starred/act
1
0
Fork 0
mirror of https://github.com/nektos/act.git synced 2026-04-27 01:45:52 +03:00
Code Issues 289 Projects Releases 5 Packages Wiki Activity

[PR #5998] [CLOSED] build(deps): bump the dependencies group across 1 directory with 12 updates #2652

New issue
Closed
opened 2026-03-01 22:37:35 +03:00 by kerem · 0 comments
kerem commented 2026-03-01 22:37:35 +03:00
Owner
Copy link

📋 Pull Request Information

Original PR: https://github.com/nektos/act/pull/5998
Author: @dependabot[bot]
Created: 2/1/2026
Status: Closed

Base: masterHead: dependabot/go_modules/dependencies-d29c32552c

📝 Commits (1)

  • 7d97ec6 build(deps): bump the dependencies group across 1 directory with 12 updates

📊 Changes

2 files changed (+84 additions, -71 deletions)

View changed files

📝 go.mod (+24 -23)
📝 go.sum (+60 -48)

📄 Description

Bumps the dependencies group with 12 updates in the / directory:

Package From To
github.com/docker/cli 28.4.0+incompatible 29.2.0+incompatible
github.com/docker/docker 28.4.0+incompatible 28.5.2+incompatible
github.com/go-git/go-billy/v5 5.6.2 5.7.0
github.com/go-git/go-git/v5 5.16.2 5.16.4
github.com/rhysd/actionlint 1.7.7 1.7.10
github.com/sirupsen/logrus 1.9.3 1.9.4
github.com/spf13/cobra 1.10.1 1.10.2
github.com/spf13/pflag 1.0.9 1.0.10
golang.org/x/term 0.38.0 0.39.0
github.com/golang-jwt/jwt/v5 5.3.0 5.3.1
github.com/moby/go-archive 0.1.0 0.2.0
google.golang.org/protobuf 1.36.9 1.36.11

Updates github.com/docker/cli from 28.4.0+incompatible to 29.2.0+incompatible

Commits
  • 0b9d198 Merge pull request #6764 from vvoland/update-docker
  • 9c9ec73 vendor: github.com/moby/moby/client v0.2.2
  • bab3e81 vendor: github.com/moby/moby/api v1.53.0
  • 2e64fc1 Merge pull request #6367 from thaJeztah/template_slicejoin
  • 1f2ba2a Merge pull request #6760 from thaJeztah/container_create_fix_error
  • e34a342 templates: make "join" work with non-string slices and map values
  • a86356d Merge pull request #6763 from thaJeztah/bump_mapstructure
  • 771660a vendor: github.com/go-viper/mapstructure/v2 v2.5.0
  • 9cff36b Merge pull request #6762 from thaJeztah/bump_x_deps
  • 08ed2bc cli/command/container: make injecting config.json failures a warning
  • Additional commits viewable in compare view

Updates github.com/docker/docker from 28.4.0+incompatible to 28.5.2+incompatible

Release notes

Sourced from github.com/docker/docker's releases.

v28.5.2

28.5.2

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

[!CAUTION] This release contains fixes for three high-severity security vulnerabilities in runc:

All three vulnerabilities ultimately allow (through different methods) for full container breakouts by bypassing runc's restrictions for writing to arbitrary /proc files.

Packaging updates

Bug fixes and enhancements

Deprecations

  • Go-SDK: cli/command/image/build: deprecate DefaultDockerfileName, DetectArchiveReader, WriteTempDockerfile, ResolveAndValidateContextPath. These utilities were only used internally and will be removed in the next release. docker/cli#6610
  • Go-SDK: cli/command/image/build: deprecate IsArchive utility. docker/cli#6560
  • Go-SDK: opts: deprecate ValidateMACAddress. docker/cli#6560
  • Go-SDK: opts: deprecate ListOpts.Delete(). docker/cli#6560

v28.5.1

28.5.1

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

Bug fixes and enhancements

Deprecations

  • api/types/image: InspectResponse: deprecate Parent and DockerVersion fields. moby/moby#51105
  • api/types/plugin: deprecate Config.DockerVersion field. moby/moby#51110

... (truncated)

Commits
  • 89c5e8f Merge pull request #51396 from thaJeztah/28.x_backport_api_docs
  • 9b93878 Merge pull request #51395 from thaJeztah/28.x_backport_rootless_reject
  • 6178456 Merge pull request #51398 from vvoland/51397-28.x
  • 0cae4e5 vendor: github.com/moby/buildkit v0.25.2
  • 33cc06f Merge pull request #51394 from vvoland/51393-28.x
  • d525277 api/docs: remove BuildCache.Parent field for API v1.42 and up
  • 2fbc51b dockerd-rootless.sh: reject DOCKERD_ROOTLESS_ROOTLESSKIT_NET=host
  • bd98008 integration-cli: Adjust nofile limits
  • 1967515 Dockerfile: update runc binary to v1.3.3
  • 4489660 Merge pull request #51387 from thaJeztah/28.x_bump_go
  • Additional commits viewable in compare view

Updates github.com/go-git/go-billy/v5 from 5.6.2 to 5.7.0

Release notes

Sourced from github.com/go-git/go-billy/v5's releases.

v5.7.0

What's Changed

Full Changelog: https://github.com/go-git/go-billy/compare/v5.6.2...v5.7.0

Commits
  • cc50ee7 Merge pull request #177 from go-git/renovate/releases/v5.x-go-golang.org-x-ne...
  • c3a9003 build: Update module golang.org/x/net to v0.38.0 [SECURITY]
  • 9263834 Merge pull request #171 from bitfehler/releases/v5.x
  • 94b84fc Add support for Chmod on billy.Filesystem
  • See full diff in compare view

Updates github.com/go-git/go-git/v5 from 5.16.2 to 5.16.4

Release notes

Sourced from github.com/go-git/go-git/v5's releases.

v5.16.4

What's Changed

Full Changelog: https://github.com/go-git/go-git/compare/v5.16.3...v5.16.4

v5.16.3

What's Changed

Full Changelog: https://github.com/go-git/go-git/compare/v5.16.2...v5.16.3

Commits
  • de8ecc3 Merge pull request #1743 from go-git/renovate/releases/v5.x-go-github.com-go-...
  • 3e752f0 build: Update module github.com/go-git/go-git/v5 to v5.13.0 [SECURITY]
  • 3a31754 Merge pull request #1741 from go-git/renovate/releases/v5.x-go-github.com-clo...
  • acc28f1 build: Update module github.com/cloudflare/circl to v1.6.1 [SECURITY]
  • 95f3880 Merge pull request #1742 from go-git/renovate/releases/v5.x-go-golang.org-x-n...
  • 329f926 build: Update module golang.org/x/net to v0.38.0 [SECURITY]
  • 399e04b Merge pull request #1734 from pjbgf/fix-ci
  • 2025eae build: test, Fix build on Windows.
  • fb6806f Merge pull request #1732 from swills/find-hash-panic-fix-backport
  • 382530f plumbing: format/idxfile, prevent panic
  • Additional commits viewable in compare view

Updates github.com/rhysd/actionlint from 1.7.7 to 1.7.10

Release notes

Sourced from github.com/rhysd/actionlint's releases.

v1.7.10

  • Support YAML anchors and aliases (&anchor and *anchor) in workflow files. In addition to parsing YAML anchors correctly, actionlint checks unused and undefined anchors. See the document for more details. (#133, thanks @​srz-zumix for the initial implementation at #568 and @​alexaandru for trying another approach at #557) 
    jobs:
  test:
    runs-on: ubuntu-latest
    services:
      nginx:
        image: nginx:latest
        credentials: &credentials
          username: ${{ secrets.user }}
          password: ${{ secrets.password }}
    steps:
      - run: ./download.sh
        # OK: Valid alias to &credentials
        env: *credentials
      - run: ./check.sh
        # ERROR: Undefined anchor 'credential'
        env: *credential
      - run: ./upload.sh
        # ERROR: Unused anchor 'credentials'
        env: &credentials
  • Remove support for *-xl macOS runner labels because they were dropped. (#592, thanks @​muzimuzhi)
  • Remove support for the macOS 13 runner labels because they were dropped on Dec 4, 2025. (#593, thanks @​muzimuzhi)
    • macos-13
    • macos-13-large
    • macos-13-xlarge
  • Increase the maximum number of inputs in the workflow_dispatch event from 10 to 25 because the limitation was recently relaxed. (#598, thanks @​Haegi)
  • Support artifact-metadata permission for workflow permissions. (#602, thanks @​martincostello)
  • Detect more complicated constants at if: conditions as error. See the rule document for more details.
  • Refactor the workflow parser with Go iterators. This slightly improves the performance and memory usage.
  • Fix parsing extra { and } characters in format string of format() function call. For example v1.7.9 didn't parse "{{0} {1} {2}}" correctly.
  • Detect an invalid value at type in workflow call inputs as error.
  • Report YAML merge key << as error because GitHub Actions doesn't support the syntax.
  • Check available contexts in expressions at jobs.<job_id>.snapshot.if. 
    snapshot:
  image-name: my-custom-image
  # ERROR: `env` context is not allowed here
  if: ${{ env.USE_SNAPSHOT == 'true' }}
  • Fix the instruction to install actionlint with mise in the installation document. (#591, thanks @​risu729)
  • Update the popular actions data set to the latest to include new major versions of the actions.

v1.7.9

... (truncated)

Changelog

Sourced from github.com/rhysd/actionlint's changelog.

v1.7.10 - 2025-12-30

  • Support YAML anchors and aliases (&anchor and *anchor) in workflow files. In addition to parsing YAML anchors correctly, actionlint checks unused and undefined anchors. See the document for more details. (#133, thanks @​srz-zumix for the initial implementation at #568 and @​alexaandru for trying another approach at #557) 
    jobs:
  test:
    runs-on: ubuntu-latest
    services:
      nginx:
        image: nginx:latest
        credentials: &credentials
          username: ${{ secrets.user }}
          password: ${{ secrets.password }}
    steps:
      - run: ./download.sh
        # OK: Valid alias to &credentials
        env: *credentials
      - run: ./check.sh
        # ERROR: Undefined anchor 'credential'
        env: *credential
      - run: ./upload.sh
        # ERROR: Unused anchor 'credentials'
        env: &credentials
  • Remove support for *-xl macOS runner labels because they were dropped. (#592, thanks @​muzimuzhi)
  • Remove support for the macOS 13 runner labels because they were dropped on Dec 4, 2025. (#593, thanks @​muzimuzhi)
    • macos-13
    • macos-13-large
    • macos-13-xlarge
  • Increase the maximum number of inputs in the workflow_dispatch event from 10 to 25 because the limitation was recently relaxed. (#598, thanks @​Haegi)
  • Support artifact-metadata permission for workflow permissions. (#602, thanks @​martincostello)
  • Detect more complicated constants at if: conditions as error. See the rule document for more details.
  • Refactor the workflow parser with Go iterators. This slightly improves the performance and memory usage.
  • Fix parsing extra { and } characters in format string of format() function call. For example v1.7.9 didn't parse "{{0} {1} {2}}" correctly.
  • Detect an invalid value at type in workflow call inputs as error.
  • Report YAML merge key << as error because GitHub Actions doesn't support the syntax.
  • Check available contexts in expressions at jobs.<job_id>.snapshot.if. 
    snapshot:
  image-name: my-custom-image
  # ERROR: `env` context is not allowed here
  if: ${{ env.USE_SNAPSHOT == 'true' }}
  • Fix the instruction to install actionlint with mise in the installation document. (#591, thanks @​risu729)
  • Update the popular actions data set to the latest to include new major versions of the actions.

[Changes][v1.7.10]

... (truncated)

Commits
  • 0933c14 bump up version to v1.7.10
  • 9ce07bf update popular actions to the latest
  • 6828398 Merge branch 'anchor' (close #568, fix #133)
  • abc8624 add more example for anchors
  • ff3994b Merge pull request #602 from martincostello/add-artifact-metadata
  • c2e42cf fix: add artifact-metadata
  • 64a6ba6 Merge pull request #601 from rhysd/ci/20387448135
  • 16b6af9 update generated files by go generate on CI
  • 567ea3a add aliases of make tasks for playground
  • 95c719a update playground dev dependencies
  • Additional commits viewable in compare view

Updates github.com/sirupsen/logrus from 1.9.3 to 1.9.4

Release notes

Sourced from github.com/sirupsen/logrus's releases.

v1.9.4

Notable changes

Full Changelog: https://github.com/sirupsen/logrus/compare/v1.9.3...v1.9.4

Commits
  • b61f268 Merge pull request #1472 from goldlinker/master
  • 15c29db refactor: replace the deprecated function in the ioutil package
  • cb253f3 Merge pull request #1464 from thaJeztah/touchup_godoc
  • 29b2337 Merge pull request #1468 from thaJeztah/touchup_readme
  • d916819 Merge pull request #1427 from dolmen/fix-testify-usage
  • 135e482 README: small touch-ups
  • 2c5fa36 Merge pull request #1467 from thaJeztah/rm_old_badge
  • 877ecec README: remove travis badge
  • 55cf256 Merge pull request #1393 from jsoref/grammar
  • 21bae50 Merge pull request #1426 from dolmen/testing-fix-use-of-math-rand
  • Additional commits viewable in compare view

Updates github.com/spf13/cobra from 1.10.1 to 1.10.2

Release notes

Sourced from github.com/spf13/cobra's releases.

v1.10.2

🔧 Dependencies

  • chore: Migrate from gopkg.in/yaml.v3 to go.yaml.in/yaml/v3 by @​dims in spf13/cobra#2336 - the gopkg.in/yaml.v3 package has been deprecated for some time: this should significantly cleanup dependency/supply-chains for consumers of spf13/cobra

📈 CI/CD

🔥✍🏼 Docs

🍂 Refactors

🤗 New Contributors

Full Changelog: https://github.com/spf13/cobra/compare/v1.10.1...v1.10.2

Thank you to our amazing contributors!!!!! 🐍 🚀

Commits

Updates github.com/spf13/pflag from 1.0.9 to 1.0.10

Release notes

Sourced from github.com/spf13/pflag's releases.

v1.0.10

What's Changed

New Contributors

Full Changelog: https://github.com/spf13/pflag/compare/v1.0.9...v1.0.10

Commits
  • 0491e57 Merge pull request #448 from thaJeztah/fix_go_version
  • 72abab1 Merge pull request #447 from thaJeztah/fix_deprecation_comment
  • 7e4dfb1 Test on Go 1.12
  • 18a9d17 move Func, BoolFunc, tests as they require go1.21
  • c5b9e98 remove uses of errors.Is, which requires go1.13
  • 45a4873 fix deprecation comment for (FlagSet.)ParseErrorsWhitelist
  • See full diff in compare view

Updates golang.org/x/term from 0.38.0 to 0.39.0

Commits

Updates github.com/golang-jwt/jwt/v5 from 5.3.0 to 5.3.1

Release notes

Sourced from github.com/golang-jwt/jwt/v5's releases.

v5.3.1

What's Changed

🔐 Features

👒 Dependencies

New Contributors

Full Changelog: https://github.com/golang-jwt/jwt/compare/v5.3.0...v5.3.1

Commits
  • 7ceae61 Add release.yml for changelog configuration
  • dce8e4d Set token.Signature in ParseUnverified (#414)
  • 8889e20 Save signature to Token struct after successful signing (#417)
  • d237f82 ci: update github-actions schedule interval to monthly
  • d8dce95 Bump crate-ci/typos from 1.41.0 to 1.42.1 (#492)
  • e931803 Bump crate-ci/typos from 1.40.0 to 1.41.0 (#490)
  • e6a0afa Bump actions/checkout from 5 to 6 (#487)
  • 9f85c9e Bump crate-ci/typos from 1.39.0 to 1.40.0 (#488)
  • 60a8669 Bump actions/setup-go from 5 to 6 (#469)
  • 76f5828 Remove misleading ParserOptions documentation (#484)
  • Additional commits viewable in compare view

Updates github.com/moby/go-archive from 0.1.0 to 0.2.0

Release notes

Sourced from github.com/moby/go-archive's releases.

v0.2.0

What's Changed

Full Changelog: https://github.com/moby/go-archive/compare/v0.1.0...v0.2.0

Commits
  • 263611f Merge pull request #20 from thaJeztah/carry_17
  • a1d4e73 Merge pull request #18 from thaJeztah/bump_gha
  • da4e566 xattr: Fix OS matching.
  • df87f45 Merge pull request #19 from thaJeztah/bump_deps
  • 8996f22 gha: update CodeQL Action to v4
  • 985c60f gha: codeql: use go stable
  • 4752b25 gha: update actions/setup-go@v6
  • 280f775 gha: update actions/checkout@v6
  • 4c912d3 gha: update golangci/golangci-lint-action@v9
  • 2cd730e go.mod: bump github.com/klauspost/compress v1.18.2
  • Additional commits viewable in compare view

Updates google.golang.org/protobuf from 1.36.9 to 1.36.11

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.

## 📋 Pull Request Information **Original PR:** https://github.com/nektos/act/pull/5998 **Author:** [@dependabot[bot]](https://github.com/apps/dependabot) **Created:** 2/1/2026 **Status:** ❌ Closed **Base:** `master` ← **Head:** `dependabot/go_modules/dependencies-d29c32552c` --- ### 📝 Commits (1) - [`7d97ec6`](https://github.com/nektos/act/commit/7d97ec6c056b363bb85e32a0f508d9eea9eba530) build(deps): bump the dependencies group across 1 directory with 12 updates ### 📊 Changes **2 files changed** (+84 additions, -71 deletions) <details> <summary>View changed files</summary> 📝 `go.mod` (+24 -23) 📝 `go.sum` (+60 -48) </details> ### 📄 Description Bumps the dependencies group with 12 updates in the / directory: | Package | From | To | | --- | --- | --- | | [github.com/docker/cli](https://github.com/docker/cli) | `28.4.0+incompatible` | `29.2.0+incompatible` | | [github.com/docker/docker](https://github.com/docker/docker) | `28.4.0+incompatible` | `28.5.2+incompatible` | | [github.com/go-git/go-billy/v5](https://github.com/go-git/go-billy) | `5.6.2` | `5.7.0` | | [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) | `5.16.2` | `5.16.4` | | [github.com/rhysd/actionlint](https://github.com/rhysd/actionlint) | `1.7.7` | `1.7.10` | | [github.com/sirupsen/logrus](https://github.com/sirupsen/logrus) | `1.9.3` | `1.9.4` | | [github.com/spf13/cobra](https://github.com/spf13/cobra) | `1.10.1` | `1.10.2` | | [github.com/spf13/pflag](https://github.com/spf13/pflag) | `1.0.9` | `1.0.10` | | [golang.org/x/term](https://github.com/golang/term) | `0.38.0` | `0.39.0` | | [github.com/golang-jwt/jwt/v5](https://github.com/golang-jwt/jwt) | `5.3.0` | `5.3.1` | | [github.com/moby/go-archive](https://github.com/moby/go-archive) | `0.1.0` | `0.2.0` | | google.golang.org/protobuf | `1.36.9` | `1.36.11` | Updates `github.com/docker/cli` from 28.4.0+incompatible to 29.2.0+incompatible <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/docker/cli/commit/0b9d1985dbf919678745f122b12b46f730b97d87"><code>0b9d198</code></a> Merge pull request <a href="https://redirect.github.com/docker/cli/issues/6764">#6764</a> from vvoland/update-docker</li> <li><a href="https://github.com/docker/cli/commit/9c9ec7358833bb3e5622a166673744fca7fefac4"><code>9c9ec73</code></a> vendor: github.com/moby/moby/client v0.2.2</li> <li><a href="https://github.com/docker/cli/commit/bab3e81e1d8874a2d4f26afc02225ee537d0b15d"><code>bab3e81</code></a> vendor: github.com/moby/moby/api v1.53.0</li> <li><a href="https://github.com/docker/cli/commit/2e64fc162ab632a530f7191cc6af65c22356ea0d"><code>2e64fc1</code></a> Merge pull request <a href="https://redirect.github.com/docker/cli/issues/6367">#6367</a> from thaJeztah/template_slicejoin</li> <li><a href="https://github.com/docker/cli/commit/1f2ba2ac9d8c92870f7cce89dfa17d89d3375c19"><code>1f2ba2a</code></a> Merge pull request <a href="https://redirect.github.com/docker/cli/issues/6760">#6760</a> from thaJeztah/container_create_fix_error</li> <li><a href="https://github.com/docker/cli/commit/e34a3422cc32c808d2e8b0e0ef51112d53fa896d"><code>e34a342</code></a> templates: make &quot;join&quot; work with non-string slices and map values</li> <li><a href="https://github.com/docker/cli/commit/a86356d42f918968579e670b51bc85dc45982a33"><code>a86356d</code></a> Merge pull request <a href="https://redirect.github.com/docker/cli/issues/6763">#6763</a> from thaJeztah/bump_mapstructure</li> <li><a href="https://github.com/docker/cli/commit/771660a17e56116eb32677a6d83c5210e5092194"><code>771660a</code></a> vendor: github.com/go-viper/mapstructure/v2 v2.5.0</li> <li><a href="https://github.com/docker/cli/commit/9cff36b35a828be8d137bc5de4983b7e3fef1614"><code>9cff36b</code></a> Merge pull request <a href="https://redirect.github.com/docker/cli/issues/6762">#6762</a> from thaJeztah/bump_x_deps</li> <li><a href="https://github.com/docker/cli/commit/08ed2bc6e8bc49ad988ecd44633620a48fb10967"><code>08ed2bc</code></a> cli/command/container: make injecting config.json failures a warning</li> <li>Additional commits viewable in <a href="https://github.com/docker/cli/compare/v28.4.0...v29.2.0">compare view</a></li> </ul> </details> <br /> Updates `github.com/docker/docker` from 28.4.0+incompatible to 28.5.2+incompatible <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/docker/docker/releases">github.com/docker/docker's releases</a>.</em></p> <blockquote> <h2>v28.5.2</h2> <h2>28.5.2</h2> <p>For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:</p> <ul> <li><a href="https://github.com/docker/cli/issues?q=is%3Aclosed+milestone%3A28.5.2">docker/cli, 28.5.2 milestone</a></li> <li><a href="https://github.com/moby/moby/issues?q=is%3Aclosed+milestone%3A28.5.2">moby/moby, 28.5.2 milestone</a></li> </ul> <blockquote> <p>[!CAUTION] This release contains fixes for three high-severity security vulnerabilities in runc:</p> <ul> <li><a href="https://github.com/opencontainers/runc/security/advisories/GHSA-9493-h29p-rfm2">CVE-2025-31133</a></li> <li><a href="https://github.com/opencontainers/runc/security/advisories/GHSA-qw9x-cqr3-wc7r">CVE-2025-52565</a></li> <li><a href="https://github.com/opencontainers/runc/security/advisories/GHSA-cgrx-mc8f-2prm">CVE-2025-52881</a></li> </ul> <p>All three vulnerabilities ultimately allow (through different methods) for full container breakouts by bypassing runc's restrictions for writing to arbitrary <code>/proc</code> files.</p> </blockquote> <h3>Packaging updates</h3> <ul> <li>Update runc to <a href="https://github.com/opencontainers/runc/releases/tag/v1.3.3">v1.3.3</a>. <a href="https://redirect.github.com/moby/moby/pull/51394">moby/moby#51394</a></li> </ul> <h3>Bug fixes and enhancements</h3> <ul> <li>dockerd-rootless.sh: if slirp4netns is not installed, try using pasta (passt). <a href="https://redirect.github.com/moby/moby/pull/51162">moby/moby#51162</a></li> <li>Update Go runtime to <a href="https://go.dev/doc/devel/release#go1.24.9">1.24.9</a>. <a href="https://redirect.github.com/moby/moby/pull/51387">moby/moby#51387</a>, <a href="https://redirect.github.com/docker/cli/pull/6613">docker/cli#6613</a></li> </ul> <h3>Deprecations</h3> <ul> <li>Go-SDK: cli/command/image/build: deprecate <code>DefaultDockerfileName</code>, <code>DetectArchiveReader</code>, <code>WriteTempDockerfile</code>, <code>ResolveAndValidateContextPath</code>. These utilities were only used internally and will be removed in the next release. <a href="https://redirect.github.com/docker/cli/pull/6610">docker/cli#6610</a></li> <li>Go-SDK: cli/command/image/build: deprecate IsArchive utility. <a href="https://redirect.github.com/docker/cli/pull/6560">docker/cli#6560</a></li> <li>Go-SDK: opts: deprecate <code>ValidateMACAddress</code>. <a href="https://redirect.github.com/docker/cli/pull/6560">docker/cli#6560</a></li> <li>Go-SDK: opts: deprecate ListOpts.Delete(). <a href="https://redirect.github.com/docker/cli/pull/6560">docker/cli#6560</a></li> </ul> <h2>v28.5.1</h2> <h2>28.5.1</h2> <p>For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:</p> <ul> <li><a href="https://github.com/docker/cli/issues?q=is%3Aclosed+milestone%3A28.5.1">docker/cli, 28.5.1 milestone</a></li> <li><a href="https://github.com/moby/moby/issues?q=is%3Aclosed+milestone%3A28.5.1">moby/moby, 28.5.1 milestone</a></li> <li>Deprecated and removed features, see <a href="https://github.com/docker/cli/blob/v28.5.1/docs/deprecated.md">Deprecated Features</a>.</li> <li>Changes to the Engine API, see <a href="https://github.com/moby/moby/blob/v28.5.1/docs/api/version-history.md">API version history</a>.</li> </ul> <h3>Bug fixes and enhancements</h3> <ul> <li>Update BuildKit to v0.25.1. <a href="https://redirect.github.com/moby/moby/pull/51137">moby/moby#51137</a></li> <li>Update Go runtime to <a href="https://go.dev/doc/devel/release#go1.24.8">1.24.8</a>. <a href="https://redirect.github.com/moby/moby/pull/51133">moby/moby#51133</a>, <a href="https://redirect.github.com/docker/cli/pull/6541">docker/cli#6541</a></li> </ul> <h3>Deprecations</h3> <ul> <li>api/types/image: InspectResponse: deprecate <code>Parent</code> and <code>DockerVersion</code> fields. <a href="https://redirect.github.com/moby/moby/pull/51105">moby/moby#51105</a></li> <li>api/types/plugin: deprecate <code>Config.DockerVersion</code> field. <a href="https://redirect.github.com/moby/moby/pull/51110">moby/moby#51110</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/moby/moby/commit/89c5e8fd66634b6128fc4c0e6f1236e2540e46e0"><code>89c5e8f</code></a> Merge pull request <a href="https://redirect.github.com/docker/docker/issues/51396">#51396</a> from thaJeztah/28.x_backport_api_docs</li> <li><a href="https://github.com/moby/moby/commit/9b93878308cae892878febfa52ff0b5799bea7b0"><code>9b93878</code></a> Merge pull request <a href="https://redirect.github.com/docker/docker/issues/51395">#51395</a> from thaJeztah/28.x_backport_rootless_reject</li> <li><a href="https://github.com/moby/moby/commit/6178456763b64c360983c5a5ea35d4258171e91c"><code>6178456</code></a> Merge pull request <a href="https://redirect.github.com/docker/docker/issues/51398">#51398</a> from vvoland/51397-28.x</li> <li><a href="https://github.com/moby/moby/commit/0cae4e5c8f76756eaba81dbd23ef57fccac3033f"><code>0cae4e5</code></a> vendor: github.com/moby/buildkit v0.25.2</li> <li><a href="https://github.com/moby/moby/commit/33cc06f6169ddba8f00c50a8c12494b54b1cb2fc"><code>33cc06f</code></a> Merge pull request <a href="https://redirect.github.com/docker/docker/issues/51394">#51394</a> from vvoland/51393-28.x</li> <li><a href="https://github.com/moby/moby/commit/d525277410726d5f99e46b8b2ba60ea9b7011afa"><code>d525277</code></a> api/docs: remove BuildCache.Parent field for API v1.42 and up</li> <li><a href="https://github.com/moby/moby/commit/2fbc51b4f895c75749896bf4655f7888a300bb9d"><code>2fbc51b</code></a> dockerd-rootless.sh: reject DOCKERD_ROOTLESS_ROOTLESSKIT_NET=host</li> <li><a href="https://github.com/moby/moby/commit/bd98008c078ab4a4d99f0c1577e641dbfe191cfd"><code>bd98008</code></a> integration-cli: Adjust nofile limits</li> <li><a href="https://github.com/moby/moby/commit/19675151a3d3b947501fcad1dcacbd00e6f4b23e"><code>1967515</code></a> Dockerfile: update runc binary to v1.3.3</li> <li><a href="https://github.com/moby/moby/commit/44896604b8f50d9ba38199c25ed2c7d2d40318a7"><code>4489660</code></a> Merge pull request <a href="https://redirect.github.com/docker/docker/issues/51387">#51387</a> from thaJeztah/28.x_bump_go</li> <li>Additional commits viewable in <a href="https://github.com/docker/docker/compare/v28.4.0...v28.5.2">compare view</a></li> </ul> </details> <br /> Updates `github.com/go-git/go-billy/v5` from 5.6.2 to 5.7.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/go-git/go-billy/releases">github.com/go-git/go-billy/v5's releases</a>.</em></p> <blockquote> <h2>v5.7.0</h2> <h2>What's Changed</h2> <ul> <li>Add support for Chmod on billy.Filesystem by <a href="https://github.com/bitfehler"><code>@​bitfehler</code></a> in <a href="https://redirect.github.com/go-git/go-billy/pull/171">go-git/go-billy#171</a></li> <li>build: Update module golang.org/x/net to v0.38.0 [SECURITY] (releases/v5.x) by <a href="https://github.com/go-git-renovate"><code>@​go-git-renovate</code></a>[bot] in <a href="https://redirect.github.com/go-git/go-billy/pull/177">go-git/go-billy#177</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/go-git/go-billy/compare/v5.6.2...v5.7.0">https://github.com/go-git/go-billy/compare/v5.6.2...v5.7.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/go-git/go-billy/commit/cc50ee75c06c917f097a7ea5f1e3cbb21b7b8e0a"><code>cc50ee7</code></a> Merge pull request <a href="https://redirect.github.com/go-git/go-billy/issues/177">#177</a> from go-git/renovate/releases/v5.x-go-golang.org-x-ne...</li> <li><a href="https://github.com/go-git/go-billy/commit/c3a90034ee126d2f28feaf9cd8e241a70e19a51b"><code>c3a9003</code></a> build: Update module golang.org/x/net to v0.38.0 [SECURITY]</li> <li><a href="https://github.com/go-git/go-billy/commit/9263834eec5f778f6991567928e9c4bcfab2c78f"><code>9263834</code></a> Merge pull request <a href="https://redirect.github.com/go-git/go-billy/issues/171">#171</a> from bitfehler/releases/v5.x</li> <li><a href="https://github.com/go-git/go-billy/commit/94b84fc5c88ca2d2c1e07bd4e4260dee80575ec7"><code>94b84fc</code></a> Add support for Chmod on billy.Filesystem</li> <li>See full diff in <a href="https://github.com/go-git/go-billy/compare/v5.6.2...v5.7.0">compare view</a></li> </ul> </details> <br /> Updates `github.com/go-git/go-git/v5` from 5.16.2 to 5.16.4 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/go-git/go-git/releases">github.com/go-git/go-git/v5's releases</a>.</em></p> <blockquote> <h2>v5.16.4</h2> <h2>What's Changed</h2> <ul> <li>backport plumbing: format/idxfile, prevent panic by <a href="https://github.com/swills"><code>@​swills</code></a> in <a href="https://redirect.github.com/go-git/go-git/pull/1732">go-git/go-git#1732</a></li> <li>[backport] build: test, Fix build on Windows. by <a href="https://github.com/pjbgf"><code>@​pjbgf</code></a> in <a href="https://redirect.github.com/go-git/go-git/pull/1734">go-git/go-git#1734</a></li> <li>build: Update module golang.org/x/net to v0.38.0 [SECURITY] (releases/v5.x) by <a href="https://github.com/go-git-renovate"><code>@​go-git-renovate</code></a>[bot] in <a href="https://redirect.github.com/go-git/go-git/pull/1742">go-git/go-git#1742</a></li> <li>build: Update module github.com/cloudflare/circl to v1.6.1 [SECURITY] (releases/v5.x) by <a href="https://github.com/go-git-renovate"><code>@​go-git-renovate</code></a>[bot] in <a href="https://redirect.github.com/go-git/go-git/pull/1741">go-git/go-git#1741</a></li> <li>build: Update module github.com/go-git/go-git/v5 to v5.13.0 [SECURITY] (releases/v5.x) by <a href="https://github.com/go-git-renovate"><code>@​go-git-renovate</code></a>[bot] in <a href="https://redirect.github.com/go-git/go-git/pull/1743">go-git/go-git#1743</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/go-git/go-git/compare/v5.16.3...v5.16.4">https://github.com/go-git/go-git/compare/v5.16.3...v5.16.4</a></p> <h2>v5.16.3</h2> <h2>What's Changed</h2> <ul> <li>internal: Expand regex to fix build [5.x] by <a href="https://github.com/baloo"><code>@​baloo</code></a> in <a href="https://redirect.github.com/go-git/go-git/pull/1644">go-git/go-git#1644</a></li> <li>build: raise timeouts for windows CI tests and disable CIFuzz [5.x] by <a href="https://github.com/baloo"><code>@​baloo</code></a> in <a href="https://redirect.github.com/go-git/go-git/pull/1646">go-git/go-git#1646</a></li> <li>plumbing: support commits extra headers, support jujutsu signed commit [5.x] by <a href="https://github.com/baloo"><code>@​baloo</code></a> in <a href="https://redirect.github.com/go-git/go-git/pull/1633">go-git/go-git#1633</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/go-git/go-git/compare/v5.16.2...v5.16.3">https://github.com/go-git/go-git/compare/v5.16.2...v5.16.3</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/go-git/go-git/commit/de8ecc3b52e6a37b24a5a8ca362b54cafed2bc0b"><code>de8ecc3</code></a> Merge pull request <a href="https://redirect.github.com/go-git/go-git/issues/1743">#1743</a> from go-git/renovate/releases/v5.x-go-github.com-go-...</li> <li><a href="https://github.com/go-git/go-git/commit/3e752f043d07fd7f34edb6818b187c0267a5c762"><code>3e752f0</code></a> build: Update module github.com/go-git/go-git/v5 to v5.13.0 [SECURITY]</li> <li><a href="https://github.com/go-git/go-git/commit/3a317549e0ca40927f062a3d53873ecc36a810c1"><code>3a31754</code></a> Merge pull request <a href="https://redirect.github.com/go-git/go-git/issues/1741">#1741</a> from go-git/renovate/releases/v5.x-go-github.com-clo...</li> <li><a href="https://github.com/go-git/go-git/commit/acc28f117fb304f9197601cf0230ef8d263258a6"><code>acc28f1</code></a> build: Update module github.com/cloudflare/circl to v1.6.1 [SECURITY]</li> <li><a href="https://github.com/go-git/go-git/commit/95f388043ec1dd955327cec8b3b4b566a6e356ee"><code>95f3880</code></a> Merge pull request <a href="https://redirect.github.com/go-git/go-git/issues/1742">#1742</a> from go-git/renovate/releases/v5.x-go-golang.org-x-n...</li> <li><a href="https://github.com/go-git/go-git/commit/329f9266ae5d8ca6cb58ce3206004165090bd3cc"><code>329f926</code></a> build: Update module golang.org/x/net to v0.38.0 [SECURITY]</li> <li><a href="https://github.com/go-git/go-git/commit/399e04beb0b3284c5cb0d2bf684bb430c6612146"><code>399e04b</code></a> Merge pull request <a href="https://redirect.github.com/go-git/go-git/issues/1734">#1734</a> from pjbgf/fix-ci</li> <li><a href="https://github.com/go-git/go-git/commit/2025eae3aed7eeb0659893c069f918155c6b8b78"><code>2025eae</code></a> build: test, Fix build on Windows.</li> <li><a href="https://github.com/go-git/go-git/commit/fb6806f2711e17db162623faa01b1fb25c4dbfcc"><code>fb6806f</code></a> Merge pull request <a href="https://redirect.github.com/go-git/go-git/issues/1732">#1732</a> from swills/find-hash-panic-fix-backport</li> <li><a href="https://github.com/go-git/go-git/commit/382530f513390f06a5271148b3e133eaa8ebf725"><code>382530f</code></a> plumbing: format/idxfile, prevent panic</li> <li>Additional commits viewable in <a href="https://github.com/go-git/go-git/compare/v5.16.2...v5.16.4">compare view</a></li> </ul> </details> <br /> Updates `github.com/rhysd/actionlint` from 1.7.7 to 1.7.10 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/rhysd/actionlint/releases">github.com/rhysd/actionlint's releases</a>.</em></p> <blockquote> <h2>v1.7.10</h2> <ul> <li>Support <a href="https://yaml.org/spec/1.2.2/#71-alias-nodes">YAML anchors and aliases</a> (<code>&amp;anchor</code> and <code>*anchor</code>) in workflow files. In addition to parsing YAML anchors correctly, actionlint checks unused and undefined anchors. See the <a href="https://github.com/rhysd/actionlint/blob/main/docs/checks.md#yaml-anchors">document</a> for more details. (<a href="https://redirect.github.com/rhysd/actionlint/issues/133">#133</a>, thanks <a href="https://github.com/srz-zumix"><code>@​srz-zumix</code></a> for the initial implementation at <a href="https://redirect.github.com/rhysd/actionlint/issues/568">#568</a> and <a href="https://github.com/alexaandru"><code>@​alexaandru</code></a> for trying another approach at <a href="https://redirect.github.com/rhysd/actionlint/issues/557">#557</a>) <pre lang="yaml"><code>jobs: test: runs-on: ubuntu-latest services: nginx: image: nginx:latest credentials: &amp;credentials username: ${{ secrets.user }} password: ${{ secrets.password }} steps: - run: ./download.sh # OK: Valid alias to &amp;credentials env: *credentials - run: ./check.sh # ERROR: Undefined anchor 'credential' env: *credential - run: ./upload.sh # ERROR: Unused anchor 'credentials' env: &amp;credentials </code></pre> </li> <li>Remove support for <code>*-xl</code> macOS runner labels because they were <a href="https://github.blog/changelog/2024-08-19-notice-of-upcoming-deprecations-and-breaking-changes-in-github-actions-runners/">dropped</a>. (<a href="https://redirect.github.com/rhysd/actionlint/issues/592">#592</a>, thanks <a href="https://github.com/muzimuzhi"><code>@​muzimuzhi</code></a>)</li> <li>Remove support for the macOS 13 runner labels because they were <a href="https://github.blog/changelog/2025-09-19-github-actions-macos-13-runner-image-is-closing-down/">dropped on Dec 4, 2025</a>. (<a href="https://redirect.github.com/rhysd/actionlint/issues/593">#593</a>, thanks <a href="https://github.com/muzimuzhi"><code>@​muzimuzhi</code></a>) <ul> <li><code>macos-13</code></li> <li><code>macos-13-large</code></li> <li><code>macos-13-xlarge</code></li> </ul> </li> <li>Increase the maximum number of inputs in the <code>workflow_dispatch</code> event from 10 to 25 because the limitation <a href="https://github.blog/changelog/2025-12-04-actions-workflow-dispatch-workflows-now-support-25-inputs/">was recently relaxed</a>. (<a href="https://redirect.github.com/rhysd/actionlint/issues/598">#598</a>, thanks <a href="https://github.com/Haegi"><code>@​Haegi</code></a>)</li> <li>Support <a href="https://docs.github.com/en/actions/reference/workflows-and-actions/workflow-syntax#defining-access-for-the-github_token-scopes"><code>artifact-metadata</code> permission</a> for workflow permissions. (<a href="https://redirect.github.com/rhysd/actionlint/issues/602">#602</a>, thanks <a href="https://github.com/martincostello"><code>@​martincostello</code></a>)</li> <li>Detect more complicated constants at <code>if:</code> conditions as error. See the <a href="https://github.com/rhysd/actionlint/blob/main/docs/checks.md#if-cond-constant">rule document</a> for more details.</li> <li>Refactor the workflow parser with <a href="https://pkg.go.dev/iter#hdr-Iterators">Go iterators</a>. This slightly improves the performance and memory usage.</li> <li>Fix parsing extra <code>{</code> and <code>}</code> characters in format string of <code>format()</code> function call. For example v1.7.9 didn't parse <code>&quot;{{0} {1} {2}}&quot;</code> correctly.</li> <li>Detect an invalid value at <code>type</code> in workflow call inputs as error.</li> <li>Report <a href="https://yaml.org/type/merge.html">YAML merge key</a> <code>&lt;&lt;</code> as error because GitHub Actions doesn't support the syntax.</li> <li>Check available contexts in expressions at <code>jobs.&lt;job_id&gt;.snapshot.if</code>. <pre lang="yaml"><code>snapshot: image-name: my-custom-image # ERROR: `env` context is not allowed here if: ${{ env.USE_SNAPSHOT == 'true' }} </code></pre> </li> <li>Fix the instruction to install actionlint with <code>mise</code> in the installation document. (<a href="https://redirect.github.com/rhysd/actionlint/issues/591">#591</a>, thanks <a href="https://github.com/risu729"><code>@​risu729</code></a>)</li> <li>Update the popular actions data set to the latest to include new major versions of the actions.</li> </ul> <h2>v1.7.9</h2> <ul> <li>Add support for <a href="https://github.blog/changelog/2025-10-28-1-vcpu-linux-runner-now-available-in-github-actions-in-public-preview/"><code>ubuntu-slim</code> runner</a> label. (<a href="https://redirect.github.com/rhysd/actionlint/issues/585">#585</a>, thanks <a href="https://github.com/cestorer"><code>@​cestorer</code></a>)</li> <li>Check input deprecation in action by checking <a href="https://docs.github.com/en/actions/reference/workflows-and-actions/metadata-syntax#inputsinput_iddeprecationmessage"><code>deprecationMessage</code> property</a>. Using a deprecated input is reported as error if it is not marked as <code>required</code>. See <a href="https://github.com/rhysd/actionlint/blob/main/docs/checks.md#deprecated-inputs-usage">the document</a> for more details. (<a href="https://redirect.github.com/rhysd/actionlint/issues/580">#580</a>) <pre lang="yaml"><code>- uses: reviewdog/action-actionlint@v1 </code></pre> </li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/rhysd/actionlint/blob/main/CHANGELOG.md">github.com/rhysd/actionlint's changelog</a>.</em></p> <blockquote> <h1><a href="https://github.com/rhysd/actionlint/releases/tag/v1.7.10">v1.7.10</a> - 2025-12-30</h1> <ul> <li>Support <a href="https://yaml.org/spec/1.2.2/#71-alias-nodes">YAML anchors and aliases</a> (<code>&amp;anchor</code> and <code>*anchor</code>) in workflow files. In addition to parsing YAML anchors correctly, actionlint checks unused and undefined anchors. See the <a href="https://github.com/rhysd/actionlint/blob/main/docs/checks.md#yaml-anchors">document</a> for more details. (<a href="https://redirect.github.com/rhysd/actionlint/issues/133">#133</a>, thanks <a href="https://github.com/srz-zumix"><code>@​srz-zumix</code></a> for the initial implementation at <a href="https://redirect.github.com/rhysd/actionlint/issues/568">#568</a> and <a href="https://github.com/alexaandru"><code>@​alexaandru</code></a> for trying another approach at <a href="https://redirect.github.com/rhysd/actionlint/issues/557">#557</a>) <pre lang="yaml"><code>jobs: test: runs-on: ubuntu-latest services: nginx: image: nginx:latest credentials: &amp;credentials username: ${{ secrets.user }} password: ${{ secrets.password }} steps: - run: ./download.sh # OK: Valid alias to &amp;credentials env: *credentials - run: ./check.sh # ERROR: Undefined anchor 'credential' env: *credential - run: ./upload.sh # ERROR: Unused anchor 'credentials' env: &amp;credentials </code></pre> </li> <li>Remove support for <code>*-xl</code> macOS runner labels because they were <a href="https://github.blog/changelog/2024-08-19-notice-of-upcoming-deprecations-and-breaking-changes-in-github-actions-runners/">dropped</a>. (<a href="https://redirect.github.com/rhysd/actionlint/issues/592">#592</a>, thanks <a href="https://github.com/muzimuzhi"><code>@​muzimuzhi</code></a>)</li> <li>Remove support for the macOS 13 runner labels because they were <a href="https://github.blog/changelog/2025-09-19-github-actions-macos-13-runner-image-is-closing-down/">dropped on Dec 4, 2025</a>. (<a href="https://redirect.github.com/rhysd/actionlint/issues/593">#593</a>, thanks <a href="https://github.com/muzimuzhi"><code>@​muzimuzhi</code></a>) <ul> <li><code>macos-13</code></li> <li><code>macos-13-large</code></li> <li><code>macos-13-xlarge</code></li> </ul> </li> <li>Increase the maximum number of inputs in the <code>workflow_dispatch</code> event from 10 to 25 because the limitation <a href="https://github.blog/changelog/2025-12-04-actions-workflow-dispatch-workflows-now-support-25-inputs/">was recently relaxed</a>. (<a href="https://redirect.github.com/rhysd/actionlint/issues/598">#598</a>, thanks <a href="https://github.com/Haegi"><code>@​Haegi</code></a>)</li> <li>Support <a href="https://docs.github.com/en/actions/reference/workflows-and-actions/workflow-syntax#defining-access-for-the-github_token-scopes"><code>artifact-metadata</code> permission</a> for workflow permissions. (<a href="https://redirect.github.com/rhysd/actionlint/issues/602">#602</a>, thanks <a href="https://github.com/martincostello"><code>@​martincostello</code></a>)</li> <li>Detect more complicated constants at <code>if:</code> conditions as error. See the <a href="https://github.com/rhysd/actionlint/blob/main/docs/checks.md#if-cond-constant">rule document</a> for more details.</li> <li>Refactor the workflow parser with <a href="https://pkg.go.dev/iter#hdr-Iterators">Go iterators</a>. This slightly improves the performance and memory usage.</li> <li>Fix parsing extra <code>{</code> and <code>}</code> characters in format string of <code>format()</code> function call. For example v1.7.9 didn't parse <code>&quot;{{0} {1} {2}}&quot;</code> correctly.</li> <li>Detect an invalid value at <code>type</code> in workflow call inputs as error.</li> <li>Report <a href="https://yaml.org/type/merge.html">YAML merge key</a> <code>&lt;&lt;</code> as error because GitHub Actions doesn't support the syntax.</li> <li>Check available contexts in expressions at <code>jobs.&lt;job_id&gt;.snapshot.if</code>. <pre lang="yaml"><code>snapshot: image-name: my-custom-image # ERROR: `env` context is not allowed here if: ${{ env.USE_SNAPSHOT == 'true' }} </code></pre> </li> <li>Fix the instruction to install actionlint with <code>mise</code> in the installation document. (<a href="https://redirect.github.com/rhysd/actionlint/issues/591">#591</a>, thanks <a href="https://github.com/risu729"><code>@​risu729</code></a>)</li> <li>Update the popular actions data set to the latest to include new major versions of the actions.</li> </ul> <p>[Changes][v1.7.10]</p> <p><!-- raw HTML omitted --><!-- raw HTML omitted --></p> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/rhysd/actionlint/commit/0933c147c9d6587653d45fdcb4c497c57a65f9af"><code>0933c14</code></a> bump up version to v1.7.10</li> <li><a href="https://github.com/rhysd/actionlint/commit/9ce07bf28e51dc2411f23d868b5e02ef0a956455"><code>9ce07bf</code></a> update popular actions to the latest</li> <li><a href="https://github.com/rhysd/actionlint/commit/682839870f7880f26b613945611dec8cd4760b49"><code>6828398</code></a> Merge branch 'anchor' (close <a href="https://redirect.github.com/rhysd/actionlint/issues/568">#568</a>, fix <a href="https://redirect.github.com/rhysd/actionlint/issues/133">#133</a>)</li> <li><a href="https://github.com/rhysd/actionlint/commit/abc8624cc236605d9425d0eea7c9a171c7fd07b5"><code>abc8624</code></a> add more example for anchors</li> <li><a href="https://github.com/rhysd/actionlint/commit/ff3994b5657e8001ba8f0a06d2bd7a76e3c3d684"><code>ff3994b</code></a> Merge pull request <a href="https://redirect.github.com/rhysd/actionlint/issues/602">#602</a> from martincostello/add-artifact-metadata</li> <li><a href="https://github.com/rhysd/actionlint/commit/c2e42cf063a05ec1e6030c37fff29cac83f450b6"><code>c2e42cf</code></a> fix: add artifact-metadata</li> <li><a href="https://github.com/rhysd/actionlint/commit/64a6ba6b49b0089f823058a71d9043219619edb5"><code>64a6ba6</code></a> Merge pull request <a href="https://redirect.github.com/rhysd/actionlint/issues/601">#601</a> from rhysd/ci/20387448135</li> <li><a href="https://github.com/rhysd/actionlint/commit/16b6af9bbe73e2fb4aebbc38d21fbb40b114d3de"><code>16b6af9</code></a> update generated files by <code>go generate</code> on CI</li> <li><a href="https://github.com/rhysd/actionlint/commit/567ea3a3773b2c0069a8d51d1e992366aaf8bb19"><code>567ea3a</code></a> add aliases of <code>make</code> tasks for playground</li> <li><a href="https://github.com/rhysd/actionlint/commit/95c719ab6a7e634d51a4234d34cf42e4386631d5"><code>95c719a</code></a> update playground dev dependencies</li> <li>Additional commits viewable in <a href="https://github.com/rhysd/actionlint/compare/v1.7.7...v1.7.10">compare view</a></li> </ul> </details> <br /> Updates `github.com/sirupsen/logrus` from 1.9.3 to 1.9.4 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/sirupsen/logrus/releases">github.com/sirupsen/logrus's releases</a>.</em></p> <blockquote> <h2>v1.9.4</h2> <h2>Notable changes</h2> <ul> <li>go.mod: update minimum supported go version to v1.17 <a href="https://redirect.github.com/sirupsen/logrus/pull/1460">sirupsen/logrus#1460</a></li> <li>go.mod: bump up dependencies <a href="https://redirect.github.com/sirupsen/logrus/pull/1460">sirupsen/logrus#1460</a></li> <li>Touch-up godoc and add &quot;doc&quot; links.</li> <li>README: fix links, grammar, and update examples.</li> <li>Add GNU/Hurd support <a href="https://redirect.github.com/sirupsen/logrus/pull/1364">sirupsen/logrus#1364</a></li> <li>Add WASI wasip1 support <a href="https://redirect.github.com/sirupsen/logrus/pull/1388">sirupsen/logrus#1388</a></li> <li>Remove uses of deprecated <code>ioutil</code> package <a href="https://redirect.github.com/sirupsen/logrus/pull/1472">sirupsen/logrus#1472</a></li> <li>CI: update actions and golangci-lint <a href="https://redirect.github.com/sirupsen/logrus/pull/1459">sirupsen/logrus#1459</a></li> <li>CI: remove appveyor, add macOS <a href="https://redirect.github.com/sirupsen/logrus/pull/1460">sirupsen/logrus#1460</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/sirupsen/logrus/compare/v1.9.3...v1.9.4">https://github.com/sirupsen/logrus/compare/v1.9.3...v1.9.4</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/sirupsen/logrus/commit/b61f268f75b6ff134a62cd62aee1095fa12e8d2e"><code>b61f268</code></a> Merge pull request <a href="https://redirect.github.com/sirupsen/logrus/issues/1472">#1472</a> from goldlinker/master</li> <li><a href="https://github.com/sirupsen/logrus/commit/15c29db7129cc15331e9c52493d5aaab217146c7"><code>15c29db</code></a> refactor: replace the deprecated function in the ioutil package</li> <li><a href="https://github.com/sirupsen/logrus/commit/cb253f3080f18ec7e55b4c8f15b62fe0a806f130"><code>cb253f3</code></a> Merge pull request <a href="https://redirect.github.com/sirupsen/logrus/issues/1464">#1464</a> from thaJeztah/touchup_godoc</li> <li><a href="https://github.com/sirupsen/logrus/commit/29b233793060a07fb76eda791f604d87e08d23d1"><code>29b2337</code></a> Merge pull request <a href="https://redirect.github.com/sirupsen/logrus/issues/1468">#1468</a> from thaJeztah/touchup_readme</li> <li><a href="https://github.com/sirupsen/logrus/commit/d9168199e06807d8959126bc8c823ad8b96e3969"><code>d916819</code></a> Merge pull request <a href="https://redirect.github.com/sirupsen/logrus/issues/1427">#1427</a> from dolmen/fix-testify-usage</li> <li><a href="https://github.com/sirupsen/logrus/commit/135e4820b2140747fb868073e4dca1619996417a"><code>135e482</code></a> README: small touch-ups</li> <li><a href="https://github.com/sirupsen/logrus/commit/2c5fa36b73abb8b007474417571e268685d0d84e"><code>2c5fa36</code></a> Merge pull request <a href="https://redirect.github.com/sirupsen/logrus/issues/1467">#1467</a> from thaJeztah/rm_old_badge</li> <li><a href="https://github.com/sirupsen/logrus/commit/877ecec10d61675855189ece38d70d8804302fa4"><code>877ecec</code></a> README: remove travis badge</li> <li><a href="https://github.com/sirupsen/logrus/commit/55cf2560b5e5fd3f0e6ff59e6ce766eb12db4522"><code>55cf256</code></a> Merge pull request <a href="https://redirect.github.com/sirupsen/logrus/issues/1393">#1393</a> from jsoref/grammar</li> <li><a href="https://github.com/sirupsen/logrus/commit/21bae50b76794e93449c3f0f845ea0ac903847db"><code>21bae50</code></a> Merge pull request <a href="https://redirect.github.com/sirupsen/logrus/issues/1426">#1426</a> from dolmen/testing-fix-use-of-math-rand</li> <li>Additional commits viewable in <a href="https://github.com/sirupsen/logrus/compare/v1.9.3...v1.9.4">compare view</a></li> </ul> </details> <br /> Updates `github.com/spf13/cobra` from 1.10.1 to 1.10.2 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/spf13/cobra/releases">github.com/spf13/cobra's releases</a>.</em></p> <blockquote> <h2>v1.10.2</h2> <h2>🔧 Dependencies</h2> <ul> <li>chore: Migrate from <code>gopkg.in/yaml.v3</code> to <code>go.yaml.in/yaml/v3</code> by <a href="https://github.com/dims"><code>@​dims</code></a> in <a href="https://redirect.github.com/spf13/cobra/pull/2336">spf13/cobra#2336</a> - the <code>gopkg.in/yaml.v3</code> package has been deprecated for some time: this should significantly cleanup dependency/supply-chains for consumers of <code>spf13/cobra</code></li> </ul> <h2>📈 CI/CD</h2> <ul> <li>Fix linter and allow CI to pass by <a href="https://github.com/marckhouzam"><code>@​marckhouzam</code></a> in <a href="https://redirect.github.com/spf13/cobra/pull/2327">spf13/cobra#2327</a></li> <li>fix: actions/setup-go v6 by <a href="https://github.com/jpmcb"><code>@​jpmcb</code></a> in <a href="https://redirect.github.com/spf13/cobra/pull/2337">spf13/cobra#2337</a></li> </ul> <h2>🔥✍🏼 Docs</h2> <ul> <li>Add documentation for repeated flags functionality by <a href="https://github.com/rvergis"><code>@​rvergis</code></a> in <a href="https://redirect.github.com/spf13/cobra/pull/2316">spf13/cobra#2316</a></li> </ul> <h2>🍂 Refactors</h2> <ul> <li>refactor: replace several vars with consts by <a href="https://github.com/htoyoda18"><code>@​htoyoda18</code></a> in <a href="https://redirect.github.com/spf13/cobra/pull/2328">spf13/cobra#2328</a></li> <li>refactor: change minUsagePadding from var to const by <a href="https://github.com/ssam18"><code>@​ssam18</code></a> in <a href="https://redirect.github.com/spf13/cobra/pull/2325">spf13/cobra#2325</a></li> </ul> <h2>🤗 New Contributors</h2> <ul> <li><a href="https://github.com/rvergis"><code>@​rvergis</code></a> made their first contribution in <a href="https://redirect.github.com/spf13/cobra/pull/2316">spf13/cobra#2316</a></li> <li><a href="https://github.com/htoyoda18"><code>@​htoyoda18</code></a> made their first contribution in <a href="https://redirect.github.com/spf13/cobra/pull/2328">spf13/cobra#2328</a></li> <li><a href="https://github.com/ssam18"><code>@​ssam18</code></a> made their first contribution in <a href="https://redirect.github.com/spf13/cobra/pull/2325">spf13/cobra#2325</a></li> <li><a href="https://github.com/dims"><code>@​dims</code></a> made their first contribution in <a href="https://redirect.github.com/spf13/cobra/pull/2336">spf13/cobra#2336</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/spf13/cobra/compare/v1.10.1...v1.10.2">https://github.com/spf13/cobra/compare/v1.10.1...v1.10.2</a></p> <p>Thank you to our amazing contributors!!!!! 🐍 🚀</p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/spf13/cobra/commit/88b30ab89da2d0d0abb153818746c5a2d30eccec"><code>88b30ab</code></a> chore: Migrate from gopkg.in/yaml.v3 to go.yaml.in/yaml/v3 (<a href="https://redirect.github.com/spf13/cobra/issues/2336">#2336</a>)</li> <li><a href="https://github.com/spf13/cobra/commit/346d408fe7d4be00ff9481ea4d43c4abb5e5f77d"><code>346d408</code></a> fix: actions/setup-go v6 (<a href="https://redirect.github.com/spf13/cobra/issues/2337">#2337</a>)</li> <li><a href="https://github.com/spf13/cobra/commit/fc81d2003469e2a5c440306d04a6d82a54065979"><code>fc81d20</code></a> refactor: change minUsagePadding from var to const (<a href="https://redirect.github.com/spf13/cobra/issues/2325">#2325</a>)</li> <li><a href="https://github.com/spf13/cobra/commit/117698a604b65e80a1ad5b76df67b604bcd992e0"><code>117698a</code></a> refactor: replace several vars with consts (<a href="https://redirect.github.com/spf13/cobra/issues/2328">#2328</a>)</li> <li><a href="https://github.com/spf13/cobra/commit/e2dd29ddc39acacf3af13013b06e1fe58b5c3599"><code>e2dd29d</code></a> Add documentation for repeated flags functionality (<a href="https://redirect.github.com/spf13/cobra/issues/2316">#2316</a>)</li> <li><a href="https://github.com/spf13/cobra/commit/062989255670f5e100abf70fa5e291a394915f89"><code>0629892</code></a> Fix linter (<a href="https://redirect.github.com/spf13/cobra/issues/2327">#2327</a>)</li> <li>See full diff in <a href="https://github.com/spf13/cobra/compare/v1.10.1...v1.10.2">compare view</a></li> </ul> </details> <br /> Updates `github.com/spf13/pflag` from 1.0.9 to 1.0.10 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/spf13/pflag/releases">github.com/spf13/pflag's releases</a>.</em></p> <blockquote> <h2>v1.0.10</h2> <h2>What's Changed</h2> <ul> <li>fix deprecation comment for (FlagSet.)ParseErrorsWhitelist by <a href="https://github.com/thaJeztah"><code>@​thaJeztah</code></a> in <a href="https://redirect.github.com/spf13/pflag/pull/447">spf13/pflag#447</a></li> <li>remove uses of errors.Is, which requires go1.13, move go1.16/go1.21 tests to separate file by <a href="https://github.com/thaJeztah"><code>@​thaJeztah</code></a> in <a href="https://redirect.github.com/spf13/pflag/pull/448">spf13/pflag#448</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/thaJeztah"><code>@​thaJeztah</code></a> made their first contribution in <a href="https://redirect.github.com/spf13/pflag/pull/447">spf13/pflag#447</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/spf13/pflag/compare/v1.0.9...v1.0.10">https://github.com/spf13/pflag/compare/v1.0.9...v1.0.10</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/spf13/pflag/commit/0491e5702ad2bb108bc519a5221bcc0f52aa9564"><code>0491e57</code></a> Merge pull request <a href="https://redirect.github.com/spf13/pflag/issues/448">#448</a> from thaJeztah/fix_go_version</li> <li><a href="https://github.com/spf13/pflag/commit/72abab1d978352c34a7274f374d30f413e1c83f3"><code>72abab1</code></a> Merge pull request <a href="https://redirect.github.com/spf13/pflag/issues/447">#447</a> from thaJeztah/fix_deprecation_comment</li> <li><a href="https://github.com/spf13/pflag/commit/7e4dfb1e325ce429e29994933210abe53de7041d"><code>7e4dfb1</code></a> Test on Go 1.12</li> <li><a href="https://github.com/spf13/pflag/commit/18a9d17d0ee8bd64d5c2071fc031be86fa2cd328"><code>18a9d17</code></a> move Func, BoolFunc, tests as they require go1.21</li> <li><a href="https://github.com/spf13/pflag/commit/c5b9e989df31c5d19573e50d6188550ad51a971e"><code>c5b9e98</code></a> remove uses of errors.Is, which requires go1.13</li> <li><a href="https://github.com/spf13/pflag/commit/45a48733e35ba296a5f4dcc2b01996b89dc91a06"><code>45a4873</code></a> fix deprecation comment for (FlagSet.)ParseErrorsWhitelist</li> <li>See full diff in <a href="https://github.com/spf13/pflag/compare/v1.0.9...v1.0.10">compare view</a></li> </ul> </details> <br /> Updates `golang.org/x/term` from 0.38.0 to 0.39.0 <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/golang/term/commit/a7e5b0437ffa3159709172efbe396bc546550e23"><code>a7e5b04</code></a> go.mod: update golang.org/x dependencies</li> <li><a href="https://github.com/golang/term/commit/943f25d3595f79ce29c4175d889758d38b375688"><code>943f25d</code></a> x/term: handle transpose</li> <li><a href="https://github.com/golang/term/commit/9b991dd831b8a478f9fc99a0b39b492b4e25a3c0"><code>9b991dd</code></a> x/term: handle delete key</li> <li>See full diff in <a href="https://github.com/golang/term/compare/v0.38.0...v0.39.0">compare view</a></li> </ul> </details> <br /> Updates `github.com/golang-jwt/jwt/v5` from 5.3.0 to 5.3.1 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/golang-jwt/jwt/releases">github.com/golang-jwt/jwt/v5's releases</a>.</em></p> <blockquote> <h2>v5.3.1</h2> <!-- raw HTML omitted --> <h2>What's Changed</h2> <h3>🔐 Features</h3> <ul> <li>Add spellcheck Github action to catch common spelling mistakes by <a href="https://github.com/equalsgibson"><code>@​equalsgibson</code></a> in <a href="https://redirect.github.com/golang-jwt/jwt/pull/458">golang-jwt/jwt#458</a></li> <li>Add <code>WithNotBeforeRequired</code> parser option and add test coverage by <a href="https://github.com/equalsgibson"><code>@​equalsgibson</code></a> in <a href="https://redirect.github.com/golang-jwt/jwt/pull/456">golang-jwt/jwt#456</a></li> <li>Update godoc example func to properly refer to <code>NewWithClaims()</code> by <a href="https://github.com/equalsgibson"><code>@​equalsgibson</code></a> in <a href="https://redirect.github.com/golang-jwt/jwt/pull/459">golang-jwt/jwt#459</a></li> <li>Update github workflows by <a href="https://github.com/mfridman"><code>@​mfridman</code></a> in <a href="https://redirect.github.com/golang-jwt/jwt/pull/462">golang-jwt/jwt#462</a></li> <li>Additional test for CustomClaims that validates unmarshalling behaviour by <a href="https://github.com/equalsgibson"><code>@​equalsgibson</code></a> in <a href="https://redirect.github.com/golang-jwt/jwt/pull/457">golang-jwt/jwt#457</a></li> <li>Fix early file close in jwt cli by <a href="https://github.com/mfridman"><code>@​mfridman</code></a> in <a href="https://redirect.github.com/golang-jwt/jwt/pull/472">golang-jwt/jwt#472</a></li> <li>Add TPM signature reference by <a href="https://github.com/salrashid123"><code>@​salrashid123</code></a> in <a href="https://redirect.github.com/golang-jwt/jwt/pull/473">golang-jwt/jwt#473</a></li> <li>Remove misleading ParserOptions documentation in <a href="https://redirect.github.com/golang-jwt/jwt/pull/484">golang-jwt/jwt#484</a></li> <li>Save signature to Token struct after successful signing by <a href="https://github.com/EgorSheff"><code>@​EgorSheff</code></a> in <a href="https://redirect.github.com/golang-jwt/jwt/pull/417">golang-jwt/jwt#417</a></li> <li>Set token.Signature in <code>ParseUnverified</code> by <a href="https://github.com/slickwilli"><code>@​slickwilli</code></a> in <a href="https://redirect.github.com/golang-jwt/jwt/pull/414">golang-jwt/jwt#414</a></li> </ul> <h3>👒 Dependencies</h3> <ul> <li>Bump crate-ci/typos from 1.34.0 to 1.35.3 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot] in <a href="https://redirect.github.com/golang-jwt/jwt/pull/461">golang-jwt/jwt#461</a></li> <li>Bump crate-ci/typos from 1.35.4 to 1.36.2 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot] in <a href="https://redirect.github.com/golang-jwt/jwt/pull/470">golang-jwt/jwt#470</a></li> <li>Bump github/codeql-action from 3 to 4 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot] in <a href="https://redirect.github.com/golang-jwt/jwt/pull/478">golang-jwt/jwt#478</a></li> <li>Bump crate-ci/typos from 1.36.2 to 1.39.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot] in <a href="https://redirect.github.com/golang-jwt/jwt/pull/480">golang-jwt/jwt#480</a></li> <li>Bump golangci/golangci-lint-action from 8 to 9 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot] in <a href="https://redirect.github.com/golang-jwt/jwt/pull/481">golang-jwt/jwt#481</a></li> <li>Bump actions/setup-go from 5 to 6 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot] in <a href="https://redirect.github.com/golang-jwt/jwt/pull/469">golang-jwt/jwt#469</a></li> <li>Bump crate-ci/typos from 1.39.0 to 1.40.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot] in <a href="https://redirect.github.com/golang-jwt/jwt/pull/488">golang-jwt/jwt#488</a></li> <li>Bump actions/checkout from 5 to 6 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot] in <a href="https://redirect.github.com/golang-jwt/jwt/pull/487">golang-jwt/jwt#487</a></li> <li>Bump crate-ci/typos from 1.40.0 to 1.41.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot] in <a href="https://redirect.github.com/golang-jwt/jwt/pull/490">golang-jwt/jwt#490</a></li> <li>Bump crate-ci/typos from 1.41.0 to 1.42.1 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot] in <a href="https://redirect.github.com/golang-jwt/jwt/pull/492">golang-jwt/jwt#492</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/equalsgibson"><code>@​equalsgibson</code></a> made their first contribution in <a href="https://redirect.github.com/golang-jwt/jwt/pull/458">golang-jwt/jwt#458</a></li> <li><a href="https://github.com/salrashid123"><code>@​salrashid123</code></a> made their first contribution in <a href="https://redirect.github.com/golang-jwt/jwt/pull/473">golang-jwt/jwt#473</a></li> <li><a href="https://github.com/EgorSheff"><code>@​EgorSheff</code></a> made their first contribution in <a href="https://redirect.github.com/golang-jwt/jwt/pull/417">golang-jwt/jwt#417</a></li> <li><a href="https://github.com/slickwilli"><code>@​slickwilli</code></a> made their first contribution in <a href="https://redirect.github.com/golang-jwt/jwt/pull/414">golang-jwt/jwt#414</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/golang-jwt/jwt/compare/v5.3.0...v5.3.1">https://github.com/golang-jwt/jwt/compare/v5.3.0...v5.3.1</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/golang-jwt/jwt/commit/7ceae619e739dc8a7bf577214aa8ebf26668e9db"><code>7ceae61</code></a> Add release.yml for changelog configuration</li> <li><a href="https://github.com/golang-jwt/jwt/commit/dce8e4dddcc9dc812cdc0b9d2037512d0e4b3eb5"><code>dce8e4d</code></a> Set token.Signature in <code>ParseUnverified</code> (<a href="https://redirect.github.com/golang-jwt/jwt/issues/414">#414</a>)</li> <li><a href="https://github.com/golang-jwt/jwt/commit/8889e208aa5c3736e5f7a856107ee70c046b803e"><code>8889e20</code></a> Save signature to Token struct after successful signing (<a href="https://redirect.github.com/golang-jwt/jwt/issues/417">#417</a>)</li> <li><a href="https://github.com/golang-jwt/jwt/commit/d237f8204b397bc008b5b07c4e081beb4ec2a7b1"><code>d237f82</code></a> ci: update github-actions schedule interval to monthly</li> <li><a href="https://github.com/golang-jwt/jwt/commit/d8dce95a406fc435aa3d11c5073f2f31a9449116"><code>d8dce95</code></a> Bump crate-ci/typos from 1.41.0 to 1.42.1 (<a href="https://redirect.github.com/golang-jwt/jwt/issues/492">#492</a>)</li> <li><a href="https://github.com/golang-jwt/jwt/commit/e93180329eab078116176ff7dc4352760bc5f290"><code>e931803</code></a> Bump crate-ci/typos from 1.40.0 to 1.41.0 (<a href="https://redirect.github.com/golang-jwt/jwt/issues/490">#490</a>)</li> <li><a href="https://github.com/golang-jwt/jwt/commit/e6a0afa839d74787501369217245b52bfc75f30d"><code>e6a0afa</code></a> Bump actions/checkout from 5 to 6 (<a href="https://redirect.github.com/golang-jwt/jwt/issues/487">#487</a>)</li> <li><a href="https://github.com/golang-jwt/jwt/commit/9f85c9ec9f10fb6919d773cb8df07029639ec76e"><code>9f85c9e</code></a> Bump crate-ci/typos from 1.39.0 to 1.40.0 (<a href="https://redirect.github.com/golang-jwt/jwt/issues/488">#488</a>)</li> <li><a href="https://github.com/golang-jwt/jwt/commit/60a8669e0221aed55a6abfd9b5cd20472f0c6ebd"><code>60a8669</code></a> Bump actions/setup-go from 5 to 6 (<a href="https://redirect.github.com/golang-jwt/jwt/issues/469">#469</a>)</li> <li><a href="https://github.com/golang-jwt/jwt/commit/76f582896da76978896d59ced995d7967c33c434"><code>76f5828</code></a> Remove misleading ParserOptions documentation (<a href="https://redirect.github.com/golang-jwt/jwt/issues/484">#484</a>)</li> <li>Additional commits viewable in <a href="https://github.com/golang-jwt/jwt/compare/v5.3.0...v5.3.1">compare view</a></li> </ul> </details> <br /> Updates `github.com/moby/go-archive` from 0.1.0 to 0.2.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/moby/go-archive/releases">github.com/moby/go-archive's releases</a>.</em></p> <blockquote> <h2>v0.2.0</h2> <h2>What's Changed</h2> <ul> <li>remove aliases for deprecated types and functions <a href="https://redirect.github.com/moby/go-archive/pull/10">moby/go-archive#10</a></li> <li>chrootarchive: remove redundant &quot;init&quot; mitigation for CVE-2019-14271 <a href="https://redirect.github.com/moby/go-archive/pull/11">moby/go-archive#11</a></li> <li>xattr: Fix OS matching <a href="https://redirect.github.com/moby/go-archive/pull/20">moby/go-archive#20</a></li> <li>TestOverlayTarUntar: remove redundant cmpopts.EquateEmpty <a href="https://redirect.github.com/moby/go-archive/pull/9">moby/go-archive#9</a></li> <li>go.mod: bump github.com/klauspost/compress v1.18.2 <a href="https://redirect.github.com/moby/go-archive/pull/19">moby/go-archive#19</a></li> <li>gha: update actions <a href="https://redirect.github.com/moby/go-archive/pull/18">moby/go-archive#18</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/moby/go-archive/compare/v0.1.0...v0.2.0">https://github.com/moby/go-archive/compare/v0.1.0...v0.2.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/moby/go-archive/commit/263611f5f0914b2a153d86dae2042d13be6a88c4"><code>263611f</code></a> Merge pull request <a href="https://redirect.github.com/moby/go-archive/issues/20">#20</a> from thaJeztah/carry_17</li> <li><a href="https://github.com/moby/go-archive/commit/a1d4e7339a9c9397397ff2e44fec921eaa6d0696"><code>a1d4e73</code></a> Merge pull request <a href="https://redirect.github.com/moby/go-archive/issues/18">#18</a> from thaJeztah/bump_gha</li> <li><a href="https://github.com/moby/go-archive/commit/da4e566157fb1abf573eba9681fbe6d669d0de94"><code>da4e566</code></a> xattr: Fix OS matching.</li> <li><a href="https://github.com/moby/go-archive/commit/df87f45519ff6de1e09d2e96635f0ce46f36eaf5"><code>df87f45</code></a> Merge pull request <a href="https://redirect.github.com/moby/go-archive/issues/19">#19</a> from thaJeztah/bump_deps</li> <li><a href="https://github.com/moby/go-archive/commit/8996f2289474369d496495cb1a1acdf53ea61d3e"><code>8996f22</code></a> gha: update CodeQL Action to v4</li> <li><a href="https://github.com/moby/go-archive/commit/985c60fe36bd91f1ed5a726e5f81c666e897ed8d"><code>985c60f</code></a> gha: codeql: use go stable</li> <li><a href="https://github.com/moby/go-archive/commit/4752b25568454c126b6631957c79816c73284d83"><code>4752b25</code></a> gha: update actions/setup-go@v6</li> <li><a href="https://github.com/moby/go-archive/commit/280f7750e2ac36dc63a035873453a47bb7cef237"><code>280f775</code></a> gha: update actions/checkout@v6</li> <li><a href="https://github.com/moby/go-archive/commit/4c912d344027f7d3376a008ceadfb25825d444a7"><code>4c912d3</code></a> gha: update golangci/golangci-lint-action@v9</li> <li><a href="https://github.com/moby/go-archive/commit/2cd730e76d8fe2792d272ffc2e696c7ec8b67e64"><code>2cd730e</code></a> go.mod: bump github.com/klauspost/compress v1.18.2</li> <li>Additional commits viewable in <a href="https://github.com/moby/go-archive/compare/v0.1.0...v0.2.0">compare view</a></li> </ul> </details> <br /> Updates `google.golang.org/protobuf` from 1.36.9 to 1.36.11 Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions </details> --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>
kerem 2026-03-01 22:37:35 +03:00
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
dependabot/go_modules/github.com/go-git/go-git/v5-5.18.0
dependabot/go_modules/dependencies-08815e2262
mergify/configuration-deprecated-update
dependabot/github_actions/dependencies-a3a104477f
chore/simplify-ci-and-makefile
dependabot/go_modules/golang.org/x/crypto-0.45.0
dependabot/go_modules/github.com/go-viper/mapstructure/v2-2.4.0
panekj/ci/improve-jobs
fix-skip-non-yaml-files-in-dir
normalize-pull-rebuild-flags
fix-no-recurse-by-default
2517-poor-error-for-incomplete-action-step
2472-make-use-new-action-cache-the-new-default-for-downloading-actions
act-tart
act-lxc
act-oidc
act-dind
avoid-slash-in-actor
dependabot/go_modules/github.com/docker/docker-26.1.4incompatible
meta-keep-filetime
local-repository-action-cache
pr-merger
update-docker-deps
follow_local_action_symlink
boltdb-lock-in-handler
use-socket-path
no-pull-no-rebuild
path-issues
fix/env
feat/podman
refactor/testdata
v0.2.87
v0.2.86
v0.2.85
v0.2.84
v0.2.83
v0.2.82
v0.2.81
v0.2.80
v0.2.79
v0.2.78
v0.2.77
v0.2.76
v0.2.75
v0.2.74
v0.2.73
v0.2.72
v0.2.71
v0.2.70
v0.2.69
v0.2.68
v0.2.67
v0.2.66
v0.2.65
v0.2.64
v0.2.63
v0.2.62
v0.2.61
v0.2.60
v0.2.59
v0.2.58
v0.2.57
v0.2.56
v0.2.55
v0.2.54
v0.2.53
v0.2.52
v0.2.51
v0.2.50
v0.2.49
v0.2.48
v0.2.47
v0.2.46
v0.2.45
v0.2.44
v0.2.43
v0.2.42
v0.2.41
v0.2.40
v0.2.39
v0.2.38
v0.2.37
v0.2.36
v0.2.35
v0.2.34
v0.2.33
v0.2.32
v0.2.31
v0.2.30
v0.2.29
v0.2.28
v0.2.27
v0.2.26
v0.2.25
v0.2.24
v0.2.23
v0.2.22
v0.2.21
v0.2.20
v0.2.19
v0.2.18
v0.2.17
v0.2.16
v0.2.15
v0.2.14
v0.2.13
v0.2.12
v0.2.11
v0.2.10
v0.2.9
v0.2.8
v0.2.7
v0.2.6
v0.2.5
v0.2.4
v0.2.3
v0.2.2
v0.2.1
v0.2.0
v0.1.3
v0.1.2
v0.1.1
v0.1.0
v0.0.5
v0.0.4
v0.0.3
v0.0.2
v0.0.1
Labels
Clear labels   
area/action

   
area/cli

   
area/docs

   
area/image

   
area/runner

   
area/workflow

   
backlog

   
confirmed/not-planned

   
kind/bug

   
kind/discussion

   
kind/external

   
kind/feature-request

   
kind/question

   
meta/duplicate

   
meta/invalid

   
meta/need-more-info

   
meta/resolved

   
meta/wontfix

   
meta/workaround

   
needs-work

   
pull-request

Mirrored from GitHub Pull Request

  
review/not-planned

   
size/M

   
size/XL

   
size/XXL

   
stale

   
stale-exempt
No labels
area/action
area/cli
area/docs
area/image
area/runner
area/workflow
backlog
confirmed/not-planned
kind/bug
kind/discussion
kind/external
kind/feature-request
kind/question
meta/duplicate
meta/invalid
meta/need-more-info
meta/resolved
meta/wontfix
meta/workaround
needs-work
pull-request
review/not-planned
size/M
size/XL
size/XXL
stale
stale-exempt
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/act#2652
No description provided.