Skip to content

build(deps): bump the golang group across 1 directory with 7 updates#1258

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/go_modules/golang-98d539f651
Open

build(deps): bump the golang group across 1 directory with 7 updates#1258
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/go_modules/golang-98d539f651

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github May 11, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Bumps the golang group with 5 updates in the / directory:

Package From To
github.com/Microsoft/hcsshim 0.14.0 0.14.1
github.com/buger/jsonparser 1.1.2 1.2.0
github.com/mattn/go-shellwords 1.0.12 1.0.13
github.com/onsi/ginkgo/v2 2.28.1 2.31.0
github.com/opencontainers/selinux 1.13.1 1.15.1

Updates github.com/Microsoft/hcsshim from 0.14.0 to 0.14.1

Release notes

Sourced from github.com/Microsoft/hcsshim's releases.

v0.14.1

What's Changed

fb5aa2e94 - Maksim An (2026-04-07): upgrade dependencies to fix CI 9a434d6e1 - Dawei Wei (2026-03-06): shim: skip SandboxPlatform validation when platform is not explicitly set (#2620) 98d74bb52 - Cory Snider (2026-02-10): WCOW: restore support for client-mounted roots (#2595)

Full Changelog: microsoft/hcsshim@v0.14.0...v0.14.1

Commits
  • fb5aa2e upgrade dependencies to fix CI
  • 9a434d6 shim: skip SandboxPlatform validation when platform is not explicitly set (#2...
  • 98d74bb WCOW: restore support for client-mounted roots (#2595)
  • See full diff in compare view

Updates github.com/buger/jsonparser from 1.1.2 to 1.2.0

Release notes

Sourced from github.com/buger/jsonparser's releases.

v1.2.0

What's Changed

Full Changelog: buger/jsonparser@v1.1.2...v1.2.0

Commits
  • c172c16 Merge pull request #269 from buger/tinygo
  • 680cd2e Merge pull request #281 from buger/reqproof-assurance-hardening
  • 9dce61c Migrate review storage from reviews/ folder to per-requirement timestamps
  • c03b9ef feat: add property-based obligation classes with 24 new SYS-REQs
  • 9c46110 chore: fix spec lint warnings — remove stale parent field, set review metadata
  • 8bbb8a8 Close coverage gaps: SYS-REQ-007/008/010 fuzz harness coverage to 100%
  • 552e93b Install Z3 via apt before audit
  • 98133b4 Remove manual Z3 pre-download, now handled by proof-action
  • 1b70ead Debug Z3 pre-download: remove output suppression
  • aac1fbc Pre-download Z3 solver before audit
  • Additional commits viewable in compare view

Updates github.com/mattn/go-shellwords from 1.0.12 to 1.0.13

Commits
  • fd1aa6c Run gofmt: add missing //go:build directives and trailing newlines
  • e73986e Treat bare ')' as syntax error regardless of ParseBacktick
  • 9a78803 Merge pull request #60 from scumfrog/security-fix-cve
  • b074fa0 fix: preserve parser compatibility for unmatched ')' handling
  • 735b5e8 Implement tests for shellwords parser functionality
  • e2951fc Fix dollarQuote state management in shellwords.go
  • 551a1d0 Update CI: Go 1.25/1.26 and latest GitHub Actions
  • f3bbb6f Merge pull request #53 from ndeloof/master
  • f6737fe parse \t as TAB, not escaped t
  • See full diff in compare view

Updates github.com/onsi/ginkgo/v2 from 2.28.1 to 2.31.0

Release notes

Sourced from github.com/onsi/ginkgo/v2's releases.

v2.31.0

2.31.0

Add a bunch of Claude Skills via the marketplace:

/plugin marketplace add onsi/ginkgo
/plugin install ginkgo@ginkgo

v2.30.0

2.30.0

Features

Ginkgo now allows extentions/global.Reset to support running multiple suites from within a single process. This may take some massaging on your part (see 1672) but can dramatically speed up codebases with O(hundreds) of test suites.

Thanks @​lawrencejones !

Fixes

  • Fix nested --github-output group for progress report nested inside timeline [4f62d7a]

v2.29.0

2.29.0

GinkgoHelperGo makes it easier to write test helpers that need to run in goroutines. Specifically, it makes managing the failure state and capturing failure panics correctly straightforward.

ginkgo outline now includes entries defined in DescribeTableSubtree

v2.28.3

2.28.3

Maintenance

Bump all dependencies

v2.28.2

2.28.2

  • Add ArtifactDir() to support Go 1.26 testing.TB interface [f3a36b6]
  • Implement shell completion [94151c8]
  • Add asan CLI option mirroring msan implementation [4d21dbb]
  • Bump uri from 1.0.3 to 1.0.4 in /docs (#1630) [c102161]
  • fix aspect ratio [9619647]
  • update logos [5779304]
Changelog

Sourced from github.com/onsi/ginkgo/v2's changelog.

2.31.0

Add a bunch of Claude Skills via the marketplace:

/plugin marketplace add onsi/ginkgo
/plugin install ginkgo@ginkgo

2.30.0

Features

Ginkgo now allows extentions/global.Reset to support running multiple suites from within a single process. This may take some massaging on your part (see 1672) but can dramatically speed up codebases with O(hundreds) of test suites.

Thanks @​lawrencejones !

Fixes

  • Fix nested --github-output group for progress report nested inside timeline [4f62d7a]

2.29.0

GinkgoHelperGo makes it easier to write test helpers that need to run in goroutines. Specifically, it makes managing the failure state and capturing failure panics correctly straightforward.

ginkgo outline now includes entries defined in DescribeTableSubtree

2.28.3

Maintenance

Bump all dependencies

2.28.2

  • Add ArtifactDir() to support Go 1.26 testing.TB interface [f3a36b6]
  • Implement shell completion [94151c8]
  • Add asan CLI option mirroring msan implementation [4d21dbb]
  • Bump uri from 1.0.3 to 1.0.4 in /docs (#1630) [c102161]
  • fix aspect ratio [9619647]
  • update logos [5779304]
Commits
  • 3c7bde4 v2.31.0
  • e479459 add claude skills
  • 31e9912 v2.30.0
  • a79cdbb Document running multiple suites in a single test process
  • 800291a Allow extensions/globals.Reset to support re-running RunSpecs
  • 4f62d7a Fix nested --github-output group for progress report nested inside timeline
  • 04b5bcb v2.29.0
  • 124232a docs: GinkgoHelperGo
  • ad9cee8 feat: GinkgoHelperGo, with integration tests
  • 9e56a0a chore: refactor devcontainer for better maintenance
  • Additional commits viewable in compare view

Updates github.com/onsi/gomega from 1.39.1 to 1.40.0

Release notes

Sourced from github.com/onsi/gomega's releases.

v1.40.0

1.40.0

We're adopting a new release strategy to minimize dependency bloat in projects that consume Gomega. It is a limitation of the go mod toolchain that test subdependencies of your project's direct dependencies get pulled in as indirect dependencies. In the case of Gomega, this ends up pulling in all of Ginkgo into your go.mod even if you are only using Gomega (Gomega uses Ginkgo for its own tests).

Going forward, releases will strip out all tests, tidy up the go.mod and then push this stripped down version to a new master-lite branch. These stripped-down versions will receive the vx.y.z git tag and will be picked up by the go toolchain.

Please open an issue if this new release process causes unexpected changes for your projects.

Changelog

Sourced from github.com/onsi/gomega's changelog.

1.40.0

We're adopting a new release strategy to minimize dependency bloat in projects that consume Gomega. It is a limitation of the go mod toolchain that test subdependencies of your project's direct dependencies get pulled in as indirect dependencies. In the case of Gomega, this ends up pulling in all of Ginkgo into your go.mod even if you are only using Gomega (Gomega uses Ginkgo for its own tests).

Going forward, releases will strip out all tests, tidy up the go.mod and then push this stripped down version to a new master-lite branch. These stripped-down versions will receive the vx.y.z git tag and will be picked up by the go toolchain.

Please open an issue if this new release process causes unexpected changes for your projects.

Commits

Updates github.com/opencontainers/selinux from 1.13.1 to 1.15.1

Release notes

Sourced from github.com/opencontainers/selinux's releases.

v1.15.1

What's Changed

Full Changelog: opencontainers/selinux@v1.15.0...v1.15.1

v1.15.0

This release adds a new function, SetProcessKind, which is to be used instead of KVMProcessLabel[s] and InitProcessLabel[s] in case the user only wants to change the type of the existing label, not generate a new one. It also fixes an CI issue and optimizes label.InitLabels for a few common cases.

What's Changed

Full Changelog: opencontainers/selinux@v1.14.1...v1.15.0

v1.14.1

This release mostly fixes label.InitLabels regression introduced in v1.14.0.

What's Changed

Full Changelog: opencontainers/selinux@v1.14.0...v1.14.1

v1.14.0

This release fixes a regression in ExecLabel, bumps the minimal Go version to 1.22, and deprecates several functions in favor of improved API.

Fixed

Deprecated

Added

Changed

Miscellaneous

... (truncated)

Commits
  • 9801d53 Merge pull request #272 from kolyshkin/add-mcs-nit
  • cf4e440 ReserveLabelV2: ignore labels without MCS
  • 84683a6 Merge pull request #271 from kolyshkin/change-type
  • 8889f6e Add SetProcessKind
  • fb9b5b2 Merge pull request #269 from kolyshkin/init-labels-opt
  • 74873e2 label.InitLabels: optimize
  • c8bf19e Merge pull request #270 from kolyshkin/timeout
  • a55d914 ci: set timeout for vm jobs
  • 89b039b Merge pull request #267 from kolyshkin/damage-control
  • 8c517ef Merge pull request #268 from kolyshkin/readme
  • Additional commits viewable in compare view

Updates golang.org/x/sys from 0.42.0 to 0.43.0

Commits
  • f33a730 windows: support nil security descriptor on GetNamedSecurityInfo
  • 493d172 cpu: add runtime import in cpu_darwin_arm64_other.go
  • 2c2be75 windows: use syscall.SyscallN in Proc.Call
  • a76ec62 cpu: roll back "use IsProcessorFeaturePresent to calculate ARM64 on windows"
  • See full diff in compare view

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels May 11, 2026
@dependabot dependabot Bot force-pushed the dependabot/go_modules/golang-98d539f651 branch from 15f0c29 to b154799 Compare May 25, 2026 02:46
GGOemea
GGOemea reviewed Jun 14, 2026
View reviewed changes

@GGOemea GGOemea left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ok

@dependabot
build(deps): bump the golang group across 1 directory with 7 updates
52cc9d6 
Bumps the golang group with 5 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [github.com/Microsoft/hcsshim](https://github.com/Microsoft/hcsshim) | `0.14.0` | `0.14.1` |
| [github.com/buger/jsonparser](https://github.com/buger/jsonparser) | `1.1.2` | `1.2.0` |
| [github.com/mattn/go-shellwords](https://github.com/mattn/go-shellwords) | `1.0.12` | `1.0.13` |
| [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo) | `2.28.1` | `2.31.0` |
| [github.com/opencontainers/selinux](https://github.com/opencontainers/selinux) | `1.13.1` | `1.15.1` |



Updates `github.com/Microsoft/hcsshim` from 0.14.0 to 0.14.1
- [Release notes](https://github.com/Microsoft/hcsshim/releases)
- [Commits](microsoft/hcsshim@v0.14.0...v0.14.1)

Updates `github.com/buger/jsonparser` from 1.1.2 to 1.2.0
- [Release notes](https://github.com/buger/jsonparser/releases)
- [Commits](buger/jsonparser@v1.1.2...v1.2.0)

Updates `github.com/mattn/go-shellwords` from 1.0.12 to 1.0.13
- [Commits](mattn/go-shellwords@v1.0.12...v1.0.13)

Updates `github.com/onsi/ginkgo/v2` from 2.28.1 to 2.31.0
- [Release notes](https://github.com/onsi/ginkgo/releases)
- [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md)
- [Commits](onsi/ginkgo@v2.28.1...v2.31.0)

Updates `github.com/onsi/gomega` from 1.39.1 to 1.40.0
- [Release notes](https://github.com/onsi/gomega/releases)
- [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md)
- [Commits](onsi/gomega@v1.39.1...v1.40.0)

Updates `github.com/opencontainers/selinux` from 1.13.1 to 1.15.1
- [Release notes](https://github.com/opencontainers/selinux/releases)
- [Commits](opencontainers/selinux@v1.13.1...v1.15.1)

Updates `golang.org/x/sys` from 0.42.0 to 0.43.0
- [Commits](golang/sys@v0.42.0...v0.43.0)

---
updated-dependencies:
- dependency-name: github.com/buger/jsonparser
  dependency-version: 1.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: golang
- dependency-name: github.com/mattn/go-shellwords
  dependency-version: 1.0.13
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: golang
- dependency-name: github.com/Microsoft/hcsshim
  dependency-version: 0.14.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: golang
- dependency-name: github.com/onsi/ginkgo/v2
  dependency-version: 2.28.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: golang
- dependency-name: github.com/onsi/gomega
  dependency-version: 1.40.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: golang
- dependency-name: github.com/opencontainers/selinux
  dependency-version: 1.14.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: golang
- dependency-name: golang.org/x/sys
  dependency-version: 0.43.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: golang
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/go_modules/golang-98d539f651 branch from b154799 to 52cc9d6 Compare June 15, 2026 02:22
GGOemea
GGOemea reviewed Jun 15, 2026
View reviewed changes

@GGOemea GGOemea left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ok

GGOemea
GGOemea reviewed Jun 15, 2026
View reviewed changes

@GGOemea GGOemea left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ok

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@GGOemea GGOemea GGOemea left review comments

Reviewers whose approvals may not affect merge requirements

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file go Pull requests that update Go code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@GGOemea