chore(deps): bump the go_modules group across 12 directories with 10 updates

[dependabot]

Bumps the go_modules group with 7 updates in the / directory:

Package	From	To
github.com/docker/docker	25.0.5+incompatible	25.0.6+incompatible
github.com/moby/moby	25.0.3+incompatible	26.1.0+incompatible
github.com/redis/go-redis/v9	9.5.4	9.5.5
golang.org/x/crypto	0.21.0	0.31.0
helm.sh/helm/v3	3.14.2	3.14.3
github.com/go-git/go-git/v5	5.11.0	5.13.0
github.com/golang-jwt/jwt/v4	4.5.0	4.5.2

Bumps the go_modules group with 3 updates in the /contrib/grpcplugins/action/plugin-archive directory: golang.org/x/crypto, github.com/go-git/go-git/v5 and github.com/golang-jwt/jwt/v4.
Bumps the go_modules group with 3 updates in the /contrib/grpcplugins/action/plugin-artifactory-release-bundle-create directory: golang.org/x/crypto, github.com/go-git/go-git/v5 and github.com/golang-jwt/jwt/v4.
Bumps the go_modules group with 3 updates in the /contrib/grpcplugins/action/plugin-artifactory-release-bundle-distribute directory: golang.org/x/crypto, github.com/go-git/go-git/v5 and github.com/golang-jwt/jwt/v4.
Bumps the go_modules group with 3 updates in the /contrib/grpcplugins/action/plugin-tmpl directory: golang.org/x/crypto, github.com/go-git/go-git/v5 and github.com/golang-jwt/jwt/v4.
Bumps the go_modules group with 3 updates in the /contrib/integrations/artifactory/artifactory-build-info-plugin directory: golang.org/x/crypto, github.com/go-git/go-git/v5 and github.com/golang-jwt/jwt/v4.
Bumps the go_modules group with 3 updates in the /contrib/integrations/artifactory/artifactory-download-artifact-plugin directory: golang.org/x/crypto, github.com/go-git/go-git/v5 and github.com/golang-jwt/jwt/v4.
Bumps the go_modules group with 3 updates in the /contrib/integrations/artifactory/artifactory-promote-plugin directory: golang.org/x/crypto, github.com/go-git/go-git/v5 and github.com/golang-jwt/jwt/v4.
Bumps the go_modules group with 3 updates in the /contrib/integrations/artifactory/artifactory-release-plugin directory: golang.org/x/crypto, github.com/go-git/go-git/v5 and github.com/golang-jwt/jwt/v4.
Bumps the go_modules group with 3 updates in the /contrib/integrations/artifactory/artifactory-upload-artifact-plugin directory: golang.org/x/crypto, github.com/go-git/go-git/v5 and github.com/golang-jwt/jwt/v4.
Bumps the go_modules group with 1 update in the /sdk/interpolate directory: gopkg.in/yaml.v2.
Bumps the go_modules group with 3 updates in the /tools/smtpmock directory: golang.org/x/crypto, golang.org/x/net and gopkg.in/yaml.v2.

Updates github.com/docker/docker from 25.0.5+incompatible to 25.0.6+incompatible

Release notes

Sourced from github.com/docker/docker's releases.

v25.0.6

25.0.6

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

• docker/cli, 25.0.6 milestone
• moby/moby, 25.0.6 milestone
• Deprecated and removed features, see Deprecated Features.
• Changes to the Engine API, see API version history.

Security

This release contains a fix for CVE-2024-41110 / GHSA-v23v-6jw2-98fq that impacted setups using authorization plugins (AuthZ) for access control.

Bug fixes and enhancements

• [25.0] remove erroneous platform from image config OCI descriptor in docker save output. moby/moby#47695
• [25.0 backport] Fix a nil dereference when getting image history for images having layers without the Created value set. moby/moby#47759
• [25.0 backport] apparmor: Allow confined runc to kill containers. moby/moby#47830
• [25.0 backport] Fix an issue where rapidly promoting a Swarm node after another node was demoted could cause the promoted node to fail its promotion. moby/moby#47869
• [25.0 backport] don't depend on containerd platform.Parse to return a typed error. moby/moby#47890
• [25.0 backport] builder/mobyexporter: Add missing nil check moby/moby#47987

Packaging updates

• Update AWS SDK Go v2 to v1.24.1 for AWS CloudWatch logging driver. moby/moby#47724
• Update Go runtime to 1.21.12, which contains security fixes for CVE-2024-24791 moby/moby#48146
• Update Containerd (static binaries only) to v1.7.20. moby/moby#48199

Full Changelog: moby/moby@v25.0.5...v25.0.6

Commits

• b08a51f Merge pull request #48231 from austinvazquez/backport-vendor-otel-v0.46.1-to-...
• d151b0f vendor: OTEL v0.46.1 / v1.21.0
• c6ba9a5 Merge pull request #48225 from austinvazquez/backport-workflow-artifact-reten...
• 4673a3c Merge pull request #48227 from austinvazquez/backport-backport-branch-check-t...
• 30f8908 github/ci: Check if backport is opened against the expected branch
• 7454d6a ci: update workflow artifacts retention
• 65cc597 Merge commit from fork
• b722836 Merge pull request #48199 from austinvazquez/update-containerd-binary-to-1.7.20
• e8ecb9c update containerd binary to v1.7.20
• e6cae1f update containerd binary to v1.7.19
• Additional commits viewable in compare view

Updates github.com/moby/moby from 25.0.3+incompatible to 26.1.0+incompatible

Release notes

Sourced from github.com/moby/moby's releases.

v26.1.0

26.1.0

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

• docker/cli, 26.1.0 milestone
• moby/moby, 26.1.0 milestone
• Deprecated and removed features, see Deprecated Features.
• Changes to the Engine API, see API version history.

New

• Add configurable OpenTelemetry utilities and basic instrumentation to commands. For more information, see OpenTelemetry for the Docker CLI. docker/cli#4889

Bug fixes and enhancements

• Native Windows containers are configured with an internal DNS server for container name resolution, and external DNS servers for other lookups. Not all resolvers, including nslookup, fall back to the external resolvers when they get a SERVFAIL answer from the internal server. So, the internal DNS server can now be configured to forward requests to the external resolvers, by setting "features": {"windows-dns-proxy": true } in the daemon.json file. moby/moby#47584

[!NOTE] This will be the new default behavior in Docker Engine 27.0.

[!WARNING] The windows-dns-proxy feature flag will be removed in a future release.

• Swarm: Fix Subpath not being passed to the container config. moby/moby#47711
• Classic builder: Fix cache miss on WORKDIR <directory>/ build step (directory with a trailing slash). moby/moby#47723
• containerd image store: Fix docker images failing when any image in the store has unexpected target. moby/moby#47738

v26.0.2

26.0.2

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

• docker/cli, 26.0.2 milestone
• moby/moby, 26.0.2 milestone
• Deprecated and removed features, see Deprecated Features.
• Changes to the Engine API, see API version history.

Security

This release contains a security fix for CVE-2024-32473, an unexpected configuration of IPv6 on IPv4-only interfaces.

Bug fixes and enhancements

• CVE-2024-32473: Ensure IPv6 is disabled on interfaces only allocated an IPv4 address by the engine. moby#GHSA-x84c-p2g9-rqv9

v26.0.1

... (truncated)

Commits

• c8af8eb Merge pull request #47738 from vvoland/c8d-walk-image-badimagetarget
• 7d95fe8 c8d/list: Ignore unexpected image target
• 801fd16 Merge pull request #47735 from cpuguy83/better_walk_error
• 6667e96 Include more details in errnotManifestOrIndex
• ee8b788 Merge pull request #47734 from krissetto/image-history-timestamp-dereference
• 96c9353 Merge pull request #47723 from vvoland/builder-fix-workdir-slash
• ab570ab nil dereference fix on image history Created value
• 7532420 container/SetupWorkingDirectory: Don't mutate config
• a4d5b6b builder/normalizeWorkdir: Always return cleaned path
• e829cca Merge pull request #47584 from robmry/upstream_dns_windows
• Additional commits viewable in compare view

Updates github.com/redis/go-redis/v9 from 9.5.4 to 9.5.5

Release notes

Sourced from github.com/redis/go-redis/v9's releases.

v9.5.5

What's Changed

• fix: handle network error on SETINFO (#3295) (CVE-2025-29923)

Full Changelog: redis/go-redis@v9.5.4...v9.5.5

Commits

• 35d4e59 bump version to 9.5.5
• b413caa fix: handle network error on SETINFO (#3295) (CVE-2025-29923)
• See full diff in compare view

Updates golang.org/x/crypto from 0.21.0 to 0.31.0

Commits

• b4f1988 ssh: make the public key cache a 1-entry FIFO cache
• 7042ebc openpgp/clearsign: just use rand.Reader in tests
• 3e90321 go.mod: update golang.org/x dependencies
• 8c4e668 x509roots/fallback: update bundle
• 6018723 go.mod: update golang.org/x dependencies
• 71ed71b README: don't recommend go get
• 750a45f sha3: add MarshalBinary, AppendBinary, and UnmarshalBinary
• 36b1725 sha3: avoid trailing permutation
• 80ea76e sha3: fix padding for long cSHAKE parameters
• c17aa50 sha3: avoid buffer copy
• Additional commits viewable in compare view

Updates golang.org/x/net from 0.23.0 to 0.25.0

Commits

• 85d1d54 go.mod: update golang.org/x dependencies
• cde1dda proxy, http/httpproxy: do not mismatch IPv6 zone ids against hosts
• fe7f039 publicsuffix: spruce up code gen and speed up PublicSuffix
• 459513d internal/http3: move more common stream processing to genericConn
• aad0180 http2: fix flakiness from t.Log when GOOS=js
• b73e574 http2: don't log expected errors from writing invalid trailers
• 5f45c77 internal/http3: make read-data tests usable for server handlers
• 43c2540 http2, internal/httpcommon: reject userinfo in :authority
• 1d78a08 http2, internal/httpcommon: factor out server header logic for h2/h3
• 0d7dc54 quic: add Conn.ConnectionState
• Additional commits viewable in compare view

Updates helm.sh/helm/v3 from 3.14.2 to 3.14.3

Release notes

Sourced from helm.sh/helm/v3's releases.

Helm v3.14.3 is a patch release. Users are encouraged to upgrade for the best experience. Users are encouraged to upgrade for the best experience.

The community keeps growing, and we'd love to see you there!

• Join the discussion in Kubernetes Slack:
  • for questions and just to hang out
  • for discussing PRs, code, and bugs
• Hang out at the Public Developer Call: Thursday, 9:30 Pacific via Zoom
• Test, debug, and contribute charts: ArtifactHub/packages

Installation and Upgrading

Download Helm v3.14.3. The common platform binaries are here:

• MacOS amd64 (checksum / 4d5d01a94c7d6b07e71690dc1988bf3229680284c87f4242d28c6f1cc99653be)
• MacOS arm64 (checksum / dff794152b62b7c1a9ff615d510f8657bcd7a3727c668e0d9d4955f70d5f7573)
• Linux amd64 (checksum / 3c90f24e180f8c207b8a18e5ec82cb0fa49858a7a0a86e4ed52a98398681e00b)
• Linux arm (checksum / d4ff88f02d6731ec5dbde86a67bf391e673d0d9e87901727fbf62372aff106ec)
• Linux arm64 (checksum / 85e1573e76fa60af14ba7e9ec75db2129b6884203be866893fa0b3f7e41ccd5e)
• Linux i386 (checksum / af89e5df5cd21efe4dcaa478b19aaf17d22820716f93c1f098b00f1b7cfe1905)
• Linux ppc64le (checksum / aab121ca470e2a502cda849a9b3e92eeb9a32e213b0f0a79a95a04e375d26ce7)
• Linux s390x (checksum / d64fa8aced3244b549377741dc4e2db8109e5270c0723c11b547a9da5f99ad43)
• Linux riscv64 (checksum / f9f4e68bf43632f5df29e6c9fa760813d7e3537ed91d838cfdc2f103f8442b33)
• Windows amd64 (checksum / 369c6db1c114ef2a00793e9a587db6d7b2c72a23e37fd905c8deb78e9a8f7af6)

This release was signed with 672C 657B E06B 4B30 969C 4A57 4614 49C2 5E36 B98E and can be found at @​mattfarina keybase account. Please use the attached signatures for verifying this release using gpg.

The Quickstart Guide will get you going from there. For upgrade instructions or detailed installation notes, check the install guide. You can also use a script to install on any system with bash.

What's Next

• 3.14.4 will contain only bug fixes and be released on April 10, 2024.
• 3.15.0 is the next feature release and will be on May 08, 2024.

Changelog

• Add a note about --dry-run displaying secrets f03cc04caaa8f6d7c3e67cf918929150cf6f3f12 (Matt Farina)
• add error messages 1a7330fe3802beeb3f897a1c701d8a4b9c1316c5 (George Jenkins)
• Fix: Ignore alias validation error for index load d6acc0027dca47dec40ccdd66febd0c8bcf4813f (George Jenkins)
• chore(deps): bump github.com/containerd/containerd from 1.7.11 to 1.7.12 b2738fb782d149ffa4748cb0ee78d674986d04b0 (dependabot[bot])
• chore(deps): bump github.com/DATA-DOG/go-sqlmock from 1.5.0 to 1.5.2 5b0847e0e763e98bcbf8a12e8f9c5f7c11d123a1 (dependabot[bot])
• Update architecture detection method 7e18c39f0753c73e4660f3796f01f5b33f2552b5 (weidongkl)

Commits

• f03cc04 Add a note about --dry-run displaying secrets
• 1a7330f add error messages
• d6acc00 Fix: Ignore alias validation error for index load
• b2738fb chore(deps): bump github.com/containerd/containerd from 1.7.11 to 1.7.12
• 5b0847e chore(deps): bump github.com/DATA-DOG/go-sqlmock from 1.5.0 to 1.5.2
• 7e18c39 Update architecture detection method
• See full diff in compare view

Updates github.com/containerd/containerd from 1.7.11 to 1.7.12

Release notes

Sourced from github.com/containerd/containerd's releases.

containerd 1.7.12

Welcome to the v1.7.12 release of containerd!

The twelfth patch release for containerd 1.7 contains various fixes and updates.

Notable Updates

• Fix on dialer function for Windows (#9501)
• Improve /etc/group handling when appending groups (#9544)
• Update shim pidfile permissions to 0644 (#9548)
• Update runc binary to v1.1.11 (#9596)
• Allow import and export to reference missing content (#9600)
• Remove runc import (#9605)
• Update Go version to 1.20.13 (#9624)

Deprecation Warnings

• Emit deprecation warning for containerd.io/restart.logpath label usage (#9567)

See the changelog for complete list of changes

Please try out the release binaries and report any issues at https://github.com/containerd/containerd/issues.

Contributors

• Akihiro Suda
• Sebastiaan van Stijn
• Wei Fu
• Derek McGowan
• Paweł Gronowski
• Jaroslav Jindrak
• Maksym Pavlenko
• Samuel Karp
• Anthony Nandaa
• Bjorn Neergaard
• Djordje Lukic
• Kay Yan

Changes

• [release/1.7] Prepare release notes for v1.7.12 (#9632)
  • 775d544fe Prepare release notes for v1.7.12
• [release/1.7] update to go1.20.13, test go1.21.6 (#9624)
  • a5dc5b894 update to go1.20.13, test go1.21.6
• [release/1.7] shim: Create pid-file and address with 0644 permissions (#9548)
  • 8d82242eb shim: Create address file with 0644 permissions
  • 260963a35 shim: Create pid-file with 0644 permissions

... (truncated)

Commits

• 71909c1 Merge pull request #9632 from dmcgowan/prepare-v1.7.12
• 775d544 Prepare release notes for v1.7.12
• 4ebe8e2 Merge pull request #9624 from thaJeztah/1.7_update_golang_1.20.13
• a5dc5b8 update to go1.20.13, test go1.21.6
• 50e7359 Merge pull request #9548 from Dzejrou/1.7_fix_ignoring_umask
• 5a675f2 Merge pull request #9602 from thaJeztah/1.7_backport_no_execabs
• ccca466 Merge pull request #9605 from thaJeztah/1.7_backport_switch_moby_user
• 9251072 remove github.com/opencontainers/runc dependency
• 4e67213 vendor: github.com/cncf-tags/container-device-interface v0.6.1
• e0ee0be go.mod: github.com/opencontainers/runtime-spec v1.1.0
• Additional commits viewable in compare view

Updates github.com/go-git/go-git/v5 from 5.11.0 to 5.13.0

Release notes

Sourced from github.com/go-git/go-git/v5's releases.

v5.13.0

What's Changed

• build: bump github.com/go-git/go-git/v5 from 5.11.0 to 5.12.0 in /cli/go-git by @​dependabot in go-git/go-git#1065
• build: bump golang.org/x/net from 0.22.0 to 0.23.0 by @​dependabot in go-git/go-git#1068
• build: bump golang.org/x/net from 0.23.0 to 0.24.0 by @​dependabot in go-git/go-git#1071
• Properly support skipping of non-mandatory extensions by @​codablock in go-git/go-git#1066
• git: Refine some codes in test and non-test. by @​onee-only in go-git/go-git#1077
• plumbing: protocol/packp, client-side filter capability support by @​edigaryev in go-git/go-git#1000
• build: bump golang.org/x/net from 0.22.0 to 0.23.0 in /cli/go-git by @​dependabot in go-git/go-git#1078
• plumbing: fix sideband demux on flush by @​aymanbagabas in go-git/go-git#1084
• storage: dotgit, head reference usually comes first by @​aymanbagabas in go-git/go-git#1085
• build: bump golang.org/x/text from 0.14.0 to 0.15.0 by @​dependabot in go-git/go-git#1091
• build: bump golang.org/x/crypto from 0.22.0 to 0.23.0 by @​dependabot in go-git/go-git#1094
• build: bump golang.org/x/net from 0.24.0 to 0.25.0 by @​dependabot in go-git/go-git#1093
• git: Added an example for Repository.Branches by @​johnmatthiggins in go-git/go-git#1088
• git: worktree_commit, Modify checking empty commit. Fixes #723 by @​onee-only in go-git/go-git#1050
• plumbing: transport/http, Wrap http errors to return reason. Fixes #1097 by @​ggambetti in go-git/go-git#1100
• build: bump golang.org/x/sys from 0.20.0 to 0.21.0 by @​dependabot in go-git/go-git#1106
• build: bump golang.org/x/text from 0.15.0 to 0.16.0 by @​dependabot in go-git/go-git#1107
• Bumps Go versions and go-billy by @​pjbgf in go-git/go-git#1056
• _examples: Fixed a dead link COMPATIBILITY.md by @​gecko655 in go-git/go-git#1109
• build: bump github.com/jessevdk/go-flags from 1.5.0 to 1.6.1 in /cli/go-git by @​dependabot in go-git/go-git#1115
• build: bump github.com/elazarl/goproxy from v0.0.0-20230808193330-2592e75ae04a to v0.0.0-20240618083138-03be62527ccb by @​hbelmiro in go-git/go-git#1124
• build: bump golang.org/x/net from 0.25.0 to 0.26.0 by @​dependabot in go-git/go-git#1104
• Add option approximating git clean -x flag. by @​msuozzo in go-git/go-git#995
• Revert "Add option approximating git clean -x flag." by @​pjbgf in go-git/go-git#1129
• Fix reference updated concurrently error for the filesystem storer by @​Javier-varez in go-git/go-git#1116
• build: bump golang.org/x/net from 0.26.0 to 0.27.0 by @​dependabot in go-git/go-git#1134
• utils: merkletrie, Align error message with upstream by @​pjbgf in go-git/go-git#1142
• plumbing: transport/file, Change paths to absolute by @​pjbgf in go-git/go-git#1141
• plumbing: gitignore, Fix loading of ignored .gitignore files. by @​Achilleshiel in go-git/go-git#1114
• build: bump github.com/skeema/knownhosts from 1.2.2 to 1.3.0 by @​dependabot in go-git/go-git#1147
• plumbing: transport/ssh, Add support for SSH @​cert-authority. by @​Javier-varez in go-git/go-git#1157
• build: run example tests during CI workflow by @​crazybolillo in go-git/go-git#1030
• storage: filesystem, Fix object cache not working due to uninitialised objects being put into cache by @​SatelliteMind in go-git/go-git#1138
• git: Fix fetching missing commits by @​AriehSchneier in go-git/go-git#1032
• plumbing: format/packfile, remove duplicate checks in findMatch() by @​edigaryev in go-git/go-git#1152
• git: worktree, Fix file reported as Untracked while it is committed by @​rodrigocam in go-git/go-git#1023
• build: bump golang.org/x/sys from 0.22.0 to 0.23.0 by @​dependabot in go-git/go-git#1160
• plumbing: filemode, Remove check for setting size of .git/index file by @​nicholasSUSE in go-git/go-git#1159
• build: bump golang.org/x/net from 0.27.0 to 0.28.0 by @​dependabot in go-git/go-git#1163
• Fix some lint warning and increase stalebot to 180 days by @​pjbgf in go-git/go-git#1128
• adjust path extracted from file: url on Windows by @​tomqwpl in go-git/go-git#416
• build: bump golang.org/x/sys from 0.23.0 to 0.24.0 by @​dependabot in go-git/go-git#1164
• Add RestoreStaged to Worktree that mimics the behaviour of git restore --staged ... by @​ben-tbotlabs in go-git/go-git#493
• plumbing: signature, support the same x509 signature formats as git by @​yoavamit in go-git/go-git#1169
• fix: allow discovery of non bare repos in fsLoader by @​jakobmoellerdev in go-git/go-git#1170
• build: bump golang.org/x/sys from 0.24.0 to 0.25.0 by @​dependabot in go-git/go-git#1178
• build: bump golang.org/x/text from 0.17.0 to 0.18.0 by @​dependabot in go-git/go-git#1179
• build: bump golang.org/x/net from 0.28.0 to 0.29.0 by @​dependabot in go-git/go-git#1184

... (truncated)

Commits

• 94bd4af Merge pull request #1261 from BeChris/issue680
• 8b7f5ba Merge pull request #1262 from go-git/dependabot/go_modules/github.com/elazarl...
• 41d80a0 build: bump github.com/elazarl/goproxy
• 4998140 git: worktree_commit, sanitize author and commiter name and email before crea...
• 9049625 Merge pull request #1260 from go-git/dependabot/github_actions/github/codeql-...
• dae48b4 build: bump github/codeql-action from 3.27.9 to 3.28.0
• 7d6fbc2 Merge pull request #1220 from BeChris/accept_uppercase_hexa_in_pktline_length
• 62a77b7 plumbing: Fix invalid reference name error while cloning branches containing ...
• 5e11196 plumbing: format/pktline, accept upercase hexadecimal value as pktline length...
• 65f5e1a Merge pull request #1256 from go-git/dependabot/go_modules/golang-org-232a611e2d
• Additional commits viewable in compare view

Updates github.com/golang-jwt/jwt/v4 from 4.5.0 to 4.5.2

Release notes

Sourced from github.com/golang-jwt/jwt/v4's releases.

v4.5.2

See GHSA-mh63-6h87-95cp

Full Changelog: golang-jwt/jwt@v4.5.1...v4.5.2

v4.5.1

Security

Unclear documentation of the error behavior in ParseWithClaims in <= 4.5.0 could lead to situation where users are potentially not checking errors in the way they should be. Especially, if a token is both expired and invalid, the errors returned by ParseWithClaims return both error codes. If users only check for the jwt.ErrTokenExpired using error.Is, they will ignore the embedded jwt.ErrTokenSignatureInvalid and thus potentially accept invalid tokens.

This issue was documented in GHSA-29wx-vh33-7x7r and fixed in this release.

Note: v5 was not affected by this issue. So upgrading to this release version is also recommended.

What's Changed

• Back-ported error-handling logic in ParseWithClaims from v5 branch. This fixes GHSA-29wx-vh33-7x7r.

Full Changelog: golang-jwt/jwt@v4.5.0...v4.5.1

Commits

• 2f0e9ad Backporting 0951d18 to v4
• 7b1c1c0 Merge commit from fork
• See full diff in compare view

Updates golang.org/x/crypto from 0.21.0 to 0.31.0

Commits

• b4f1988 ssh: make the public key cache a 1-entry FIFO cache
• 7042ebc openpgp/clearsign: just use rand.Reader in tests
• 3e90321 go.mod: update golang.org/x dependencies
• 8c4e668 x509roots/fallback: update bundle
• 6018723 go.mod: update golang.org/x dependencies
• 71ed71b README: don't recommend go get
• 750a45f sha3: add MarshalBinary, AppendBinary, and UnmarshalBinary
• 36b1725 sha3: avoid trailing permutation
• 80ea76e sha3: fix padding for long cSHAKE parameters
• c17aa50 sha3: avoid buffer copy
• Additional commits viewable in compare view

Updates golang.org/x/net from 0.23.0 to 0.25.0

Commits

• 85d1d54 go.mod: update golang.org/x dependencies
• cde1dda proxy, http/httpproxy: do not mismatch IPv6 zone ids against hosts
• fe7f039 publicsuffix: spruce up code gen and speed up PublicSuffix
• 459513d internal/http3: move more common stream processing to genericConn
• aad0180 http2: fix flakiness from t.Log when GOOS=js
• b73e574 http2: don't log expected errors from writing invalid trailers
• 5f45c77 internal/http3: make read-data tests usable for server handlers
• 43c2540 http2, internal/httpcommon: reject userinfo in :authority
• 1d78a08 http2, internal/httpcommon: factor out server header logic for h2/h3
• 0d7dc54 quic: add Conn.ConnectionState
• Additional commits viewable in compare view

Updates github.com/go-git/go-git/v5 from 5.11.0 to 5.13.0

Release notes

Sourced from github.com/go-git/go-git/v5's releases.

v5.13.0

What's Changed

• build: bump github.com/go-git/go-git/v5 from 5.11.0 to 5.12.0 in /cli/go-git by @​dependabot in go-git/go-git#1065
• build: bump golang.org/x/net from 0.22.0 to 0.23.0 by @​dependabot in go-git/go-git#1068
• build: bump golang.org/x/net from 0.23.0 to 0.24.0 by @​dependabot in go-git/go-git#1071
• Properly support skipping of non-mandatory extensions by @​codablock in go-git/go-git#1066
• git: Refine some codes in test and non-test. by @​onee-only in go-git/go-git#1077
• plumbing: protocol/packp, client-side filter capability support by @​edigaryev in go-git/go-git#1000
• build: bump golang.org/x/net from 0.22.0 to 0.23.0 in /cli/go-git by @​dependabot in go-git/go-git#1078
• plumbing: fix sideband demux on flush by @​aymanbagabas in go-git/go-git#1084
• storage: dotgit, head reference usually comes first by @​aymanbagabas in go-git/go-git#1085
• build: bump golang.org/x/text from 0.14.0 to 0.15.0 by @​dependabot in go-git/go-git#1091
• build: bump golang.org/x/crypto from 0.22.0 to 0.23.0 by @​dependabot in go-git/go-git#1094
• build: bump golang.org/x/net from 0.24.0 to 0.25.0 by @​dependabot in go-git/go-git#1093
• git: Added an example for Repository.Branches by @​johnmatthiggins in go-git/go-git#1088
• git: worktree_commit, Modify checking empty commit. Fixes #723 by @​onee-only in go-git/go-git#1050
• plumbing: transport/http, Wrap http errors to return reason. Fixes #1097 by @​ggambetti in go-git/go-git#1100
• build: bump golang.org/x/sys from 0.20.0 to 0.21.0 by @​dependabot in go-git/go-git#1106
• build: bump golang.org/x/text from 0.15.0 to 0.16.0 by @​dependabot in go-git/go-git#1107
• Bumps Go versions and go-billy by @​pjbgf in go-git/go-git#1056
• _examples: Fixed a dead link COMPATIBILITY.md by @​gecko655 in go-git/go-git#1109
• build: bump github.com/jessevdk/go-flags from 1.5.0 to 1.6.1 in /cli/go-git by @​dependabot in go-git/go-git#1115
• build: bump github.com/elazarl/goproxy from v0.0.0-20230808193330-2592e75ae04a to v0.0.0-20240618083138-03be62527ccb by @​hbelmiro in go-git/go-git#1124
• build: bump golang.org/x/net from 0.25.0 to 0.26.0 by @​dependabot in go-git/go-git#1104
• Add option approximating git clean -x flag. by @​msuozzo in go-git/go-git#995
• Revert "Add option approximating git clean -x flag." by @​pjbgf in go-git/go-git#1129
• Fix reference updated concurrently error for the filesystem storer by @​Javier-varez in go-git/go-git#1116
• build: bump golang.org/x/net from 0.26.0 to 0.27.0 by @​dependabot in go-git/go-git#1134
• utils: merkletrie, Align error message with upstream by @​pjbgf in go-git/go-git#1142
• plumbing: transport/file, Change paths to absolute by @​pjbgf in go-git/go-git#1141
• plumbing: gitignore, Fix loading of ignored .gitignore files. by @​Achilleshiel in go-git/go-git#1114
• build: bump github.com/skeema/knownhosts from 1.2.2 to 1.3.0 by @​dependabot in go-git/go-git#1147
• plumbing: transport/ssh, Add support for SSH @​cert-authority. by @​Javier-varez in go-git/go-git#1157
• build: run example tests during CI workflow by @​crazybolillo in go-git/go-git#1030
• storage: filesystem, Fix object cache not working due to uninitialised objects being put into cache by @​SatelliteMind in go-git/go-git#1138
• git: Fix fetching missing commits by @​AriehSchneier in go-git/go-git#1032
• plumbing: format/packfile, remove duplicate checks in findMatch() by @​edigaryev in go-git/go-git#1152
• git: worktree, Fix file reported as Untracked while it is committed by @​rodrigocam in go-git/go-git#1023
• build: bump golang.org/x/sys from 0.22.0 to 0.23.0 by @​dependabot in go-git/go-git#1160
• plumbing: filemode, Remove check for setting size of .git/index file by @​nicholasSUSE in go-git/go-git#1159
• build: bump golang.org/x/net from 0.27.0 to 0.28.0 by @​dependabot in go-git/go-git#1163
• Fix some lint warning and increase stalebot to 180 days by @​pjbgf in go-git/go-git#1128
• adjust path extracted from file: url on Windows by @​tomqwpl in go-git/go-git#416
• build: bump golang.org/x/sys from 0.23.0 to 0.24.0 by @​dependabot in go-git/go-git#1164
• Add RestoreStaged to Worktree that mimics the behaviour of git restore --staged ... by @​ben-tbotlabs in go-git/go-git#493
• plumbing: signature, support the same x509 signature formats as git by @​yoavamit in go-git/go-git#1169
• fix: allow discovery of non bare repos in fsLoader by @​jakobmoellerdev in go-git/go-git#1170
• build: bump golang.org/x/sys from 0.24.0 to 0.25.0 by @​dependabot in go-git/go-git#1178
• build: bump golang.org/x/text from 0.17.0 to 0.18.0 by @​dependabot in go-git/go-git#1179
• build: bump golang.org/x/net from 0.28.0 to 0.29.0 by @​dependabot in go-git/go-git#1184

... (truncated)

Commits