Skip to content

build(deps): bump the chainguard group with 3 updates#1992

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/go_modules/chainguard-ba259d15d6
Open

build(deps): bump the chainguard group with 3 updates#1992
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/go_modules/chainguard-ba259d15d6

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 4, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Bumps the chainguard group with 3 updates: chainguard.dev/apko, chainguard.dev/melange and github.com/chainguard-dev/yam.

Updates chainguard.dev/apko from 1.2.13 to 1.2.15

Release notes

Sourced from chainguard.dev/apko's releases.

Release v1.2.15

Changelog

  • 3e28547cefa08f7c86e04c9fc0f387b511038692 build(deps): bump github.com/go-git/go-git/v5 from 5.19.0 to 5.19.1 in the go_modules group across 1 directory (#2239)
  • cf1f1ef14c0e4cad83023de649602dc6a9123cec build(deps): bump golang.org/x/sys from 0.44.0 to 0.45.0 (#2244)
  • 16754c8752a57f045947d1de41fde340e149f875 build(deps): bump golangci/golangci-lint-action from 9.2.0 to 9.2.1 (#2247)
  • 78799c7fa53fc024fcedaf7a31ae378839e530fe build(deps): bump google.golang.org/api from 0.279.0 to 0.280.0 (#2245)
  • aa8297690dd86e01779546a64c912932703d4f68 build(deps): bump goreleaser/goreleaser-action from 7.2.1 to 7.2.2 (#2241)
  • 442b9db17b8bfa054a6f82c525d8ce8fa5d1cc0b build(deps): bump step-security/harden-runner from 2.19.3 to 2.19.4 (#2248)
  • 74e64086fae76d1ab743bfe0ae2736c6d5f3ed99 build(deps): bump zizmorcore/zizmor-action from 0.5.5 to 0.5.6 (#2240)
  • dda427e47efc02b31648f8ee2fb82ddbf5212f9c chore(harden-runner): add production.cloudfront.docker.com endpoint (#2250)

Release v1.2.14

Changelog

  • 9034253a6869d3aeb1b1ef5dc09d80d85143d70d build(deps): bump chainguard.dev/sdk from 0.1.54 to 0.1.55 (#2236)
  • 00304a309de87a3199e6f12c7576e6e49e3d757c build(deps): bump github/codeql-action from 4.35.4 to 4.35.5 (#2237)
  • 71f084bd28cb8a70dac6b5f4bf664b1e99335265 build(deps): bump go.step.sm/crypto from 0.78.0 to 0.81.0 (#2235)
  • 2015c631a07cd5bb4ec1860ee05b330aba4d5341 build(deps): bump google.golang.org/api from 0.278.0 to 0.279.0 (#2234)
  • 295b1155065087b93718877ab8ecccb6d63884a0 build(deps): bump k8s.io/apimachinery from 0.36.0 to 0.36.1 (#2232)
  • 31ce42d8b5398541d141bf97f5683e3d1a0b9d85 build(deps): bump step-security/harden-runner from 2.19.1 to 2.19.3 (#2233)
  • 289d76107c9f42b0b0f7cc09ab39eab1bdd74e96 build(deps): bump zizmorcore/zizmor-action from 0.5.3 to 0.5.5 (#2238)
Commits
  • 74e6408 build(deps): bump zizmorcore/zizmor-action from 0.5.5 to 0.5.6 (#2240)
  • aa82976 build(deps): bump goreleaser/goreleaser-action from 7.2.1 to 7.2.2 (#2241)
  • cf1f1ef build(deps): bump golang.org/x/sys from 0.44.0 to 0.45.0 (#2244)
  • 78799c7 build(deps): bump google.golang.org/api from 0.279.0 to 0.280.0 (#2245)
  • 16754c8 build(deps): bump golangci/golangci-lint-action from 9.2.0 to 9.2.1 (#2247)
  • 3e28547 build(deps): bump github.com/go-git/go-git/v5 from 5.19.0 to 5.19.1 in the go...
  • 442b9db build(deps): bump step-security/harden-runner from 2.19.3 to 2.19.4 (#2248)
  • dda427e chore(harden-runner): add production.cloudfront.docker.com endpoint (#2250)
  • 295b115 build(deps): bump k8s.io/apimachinery from 0.36.0 to 0.36.1 (#2232)
  • 2015c63 build(deps): bump google.golang.org/api from 0.278.0 to 0.279.0 (#2234)
  • Additional commits viewable in compare view

Updates chainguard.dev/melange from 0.50.7 to 0.52.0

Release notes

Sourced from chainguard.dev/melange's releases.

Release v0.52.0

What's Changed

Full Changelog: chainguard-dev/melange@v0.51.0...v0.52.0

Release v0.51.0

What's Changed

Full Changelog: chainguard-dev/melange@v0.50.8...v0.51.0

Release v0.50.8

What's Changed

New Contributors

Full Changelog: chainguard-dev/melange@v0.50.7...v0.50.8

Commits
  • 80a0dd3 feat(pipelines/xcover): add include-functions (#2551)
  • cc2c81d ci: allow production.cloudfront.docker.com in harden-runner egress (#2552)
  • 41f809a feat: Add variable substitution for licenses (#2530)
  • 5783ce4 chore(config): also create and upload source tarballs of gitlab repositories ...
  • 62ca190 go/build/v2: updated go/build pipeline (#2538)
  • 0bad319 fix(pipelines/strip): Don't try to strip ELFs for non-native platforms (#2542)
  • 0f1394e build(deps): bump the gomod group across 1 directory with 11 updates (#2541)
  • a991c70 fix(docker): use per-invocation unique image tag to avoid concurrent race (#2...
  • 3be5473 build(deps): bump github.com/go-git/go-git/v5 from 5.18.0 to 5.19.1 (#2536)
  • 13c8af2 build(deps): bump the actions group across 1 directory with 2 updates (#2534)
  • Additional commits viewable in compare view

Updates github.com/chainguard-dev/yam from 0.2.60 to 0.2.62

Commits
  • 07086fc build(deps): bump golangci/golangci-lint-action from 9.2.0 to 9.2.1 (#221)
  • 6c608c1 build(deps): bump step-security/harden-runner from 2.19.3 to 2.19.4 (#220)
  • 653e17c build(deps): bump zizmorcore/zizmor-action from 0.5.4 to 0.5.6 (#219)
  • See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
build(deps): bump the chainguard group with 3 updates
096e006 
Bumps the chainguard group with 3 updates: [chainguard.dev/apko](https://github.com/chainguard-dev/apko), [chainguard.dev/melange](https://github.com/chainguard-dev/melange) and [github.com/chainguard-dev/yam](https://github.com/chainguard-dev/yam).


Updates `chainguard.dev/apko` from 1.2.13 to 1.2.15
- [Release notes](https://github.com/chainguard-dev/apko/releases)
- [Changelog](https://github.com/chainguard-dev/apko/blob/main/NEWS.md)
- [Commits](chainguard-dev/apko@v1.2.13...v1.2.15)

Updates `chainguard.dev/melange` from 0.50.7 to 0.52.0
- [Release notes](https://github.com/chainguard-dev/melange/releases)
- [Changelog](https://github.com/chainguard-dev/melange/blob/main/NEWS.md)
- [Commits](chainguard-dev/melange@v0.50.7...v0.52.0)

Updates `github.com/chainguard-dev/yam` from 0.2.60 to 0.2.62
- [Commits](chainguard-dev/yam@v0.2.60...v0.2.62)

---
updated-dependencies:
- dependency-name: chainguard.dev/apko
  dependency-version: 1.2.15
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: chainguard
- dependency-name: chainguard.dev/melange
  dependency-version: 0.52.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: chainguard
- dependency-name: github.com/chainguard-dev/yam
  dependency-version: 0.2.62
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: chainguard
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Jun 4, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file go Pull requests that update Go code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants