chore(deps): bump the dependencies group with 10 updates #1099

dependabot · 2025-03-01T00:40:56Z

Bumps the dependencies group with 10 updates:

Package	From	To
github.com/cheggaaa/pb/v3	`3.1.6`	`3.1.7`
github.com/go-git/go-git/v5	`5.13.2`	`5.14.0`
golang.org/x/crypto	`0.32.0`	`0.35.0`
golang.org/x/term	`0.28.0`	`0.29.0`
golang.org/x/text	`0.21.0`	`0.22.0`
github.com/ProtonMail/go-crypto	`1.1.5`	`1.1.6`
github.com/cloudflare/circl	`1.5.0`	`1.6.0`
github.com/golang/groupcache	`0.0.0-20210331224755-41bb18bfe9da`	`0.0.0-20241129210726-2c02b8208cf8`
golang.org/x/net	`0.34.0`	`0.35.0`
golang.org/x/sys	`0.29.0`	`0.30.0`

Updates github.com/cheggaaa/pb/v3 from 3.1.6 to 3.1.7

Commits

555a83b require go1.18
03653c2 update go mods
6f99b91 replace Sprintf to Sprint; possible fix for #227
See full diff in compare view

Updates github.com/go-git/go-git/v5 from 5.13.2 to 5.14.0

Release notes

Sourced from github.com/go-git/go-git/v5's releases.

v5.14.0

What's Changed

v5: Bump Go and dependencies to mitigate GO-2025-3487 by @pjbgf in go-git/go-git#1436

⚠️ Note that this version requires Go 1.23, due to the bump to golang.org/x/[email protected] which mitigates the CVE above. User's that can't bump to Go 1.23 will need to remain on the previous v5.13.x release.

Full Changelog: go-git/go-git@v5.13.2...v5.14.0

Commits

863c621 Merge pull request #1436 from pjbgf/v5-bumps
2e69e81 build: Bump dependencies
b2c1ec9 build: Bump Go versions
See full diff in compare view

Updates golang.org/x/crypto from 0.32.0 to 0.35.0

Commits

7292932 ssh: limit the size of the internal packet queue while waiting for KEX
f66f74b acme/autocert: check host policy before probing the cache
b0784b7 x509roots/fallback: drop obsolete build constraint
911360c all: bump golang.org/x/crypto dependencies of asm generators
89ff08d all: upgrade go directive to at least 1.23.0 [generated]
e47973b all: update certs for go1.24
9290511 go.mod: update golang.org/x dependencies
fa5273e x509roots/fallback: update bundle
a8ea4be ssh: add ServerConfig.PreAuthConnCallback, ServerPreAuthConn (banner) interface
71d3a4c acme: support challenges that require the ACME client to send a non-empty JSO...
See full diff in compare view

Updates golang.org/x/term from 0.28.0 to 0.29.0

Commits

743b270 go.mod: update golang.org/x dependencies
See full diff in compare view

Updates golang.org/x/text from 0.21.0 to 0.22.0

Commits

3b64043 go.mod: update golang.org/x dependencies
1e59086 message/pipeline: add two Unalias calls
See full diff in compare view

Updates github.com/ProtonMail/go-crypto from 1.1.5 to 1.1.6

Release notes

Sourced from github.com/ProtonMail/go-crypto's releases.

Release v1.1.6

What's Changed

Fix PublicKey.KeyIdString to return a valid key id by @lubux in ProtonMail/go-crypto#269

Allow Key Flags override @davrux in ProtonMail/go-crypto#272

Only check that message signatures are newer than the key by @twiss in ProtonMail/go-crypto#275

openpgp/clearsign: just use rand.Reader in tests by @mdosch in ProtonMail/go-crypto#276

Make Issuer Key ID signature subpacket non-critical by @caarlos0 in ProtonMail/go-crypto#266

v2 API: Improve error messages for encryption key selection by @lubux in ProtonMail/go-crypto#271

Full Changelog: ProtonMail/go-crypto@v1.1.5...v1.1.6

Release v1.1.6-proton

What's Changed

This release is v1.1.6 with support for the following non-standardized features:

Presistent symmetric keys draft-ietf-openpgp-persistent-symmetric-keys-00

Automatic forwarding draft-wussler-openpgp-forwarding-00

Post-quantum algorithms draft-ietf-openpgp-pqc

Commits

e52eada Merge pull request #271 from ProtonMail/feat/improve-errors-key-selection
4bf9d90 feat(v2): Improve error message for encryption key selection
d47bb38 Merge pull request #266 from caarlos0/issuer-key-id
756ebbd Make Issuer Key ID signature subpacket non-critical
44ef98c Merge pull request #276 from mdosch/fix-random-source-is-broken
b105e24 Merge branch 'main' into fix-random-source-is-broken
89b0776 Only check that message signatures are newer than the key
2b2dbe9 openpgp/clearsign: just use rand.Reader in tests
2732e09 Merge pull request #275 from ProtonMail/only-check-msg-sig-newer-than-key
8e272e7 Only check that message signatures are newer than the key
Additional commits viewable in compare view

Updates github.com/cloudflare/circl from 1.5.0 to 1.6.0

Release notes

Sourced from github.com/cloudflare/circl's releases.

CIRCL v1.6.0

New!

Prio3 Verifiable Distributed Aggregation Function (draft-irtf-cfrg-vdaf).

X-Wing: general-purpose hybrid post-quantum KEM (draft-connolly-cfrg-xwing-kem)

What's Changed

Add OIDs to ML-DSA by @bwesterb in cloudflare/circl#519

Adds Prio3 a set of verifiable distributed aggregation functions. by @armfazh in cloudflare/circl#522

Run semgrep cronjob only in upstream repository. by @armfazh in cloudflare/circl#526

X-Wing PQ/T hybrid by @bwesterb in cloudflare/circl#471

ckem: move crypto/elliptic to crypto/ecdh by @MingLLuo in cloudflare/circl#529

hpke: Update HPKE code to use ecdh stdlib package. by @armfazh in cloudflare/circl#530

prio3: Adds polynomial multiplication using NTT by @armfazh in cloudflare/circl#532

Add Prio3 in readme. by @armfazh in cloudflare/circl#527

New Contributors

@MingLLuo made their first contribution in cloudflare/circl#529

Full Changelog: cloudflare/circl@v1.5.0...v1.6.0

Commits

89e658c Add X-Wing to the readme and bump version.
6e910fd Add Prio3 in readme.
4e35591 Adding polynomial multiplication based on NTT.
830152f Passing NTT size.
0a61b66 Removing deprecated use of elliptic in P384.
342ad81 Update HPKE code to use ecdh stdlib package.
4987803 ckem: move crypto/elliptic to crypto/ecdh (#529)
9340445 Relax kem constaint from kem.AuthScheme to kem.Scheme.
964fefa X-Wing PQ/T hybrid
cd157f0 Run semgrep cronjob only in upstream repository.
Additional commits viewable in compare view

Updates github.com/golang/groupcache from 0.0.0-20210331224755-41bb18bfe9da to 0.0.0-20241129210726-2c02b8208cf8

Commits

See full diff in compare view

Updates golang.org/x/net from 0.34.0 to 0.35.0

Commits

df97a48 go.mod: update golang.org/x dependencies
2dab271 route: treat short sockaddr lengths as unspecified
b914489 internal/http3: refactor in prep for sharing transport/server code
ebd23f8 route: fix parsing network address of length zero
938a9fb internal/http3: add request/response body transfer
145b2d7 internal/http3: add RoundTrip
5bda71a internal/http3: define connection and stream error types
3c1185a internal/http3: return error on mid-frame EOF
a6c2c7f http2, internal/httpcommon: factor out common request header logic for h2/h3
c72e89d internal/http3: QPACK encoding and decoding
Additional commits viewable in compare view

Updates golang.org/x/sys from 0.29.0 to 0.30.0

Commits

863b3c4 unix: update glibc to 2.41
4d4692e unix: add Auxv
b215a1c unix: update to Linux kernel 6.13
c756214 cpu: add support for AVX-VNNI and IFMA detection
1c14dca unix: add GetPeerUcred and UcredGet for solaris
See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the dependencies group with 10 updates: | Package | From | To | | --- | --- | --- | | [github.com/cheggaaa/pb/v3](https://github.com/cheggaaa/pb) | `3.1.6` | `3.1.7` | | [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) | `5.13.2` | `5.14.0` | | [golang.org/x/crypto](https://github.com/golang/crypto) | `0.32.0` | `0.35.0` | | [golang.org/x/term](https://github.com/golang/term) | `0.28.0` | `0.29.0` | | [golang.org/x/text](https://github.com/golang/text) | `0.21.0` | `0.22.0` | | [github.com/ProtonMail/go-crypto](https://github.com/ProtonMail/go-crypto) | `1.1.5` | `1.1.6` | | [github.com/cloudflare/circl](https://github.com/cloudflare/circl) | `1.5.0` | `1.6.0` | | [github.com/golang/groupcache](https://github.com/golang/groupcache) | `0.0.0-20210331224755-41bb18bfe9da` | `0.0.0-20241129210726-2c02b8208cf8` | | [golang.org/x/net](https://github.com/golang/net) | `0.34.0` | `0.35.0` | | [golang.org/x/sys](https://github.com/golang/sys) | `0.29.0` | `0.30.0` | Updates `github.com/cheggaaa/pb/v3` from 3.1.6 to 3.1.7 - [Commits](cheggaaa/pb@v3.1.6...v3.1.7) Updates `github.com/go-git/go-git/v5` from 5.13.2 to 5.14.0 - [Release notes](https://github.com/go-git/go-git/releases) - [Commits](go-git/go-git@v5.13.2...v5.14.0) Updates `golang.org/x/crypto` from 0.32.0 to 0.35.0 - [Commits](golang/crypto@v0.32.0...v0.35.0) Updates `golang.org/x/term` from 0.28.0 to 0.29.0 - [Commits](golang/term@v0.28.0...v0.29.0) Updates `golang.org/x/text` from 0.21.0 to 0.22.0 - [Release notes](https://github.com/golang/text/releases) - [Commits](golang/text@v0.21.0...v0.22.0) Updates `github.com/ProtonMail/go-crypto` from 1.1.5 to 1.1.6 - [Release notes](https://github.com/ProtonMail/go-crypto/releases) - [Commits](ProtonMail/go-crypto@v1.1.5...v1.1.6) Updates `github.com/cloudflare/circl` from 1.5.0 to 1.6.0 - [Release notes](https://github.com/cloudflare/circl/releases) - [Commits](cloudflare/circl@v1.5.0...v1.6.0) Updates `github.com/golang/groupcache` from 0.0.0-20210331224755-41bb18bfe9da to 0.0.0-20241129210726-2c02b8208cf8 - [Commits](https://github.com/golang/groupcache/commits) Updates `golang.org/x/net` from 0.34.0 to 0.35.0 - [Commits](golang/net@v0.34.0...v0.35.0) Updates `golang.org/x/sys` from 0.29.0 to 0.30.0 - [Commits](golang/sys@v0.29.0...v0.30.0) --- updated-dependencies: - dependency-name: github.com/cheggaaa/pb/v3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dependencies - dependency-name: github.com/go-git/go-git/v5 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies - dependency-name: golang.org/x/crypto dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies - dependency-name: golang.org/x/term dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies - dependency-name: golang.org/x/text dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies - dependency-name: github.com/ProtonMail/go-crypto dependency-type: indirect update-type: version-update:semver-patch dependency-group: dependencies - dependency-name: github.com/cloudflare/circl dependency-type: indirect update-type: version-update:semver-minor dependency-group: dependencies - dependency-name: github.com/golang/groupcache dependency-type: indirect update-type: version-update:semver-patch dependency-group: dependencies - dependency-name: golang.org/x/net dependency-type: indirect update-type: version-update:semver-minor dependency-group: dependencies - dependency-name: golang.org/x/sys dependency-type: indirect update-type: version-update:semver-minor dependency-group: dependencies ... Signed-off-by: dependabot[bot] <[email protected]>

dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Mar 1, 2025

dependabot bot requested a review from EtienneM March 1, 2025 00:40

github-actions bot enabled auto-merge March 1, 2025 00:41

github-actions bot approved these changes Mar 1, 2025

View reviewed changes

github-actions bot merged commit d18a942 into master Mar 1, 2025
6 of 7 checks passed

github-actions bot deleted the dependabot/go_modules/dependencies-bf0279d6ed branch March 1, 2025 00:42

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): bump the dependencies group with 10 updates #1099

chore(deps): bump the dependencies group with 10 updates #1099

dependabot bot commented on behalf of github Mar 1, 2025

chore(deps): bump the dependencies group with 10 updates #1099

chore(deps): bump the dependencies group with 10 updates #1099

Conversation

dependabot bot commented on behalf of github Mar 1, 2025

v5.14.0

What's Changed

Release v1.1.6

What's Changed

Release v1.1.6-proton

What's Changed

CIRCL v1.6.0

New!

What's Changed

New Contributors