chore(deps): bump the others group across 1 directory with 11 updates by dependabot[bot] · Pull Request #2569 · future-architect/vuls

dependabot · 2026-06-01T00:11:30Z

Bumps the others group with 7 updates in the / directory:

Package	From	To
github.com/Azure/azure-sdk-for-go/sdk/storage/azblob	`1.6.4`	`1.7.0`
github.com/CycloneDX/cyclonedx-go	`0.10.0`	`0.11.0`
github.com/aws/aws-sdk-go-v2	`1.41.7`	`1.42.0`
github.com/aws/aws-sdk-go-v2/config	`1.32.17`	`1.32.25`
github.com/aws/aws-sdk-go-v2/service/s3	`1.101.0`	`1.103.3`
github.com/google/go-containerregistry	`0.21.5`	`0.21.6`
github.com/package-url/packageurl-go	`0.1.5`	`0.1.6`

Updates github.com/Azure/azure-sdk-for-go/sdk/storage/azblob from 1.6.4 to 1.7.0

Commits

624baba bump azcore version number
ce7217c Prep for azcore v1.7.0 release (#21149)
62a8079 Add support for shallow cloning azcore.Client instances (#21065) (#21098)
47286b0 Add flag to enable skipping of dependency checks (#21146)
ee762d4 Fix populating module name in telemetry policy (#20967) (#20971)
0243175 Prep azcore v1.6.1 for release (#20961)
9c9d62a Increment package version after release of azcore (#20740)
36f766d add sdk/resourcemanager/cosmos/armcosmos live test (#20705)
c005ed6 sdk/resourcemanager/network/armnetwork live test (#20331)
5fa7df4 add sdk/resourcemanager/compute/armcompute live test (#20048)
Additional commits viewable in compare view

Updates github.com/CycloneDX/cyclonedx-go from 0.10.0 to 0.11.0

Release notes

Sourced from github.com/CycloneDX/cyclonedx-go's releases.

v0.11.0

Changelog

Building and Packaging

32221d4829e8ec6007896af2d7f11fd6ba13d6c5: build(deps): bump actions/setup-go from 6.2.0 to 6.4.0 (#261) (@dependabot[bot])

a42a4dd9163df91c4173d41db2cc7ed67f0db0b6: build(deps): bump gitpod/workspace-go from 08a7c68 to 00059ff (#255) (@dependabot[bot])

9810ab9f48d46f134ad9a13bbabd1397cc64804e: build(deps): bump goreleaser/goreleaser-action from 6.4.0 to 7.2.1 (#263) (@dependabot[bot])

Others

2cef05662cba14b4ae948b1858fee532f8adadd1: Add comprehensive support for CycloneDX 1.7 specification (#257) (@alistair-mclean)

3ed34da50502f9b9d6ac9dff64df8b08e53aa2a5: Added 5 missing fields to match CycloneDX 1.6 spec: (#256) (@alistair-mclean)

Commits

a42a4dd build(deps): bump gitpod/workspace-go from 08a7c68 to 00059ff (#255)
9810ab9 build(deps): bump goreleaser/goreleaser-action from 6.4.0 to 7.2.1 (#263)
32221d4 build(deps): bump actions/setup-go from 6.2.0 to 6.4.0 (#261)
2cef056 Add comprehensive support for CycloneDX 1.7 specification (#257)
3ed34da Added 5 missing fields to match CycloneDX 1.6 spec: (#256)
See full diff in compare view

Updates github.com/aws/aws-sdk-go-v2 from 1.41.7 to 1.42.0

Commits

9a3190f Release 2026-06-08
b20dd5b Regenerated Clients
75a45ea Update API model
e736f55 Add preview of changes for standard retry mode behind flag (#3400)
ba08dc9 Release 2026-06-05.2
9a67e21 Revert schema serde (#3442)
51692f8 s3/transfermanager: avoid double-closing concurrentReader channel after read ...
f696d5b Release 2026-06-05
7efb8fd Regenerated Clients
1a420c5 Update endpoints model
Additional commits viewable in compare view

Updates github.com/aws/aws-sdk-go-v2/config from 1.32.17 to 1.32.25

Commits

0016334 Release 2026-06-10
396a182 Regenerated Clients
3eb8533 Update API model
7bbea79 Release 2026-06-09
1fefa6c Regenerated Clients
a2cf49f Update endpoints model
d87be68 Update API model
9a3190f Release 2026-06-08
b20dd5b Regenerated Clients
75a45ea Update API model
Additional commits viewable in compare view

Updates github.com/aws/aws-sdk-go-v2/credentials from 1.19.16 to 1.19.24

Commits

0016334 Release 2026-06-10
396a182 Regenerated Clients
3eb8533 Update API model
7bbea79 Release 2026-06-09
1fefa6c Regenerated Clients
a2cf49f Update endpoints model
d87be68 Update API model
9a3190f Release 2026-06-08
b20dd5b Regenerated Clients
75a45ea Update API model
Additional commits viewable in compare view

Updates github.com/aws/aws-sdk-go-v2/service/s3 from 1.101.0 to 1.103.3

Commits

9a3190f Release 2026-06-08
b20dd5b Regenerated Clients
75a45ea Update API model
e736f55 Add preview of changes for standard retry mode behind flag (#3400)
ba08dc9 Release 2026-06-05.2
9a67e21 Revert schema serde (#3442)
51692f8 s3/transfermanager: avoid double-closing concurrentReader channel after read ...
f696d5b Release 2026-06-05
7efb8fd Regenerated Clients
1a420c5 Update endpoints model
Additional commits viewable in compare view

Updates github.com/aws/aws-sdk-go-v2/service/sts from 1.42.1 to 1.43.3

Commits

fa369bd Release 2026-06-03
960ee4d Regenerated Clients
4b6df8b Update endpoints model
30b15dd Update API model
e8c72af enable schema-serde (#3421)
b4d02c5 Release 2026-06-02
48e375b Regenerated Clients
b8a4fc1 Update API model
e8627b4 Merge pull request #3430 from aws/fix-remove-ioutil
4e258a3 chore: update changelog description per review
Additional commits viewable in compare view

Updates github.com/google/go-containerregistry from 0.21.5 to 0.21.6

Release notes

Sourced from github.com/google/go-containerregistry's releases.

v0.21.6

What's Changed

fix: update dependencies to use new azure sdk components by @gaganhr94 in google/go-containerregistry#2262

transport: restore resp.Body in retryError so CheckError can parse it by @alliasgher in google/go-containerregistry#2264

pkg/registry: return 202 Accepted for PATCH chunk uploads by @alliasgher in google/go-containerregistry#2265

Follow OCI distribution spec for artifactType and annotations by @malt3 in google/go-containerregistry#2269

actions: attach Codecov token to coverage tests on main by @Subserial in google/go-containerregistry#2270

remote: use DeleteScope (with "delete" action) for manifest deletion by @alliasgher in google/go-containerregistry#2266

remote: limit concurrent layer pulls by @gnix0 in google/go-containerregistry#2271

pkg/registry: reject corrupt disk blobs by @gnix0 in google/go-containerregistry#2272

mutate: close layer readers during export by @gnix0 in google/go-containerregistry#2277

crane/flatten: preserve image media type when flattening by @alliasgher in google/go-containerregistry#2267

build(deps): bump goreleaser/goreleaser-action from 7.0.0 to 7.2.1 in the actions group across 1 directory by @dependabot[bot] in google/go-containerregistry#2273

build(deps): bump go.opentelemetry.io/otel from 1.36.0 to 1.41.0 by @dependabot[bot] in google/go-containerregistry#2278

build(deps): bump the go-deps group across 3 directories with 6 updates by @dependabot[bot] in google/go-containerregistry#2280

Replace go-homedir with os.UserHomeDir by @jammie-jelly in google/go-containerregistry#2282

pkg/name: only treat .localhost as non-HTTPS, not .local by @blackwell-systems in google/go-containerregistry#2281

transport: block unspecified IPs (0.0.0.0, ::) in validateRealmURL by @marwan9696 in google/go-containerregistry#2285

test(mutate): add Extract round-trip test for filesystem object preservation by @blackwell-systems in google/go-containerregistry#2283

experiments: remove deprecated support for estargz by @thaJeztah in google/go-containerregistry#2288

build(deps): bump aws-actions/configure-aws-credentials from 6.1.0 to 6.1.1 in the actions group by @dependabot[bot] in google/go-containerregistry#2289

fix: limit HTTP response body reads to prevent OOM by @evilgensec in google/go-containerregistry#2296

build(deps): bump the go-deps group across 3 directories with 6 updates by @dependabot[bot] in google/go-containerregistry#2297

transport: block redirects from token server to private/link-local addresses (SSRF fix) by @evilgensec in google/go-containerregistry#2292

pkg/v1/mutate: preserve relative symlinks that stay within rootfs in Extract by @anishesg in google/go-containerregistry#2279

validate: skip non-layer layers by @imjasonh in google/go-containerregistry#2298

remote: validate foreign layer URLs to prevent SSRF (fixes #2259) by @evilgensec in google/go-containerregistry#2293

remote: block SSRF via private-IP Location headers in blob uploads by @adilburaksen in google/go-containerregistry#2295

fix(mutate): preserve config blob and layers for non-Docker OCI artifacts by @blackwell-systems in google/go-containerregistry#2286

fix: preserve per-occurrence layer identity in mutate.Image.Layers() by @iahsanGill in google/go-containerregistry#2299

transport: retry HTTP 429 (Too Many Requests) by @iahsanGill in google/go-containerregistry#2301

transport: allow bearer realm at same host:port as registry by @iahsanGill in google/go-containerregistry#2302

Update go version to 1.26.3 by @Subserial in google/go-containerregistry#2300

New Contributors

@gaganhr94 made their first contribution in google/go-containerregistry#2262

@alliasgher made their first contribution in google/go-containerregistry#2264

@malt3 made their first contribution in google/go-containerregistry#2269

@gnix0 made their first contribution in google/go-containerregistry#2271

@blackwell-systems made their first contribution in google/go-containerregistry#2281

@marwan9696 made their first contribution in google/go-containerregistry#2285

@anishesg made their first contribution in google/go-containerregistry#2279

@adilburaksen made their first contribution in google/go-containerregistry#2295

@iahsanGill made their first contribution in google/go-containerregistry#2299

Full Changelog: google/go-containerregistry@v0.21.5...v0.21.6

Commits

53f7e39 Update go version to 1.26.3 (#2300)
bf87c3b transport: allow bearer realm at same host:port as registry (#2302)
c55facd transport: retry HTTP 429 (Too Many Requests) (#2301)
68a569e fix: preserve per-occurrence layer identity in Layers() (#2299)
35b354b fix(mutate): preserve config blob and layers for non-Docker OCI artifacts (#2...
e5983f2 remote: block SSRF via private-IP Location headers in blob uploads (#2295)
6dad820 remote: validate foreign layer URLs to prevent SSRF (fixes #2259) (#2293)
78bdf1b validate: skip non-layer layers (#2298)
c29d91c pkg/v1/mutate: preserve relative symlinks that stay within rootfs in Extract ...
a70d75a transport: block redirects from token server to private/link-local addresses ...
Additional commits viewable in compare view

Updates github.com/package-url/packageurl-go from 0.1.5 to 0.1.6

Release notes

Sourced from github.com/package-url/packageurl-go's releases.

v0.1.6

What's Changed

Optimize parsing and serialization performance by @andrew in package-url/packageurl-go#86

New Contributors

@andrew made their first contribution in package-url/packageurl-go#86

Full Changelog: package-url/packageurl-go@v0.1.5...v0.1.6

Commits

a74324e Optimize parsing and serialization performance (#86)
b41f387 Address review feedback and add chrome-extension validation
a546cc5 Optimize parsing and serialization performance
See full diff in compare view

Updates golang.org/x/term from 0.42.0 to 0.43.0

Commits

3c3e485 go.mod: update golang.org/x dependencies
See full diff in compare view

Updates golang.org/x/text from 0.36.0 to 0.37.0

Commits

3ef517e go.mod: update golang.org/x dependencies
See full diff in compare view

Bumps the others group with 7 updates in the / directory: | Package | From | To | | --- | --- | --- | | [github.com/Azure/azure-sdk-for-go/sdk/storage/azblob](https://github.com/Azure/azure-sdk-for-go) | `1.6.4` | `1.7.0` | | [github.com/CycloneDX/cyclonedx-go](https://github.com/CycloneDX/cyclonedx-go) | `0.10.0` | `0.11.0` | | [github.com/aws/aws-sdk-go-v2](https://github.com/aws/aws-sdk-go-v2) | `1.41.7` | `1.42.0` | | [github.com/aws/aws-sdk-go-v2/config](https://github.com/aws/aws-sdk-go-v2) | `1.32.17` | `1.32.25` | | [github.com/aws/aws-sdk-go-v2/service/s3](https://github.com/aws/aws-sdk-go-v2) | `1.101.0` | `1.103.3` | | [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry) | `0.21.5` | `0.21.6` | | [github.com/package-url/packageurl-go](https://github.com/package-url/packageurl-go) | `0.1.5` | `0.1.6` | Updates `github.com/Azure/azure-sdk-for-go/sdk/storage/azblob` from 1.6.4 to 1.7.0 - [Release notes](https://github.com/Azure/azure-sdk-for-go/releases) - [Commits](Azure/azure-sdk-for-go@sdk/storage/azblob/v1.6.4...sdk/azcore/v1.7.0) Updates `github.com/CycloneDX/cyclonedx-go` from 0.10.0 to 0.11.0 - [Release notes](https://github.com/CycloneDX/cyclonedx-go/releases) - [Commits](CycloneDX/cyclonedx-go@v0.10.0...v0.11.0) Updates `github.com/aws/aws-sdk-go-v2` from 1.41.7 to 1.42.0 - [Release notes](https://github.com/aws/aws-sdk-go-v2/releases) - [Commits](aws/aws-sdk-go-v2@v1.41.7...v1.42.0) Updates `github.com/aws/aws-sdk-go-v2/config` from 1.32.17 to 1.32.25 - [Release notes](https://github.com/aws/aws-sdk-go-v2/releases) - [Commits](aws/aws-sdk-go-v2@config/v1.32.17...config/v1.32.25) Updates `github.com/aws/aws-sdk-go-v2/credentials` from 1.19.16 to 1.19.24 - [Release notes](https://github.com/aws/aws-sdk-go-v2/releases) - [Commits](aws/aws-sdk-go-v2@credentials/v1.19.16...credentials/v1.19.24) Updates `github.com/aws/aws-sdk-go-v2/service/s3` from 1.101.0 to 1.103.3 - [Release notes](https://github.com/aws/aws-sdk-go-v2/releases) - [Commits](aws/aws-sdk-go-v2@service/s3/v1.101.0...service/s3/v1.103.3) Updates `github.com/aws/aws-sdk-go-v2/service/sts` from 1.42.1 to 1.43.3 - [Release notes](https://github.com/aws/aws-sdk-go-v2/releases) - [Commits](aws/aws-sdk-go-v2@service/s3/v1.42.1...service/amp/v1.43.3) Updates `github.com/google/go-containerregistry` from 0.21.5 to 0.21.6 - [Release notes](https://github.com/google/go-containerregistry/releases) - [Commits](google/go-containerregistry@v0.21.5...v0.21.6) Updates `github.com/package-url/packageurl-go` from 0.1.5 to 0.1.6 - [Release notes](https://github.com/package-url/packageurl-go/releases) - [Commits](package-url/packageurl-go@v0.1.5...v0.1.6) Updates `golang.org/x/term` from 0.42.0 to 0.43.0 - [Commits](golang/term@v0.42.0...v0.43.0) Updates `golang.org/x/text` from 0.36.0 to 0.37.0 - [Release notes](https://github.com/golang/text/releases) - [Commits](golang/text@v0.36.0...v0.37.0) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go-v2 dependency-version: 1.41.8 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: others - dependency-name: github.com/aws/aws-sdk-go-v2/config dependency-version: 1.32.19 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: others - dependency-name: github.com/aws/aws-sdk-go-v2/credentials dependency-version: 1.19.18 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: others - dependency-name: github.com/aws/aws-sdk-go-v2/service/s3 dependency-version: 1.102.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: others - dependency-name: github.com/aws/aws-sdk-go-v2/service/sts dependency-version: 1.42.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: others - dependency-name: github.com/Azure/azure-sdk-for-go/sdk/storage/azblob dependency-version: 1.7.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: others - dependency-name: github.com/CycloneDX/cyclonedx-go dependency-version: 0.11.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: others - dependency-name: github.com/google/go-containerregistry dependency-version: 0.21.6 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: others - dependency-name: github.com/package-url/packageurl-go dependency-version: 0.1.6 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: others - dependency-name: golang.org/x/term dependency-version: 0.43.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: others - dependency-name: golang.org/x/text dependency-version: 0.37.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: others ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Jun 1, 2026

dependabot Bot force-pushed the dependabot/go_modules/master/others-2c8006f105 branch from 7d654d4 to f3209f1 Compare June 3, 2026 18:05

dependabot Bot force-pushed the dependabot/go_modules/master/others-2c8006f105 branch from f3209f1 to 66e3b8e Compare June 15, 2026 00:10

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

chore(deps): bump the others group across 1 directory with 11 updates#2569

chore(deps): bump the others group across 1 directory with 11 updates#2569
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/go_modules/master/others-2c8006f105

dependabot Bot commented on behalf of github Jun 1, 2026 •

edited

Loading

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Uh oh!

Conversation

dependabot Bot commented on behalf of github Jun 1, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

v0.11.0

Changelog

Building and Packaging

Others

v0.21.6

What's Changed

New Contributors

v0.1.6

What's Changed

New Contributors

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

dependabot Bot commented on behalf of github Jun 1, 2026 •

edited

Loading