Skip to content

Bump the go_modules group across 1 directory with 9 updates#92

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/go_modules/go_modules-c9a0d89e29
Open

Bump the go_modules group across 1 directory with 9 updates#92
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/go_modules/go_modules-c9a0d89e29

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Mar 1, 2026

Bumps the go_modules group with 4 updates in the / directory: github.com/ClickHouse/ch-go, github.com/compose-spec/compose-go/v2, github.com/containerd/containerd and github.com/docker/buildx.

Updates github.com/ClickHouse/ch-go from 0.61.5 to 0.65.0

Release notes

Sourced from github.com/ClickHouse/ch-go's releases.

v0.65.0

What's Changed

Breaking change if you were manually using the Writer from the compress package.

New Contributors

Full Changelog: ClickHouse/ch-go@v0.64.1...v0.65.0

v0.64.1

What's Changed

Full Changelog: ClickHouse/ch-go@v0.64.0...v0.64.1

v0.64.0

What's Changed

New Contributors

Full Changelog: ClickHouse/ch-go@v0.63.1...v0.64.0

v0.63.1

What's Changed

Full Changelog: ClickHouse/ch-go@v0.63.0...v0.63.1

... (truncated)

Commits
  • 0e83566 Merge pull request #1041 from ClickHouse/fix_potential_overflow
  • b64209f refactor: simplify overflow check
  • 05fba0a fix(security): overflow that could smuggle query
  • aadb7ee Merge pull request #1040 from ClickHouse/compressor_etc
  • 65a3012 perf(compressor): use new compression code, refactor/optimize
  • 4cdb83a Merge pull request #1039 from pablomatiasgomez/allow-creating-compressor-with...
  • b9258c0 perf(compress.writer): revert back to ifs in NewWriterWithMethods
  • 743c9d7 perf(compress.writer): use %s instead of %v
  • b26ebf4 perf(compress.writer): revert nil check and use fixed length array
  • 1d4ba47 perf(compress.writer): remove methods map and instaed do nil check
  • Additional commits viewable in compare view

Updates github.com/compose-spec/compose-go/v2 from 2.1.1 to 2.4.1

Release notes

Sourced from github.com/compose-spec/compose-go/v2's releases.

v2.4.1

What's Changed

Full Changelog: compose-spec/compose-go@v2.4.0...v2.4.1

v2.4.0

What's Changed

Full Changelog: compose-spec/compose-go@v2.3.0...v2.4.0

v2.3.0

What's Changed

New Contributors

Full Changelog: compose-spec/compose-go@v2.2.0...v2.3.0

v2.2.0

What's Changed

... (truncated)

Commits
  • 222d93c fix reset.go
  • 88ca71b fix(reset): Add cycle detector in reset.go
  • 156e22d introduce OmitEmpty in yaml processing pipeline
  • 74c1d59 always test to load config with localFileLoader
  • c558adc ingest config files with ResourceLoader
  • bff5006 detect project dir is a symlink and warn user
  • 35c9659 add support for bind mount recursive
  • 97c49fc normalize volume.target to drop trailing slash
  • fb8e04d seiralise NanoCPUs as string
  • 7218685 introduce service.gpus
  • Additional commits viewable in compare view

Updates github.com/containerd/containerd from 1.7.17 to 1.7.29

Release notes

Sourced from github.com/containerd/containerd's releases.

containerd 1.7.29

Welcome to the v1.7.29 release of containerd!

The twenty-ninth patch release for containerd 1.7 contains various fixes and updates including security patches.

Security Updates

Highlights

Image Distribution

  • Update differ to handle zstd media types (#12018)

Runtime

  • Update runc binary to v1.3.3 (#12480)
  • Fix lost container logs from quickly closing io (#12375)

Please try out the release binaries and report any issues at https://github.com/containerd/containerd/issues?target=https://github.com.

Contributors

  • Derek McGowan
  • Akihiro Suda
  • Phil Estes
  • Austin Vazquez
  • Sebastiaan van Stijn
  • ningmingxiao
  • Maksym Pavlenko
  • StepSecurity Bot
  • wheat2018

Changes

... (truncated)

Commits
  • 442cb34 Merge commit from fork
  • e5cb6dd Merge commit from fork
  • 9772966 Merge pull request #12486 from dmcgowan/prepare-v1.7.29
  • 1fc2daa Prepare release notes for v1.7.29
  • 93f710a Merge pull request #12480 from k8s-infra-cherrypick-robot/cherry-pick-12475-t...
  • 68d04be Merge pull request #12471 from austinvazquez/1_7_update_ci_go_and_images
  • 3f5f9f8 runc: Update runc binary to v1.3.3
  • 667409f ci: bump Go 1.24.9, 1.25.3
  • 294f8c0 Update GHA runners to use latest images for basic binaries build
  • cf66b41 Update GHA runners to use latest image for most jobs
  • Additional commits viewable in compare view

Updates github.com/docker/buildx from 0.14.1 to 0.21.3

Release notes

Sourced from github.com/docker/buildx's releases.

v0.21.3

Welcome to the v0.21.3 release of buildx!

Please try out the release binaries and report any issues at https://github.com/docker/buildx/issues?target=https://github.com.

Contributors

  • CrazyMax
  • Tõnis Tiigi

Notable Changes

[!IMPORTANT] This release contains security fixes.

  • Fix possible credential leakage to telemetry endpoint. GHSA-m4gq-fm9h-8q75
  • Remove unused fields from local state group that could potentially leak credentials.

Dependency Changes

This release has no dependency changes

Previous release can be found at v0.21.2

v0.21.2

Welcome to the v0.21.2 release of buildx!

Please try out the release binaries and report any issues at https://github.com/docker/buildx/issues?target=https://github.com.

Contributors

  • Laurent Goderre
  • CrazyMax
  • Jonathan A. Sternberg

Notable Changes

  • Fix handling of attestation extra arguments #3027
  • Fix the cache attribute not being skipped when empty with Bake overrides #3021

Dependency Changes

This release has no dependency changes

... (truncated)

Commits
  • 7b5fecb Merge pull request #3067 from crazy-max/0.21_picks_0.21.3
  • 05f75a5 localstate: remove definition and inputs fields from group
  • 0982070 otel: avoid tracing raw os arguments
  • 1360a9e Merge pull request #3037 from crazy-max/0.21_picks_0.21.2
  • 6019a2b buildflags: skip empty cache entries when parsing
  • 6da88e1 Fix handling of attest extra arguments
  • 41f8e5c Add attest extra args tests
  • 7c2359c Merge pull request #3018 from crazy-max/0.21_picks_0.21.1
  • 65a52b5 remove accidental debug
  • 34ed52e Merge pull request #3011 from jsternberg/v0.21.0-picks
  • Additional commits viewable in compare view

Updates github.com/docker/docker from 26.1.5+incompatible to 28.0.0-rc.2+incompatible

Release notes

Sourced from github.com/docker/docker's releases.

v28.0.0-rc.2

28.0.0-rc.2

This is a pre-release of the upcoming 28.0.0 release.

Pre-releases are intended for testing new releases: only install in a test environment!

curl -fsSL https://get.docker.com -o get-docker.sh
sudo CHANNEL=test sh get-docker.sh

Bugs and regressions can be reported in these issue trackers:

When reporting issues, include [28.0.0-rc] in the issue title

What's Changed

... (truncated)

Commits
  • 57d4d23 Merge pull request #49468 from thaJeztah/update_branch_status
  • 8b2f6fb Merge pull request #49471 from thaJeztah/container_cleanups
  • 54c43a7 Merge pull request #49472 from thaJeztah/splunk_nits
  • 2fc9009 project: update status of branches
  • bd92f2b daemon/logger/splunk: New(): combine switches for format validation
  • eac39ff daemon/logger/splunk: remove some intermediate variables
  • 9bb3900 daemon/logger: Info.ExtraAttributes: make env-var handling conditional
  • cbbff10 daemon/logger: use consistent name for "extra attributes"
  • ba559c4 daemon/logger/fluentd: fix minor (linting) issues
  • b9e7e82 daemon/logger/splunk: plunkLogger.postMessages(): improve logs
  • Additional commits viewable in compare view

Updates go.opentelemetry.io/otel/sdk from 1.24.0 to 1.34.0

Changelog

Sourced from go.opentelemetry.io/otel/sdk's changelog.

[1.34.0/0.56.0/0.10.0] 2025-01-17

Changed

  • Remove the notices from Logger to make the whole Logs API user-facing in go.opentelemetry.io/otel/log. (#6167)

Fixed

  • Relax minimum Go version to 1.22.0 in various modules. (#6073)
  • The Type name logged for the go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc client is corrected from otlphttpgrpc to otlptracegrpc. (#6143)
  • The Type name logged for the go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlphttpgrpc client is corrected from otlphttphttp to otlptracehttp. (#6143)

[1.33.0/0.55.0/0.9.0/0.0.12] 2024-12-12

Added

  • Add Reset method to SpanRecorder in go.opentelemetry.io/otel/sdk/trace/tracetest. (#5994)
  • Add EnabledInstrument interface in go.opentelemetry.io/otel/sdk/metric/internal/x. This is an experimental interface that is implemented by synchronous instruments provided by go.opentelemetry.io/otel/sdk/metric. Users can use it to avoid performing computationally expensive operations when recording measurements. It does not fall within the scope of the OpenTelemetry Go versioning and stability policy and it may be changed in backwards incompatible ways or removed in feature releases. (#6016)

Changed

  • The default global API now supports full auto-instrumentation from the go.opentelemetry.io/auto package. See that package for more information. (#5920)
  • Propagate non-retryable error messages to client in go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp. (#5929)
  • Propagate non-retryable error messages to client in go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp. (#5929)
  • Propagate non-retryable error messages to client in go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp. (#5929)
  • Performance improvements for attribute value AsStringSlice, AsFloat64Slice, AsInt64Slice, AsBoolSlice. (#6011)
  • Change EnabledParameters to have a Severity field instead of a getter and setter in go.opentelemetry.io/otel/log. (#6009)

Fixed

  • Fix inconsistent request body closing in go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp. (#5954)
  • Fix inconsistent request body closing in go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp. (#5954)
  • Fix inconsistent request body closing in go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp. (#5954)
  • Fix invalid exemplar keys in go.opentelemetry.io/otel/exporters/prometheus. (#5995)
  • Fix attribute value truncation in go.opentelemetry.io/otel/sdk/trace. (#5997)
  • Fix attribute value truncation in go.opentelemetry.io/otel/sdk/log. (#6032)

[1.32.0/0.54.0/0.8.0/0.0.11] 2024-11-08

Added

  • Add go.opentelemetry.io/otel/sdk/metric/exemplar.AlwaysOffFilter, which can be used to disable exemplar recording. (#5850)
  • Add go.opentelemetry.io/otel/sdk/metric.WithExemplarFilter, which can be used to configure the exemplar filter used by the metrics SDK. (#5850)
  • Add ExemplarReservoirProviderSelector and DefaultExemplarReservoirProviderSelector to go.opentelemetry.io/otel/sdk/metric, which defines the exemplar reservoir to use based on the aggregation of the metric. (#5861)
  • Add ExemplarReservoirProviderSelector to go.opentelemetry.io/otel/sdk/metric.Stream to allow using views to configure the exemplar reservoir to use for a metric. (#5861)
  • Add ReservoirProvider, HistogramReservoirProvider and FixedSizeReservoirProvider to go.opentelemetry.io/otel/sdk/metric/exemplar to make it convenient to use providers of Reservoirs. (#5861)

... (truncated)

Commits
  • edc378f Release v1.34.0/v0.56.0/v0.10.0 (#6174)
  • e18299f log: Make whole Logs API user-facing (#6167)
  • cbc3b6a fix(deps): update module google.golang.org/protobuf to v1.36.3 (#6166)
  • 2dcb9b3 chore(deps): update module github.com/protonmail/go-crypto to v1.1.5 (#6165)
  • 764ae10 fix(deps): update googleapis to 1a7da9e (#6164)
  • f87cced chore(deps): update module github.com/ldez/exptostd to v0.4.0 (#6163)
  • be76ebf chore(deps): update module github.com/crocmagnon/fatcontext to v0.6.0 (#6162)
  • 3e60bd4 fix(deps): update module golang.org/x/vuln to v1.1.4 (#6161)
  • 79b1fc1 Fix demo links (#6160)
  • 4a87cfe fix(deps): update module google.golang.org/grpc to v1.69.4 (#6159)
  • Additional commits viewable in compare view

Updates golang.org/x/crypto from 0.33.0 to 0.40.0

Commits
  • 459a9db go.mod: update golang.org/x dependencies
  • 74e709a ssh: add AlgorithmNegotiationError
  • b3790b8 acme: fix TLSALPN01ChallengeCert for IP address identifiers
  • 1dc4269 acme: add Pebble integration testing
  • 97bf787 blake2b: implement hash.XOF
  • 952517d x509roots/fallback: update bundle
  • c6fce02 ssh: refuse to parse certificates that use a certificate as signing key
  • 0ae49b8 ssh: reject certificate keys used as signature keys for SSH certs
  • 3bf9d2a ssh/test: skip KEX test if unsupported by system SSH client
  • 9bab967 go.mod: update golang.org/x dependencies
  • Additional commits viewable in compare view

Updates golang.org/x/net from 0.35.0 to 0.42.0

Commits
  • 76358aa go.mod: update golang.org/x dependencies
  • 6e41cae go.mod: update golang.org/x dependencies
  • 15f7d40 http2: correctly wrap ErrFrameTooLarge in Framer.ReadFrame
  • ef33bc0 internal/http3: use bubbled context in synctest tests
  • 919c6bc http2: use an array instead of a map in typeFrameParser
  • bae01a7 trace: add missing td tag
  • 7d6e62a go.mod: update golang.org/x dependencies
  • ea0c1d9 internal/timeseries: use built-in max/min to simplify the code
  • 3e7a445 quic: skip packet numbers for optimistic ack defense
  • 3f563d3 quic: use an enum for sentPacket state
  • Additional commits viewable in compare view

Updates golang.org/x/oauth2 from 0.15.0 to 0.30.0

Commits
  • cf14319 oauth2: fix expiration time window check
  • 32d34ef internal: include clientID in auth style cache key
  • 2d34e30 oauth2: replace a magic number with AuthStyleUnknown
  • 696f7b3 all: modernize with doc links and any
  • 471209b oauth2: drop dependency on go-cmp
  • 6968da2 oauth2: sync Token.ExpiresIn from internal Token
  • d2c4e0a oauth2: context instead of golang.org/x/net/context in doc
  • 883dc3c endpoints: add various endpoints from stale CLs
  • 1c06e87 all: make use of oauth.Token.ExpiresIn
  • 65c15a3 oauth2: remove extra period
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
Bump the go_modules group across 1 directory with 9 updates
6d9ecaf 
Bumps the go_modules group with 4 updates in the / directory: [github.com/ClickHouse/ch-go](https://github.com/ClickHouse/ch-go?target=https://github.com), [github.com/compose-spec/compose-go/v2](https://github.com/compose-spec/compose-go?target=https://github.com), [github.com/containerd/containerd](https://github.com/containerd/containerd?target=https://github.com) and [github.com/docker/buildx](https://github.com/docker/buildx?target=https://github.com).


Updates `github.com/ClickHouse/ch-go` from 0.61.5 to 0.65.0
- [Release notes](https://github.com/ClickHouse/ch-go/releases?target=https://github.com)
- [Commits](ClickHouse/ch-go@v0.61.5...v0.65.0)

Updates `github.com/compose-spec/compose-go/v2` from 2.1.1 to 2.4.1
- [Release notes](https://github.com/compose-spec/compose-go/releases?target=https://github.com)
- [Commits](compose-spec/compose-go@v2.1.1...v2.4.1)

Updates `github.com/containerd/containerd` from 1.7.17 to 1.7.29
- [Release notes](https://github.com/containerd/containerd/releases?target=https://github.com)
- [Changelog](https://github.com/containerd/containerd/blob/main/RELEASES.md?target=https://github.com)
- [Commits](containerd/containerd@v1.7.17...v1.7.29)

Updates `github.com/docker/buildx` from 0.14.1 to 0.21.3
- [Release notes](https://github.com/docker/buildx/releases?target=https://github.com)
- [Commits](docker/buildx@v0.14.1...v0.21.3)

Updates `github.com/docker/docker` from 26.1.5+incompatible to 28.0.0-rc.2+incompatible
- [Release notes](https://github.com/docker/docker/releases?target=https://github.com)
- [Commits](moby/moby@v26.1.5...v28.0.0-rc.2)

Updates `go.opentelemetry.io/otel/sdk` from 1.24.0 to 1.34.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases?target=https://github.com)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md?target=https://github.com)
- [Commits](open-telemetry/opentelemetry-go@v1.24.0...v1.34.0)

Updates `golang.org/x/crypto` from 0.33.0 to 0.40.0
- [Commits](golang/crypto@v0.33.0...v0.40.0)

Updates `golang.org/x/net` from 0.35.0 to 0.42.0
- [Commits](golang/net@v0.35.0...v0.42.0)

Updates `golang.org/x/oauth2` from 0.15.0 to 0.30.0
- [Commits](golang/oauth2@v0.15.0...v0.30.0)

---
updated-dependencies:
- dependency-name: github.com/ClickHouse/ch-go
  dependency-version: 0.65.0
  dependency-type: indirect
  dependency-group: go_modules
- dependency-name: github.com/compose-spec/compose-go/v2
  dependency-version: 2.4.1
  dependency-type: indirect
  dependency-group: go_modules
- dependency-name: github.com/containerd/containerd
  dependency-version: 1.7.29
  dependency-type: indirect
  dependency-group: go_modules
- dependency-name: github.com/docker/buildx
  dependency-version: 0.21.3
  dependency-type: indirect
  dependency-group: go_modules
- dependency-name: github.com/docker/docker
  dependency-version: 28.0.0-rc.2+incompatible
  dependency-type: indirect
  dependency-group: go_modules
- dependency-name: go.opentelemetry.io/otel/sdk
  dependency-version: 1.34.0
  dependency-type: indirect
  dependency-group: go_modules
- dependency-name: golang.org/x/crypto
  dependency-version: 0.40.0
  dependency-type: indirect
  dependency-group: go_modules
- dependency-name: golang.org/x/net
  dependency-version: 0.42.0
  dependency-type: indirect
  dependency-group: go_modules
- dependency-name: golang.org/x/oauth2
  dependency-version: 0.30.0
  dependency-type: indirect
  dependency-group: go_modules
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update go code labels Mar 1, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file go Pull requests that update go code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants