chore(deps): bump the common group across 1 directory with 30 updates by dependabot[bot] · Pull Request #256 · Ericsson/trivy

dependabot · 2026-04-08T00:07:24Z

Bumps the common group with 20 updates in the / directory:

Package	From	To
github.com/GoogleCloudPlatform/docker-credential-gcr/v2	`2.1.31`	`2.1.32`
github.com/alicebob/miniredis/v2	`2.36.1`	`2.37.0`
github.com/containerd/containerd/v2	`2.2.1`	`2.2.2`
github.com/containerd/platforms	`1.0.0-rc.2`	`1.0.0-rc.4`
github.com/fatih/color	`1.18.0`	`1.19.0`
github.com/go-git/go-git/v5	`5.16.5`	`5.17.2`
github.com/google/go-containerregistry	`0.20.7`	`0.21.3`
github.com/hashicorp/go-getter	`1.8.4`	`1.8.6`
github.com/hashicorp/go-version	`1.8.0`	`1.9.0`
github.com/hashicorp/hc-install	`0.9.2`	`0.9.3`
github.com/hashicorp/terraform-exec	`0.24.0`	`0.25.0`
github.com/magefile/mage	`1.15.0`	`1.17.1`
github.com/open-policy-agent/opa	`1.13.1`	`1.15.1`
github.com/openvex/go-vex	`0.2.7`	`0.2.8`
github.com/samber/lo	`1.52.0`	`1.53.0`
github.com/sigstore/rekor	`1.5.0`	`1.5.1`
github.com/zclconf/go-cty	`1.17.0`	`1.18.0`
helm.sh/helm/v3	`3.20.0`	`3.20.1`
modernc.org/sqlite	`1.45.0`	`1.48.1`
github.com/nikolalohinski/gonja/v2	`2.6.0`	`2.7.0`

Updates github.com/GoogleCloudPlatform/docker-credential-gcr/v2 from 2.1.31 to 2.1.32

Release notes

Sourced from github.com/GoogleCloudPlatform/docker-credential-gcr/v2's releases.

v2.1.32

What's Changed

Add missing AR domains by @Subserial in GoogleCloudPlatform/docker-credential-gcr#186

Update logrus to use newer version with no CVE by @cm894865 in GoogleCloudPlatform/docker-credential-gcr#187

New Contributors

@cm894865 made their first contribution in GoogleCloudPlatform/docker-credential-gcr#187

Full Changelog: GoogleCloudPlatform/docker-credential-gcr@v2.1.31...v2.1.32

Commits

711dd80 Update logrus to use newer version with no CVE (#187)
2c33e9c Merge pull request #186 from Subserial/Subserial-patch-1
0692b51 Add missing AR domains
See full diff in compare view

Updates github.com/alicebob/miniredis/v2 from 2.36.1 to 2.37.0

Release notes

Sourced from github.com/alicebob/miniredis/v2's releases.

HEXPIRE

support HEXPIRE (thanks @mojixcoder)

Changelog

Sourced from github.com/alicebob/miniredis/v2's changelog.

v2.37.0

suport HEXPIRE (thanks @mojixcoder)

Commits

c1b59bf feat: implement HEXPIRE command (#424)
See full diff in compare view

Updates github.com/containerd/containerd/v2 from 2.2.1 to 2.2.2

Release notes

Sourced from github.com/containerd/containerd/v2's releases.

containerd 2.2.2

Welcome to the v2.2.2 release of containerd!

The second patch release for containerd 2.2 contains various fixes and improvements.

Highlights

Container Runtime Interface (CRI)

Fix migrated CRI image config when using legacy registry mirrors (#12987)

Unpack images with per-layer labels for runtime-specific snapshotters (#12936)

Fix CNI issue where DEL is never executed after a restart (#12926)

Harden error handling to strip potentially-sensitive registry parameters (#12804)

Fix nil pointer dereference in container spec memory metrics when memory constraints are not fully configured (#12731)

Use the specified runtime handler when pulling images (#12721)

Reduce noisy CDI logs (#12717)

Fix regression for pulling encrypted images (#12712)

Runtime

Fix unintended dropping of mount flags for read-only bind-mounts in user namespaces (#12944)

Fix AppArmor bug disallowing unix domain sockets on newer kernels (#12897)

ctr development tool

Fix ctr image mount failing with "no such device" (#12831)

Please try out the release binaries and report any issues at https://github.com/containerd/containerd/issues.

Contributors

Maksym Pavlenko

Akhil Mohan

Samuel Karp

Wei Fu

Michael Zappa

Phil Estes

Fabiano Fidêncio

Jérôme Poulin

Luke Hinds

Aadhar Agarwal

Akihiro Suda

Alex Chernyakhovsky

Chris Adeniyi-Jones

Kazuyoshi Kato

Rodrigo Campos

Sebastiaan van Stijn

You Binhao

ningmingxiao

... (truncated)

Commits

301b2da Merge pull request #12998 from samuelkarp/prepare-release-2.2.2
7e6ecf4 Prepare release notes for v2.2.2
5dc7bb2 Merge pull request #12987 from k8s-infra-cherrypick-robot/cherry-pick-12617-t...
a20dead set default config_path in plugin init
8b085dd Merge pull request #12936 from fidencio/release-2.2/backport-12835
7022bea Merge pull request #12957 from k8s-infra-cherrypick-robot/cherry-pick-12950-t...
68855cb ci: modprobe xt_comment on almalinux
46fabcc Merge pull request #12944 from k8s-infra-cherrypick-robot/cherry-pick-12941-t...
ef7a8be core/mount: add test for getUnprivilegedMountFlags
07b2cc0 core/mount: fix getUnprivilegedMountFlags iterating over indices instead of v...
Additional commits viewable in compare view

Updates github.com/containerd/platforms from 1.0.0-rc.2 to 1.0.0-rc.4

Release notes

Sourced from github.com/containerd/platforms's releases.

v1.0.0-rc.4

What's Changed

refactor, optimize FormatAll, ParseAll by @thaJeztah in containerd/platforms#30

Strip the win32k when comparing windows platforms by @dmcgowan in containerd/platforms#31

Add OnlyOS function allow matching any architecture by @dmcgowan in containerd/platforms#33

Full Changelog: containerd/platforms@v1.0.0-rc.3...v1.0.0-rc.4

v1.0.0-rc.3

What's Changed

Update GitHub actions by @dmcgowan in containerd/platforms#27

Add support for OS Features in the format by @dmcgowan in containerd/platforms#16

Match and Compare platforms with OSFeatures by @dmcgowan in containerd/platforms#20

Add encoding to os version and features by @dmcgowan in containerd/platforms#28

Full Changelog: containerd/platforms@v1.0.0-rc.2...v1.0.0-rc.3

Commits

09756f5 Merge pull request #33 from dmcgowan/only-os
3a284c1 Merge pull request #31 from dmcgowan/windows-strip-features
1e75776 Merge pull request #30 from thaJeztah/platforms_refactor
adbf321 Strip the win32k when comparing windows platforms
27058a1 Add OnlyOS function allow matching any architecture
d028ee3 ParseAll: refactor
8f5e31a FormatAll: use a string-builder for formatting os-options
0165130 modernize --fix
f453a3a go.mod: bump minimum go version to go1.24
042728d add benchmark for Parse, FormatAll
Additional commits viewable in compare view

Updates github.com/fatih/color from 1.18.0 to 1.19.0

Release notes

Sourced from github.com/fatih/color's releases.

v1.19.0

What's Changed

Bump golang.org/x/sys from 0.25.0 to 0.28.0 by @dependabot[bot] in fatih/color#246

Fix for issue #230 set/unsetwriter symmetric wrt color support detection by @ataypamart in fatih/color#243

chore: go mod cleanup by @sashamelentyev in fatih/color#244

Bump golang.org/x/sys from 0.28.0 to 0.30.0 by @dependabot[bot] in fatih/color#249

Bump github.com/mattn/go-colorable from 0.1.13 to 0.1.14 by @dependabot[bot] in fatih/color#248

Update CI and go deps by @fatih in fatih/color#254

Bump golang.org/x/sys from 0.31.0 to 0.37.0 by @dependabot[bot] in fatih/color#268

fix: include escape codes in byte counts from Fprint, Fprintf by @qualidafial in fatih/color#282

Bump golang.org/x/sys from 0.37.0 to 0.40.0 by @dependabot[bot] in fatih/color#277

fix: add nil check for os.Stdout to prevent panic on Windows services by @majiayu000 in fatih/color#275

Bump dominikh/staticcheck-action from 1.3.1 to 1.4.0 by @dependabot[bot] in fatih/color#259

Bump actions/checkout from 4 to 6 by @dependabot[bot] in fatih/color#273

Optimize Color.Equals performance (O(n²) → O(n)) by @UnSubble in fatih/color#269

Bump actions/setup-go from 5 to 6 by @dependabot[bot] in fatih/color#266

New Contributors

@ataypamart made their first contribution in fatih/color#243

@sashamelentyev made their first contribution in fatih/color#244

@qualidafial made their first contribution in fatih/color#282

@majiayu000 made their first contribution in fatih/color#275

@UnSubble made their first contribution in fatih/color#269

Full Changelog: fatih/color@v1.18.0...v1.19.0

Commits

ca25f6e Merge pull request #266 from fatih/dependabot/github_actions/actions/setup-go-6
1205984 Bump actions/setup-go from 5 to 6
5715c20 Merge pull request #269 from UnSubble/main
2f6e200 Merge branch 'main' into main
f72ec94 Merge pull request #273 from fatih/dependabot/github_actions/actions/checkout-6
848e633 Merge branch 'main' into main
4c2cd34 Add tests
7f812f0 Bump actions/checkout from 4 to 6
b7fc9f9 Merge pull request #259 from fatih/dependabot/github_actions/dominikh/staticc...
239a88f Bump dominikh/staticcheck-action from 1.3.1 to 1.4.0
Additional commits viewable in compare view

Updates github.com/go-git/go-git/v5 from 5.16.5 to 5.17.2

Release notes

Sourced from github.com/go-git/go-git/v5's releases.

v5.17.2

What's Changed

build: Update module github.com/go-git/go-git/v5 to v5.17.1 [SECURITY] (releases/v5.x) by @go-git-renovate[bot] in go-git/go-git#1941

dotgit: skip writing pack files that already exist on disk by @pjbgf in go-git/go-git#1944

⚠️ This release fixes a bug (go-git/go-git#1942) that blocked some users from upgrading to v5.17.1. Thanks @pskrbasu for reporting it. 🙇

Full Changelog: go-git/go-git@v5.17.1...v5.17.2

v5.17.1

What's Changed

build: Update module github.com/cloudflare/circl to v1.6.3 [SECURITY] (releases/v5.x) by @go-git-renovate[bot] in go-git/go-git#1930

[v5] plumbing: format/index, Improve v4 entry name validation by @pjbgf in go-git/go-git#1935

[v5] plumbing: format/idxfile, Fix version and fanout checks by @pjbgf in go-git/go-git#1937

Full Changelog: go-git/go-git@v5.17.0...v5.17.1

v5.17.0

What's Changed

build: Update module github.com/go-git/go-git/v5 to v5.16.5 [SECURITY] (releases/v5.x) by @go-git-renovate[bot] in go-git/go-git#1839

git: worktree, optimize infiles function for very large repos by @k-anshul in go-git/go-git#1853

git: Add strict checks for supported extensions by @pjbgf in go-git/go-git#1861

backport, git: Improve Status() speed with new index.ModTime check by @cedric-appdirect in go-git/go-git#1862

storage: filesystem, Avoid overwriting loose obj files by @pjbgf in go-git/go-git#1864

Full Changelog: go-git/go-git@v5.16.5...v5.17.0

Commits

45ae193 Merge pull request #1944 from go-git/fix-perms
fda4f74 storage: filesystem/dotgit, Skip writing pack files that already exist on disk
2212dc7 Merge pull request #1941 from go-git/renovate/releases/v5.x-go-github.com-go-...
ebb2d7d build: Update module github.com/go-git/go-git/v5 to v5.17.1 [SECURITY]
5e23dfd Merge pull request #1937 from pjbgf/idx-v5
6b38a32 Merge pull request #1935 from pjbgf/index-v5
cd757fc plumbing: format/idxfile, Fix version and fanout checks
3ec0d70 plumbing: format/index, Fix tree extension invalidated entry parsing
dbe10b6 plumbing: format/index, Align V2/V3 long name and V4 prefix encoding with Git
e9b65df plumbing: format/index, Improve v4 entry name validation
Additional commits viewable in compare view

Updates github.com/google/go-containerregistry from 0.20.7 to 0.21.3

Release notes

Sourced from github.com/google/go-containerregistry's releases.

v0.21.3

What's Changed

Adds local file support to the crane index subcommand by @edwardthiele in google/go-containerregistry#2223

migrate to github.com/moby/moby modules by @thaJeztah in google/go-containerregistry#2228

Bump the go-deps group across 4 directories with 7 updates by @dependabot[bot] in google/go-containerregistry#2233

Bump goreleaser/goreleaser-action from 6.4.0 to 7.0.0 in the actions group by @dependabot[bot] in google/go-containerregistry#2220

mutate: reject path traversal and symlink escape in Extract by @KevinZhao in google/go-containerregistry#2227

tarball: detect symlink cycles in extractFileFromTar by @vnykmshr in google/go-containerregistry#2232

bump golang to 1.25.7 by @Subserial in google/go-containerregistry#2236

New Contributors

@edwardthiele made their first contribution in google/go-containerregistry#2223

@thaJeztah made their first contribution in google/go-containerregistry#2228

@KevinZhao made their first contribution in google/go-containerregistry#2227

@vnykmshr made their first contribution in google/go-containerregistry#2232

Full Changelog: google/go-containerregistry@v0.21.2...v0.21.3

v0.21.2

What's Changed

Better handle redirects to https in ping by @jonjohnsonjr in google/go-containerregistry#2225

Full Changelog: google/go-containerregistry@v0.21.1...v0.21.2

v0.21.1

This release fixes a regression in crane introduced in the previous release.

What's Changed

Add WithFileBufferedOpener for file-backed daemon image buffering by @twdamhore in google/go-containerregistry#2214

crane: fix case in auth response json by @aelindeman in google/go-containerregistry#2218

New Contributors

@twdamhore made their first contribution in google/go-containerregistry#2214

@aelindeman made their first contribution in google/go-containerregistry#2218

Full Changelog: google/go-containerregistry@v0.21.0...v0.21.1

v0.21.0

This release updates the minimum Go version to 1.25.6.

What's Changed

fix(mutate): don't skip dir replacements via whiteout in export by @r4f4 in google/go-containerregistry#2191

Improve performance of v1.NewHash by @bmoylan in google/go-containerregistry#2194

Bump the actions group across 1 directory with 4 updates by @dependabot[bot] in google/go-containerregistry#2207

Bump the root-deps group across 1 directory with 7 updates by @dependabot[bot] in google/go-containerregistry#2195

Fix error messages in crane_test.go by @jammie-jelly in google/go-containerregistry#2189

Bump go version across packages to 1.25.6 by @Subserial in google/go-containerregistry#2211

Join go.mod dependency updates by @Subserial in google/go-containerregistry#2212

Bump the go-deps group across 3 directories with 3 updates by @dependabot[bot] in google/go-containerregistry#2213

... (truncated)

Commits

3888fb8 bump golang to 1.25.7 (#2236)
f439624 tarball: detect symlink cycles in extractFileFromTar (#2232)
400c263 mutate: reject path traversal and symlink escape in Extract (#2227)
47eedc9 Bump goreleaser/goreleaser-action in the actions group (#2220)
be0a845 Bump the go-deps group across 4 directories with 7 updates (#2233)
e916301 migrate to github.com/moby/moby modules (#2228)
8b2478e Adds local file support to the crane index subcommand (#2223)
9e0ccb0 Better handle redirects to https in ping (#2225)
85f2bf5 crane: fix case in auth response json (#2218)
e971d63 Add WithFileBufferedOpener for file-backed daemon image buffering (#2214)
Additional commits viewable in compare view

Updates github.com/hashicorp/go-getter from 1.8.4 to 1.8.6

Release notes

Sourced from github.com/hashicorp/go-getter's releases.

v1.8.6

No release notes provided.

v1.8.5

What's Changed

[chore] : Bump the go group with 2 updates by @dependabot[bot] in hashicorp/go-getter#576

use %w to wrap error by @Ericwww in hashicorp/go-getter#475

fix: #538 http file download skipped if headResp.ContentLength is 0 by @martijnvdp in hashicorp/go-getter#539

chore: fix error message capitalization in checksum function by @ssagarverma in hashicorp/go-getter#578

[chore] : Bump the go group with 8 updates by @dependabot[bot] in hashicorp/go-getter#577

Fix git url with ambiguous ref by @nimasamii in hashicorp/go-getter#382

fix: resolve compilation errors in get_git_test.go by @CreatorHead in hashicorp/go-getter#579

[chore] : Bump the actions group with 2 updates by @dependabot[bot] in hashicorp/go-getter#582

[chore] : Bump the go group with 3 updates by @dependabot[bot] in hashicorp/go-getter#583

test that arbitrary files cannot be checksummed by @schmichael in hashicorp/go-getter#250

[chore] : Bump google.golang.org/api from 0.260.0 to 0.262.0 in the go group by @dependabot[bot] in hashicorp/go-getter#585

[chore] : Bump actions/checkout from 6.0.1 to 6.0.2 in the actions group by @dependabot[bot] in hashicorp/go-getter#586

[chore] : Bump the go group with 3 updates by @dependabot[bot] in hashicorp/go-getter#588

[chore] : Bump actions/cache from 5.0.2 to 5.0.3 in the actions group by @dependabot[bot] in hashicorp/go-getter#589

[chore] : Bump aws-actions/configure-aws-credentials from 5.1.1 to 6.0.0 in the actions group by @dependabot[bot] in hashicorp/go-getter#592

[chore] : Bump google.golang.org/api from 0.264.0 to 0.265.0 in the go group by @dependabot[bot] in hashicorp/go-getter#591

[chore] : Bump the go group with 5 updates by @dependabot[bot] in hashicorp/go-getter#593

IND-6310 - CRT Onboarding by @nasareeny in hashicorp/go-getter#584

Fix crt build path by @ssagarverma in hashicorp/go-getter#594

[chore] : Bump the go group with 3 updates by @dependabot[bot] in hashicorp/go-getter#596

fix: remove checkout action from set-product-version job by @ssagarverma in hashicorp/go-getter#598

[chore] : Bump the actions group with 4 updates by @dependabot[bot] in hashicorp/go-getter#595

fix(deps): upgrade go.opentelemetry.io/otel/sdk to v1.40.0 (GO-2026-4394) by @ssagarverma in hashicorp/go-getter#599

Prepare go-getter for v1.8.5 release by @nasareeny in hashicorp/go-getter#597

[chore] : Bump the actions group with 2 updates by @dependabot[bot] in hashicorp/go-getter#600

sec: bump go and xrepos + redact aws tokens in url by @dduzgun-security in hashicorp/go-getter#604

NOTES:

Binary Distribution Update: To streamline our release process and align with other HashiCorp tools, all release binaries will now be published exclusively to the official HashiCorp release site. We will no longer attach release assets to GitHub Releases.

New Contributors

@Ericwww made their first contribution in hashicorp/go-getter#475

@martijnvdp made their first contribution in hashicorp/go-getter#539

@nimasamii made their first contribution in hashicorp/go-getter#382

@nasareeny made their first contribution in hashicorp/go-getter#584

Full Changelog: hashicorp/go-getter@v1.8.4...v1.8.5

Commits

d23bff4 Merge pull request #608 from hashicorp/dependabot/go_modules/go-security-9c51...
2c4aba8 Merge pull request #613 from hashicorp/pull/v1.8.6
fe61ed9 Merge pull request #611 from hashicorp/SECVULN-41053
d533656 Merge pull request #606 from hashicorp/pull/CRT
388f23d Additional test for local branch and head
b7ceaa5 harden checkout ref handling and added regression tests
769cc14 Release version bump up
6086a6a Review Comments Addressed
e02063c Revert "SECVULN Fix for git checkout argument injection enables arbitrary fil...
c93084d [chore] : Bump google.golang.org/grpc
Additional commits viewable in compare view

Updates github.com/hashicorp/go-version from 1.8.0 to 1.9.0

Release notes

Sourced from github.com/hashicorp/go-version's releases.

v1.9.0

What's Changed

Enhancements

Add support for prefix of any character by @brondum in hashicorp/go-version#79

Internal

Update CHANGELOG for version 1.8.0 enhancements by @sonamtenzin2 in hashicorp/go-version#178

Bump the github-actions-backward-compatible group across 1 directory with 2 updates by @dependabot[bot] in hashicorp/go-version#179

Bump the github-actions-breaking group with 4 updates by @dependabot[bot] in hashicorp/go-version#180

Bump the github-actions-backward-compatible group with 3 updates by @dependabot[bot] in hashicorp/go-version#182

Update GitHub Actions to trigger on pull requests and update go version by @ssagarverma in hashicorp/go-version#185

Bump actions/upload-artifact from 6.0.0 to 7.0.0 in the github-actions-breaking group across 1 directory by @dependabot[bot] in hashicorp/go-version#183

Bump the github-actions-backward-compatible group across 1 directory with 2 updates by @dependabot[bot] in hashicorp/go-version#186

New Contributors

@sonamtenzin2 made their first contribution in hashicorp/go-version#178

@brondum made their first contribution in hashicorp/go-version#79

@ssagarverma made their first contribution in hashicorp/go-version#185

Full Changelog: hashicorp/go-version@v1.8.0...v1.9.0

Changelog

Sourced from github.com/hashicorp/go-version's changelog.

1.9.0 (Mar 30, 2026)

ENHANCEMENTS:

Support parsing versions with custom prefixes via opt-in option in hashicorp/go-version#79

INTERNAL:

Bump the github-actions-backward-compatible group across 1 directory with 2 updates in hashicorp/go-version#179

Bump the github-actions-breaking group with 4 updates in hashicorp/go-version#180

Bump the github-actions-backward-compatible group with 3 updates in hashicorp/go-version#182

Update GitHub Actions to trigger on pull requests and update go version in hashicorp/go-version#185

Bump actions/upload-artifact from 6.0.0 to 7.0.0 in the github-actions-breaking group across 1 directory in hashicorp/go-version#183

Bump the github-actions-backward-compatible group across 1 directory with 2 updates in hashicorp/go-version#186

Commits

b80b1e6 Update CHANGELOG for version 1.9.0 (#187)
e93736f Bump the github-actions-backward-compatible group across 1 directory with 2 u...
c009de0 Bump actions/upload-artifact from 6.0.0 to 7.0.0 in the github-actions-breaki...
0474357 Update GitHub Actions to trigger on pull requests and update go version (#185)
b4ab5fc Support parsing versions with custom prefixes via opt-in option (#79)
25c683b Merge pull request #182 from hashicorp/dependabot/github_actions/github-actio...
4f2bcd8 Bump the github-actions-backward-compatible group with 3 updates
acb8b18 Merge pull request #180 from hashicorp/dependabot/github_actions/github-actio...
0394c4f Merge pull request #179 from hashicorp/dependabot/github_actions/github-actio...
b2fbaa7 Bump the github-actions-backward-compatible group across 1 directory with 2 u...
Additional commits viewable in compare view

Updates github.com/hashicorp/hc-install from 0.9.2 to 0.9.3

Release notes

Sourced from github.com/hashicorp/hc-install's releases.

v0.9.3

DEPENDENCIES:

build(deps): bump github.com/go-git/go-git/v5 from 5.14.0 to 5.16.5 (#294, #296, #302, #306, #321, #327, #342)

build(deps): bump github.com/hashicorp/go-retryablehttp from 0.7.7 to 0.7.8 (#307)

build(deps): bump github.com/hashicorp/go-version from 1.7.0 to 1.8.0 (#332)

build(deps): bump github.com/ProtonMail/go-crypto from 1.1.6 to 1.3.0 (#295, #301)

build(deps): bump golang.org/x/crypto from 0.37.0 to 0.45.0 (#326)

build(deps): bump golang.org/x/mod from 0.24.0 to 0.33.0 (#303, #309, #315, #319, #322, #325, #335, #338, #343)

INTERNAL:

go: bump version from 1.24.2 to 1.24.13 (#318, #331, #344)

Commits

08dbb4f github/release: Update Slack channel reference (#347)
f8f2e09 Prepare for 0.9.3 release (#346)
f8cc5ed go: bump version to 1.24.13 (#344)
fe07af6 Update copyright headers to IBM (#345)
b6ac954 build(deps): bump golang.org/x/mod from 0.32.0 to 0.33.0 (#343)
9543c11 build(deps): bump github.com/go-git/go-git/v5 from 5.16.4 to 5.16.5 (#342)
a6d0e0a build(deps): bump actions/checkout from 6.0.1 to 6.0.2 in the github-actions-...
17a8292 build(deps): bump actions/setup-go from 6.1.0 to 6.2.0 in the github-actions-...
78824a8 build(deps): bump golang.org/x/mod from 0.31.0 to 0.32.0 (#338)
e7288fa build(deps): bump actions/upload-artifact from 5.0.0 to 6.0.0 in the github-a...
Additional commits viewable in compare view

Updates github.com/hashicorp/terraform-exec from 0.24.0 to 0.25.0

Release notes

Sourced from github.com/hashicorp/terraform-exec's releases.

v0.25.0

NOTES:

bump Go compatibility from 1.23 to 1.24 (in-line with Go's support policy) (#548, #557)

ENHANCEMENTS:

tfexec: Added provider reattach support to all terraform workspace subcommands (#556)

tfexec: Add -generate-config-out to the (Terraform).Plan() method (#563)

Add support for providers mirror subcommand (#551)

DEPENDENCIES:

build(deps): bump golang.org/x/crypto from 0.36.0 to 0.45.0 (#547)

build(deps): bump github.com/hashicorp/go-version from 1.7.0 to 1.8.0 (#552)

build(deps): bump github.com/hashicorp/hc-install from 0.9.2 to 0.9.3 (#566)

build(deps): bump github.com/hashicorp/terraform-json from 0.27.1 to 0.27.2 (#542)

build(deps): bump github.com/zclconf/go-cty from 1.16.4 to 1.17.0 (#535)

Changelog

Sourced from github.com/hashicorp/terraform-exec's changelog.

0.25.0 (February 16, 2026)

NOTES:

bump Go compatibility from 1.23 to 1.24 (in-line with Go's support policy) (#548, #557)

ENHANCEMENTS:

tfexec: Added provider reattach support to all terraform workspace subcommands (#556)

tfexec: Add -generate-config-out to the (Terraform).Plan() method (#563)

Add support for providers mirror subcommand (#551)

DEPENDENCIES:

build(deps): bump golang.org/x/crypto from 0.36.0 to 0.45.0 (#547)

build(deps): bump github.com/hashicorp/go-version from 1.7.0 to 1.8.0 (#552)

build(deps): bump github.com/hashicorp/hc-install from 0.9.2 to 0.9.3 (#566)

build(deps): bump github.com/hashicorp/terraform-json from 0.27.1 to 0.27.2 (#542)

build(deps): bump github.com...
Description has been truncated

Bumps the common group with 20 updates in the / directory: | Package | From | To | | --- | --- | --- | | [github.com/GoogleCloudPlatform/docker-credential-gcr/v2](https://github.com/GoogleCloudPlatform/docker-credential-gcr) | `2.1.31` | `2.1.32` | | [github.com/alicebob/miniredis/v2](https://github.com/alicebob/miniredis) | `2.36.1` | `2.37.0` | | [github.com/containerd/containerd/v2](https://github.com/containerd/containerd) | `2.2.1` | `2.2.2` | | [github.com/containerd/platforms](https://github.com/containerd/platforms) | `1.0.0-rc.2` | `1.0.0-rc.4` | | [github.com/fatih/color](https://github.com/fatih/color) | `1.18.0` | `1.19.0` | | [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) | `5.16.5` | `5.17.2` | | [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry) | `0.20.7` | `0.21.3` | | [github.com/hashicorp/go-getter](https://github.com/hashicorp/go-getter) | `1.8.4` | `1.8.6` | | [github.com/hashicorp/go-version](https://github.com/hashicorp/go-version) | `1.8.0` | `1.9.0` | | [github.com/hashicorp/hc-install](https://github.com/hashicorp/hc-install) | `0.9.2` | `0.9.3` | | [github.com/hashicorp/terraform-exec](https://github.com/hashicorp/terraform-exec) | `0.24.0` | `0.25.0` | | [github.com/magefile/mage](https://github.com/magefile/mage) | `1.15.0` | `1.17.1` | | [github.com/open-policy-agent/opa](https://github.com/open-policy-agent/opa) | `1.13.1` | `1.15.1` | | [github.com/openvex/go-vex](https://github.com/openvex/go-vex) | `0.2.7` | `0.2.8` | | [github.com/samber/lo](https://github.com/samber/lo) | `1.52.0` | `1.53.0` | | [github.com/sigstore/rekor](https://github.com/sigstore/rekor) | `1.5.0` | `1.5.1` | | [github.com/zclconf/go-cty](https://github.com/zclconf/go-cty) | `1.17.0` | `1.18.0` | | [helm.sh/helm/v3](https://github.com/helm/helm) | `3.20.0` | `3.20.1` | | [modernc.org/sqlite](https://gitlab.com/cznic/sqlite) | `1.45.0` | `1.48.1` | | [github.com/nikolalohinski/gonja/v2](https://github.com/nikolalohinski/gonja) | `2.6.0` | `2.7.0` | Updates `github.com/GoogleCloudPlatform/docker-credential-gcr/v2` from 2.1.31 to 2.1.32 - [Release notes](https://github.com/GoogleCloudPlatform/docker-credential-gcr/releases) - [Commits](GoogleCloudPlatform/docker-credential-gcr@v2.1.31...v2.1.32) Updates `github.com/alicebob/miniredis/v2` from 2.36.1 to 2.37.0 - [Release notes](https://github.com/alicebob/miniredis/releases) - [Changelog](https://github.com/alicebob/miniredis/blob/master/CHANGELOG.md) - [Commits](alicebob/miniredis@v2.36.1...v2.37.0) Updates `github.com/containerd/containerd/v2` from 2.2.1 to 2.2.2 - [Release notes](https://github.com/containerd/containerd/releases) - [Changelog](https://github.com/containerd/containerd/blob/main/RELEASES.md) - [Commits](containerd/containerd@v2.2.1...v2.2.2) Updates `github.com/containerd/platforms` from 1.0.0-rc.2 to 1.0.0-rc.4 - [Release notes](https://github.com/containerd/platforms/releases) - [Commits](containerd/platforms@v1.0.0-rc.2...v1.0.0-rc.4) Updates `github.com/fatih/color` from 1.18.0 to 1.19.0 - [Release notes](https://github.com/fatih/color/releases) - [Commits](fatih/color@v1.18.0...v1.19.0) Updates `github.com/go-git/go-git/v5` from 5.16.5 to 5.17.2 - [Release notes](https://github.com/go-git/go-git/releases) - [Commits](go-git/go-git@v5.16.5...v5.17.2) Updates `github.com/google/go-containerregistry` from 0.20.7 to 0.21.3 - [Release notes](https://github.com/google/go-containerregistry/releases) - [Commits](google/go-containerregistry@v0.20.7...v0.21.3) Updates `github.com/hashicorp/go-getter` from 1.8.4 to 1.8.6 - [Release notes](https://github.com/hashicorp/go-getter/releases) - [Commits](hashicorp/go-getter@v1.8.4...v1.8.6) Updates `github.com/hashicorp/go-version` from 1.8.0 to 1.9.0 - [Release notes](https://github.com/hashicorp/go-version/releases) - [Changelog](https://github.com/hashicorp/go-version/blob/main/CHANGELOG.md) - [Commits](hashicorp/go-version@v1.8.0...v1.9.0) Updates `github.com/hashicorp/hc-install` from 0.9.2 to 0.9.3 - [Release notes](https://github.com/hashicorp/hc-install/releases) - [Commits](hashicorp/hc-install@v0.9.2...v0.9.3) Updates `github.com/hashicorp/terraform-exec` from 0.24.0 to 0.25.0 - [Release notes](https://github.com/hashicorp/terraform-exec/releases) - [Changelog](https://github.com/hashicorp/terraform-exec/blob/main/CHANGELOG.md) - [Commits](hashicorp/terraform-exec@v0.24.0...v0.25.0) Updates `github.com/magefile/mage` from 1.15.0 to 1.17.1 - [Release notes](https://github.com/magefile/mage/releases) - [Commits](magefile/mage@v1.15.0...v1.17.1) Updates `github.com/open-policy-agent/opa` from 1.13.1 to 1.15.1 - [Release notes](https://github.com/open-policy-agent/opa/releases) - [Changelog](https://github.com/open-policy-agent/opa/blob/main/CHANGELOG.md) - [Commits](open-policy-agent/opa@v1.13.1...v1.15.1) Updates `github.com/openvex/go-vex` from 0.2.7 to 0.2.8 - [Release notes](https://github.com/openvex/go-vex/releases) - [Commits](openvex/go-vex@v0.2.7...v0.2.8) Updates `github.com/package-url/packageurl-go` from 0.1.3 to 0.1.5 - [Release notes](https://github.com/package-url/packageurl-go/releases) - [Commits](package-url/packageurl-go@v0.1.3...v0.1.5) Updates `github.com/samber/lo` from 1.52.0 to 1.53.0 - [Release notes](https://github.com/samber/lo/releases) - [Commits](samber/lo@v1.52.0...v1.53.0) Updates `github.com/sigstore/rekor` from 1.5.0 to 1.5.1 - [Release notes](https://github.com/sigstore/rekor/releases) - [Changelog](https://github.com/sigstore/rekor/blob/main/CHANGELOG.md) - [Commits](sigstore/rekor@v1.5.0...v1.5.1) Updates `github.com/zclconf/go-cty` from 1.17.0 to 1.18.0 - [Release notes](https://github.com/zclconf/go-cty/releases) - [Changelog](https://github.com/zclconf/go-cty/blob/main/CHANGELOG.md) - [Commits](zclconf/go-cty@v1.17.0...v1.18.0) Updates `golang.org/x/crypto` from 0.48.0 to 0.49.0 - [Commits](golang/crypto@v0.48.0...v0.49.0) Updates `golang.org/x/mod` from 0.33.0 to 0.34.0 - [Commits](golang/mod@v0.33.0...v0.34.0) Updates `golang.org/x/net` from 0.50.0 to 0.52.0 - [Commits](golang/net@v0.50.0...v0.52.0) Updates `golang.org/x/sync` from 0.19.0 to 0.20.0 - [Commits](golang/sync@v0.19.0...v0.20.0) Updates `golang.org/x/term` from 0.40.0 to 0.41.0 - [Commits](golang/term@v0.40.0...v0.41.0) Updates `golang.org/x/text` from 0.34.0 to 0.35.0 - [Release notes](https://github.com/golang/text/releases) - [Commits](golang/text@v0.34.0...v0.35.0) Updates `golang.org/x/tools` from 0.42.0 to 0.43.0 - [Release notes](https://github.com/golang/tools/releases) - [Commits](golang/tools@v0.42.0...v0.43.0) Updates `golang.org/x/xerrors` from 0.0.0-20240716161551-93cc26a95ae9 to 0.0.0-20240903120638-7835f813f4da - [Commits](https://github.com/golang/xerrors/commits) Updates `helm.sh/helm/v3` from 3.20.0 to 3.20.1 - [Release notes](https://github.com/helm/helm/releases) - [Commits](helm/helm@v3.20.0...v3.20.1) Updates `k8s.io/api` from 0.35.0 to 0.35.1 - [Commits](kubernetes/api@v0.35.0...v0.35.1) Updates `modernc.org/sqlite` from 1.45.0 to 1.48.1 - [Changelog](https://gitlab.com/cznic/sqlite/blob/master/CHANGELOG.md) - [Commits](https://gitlab.com/cznic/sqlite/compare/v1.45.0...v1.48.1) Updates `github.com/nikolalohinski/gonja/v2` from 2.6.0 to 2.7.0 - [Commits](NikolaLohinski/gonja@v2.6.0...v2.7.0) --- updated-dependencies: - dependency-name: github.com/GoogleCloudPlatform/docker-credential-gcr/v2 dependency-version: 2.1.32 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: common - dependency-name: github.com/alicebob/miniredis/v2 dependency-version: 2.37.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: common - dependency-name: github.com/containerd/containerd/v2 dependency-version: 2.2.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: common - dependency-name: github.com/containerd/platforms dependency-version: 1.0.0-rc.4 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: common - dependency-name: github.com/fatih/color dependency-version: 1.19.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: common - dependency-name: github.com/go-git/go-git/v5 dependency-version: 5.17.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: common - dependency-name: github.com/google/go-containerregistry dependency-version: 0.21.3 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: common - dependency-name: github.com/hashicorp/go-getter dependency-version: 1.8.6 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: common - dependency-name: github.com/hashicorp/go-version dependency-version: 1.9.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: common - dependency-name: github.com/hashicorp/hc-install dependency-version: 0.9.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: common - dependency-name: github.com/hashicorp/terraform-exec dependency-version: 0.25.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: common - dependency-name: github.com/magefile/mage dependency-version: 1.17.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: common - dependency-name: github.com/open-policy-agent/opa dependency-version: 1.15.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: common - dependency-name: github.com/openvex/go-vex dependency-version: 0.2.8 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: common - dependency-name: github.com/package-url/packageurl-go dependency-version: 0.1.5 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: common - dependency-name: github.com/samber/lo dependency-version: 1.53.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: common - dependency-name: github.com/sigstore/rekor dependency-version: 1.5.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: common - dependency-name: github.com/zclconf/go-cty dependency-version: 1.18.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: common - dependency-name: golang.org/x/crypto dependency-version: 0.49.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: common - dependency-name: golang.org/x/mod dependency-version: 0.34.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: common - dependency-name: golang.org/x/net dependency-version: 0.52.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: common - dependency-name: golang.org/x/sync dependency-version: 0.20.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: common - dependency-name: golang.org/x/term dependency-version: 0.41.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: common - dependency-name: golang.org/x/text dependency-version: 0.35.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: common - dependency-name: golang.org/x/tools dependency-version: 0.43.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: common - dependency-name: golang.org/x/xerrors dependency-version: 0.0.0-20240903120638-7835f813f4da dependency-type: direct:production update-type: version-update:semver-patch dependency-group: common - dependency-name: helm.sh/helm/v3 dependency-version: 3.20.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: common - dependency-name: k8s.io/api dependency-version: 0.35.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: common - dependency-name: modernc.org/sqlite dependency-version: 1.48.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: common - dependency-name: github.com/nikolalohinski/gonja/v2 dependency-version: 2.7.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: common ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update go code labels Apr 8, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): bump the common group across 1 directory with 30 updates#256

chore(deps): bump the common group across 1 directory with 30 updates#256
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/go_modules/common-4cf8e925d1

dependabot bot commented on behalf of github Apr 8, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot bot commented on behalf of github Apr 8, 2026

v2.1.32

What's Changed

New Contributors

HEXPIRE

v2.37.0

containerd 2.2.2

Highlights

Container Runtime Interface (CRI)

Runtime

ctr development tool

Contributors

v1.0.0-rc.4

What's Changed

v1.0.0-rc.3

What's Changed

v1.19.0

What's Changed

New Contributors

v5.17.2

What's Changed

v5.17.1

What's Changed

v5.17.0

What's Changed

v0.21.3

What's Changed

New Contributors

v0.21.2

What's Changed

v0.21.1

What's Changed

New Contributors

v0.21.0

What's Changed

v1.8.6

v1.8.5

What's Changed

New Contributors

v1.9.0

What's Changed

Enhancements

Internal

New Contributors

1.9.0 (Mar 30, 2026)

v0.9.3

v0.25.0

0.25.0 (February 16, 2026)

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants