ccb merge #101 into cyphar/filepath-securejoin:main
dd8f0bb deps: bump to cyphar.com/go-pathrs@v0.2.5
c9a7725 gha: bump golangci-lint to v2.12
2e968bd Merge pull request #91 from cyphar/dependabot/github_actions/actions/download...
2879148 Merge pull request #90 from cyphar/dependabot/github_actions/actions/upload-a...
07b805b build(deps): bump actions/download-artifact from 6 to 7
8507844 build(deps): bump actions/upload-artifact from 5 to 6
daef0cf Merge pull request #89 from cyphar/dependabot/github_actions/actions/checkout-6
95f8ea4 build(deps): bump actions/checkout from 5 to 6
Additional commits viewable in compare view

Updates github.com/docker/cli from 29.5.3+incompatible to 29.6.0+incompatible

Commits

fb59821 Merge pull request #7062 from vvoland/update-docker
ee2f737 vendor: github.com/moby/moby/client v0.5.0
1f80e23 vendor: github.com/moby/moby/api v1.55.0
1d1562e Merge pull request #7029 from agirault/login-password-dash-stdin
8c2e800 Merge pull request #7051 from thaJeztah/bump_moby
233cd4a vendor: github.com/moby/moby/api v1.55.0-rc.1, moby/client v0.5.0-rc.1
5b600d0 Merge pull request #7047 from thaJeztah/bump_go_events
e6decf4 Merge pull request #7048 from thaJeztah/bump_compress
a9284d1 Merge pull request #7049 from thaJeztah/bump_x_net
e7319c7 Merge pull request #7050 from thaJeztah/update_authors_mailmap
Additional commits viewable in compare view

Updates github.com/go-openapi/runtime from 0.32.3 to 0.32.4

Release notes

Sourced from github.com/go-openapi/runtime's releases.

v0.32.4

0.32.4 - 2026-06-19

Full Changelog: go-openapi/runtime@v0.32.3...v0.32.4

10 commits in this release.

Fixed bugs

fix(middleware): nil-guard param.Schema in UntypedRequestBinder map path by @Copilot in #488 ...

Documentation

doc: updated contributors file by @bot-go-openapi[bot] in #483 ...

Miscellaneous tasks

chore: prepare release v0.32.4 by @bot-go-openapi[bot] in #491 ...

Updates

build(deps): bump github.com/go-openapi/spec from 0.22.5 to 0.22.6 in the go-openapi-dependencies group across 1 directory by @dependabot[bot] in #490 ...

build(deps): bump the development-dependencies group with 2 updates by @dependabot[bot] in #489 ...

build(deps): bump the go-openapi-dependencies group across 2 directories with 7 updates by @dependabot[bot] in #486 ...

build(deps): bump golang.org/x/sync from 0.20.0 to 0.21.0 in the golang-org-dependencies group across 1 directory by @dependabot[bot] in #485 ...

build(deps): bump the development-dependencies group with 9 updates by @dependabot[bot] in #484 ...

build(deps): bump the go-openapi-dependencies group across 2 directories with 2 updates by @dependabot[bot] in #482 ...

build(deps): bump the development-dependencies group with 10 updates by @dependabot[bot] in #481 ...

People who contributed to this release

@Copilot

runtime license terms

... (truncated)

Commits

908a0ff chore: prepare release v0.32.4
5a6fbee build(deps): bump github.com/go-openapi/spec
b63b221 build(deps): bump the development-dependencies group with 2 updates
d3cd4f6 fix(middleware): nil-guard param.Schema in UntypedRequestBinder map path (#488)
760cc62 build(deps): bump the go-openapi-dependencies group across 2 directories with...
6c5385e build(deps): bump golang.org/x/sync
1045e1c build(deps): bump the development-dependencies group with 9 updates
9b01ff4 build(deps): bump the go-openapi-dependencies group across 2 directories with...
deed159 doc: updated contributors file
2dc38ae build(deps): bump the development-dependencies group with 10 updates
See full diff in compare view

Updates github.com/go-openapi/runtime/server-middleware from 0.32.3 to 0.32.4

Release notes

Sourced from github.com/go-openapi/runtime/server-middleware's releases.

v0.32.4

0.32.4 - 2026-06-19

Full Changelog: go-openapi/runtime@v0.32.3...v0.32.4

10 commits in this release.

Fixed bugs

fix(middleware): nil-guard param.Schema in UntypedRequestBinder map path by @Copilot in #488 ...

Documentation

doc: updated contributors file by @bot-go-openapi[bot] in #483 ...

Miscellaneous tasks

chore: prepare release v0.32.4 by @bot-go-openapi[bot] in #491 ...

Updates

build(deps): bump github.com/go-openapi/spec from 0.22.5 to 0.22.6 in the go-openapi-dependencies group across 1 directory by @dependabot[bot] in #490 ...

build(deps): bump the development-dependencies group with 2 updates by @dependabot[bot] in #489 ...

build(deps): bump the go-openapi-dependencies group across 2 directories with 7 updates by @dependabot[bot] in #486 ...

build(deps): bump golang.org/x/sync from 0.20.0 to 0.21.0 in the golang-org-dependencies group across 1 directory by @dependabot[bot] in #485 ...

build(deps): bump the development-dependencies group with 9 updates by @dependabot[bot] in #484 ...

build(deps): bump the go-openapi-dependencies group across 2 directories with 2 updates by @dependabot[bot] in #482 ...

build(deps): bump the development-dependencies group with 10 updates by @dependabot[bot] in #481 ...

People who contributed to this release

@Copilot

runtime license terms

... (truncated)

Commits

908a0ff chore: prepare release v0.32.4
5a6fbee build(deps): bump github.com/go-openapi/spec
b63b221 build(deps): bump the development-dependencies group with 2 updates
d3cd4f6 fix(middleware): nil-guard param.Schema in UntypedRequestBinder map path (#488)
760cc62 build(deps): bump the go-openapi-dependencies group across 2 directories with...
6c5385e build(deps): bump golang.org/x/sync
1045e1c build(deps): bump the development-dependencies group with 9 updates
9b01ff4 build(deps): bump the go-openapi-dependencies group across 2 directories with...
deed159 doc: updated contributors file
2dc38ae build(deps): bump the development-dependencies group with 10 updates
See full diff in compare view

Updates github.com/google/go-containerregistry from 0.21.6 to 0.21.7

Release notes

Sourced from github.com/google/go-containerregistry's releases.

v0.21.7

What's Changed

tarball: return error instead of panicking on missing rootfs.diff_ids by @iahsanGill in google/go-containerregistry#2304

gcrane: honor --platform flag in copy by @iahsanGill in google/go-containerregistry#2307

mutate: verify layer digests in Extract and Time by @momenashrafff in google/go-containerregistry#2303

tarball: close layer readers during Write by @nandbhat in google/go-containerregistry#2308

build(deps): bump the actions group across 1 directory with 2 updates by @dependabot[bot] in google/go-containerregistry#2311

build(deps): bump github.com/docker/cli from 29.4.3+incompatible to 29.5.2+incompatible in the go-deps group across 1 directory by @dependabot[bot] in google/go-containerregistry#2312

BUGFIX: Fail with error when read exceeds maximum by @inteon in google/go-containerregistry#2328

build(deps): bump the actions group across 1 directory with 2 updates by @dependabot[bot] in google/go-containerregistry#2327

fix(name): anchor loopback registry detection by @rohan-patnaik in google/go-containerregistry#2314

Reject symlinks in OCI layout blobs by @mosskappa in google/go-containerregistry#2306

fix(crane): avoid creating export tar on pull failure by @Haihan-Jiang in google/go-containerregistry#2318

feat(kubernetes): allow ignoring pull secrets by @rohan-patnaik in google/go-containerregistry#2315

fix(name): preserve localhost registry references by @rohan-patnaik in google/go-containerregistry#2316

pkg/registry: export ErrNotFound by @malt3 in google/go-containerregistry#2176

pkg/registry: export RedirectError by @malt3 in google/go-containerregistry#2177

build(deps): bump the go-deps group across 1 directory with 2 updates by @dependabot[bot] in google/go-containerregistry#2343

build(deps): bump the actions group across 1 directory with 2 updates by @dependabot[bot] in google/go-containerregistry#2344

fix: prevent SSRF in google.List() pagination by @tufstraka in google/go-containerregistry#2332

internal/gzip: fix goroutine leak in ReadCloserLevel by @amarkdotdev in google/go-containerregistry#2347

fix(transport): apply refreshed bearer token after cross-host redirect by @64johnlee in google/go-containerregistry#2337

build(deps): bump the go-deps group across 3 directories with 4 updates by @dependabot[bot] in google/go-containerregistry#2348

fix(tarball): normalize paths when matching files by @bstoll in google/go-containerregistry#2334

transport: do not re-attach bearer token after cross-host redirect by @evilgensec in google/go-containerregistry#2349

Bump CI go version to 1.26.4 by @Subserial in google/go-containerregistry#2350

New Contributors

@momenashrafff made their first contribution in google/go-containerregistry#2303

@nandbhat made their first contribution in google/go-containerregistry#2308

@inteon made their first contribution in google/go-containerregistry#2328

@rohan-patnaik made their first contribution in google/go-containerregistry#2314

@mosskappa made their first contribution in google/go-containerregistry#2306

@Haihan-Jiang made their first contribution in google/go-containerregistry#2318

@tufstraka made their first contribution in google/go-containerregistry#2332

@amarkdotdev made their first contribution in google/go-containerregistry#2347

@64johnlee made their first contribution in google/go-containerregistry#2337

@bstoll made their first contribution in google/go-containerregistry#2334

Full Changelog: google/go-containerregistry@v0.21.6...v0.21.7

Commits

c68d899 Bump go version to 1.26.4 (#2350)
da61d86 transport: do not re-attach bearer token after cross-host redirect (#2349)
09fe1e5 fix(tarball): normalize paths when matching files (#2334)
5baa399 build(deps): bump the go-deps group across 3 directories with 4 updates (#2348)
97a8a17 fix(transport): apply refreshed bearer token after cross-host redirect (#2337)
e963497 internal/gzip: fix goroutine leak in ReadCloserLevel (#2347)
02649ea fix: prevent SSRF in google.List() pagination (#2332)
7204b40 build(deps): bump the actions group across 1 directory with 2 updates (#2344)
4cfaa93 build(deps): bump the go-deps group across 1 directory with 2 updates (#2343)
6849394 pkg/registry: export RedirectError (#2177)
Additional commits viewable in compare view

Updates github.com/googleapis/enterprise-certificate-proxy from 0.3.16 to 0.3.17

Release notes

Sourced from github.com/googleapis/enterprise-certificate-proxy's releases.

v0.3.17

What's Changed

feat: Simplify mTLS filtering logic in ECP HTTP Proxy by @nolanleastin in googleapis/enterprise-certificate-proxy#198

chore: downgrade min Go version by @ldez in googleapis/enterprise-certificate-proxy#199

chore: Remove windows ECP DWARF debug symbols. by @nolanleastin in googleapis/enterprise-certificate-proxy#203

chore: Update version.txt to 0.3.17 by @nolanleastin in googleapis/enterprise-certificate-proxy#202

Full Changelog: googleapis/enterprise-certificate-proxy@v0.3.16...v0.3.17

Commits

a7e26a4 chore: Update version.txt to 0.3.17 (#202)
98c01e3 chore: Remove windows ECP DWARF debug symbols. (#203)
11a176e chore: downgrade min Go version (#199)
347ffa5 feat: Simplify mTLS filtering logic in ECP HTTP Proxy (#198)
See full diff in compare view

Updates github.com/goreleaser/nfpm/v2 from 2.46.3 to 2.47.0

Release notes

Sourced from github.com/goreleaser/nfpm/v2's releases.

v2.47.0

Changelog

New Features

5c2f7caebfee70a3c656cfe0bee0d2d71683e4df: feat: RiscV64 support (#1091) (@ahqsoftwares)

64b788a887641a1c492d815b52bf9a74de0c9a70: feat: add Requires(Post) for RPMS (#1085) (@teddelin)

dc960732751ac28baf361dcc12ff1fd7e00872d5: feat: add fang support for styled CLI output (#1068) (@caarlos0)

Security updates

060af046636f4adc478e437196449122e4417346: sec(deps): update golang.org/x/crypto (@caarlos0)

f769631fdded535d6723b7951d9fcae10f691ff6: sec(deps): update golang.org/x/net (@caarlos0)

Bug fixes

3118ec19d59f3e60f2c1b35d09d5e2e722b2de15: fix: tolerate empty overrides packager clause (#1080) (@dleske)

Dependency updates

a2d9ce583fb9ba683a306fd37751d5a7f7a77385: feat(deps): go1.26.4 (@caarlos0)

9b16218b1556e3fdf1f4e421653a55a249fff28c: fix(deps): bump alpine from 3.23.3 to 3.23.4 (#1075) (@dependabot[bot])

e3102b31f07ed91ab0a21afbb6967d473f7b6d79: fix(deps): bump alpine from 3.23.3 to 3.23.4 in /testdata/acceptance (#1076) (@dependabot[bot])

62c555edf6ace54d42d7de13a71d9ef5fd467e83: fix(deps): bump alpine from 3.23.4 to 3.24.0 (#1098) (@dependabot[bot])

071ae1836142ec60ce2b767cc8ab310be657d2bf: fix(deps): bump alpine from 3.23.4 to 3.24.0 in /testdata/acceptance (#1099) (@dependabot[bot])

Build process updates

4c62d34ff4562b2a63888f0932ddb484dd7c12c6: ci(deps): bump github/codeql-action in the actions group (#1083) (@dependabot[bot])

38a05deed6cc5c71b43d1e8e3bf044bd0f76fa33: ci(deps): bump the actions group across 1 directory with 3 updates (#1096) (@dependabot[bot])

6fe4da4e4f9c0d53bc212f77afd7d11a32fac14e: ci(deps): bump the actions group across 1 directory with 7 updates (#1095) (@dependabot[bot])

cd95f9ffeed090edb8edff13cf61754ffe405926: ci(deps): bump the actions group with 2 updates (#1078) (@dependabot[bot])

8f9cbef3c311f3488c9f6b347217f5d2d33d5da1: ci(deps): bump the actions group with 3 updates (#1090) (@dependabot[bot])

9ff0e2f09a748adc41efa3d247bea3a97efb20bc: ci(deps): bump the actions group with 4 updates (#1086) (@dependabot[bot])

2ce1832d348292b413778df6b0e6da7cb9a85697: ci(deps): bump the actions group with 5 updates (#1074) (@dependabot[bot])

1bd2fed8fb99229a32a4bf44cbffeb5c892d5841: ci: fix docs build test (@caarlos0)

4695cdccbf99bd66ed99ee5187d92a480c4f29ff: ci: fix license check (@caarlos0)

a40b461a8f0b402ce489f167e3bedb2dedda5a41: ci: update build (@caarlos0)

Other work

d16d75f9435d8ed69d227e57dbf6a5731b63761d: docs(deps): update hextra (@caarlos0)

c6a6a27ba29912fc88a613e6debb271a85cd2e16: docs: update cmd docs (@caarlos0)

Full Changelog: goreleaser/nfpm@v2.46.3...v2.47.0

Helping out

This release is only possible thanks to all the support of awesome people!

Want to be one of them? You can sponsor or contribute with code.

Where to go next?

nFPM is a satellite project from GoReleaser. Check it out!

Find examples and commented usage of all options in our website.

Reach out on Discord and Twitter!

Commits

40c7c8f chore: remove duplicated code
64b788a feat: add Requires(Post) for RPMS (#1085)
1bd2fed ci: fix docs build test
071ae18 fix(deps): bump alpine from 3.23.4 to 3.24.0 in /testdata/acceptance (#1099)
62c555e fix(deps): bump alpine from 3.23.4 to 3.24.0 (#1098)
38a05de ci(deps): bump the actions group across 1 directory with 3 updates (#1096)
df30aca chore: update sponsors
f769631 sec(deps): update golang.org/x/net
4695cdc ci: fix license check
060af04 sec(deps): update golang.org/x/crypto
Additional commits viewable in compare view

Updates github.com/ipfs/go-datastore from 0.9.1 to 0.9.2

Release notes

Sourced from github.com/ipfs/go-datastore's releases.

v0.9.2

What's Changed

ci: uci/update-go by @web3-bot in ipfs/go-datastore#267

chore: update error checks by @gammazero in ipfs/go-datastore#272

Full Changelog: Description has been truncated

Bumps the go-dependencies group in /tools with 20 updates: | Package | From | To | | --- | --- | --- | | [github.com/anchore/go-macholibre](https://github.com/anchore/go-macholibre) | `0.1.0` | `0.1.1` | | [github.com/blacktop/go-macho](https://github.com/blacktop/go-macho) | `1.1.281` | `1.1.282` | | [github.com/caarlos0/log](https://github.com/caarlos0/log) | `0.6.0` | `0.6.2` | | [github.com/cloudflare/circl](https://github.com/cloudflare/circl) | `1.6.3` | `1.6.4` | | [github.com/coreos/go-oidc/v3](https://github.com/coreos/go-oidc) | `3.18.0` | `3.19.0` | | [github.com/cyphar/filepath-securejoin](https://github.com/cyphar/filepath-securejoin) | `0.6.1` | `0.7.0` | | [github.com/docker/cli](https://github.com/docker/cli) | `29.5.3+incompatible` | `29.6.0+incompatible` | | [github.com/go-openapi/runtime](https://github.com/go-openapi/runtime) | `0.32.3` | `0.32.4` | | [github.com/go-openapi/runtime/server-middleware](https://github.com/go-openapi/runtime) | `0.32.3` | `0.32.4` | | [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry) | `0.21.6` | `0.21.7` | | [github.com/googleapis/enterprise-certificate-proxy](https://github.com/googleapis/enterprise-certificate-proxy) | `0.3.16` | `0.3.17` | | [github.com/goreleaser/nfpm/v2](https://github.com/goreleaser/nfpm) | `2.46.3` | `2.47.0` | | [github.com/ipfs/go-datastore](https://github.com/ipfs/go-datastore) | `0.9.1` | `0.9.2` | | [github.com/moby/moby/api](https://github.com/moby/moby) | `1.54.2` | `1.55.0` | | [github.com/moby/moby/client](https://github.com/moby/moby) | `0.4.1` | `0.5.0` | | [github.com/pelletier/go-toml/v2](https://github.com/pelletier/go-toml) | `2.4.0` | `2.4.2` | | [github.com/spiffe/go-spiffe/v2](https://github.com/spiffe/go-spiffe) | `2.8.0` | `2.8.1` | | [go.yaml.in/yaml/v4](https://github.com/yaml/go-yaml) | `4.0.0-rc.5` | `4.0.0-rc.6` | | [golang.org/x/image](https://github.com/golang/image) | `0.42.0` | `0.43.0` | | [google.golang.org/api](https://github.com/googleapis/google-api-go-client) | `0.285.0` | `0.286.0` | Updates `github.com/anchore/go-macholibre` from 0.1.0 to 0.1.1 - [Release notes](https://github.com/anchore/go-macholibre/releases) - [Commits](anchore/go-macholibre@v0.1.0...v0.1.1) Updates `github.com/blacktop/go-macho` from 1.1.281 to 1.1.282 - [Release notes](https://github.com/blacktop/go-macho/releases) - [Commits](blacktop/go-macho@v1.1.281...v1.1.282) Updates `github.com/caarlos0/log` from 0.6.0 to 0.6.2 - [Release notes](https://github.com/caarlos0/log/releases) - [Commits](caarlos0/log@v0.6.0...v0.6.2) Updates `github.com/cloudflare/circl` from 1.6.3 to 1.6.4 - [Release notes](https://github.com/cloudflare/circl/releases) - [Commits](cloudflare/circl@v1.6.3...v1.6.4) Updates `github.com/coreos/go-oidc/v3` from 3.18.0 to 3.19.0 - [Release notes](https://github.com/coreos/go-oidc/releases) - [Commits](coreos/go-oidc@v3.18.0...v3.19.0) Updates `github.com/cyphar/filepath-securejoin` from 0.6.1 to 0.7.0 - [Release notes](https://github.com/cyphar/filepath-securejoin/releases) - [Changelog](https://github.com/cyphar/filepath-securejoin/blob/main/CHANGELOG.md) - [Commits](cyphar/filepath-securejoin@v0.6.1...v0.7.0) Updates `github.com/docker/cli` from 29.5.3+incompatible to 29.6.0+incompatible - [Commits](docker/cli@v29.5.3...v29.6.0) Updates `github.com/go-openapi/runtime` from 0.32.3 to 0.32.4 - [Release notes](https://github.com/go-openapi/runtime/releases) - [Commits](go-openapi/runtime@v0.32.3...v0.32.4) Updates `github.com/go-openapi/runtime/server-middleware` from 0.32.3 to 0.32.4 - [Release notes](https://github.com/go-openapi/runtime/releases) - [Commits](go-openapi/runtime@v0.32.3...v0.32.4) Updates `github.com/google/go-containerregistry` from 0.21.6 to 0.21.7 - [Release notes](https://github.com/google/go-containerregistry/releases) - [Commits](google/go-containerregistry@v0.21.6...v0.21.7) Updates `github.com/googleapis/enterprise-certificate-proxy` from 0.3.16 to 0.3.17 - [Release notes](https://github.com/googleapis/enterprise-certificate-proxy/releases) - [Commits](googleapis/enterprise-certificate-proxy@v0.3.16...v0.3.17) Updates `github.com/goreleaser/nfpm/v2` from 2.46.3 to 2.47.0 - [Release notes](https://github.com/goreleaser/nfpm/releases) - [Commits](goreleaser/nfpm@v2.46.3...v2.47.0) Updates `github.com/ipfs/go-datastore` from 0.9.1 to 0.9.2 - [Release notes](https://github.com/ipfs/go-datastore/releases) - [Commits](ipfs/go-datastore@v0.9.1...v0.9.2) Updates `github.com/moby/moby/api` from 1.54.2 to 1.55.0 - [Release notes](https://github.com/moby/moby/releases) - [Commits](moby/moby@api/v1.54.2...api/v1.55.0) Updates `github.com/moby/moby/client` from 0.4.1 to 0.5.0 - [Release notes](https://github.com/moby/moby/releases) - [Changelog](https://github.com/moby/moby/blob/v0.5.0/CHANGELOG.md) - [Commits](moby/moby@v0.4.1...v0.5.0) Updates `github.com/pelletier/go-toml/v2` from 2.4.0 to 2.4.2 - [Release notes](https://github.com/pelletier/go-toml/releases) - [Commits](pelletier/go-toml@v2.4.0...v2.4.2) Updates `github.com/spiffe/go-spiffe/v2` from 2.8.0 to 2.8.1 - [Release notes](https://github.com/spiffe/go-spiffe/releases) - [Changelog](https://github.com/spiffe/go-spiffe/blob/main/CHANGELOG.md) - [Commits](spiffe/go-spiffe@v2.8.0...v2.8.1) Updates `go.yaml.in/yaml/v4` from 4.0.0-rc.5 to 4.0.0-rc.6 - [Commits](yaml/go-yaml@v4.0.0-rc.5...v4.0.0-rc.6) Updates `golang.org/x/image` from 0.42.0 to 0.43.0 - [Commits](golang/image@v0.42.0...v0.43.0) Updates `google.golang.org/api` from 0.285.0 to 0.286.0 - [Release notes](https://github.com/googleapis/google-api-go-client/releases) - [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md) - [Commits](googleapis/google-api-go-client@v0.285.0...v0.286.0) --- updated-dependencies: - dependency-name: github.com/anchore/go-macholibre dependency-version: 0.1.1 dependency-type: indirect update-type: version-update:semver-patch dependency-group: go-dependencies - dependency-name: github.com/blacktop/go-macho dependency-version: 1.1.282 dependency-type: indirect update-type: version-update:semver-patch dependency-group: go-dependencies - dependency-name: github.com/caarlos0/log dependency-version: 0.6.2 dependency-type: indirect update-type: version-update:semver-patch dependency-group: go-dependencies - dependency-name: github.com/cloudflare/circl dependency-version: 1.6.4 dependency-type: indirect update-type: version-update:semver-patch dependency-group: go-dependencies - dependency-name: github.com/coreos/go-oidc/v3 dependency-version: 3.19.0 dependency-type: indirect update-type: version-update:semver-minor dependency-group: go-dependencies - dependency-name: github.com/cyphar/filepath-securejoin dependency-version: 0.7.0 dependency-type: indirect update-type: version-update:semver-minor dependency-group: go-dependencies - dependency-name: github.com/docker/cli dependency-version: 29.6.0+incompatible dependency-type: indirect update-type: version-update:semver-minor dependency-group: go-dependencies - dependency-name: github.com/go-openapi/runtime dependency-version: 0.32.4 dependency-type: indirect update-type: version-update:semver-patch dependency-group: go-dependencies - dependency-name: github.com/go-openapi/runtime/server-middleware dependency-version: 0.32.4 dependency-type: indirect update-type: version-update:semver-patch dependency-group: go-dependencies - dependency-name: github.com/google/go-containerregistry dependency-version: 0.21.7 dependency-type: indirect update-type: version-update:semver-patch dependency-group: go-dependencies - dependency-name: github.com/googleapis/enterprise-certificate-proxy dependency-version: 0.3.17 dependency-type: indirect update-type: version-update:semver-patch dependency-group: go-dependencies - dependency-name: github.com/goreleaser/nfpm/v2 dependency-version: 2.47.0 dependency-type: indirect update-type: version-update:semver-minor dependency-group: go-dependencies - dependency-name: github.com/ipfs/go-datastore dependency-version: 0.9.2 dependency-type: indirect update-type: version-update:semver-patch dependency-group: go-dependencies - dependency-name: github.com/moby/moby/api dependency-version: 1.55.0 dependency-type: indirect update-type: version-update:semver-minor dependency-group: go-dependencies - dependency-name: github.com/moby/moby/client dependency-version: 0.5.0 dependency-type: indirect update-type: version-update:semver-minor dependency-group: go-dependencies - dependency-name: github.com/pelletier/go-toml/v2 dependency-version: 2.4.2 dependency-type: indirect update-type: version-update:semver-patch dependency-group: go-dependencies - dependency-name: github.com/spiffe/go-spiffe/v2 dependency-version: 2.8.1 dependency-type: indirect update-type: version-update:semver-patch dependency-group: go-dependencies - dependency-name: go.yaml.in/yaml/v4 dependency-version: 4.0.0-rc.6 dependency-type: indirect update-type: version-update:semver-patch dependency-group: go-dependencies - dependency-name: golang.org/x/image dependency-version: 0.43.0 dependency-type: indirect update-type: version-update:semver-minor dependency-group: go-dependencies - dependency-name: google.golang.org/api dependency-version: 0.286.0 dependency-type: indirect update-type: version-update:semver-minor dependency-group: go-dependencies ... Signed-off-by: dependabot[bot] <support@github.com>

…834c7fd60b

dependabot Bot added the tools Indicates that a given PR updates the repo tooling. label Jun 24, 2026

dependabot Bot requested a review from a team as a code owner June 24, 2026 16:47

dependabot Bot requested a review from philippschulte June 24, 2026 16:47

dependabot Bot added the tools Indicates that a given PR updates the repo tooling. label Jun 24, 2026

github-actions Bot added the Skip-Changelog do not add a changelog entry for this change label Jun 24, 2026

philippschulte approved these changes Jun 24, 2026

View reviewed changes

Merge branch 'main' into dependabot/go_modules/tools/go-dependencies-…

4dc6508

…834c7fd60b

philippschulte merged commit bab1d32 into main Jun 24, 2026
14 checks passed

philippschulte deleted the dependabot/go_modules/tools/go-dependencies-834c7fd60b branch June 24, 2026 21:18

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

build(deps): bump the go-dependencies group in /tools with 20 updates#1831

build(deps): bump the go-dependencies group in /tools with 20 updates#1831
philippschulte merged 2 commits into
mainfrom
dependabot/go_modules/tools/go-dependencies-834c7fd60b

dependabot Bot commented on behalf of github Jun 24, 2026

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Uh oh!

Conversation

dependabot Bot commented on behalf of github Jun 24, 2026

v0.1.1

Additional Changes

Dependencies

v0.6.2

Changelog

v0.6.1

Changelog

Other work

CIRCL v1.6.4

What's Changed

New Contributors

v3.19.0

What's Changed

New Contributors

[0.7.0] - 2025-06-17

Changed

v0.32.4

0.32.4 - 2026-06-19

Fixed bugs

Documentation

Miscellaneous tasks

Updates

People who contributed to this release

v0.32.4

0.32.4 - 2026-06-19

Fixed bugs

Documentation

Miscellaneous tasks

Updates

People who contributed to this release

v0.21.7

What's Changed

New Contributors

v0.3.17

What's Changed

v2.47.0

Changelog

New Features

Security updates

Bug fixes

Dependency updates

Build process updates

Other work

Helping out

Where to go next?

v0.9.2

What's Changed

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant