chore(deps): bump the go-modules group with 12 updates by dependabot[bot] · Pull Request #90 · idiap/python-packagers

dependabot · 2026-03-09T23:40:20Z

Bumps the go-modules group with 12 updates:

Package	From	To
github.com/anchore/stereoscope	`0.1.20`	`0.1.21`
github.com/anchore/syft	`1.42.1`	`1.42.2`
github.com/charmbracelet/colorprofile	`0.4.2`	`0.4.3`
github.com/mattn/go-runewidth	`0.0.20`	`0.0.21`
github.com/minio/minlz	`1.0.1`	`1.1.0`
github.com/wagoodman/go-progress	`0.0.0-20230925121702-07e42b3cdba0`	`0.0.0-20260303201901-10176f79b2c0`
golang.org/x/oauth2	`0.35.0`	`0.36.0`
golang.org/x/sync	`0.19.0`	`0.20.0`
golang.org/x/sys	`0.41.0`	`0.42.0`
golang.org/x/time	`0.14.0`	`0.15.0`
google.golang.org/api	`0.269.0`	`0.270.0`
modernc.org/libc	`1.69.0`	`1.70.0`

Updates github.com/anchore/stereoscope from 0.1.20 to 0.1.21

Release notes

Sourced from github.com/anchore/stereoscope's releases.

v0.1.21

Bug Fixes

clean up temp storage on errors [#537 @willmurphyscode]

thread platform through Docker daemon inspect and save APIs [#524 @willmurphyscode]

Dependency Updates

update tools to latest versions [#538 @anchore-actions-token-generator]

bump github.com/moby/moby/client from 0.2.1 to 0.2.2 [#535 @dependabot]

bump actions/upload-artifact from 6.0.0 to 7.0.0 in /.github/workflows [#536 @dependabot]

bump github.com/google/go-containerregistry from 0.20.7 to 0.21.1 [#534 @dependabot]

bump github.com/awslabs/amazon-ecr-credential-helper/ecr-login from 0.11.0 to 0.12.0 [#533 @dependabot]

bump actions/setup-go from 6.2.0 to 6.3.0 in /.github/actions/bootstrap [#532 @dependabot]

bump github.com/sylabs/sif/v2 from 2.22.0 to 2.23.0 [#526 @dependabot]

update tools to latest versions [#529 @anchore-actions-token-generator]

bump github.com/docker/cli from 29.2.0+incompatible to 29.2.1+incompatible [#520 @dependabot]

bump golang.org/x/crypto from 0.47.0 to 0.48.0 [#525 @dependabot]

bump github.com/gabriel-vasile/mimetype from 1.4.12 to 1.4.13 [#521 @dependabot]

Additional Changes

migrate test-fixtures to testdata [#531 @wagoodman]

migrate to github.com/moby/moby/client module [#500 @thaJeztah]

replace hashicorp/go-multierror with stdlib [#522 @thaJeztah]

(Full Changelog)

Commits

5de95df chore(deps): update tools to latest versions (#538)
6980a63 chore(deps): bump github.com/moby/moby/client from 0.2.1 to 0.2.2 (#535)
99ed0b6 chore: migrate test-fixtures to testdata (#531)
3f24d4c chore(deps): bump actions/upload-artifact in /.github/workflows (#536)
8701800 chore(deps): bump github.com/google/go-containerregistry (#534)
e1e847a chore(deps): bump github.com/awslabs/amazon-ecr-credential-helper/ecr-login (...
a3ecd38 chore(deps): bump actions/setup-go in /.github/actions/bootstrap (#532)
78486e6 fix(providers): clean up temp storage on errors (#537)
fe7e5b5 chore(deps): bump github.com/sylabs/sif/v2 from 2.22.0 to 2.23.0 (#526)
7b5e393 migrate to github.com/moby/moby/client module (#500)
Additional commits viewable in compare view

Updates github.com/anchore/syft from 1.42.1 to 1.42.2

Release notes

Sourced from github.com/anchore/syft's releases.

v1.42.2

Bug Fixes

[BUG] Incorrect Maven PURL generation: Automatic-Module-Name should not be used as Maven groupId [#4611 #4642 @xnox]

Checksum is 0 for spdx files [#2307 #4620 @ppalucha]

Support grafana binary various versions [#4559 #4635 @witchcraze]

Additional Changes

migrate fixtures to testdata [#4651 @wagoodman]

(Full Changelog)

Commits

75455f0 chore(deps): update anchore dependencies (#4631)
22e78c7 chore(deps): update tools to latest versions (#4630)
d2461a9 chore(deps): update SPDX license list (#4637)
01f0e33 chore(deps): bump actions/download-artifact from 7.0.0 to 8.0.0 (#4658)
c88051d chore(deps): bump github.com/cloudflare/circl from 1.6.1 to 1.6.3 (#4638)
7d3d1c6 chore(deps): bump the actions-minor-patch group across 2 directories with 2 u...
dcba765 chore(deps): bump actions/upload-artifact from 6.0.0 to 7.0.0 (#4659)
2c20146 chore(deps): bump go.opentelemetry.io/otel/sdk from 1.39.0 to 1.40.0 (#4646)
c583da1 chore(deps): update CPE dictionary index (#4647)
22014b6 chore(deps): bump the go-minor-patch group across 1 directory with 5 updates ...
Additional commits viewable in compare view

Updates github.com/charmbracelet/colorprofile from 0.4.2 to 0.4.3

Release notes

Sourced from github.com/charmbracelet/colorprofile's releases.

v0.4.3

This release fixes an important issue where the writer when used as a middleware can cause short write errors. Kudos to @abhinav for reporting this one.

Changelog

Fixed

d085584efb48f2ad470e96cd0f3dcb8cc68a034b: fix(writer): ensure Write returns the number of processed bytes (#75) (@aymanbagabas)

Thoughts? Questions? We love hearing from you. Feel free to reach out on X, Discord, Slack, The Fediverse, Bluesky.

Commits

d085584 fix(writer): ensure Write returns the number of processed bytes (#75)
cf47ee4 chore(deps): bump golang.org/x/sys in the all group (#73)
See full diff in compare view

Updates github.com/mattn/go-runewidth from 0.0.20 to 0.0.21

Commits

b7b94fb Merge pull request #91 from mattn/add-is-combining-width
2c33cbf Update CI: bump actions and Go versions
c6c0a14 Add IsCombiningWidth function
6399b33 Merge pull request #90 from bugwhisperer418/76-zero-width-variation-selections
dadc062 fix benchmark test checksums
75db52f update test checksums
fb9c1d1 Treat Mn variation selections with EA width "A" as combining with 0 width
See full diff in compare view

Updates github.com/minio/minlz from 1.0.1 to 1.1.0

Release notes

Sourced from github.com/minio/minlz's releases.

v1.1.0

What's Changed

Add faster compression mode for speed extremely sensitive applications by @klauspost in minio/minlz#30

perf: Add arm64 decompression assembly by @klauspost in minio/minlz#29

Simplify BMI use by @klauspost in minio/minlz#18

Add nicer looking block debug print by @klauspost in minio/minlz#26

Add -follow to decompression by @klauspost in minio/minlz#27

Add block visualizer by @klauspost in minio/minlz#32

Full Changelog: minio/minlz@V1.0.1...v1.1.0

Commits

4599c83 Bump the github-actions group with 3 updates (#34)
c63f0af Add block visualizer (#32)
5a44d11 Add faster compression mode for speed extremely sensitive applications (#30)
de1ccac Bump the github-actions group with 3 updates (#33)
845e64f perf: Add arm64 decompression assembly (#29)
8430409 Add -follow to decompression (#27)
49f019e Add nicer looking block debug print (#26)
336ffce Bump the github-actions group with 2 updates (#28)
25a858e Bump the github-actions group with 3 updates (#25)
cd4ae6e Bump github/codeql-action in the github-actions group (#24)
Additional commits viewable in compare view

Updates github.com/wagoodman/go-progress from 0.0.0-20230925121702-07e42b3cdba0 to 0.0.0-20260303201901-10176f79b2c0

Commits

See full diff in compare view

Updates golang.org/x/oauth2 from 0.35.0 to 0.36.0

Commits

4d954e6 all: upgrade go directive to at least 1.25.0 [generated]
See full diff in compare view

Updates golang.org/x/sync from 0.19.0 to 0.20.0

Commits

ec11c4a errgroup: fix a typo in the documentation
1a58307 all: modernize interface{} -> any
3172ca5 all: upgrade go directive to at least 1.25.0 [generated]
See full diff in compare view

Updates golang.org/x/sys from 0.41.0 to 0.42.0

Commits

eaaaaee windows/registry: correct KeyInfo.ModTime calculation
942780b cpu: darwin/arm64 feature detection
acef388 unix/linux: Prefixmsg and PrefixCacheinfo structs
3687fbd cpu: better defaults on darwin ARM64
48062e9 plan9: change Note to alias syscall.Note
4f23f80 windows: change Signal to alias syscall.Signal
7548802 all: upgrade go directive to at least 1.25.0 [generated]
See full diff in compare view

Updates golang.org/x/time from 0.14.0 to 0.15.0

Commits

812b343 all: upgrade go directive to at least 1.25.0 [generated]
See full diff in compare view

Updates google.golang.org/api from 0.269.0 to 0.270.0

Release notes

Sourced from google.golang.org/api's releases.

v0.270.0

0.270.0 (2026-03-08)

Features

all: Auto-regenerate discovery clients (#3515) (44db8ef)

all: Auto-regenerate discovery clients (#3518) (b3dc663)

all: Auto-regenerate discovery clients (#3519) (01c06b9)

all: Auto-regenerate discovery clients (#3520) (7ed0454)

all: Auto-regenerate discovery clients (#3521) (d11f54e)

all: Auto-regenerate discovery clients (#3523) (ce39b40)

all: Auto-regenerate discovery clients (#3525) (15b140d)

all: Auto-regenerate discovery clients (#3526) (1b18158)

all: Auto-regenerate discovery clients (#3527) (a932a45)

all: Auto-regenerate discovery clients (#3528) (f6ede69)

all: Auto-regenerate discovery clients (#3529) (b73e4fb)

option/internaloption: Add more option introspection (#3524) (ac5da8f)

option/internaloption: Unsafe option resolver (#3514) (b263cee)

Changelog

Sourced from google.golang.org/api's changelog.

0.270.0 (2026-03-08)

Features

all: Auto-regenerate discovery clients (#3515) (44db8ef)

all: Auto-regenerate discovery clients (#3518) (b3dc663)

all: Auto-regenerate discovery clients (#3519) (01c06b9)

all: Auto-regenerate discovery clients (#3520) (7ed0454)

all: Auto-regenerate discovery clients (#3521) (d11f54e)

all: Auto-regenerate discovery clients (#3523) (ce39b40)

all: Auto-regenerate discovery clients (#3525) (15b140d)

all: Auto-regenerate discovery clients (#3526) (1b18158)

all: Auto-regenerate discovery clients (#3527) (a932a45)

all: Auto-regenerate discovery clients (#3528) (f6ede69)

all: Auto-regenerate discovery clients (#3529) (b73e4fb)

option/internaloption: Add more option introspection (#3524) (ac5da8f)

option/internaloption: Unsafe option resolver (#3514) (b263cee)

Commits

ad5d5aa chore(main): release 0.270.0 (#3516)
b73e4fb feat(all): auto-regenerate discovery clients (#3529)
f6ede69 feat(all): auto-regenerate discovery clients (#3528)
7342fc2 chore(all): update all (#3522)
a932a45 feat(all): auto-regenerate discovery clients (#3527)
1b18158 feat(all): auto-regenerate discovery clients (#3526)
15b140d feat(all): auto-regenerate discovery clients (#3525)
ac5da8f feat(option/internaloption): add more option introspection (#3524)
ce39b40 feat(all): auto-regenerate discovery clients (#3523)
b263cee feat(option/internaloption): unsafe option resolver (#3514)
Additional commits viewable in compare view

Updates modernc.org/libc from 1.69.0 to 1.70.0

Commits

67e0c23 modernc.org/libc: linux_loong64b auto generate
d207e2e modernc.org/libc: riscv64 auto generate
e169bf0 modernc.org/libc: e5-1650 auto generate
dfb5042 modernc.org/libc: s390x auto generate
bf6ae87 modernc.org/libc: pi32 auto generate
019309b modernc.org/libc: ppc64le auto generate
7e57037 modernc.org/libc: pi64 auto generate
2ac009f modernc.org/libc: nuc64 auto generate
f24fc71 nuc64: auto deps
ceadef7 freebsd: += __inline_isnan{d,f,l}
See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the go-modules group with 12 updates: | Package | From | To | | --- | --- | --- | | [github.com/anchore/stereoscope](https://github.com/anchore/stereoscope) | `0.1.20` | `0.1.21` | | [github.com/anchore/syft](https://github.com/anchore/syft) | `1.42.1` | `1.42.2` | | [github.com/charmbracelet/colorprofile](https://github.com/charmbracelet/colorprofile) | `0.4.2` | `0.4.3` | | [github.com/mattn/go-runewidth](https://github.com/mattn/go-runewidth) | `0.0.20` | `0.0.21` | | [github.com/minio/minlz](https://github.com/minio/minlz) | `1.0.1` | `1.1.0` | | [github.com/wagoodman/go-progress](https://github.com/wagoodman/go-progress) | `0.0.0-20230925121702-07e42b3cdba0` | `0.0.0-20260303201901-10176f79b2c0` | | [golang.org/x/oauth2](https://github.com/golang/oauth2) | `0.35.0` | `0.36.0` | | [golang.org/x/sync](https://github.com/golang/sync) | `0.19.0` | `0.20.0` | | [golang.org/x/sys](https://github.com/golang/sys) | `0.41.0` | `0.42.0` | | [golang.org/x/time](https://github.com/golang/time) | `0.14.0` | `0.15.0` | | [google.golang.org/api](https://github.com/googleapis/google-api-go-client) | `0.269.0` | `0.270.0` | | [modernc.org/libc](https://gitlab.com/cznic/libc) | `1.69.0` | `1.70.0` | Updates `github.com/anchore/stereoscope` from 0.1.20 to 0.1.21 - [Release notes](https://github.com/anchore/stereoscope/releases) - [Changelog](https://github.com/anchore/stereoscope/blob/main/RELEASE.md) - [Commits](anchore/stereoscope@v0.1.20...v0.1.21) Updates `github.com/anchore/syft` from 1.42.1 to 1.42.2 - [Release notes](https://github.com/anchore/syft/releases) - [Changelog](https://github.com/anchore/syft/blob/main/RELEASE.md) - [Commits](anchore/syft@v1.42.1...v1.42.2) Updates `github.com/charmbracelet/colorprofile` from 0.4.2 to 0.4.3 - [Release notes](https://github.com/charmbracelet/colorprofile/releases) - [Commits](charmbracelet/colorprofile@v0.4.2...v0.4.3) Updates `github.com/mattn/go-runewidth` from 0.0.20 to 0.0.21 - [Commits](mattn/go-runewidth@v0.0.20...v0.0.21) Updates `github.com/minio/minlz` from 1.0.1 to 1.1.0 - [Release notes](https://github.com/minio/minlz/releases) - [Commits](minio/minlz@V1.0.1...v1.1.0) Updates `github.com/wagoodman/go-progress` from 0.0.0-20230925121702-07e42b3cdba0 to 0.0.0-20260303201901-10176f79b2c0 - [Commits](https://github.com/wagoodman/go-progress/commits) Updates `golang.org/x/oauth2` from 0.35.0 to 0.36.0 - [Commits](golang/oauth2@v0.35.0...v0.36.0) Updates `golang.org/x/sync` from 0.19.0 to 0.20.0 - [Commits](golang/sync@v0.19.0...v0.20.0) Updates `golang.org/x/sys` from 0.41.0 to 0.42.0 - [Commits](golang/sys@v0.41.0...v0.42.0) Updates `golang.org/x/time` from 0.14.0 to 0.15.0 - [Commits](golang/time@v0.14.0...v0.15.0) Updates `google.golang.org/api` from 0.269.0 to 0.270.0 - [Release notes](https://github.com/googleapis/google-api-go-client/releases) - [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md) - [Commits](googleapis/google-api-go-client@v0.269.0...v0.270.0) Updates `modernc.org/libc` from 1.69.0 to 1.70.0 - [Commits](https://gitlab.com/cznic/libc/compare/v1.69.0...v1.70.0) --- updated-dependencies: - dependency-name: github.com/anchore/stereoscope dependency-version: 0.1.21 dependency-type: indirect update-type: version-update:semver-patch dependency-group: go-modules - dependency-name: github.com/anchore/syft dependency-version: 1.42.2 dependency-type: indirect update-type: version-update:semver-patch dependency-group: go-modules - dependency-name: github.com/charmbracelet/colorprofile dependency-version: 0.4.3 dependency-type: indirect update-type: version-update:semver-patch dependency-group: go-modules - dependency-name: github.com/mattn/go-runewidth dependency-version: 0.0.21 dependency-type: indirect update-type: version-update:semver-patch dependency-group: go-modules - dependency-name: github.com/minio/minlz dependency-version: 1.1.0 dependency-type: indirect update-type: version-update:semver-minor dependency-group: go-modules - dependency-name: github.com/wagoodman/go-progress dependency-version: 0.0.0-20260303201901-10176f79b2c0 dependency-type: indirect update-type: version-update:semver-patch dependency-group: go-modules - dependency-name: golang.org/x/oauth2 dependency-version: 0.36.0 dependency-type: indirect update-type: version-update:semver-minor dependency-group: go-modules - dependency-name: golang.org/x/sync dependency-version: 0.20.0 dependency-type: indirect update-type: version-update:semver-minor dependency-group: go-modules - dependency-name: golang.org/x/sys dependency-version: 0.42.0 dependency-type: indirect update-type: version-update:semver-minor dependency-group: go-modules - dependency-name: golang.org/x/time dependency-version: 0.15.0 dependency-type: indirect update-type: version-update:semver-minor dependency-group: go-modules - dependency-name: google.golang.org/api dependency-version: 0.270.0 dependency-type: indirect update-type: version-update:semver-minor dependency-group: go-modules - dependency-name: modernc.org/libc dependency-version: 1.70.0 dependency-type: indirect update-type: version-update:semver-minor dependency-group: go-modules ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update go code labels Mar 9, 2026

idiap-bot added the semver:patch A change requiring a patch version bump label Mar 9, 2026

idiap-bot-reviewer approved these changes Mar 10, 2026

View reviewed changes

idiap-bot merged commit 07ff4bd into main Mar 10, 2026
9 of 10 checks passed

idiap-bot deleted the dependabot/go_modules/go-modules-0749391549 branch March 10, 2026 00:07

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): bump the go-modules group with 12 updates#90

chore(deps): bump the go-modules group with 12 updates#90
idiap-bot merged 1 commit intomainfrom
dependabot/go_modules/go-modules-0749391549

dependabot bot commented on behalf of github Mar 9, 2026

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Conversation

dependabot bot commented on behalf of github Mar 9, 2026

v0.1.21

Bug Fixes

Dependency Updates

Additional Changes

v1.42.2

Bug Fixes

Additional Changes

v0.4.3

Changelog

Fixed

v1.1.0

What's Changed

v0.270.0

0.270.0 (2026-03-08)

Features

0.270.0 (2026-03-08)

Features

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants