chore(deps): bump the dependencies group with 7 updates#1237
Merged
github-actions[bot] merged 1 commit intoJul 1, 2026
Merged
Conversation
Bumps the dependencies group with 7 updates: | Package | From | To | | --- | --- | --- | | [github.com/Scalingo/go-utils/logger](https://github.com/Scalingo/go-utils) | `1.12.1` | `1.12.2` | | [github.com/urfave/cli/v3](https://github.com/urfave/cli) | `3.9.0` | `3.10.1` | | [github.com/cloudflare/circl](https://github.com/cloudflare/circl) | `1.6.3` | `1.6.4` | | [github.com/cyphar/filepath-securejoin](https://github.com/cyphar/filepath-securejoin) | `0.6.1` | `0.7.0` | | [github.com/klauspost/cpuid/v2](https://github.com/klauspost/cpuid) | `2.3.0` | `2.4.0` | | [github.com/mattn/go-colorable](https://github.com/mattn/go-colorable) | `0.1.14` | `0.1.15` | | [github.com/mattn/go-runewidth](https://github.com/mattn/go-runewidth) | `0.0.23` | `0.0.24` | Updates `github.com/Scalingo/go-utils/logger` from 1.12.1 to 1.12.2 - [Release notes](https://github.com/Scalingo/go-utils/releases) - [Changelog](https://github.com/Scalingo/go-utils/blob/master/CHANGELOG_LEGACY.md) - [Commits](Scalingo/go-utils@logger/v1.12.1...logger/v1.12.2) Updates `github.com/urfave/cli/v3` from 3.9.0 to 3.10.1 - [Release notes](https://github.com/urfave/cli/releases) - [Changelog](https://github.com/urfave/cli/blob/main/docs/CHANGELOG.md) - [Commits](urfave/cli@v3.9.0...v3.10.1) Updates `github.com/cloudflare/circl` from 1.6.3 to 1.6.4 - [Release notes](https://github.com/cloudflare/circl/releases) - [Commits](cloudflare/circl@v1.6.3...v1.6.4) Updates `github.com/cyphar/filepath-securejoin` from 0.6.1 to 0.7.0 - [Release notes](https://github.com/cyphar/filepath-securejoin/releases) - [Changelog](https://github.com/cyphar/filepath-securejoin/blob/main/CHANGELOG.md) - [Commits](cyphar/filepath-securejoin@v0.6.1...v0.7.0) Updates `github.com/klauspost/cpuid/v2` from 2.3.0 to 2.4.0 - [Release notes](https://github.com/klauspost/cpuid/releases) - [Commits](klauspost/cpuid@v2.3.0...v2.4.0) Updates `github.com/mattn/go-colorable` from 0.1.14 to 0.1.15 - [Commits](mattn/go-colorable@v0.1.14...v0.1.15) Updates `github.com/mattn/go-runewidth` from 0.0.23 to 0.0.24 - [Commits](mattn/go-runewidth@v0.0.23...v0.0.24) --- updated-dependencies: - dependency-name: github.com/Scalingo/go-utils/logger dependency-version: 1.12.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dependencies - dependency-name: github.com/urfave/cli/v3 dependency-version: 3.10.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies - dependency-name: github.com/cloudflare/circl dependency-version: 1.6.4 dependency-type: indirect update-type: version-update:semver-patch dependency-group: dependencies - dependency-name: github.com/cyphar/filepath-securejoin dependency-version: 0.7.0 dependency-type: indirect update-type: version-update:semver-minor dependency-group: dependencies - dependency-name: github.com/klauspost/cpuid/v2 dependency-version: 2.4.0 dependency-type: indirect update-type: version-update:semver-minor dependency-group: dependencies - dependency-name: github.com/mattn/go-colorable dependency-version: 0.1.15 dependency-type: indirect update-type: version-update:semver-patch dependency-group: dependencies - dependency-name: github.com/mattn/go-runewidth dependency-version: 0.0.24 dependency-type: indirect update-type: version-update:semver-patch dependency-group: dependencies ... Signed-off-by: dependabot[bot] <support@github.com>
| github.com/cloudflare/circl v1.6.3 // indirect | ||
| github.com/cyphar/filepath-securejoin v0.6.1 // indirect | ||
| github.com/cloudflare/circl v1.6.4 // indirect | ||
| github.com/cyphar/filepath-securejoin v0.7.0 // indirect |
There was a problem hiding this comment.
Legal Risk
github.com/cyphar/filepath-securejoin 0.7.0 was released under the MPL-2.0 license, a license that
has been flagged by your organization for consideration.
Recommendation
While merging is not directly blocked, it's best to pause and consider what it means to use this license before continuing. If you are unsure, reach out to your security team or Semgrep admin to address this issue.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bumps the dependencies group with 7 updates:
1.12.11.12.23.9.03.10.11.6.31.6.40.6.10.7.02.3.02.4.00.1.140.1.150.0.230.0.24Updates
github.com/Scalingo/go-utils/loggerfrom 1.12.1 to 1.12.2Commits
05faa22Merge pull request #1566 from Scalingo/release/logger/1.12.2835c8f0Merge pull request #1562 from Scalingo/release/etcd/1.2.29dae025Merge pull request #1574 from Scalingo/release/mongo/2.0.023d92d8[mongo] Bump v2.0.09597516Merge pull request #1573 from Scalingo/release/otel/0.9.0a8cca2e[otel] Bump v0.9.091c531eMerge pull request #1568 from Scalingo/fix/1567/otel-graceful-shutdowna3bc2e1Lint and review1bcd261Merge pull request #1559 from Scalingo/release/crypto/2.0.0b51225eMerge pull request #1572 from Scalingo/release/graceful/1.3.3Updates
github.com/urfave/cli/v3from 3.9.0 to 3.10.1Release notes
Sourced from github.com/urfave/cli/v3's releases.
Commits
c5f123bMerge pull request #2322 from lihan3238/fix-22498449859Merge branch 'main' into fix-224902bdfb0Merge pull request #2374 from urfave/fix/completion-subcommand-order49e84c0Merge pull request #2330 from c-tonneslan/fix/version-alias-conflict-with-use...54d38c9v3: yield the version flag's -v alias to a user-defined flag0242574Merge pull request #2369 from urfave/fix/gfmrun-count-and-examples80f2625test: explain why completionShells is mutated in completion error tests0045bbdfix: keep completion subcommand order deterministic in help outputf980ca8Merge pull request #2371 from urfave/dependabot/github_actions/actions/checko...b5e4348chore(deps): bump actions/checkout from 6 to 7Updates
github.com/cloudflare/circlfrom 1.6.3 to 1.6.4Release notes
Sourced from github.com/cloudflare/circl's releases.
Commits
901199cRelease CIRCL v1.6.45e37b40abe/cpabe/tkn20: reject circuits with invalid topologies.4ea7e90abe/cpabe/tkn20: handle malformed ciphertext header.ae0b5c4abe/cpabe/tkn20: enforce wire count matches policy.9547f48abe/cpabe/tkn20: handle short ciphertexts as errors.bfa7605abe/cpabe/tkn20: reject ciphertexts with trailing data.bdde3c7abe/cpabe/tkn20: bound recursion depth when parsing policies.03204f3ecc/bls12381: check input length for infinity encoding in SetBytes. (#618)e9bd81bAdd AGENTS.md and REVIEW.md for AI agent and human reviewer guidance02ab708oprf: reject identity element as public key.Updates
github.com/cyphar/filepath-securejoinfrom 0.6.1 to 0.7.0Changelog
Sourced from github.com/cyphar/filepath-securejoin's changelog.
Commits
8096a95VERSION: release v0.7.01324ccbmerge #101 into cyphar/filepath-securejoin:maindd8f0bbdeps: bump to cyphar.com/go-pathrs@v0.2.5c9a7725gha: bump golangci-lint to v2.122e968bdMerge pull request #91 from cyphar/dependabot/github_actions/actions/download...2879148Merge pull request #90 from cyphar/dependabot/github_actions/actions/upload-a...07b805bbuild(deps): bump actions/download-artifact from 6 to 78507844build(deps): bump actions/upload-artifact from 5 to 6daef0cfMerge pull request #89 from cyphar/dependabot/github_actions/actions/checkout-695f8ea4build(deps): bump actions/checkout from 5 to 6Updates
github.com/klauspost/cpuid/v2from 2.3.0 to 2.4.0Release notes
Sourced from github.com/klauspost/cpuid/v2's releases.
Commits
8590c16Apply go fix (#176)f26cd2eAdd arm64 go feature id (#175)caccf64Add riscv64 CPU feature detection (#173)504c492Upgrade CI to 1.26, fix arm64 noasm (#174)13f5f9cAdd FRED detection (#172)8f34153Add AVX512BMM (#170)Updates
github.com/mattn/go-colorablefrom 0.1.14 to 0.1.15Commits
8bf39a2Merge pull request #78 from mattn/windows-write-fastpathd7a88e0Bump checkout to v4 and setup-go to v54dd1c6dUpdate CI matrix to Go 1.24-1.2609158f8Fast path for plaintext writes and cache text attribute on Windows171d5b4Add Windows writer benchmarks74f8ed1Merge pull request #72 from alexandear/fix-test-typo50c5b53Fix typo in TestNonColorableNilUpdates
github.com/mattn/go-runewidthfrom 0.0.23 to 0.0.24Commits
0383c20Merge pull request #96 from mattn/optimize-eastasian-width-table37796e5Optimize EastAsian RuneWidth with precomputed width tablee8dc57aRevise security policy and supported versionsDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore <dependency name> major versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)@dependabot ignore <dependency name> minor versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)@dependabot ignore <dependency name>will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)@dependabot unignore <dependency name>will remove all of the ignore conditions of the specified dependency@dependabot unignore <dependency name> <ignore condition>will remove the ignore condition of the specified dependency and ignore conditions