Skip to content

chore(deps): bump the go-modules-root group across 1 directory with 7 updates#983

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/go_modules/go-modules-root-e5c7b37238
Open

chore(deps): bump the go-modules-root group across 1 directory with 7 updates#983
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/go_modules/go-modules-root-e5c7b37238

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 22, 2026

Copy link
Copy Markdown
Contributor

Bumps the go-modules-root group with 7 updates in the / directory:

Package From To
github.com/containerd/containerd/v2 2.2.5 2.3.1
github.com/docker/cli 29.4.1+incompatible 29.5.3+incompatible
github.com/docker/docker-credential-helpers 0.9.6 0.9.8
github.com/gpustack/gguf-parser-go 0.24.0 0.24.1
github.com/mattn/go-runewidth 0.0.23 0.0.24
github.com/prometheus/common 0.67.5 0.68.1
go.opentelemetry.io/otel 1.43.0 1.44.0

Updates github.com/containerd/containerd/v2 from 2.2.5 to 2.3.1

Release notes

Sourced from github.com/containerd/containerd/v2's releases.

containerd 2.3.1

Welcome to the v2.3.1 release of containerd!

The first patch release for containerd 2.3 contains various fixes and improvements.

Security Updates

Highlights

  • Fix bug where failed gRPC plugins were not tolerated when starting listeners (#13390)

Image Storage

  • Ensure metadata and mount plugin boltdb files are closed on server shutdown (#13379)

Runtime

  • Fix handling of out-of-range USER values in OCI spec to avoid unexpected username/group lookups (#13447)
  • Fix sandbox task API endpoints for non-runc runtimes and deprecate task fields in Runc options (#13422)
  • Apply hardening to default seccomp socket policy by blocking AF_ALG (#13409)

Snapshotters

  • Disable overlayfs "rebase" capability when running in user namespace (#13394)
  • Fix transfer plugin error when EROFS differ is configured but mkfs.erofs is unavailable (#13364)

Please try out the release binaries and report any issues at https://github.com/containerd/containerd/issues.

Contributors

  • Maksym Pavlenko
  • Akihiro Suda
  • Derek McGowan
  • Paweł Gronowski
  • Brian Goff
  • Austin Vazquez
  • LEI WANG
  • Samuel Karp

Changes

  • Prepare release notes for v2.3.1 (#13405)
  • oci: return explicit error for out-of-range USER values (#13447)

... (truncated)

Commits
  • 64b425c Merge pull request #13405 from AkihiroSuda/prepare-release-2.3.1
  • 58af965 Prepare release notes for v2.3.1
  • 8f0b3ca Update api to v1.11.1
  • 9f8f453 Merge pull request #13447 from samuelkarp/oci-withuser-errrange-2.3
  • f822a91 Merge pull request #13444 from dmcgowan/prepare-api-v1.11.1
  • da7aef2 Prepare release notes for api/v1.11.1
  • a50a704 Merge pull request #13422 from k8s-infra-cherrypick-robot/cherry-pick-13360-t...
  • 5282d4e Wire task address and version fields
  • e44f5f9 protos: include task API address to CreateTaskRequest
  • 85f22f7 Merge pull request #13409 from k8s-infra-cherrypick-robot/cherry-pick-13327-t...
  • Additional commits viewable in compare view

Updates github.com/docker/cli from 29.4.1+incompatible to 29.5.3+incompatible

Commits
  • d1c06ef Merge pull request #7022 from mickael-docker/docs-request-field
  • 7dd053b Merge pull request #7003 from thaJeztah/logs_links
  • 37c3d31 Merge pull request #7024 from thaJeztah/add_zizmor
  • 45f10f2 Merge pull request #7025 from vvoland/update-go
  • b458dc9 update to go1.26.4
  • 1953194 gha: apply zizmor fixes
  • ac0419e gha: add zizmor workflow
  • 1aa0416 docs: recommend default deny and clarify requesturi field
  • 3a85952 Merge pull request #7020 from thaJeztah/full_semver
  • 8d3fbdf Merge pull request #7019 from thaJeztah/dependabot_labels
  • Additional commits viewable in compare view

Updates github.com/docker/docker-credential-helpers from 0.9.6 to 0.9.8

Release notes

Sourced from github.com/docker/docker-credential-helpers's releases.

v0.9.8

What's Changed

  • update to go1.26.4
  • wincred: inline label, and append to existing
  • build(deps): bump actions/checkout from 6.0.2 to 6.0.3
  • build(deps): bump codecov/codecov-action from 6.0.0 to 6.0.1
  • build(deps): bump crazy-max/.github/.github/workflows/zizmor.yml from 1.7.1 to 1.10.0
  • build(deps): bump docker/bake-action from 7.1.0 to 7.2.0
  • build(deps): bump docker/setup-buildx-action from 4.0.0 to 4.1.0
  • build(deps): bump docker/setup-qemu-action from 4.0.0 to 4.1.0

Full Changelog: docker/docker-credential-helpers@v0.9.7...v0.9.8

v0.9.7

What's Changed

  • update to go1.26.3
  • ci: update zizmore action to v1.7.1

Full Changelog: docker/docker-credential-helpers@v0.9.6...v0.9.7

Commits
  • 4f6bc8a Merge pull request #433 from thaJeztah/wincred_inline
  • b0820e3 Merge pull request #441 from docker/dependabot/github_actions/actions/checkou...
  • f84e991 Merge pull request #445 from thaJeztah/bump_go_1.26.4
  • 65d1391 update to go1.26.4
  • d21de35 Merge pull request #444 from docker/dependabot/github_actions/crazy-max/dot-g...
  • c6ca626 build(deps): bump actions/checkout from 6.0.2 to 6.0.3
  • 1d2dd3d Merge pull request #440 from docker/dependabot/github_actions/docker/setup-qe...
  • 3a54b5c Merge pull request #439 from docker/dependabot/github_actions/docker/bake-act...
  • b68f2ec Merge pull request #438 from docker/dependabot/github_actions/docker/setup-bu...
  • 6107240 build(deps): bump crazy-max/.github/.github/workflows/zizmor.yml
  • Additional commits viewable in compare view

Updates github.com/gpustack/gguf-parser-go from 0.24.0 to 0.24.1

Commits
  • d205869 fix: integer overflow in tensor elements/bytes calculation
  • 35c4501 fix(cmd): panic if failed to get ffn len
  • See full diff in compare view

Updates github.com/mattn/go-runewidth from 0.0.23 to 0.0.24

Commits
  • 0383c20 Merge pull request #96 from mattn/optimize-eastasian-width-table
  • 37796e5 Optimize EastAsian RuneWidth with precomputed width table
  • e8dc57a Revise security policy and supported versions
  • See full diff in compare view

Updates github.com/prometheus/common from 0.67.5 to 0.68.1

Release notes

Sourced from github.com/prometheus/common's releases.

v0.68.1

What's Changed

Full Changelog: prometheus/common@v0.68.0...v0.68.1

v0.68.0

What's Changed

New Contributors

Full Changelog: prometheus/common@v0.67.5...v0.68.0

Changelog

Sourced from github.com/prometheus/common's changelog.

Changelog

main / unreleased

What's Changed

v0.69.0 / 2026-06-17

Security / behavior changes

  • config: credentials are no longer forwarded across cross-host redirects. When FollowRedirects is enabled, the HTTP client now strips Authorization, Cookie, Proxy-Authorization and other sensitive headers, and skips basic-auth, bearer-token and OAuth2 credentials, when a redirect points to a different host. This aligns with Go's net/http behavior. Callers that relied on credentials being sent to a redirect target on another host will need to target that host directly. #901 #920 #921
  • config: LoadHTTPConfigFile now resolves relative file paths (e.g. *_file credentials, http_headers files) against the config file's own directory instead of its parent directory. Configs that worked around the old behavior by prefixing paths with the config's directory name must drop that prefix. #925

Bugfixes

  • expfmt: fix nil pointer panic when parsing empty braces {}. #922
  • model: fix Time.UnmarshalJSON for larger negative numbers. #918

Performance

  • model: reduce allocations in Time.UnmarshalJSON. #918

Internal

  • Synchronize common files from prometheus/prometheus. #917
  • Modernize Go. #919

Full Changelog: prometheus/common@v0.68.1...v0.69.0

v0.67.2 / 2025-10-28

What's Changed

New Contributors

Full Changelog: prometheus/common@v0.67.1...v0.67.2

v0.67.1 / 2025-10-07

What's Changed

Full Changelog: prometheus/common@v0.67.0...v0.67.1

v0.67.0 / 2025-10-07

What's Changed

... (truncated)

Commits
  • 2120573 Update common Prometheus files (#915)
  • 228386a build(deps): bump golang.org/x/net from 0.53.0 to 0.55.0 (#914)
  • b8c88b4 build(deps): bump golang.org/x/net from 0.52.0 to 0.53.0 (#903)
  • 1e0ae83 config: apply DialContextFunc to OAuth2 token-fetch transport (#911)
  • b51d01b Remove CircleCI (#910)
  • 0f3c348 Merge pull request #908 from machine424/ttlsco
  • 732a9cf fix(http_config): fix client cert rotation when no CA is configured
  • ce9215c Move interface assertions to a test file (#839)
  • 1ba5ed7 build(deps): bump golang.org/x/oauth2 from 0.34.0 to 0.36.0 (#892)
  • 8f8ada6 build(deps): bump go.yaml.in/yaml/v2 from 2.4.3 to 2.4.4 (#891)
  • Additional commits viewable in compare view

Updates go.opentelemetry.io/otel from 1.43.0 to 1.44.0

Changelog

Sourced from go.opentelemetry.io/otel's changelog.

[1.44.0/0.66.0/0.20.0/0.0.17] 2026-05-27

Added

  • Add ByteSlice and ByteSliceValue functions for new BYTESLICE attribute type in go.opentelemetry.io/otel/attribute. (#7948)
  • Apply attribute value limit to the KindBytes attribute type in go.opentelemetry.io/otel/sdk/log. (#7990)
  • Apply attribute value limit to the BYTESLICE attribute type in go.opentelemetry.io/otel/sdk/trace. (#7990)
  • Support BYTESLICE attributes in go.opentelemetry.io/otel/trace. (#8153)
  • Support BYTESLICE attributes in go.opentelemetry.io/otel/exporters/otlp/otlptrace. (#8153)
  • Support BYTESLICE attributes in go.opentelemetry.io/otel/exporters/otlp/otlplog. (#8153)
  • Support BYTESLICE attributes in go.opentelemetry.io/otel/exporters/otlp/otlpmetric. (#8153)
  • Support BYTESLICE attributes in go.opentelemetry.io/otel/exporters/zipkin. (#8153)
  • Add String method for Value type in go.opentelemetry.io/otel/attribute. (#8142)
  • Add Slice and SliceValue functions for new SLICE attribute type in go.opentelemetry.io/otel/attribute. (#8166)
  • Support SLICE attributes in go.opentelemetry.io/otel/exporters/otlp/otlptrace. (#8216)
  • Support SLICE attributes in go.opentelemetry.io/otel/exporters/otlp/otlplog. (#8216)
  • Support SLICE attributes in go.opentelemetry.io/otel/exporters/otlp/otlpmetric. (#8216)
  • Support SLICE attributes in go.opentelemetry.io/otel/exporters/zipkin. (#8216)
  • Apply AttributeValueLengthLimit to attribute.SLICE type attribute values in go.opentelemetry.io/otel/sdk/trace, recursively truncating contained string values. (#8217)
  • Add Error field on Record type in go.opentelemetry.io/otel/log/logtest. (#8148)
  • Add WithMaxRequestSize option in go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc. (#8157)
  • Add WithMaxRequestSize option in go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp. (#8157)
  • Add WithMaxRequestSize option in go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc. (#8157)
  • Add WithMaxRequestSize option in go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp. (#8157)
  • Add WithMaxRequestSize option in go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc. (#8157)
  • Add WithMaxRequestSize option in go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp. (#8157)
  • Add Settable to go.opentelemetry.io/otel/metric/x to allow reusing attribute options. (#8178)
  • Add experimental support for splitting metric data across multiple batches in go.opentelemetry.io/otel/sdk/metric. Set OTEL_GO_X_METRIC_EXPORT_BATCH_SIZE=<max_size> to enable for all periodic readers. See go.opentelemetry.io/otel/sdk/metric/internal/x for feature documentation. (#8071)
  • Add experimental self-observability metrics in go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc. Enable with OTEL_GO_X_SELF_OBSERVABILITY=true environment variable. See go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc/internal/x for feature documentation. (#8192)
  • Add experimental self-observability metrics in go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp. Enable with OTEL_GO_X_SELF_OBSERVABILITY=true environment variable. See go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp/internal/x for feature documentation. (#8194)
  • Add experimental self-observability metrics in go.opentelemetry.io/otel/exporters/stdout/stdoutlog. Enable with OTEL_GO_X_SELF_OBSERVABILITY=true environment variable. See go.opentelemetry.io/otel/stdout/stdoutlog/internal/x for feature documentation. (#8263)
  • Add WithDefaultAttributes to go.opentelemetry.io/otel/metric/x to support setting default attributes on instruments. (#8135)
  • Add go.opentelemetry.io/otel/semconv/v1.41.0 package. The package contains semantic conventions from the v1.41.0 version of the OpenTelemetry Semantic Conventions. See the migration documentation for information on how to upgrade from go.opentelemetry.io/otel/semconv/v1.40.0. (#8324)
  • Add Observable variants of instruments to go.opentelemetry.io/otel/semconv/v1.41.0 package. (#8350)
  • Generate explicit histogram bucket boundaries from weaver configuration for HTTP and RPC duration instruments in go.opentelemetry.io/otel/semconv/v1.41.0. (#8002)

Changed

  • ⚠️ Breaking Change: go.opentelemetry.io/otel/sdk/metric now applies a default cardinality limit of 2000 to comply with the Metrics SDK specification recommendation. New attribute sets are dropped when the cardinality limit is reached. The measurement of these sets are aggregated into a special attribute set containing attribute.Bool("otel.metric.overflow", true).

... (truncated)

Commits
  • b62d928 Release 1.44.0 (#8376)
  • 94132a0 chore(deps): update golang.org/x/telemetry digest to 5997936 (#8379)
  • 6fdcf82 feat: add self-observability metrics to otlpmetricgrpc metric exporters (#8192)
  • 761bbfc fix(deps): update golang.org/x (#8377)
  • 3a91dc6 fix(deps): update googleapis to 3dc84a4 (#8375)
  • f593185 exporters/otlp: default max request size to 64 MiB (#8365)
  • f02feac Merge commit from fork
  • 36c2f1b semconvkit: add invariant test for histogram-exclusion rule (#8370)
  • d0b6cbd sdk/metric: document unit-sensitivity of DefaultAggregationSelector (#8224)
  • 9a68034 add self observability for stdout exporter (#8263)
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
chore(deps): bump the go-modules-root group across 1 directory with 7…
ca7ff98 
… updates

Bumps the go-modules-root group with 7 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [github.com/containerd/containerd/v2](https://github.com/containerd/containerd) | `2.2.5` | `2.3.1` |
| [github.com/docker/cli](https://github.com/docker/cli) | `29.4.1+incompatible` | `29.5.3+incompatible` |
| [github.com/docker/docker-credential-helpers](https://github.com/docker/docker-credential-helpers) | `0.9.6` | `0.9.8` |
| [github.com/gpustack/gguf-parser-go](https://github.com/gpustack/gguf-parser-go) | `0.24.0` | `0.24.1` |
| [github.com/mattn/go-runewidth](https://github.com/mattn/go-runewidth) | `0.0.23` | `0.0.24` |
| [github.com/prometheus/common](https://github.com/prometheus/common) | `0.67.5` | `0.68.1` |
| [go.opentelemetry.io/otel](https://github.com/open-telemetry/opentelemetry-go) | `1.43.0` | `1.44.0` |



Updates `github.com/containerd/containerd/v2` from 2.2.5 to 2.3.1
- [Release notes](https://github.com/containerd/containerd/releases)
- [Changelog](https://github.com/containerd/containerd/blob/main/RELEASES.md)
- [Commits](containerd/containerd@v2.2.5...v2.3.1)

Updates `github.com/docker/cli` from 29.4.1+incompatible to 29.5.3+incompatible
- [Commits](docker/cli@v29.4.1...v29.5.3)

Updates `github.com/docker/docker-credential-helpers` from 0.9.6 to 0.9.8
- [Release notes](https://github.com/docker/docker-credential-helpers/releases)
- [Commits](docker/docker-credential-helpers@v0.9.6...v0.9.8)

Updates `github.com/gpustack/gguf-parser-go` from 0.24.0 to 0.24.1
- [Release notes](https://github.com/gpustack/gguf-parser-go/releases)
- [Commits](gpustack/gguf-parser-go@v0.24.0...v0.24.1)

Updates `github.com/mattn/go-runewidth` from 0.0.23 to 0.0.24
- [Commits](mattn/go-runewidth@v0.0.23...v0.0.24)

Updates `github.com/prometheus/common` from 0.67.5 to 0.68.1
- [Release notes](https://github.com/prometheus/common/releases)
- [Changelog](https://github.com/prometheus/common/blob/main/CHANGELOG.md)
- [Commits](prometheus/common@v0.67.5...v0.68.1)

Updates `go.opentelemetry.io/otel` from 1.43.0 to 1.44.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](open-telemetry/opentelemetry-go@v1.43.0...v1.44.0)

---
updated-dependencies:
- dependency-name: github.com/containerd/containerd/v2
  dependency-version: 2.3.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-modules-root
- dependency-name: github.com/docker/cli
  dependency-version: 29.5.3+incompatible
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-modules-root
- dependency-name: github.com/docker/docker-credential-helpers
  dependency-version: 0.9.8
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go-modules-root
- dependency-name: github.com/gpustack/gguf-parser-go
  dependency-version: 0.24.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go-modules-root
- dependency-name: github.com/mattn/go-runewidth
  dependency-version: 0.0.24
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go-modules-root
- dependency-name: github.com/prometheus/common
  dependency-version: 0.68.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-modules-root
- dependency-name: go.opentelemetry.io/otel
  dependency-version: 1.44.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-modules-root
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update go code labels Jun 22, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file go Pull requests that update go code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants