Skip to content

Bump the go-modules group with 14 updates #1291

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Sep 8, 2025
Merged

Bump the go-modules group with 14 updates #1291

merged 1 commit into from
Sep 8, 2025

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Sep 8, 2025

Bumps the go-modules group with 14 updates:

Package From To
github.com/hashicorp/go-getter 1.7.10 1.8.0
github.com/lucasb-eyer/go-colorful 1.2.0 1.3.0
github.com/olekukonko/ll 0.1.0 0.1.1
github.com/pjbgf/sha1cd 0.4.0 0.5.0
github.com/vbatts/go-mtree 0.5.4 0.6.0
github.com/zclconf/go-cty 1.16.4 1.17.0
golang.org/x/crypto 0.41.0 0.42.0
golang.org/x/mod 0.27.0 0.28.0
golang.org/x/oauth2 0.30.0 0.31.0
golang.org/x/sync 0.16.0 0.17.0
golang.org/x/sys 0.35.0 0.36.0
golang.org/x/term 0.34.0 0.35.0
golang.org/x/text 0.28.0 0.29.0
golang.org/x/time 0.12.0 0.13.0

Updates github.com/hashicorp/go-getter from 1.7.10 to 1.8.0

Release notes

Sourced from github.com/hashicorp/go-getter's releases.

v1.8.0

What's Changed

New Contributors

Full Changelog: hashicorp/go-getter@v1.7.9...v1.8.0

Commits

Updates github.com/lucasb-eyer/go-colorful from 1.2.0 to 1.3.0

Release notes

Sourced from github.com/lucasb-eyer/go-colorful's releases.

v1.3.0

If you'd like to support go-colorful's development you can support me or Lucas (the original developer) through GitHub Sponsors, check out the Sponsor button up top. I also have a Ko-Fi for one-time donations.

The rest of this message is copied from the CHANGELOG.md file in this repo.

Added

  • BlendLinearRgb (#50)
  • DistanceRiemersma (#52)
  • Introduce a function for sorting colors (#57)
  • YAML marshal/unmarshal support (#63)
  • Add support for OkLab and OkLch (#66)
  • Functions that use randomness now support specifying a custom source (#73)
  • Functions BlendOkLab and BlendOkLch (#70)

Changed

  • Hex() parsing is much faster (#78)

Fixed

  • Fix bug when doing HSV/HCL blending between a gray color and non-gray color (#60)
  • Docs for HSV/HSL were updated to note that hue 360 is not allowed (#71)

Deprecated

  • DistanceLinearRGB is deprecated for the name DistanceLinearRgb which is more in-line with the rest of the library
Changelog

Sourced from github.com/lucasb-eyer/go-colorful's changelog.

[1.3.0] - 2025-09-08

Added

  • BlendLinearRgb (#50)
  • DistanceRiemersma (#52)
  • Introduce a function for sorting colors (#57)
  • YAML marshal/unmarshal support (#63)
  • Add support for OkLab and OkLch (#66)
  • Functions that use randomness now support specifying a custom source (#73)
  • Functions BlendOkLab and BlendOkLch (#70)

Changed

  • Hex() parsing is much faster (#78)

Fixed

  • Fix bug when doing HSV/HCL blending between a gray color and non-gray color (#60)
  • Docs for HSV/HSL were updated to note that hue 360 is not allowed (#71)

Deprecated

  • DistanceLinearRGB is deprecated for the name DistanceLinearRgb which is more in-line with the rest of the library
Commits

Updates github.com/olekukonko/ll from 0.1.0 to 0.1.1

Commits

Updates github.com/pjbgf/sha1cd from 0.4.0 to 0.5.0

Release notes

Sourced from github.com/pjbgf/sha1cd's releases.

v0.5.0

What's Changed

Full Changelog: pjbgf/sha1cd@v0.4.0...v0.5.0

Commits
  • 85c7a3d Merge pull request #199 from pjbgf/amd64-simd
  • 75a4461 ubc: Remove native implementations
  • e239975 amd64: Introduce SHANI implementation
  • f052d33 Merge pull request #198 from pjbgf/arm
  • 8792028 arm64: Introduce SIMD implementation
  • 1d04cf2 Remove redundant go:generate instances
  • 6fb6277 Run golden tests on generic and native implementations
  • 88099dc ubc: Add noescape and nosplit directives
  • 2692cee cgo: Align digest creation with purego implementation
  • d390839 Merge pull request #197 from pjbgf/bench
  • Additional commits viewable in compare view

Updates github.com/vbatts/go-mtree from 0.5.4 to 0.6.0

Release notes

Sourced from github.com/vbatts/go-mtree's releases.

v0.6.0

Thanks, @​cyphar for fixes.

Commits
  • b3097c1 Merge pull request #208 from vbatts/modules
  • f0801f9 go*: update to go1.24, so all modules can be updated
  • 1f88b08 go versions: drop 1.18-1.23, add 1.24-1.25
  • da220ef update github.com/urfave/cli/v2 v2.27.5 -> v2.27.7
  • b454bc0 Merge pull request #207 from cyphar/error-exit-code
  • 945eeed tests: cli: properly check for exit status codes in error cases
  • 23151ae gomtree: return exit status != 0 on error
  • 12e242c Merge pull request #203 from vbatts/update-mods
  • 5383508 go*: update modules
  • See full diff in compare view

Updates github.com/zclconf/go-cty from 1.16.4 to 1.17.0

Release notes

Sourced from github.com/zclconf/go-cty's releases.

v1.17.0

cty now requires Go 1.23 or later.

  • cty.Value.Elements offers a modern iter.Seq2-based equivalent of cty.Value.ElementIterator.

  • cty.DeepValues offers a modern iter.Seq2-based equivalent of cty.Walk.

  • cty.Value.WrangleMarksDeep allows inspecting and modifying individual marks throughout a possibly-nested data structure.

    Having now got some experience using marks more extensively in some callers, it's become clear that it's often necessary for different subsystems to be able to collaborate using independent marks without upsetting each other's assumptions. Today that tends to be achieved using hand-written transforms either with cty.Transform or cty.Value.UnmarkDeepWithPaths/cty.Value.MarkWithPaths, both of which can be pretty expensive even in the common case where there are no marks present at all.

    This new function allows inspecting and transforming marks with far less overhead, by creating new values only for parts of a structure that actually need to change and by reusing (rather than recreating) the "payloads" of the values being modified when we know that only the marks have changed.

  • cty.ValueMarksOfType and cty.ValueMarksOfTypeDeep make it easier to use type-based rather than value-based mark schemes, where different values of a common type are used to track a specific kind of relationship with multiple external values.

  • cty.Value.HasMarkDeep provides a "deep" version of the existing cty.Value.HasMark, searching throughout a possibly-nested structure for any values that have the given mark.

  • cty.Value.UnmarkDeep and cty.Value.UnmarkDeepWithPaths are now implemented in terms of cty.Value.WrangleMarksDeep, so they benefit from its reduced overhead. In particular they avoid reconstructing a data structure that contains no marked values at all.

  • cty.Value.MarkWithPaths now has a fast path when it's given a zero-length PathValueMarks, in which case it just returns the value it was given with no modifications.

Changelog

Sourced from github.com/zclconf/go-cty's changelog.

1.17.0 (September 5, 2025)

cty now requires Go 1.23 or later.

  • cty.Value.Elements offers a modern iter.Seq2-based equivalent of cty.Value.ElementIterator.

  • cty.DeepValues offers a modern iter.Seq2-based equivalent of cty.Walk.

  • cty.Value.WrangleMarksDeep allows inspecting and modifying individual marks throughout a possibly-nested data structure.

    Having now got some experience using marks more extensively in some callers, it's become clear that it's often necessary for different subsystems to be able to collaborate using independent marks without upsetting each other's assumptions. Today that tends to be achieved using hand-written transforms either with cty.Transform or cty.Value.UnmarkDeepWithPaths/cty.Value.MarkWithPaths, both of which can be pretty expensive even in the common case where there are no marks present at all.

    This new function allows inspecting and transforming marks with far less overhead, by creating new values only for parts of a structure that actually need to change and by reusing (rather than recreating) the "payloads" of the values being modified when we know that only the marks have changed.

  • cty.ValueMarksOfType and cty.ValueMarksOfTypeDeep make it easier to use type-based rather than value-based mark schemes, where different values of a common type are used to track a specific kind of relationship with multiple external values.

  • cty.Value.HasMarkDeep provides a "deep" version of the existing cty.Value.HasMark, searching throughout a possibly-nested structure for any values that have the given mark.

  • cty.Value.UnmarkDeep and cty.Value.UnmarkDeepWithPaths are now implemented in terms of cty.Value.WrangleMarksDeep, so they benefit from its reduced overhead. In particular they avoid reconstructing a data structure that contains no marked values at all.

  • cty.Value.MarkWithPaths now has a fast path when it's given a zero-length PathValueMarks, in which case it just returns the value it was given with no modifications.

Commits
  • da4c600 CHANGELOG: Prepare for v1.17.0 release
  • b13ddd4 cty: Use WrangleMarksDeep for UnmarkDeep and UnmarkDeepWithPaths
  • 4453ac2 cty: Use DeepValues instead of Walk for deep marks inspections
  • f833b10 Bulk replace interface{} -> any
  • d4bb9d4 cty: Various new mark-inspecting helpers
  • 31572cf cty+ctymarks: Deep mark wrangling helper
  • d95a68c cty: Modern iter.Seq2 equivalents of Value.ElementIterator and Walk
  • See full diff in compare view

Updates golang.org/x/crypto from 0.41.0 to 0.42.0

Commits
  • 5307a0c go.mod: update golang.org/x dependencies
  • 9d77937 acme: include order problem in OrderError
  • 8f580de ssh: remove Go 1.24 build tag for ML-KEM kex
  • a4d1237 ssh/knownhosts: improve IPv6 support in Normalize
  • b8d8dae curve25519: include potential fips140=only error in panic message
  • f5a2eab ssh: use curve25519.X25519 instead of curve25519.ScalarMult
  • 44ecf3a all: upgrade go directive to at least 1.24.0 [generated]
  • See full diff in compare view

Updates golang.org/x/mod from 0.27.0 to 0.28.0

Commits
  • 1759e96 go.mod: update golang.org/x dependencies
  • f060e16 all: upgrade go directive to at least 1.24.0 [generated]
  • See full diff in compare view

Updates golang.org/x/oauth2 from 0.30.0 to 0.31.0

Commits
  • 014cf77 all: upgrade go directive to at least 1.24.0 [generated]
  • 3c76ce5 endpoints: correct Naver OAuth2 endpoint URLs
  • See full diff in compare view

Updates golang.org/x/sync from 0.16.0 to 0.17.0

Commits
  • 04914c2 all: upgrade go directive to at least 1.24.0 [generated]
  • See full diff in compare view

Updates golang.org/x/sys from 0.35.0 to 0.36.0

Commits
  • b06ce05 windows: add FILE_ZERO_DATA_INFORMATION
  • 689cc11 unix: fix Listen on solaris
  • a4712b9 plan9: drop go version tags for unsupported versions
  • 0293703 unix: add IFAL_* consts and ifaddrlblmsg on linux
  • ab85cbb unix/linux: extend rtnetlink constants
  • 9bd3753 unix: switch (*CPUSet).Zero to clear builtin
  • 899c232 windows/mkwinsyscall: use syscall.SyscallN instead of syscall.Syscall{6,9,12,15}
  • 543f21a all: upgrade go directive to at least 1.24.0 [generated]
  • See full diff in compare view

Updates golang.org/x/term from 0.34.0 to 0.35.0

Commits
  • 1a11b45 go.mod: update golang.org/x dependencies
  • d862cd5 all: upgrade go directive to at least 1.24.0 [generated]
  • See full diff in compare view

Updates golang.org/x/text from 0.28.0 to 0.29.0

Commits
  • e69f31b go.mod: update golang.org/x dependencies
  • 60c9786 all: upgrade go directive to at least 1.24.0 [generated]
  • See full diff in compare view

Updates golang.org/x/time from 0.12.0 to 0.13.0

Commits
  • c0b0320 all: upgrade go directive to at least 1.24.0 [generated]
  • See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Bump the go-modules group with 14 updates
15c6cc2 
Bumps the go-modules group with 14 updates:

| Package | From | To |
| --- | --- | --- |
| [github.com/hashicorp/go-getter](https://github.com/hashicorp/go-getter) | `1.7.10` | `1.8.0` |
| [github.com/lucasb-eyer/go-colorful](https://github.com/lucasb-eyer/go-colorful) | `1.2.0` | `1.3.0` |
| [github.com/olekukonko/ll](https://github.com/olekukonko/ll) | `0.1.0` | `0.1.1` |
| [github.com/pjbgf/sha1cd](https://github.com/pjbgf/sha1cd) | `0.4.0` | `0.5.0` |
| [github.com/vbatts/go-mtree](https://github.com/vbatts/go-mtree) | `0.5.4` | `0.6.0` |
| [github.com/zclconf/go-cty](https://github.com/zclconf/go-cty) | `1.16.4` | `1.17.0` |
| [golang.org/x/crypto](https://github.com/golang/crypto) | `0.41.0` | `0.42.0` |
| [golang.org/x/mod](https://github.com/golang/mod) | `0.27.0` | `0.28.0` |
| [golang.org/x/oauth2](https://github.com/golang/oauth2) | `0.30.0` | `0.31.0` |
| [golang.org/x/sync](https://github.com/golang/sync) | `0.16.0` | `0.17.0` |
| [golang.org/x/sys](https://github.com/golang/sys) | `0.35.0` | `0.36.0` |
| [golang.org/x/term](https://github.com/golang/term) | `0.34.0` | `0.35.0` |
| [golang.org/x/text](https://github.com/golang/text) | `0.28.0` | `0.29.0` |
| [golang.org/x/time](https://github.com/golang/time) | `0.12.0` | `0.13.0` |


Updates `github.com/hashicorp/go-getter` from 1.7.10 to 1.8.0
- [Release notes](https://github.com/hashicorp/go-getter/releases)
- [Changelog](https://github.com/hashicorp/go-getter/blob/main/.goreleaser.yml)
- [Commits](https://github.com/hashicorp/go-getter/commits/v1.8.0)

Updates `github.com/lucasb-eyer/go-colorful` from 1.2.0 to 1.3.0
- [Release notes](https://github.com/lucasb-eyer/go-colorful/releases)
- [Changelog](https://github.com/lucasb-eyer/go-colorful/blob/master/CHANGELOG.md)
- [Commits](lucasb-eyer/go-colorful@v1.2.0...v1.3.0)

Updates `github.com/olekukonko/ll` from 0.1.0 to 0.1.1
- [Commits](olekukonko/ll@v0.1.0...v0.1.1)

Updates `github.com/pjbgf/sha1cd` from 0.4.0 to 0.5.0
- [Release notes](https://github.com/pjbgf/sha1cd/releases)
- [Commits](pjbgf/sha1cd@v0.4.0...v0.5.0)

Updates `github.com/vbatts/go-mtree` from 0.5.4 to 0.6.0
- [Release notes](https://github.com/vbatts/go-mtree/releases)
- [Changelog](https://github.com/vbatts/go-mtree/blob/main/releases.md)
- [Commits](vbatts/go-mtree@v0.5.4...v0.6.0)

Updates `github.com/zclconf/go-cty` from 1.16.4 to 1.17.0
- [Release notes](https://github.com/zclconf/go-cty/releases)
- [Changelog](https://github.com/zclconf/go-cty/blob/main/CHANGELOG.md)
- [Commits](zclconf/go-cty@v1.16.4...v1.17.0)

Updates `golang.org/x/crypto` from 0.41.0 to 0.42.0
- [Commits](golang/crypto@v0.41.0...v0.42.0)

Updates `golang.org/x/mod` from 0.27.0 to 0.28.0
- [Commits](golang/mod@v0.27.0...v0.28.0)

Updates `golang.org/x/oauth2` from 0.30.0 to 0.31.0
- [Commits](golang/oauth2@v0.30.0...v0.31.0)

Updates `golang.org/x/sync` from 0.16.0 to 0.17.0
- [Commits](golang/sync@v0.16.0...v0.17.0)

Updates `golang.org/x/sys` from 0.35.0 to 0.36.0
- [Commits](golang/sys@v0.35.0...v0.36.0)

Updates `golang.org/x/term` from 0.34.0 to 0.35.0
- [Commits](golang/term@v0.34.0...v0.35.0)

Updates `golang.org/x/text` from 0.28.0 to 0.29.0
- [Release notes](https://github.com/golang/text/releases)
- [Commits](golang/text@v0.28.0...v0.29.0)

Updates `golang.org/x/time` from 0.12.0 to 0.13.0
- [Commits](golang/time@v0.12.0...v0.13.0)

---
updated-dependencies:
- dependency-name: github.com/hashicorp/go-getter
  dependency-version: 1.8.0
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: go-modules
- dependency-name: github.com/lucasb-eyer/go-colorful
  dependency-version: 1.3.0
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: go-modules
- dependency-name: github.com/olekukonko/ll
  dependency-version: 0.1.1
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: go-modules
- dependency-name: github.com/pjbgf/sha1cd
  dependency-version: 0.5.0
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: go-modules
- dependency-name: github.com/vbatts/go-mtree
  dependency-version: 0.6.0
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: go-modules
- dependency-name: github.com/zclconf/go-cty
  dependency-version: 1.17.0
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: go-modules
- dependency-name: golang.org/x/crypto
  dependency-version: 0.42.0
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: go-modules
- dependency-name: golang.org/x/mod
  dependency-version: 0.28.0
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: go-modules
- dependency-name: golang.org/x/oauth2
  dependency-version: 0.31.0
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: go-modules
- dependency-name: golang.org/x/sync
  dependency-version: 0.17.0
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: go-modules
- dependency-name: golang.org/x/sys
  dependency-version: 0.36.0
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: go-modules
- dependency-name: golang.org/x/term
  dependency-version: 0.35.0
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: go-modules
- dependency-name: golang.org/x/text
  dependency-version: 0.29.0
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: go-modules
- dependency-name: golang.org/x/time
  dependency-version: 0.13.0
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: go-modules
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Sep 8, 2025
@dependabot dependabot bot requested a review from a team as a code owner September 8, 2025 16:07
@paketo-bot paketo-bot added the semver:patch A change requiring a patch version bump label Sep 8, 2025
@paketo-bot paketo-bot merged commit 928193e into main Sep 8, 2025
9 of 10 checks passed
@paketo-bot paketo-bot deleted the dependabot/go_modules/go-modules-4b1db5b252 branch September 8, 2025 16:15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@paketo-bot-reviewer paketo-bot-reviewer paketo-bot-reviewer approved these changes

@mhdawson mhdawson Awaiting requested review from mhdawson mhdawson is a code owner automatically assigned from paketo-buildpacks/nodejs-maintainers

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file go Pull requests that update Go code semver:patch A change requiring a patch version bump

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@paketo-bot-reviewer @paketo-bot