yolokube/grafana-backuper
yolokube/grafana-backuper
2
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages 1 Wiki Activity

fix(deps): update module github.com/go-git/go-git/v5 to v5.14.0 #49

Merged
renovate merged 1 commit from renovate/github.com-go-git-go-git-v5-5.x into main 2025-03-02 19:05:13 +01:00
Conversation 1 Commits 1 Files changed 2 +27 -25
renovate commented 2025-02-27 15:06:42 +01:00
Collaborator
Copy link

This PR contains the following updates:

Package Type Update Change
github.com/go-git/go-git/v5 require minor v5.13.2 -> v5.14.0

Release Notes

go-git/go-git (github.com/go-git/go-git/v5)

v5.14.0

Compare Source

What's Changed

⚠️ Note that this version requires Go 1.23, due to the bump to golang.org/x/crypto@v0.35.0 which mitigates the CVE above. User's that can't bump to Go 1.23 will need to remain on the previous v5.13.x release.

Full Changelog: https://github.com/go-git/go-git/compare/v5.13.2...v5.14.0

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) | require | minor | `v5.13.2` -> `v5.14.0` | --- ### Release Notes <details> <summary>go-git/go-git (github.com/go-git/go-git/v5)</summary> ### [`v5.14.0`](https://github.com/go-git/go-git/releases/tag/v5.14.0) [Compare Source](https://github.com/go-git/go-git/compare/v5.13.2...v5.14.0) #### What's Changed - v5: Bump Go and dependencies to mitigate [GO-2025-3487](https://pkg.go.dev/vuln/GO-2025-3487) by [@&#8203;pjbgf](https://github.com/pjbgf) in https://github.com/go-git/go-git/pull/1436 :warning: Note that this version requires Go 1.23, due to the bump to `golang.org/x/crypto@v0.35.0` which mitigates the CVE above. User's that can't bump to Go 1.23 will need to remain on the previous v5.13.x release. **Full Changelog**: https://github.com/go-git/go-git/compare/v5.13.2...v5.14.0 </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOS4xODIuMyIsInVwZGF0ZWRJblZlciI6IjM5LjE4Mi4zIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119-->
renovate added 1 commit 2025-02-27 15:06:42 +01:00
fix(deps): update module github.com/go-git/go-git/v5 to v5.14.0
All checks were successful
ci/woodpecker/push/lint Pipeline was successful
Details
ci/woodpecker/push/test Pipeline was successful
Details
ci/woodpecker/push/build Pipeline was successful
Details
ci/woodpecker/push/deploy Pipeline was successful
Details
2f3c7318f5
renovate commented 2025-02-27 16:06:30 +01:00
Author
Collaborator
Copy link

ℹ Artifact update notice

File name: go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

  • 5 additional dependencies were updated
  • The go directive was updated for compatibility reasons

Details:

Package Change
go 1.22.5 -> 1.24.0
github.com/cloudflare/circl v1.3.9 -> v1.6.0
github.com/cyphar/filepath-securejoin v0.3.6 -> v0.4.1
github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da -> v0.0.0-20241129210726-2c02b8208cf8
github.com/skeema/knownhosts v1.3.0 -> v1.3.1
golang.org/x/crypto v0.33.0 -> v0.35.0
### ℹ Artifact update notice ##### File name: go.mod In order to perform the update(s) described in the table above, Renovate ran the `go get` command, which resulted in the following additional change(s): - 5 additional dependencies were updated - The `go` directive was updated for compatibility reasons Details: | **Package** | **Change** | | :-------------------------------------- | :--------------------------------------------------------------------------- | | `go` | `1.22.5` -> `1.24.0` | | `github.com/cloudflare/circl` | `v1.3.9` -> `v1.6.0` | | `github.com/cyphar/filepath-securejoin` | `v0.3.6` -> `v0.4.1` | | `github.com/golang/groupcache` | `v0.0.0-20210331224755-41bb18bfe9da` -> `v0.0.0-20241129210726-2c02b8208cf8` | | `github.com/skeema/knownhosts` | `v1.3.0` -> `v1.3.1` | | `golang.org/x/crypto` | `v0.33.0` -> `v0.35.0` |
renovate merged commit 2f3c7318f5 into main 2025-03-02 19:05:13 +01:00
Sign in to join this conversation.
Reviewers
No reviewers
Labels
Clear labels   
bug

Something is not working

  
duplicate

This issue or pull request already exists

  
enhancement

New feature

  
help wanted

Need some help

  
invalid

Something is wrong

  
question

More information is needed

  
wontfix

This won't be fixed

  
type
dependency-dashboard
Only for Renovate Dependency Dashboard

No labels
bug
duplicate
enhancement
help wanted
invalid
question
wontfix
type
dependency-dashboard
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: yolokube/grafana-backuper#49
No description provided.
Delete branch "renovate/github.com-go-git-go-git-v5-5.x"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?