Skip to content

chore(deps): Bump the go-minor-patch group across 1 directory with 5 updates#276

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/go_modules/go-minor-patch-f00e7a59e5
Open

chore(deps): Bump the go-minor-patch group across 1 directory with 5 updates#276
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/go_modules/go-minor-patch-f00e7a59e5

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Apr 22, 2026
edited
Loading

Bumps the go-minor-patch group with 4 updates in the / directory: github.com/chainguard-dev/yam, github.com/itchyny/gojq, golang.org/x/net and golang.org/x/oauth2.

Updates github.com/chainguard-dev/yam from 0.2.53 to 0.2.56

Commits
  • 4ef11ff build(deps): bump step-security/harden-runner from 2.17.0 to 2.18.0 (#209)
  • 1f7a362 build(deps): bump chainguard-dev/actions from 1.6.13 to 1.6.14 (#207)
  • 2b35f17 build(deps): bump zizmorcore/zizmor-action from 0.5.2 to 0.5.3 (#208)
  • 2b6bed4 build(deps): bump step-security/action-actionlint from 1.69.1 to 1.72.0 (#206)
  • 10212d1 build(deps): bump step-security/harden-runner from 2.16.0 to 2.17.0 (#205)
  • 27c1ffe chore(workflows): add actionlint and zizmor action linters [SECINT-75] (#204)
  • 4d84634 build(deps): bump actions/setup-go from 6.3.0 to 6.4.0 (#200)
  • eeb3ecb build(deps): bump step-security/harden-runner from 2.16.0 to 2.16.1 (#201)
  • 38cd909 build(deps): bump chainguard-dev/actions from 1.6.10 to 1.6.13 (#203)
  • fbc0768 build(deps): bump chainguard-dev/actions from 1.6.9 to 1.6.10 (#198)
  • Additional commits viewable in compare view

Updates github.com/itchyny/gojq from 0.12.18 to 0.12.19

Release notes

Sourced from github.com/itchyny/gojq's releases.

Release v0.12.19

  • fix gsub and sub when the replacement emits multiple values
  • fix fmax, fmin, modf functions against NaN and infinities
  • fix join/1 to use add/0 implementation and handle null separator
  • fix del and delpaths on null to emit null
  • fix arithmetic operations on the minimum integer
  • fix significand function against subnormal numbers
  • fix handling of -- in cli flag parsing for jq compatibility
  • fix flatten/1 to emit error when the depth is NaN
  • fix array slice update to validate index types
  • fix string repetition boundary check to match jq behavior
  • implement splits/2 using match/2 for better jq compatibility
  • implement to_entries and from_entries in jq for simplicity
  • improve performance of regexp functions by caching compiled regexps
Changelog

Sourced from github.com/itchyny/gojq's changelog.

v0.12.19 (2026-04-01)

  • fix gsub and sub when the replacement emits multiple values
  • fix fmax, fmin, modf functions against NaN and infinities
  • fix join/1 to use add/0 implementation and handle null separator
  • fix del and delpaths on null to emit null
  • fix arithmetic operations on the minimum integer
  • fix significand function against subnormal numbers
  • fix handling of -- in cli flag parsing for jq compatibility
  • fix flatten/1 to emit error when the depth is NaN
  • fix array slice update to validate index types
  • fix string repetition boundary check to match jq behavior
  • implement splits/2 using match/2 for better jq compatibility
  • implement to_entries and from_entries in jq for simplicity
  • improve performance of regexp functions by caching compiled regexps
Commits
  • b7ebffb bump up version to 0.12.19
  • b02c97b update CHANGELOG.md for v0.12.19
  • d7ca9b5 implement to_entries and from_entries in jq for simplicity
  • bac8b0b update dependencies
  • 183cbec bump up Docker actions
  • 40707cf fix repeated argument type any
  • b5ece86 fix handling of -- in cli flag parsing for jq compatibility
  • cca2307 re-generate the parser.go file
  • ca5066d fix gsub and sub when the replacement emits multiple values
  • 0878958 improve performance of regexp functions by caching compiled regexps (fix #230)
  • Additional commits viewable in compare view

Updates golang.org/x/net from 0.50.0 to 0.53.0

Commits
  • a8d1fc1 go.mod: update golang.org/x dependencies
  • 056ac74 quic: avoid depending on golang.org/x/sys/unix
  • c85f611 http3: add http3 package for testing in std
  • 805fc81 http2: add transport API tests
  • e63b894 http2: support testing via net/http.Transport.RoundTrip
  • 9ee1e48 http2/hpack: prevent HeaderField from escaping during encoding
  • 1e71bd8 http2: prevent hanging Transport due to bad SETTINGS frame
  • 7bca150 internal/http3: respect net/http Server Shutdown context when shutting down
  • 44c41be internal/http3: prevent server from holding mutex when sleeping during shutdown
  • 228a67a internal/http3: add CloseIdleConnections support in transport
  • Additional commits viewable in compare view

Updates golang.org/x/oauth2 from 0.35.0 to 0.36.0

Commits
  • 4d954e6 all: upgrade go directive to at least 1.25.0 [generated]
  • See full diff in compare view

Updates golang.org/x/sync from 0.19.0 to 0.20.0

Commits
  • ec11c4a errgroup: fix a typo in the documentation
  • 1a58307 all: modernize interface{} -> any
  • 3172ca5 all: upgrade go directive to at least 1.25.0 [generated]
  • See full diff in compare view

@dependabot dependabot Bot added the dependencies Pull requests that update a dependency file label Apr 22, 2026
@dependabot
chore(deps): Bump the go-minor-patch group across 1 directory with 5 …
2f897ba 
…updates

Bumps the go-minor-patch group with 4 updates in the / directory: [github.com/chainguard-dev/yam](https://github.com/chainguard-dev/yam), [github.com/itchyny/gojq](https://github.com/itchyny/gojq), [golang.org/x/net](https://github.com/golang/net) and [golang.org/x/oauth2](https://github.com/golang/oauth2).


Updates `github.com/chainguard-dev/yam` from 0.2.53 to 0.2.56
- [Commits](chainguard-dev/yam@v0.2.53...v0.2.56)

Updates `github.com/itchyny/gojq` from 0.12.18 to 0.12.19
- [Release notes](https://github.com/itchyny/gojq/releases)
- [Changelog](https://github.com/itchyny/gojq/blob/main/CHANGELOG.md)
- [Commits](itchyny/gojq@v0.12.18...v0.12.19)

Updates `golang.org/x/net` from 0.50.0 to 0.53.0
- [Commits](golang/net@v0.50.0...v0.53.0)

Updates `golang.org/x/oauth2` from 0.35.0 to 0.36.0
- [Commits](golang/oauth2@v0.35.0...v0.36.0)

Updates `golang.org/x/sync` from 0.19.0 to 0.20.0
- [Commits](golang/sync@v0.19.0...v0.20.0)

---
updated-dependencies:
- dependency-name: github.com/chainguard-dev/yam
  dependency-version: 0.2.55
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go-minor-patch
- dependency-name: github.com/itchyny/gojq
  dependency-version: 0.12.19
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go-minor-patch
- dependency-name: golang.org/x/net
  dependency-version: 0.53.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-minor-patch
- dependency-name: golang.org/x/oauth2
  dependency-version: 0.36.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-minor-patch
- dependency-name: golang.org/x/sync
  dependency-version: 0.20.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-minor-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/go_modules/go-minor-patch-f00e7a59e5 branch from 046b0ab to 2f897ba Compare April 24, 2026 08:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@github-actions github-actions[bot] github-actions[bot] approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants