Skip to content

chore(deps): bump the go_modules group across 1 directory with 2 updates#107

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/go_modules/e2e/go_modules-94a6565e3b
Open

chore(deps): bump the go_modules group across 1 directory with 2 updates#107
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/go_modules/e2e/go_modules-94a6565e3b

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Mar 30, 2026

Bumps the go_modules group with 2 updates in the /e2e directory: github.com/go-git/go-git/v5 and github.com/moby/buildkit.

Updates github.com/go-git/go-git/v5 from 5.16.5 to 5.17.1

Release notes

Sourced from github.com/go-git/go-git/v5's releases.

v5.17.1

What's Changed

Full Changelog: go-git/go-git@v5.17.0...v5.17.1

v5.17.0

What's Changed

Full Changelog: go-git/go-git@v5.16.5...v5.17.0

Commits
  • 5e23dfd Merge pull request #1937 from pjbgf/idx-v5
  • 6b38a32 Merge pull request #1935 from pjbgf/index-v5
  • cd757fc plumbing: format/idxfile, Fix version and fanout checks
  • 3ec0d70 plumbing: format/index, Fix tree extension invalidated entry parsing
  • dbe10b6 plumbing: format/index, Align V2/V3 long name and V4 prefix encoding with Git
  • e9b65df plumbing: format/index, Improve v4 entry name validation
  • adad18d Merge pull request #1930 from go-git/renovate/releases/v5.x-go-github.com-clo...
  • 29470bd build: Update module github.com/cloudflare/circl to v1.6.3 [SECURITY]
  • bdf0688 Merge pull request #1864 from pjbgf/v5-issue-55
  • 5290e52 storage: filesystem, Avoid overwriting loose obj files. Fixes #55
  • Additional commits viewable in compare view

Updates github.com/moby/buildkit from 0.12.5 to 0.28.1

Release notes

Sourced from github.com/moby/buildkit's releases.

v0.28.1

Welcome to the v0.28.1 release of buildkit!

Please try out the release binaries and report any issues at https://github.com/moby/buildkit/issues.

Contributors

  • Tõnis Tiigi
  • CrazyMax
  • Sebastiaan van Stijn

Notable Changes

  • Fix insufficient validation of Git URL #ref:subdir fragments that could allow access to restricted files outside the checked-out repository root. GHSA-4vrq-3vrq-g6gg
  • Fix a vulnerability where an untrusted custom frontend could cause files to be written outside the BuildKit state directory. GHSA-4c29-8rgm-jvjj
  • Fix a panic when processing invalid .dockerignore patterns during COPY. #6610 moby/patternmatcher#9

Dependency Changes

  • github.com/moby/patternmatcher v0.6.0 -> v0.6.1

Previous release can be found at v0.28.0

v0.28.0

buildkit 0.28.0

Welcome to the v0.28.0 release of buildkit!

Please try out the release binaries and report any issues at https://github.com/moby/buildkit/issues.

Contributors

  • Tõnis Tiigi
  • CrazyMax
  • Sebastiaan van Stijn
  • Jonathan A. Sternberg
  • Akihiro Suda
  • Amr Mahdi
  • Dan Duvall
  • David Karlsson
  • Jonas Geiler
  • Kevin L.
  • rsteube

... (truncated)

Commits
  • 45b038c git: normalize and validate subdir paths
  • f5462c2 git: harden ref arg handling
  • 71577a5 source: extract SafeFileName into shared pathutil package
  • df43783 source/http: use os.Root for saved file operations
  • 9ce6f62 source/http: sanitize downloaded filenames
  • 099cf80 executor: validate container IDs centrally
  • 2642113 Merge pull request #6610 from thaJeztah/0.28_backport_bump_patternmatcher
  • 802da78 vendor: github.com/moby/patternmatcher v0.6.1
  • 5245d86 Merge pull request #6551 from tonistiigi/v0.28-cherry-picks
  • 90ee5de vendor: update x/net to v0.51.0
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
chore(deps): bump the go_modules group across 1 directory with 2 updates
e783611 
Bumps the go_modules group with 2 updates in the /e2e directory: [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) and [github.com/moby/buildkit](https://github.com/moby/buildkit).


Updates `github.com/go-git/go-git/v5` from 5.16.5 to 5.17.1
- [Release notes](https://github.com/go-git/go-git/releases)
- [Commits](go-git/go-git@v5.16.5...v5.17.1)

Updates `github.com/moby/buildkit` from 0.12.5 to 0.28.1
- [Release notes](https://github.com/moby/buildkit/releases)
- [Commits](moby/buildkit@v0.12.5...v0.28.1)

---
updated-dependencies:
- dependency-name: github.com/go-git/go-git/v5
  dependency-version: 5.17.1
  dependency-type: indirect
  dependency-group: go_modules
- dependency-name: github.com/moby/buildkit
  dependency-version: 0.28.1
  dependency-type: indirect
  dependency-group: go_modules
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update go code labels Mar 30, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file go Pull requests that update go code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants