Skip to content

chore(deps): bump the go_modules group across 3 directories with 5 updates#5017

Open
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/go_modules/v2/go_modules-c3e53c6136
Open

chore(deps): bump the go_modules group across 3 directories with 5 updates#5017
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/go_modules/v2/go_modules-c3e53c6136

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Feb 25, 2026

Bumps the go_modules group with 2 updates in the /v2 directory: github.com/go-git/go-git/v5 and golang.org/x/image.
Bumps the go_modules group with 1 update in the /v2/examples/customlayout directory: golang.org/x/net.
Bumps the go_modules group with 1 update in the /v2/internal/staticanalysis/test/standard directory: golang.org/x/net.

Updates github.com/go-git/go-git/v5 from 5.13.2 to 5.16.5

Release notes

Sourced from github.com/go-git/go-git/v5's releases.

v5.16.5

What's Changed

Full Changelog: go-git/go-git@v5.16.4...v5.16.5

v5.16.4

What's Changed

Full Changelog: go-git/go-git@v5.16.3...v5.16.4

v5.16.3

What's Changed

Full Changelog: go-git/go-git@v5.16.2...v5.16.3

v5.16.2

What's Changed

Full Changelog: go-git/go-git@v5.16.1...v5.16.2

v5.16.1

What's Changed

New Contributors

Full Changelog: go-git/go-git@v5.16.0...v5.16.1

v5.16.0

What's Changed

... (truncated)

Commits
  • 48a1ae0 Merge pull request #1836 from go-git/check-v5
  • 42bdf1f storage: filesystem, Verify idx matches pack file
  • 4146a56 plumbing: format/idxfile, Verify idxfile's checksum
  • 63d78ec plumbing: format/packfile, Add new ErrMalformedPackFile
  • 25f1624 Merge pull request #1800 from Ch00k/no-delete-untracked-v5
  • 600fb13 git: worktree, Don't delete local untracked files when resetting worktree
  • 390a569 Merge pull request #1746 from pjbgf/bump-go
  • 61c8b85 build: Bump Go test versions to 1.23-1.25 (v5)
  • e5a05ec Merge pull request #1744 from go-git/renovate/releases/v5.x-go-golang.org-x-c...
  • 1495930 plumbing: Remove use of non-constant format strings
  • Additional commits viewable in compare view

Updates golang.org/x/net from 0.35.0 to 0.47.0

Commits
  • e1fcd82 html: properly handle trailing solidus in unquoted attribute value in foreign...
  • ebed060 internal/http3: fix build of tests with GOEXPERIMENT=nosynctest
  • 1f1fa29 publicsuffix: regenerate table
  • 1215081 http2: improve error when server sends HTTP/1
  • 312450e html: ensure <search> tag closes <p> and update tests
  • 09731f9 http2: improve handling of lost PING in Server
  • 55989e2 http2/h2c: use ResponseController for hijacking connections
  • 2914f46 websocket: re-recommend gorilla/websocket
  • 99b3ae0 go.mod: update golang.org/x dependencies
  • 85d1d54 go.mod: update golang.org/x dependencies
  • Additional commits viewable in compare view

Updates github.com/cloudflare/circl from 1.3.7 to 1.6.1

Release notes

Sourced from github.com/cloudflare/circl's releases.

CIRCL v1.6.1

  • Fixes some point checks on the FourQ curve.
  • Hybrid KEM fails on low-order points.

What's Changed

Full Changelog: cloudflare/circl@v1.6.0...v1.6.1

CIRCL v1.6.0

New!

What's Changed

New Contributors

Full Changelog: cloudflare/circl@v1.5.0...v1.6.0

CIRCL v1.5.0

New: ML-DSA, Module-Lattice-based Digital Signature Algorithm.

What's Changed

New Contributors

Full Changelog: cloudflare/circl@v1.4.0...v1.5.0

... (truncated)

Commits
  • c6d33e3 Release v1.6.1
  • 0c3868e curve4q: Shared must fail with low order points.
  • 9fd570d curve4q: Test showing DH does not fails on identity point.
  • c988ceb fourq: Correctly unmarshalling point.
  • ef2611d fourq: Test showing point unmarshal fails.
  • 05eba44 fourq: Handle the case of Z=0 for IsOnCurve and IsEqual.
  • eef0878 fourq: Test showing isEqual and IsOnCurve fail.
  • 2298474 goldilocks; Handling points with z=0.
  • 5a940a1 goldilocks: Test for IsEqual must fail with Z=0
  • 48c3b6a ed25519: Fix isEqual to handle points with Z=0.
  • Additional commits viewable in compare view

Updates golang.org/x/crypto from 0.33.0 to 0.45.0

Commits
  • 4e0068c go.mod: update golang.org/x dependencies
  • e79546e ssh: curb GSSAPI DoS risk by limiting number of specified OIDs
  • f91f7a7 ssh/agent: prevent panic on malformed constraint
  • 2df4153 acme/autocert: let automatic renewal work with short lifetime certs
  • bcf6a84 acme: pass context to request
  • b4f2b62 ssh: fix error message on unsupported cipher
  • 79ec3a5 ssh: allow to bind to a hostname in remote forwarding
  • 122a78f go.mod: update golang.org/x dependencies
  • c0531f9 all: eliminate vet diagnostics
  • 0997000 all: fix some comments
  • Additional commits viewable in compare view

Updates golang.org/x/image from 0.12.0 to 0.18.0

Commits
  • 3bbf4a6 tiff: Validate palette indices when parsing palette-color images
  • 6c5fa46 go.mod: update golang.org/x dependencies
  • 55c4ab6 go.mod: update golang.org/x dependencies
  • 0057a93 tiff: fix function name in comment
  • 9e190ae webp: disallow multiple VP8X chunks
  • 445ab0e go.mod: update golang.org/x dependencies
  • 240a51a font/sfnt: support early version 0 OS/2 tables
  • c20bbc3 draw: simplify some calls to fmt.Fprintf
  • 491771c draw: merge draw_go117.go into draw.go
  • 4aa0222 go.mod: update go directive to 1.18
  • Additional commits viewable in compare view

Updates golang.org/x/net from 0.35.0 to 0.38.0

Commits
  • e1fcd82 html: properly handle trailing solidus in unquoted attribute value in foreign...
  • ebed060 internal/http3: fix build of tests with GOEXPERIMENT=nosynctest
  • 1f1fa29 publicsuffix: regenerate table
  • 1215081 http2: improve error when server sends HTTP/1
  • 312450e html: ensure <search> tag closes <p> and update tests
  • 09731f9 http2: improve handling of lost PING in Server
  • 55989e2 http2/h2c: use ResponseController for hijacking connections
  • 2914f46 websocket: re-recommend gorilla/websocket
  • 99b3ae0 go.mod: update golang.org/x dependencies
  • 85d1d54 go.mod: update golang.org/x dependencies
  • Additional commits viewable in compare view

Updates golang.org/x/crypto from 0.33.0 to 0.36.0

Commits
  • 4e0068c go.mod: update golang.org/x dependencies
  • e79546e ssh: curb GSSAPI DoS risk by limiting number of specified OIDs
  • f91f7a7 ssh/agent: prevent panic on malformed constraint
  • 2df4153 acme/autocert: let automatic renewal work with short lifetime certs
  • bcf6a84 acme: pass context to request
  • b4f2b62 ssh: fix error message on unsupported cipher
  • 79ec3a5 ssh: allow to bind to a hostname in remote forwarding
  • 122a78f go.mod: update golang.org/x dependencies
  • c0531f9 all: eliminate vet diagnostics
  • 0997000 all: fix some comments
  • Additional commits viewable in compare view

Updates golang.org/x/net from 0.23.0 to 0.38.0

Commits
  • e1fcd82 html: properly handle trailing solidus in unquoted attribute value in foreign...
  • ebed060 internal/http3: fix build of tests with GOEXPERIMENT=nosynctest
  • 1f1fa29 publicsuffix: regenerate table
  • 1215081 http2: improve error when server sends HTTP/1
  • 312450e html: ensure <search> tag closes <p> and update tests
  • 09731f9 http2: improve handling of lost PING in Server
  • 55989e2 http2/h2c: use ResponseController for hijacking connections
  • 2914f46 websocket: re-recommend gorilla/websocket
  • 99b3ae0 go.mod: update golang.org/x dependencies
  • 85d1d54 go.mod: update golang.org/x dependencies
  • Additional commits viewable in compare view

Updates golang.org/x/crypto from 0.21.0 to 0.36.0

Commits
  • 4e0068c go.mod: update golang.org/x dependencies
  • e79546e ssh: curb GSSAPI DoS risk by limiting number of specified OIDs
  • f91f7a7 ssh/agent: prevent panic on malformed constraint
  • 2df4153 acme/autocert: let automatic renewal work with short lifetime certs
  • bcf6a84 acme: pass context to request
  • b4f2b62 ssh: fix error message on unsupported cipher
  • 79ec3a5 ssh: allow to bind to a hostname in remote forwarding
  • 122a78f go.mod: update golang.org/x dependencies
  • c0531f9 all: eliminate vet diagnostics
  • 0997000 all: fix some comments
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
chore(deps): bump the go_modules group across 3 directories with 5 up…
dc8f4fd 
…dates

Bumps the go_modules group with 2 updates in the /v2 directory: [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) and [golang.org/x/image](https://github.com/golang/image).
Bumps the go_modules group with 1 update in the /v2/examples/customlayout directory: [golang.org/x/net](https://github.com/golang/net).
Bumps the go_modules group with 1 update in the /v2/internal/staticanalysis/test/standard directory: [golang.org/x/net](https://github.com/golang/net).


Updates `github.com/go-git/go-git/v5` from 5.13.2 to 5.16.5
- [Release notes](https://github.com/go-git/go-git/releases)
- [Commits](go-git/go-git@v5.13.2...v5.16.5)

Updates `golang.org/x/net` from 0.35.0 to 0.47.0
- [Commits](golang/net@v0.35.0...v0.38.0)

Updates `github.com/cloudflare/circl` from 1.3.7 to 1.6.1
- [Release notes](https://github.com/cloudflare/circl/releases)
- [Commits](cloudflare/circl@v1.3.7...v1.6.1)

Updates `golang.org/x/crypto` from 0.33.0 to 0.45.0
- [Commits](golang/crypto@v0.33.0...v0.45.0)

Updates `golang.org/x/image` from 0.12.0 to 0.18.0
- [Commits](golang/image@v0.12.0...v0.18.0)

Updates `golang.org/x/net` from 0.35.0 to 0.38.0
- [Commits](golang/net@v0.35.0...v0.38.0)

Updates `golang.org/x/crypto` from 0.33.0 to 0.36.0
- [Commits](golang/crypto@v0.33.0...v0.45.0)

Updates `golang.org/x/net` from 0.23.0 to 0.38.0
- [Commits](golang/net@v0.35.0...v0.38.0)

Updates `golang.org/x/crypto` from 0.21.0 to 0.36.0
- [Commits](golang/crypto@v0.33.0...v0.45.0)

---
updated-dependencies:
- dependency-name: github.com/go-git/go-git/v5
  dependency-version: 5.16.5
  dependency-type: direct:production
  dependency-group: go_modules
- dependency-name: golang.org/x/net
  dependency-version: 0.47.0
  dependency-type: direct:production
  dependency-group: go_modules
- dependency-name: github.com/cloudflare/circl
  dependency-version: 1.6.1
  dependency-type: indirect
  dependency-group: go_modules
- dependency-name: golang.org/x/crypto
  dependency-version: 0.45.0
  dependency-type: indirect
  dependency-group: go_modules
- dependency-name: golang.org/x/image
  dependency-version: 0.18.0
  dependency-type: indirect
  dependency-group: go_modules
- dependency-name: golang.org/x/net
  dependency-version: 0.38.0
  dependency-type: indirect
  dependency-group: go_modules
- dependency-name: golang.org/x/crypto
  dependency-version: 0.36.0
  dependency-type: indirect
  dependency-group: go_modules
- dependency-name: golang.org/x/net
  dependency-version: 0.38.0
  dependency-type: indirect
  dependency-group: go_modules
- dependency-name: golang.org/x/crypto
  dependency-version: 0.36.0
  dependency-type: indirect
  dependency-group: go_modules
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Feb 25, 2026
@cloudflare-workers-and-pages
Copy link

cloudflare-workers-and-pages bot commented Feb 25, 2026
edited
Loading

Deploying wails with  Cloudflare Pages  Cloudflare Pages

Latest commit: dc8f4fd
Status: ✅  Deploy successful!
Preview URL: https://483b44fd.wails.pages.dev
Branch Preview URL: https://dependabot-go-modules-v2-go-sp9z.wails.pages.dev

View logs

@dependabot dependabot bot added the go Pull requests that update Go code label Feb 25, 2026
@dependabot dependabot bot mentioned this pull request Feb 25, 2026
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file go Pull requests that update Go code v2-only

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants