Skip to content

chore(deps): bump the go_modules group across 1 directory with 9 updates#2

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/go_modules/go_modules-e292e67427
Open

chore(deps): bump the go_modules group across 1 directory with 9 updates#2
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/go_modules/go_modules-e292e67427

Conversation

@dependabot
Copy link
Copy Markdown

@dependabot dependabot Bot commented on behalf of github Apr 29, 2026

Bumps the go_modules group with 4 updates in the / directory: github.com/docker/cli, github.com/getkin/kin-openapi, github.com/docker/distribution and github.com/gin-gonic/gin.

Updates github.com/docker/cli from 23.0.5+incompatible to 29.2.0+incompatible

Commits
  • 0b9d198 Merge pull request #6764 from vvoland/update-docker
  • 9c9ec73 vendor: github.com/moby/moby/client v0.2.2
  • bab3e81 vendor: github.com/moby/moby/api v1.53.0
  • 2e64fc1 Merge pull request #6367 from thaJeztah/template_slicejoin
  • 1f2ba2a Merge pull request #6760 from thaJeztah/container_create_fix_error
  • e34a342 templates: make "join" work with non-string slices and map values
  • a86356d Merge pull request #6763 from thaJeztah/bump_mapstructure
  • 771660a vendor: github.com/go-viper/mapstructure/v2 v2.5.0
  • 9cff36b Merge pull request #6762 from thaJeztah/bump_x_deps
  • 08ed2bc cli/command/container: make injecting config.json failures a warning
  • Additional commits viewable in compare view

Updates github.com/getkin/kin-openapi from 0.107.0 to 0.131.0

Release notes

Sourced from github.com/getkin/kin-openapi's releases.

v0.131.0

What's Changed

Full Changelog: getkin/kin-openapi@v0.130.0...v0.131.0

v0.130.0

What's Changed

New Contributors

Full Changelog: getkin/kin-openapi@v0.129.0...v0.130.0

v0.129.0

What's Changed

New Contributors

... (truncated)

Commits
  • 67f0b23 openapi3filter: de-register ZipFileBodyDecoder and make a few decoders public...
  • 6da871e openapi3filter: apply default values of an array in a query param with explod...
  • a34baf0 openapi3: delete origin keys only when IncludeOrigin=true (#1055)
  • 2d3e67a use origin to minimize collisions (#1057)
  • e3d68dc Remove redundant ExcludeResponseBody check in ValidateResponse (#1056)
  • 050a930 openapi3gen: Fix issue with separate component generated for time.Time (#1052)
  • 72fb819 feat(openapi3gen): Customize json.RawMessage (#1050)
  • cea0a13 openapi2conv: convert references in nested additionalProperties schemas (#1047)
  • f476f7b openapi3filter: validation of x-www-form-urlencoded with arbitrary nested a...
  • 325cecc openapi3filter: simplify ValidateRequest implementation (#1041)
  • Additional commits viewable in compare view

Updates github.com/docker/distribution from 2.8.1+incompatible to 2.8.2+incompatible

Release notes

Sourced from github.com/docker/distribution's releases.

v2.8.2

What's Changed

Full Changelog: distribution/distribution@v2.8.1...v2.8.2

v2.8.2-beta.2

What's Changed

Full Changelog: distribution/distribution@v2.8.1...v2.8.2-beta.2

v2.8.2-beta.1

NOTE: This is a pre-release that does not contain any artifacts!

What's Changed

Full Changelog: distribution/distribution@v2.8.1...v2.8.2-beta.1

Commits
  • 7c354a4 Merge pull request #3915 from distribution/2.8.2-release-notes
  • a173a9c Add v2.8.2 release notes
  • 4894d35 Merge pull request #3914 from vvoland/handle-forbidden-28
  • f067f66 Merge pull request #3783 from ndeloof/accept-encoding-28
  • 483ad69 registry/errors: Parse http forbidden as denied
  • 2b0f84d Revert "registry/client: set Accept: identity header when getting layers"
  • 320d6a1 Merge pull request #3912 from distribution/2.8.2-beta.2-release-notes
  • 5f3ca1b Add release notes for 2.8.2-beta.2 release
  • cb840f6 Merge pull request #3911 from thaJeztah/2.8_backport_fix_releaser_filenames
  • e884644 Dockerfile: fix filenames of artifacts
  • Additional commits viewable in compare view

Updates github.com/gin-gonic/gin from 1.9.0 to 1.9.1

Release notes

Sourced from github.com/gin-gonic/gin's releases.

v1.9.1

Changelog

BUG FIXES

  • fix Request.Context() checks #3512

SECURITY

  • fix lack of escaping of filename in Content-Disposition #3556

ENHANCEMENTS

  • refactor: use bytes.ReplaceAll directly #3455
  • convert strings and slices using the officially recommended way #3344
  • improve render code coverage #3525

DOCS

  • docs: changed documentation link for trusted proxies #3575
  • chore: improve linting, testing, and GitHub Actions setup #3583
Changelog

Sourced from github.com/gin-gonic/gin's changelog.

Gin v1.9.1

BUG FIXES

  • fix Request.Context() checks #3512

SECURITY

  • fix lack of escaping of filename in Content-Disposition #3556

ENHANCEMENTS

  • refactor: use bytes.ReplaceAll directly #3455
  • convert strings and slices using the officially recommended way #3344
  • improve render code coverage #3525

DOCS

  • docs: changed documentation link for trusted proxies #3575
  • chore: improve linting, testing, and GitHub Actions setup #3583
Commits
  • 4ea0e64 Ready release gin 1.9.1 (by: thinkerou) (#3630)
  • bb1fc2e fix Request.Context() checks (#3512)
  • 2d4bbec fix lack of escaping of filename in Content-Disposition (#3556)
  • 9f5ecd4 chore(deps): bump actions/setup-go from 3 to 4 (#3543)
  • 20cd6bc chore(deps): bump github.com/go-playground/validator/v10 (#3610)
  • 6bdc725 Fix typos in ISSUE_TEMPLATE.md (#3616)
  • 1ab2689 chore(deps): bump golang.org/x/net from 0.9.0 to 0.10.0 (#3599)
  • 6a0556e improve render code coverage (#3525)
  • eac2daa chore: update dependencies for various packages and libraries (#3585)
  • 757a638 chore: improve linting, testing, and GitHub Actions setup (#3583)
  • Additional commits viewable in compare view

Updates github.com/sirupsen/logrus from 1.9.0 to 1.9.3

Release notes

Sourced from github.com/sirupsen/logrus's releases.

v1.9.3

Full Changelog: sirupsen/logrus@v1.9.2...v1.9.3

v1.9.2

Full Changelog: sirupsen/logrus@v1.9.1...v1.9.2

v1.9.1

What's Changed

New Contributors

Full Changelog: sirupsen/logrus@v1.9.0...v1.9.1

Changelog

Sourced from github.com/sirupsen/logrus's changelog.

1.9.3

Fixes:

  • Re-apply fix for potential denial of service in logrus.Writer() when logging >64KB single-line payloads without newlines (#1376)
  • Fix panic in Writer

1.9.2

Fixes:

  • Revert Writer DoS fix (#1376) due to regression

1.9.1

Fixes:

  • Fix potential denial of service in logrus.Writer() when logging >64KB single-line payloads without newlines (#1376)
Commits
  • d40e25c fix panic in Writer
  • f9291a5 Revert "Revert "Merge pull request #1376 from ozfive/master""
  • 352781d Revert "Merge pull request #1376 from ozfive/master"
  • b30aa27 Merge pull request #1339 from xieyuschen/patch-1
  • 6acd903 Merge pull request #1376 from ozfive/master
  • 105e63f Merge pull request #1 from ashmckenzie/ashmckenzie/fix-writer-scanner
  • c052ba6 Scan text in 64KB chunks
  • e59b167 Merge pull request #1372 from tommyblue/syslog_different_loglevels
  • 766cfec This commit fixes a potential denial of service vulnerability in logrus.Write...
  • 70234da Add instructions to use different log levels for local and syslog
  • Additional commits viewable in compare view

Updates golang.org/x/crypto from 0.6.0 to 0.26.0

Commits
  • 5bcd010 go.mod: update golang.org/x dependencies
  • 3375612 ssh: add support for unpadded RSA signatures
  • bb80217 ssh: don't use dsa keys in integration tests
  • 6879722 ssh: remove go 1.21+ dependency on slices
  • e983fa2 sha3: Avo port of keccakf_amd64.s
  • 80fd972 LICENSE: update per Google Legal
  • f2bc3a6 x509roots/fallback/internal/goissue52287: delete
  • d66d9c3 x509roots/fallback: update bundle
  • 9fadb0b go.mod: update golang.org/x dependencies
  • a6a393f all: bump go.mod version and drop compatibility shims
  • Additional commits viewable in compare view

Updates golang.org/x/net from 0.8.0 to 0.28.0

Commits
  • 4542a42 go.mod: update golang.org/x dependencies
  • 765c7e8 xsrftoken: create no padding base64 string by RawURLEncoding
  • 032e4e4 LICENSE: update per Google Legal
  • e2310ae go.mod: update golang.org/x dependencies
  • 77708f7 quic: skip tests which depend on unimplemented UDP functions on Plan 9
  • 9617c63 http2: avoid Transport hang with Connection: close and AllowHTTP
  • 66e838c go.mod: update golang.org/x dependencies
  • 6249541 http2: avoid race in server handler SetReadDeadine/SetWriteDeadline
  • 603e3e6 quic: disable X25519Kyber768Draft00 in tests
  • 67e8d0c http2: report an error if goroutines outlive serverTester tests
  • Additional commits viewable in compare view

Updates google.golang.org/grpc from 1.54.0 to 1.67.0

Release notes

Sourced from google.golang.org/grpc's releases.

Release 1.67.0

Bug Fixes

  • ringhash: when used with multiple EDS priorities, fix bug that could prevent a higher priority from recovering from transient failure. (#7364)

Behavior Changes

  • In accordance with RFC 7540, clients and servers will now reject TLS connections that don't support ALPN. This can be disabled by setting the environment variable GRPC_ENFORCE_ALPN_ENABLED to false (case insensitive). Please file a bug if you encounter any issues with this behavior. The environment variable to revert this behavior will be removed in an upcoming release. (#7535)

Release 1.66.3

Bug Fixes

  • transport: Fix a bug causing stream failures due to miscalculation of the flow control window in both clients and servers. (#7667)
  • xds/server: Fix xDS Server memory leak. (#7681)

Release 1.66.2

Dependencies

  • Remove unintentional dependency on the testing package (#7579)
  • Remove unintentional dependency on the flate package (#7595)

Bug Fixes

  • client: fix a bug that prevented memory reuse after handling unary RPCs (#7571)

Release 1.66.0

New Features

  • metadata: stabilize ValueFromIncomingContext (#7368)
  • client: stabilize the WaitForStateChange and GetState methods, which were previously experimental. (#7425)
  • xds: Implement ADS flow control mechanism (#7458)
  • balancer/rls: Add metrics for data cache and picker internals (#7484, #7495)
  • xds: LRS load reports now include the total_issued_requests field. (#7544)

Bug Fixes

  • grpc: Clients now return status code INTERNAL instead of UNIMPLEMENTED when the server uses an unsupported compressor. This is consistent with the gRPC compression spec. (#7461)
  • transport: Fix a bug which could result in writes busy looping when the underlying conn.Write returns errors (#7394)
  • client: fix race that could lead to orphaned connections and associated resources. (#7390)
  • xds: use locality from the connected address for load reporting with pick_first (#7378)
    • without this fix, if a priority contains multiple localities with pick_first, load was reported for the wrong locality
  • client: prevent hanging during ClientConn.Close() when the network is unreachable (#7540)

... (truncated)

Commits

Updates google.golang.org/protobuf from 1.28.1 to 1.34.2

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
chore(deps): bump the go_modules group across 1 directory with 9 updates
d39461e 
Bumps the go_modules group with 4 updates in the / directory: [github.com/docker/cli](https://github.com/docker/cli), [github.com/getkin/kin-openapi](https://github.com/getkin/kin-openapi), [github.com/docker/distribution](https://github.com/docker/distribution) and [github.com/gin-gonic/gin](https://github.com/gin-gonic/gin).


Updates `github.com/docker/cli` from 23.0.5+incompatible to 29.2.0+incompatible
- [Commits](docker/cli@v23.0.5...v29.2.0)

Updates `github.com/getkin/kin-openapi` from 0.107.0 to 0.131.0
- [Release notes](https://github.com/getkin/kin-openapi/releases)
- [Commits](getkin/kin-openapi@v0.107.0...v0.131.0)

Updates `github.com/docker/distribution` from 2.8.1+incompatible to 2.8.2+incompatible
- [Release notes](https://github.com/docker/distribution/releases)
- [Commits](distribution/distribution@v2.8.1...v2.8.2)

Updates `github.com/gin-gonic/gin` from 1.9.0 to 1.9.1
- [Release notes](https://github.com/gin-gonic/gin/releases)
- [Changelog](https://github.com/gin-gonic/gin/blob/master/CHANGELOG.md)
- [Commits](gin-gonic/gin@v1.9.0...v1.9.1)

Updates `github.com/sirupsen/logrus` from 1.9.0 to 1.9.3
- [Release notes](https://github.com/sirupsen/logrus/releases)
- [Changelog](https://github.com/sirupsen/logrus/blob/master/CHANGELOG.md)
- [Commits](sirupsen/logrus@v1.9.0...v1.9.3)

Updates `golang.org/x/crypto` from 0.6.0 to 0.26.0
- [Commits](golang/crypto@v0.6.0...v0.26.0)

Updates `golang.org/x/net` from 0.8.0 to 0.28.0
- [Commits](golang/net@v0.8.0...v0.28.0)

Updates `google.golang.org/grpc` from 1.54.0 to 1.67.0
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](grpc/grpc-go@v1.54.0...v1.67.0)

Updates `google.golang.org/protobuf` from 1.28.1 to 1.34.2

---
updated-dependencies:
- dependency-name: github.com/docker/cli
  dependency-version: 29.2.0+incompatible
  dependency-type: direct:production
  dependency-group: go_modules
- dependency-name: github.com/getkin/kin-openapi
  dependency-version: 0.131.0
  dependency-type: indirect
  dependency-group: go_modules
- dependency-name: github.com/docker/distribution
  dependency-version: 2.8.2+incompatible
  dependency-type: indirect
  dependency-group: go_modules
- dependency-name: github.com/gin-gonic/gin
  dependency-version: 1.9.1
  dependency-type: direct:production
  dependency-group: go_modules
- dependency-name: github.com/sirupsen/logrus
  dependency-version: 1.9.3
  dependency-type: indirect
  dependency-group: go_modules
- dependency-name: golang.org/x/crypto
  dependency-version: 0.26.0
  dependency-type: indirect
  dependency-group: go_modules
- dependency-name: golang.org/x/net
  dependency-version: 0.28.0
  dependency-type: indirect
  dependency-group: go_modules
- dependency-name: google.golang.org/grpc
  dependency-version: 1.67.0
  dependency-type: direct:production
  dependency-group: go_modules
- dependency-name: google.golang.org/protobuf
  dependency-version: 1.34.2
  dependency-type: indirect
  dependency-group: go_modules
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update go code labels Apr 29, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file go Pull requests that update go code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants