Skip to content

chore(deps): bump the gomod group across 1 directory with 12 updates #710

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

chore(deps): bump the gomod group across 1 directory with 12 updates #710

wants to merge 1 commit into from

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Oct 27, 2025
edited
Loading

Bumps the gomod group with 7 updates in the / directory:

Package From To
github.com/prometheus/client_golang 1.22.0 1.23.2
github.com/spf13/cobra 1.9.1 1.10.1
github.com/prometheus/procfs 0.17.0 0.19.1
github.com/secure-systems-lab/go-securesystemslib 0.9.0 0.9.1
go.yaml.in/yaml/v2 2.4.2 2.4.3
golang.org/x/crypto 0.40.0 0.43.0
sigs.k8s.io/yaml 1.5.0 1.6.0

Updates github.com/prometheus/client_golang from 1.22.0 to 1.23.2

Release notes

Sourced from github.com/prometheus/client_golang's releases.

v1.23.2 - 2025-09-05

This release is made to upgrade to prometheus/common v0.66.1, which drops the dependencies github.com/grafana/regexp and go.uber.org/atomic and replaces gopkg.in/yaml.v2 with go.yaml.in/yaml/v2 (a drop-in replacement). There are no functional changes.

Full Changelog: prometheus/client_golang@v1.23.1...v1.23.2

v1.23.1 - 2025-09-04

This release is made to be compatible with a backwards incompatible API change in prometheus/common v0.66.0. There are no functional changes.

Full Changelog: prometheus/client_golang@v1.23.0...v1.23.1

v1.23.0 - 2025-07-30

  • [CHANGE] Minimum required Go version is now 1.23, only the two latest Go versions are supported from now on. #1812
  • [FEATURE] Add WrapCollectorWith and WrapCollectorWithPrefix #1766
  • [FEATURE] Add exemplars for native histograms #1686
  • [ENHANCEMENT] exp/api: Bubble up status code from writeResponse #1823
  • [ENHANCEMENT] collector/go: Update runtime metrics for Go v1.23 and v1.24 #1833
  • [BUGFIX] exp/api: client prompt return on context cancellation #1729

... (truncated)

Changelog

Sourced from github.com/prometheus/client_golang's changelog.

1.23.2 / 2025-09-05

This release is made to upgrade to prometheus/common v0.66.1, which drops the dependencies github.com/grafana/regexp and go.uber.org/atomic and replaces gopkg.in/yaml.v2 with go.yaml.in/yaml/v2 (a drop-in replacement). There are no functional changes.

1.23.1 / 2025-09-04

This release is made to be compatible with a backwards incompatible API change in prometheus/common v0.66.0. There are no functional changes.

1.23.0 / 2025-07-30

  • [CHANGE] Minimum required Go version is now 1.23, only the two latest Go versions are supported from now on. #1812
  • [FEATURE] Add WrapCollectorWith and WrapCollectorWithPrefix #1766
  • [FEATURE] Add exemplars for native histograms #1686
  • [ENHANCEMENT] exp/api: Bubble up status code from writeResponse #1823
  • [ENHANCEMENT] collector/go: Update runtime metrics for Go v1.23 and v1.24 #1833
  • [BUGFIX] exp/api: client prompt return on context cancellation #1729
Commits

Updates github.com/spf13/cobra from 1.9.1 to 1.10.1

Release notes

Sourced from github.com/spf13/cobra's releases.

v1.10.1

🐛 Fix

v1.0.9 of pflags brought back ParseErrorsWhitelist and marked it as deprecated

Full Changelog: spf13/cobra@v1.10.0...v1.10.1

v1.10.0

What's Changed

🚨 Attention!

This version of pflag carried a breaking change: it renamed ParseErrorsWhitelist to ParseErrorsAllowlist which can break builds if both pflag and cobra are dependencies in your project.

  • If you use both pflag and cobra, upgrade pflagto 1.0.8 andcobrato1.10.0`
  • or use the newer, fixed version of pflag v1.0.9 which keeps the deprecated ParseErrorsWhitelist

More details can be found here: spf13/cobra#2303

✨ Features

🐛 Fix

🪠 Testing

📝 Docs

New Contributors

... (truncated)

Commits
  • 7da941c chore: Bump pflag to v1.0.9 (#2305)
  • 51d6751 Bump pflag to 1.0.8 (#2303)
  • 3f3b818 Update README.md with new logo
  • dcaf42e Add Periscope to the list of projects using Cobra (#2299)
  • 6dec1ae The default ShellCompDirective can be customized for a command and its subcom...
  • c8289c1 chore(golangci-lint): add some exclusion presets
  • 4af7b64 refactor: apply golangci-lint autofixes, work around false positives
  • 75790e4 chore(golangci-lint): upgrade to v2
  • db3ddb5 Adding sponsorship to README.md
  • 67171d6 putting sponsorship below header
  • Additional commits viewable in compare view

Updates github.com/prometheus/common from 0.65.0 to 0.66.1

Release notes

Sourced from github.com/prometheus/common's releases.

v0.66.1

This release has no functional changes, it just drops the dependencies github.com/grafana/regexp and go.uber.org/atomic and replaces gopkg.in/yaml.v2 with go.yaml.in/yaml/v2 (a drop-in replacement).

What's Changed

Full Changelog: prometheus/common@v1.20.99...v0.66.1

v0.66.0

⚠️ Breaking Changes ⚠️

  • A default-constructed TextParser will be invalid. It must have a valid scheme set, so users should use the NewTextParser function to create a valid TextParser. Otherwise parsing will panic with "Invalid name validation scheme requested: unset".

What's Changed

New Contributors

... (truncated)

Changelog

Sourced from github.com/prometheus/common's changelog.

v0.66.1 / 2025-09-05

This release has no functional changes, it just drops the dependencies github.com/grafana/regexp and go.uber.org/atomic and replaces gopkg.in/yaml.v2 with go.yaml.in/yaml/v2 (a drop-in replacement).

What's Changed

Full Changelog: prometheus/common@v1.20.99...v0.66.1

v0.66.0 / 2025-09-02

⚠️ Breaking Changes ⚠️

  • A default-constructed TextParser will be invalid. It must have a valid scheme set, so users should use the NewTextParser function to create a valid TextParser. Otherwise parsing will panic with "Invalid name validation scheme requested: unset".

What's Changed

New Contributors

... (truncated)

Commits
  • 8975dde Revert "Use go.uber.org/atomic instead of sync/atomic (#825)" (#838)
  • 08d7f66 Move to supported version of yaml parser (#834)
  • 80e275e Revert "Use github.com/grafana/regexp instead of regexp" (#835)
  • 4c2f9e7 Merge pull request #832 from roidelapluie/retract
  • e120453 Retract v1.20.3
  • 2b1487c Merge pull request #827 from prometheus/dependabot/go_modules/github.com/stre...
  • db38951 Merge pull request #829 from prometheus/dependabot/go_modules/golang.org/x/ne...
  • 9e19a90 build(deps): bump github.com/stretchr/testify from 1.10.0 to 1.11.1
  • a1ba2a7 build(deps): bump golang.org/x/net from 0.42.0 to 0.43.0
  • c7a031c Merge pull request #830 from prometheus/dependabot/go_modules/google.golang.o...
  • Additional commits viewable in compare view

Updates github.com/prometheus/procfs from 0.17.0 to 0.19.1

Release notes

Sourced from github.com/prometheus/procfs's releases.

v0.19.1

What's Changed

Full Changelog: prometheus/procfs@v0.19.0...v0.19.1

v0.19.0

What's Changed

New Contributors

Full Changelog: prometheus/procfs@v0.18.0...v0.19.0

v0.18.0

What's Changed

New Contributors

Full Changelog: prometheus/procfs@v0.17.0...v0.18.0

Commits

Updates github.com/secure-systems-lab/go-securesystemslib from 0.9.0 to 0.9.1

Commits
  • a1a33cd Merge pull request #120 from secure-systems-lab/dependabot/github_actions/dom...
  • 4f201c1 Merge pull request #122 from rosstimothy/tross/remove_testing
  • 5d1cc26 Move hexDecode test helper into a test file
  • ebae973 Merge pull request #121 from secure-systems-lab/dependabot/go_modules/golang....
  • 551dff1 chore(deps): bump golang.org/x/crypto from 0.39.0 to 0.40.0
  • 50ac487 chore(deps): bump dominikh/staticcheck-action from 1.3.1 to 1.4.0
  • 9d9f015 Merge pull request #117 from secure-systems-lab/dependabot/go_modules/golang....
  • 9aa50ea chore(deps): bump golang.org/x/crypto from 0.38.0 to 0.39.0
  • 3e526e2 Merge pull request #115 from secure-systems-lab/dependabot/go_modules/golang....
  • a1093e6 Merge pull request #116 from secure-systems-lab/dependabot/github_actions/act...
  • Additional commits viewable in compare view

Updates github.com/spf13/pflag from 1.0.7 to 1.0.9

Release notes

Sourced from github.com/spf13/pflag's releases.

v1.0.9

What's Changed

Full Changelog: spf13/pflag@v1.0.8...v1.0.9

v1.0.8

⚠️ Breaking Change

This version, while only a patch bump, includes a (very minor) breaking change: the flag.ParseErrorsWhitelist struct and corresponding FlagSet.parseErrorsWhitelist field have been renamed to ParseErrorsAllowlist.

This should result in compilation errors in any code that uses these fields, which can be fixed by adjusting the names at call sites. There is no change in semantics or behavior of the struct or field referred to by these names. If your code compiles without errors after bumping to/past v1.0.8, you are not affected by this change.

The breaking change was reverted in v1.0.9, by means of re-introducing the old names with deprecation warnings. The plan is still to remove them in a future release, so if your code does depend on the old names, please change them to use the new names at your earliest convenience.

What's Changed

New Contributors

Full Changelog: spf13/pflag@v1.0.7...v1.0.8

Commits
  • 1043857 Merge pull request #446 from spf13/fix-backwards-compat
  • 7412009 fix: Restore ParseErrorsWhitelist name for now
  • b9c16fa Merge pull request #444 from spf13/reset-args-even-if-empty
  • 40abc49 Merge pull request #443 from spf13/silence-errhelp
  • 1bf832c Use errors.Is instead of equality check
  • d25dd24 Reset args on re-parse even if empty
  • 094909d Merge pull request #365 from vaguecoder/str2str-sorted
  • ccb49e5 Print Default Values of String-to-String in Sorted Order
  • b55ffb6 fix: Don't print ErrHelp in ParseAll
  • 7c651d1 Merge pull request #407 from tmc/fix-errhelp
  • Additional commits viewable in compare view

Updates go.yaml.in/yaml/v2 from 2.4.2 to 2.4.3

Commits

Updates golang.org/x/crypto from 0.40.0 to 0.43.0

Commits
  • 627cb89 go.mod: update golang.org/x dependencies
  • dca4914 acme: fix autocert TestHTTPHandlerDefaultFallback
  • 1336e21 x509roots/fallback: update bundle
  • 2beaa59 ssh: add VerifiedPublicKeyCallback
  • 66c3d8c ssh: add support for FIPS mode
  • ddb4e80 ssh: remove custom contains, use slices.Contains
  • f4d47b0 ssh: return clearer error when signature algorithm is used as key format
  • 96dc232 x509roots/fallback/bundle: add bundle package to export root certs
  • 8c9ba31 all: freeze and deprecate more packages
  • 559e062 ssh/agent: return an error for unexpected message types
  • Additional commits viewable in compare view

Updates golang.org/x/sys from 0.34.0 to 0.37.0

Commits
  • 1edeebe unix: mkall.sh: fail if docker build failed
  • ecada54 unix: use slices.{Equal,Sort} in tests
  • 5e63aa5 windows: export O_FILE_FLAG_* to be used in os.OpenFile on windows
  • 033906b unix: add (*CPUSet).Fill helper to enable all CPUs
  • 6be6c58 windows: add FlushConsoleInputBuffer and GetNumberOfConsoleInputEvents
  • 32e2038 unix: use Go 1.21+ clear built-in
  • 137f2ed sys: add support for NetBSD getvfsstat
  • b06ce05 windows: add FILE_ZERO_DATA_INFORMATION
  • 689cc11 unix: fix Listen on solaris
  • a4712b9 plan9: drop go version tags for unsupported versions
  • Additional commits viewable in compare view

Updates golang.org/x/text from 0.27.0 to 0.30.0

Commits
  • c6abd03 go.mod: update golang.org/x dependencies
  • 42f038d x/text: fix nil dereference in gotext extract
  • a42f0e2 all: use built-in max/min to simplify the code
  • e69f31b go.mod: update golang.org/x dependencies
  • 60c9786 all: upgrade go directive to at least 1.24.0 [generated]
  • 425d715 go.mod: update golang.org/x dependencies
  • See full diff in compare view

Updates google.golang.org/protobuf from 1.36.6 to 1.36.8

Updates sigs.k8s.io/yaml from 1.5.0 to 1.6.0

Release notes

Sourced from sigs.k8s.io/yaml's releases.

v1.6.0

What's Changed

Commits
  • 048d724 Merge pull request #132 from thockin/master
  • 23c836c Bolster tests, mostly in error-handling
  • 2e3340b Add compact output tests
  • 4a4f539 Add test case for tabs in multi-line strings
  • 13509ad Change which methods get a newline and fix tests
  • 59c2c43 Add compact mode so KYAML can be used in more places
  • abc1add kyaml: Implement escaping closer to YAML spec
  • 7749171 Add a yamlfmt cmd
  • a932007 Add KYAML support
  • See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Oct 27, 2025
@06kellyjac
Copy link
Member

06kellyjac commented Nov 12, 2025

@dependabot recreate

@dependabot
chore(deps): bump the gomod group across 1 directory with 12 updates
ccd8718 
Bumps the gomod group with 7 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [github.com/prometheus/client_golang](https://github.com/prometheus/client_golang) | `1.22.0` | `1.23.2` |
| [github.com/spf13/cobra](https://github.com/spf13/cobra) | `1.9.1` | `1.10.1` |
| [github.com/prometheus/procfs](https://github.com/prometheus/procfs) | `0.17.0` | `0.19.1` |
| [github.com/secure-systems-lab/go-securesystemslib](https://github.com/secure-systems-lab/go-securesystemslib) | `0.9.0` | `0.9.1` |
| [go.yaml.in/yaml/v2](https://github.com/yaml/go-yaml) | `2.4.2` | `2.4.3` |
| [golang.org/x/crypto](https://github.com/golang/crypto) | `0.40.0` | `0.43.0` |
| [sigs.k8s.io/yaml](https://github.com/kubernetes-sigs/yaml) | `1.5.0` | `1.6.0` |



Updates `github.com/prometheus/client_golang` from 1.22.0 to 1.23.2
- [Release notes](https://github.com/prometheus/client_golang/releases)
- [Changelog](https://github.com/prometheus/client_golang/blob/main/CHANGELOG.md)
- [Commits](prometheus/client_golang@v1.22.0...v1.23.2)

Updates `github.com/spf13/cobra` from 1.9.1 to 1.10.1
- [Release notes](https://github.com/spf13/cobra/releases)
- [Commits](spf13/cobra@v1.9.1...v1.10.1)

Updates `github.com/prometheus/common` from 0.65.0 to 0.66.1
- [Release notes](https://github.com/prometheus/common/releases)
- [Changelog](https://github.com/prometheus/common/blob/main/CHANGELOG.md)
- [Commits](prometheus/common@v0.65.0...v0.66.1)

Updates `github.com/prometheus/procfs` from 0.17.0 to 0.19.1
- [Release notes](https://github.com/prometheus/procfs/releases)
- [Commits](prometheus/procfs@v0.17.0...v0.19.1)

Updates `github.com/secure-systems-lab/go-securesystemslib` from 0.9.0 to 0.9.1
- [Release notes](https://github.com/secure-systems-lab/go-securesystemslib/releases)
- [Commits](secure-systems-lab/go-securesystemslib@v0.9.0...v0.9.1)

Updates `github.com/spf13/pflag` from 1.0.7 to 1.0.9
- [Release notes](https://github.com/spf13/pflag/releases)
- [Commits](spf13/pflag@v1.0.7...v1.0.9)

Updates `go.yaml.in/yaml/v2` from 2.4.2 to 2.4.3
- [Commits](yaml/go-yaml@v2.4.2...v2.4.3)

Updates `golang.org/x/crypto` from 0.40.0 to 0.43.0
- [Commits](golang/crypto@v0.40.0...v0.43.0)

Updates `golang.org/x/sys` from 0.34.0 to 0.37.0
- [Commits](golang/sys@v0.34.0...v0.37.0)

Updates `golang.org/x/text` from 0.27.0 to 0.30.0
- [Release notes](https://github.com/golang/text/releases)
- [Commits](golang/text@v0.27.0...v0.30.0)

Updates `google.golang.org/protobuf` from 1.36.6 to 1.36.8

Updates `sigs.k8s.io/yaml` from 1.5.0 to 1.6.0
- [Release notes](https://github.com/kubernetes-sigs/yaml/releases)
- [Changelog](https://github.com/kubernetes-sigs/yaml/blob/master/RELEASE.md)
- [Commits](kubernetes-sigs/yaml@v1.5.0...v1.6.0)

---
updated-dependencies:
- dependency-name: github.com/prometheus/client_golang
  dependency-version: 1.23.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gomod
- dependency-name: github.com/spf13/cobra
  dependency-version: 1.10.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gomod
- dependency-name: github.com/prometheus/common
  dependency-version: 0.66.1
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: gomod
- dependency-name: github.com/prometheus/procfs
  dependency-version: 0.19.1
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: gomod
- dependency-name: github.com/secure-systems-lab/go-securesystemslib
  dependency-version: 0.9.1
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: gomod
- dependency-name: github.com/spf13/pflag
  dependency-version: 1.0.9
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: gomod
- dependency-name: go.yaml.in/yaml/v2
  dependency-version: 2.4.3
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: gomod
- dependency-name: golang.org/x/crypto
  dependency-version: 0.43.0
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: gomod
- dependency-name: golang.org/x/sys
  dependency-version: 0.37.0
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: gomod
- dependency-name: golang.org/x/text
  dependency-version: 0.30.0
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: gomod
- dependency-name: google.golang.org/protobuf
  dependency-version: 1.36.8
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: gomod
- dependency-name: sigs.k8s.io/yaml
  dependency-version: 1.6.0
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: gomod
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot force-pushed the dependabot/go_modules/gomod-98423b622d branch from af5d49c to ccd8718 Compare November 12, 2025 16:22
@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Nov 24, 2025

Looks like these dependencies are updatable in another way, so this is no longer needed.

@dependabot dependabot bot closed this Nov 24, 2025
@dependabot dependabot bot deleted the dependabot/go_modules/gomod-98423b622d branch November 24, 2025 06:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file go Pull requests that update Go code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@06kellyjac