Skip to content

chore(deps): bump the dependencies group with 7 updates#1237

Merged
github-actions[bot] merged 1 commit into
masterfrom
dependabot/go_modules/dependencies-5f2cf7d807
Jul 1, 2026
Merged

chore(deps): bump the dependencies group with 7 updates#1237
github-actions[bot] merged 1 commit into
masterfrom
dependabot/go_modules/dependencies-5f2cf7d807

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 1, 2026

Copy link
Copy Markdown
Contributor

Bumps the dependencies group with 7 updates:

Package From To
github.com/Scalingo/go-utils/logger 1.12.1 1.12.2
github.com/urfave/cli/v3 3.9.0 3.10.1
github.com/cloudflare/circl 1.6.3 1.6.4
github.com/cyphar/filepath-securejoin 0.6.1 0.7.0
github.com/klauspost/cpuid/v2 2.3.0 2.4.0
github.com/mattn/go-colorable 0.1.14 0.1.15
github.com/mattn/go-runewidth 0.0.23 0.0.24

Updates github.com/Scalingo/go-utils/logger from 1.12.1 to 1.12.2

Commits
  • 05faa22 Merge pull request #1566 from Scalingo/release/logger/1.12.2
  • 835c8f0 Merge pull request #1562 from Scalingo/release/etcd/1.2.2
  • 9dae025 Merge pull request #1574 from Scalingo/release/mongo/2.0.0
  • 23d92d8 [mongo] Bump v2.0.0
  • 9597516 Merge pull request #1573 from Scalingo/release/otel/0.9.0
  • a8cca2e [otel] Bump v0.9.0
  • 91c531e Merge pull request #1568 from Scalingo/fix/1567/otel-graceful-shutdown
  • a3bc2e1 Lint and review
  • 1bcd261 Merge pull request #1559 from Scalingo/release/crypto/2.0.0
  • b51225e Merge pull request #1572 from Scalingo/release/graceful/1.3.3
  • Additional commits viewable in compare view

Updates github.com/urfave/cli/v3 from 3.9.0 to 3.10.1

Release notes

Sourced from github.com/urfave/cli/v3's releases.

v3.10.1

What's Changed

New Contributors

Full Changelog: urfave/cli@v3.10.0...v3.10.1

v3.10.0

What's Changed

Full Changelog: urfave/cli@v3.9.1...v3.10.0

v3.9.1

What's Changed

Full Changelog: urfave/cli@v3.9.0...v3.9.1

Commits
  • c5f123b Merge pull request #2322 from lihan3238/fix-2249
  • 8449859 Merge branch 'main' into fix-2249
  • 02bdfb0 Merge pull request #2374 from urfave/fix/completion-subcommand-order
  • 49e84c0 Merge pull request #2330 from c-tonneslan/fix/version-alias-conflict-with-use...
  • 54d38c9 v3: yield the version flag's -v alias to a user-defined flag
  • 0242574 Merge pull request #2369 from urfave/fix/gfmrun-count-and-examples
  • 80f2625 test: explain why completionShells is mutated in completion error tests
  • 0045bbd fix: keep completion subcommand order deterministic in help output
  • f980ca8 Merge pull request #2371 from urfave/dependabot/github_actions/actions/checko...
  • b5e4348 chore(deps): bump actions/checkout from 6 to 7
  • Additional commits viewable in compare view

Updates github.com/cloudflare/circl from 1.6.3 to 1.6.4

Release notes

Sourced from github.com/cloudflare/circl's releases.

CIRCL v1.6.4

What's Changed

New Contributors

Full Changelog: cloudflare/circl@v1.6.3...v1.6.4

Commits
  • 901199c Release CIRCL v1.6.4
  • 5e37b40 abe/cpabe/tkn20: reject circuits with invalid topologies.
  • 4ea7e90 abe/cpabe/tkn20: handle malformed ciphertext header.
  • ae0b5c4 abe/cpabe/tkn20: enforce wire count matches policy.
  • 9547f48 abe/cpabe/tkn20: handle short ciphertexts as errors.
  • bfa7605 abe/cpabe/tkn20: reject ciphertexts with trailing data.
  • bdde3c7 abe/cpabe/tkn20: bound recursion depth when parsing policies.
  • 03204f3 ecc/bls12381: check input length for infinity encoding in SetBytes. (#618)
  • e9bd81b Add AGENTS.md and REVIEW.md for AI agent and human reviewer guidance
  • 02ab708 oprf: reject identity element as public key.
  • Additional commits viewable in compare view

Updates github.com/cyphar/filepath-securejoin from 0.6.1 to 0.7.0

Changelog

Sourced from github.com/cyphar/filepath-securejoin's changelog.

[0.7.0] - 2025-06-17

You talk of times of peace for all, and then prepare for war.

Changed

  • Update to cyphar.com/go-pathrs@0.2.5, which included a build-time API breakage that we needed to work around. The API of this library is unchanged by this, but users should make sure to update to v0.7.0 of filepath-securejoin if they use the libpathrs built tag and have update to libpathrs v0.2.5.
Commits
  • 8096a95 VERSION: release v0.7.0
  • 1324ccb merge #101 into cyphar/filepath-securejoin:main
  • dd8f0bb deps: bump to cyphar.com/go-pathrs@v0.2.5
  • c9a7725 gha: bump golangci-lint to v2.12
  • 2e968bd Merge pull request #91 from cyphar/dependabot/github_actions/actions/download...
  • 2879148 Merge pull request #90 from cyphar/dependabot/github_actions/actions/upload-a...
  • 07b805b build(deps): bump actions/download-artifact from 6 to 7
  • 8507844 build(deps): bump actions/upload-artifact from 5 to 6
  • daef0cf Merge pull request #89 from cyphar/dependabot/github_actions/actions/checkout-6
  • 95f8ea4 build(deps): bump actions/checkout from 5 to 6
  • Additional commits viewable in compare view

Updates github.com/klauspost/cpuid/v2 from 2.3.0 to 2.4.0

Release notes

Sourced from github.com/klauspost/cpuid/v2's releases.

v2.4.0

What's Changed

New Contributors

Full Changelog: klauspost/cpuid@v2.3.0...v2.4.0

Commits

Updates github.com/mattn/go-colorable from 0.1.14 to 0.1.15

Commits
  • 8bf39a2 Merge pull request #78 from mattn/windows-write-fastpath
  • d7a88e0 Bump checkout to v4 and setup-go to v5
  • 4dd1c6d Update CI matrix to Go 1.24-1.26
  • 09158f8 Fast path for plaintext writes and cache text attribute on Windows
  • 171d5b4 Add Windows writer benchmarks
  • 74f8ed1 Merge pull request #72 from alexandear/fix-test-typo
  • 50c5b53 Fix typo in TestNonColorableNil
  • See full diff in compare view

Updates github.com/mattn/go-runewidth from 0.0.23 to 0.0.24

Commits
  • 0383c20 Merge pull request #96 from mattn/optimize-eastasian-width-table
  • 37796e5 Optimize EastAsian RuneWidth with precomputed width table
  • e8dc57a Revise security policy and supported versions
  • See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the dependencies group with 7 updates:

| Package | From | To |
| --- | --- | --- |
| [github.com/Scalingo/go-utils/logger](https://github.com/Scalingo/go-utils) | `1.12.1` | `1.12.2` |
| [github.com/urfave/cli/v3](https://github.com/urfave/cli) | `3.9.0` | `3.10.1` |
| [github.com/cloudflare/circl](https://github.com/cloudflare/circl) | `1.6.3` | `1.6.4` |
| [github.com/cyphar/filepath-securejoin](https://github.com/cyphar/filepath-securejoin) | `0.6.1` | `0.7.0` |
| [github.com/klauspost/cpuid/v2](https://github.com/klauspost/cpuid) | `2.3.0` | `2.4.0` |
| [github.com/mattn/go-colorable](https://github.com/mattn/go-colorable) | `0.1.14` | `0.1.15` |
| [github.com/mattn/go-runewidth](https://github.com/mattn/go-runewidth) | `0.0.23` | `0.0.24` |


Updates `github.com/Scalingo/go-utils/logger` from 1.12.1 to 1.12.2
- [Release notes](https://github.com/Scalingo/go-utils/releases)
- [Changelog](https://github.com/Scalingo/go-utils/blob/master/CHANGELOG_LEGACY.md)
- [Commits](Scalingo/go-utils@logger/v1.12.1...logger/v1.12.2)

Updates `github.com/urfave/cli/v3` from 3.9.0 to 3.10.1
- [Release notes](https://github.com/urfave/cli/releases)
- [Changelog](https://github.com/urfave/cli/blob/main/docs/CHANGELOG.md)
- [Commits](urfave/cli@v3.9.0...v3.10.1)

Updates `github.com/cloudflare/circl` from 1.6.3 to 1.6.4
- [Release notes](https://github.com/cloudflare/circl/releases)
- [Commits](cloudflare/circl@v1.6.3...v1.6.4)

Updates `github.com/cyphar/filepath-securejoin` from 0.6.1 to 0.7.0
- [Release notes](https://github.com/cyphar/filepath-securejoin/releases)
- [Changelog](https://github.com/cyphar/filepath-securejoin/blob/main/CHANGELOG.md)
- [Commits](cyphar/filepath-securejoin@v0.6.1...v0.7.0)

Updates `github.com/klauspost/cpuid/v2` from 2.3.0 to 2.4.0
- [Release notes](https://github.com/klauspost/cpuid/releases)
- [Commits](klauspost/cpuid@v2.3.0...v2.4.0)

Updates `github.com/mattn/go-colorable` from 0.1.14 to 0.1.15
- [Commits](mattn/go-colorable@v0.1.14...v0.1.15)

Updates `github.com/mattn/go-runewidth` from 0.0.23 to 0.0.24
- [Commits](mattn/go-runewidth@v0.0.23...v0.0.24)

---
updated-dependencies:
- dependency-name: github.com/Scalingo/go-utils/logger
  dependency-version: 1.12.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: github.com/urfave/cli/v3
  dependency-version: 3.10.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: github.com/cloudflare/circl
  dependency-version: 1.6.4
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: github.com/cyphar/filepath-securejoin
  dependency-version: 0.7.0
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: github.com/klauspost/cpuid/v2
  dependency-version: 2.4.0
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: github.com/mattn/go-colorable
  dependency-version: 0.1.15
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: github.com/mattn/go-runewidth
  dependency-version: 0.0.24
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Jul 1, 2026
@dependabot dependabot Bot requested a review from a team as a code owner July 1, 2026 00:03
@dependabot dependabot Bot added the dependencies Pull requests that update a dependency file label Jul 1, 2026
@dependabot dependabot Bot requested review from SCedricThomas and removed request for a team July 1, 2026 00:03
@dependabot dependabot Bot added the go Pull requests that update Go code label Jul 1, 2026
@github-actions github-actions Bot enabled auto-merge July 1, 2026 00:03
@github-actions github-actions Bot merged commit 5ec0fed into master Jul 1, 2026
7 checks passed
@github-actions github-actions Bot deleted the dependabot/go_modules/dependencies-5f2cf7d807 branch July 1, 2026 00:04
Comment thread go.mod
github.com/cloudflare/circl v1.6.3 // indirect
github.com/cyphar/filepath-securejoin v0.6.1 // indirect
github.com/cloudflare/circl v1.6.4 // indirect
github.com/cyphar/filepath-securejoin v0.7.0 // indirect

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Legal Risk

github.com/cyphar/filepath-securejoin 0.7.0 was released under the MPL-2.0 license, a license that
has been flagged by your organization for consideration.

Recommendation

While merging is not directly blocked, it's best to pause and consider what it means to use this license before continuing. If you are unsure, reach out to your security team or Semgrep admin to address this issue.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file go Pull requests that update Go code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants