build(deps): bump the go-dependencies group in /tools with 13 updates by dependabot[bot] · Pull Request #1798 · fastly/cli

dependabot · 2026-05-20T21:31:11Z

Bumps the go-dependencies group in /tools with 13 updates:

Package	From	To
cloud.google.com/go/storage	`1.62.1`	`1.62.2`
github.com/Azure/azure-sdk-for-go/sdk/storage/azblob	`1.6.4`	`1.7.0`
github.com/aws/aws-sdk-go-v2/service/kms	`1.51.1`	`1.52.0`
github.com/docker/cli	`29.4.3+incompatible`	`29.5.2+incompatible`
github.com/go-git/go-git/v5	`5.19.0`	`5.19.1`
github.com/go-openapi/runtime	`0.29.5`	`0.31.0`
github.com/google/go-containerregistry	`0.21.5`	`0.21.6`
github.com/polydawn/refmt	`0.89.1-0.20231129105047-37766d95467a`	`0.90.0`
github.com/sigstore/sigstore	`1.10.5`	`1.10.6`
github.com/theupdateframework/go-tuf/v2	`2.4.1`	`2.4.2`
google.golang.org/api	`0.279.0`	`0.280.0`
google.golang.org/genproto/googleapis/rpc	`0.0.0-20260427160629-7cedc36a6bc4`	`0.0.0-20260511170946-3700d4141b60`
google.golang.org/grpc	`1.81.0`	`1.81.1`

Updates cloud.google.com/go/storage from 1.62.1 to 1.62.2

Release notes

Sourced from cloud.google.com/go/storage's releases.

storage: v1.62.2

v1.62.2 (2026-05-18)

Features

enable open telemetry attrs (#14426) (74eab64d)

Bug Fixes

restore metadata operations timeout in gRPC (#14575) (275ff562)

Set default chunkRetryDeadline to 32s in NewWriterFromAppendableObject (#14458) (ec7c7d66)

refactor userProject metadata propagation in ListObjects (#14533) (fbb543e3)

Commits

50a5755 chore: librarian release pull request: 20260518T161338Z (#14610)
585840f spanner: skip flaky TestIntegration_DbRemovalRecovery (#14607)
f8bf88f test(spanner): retry query after database recreation in integration test (#14...
9168ab8 chore(librariangen): tweak release preview test (#14599)
f8b9a93 fix(spanner/spannertest): Support UUID as a base data type (#14117)
a42fd83 fix(internal/librariange): release preview support (#14588)
d944830 fix(datastore): add retries to emulator (#14591)
c5aaedc chore: migrate Go configuration in librarian.yaml (#14587)
8a0e849 doc(agentplatform): Add notes and quick examples to the README
033f4fe chore: librarian release pull request: 20260514T191310Z (#14589)
Additional commits viewable in compare view

Updates github.com/Azure/azure-sdk-for-go/sdk/storage/azblob from 1.6.4 to 1.7.0

Release notes

Sourced from github.com/Azure/azure-sdk-for-go/sdk/storage/azblob's releases.

sdk/storage/azblob/v1.7.0

1.7.0 (2026-05-14)

Features Added

Includes all features from 1.7.0-beta.1

sdk/storage/azblob/v1.7.0-beta.1

1.7.0-beta.1 (2026-04-23)

Features Added

Added support for service version 2026-04-06.

Added support for Delete Blob Conditional Tier.

Added support for Server-side Encryption Rekeying.

Added cross-tenant support for Principal-Bound User Delegation SAS.

Added support for Dynamic User Delegation SAS.

Bugs Fixed

Added support for error code IncrementalCopyOfEarlierSnapshotNotAllowed. This replaces IncrementalCopyOfEralierVersionSnapshotNotAllowed which has been deprecated.

Added support for missing SKU name values.

sdk/storage/azfile/v1.7.0-beta.1

1.7.0-beta.1 (2026-05-05)

Features Added

Added support for service version 2026-06-06.

Added support for uploading up to 4 MiB of data with Create File API.

Commits

624baba bump azcore version number
ce7217c Prep for azcore v1.7.0 release (#21149)
62a8079 Add support for shallow cloning azcore.Client instances (#21065) (#21098)
47286b0 Add flag to enable skipping of dependency checks (#21146)
ee762d4 Fix populating module name in telemetry policy (#20967) (#20971)
0243175 Prep azcore v1.6.1 for release (#20961)
9c9d62a Increment package version after release of azcore (#20740)
36f766d add sdk/resourcemanager/cosmos/armcosmos live test (#20705)
c005ed6 sdk/resourcemanager/network/armnetwork live test (#20331)
5fa7df4 add sdk/resourcemanager/compute/armcompute live test (#20048)
Additional commits viewable in compare view

Updates github.com/aws/aws-sdk-go-v2/service/kms from 1.51.1 to 1.52.0

Commits

d7a7049 Release 2024-03-13
625e1e6 Regenerated Clients
1ed868a Update API model
e715922 Merge customizations for S3
b30a1cc Release 2024-03-12
71783e1 Regenerated Clients
f434ec2 Update API model
9bac90a Release 2024-03-11
c3c777b Regenerated Clients
2e16e91 Update API model
Additional commits viewable in compare view

Updates github.com/docker/cli from 29.4.3+incompatible to 29.5.2+incompatible

Commits

79eb04c Merge pull request #3173 from rene-hermenau/patch-1
1a3048f Merge pull request #6997 from vvoland/gha-fix
9177c7f gha: Port validate milestones from Moby
77cb156 Merge pull request #6994 from thaJeztah/bump_buildx
382a92d Dockerfile: update buildx to v0.34.1
5c0919a Merge pull request #6995 from thaJeztah/bump_version
a68dd7a bump VERSION to v29.5.2-dev
2518b52 Merge pull request #6991 from mickael-docker/docs-clarify-authz
9f18a0a docs: clarify authz content type
2944fd1 Merge pull request #6989 from thaJeztah/bump_version
Additional commits viewable in compare view

Updates github.com/go-git/go-git/v5 from 5.19.0 to 5.19.1

Release notes

Sourced from github.com/go-git/go-git/v5's releases.

v5.19.1

What's Changed

v5: plumbing: transport/ssh, Shell-quote path by @hiddeco in go-git/go-git#2068

v5: git: submodule, Fix relative URL resolution by @hiddeco in go-git/go-git#2070

v5: git: submodule, canonical remote for relative URLs by @hiddeco in go-git/go-git#2074

v5: git: submodule, error on remote without URLs by @hiddeco in go-git/go-git#2078

v5: plumbing: format/idxfile, Validate offset64 indices by @hiddeco in go-git/go-git#2084

v5: *: Reject malformed variable-length integers by @hiddeco in go-git/go-git#2092

v5: plumbing: format/packfile, Tighten delta validation by @hiddeco in go-git/go-git#2091

v5: Add worktreeFilesystem wrapper for worktree and hardening by @hiddeco in go-git/go-git#2100

v5: config: validate submodule names by @hiddeco in go-git/go-git#2082

build: Update module github.com/go-git/go-git/v5 to v5.19.0 [SECURITY] (releases/v5.x) by @go-git-renovate[bot] in go-git/go-git#2111

v5: git: Allow MkdirAll on worktree-root paths by @hiddeco in go-git/go-git#2117

v5: git: Stop validating symlink target paths by @pjbgf in go-git/go-git#2116

v5: plumbing: format decoder input bounds and contracts by @hiddeco in go-git/go-git#2125

plumbing: format/packfile, cap delta chain depth in parser by @pjbgf in go-git/go-git#2137

Full Changelog: go-git/go-git@v5.19.0...v5.19.1

Commits

3c3be60 Merge pull request #2137 from go-git/validate-v5
3fba897 plumbing: format/packfile, cap delta chain depth in parser
a97d660 Merge pull request #2125 from hiddeco/v5/format-input-bounds
aeaa125 plumbing: format/objfile, require Header before Read
1f38e17 plumbing: format/packfile, bound inflate size
f7545a0 plumbing: format/idxfile, bound nr by file size
170b881 Merge pull request #2116 from pjbgf/symlink-v5
7b6d994 Merge pull request #2117 from hiddeco/v5/worktree-fs-mkdirall-root-noop
f0709b3 git: Stop validating symlink target paths
776d00f git: Allow MkdirAll on worktree-root paths
Additional commits viewable in compare view

Updates github.com/go-openapi/runtime from 0.29.5 to 0.31.0

Release notes

Sourced from github.com/go-openapi/runtime's releases.

v0.31.0

0.31.0 - 2026-05-17

Full Changelog: go-openapi/runtime@v0.30.0...v0.31.0

33 commits in this release.

Implemented enhancements

feat(client): TLS diagnostic mode for Runtime.Trace by @fredbi ...

feat(client): add Runtime.Trace for connection-level diagnostics by @fredbi ...

Fixed bugs

fix(client): strip CR/LF from multipart filename and field name by @fredbi ...

fix(middleware): cap filename length on untyped formData uploads by @fredbi ...

fix: CA cert pool should be cloned not returned as pointer by @fredbi in #455 ...

fix: correct spelling of "Organ trail" to "Oregon Trail" in request tests by @Copilot in #449 ...

fix(client/tls): correct PEM label and add Ed25519 key support by @fredbi in #452 ...

Documentation

doc: fixup module layout by @fredbi ...

doc: trimmed deprecated functions from examples by @fredbi in #463 ...

doc: updated contributors file by @bot-go-openapi[bot] in #460 ...

doc: advertised doc site in README.md by @fredbi in #454 ...

fix: correct two comment typos in client/internal/request/request.go by @Copilot in #450 ...

docs(compression): deprecate ContentEncoding, add CAFxX recipe by @fredbi in #447 ...

docs(keep-alive): add a thorough keep-alive primer by @fredbi in #445 ...

Code quality

doc: godoc linting by @fredbi in #465 ...

chore: cleanup linter config, reformat, optimized strings replacer by @fredbi ...

Fix/example request by @fredbi in #462 ...

chore(relint): relint code base by @fredbi in #461 ...

doc: doc site on github pages by @fredbi in #448 ...

Testing

test: fix flaky assertion on httptrace by @fredbi in #456 ...

Miscellaneous tasks

chore: prepare release v0.31.0 by @bot-go-openapi[bot] in #466 ...

chore: remove binary by @fredbi ...

... (truncated)

Commits

423c407 chore: prepare release v0.31.0
1fd10af doc: fixup module layout
74bcf73 doc: godoc linting (#465)
506f3bc Merge pull request #464 from fredbi/sec/lens3-multipart
8bf148c chore: cleanup linter config, reformat, optimized strings replacer
fa33682 test(security): fuzz targets for BindForm parse + filename cap
5cabd70 fix(client): strip CR/LF from multipart filename and field name
0d36609 fix(middleware): cap filename length on untyped formData uploads
fe97e40 doc: trimmed deprecated functions from examples (#463)
982c9d3 chore: remove binary
Additional commits viewable in compare view

Updates github.com/google/go-containerregistry from 0.21.5 to 0.21.6

Release notes

Sourced from github.com/google/go-containerregistry's releases.

v0.21.6

What's Changed

fix: update dependencies to use new azure sdk components by @gaganhr94 in google/go-containerregistry#2262

transport: restore resp.Body in retryError so CheckError can parse it by @alliasgher in google/go-containerregistry#2264

pkg/registry: return 202 Accepted for PATCH chunk uploads by @alliasgher in google/go-containerregistry#2265

Follow OCI distribution spec for artifactType and annotations by @malt3 in google/go-containerregistry#2269

actions: attach Codecov token to coverage tests on main by @Subserial in google/go-containerregistry#2270

remote: use DeleteScope (with "delete" action) for manifest deletion by @alliasgher in google/go-containerregistry#2266

remote: limit concurrent layer pulls by @gnix0 in google/go-containerregistry#2271

pkg/registry: reject corrupt disk blobs by @gnix0 in google/go-containerregistry#2272

mutate: close layer readers during export by @gnix0 in google/go-containerregistry#2277

crane/flatten: preserve image media type when flattening by @alliasgher in google/go-containerregistry#2267

build(deps): bump goreleaser/goreleaser-action from 7.0.0 to 7.2.1 in the actions group across 1 directory by @dependabot[bot] in google/go-containerregistry#2273

build(deps): bump go.opentelemetry.io/otel from 1.36.0 to 1.41.0 by @dependabot[bot] in google/go-containerregistry#2278

build(deps): bump the go-deps group across 3 directories with 6 updates by @dependabot[bot] in google/go-containerregistry#2280

Replace go-homedir with os.UserHomeDir by @jammie-jelly in google/go-containerregistry#2282

pkg/name: only treat .localhost as non-HTTPS, not .local by @blackwell-systems in google/go-containerregistry#2281

transport: block unspecified IPs (0.0.0.0, ::) in validateRealmURL by @marwan9696 in google/go-containerregistry#2285

test(mutate): add Extract round-trip test for filesystem object preservation by @blackwell-systems in google/go-containerregistry#2283

experiments: remove deprecated support for estargz by @thaJeztah in google/go-containerregistry#2288

build(deps): bump aws-actions/configure-aws-credentials from 6.1.0 to 6.1.1 in the actions group by @dependabot[bot] in google/go-containerregistry#2289

fix: limit HTTP response body reads to prevent OOM by @evilgensec in google/go-containerregistry#2296

build(deps): bump the go-deps group across 3 directories with 6 updates by @dependabot[bot] in google/go-containerregistry#2297

transport: block redirects from token server to private/link-local addresses (SSRF fix) by @evilgensec in google/go-containerregistry#2292

pkg/v1/mutate: preserve relative symlinks that stay within rootfs in Extract by @anishesg in google/go-containerregistry#2279

validate: skip non-layer layers by @imjasonh in google/go-containerregistry#2298

remote: validate foreign layer URLs to prevent SSRF (fixes #2259) by @evilgensec in google/go-containerregistry#2293

remote: block SSRF via private-IP Location headers in blob uploads by @adilburaksen in google/go-containerregistry#2295

fix(mutate): preserve config blob and layers for non-Docker OCI artifacts by @blackwell-systems in google/go-containerregistry#2286

fix: preserve per-occurrence layer identity in mutate.Image.Layers() by @iahsanGill in google/go-containerregistry#2299

transport: retry HTTP 429 (Too Many Requests) by @iahsanGill in google/go-containerregistry#2301

transport: allow bearer realm at same host:port as registry by @iahsanGill in google/go-containerregistry#2302

Update go version to 1.26.3 by @Subserial in google/go-containerregistry#2300

New Contributors

@gaganhr94 made their first contribution in google/go-containerregistry#2262

@alliasgher made their first contribution in google/go-containerregistry#2264

@malt3 made their first contribution in google/go-containerregistry#2269

@gnix0 made their first contribution in google/go-containerregistry#2271

@blackwell-systems made their first contribution in google/go-containerregistry#2281

@marwan9696 made their first contribution in google/go-containerregistry#2285

@anishesg made their first contribution in google/go-containerregistry#2279

@adilburaksen made their first contribution in google/go-containerregistry#2295

@iahsanGill made their first contribution in google/go-containerregistry#2299

Full Changelog: google/go-containerregistry@v0.21.5...v0.21.6

Commits

53f7e39 Update go version to 1.26.3 (#2300)
bf87c3b transport: allow bearer realm at same host:port as registry (#2302)
c55facd transport: retry HTTP 429 (Too Many Requests) (#2301)
68a569e fix: preserve per-occurrence layer identity in Layers() (#2299)
35b354b fix(mutate): preserve config blob and layers for non-Docker OCI artifacts (#2...
e5983f2 remote: block SSRF via private-IP Location headers in blob uploads (#2295)
6dad820 remote: validate foreign layer URLs to prevent SSRF (fixes #2259) (#2293)
78bdf1b validate: skip non-layer layers (#2298)
c29d91c pkg/v1/mutate: preserve relative symlinks that stay within rootfs in Extract ...
a70d75a transport: block redirects from token server to private/link-local addresses ...
Additional commits viewable in compare view

Updates github.com/polydawn/refmt from 0.89.1-0.20231129105047-37766d95467a to 0.90.0

Release notes

Sourced from github.com/polydawn/refmt's releases.

v0.90.0

What's Changed

Upgrade to goconvey 1.8.1 to accommodate smarty/assertions rename by @masih in polydawn/refmt#57

json parsing improvements & fixes by @rvagg in polydawn/refmt#58

Modernisation plus a defensive pass on the CBOR decoder by @rvagg in polydawn/refmt#60

ci: uci/copy-templates by @web3-bot in polydawn/refmt#61

New Contributors

@masih made their first contribution in polydawn/refmt#57

@rvagg made their first contribution in polydawn/refmt#58

@web3-bot made their first contribution in polydawn/refmt#61

Full Changelog: polydawn/refmt@v0.89.0...v0.90.0

Commits

See full diff in compare view

Updates github.com/sigstore/sigstore from 1.10.5 to 1.10.6

Release notes

Sourced from github.com/sigstore/sigstore's releases.

v1.10.6

What's Changed

fix: remove leftover Go template syntax from success page by @imjasonh in sigstore/sigstore#2324

Full Changelog: sigstore/sigstore@v1.10.5...v1.10.6

Commits

311895e fix: remove leftover Go template syntax from success page (#2324)
See full diff in compare view

Updates github.com/theupdateframework/go-tuf/v2 from 2.4.1 to 2.4.2

Release notes

Sourced from github.com/theupdateframework/go-tuf/v2's releases.

v2.4.2

What's Changed

Do not allow empty hashes for the Target role by @rdimitrov in theupdateframework/go-tuf#721

Decouple CI Go version from module minimum by @rdimitrov in theupdateframework/go-tuf#726

chore(deps): bump github.com/sigstore/sigstore from 1.10.4 to 1.10.5 by @dependabot[bot] in theupdateframework/go-tuf#727

chore(deps): bump github.com/secure-systems-lab/go-securesystemslib from 0.10.0 to 0.11.0 by @dependabot[bot] in theupdateframework/go-tuf#729

Fix log line to not be fmt-styled by @abayer in theupdateframework/go-tuf#730

chore(deps): bump github.com/sigstore/sigstore from 1.10.5 to 1.10.6 by @dependabot[bot] in theupdateframework/go-tuf#732

Fix threshold counting for duplicate public keys by @rdimitrov in theupdateframework/go-tuf#733

New Contributors

@abayer made their first contribution in theupdateframework/go-tuf#730

Full Changelog: theupdateframework/go-tuf@v2.4.1...v2.4.2

Commits

f5edbde Fix threshold counting for duplicate public keys (#733)
2800c0a chore(deps): bump github.com/sigstore/sigstore from 1.10.5 to 1.10.6 (#732)
45e0a1f Fix log line to not be fmt-styled (#730)
a5a1273 chore(deps): bump github.com/secure-systems-lab/go-securesystemslib from 0.10...
7e8f69f chore(deps): bump github.com/sigstore/sigstore from 1.10.4 to 1.10.5 (#727)
fa94ec0 Decouple CI Go version from module minimum (#726)
17b4808 Do not allow empty hashes for the Target role (#721)
See full diff in compare view

Updates google.golang.org/api from 0.279.0 to 0.280.0

Release notes

Sourced from google.golang.org/api's releases.

v0.280.0

0.280.0 (2026-05-19)

Features

all: Auto-regenerate discovery clients (#3591) (55ba2fa)

all: Auto-regenerate discovery clients (#3593) (054d4b6)

all: Auto-regenerate discovery clients (#3594) (0382916)

all: Auto-regenerate discovery clients (#3595) (13e1ad2)

all: Auto-regenerate discovery clients (#3596) (4c77865)

all: Auto-regenerate discovery clients (#3598) (ae2f330)

all: Auto-regenerate discovery clients (#3599) (f82d204)

Changelog

Sourced from google.golang.org/api's changelog.

0.280.0 (2026-05-19)

Features

all: Auto-regenerate discovery clients (#3591) (55ba2fa)

all: Auto-regenerate discovery clients (#3593) (054d4b6)

all: Auto-regenerate discovery clients (#3594) (0382916)

all: Auto-regenerate discovery clients (#3595) (13e1ad2)

all: Auto-regenerate discovery clients (#3596) (4c77865)

all: Auto-regenerate discovery clients (#3598) (ae2f330)

all: Auto-regenerate discovery clients (#3599) (f82d204)

Commits

3887b09 chore(main): release 0.280.0 (#3592)
f82d204 feat(all): auto-regenerate discovery clients (#3599)
13e7314 chore(all): update all (#3597)
ae2f330 feat(all): auto-regenerate discovery clients (#3598)
4c77865 feat(all): auto-regenerate discovery clients (#3596)
13e1ad2 feat(all): auto-regenerate discovery clients (#3595)
0382916 feat(all): auto-regenerate discovery clients (#3594)
054d4b6 feat(all): auto-regenerate discovery clients (#3593)
55ba2fa feat(all): auto-regenerate discovery clients (#3591)
See full diff in compare view

Updates google.golang.org/genproto/googleapis/rpc from 0.0.0-20260427160629-7cedc36a6bc4 to 0.0.0-20260511170946-3700d4141b60

Commits

See full diff in compare view

Updates google.golang.org/grpc from 1.81.0 to 1.81.1

Release notes

Sourced from google.golang.org/grpc's releases.

Release 1.81.1

Security

xds/rbac: Fix a potential authorization bypass caused by incorrectly falling through URI/DNS SANs to Subject Distinguished Name (DN) when matching the authenticated principal name. With this fix, only the first non-empty identity source will be used, as per gRFC A41. (#9111)

Special Thanks: @al4an444

Bug Fixes

otel: Segregate client and server RPC information used for metrics and traces, to avoid one overwriting the other. (#9081)

Commits

caf0772 Change version from 1.81.1-dev to 1.81.1 (#9122)
6ccbeeb Cherry-pick #9111 into v1.81.x (#9121)
b33c29e Cherry-pick #9081 into v1.81.x (#9102)
c45fae6 Change version to 1.81.1-dev (#9063)
See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the go-dependencies group in /tools with 13 updates: | Package | From | To | | --- | --- | --- | | [cloud.google.com/go/storage](https://github.com/googleapis/google-cloud-go) | `1.62.1` | `1.62.2` | | [github.com/Azure/azure-sdk-for-go/sdk/storage/azblob](https://github.com/Azure/azure-sdk-for-go) | `1.6.4` | `1.7.0` | | [github.com/aws/aws-sdk-go-v2/service/kms](https://github.com/aws/aws-sdk-go-v2) | `1.51.1` | `1.52.0` | | [github.com/docker/cli](https://github.com/docker/cli) | `29.4.3+incompatible` | `29.5.2+incompatible` | | [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) | `5.19.0` | `5.19.1` | | [github.com/go-openapi/runtime](https://github.com/go-openapi/runtime) | `0.29.5` | `0.31.0` | | [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry) | `0.21.5` | `0.21.6` | | [github.com/polydawn/refmt](https://github.com/polydawn/refmt) | `0.89.1-0.20231129105047-37766d95467a` | `0.90.0` | | [github.com/sigstore/sigstore](https://github.com/sigstore/sigstore) | `1.10.5` | `1.10.6` | | [github.com/theupdateframework/go-tuf/v2](https://github.com/theupdateframework/go-tuf) | `2.4.1` | `2.4.2` | | [google.golang.org/api](https://github.com/googleapis/google-api-go-client) | `0.279.0` | `0.280.0` | | [google.golang.org/genproto/googleapis/rpc](https://github.com/googleapis/go-genproto) | `0.0.0-20260427160629-7cedc36a6bc4` | `0.0.0-20260511170946-3700d4141b60` | | [google.golang.org/grpc](https://github.com/grpc/grpc-go) | `1.81.0` | `1.81.1` | Updates `cloud.google.com/go/storage` from 1.62.1 to 1.62.2 - [Release notes](https://github.com/googleapis/google-cloud-go/releases) - [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/CHANGES.md) - [Commits](googleapis/google-cloud-go@storage/v1.62.1...storage/v1.62.2) Updates `github.com/Azure/azure-sdk-for-go/sdk/storage/azblob` from 1.6.4 to 1.7.0 - [Release notes](https://github.com/Azure/azure-sdk-for-go/releases) - [Commits](Azure/azure-sdk-for-go@sdk/storage/azblob/v1.6.4...sdk/azcore/v1.7.0) Updates `github.com/aws/aws-sdk-go-v2/service/kms` from 1.51.1 to 1.52.0 - [Release notes](https://github.com/aws/aws-sdk-go-v2/releases) - [Commits](aws/aws-sdk-go-v2@service/s3/v1.51.1...service/s3/v1.52.0) Updates `github.com/docker/cli` from 29.4.3+incompatible to 29.5.2+incompatible - [Commits](docker/cli@v29.4.3...v29.5.2) Updates `github.com/go-git/go-git/v5` from 5.19.0 to 5.19.1 - [Release notes](https://github.com/go-git/go-git/releases) - [Changelog](https://github.com/go-git/go-git/blob/main/HISTORY.md) - [Commits](go-git/go-git@v5.19.0...v5.19.1) Updates `github.com/go-openapi/runtime` from 0.29.5 to 0.31.0 - [Release notes](https://github.com/go-openapi/runtime/releases) - [Commits](go-openapi/runtime@v0.29.5...v0.31.0) Updates `github.com/google/go-containerregistry` from 0.21.5 to 0.21.6 - [Release notes](https://github.com/google/go-containerregistry/releases) - [Commits](google/go-containerregistry@v0.21.5...v0.21.6) Updates `github.com/polydawn/refmt` from 0.89.1-0.20231129105047-37766d95467a to 0.90.0 - [Release notes](https://github.com/polydawn/refmt/releases) - [Commits](https://github.com/polydawn/refmt/commits/v0.90.0) Updates `github.com/sigstore/sigstore` from 1.10.5 to 1.10.6 - [Release notes](https://github.com/sigstore/sigstore/releases) - [Commits](sigstore/sigstore@v1.10.5...v1.10.6) Updates `github.com/theupdateframework/go-tuf/v2` from 2.4.1 to 2.4.2 - [Release notes](https://github.com/theupdateframework/go-tuf/releases) - [Commits](theupdateframework/go-tuf@v2.4.1...v2.4.2) Updates `google.golang.org/api` from 0.279.0 to 0.280.0 - [Release notes](https://github.com/googleapis/google-api-go-client/releases) - [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md) - [Commits](googleapis/google-api-go-client@v0.279.0...v0.280.0) Updates `google.golang.org/genproto/googleapis/rpc` from 0.0.0-20260427160629-7cedc36a6bc4 to 0.0.0-20260511170946-3700d4141b60 - [Commits](https://github.com/googleapis/go-genproto/commits) Updates `google.golang.org/grpc` from 1.81.0 to 1.81.1 - [Release notes](https://github.com/grpc/grpc-go/releases) - [Commits](grpc/grpc-go@v1.81.0...v1.81.1) --- updated-dependencies: - dependency-name: cloud.google.com/go/storage dependency-version: 1.62.2 dependency-type: indirect update-type: version-update:semver-patch dependency-group: go-dependencies - dependency-name: github.com/Azure/azure-sdk-for-go/sdk/storage/azblob dependency-version: 1.7.0 dependency-type: indirect update-type: version-update:semver-minor dependency-group: go-dependencies - dependency-name: github.com/aws/aws-sdk-go-v2/service/kms dependency-version: 1.52.0 dependency-type: indirect update-type: version-update:semver-minor dependency-group: go-dependencies - dependency-name: github.com/docker/cli dependency-version: 29.5.2+incompatible dependency-type: indirect update-type: version-update:semver-minor dependency-group: go-dependencies - dependency-name: github.com/go-git/go-git/v5 dependency-version: 5.19.1 dependency-type: indirect update-type: version-update:semver-patch dependency-group: go-dependencies - dependency-name: github.com/go-openapi/runtime dependency-version: 0.31.0 dependency-type: indirect update-type: version-update:semver-minor dependency-group: go-dependencies - dependency-name: github.com/google/go-containerregistry dependency-version: 0.21.6 dependency-type: indirect update-type: version-update:semver-patch dependency-group: go-dependencies - dependency-name: github.com/polydawn/refmt dependency-version: 0.90.0 dependency-type: indirect update-type: version-update:semver-minor dependency-group: go-dependencies - dependency-name: github.com/sigstore/sigstore dependency-version: 1.10.6 dependency-type: indirect update-type: version-update:semver-patch dependency-group: go-dependencies - dependency-name: github.com/theupdateframework/go-tuf/v2 dependency-version: 2.4.2 dependency-type: indirect update-type: version-update:semver-patch dependency-group: go-dependencies - dependency-name: google.golang.org/api dependency-version: 0.280.0 dependency-type: indirect update-type: version-update:semver-minor dependency-group: go-dependencies - dependency-name: google.golang.org/genproto/googleapis/rpc dependency-version: 0.0.0-20260511170946-3700d4141b60 dependency-type: indirect update-type: version-update:semver-patch dependency-group: go-dependencies - dependency-name: google.golang.org/grpc dependency-version: 1.81.1 dependency-type: indirect update-type: version-update:semver-patch dependency-group: go-dependencies ... Signed-off-by: dependabot[bot] <support@github.com>

anthony-gomez-fastly · 2026-05-21T14:17:41Z

@dependabot recreate

dependabot · 2026-05-21T14:20:31Z

Looks like these dependencies are updatable in another way, so this is no longer needed.

dependabot Bot added the tools Indicates that a given PR updates the repo tooling. label May 20, 2026

dependabot Bot requested a review from a team as a code owner May 20, 2026 21:31

dependabot Bot requested a review from anthony-gomez-fastly May 20, 2026 21:31

dependabot Bot added the tools Indicates that a given PR updates the repo tooling. label May 20, 2026

github-actions Bot added the Skip-Changelog do not add a changelog entry for this change label May 20, 2026

anthony-gomez-fastly approved these changes May 21, 2026

View reviewed changes

anthony-gomez-fastly enabled auto-merge (squash) May 21, 2026 14:15

dependabot Bot closed this May 21, 2026

auto-merge was automatically disabled May 21, 2026 14:20
Pull request was closed

dependabot Bot deleted the dependabot/go_modules/tools/go-dependencies-c7db0fe05f branch May 21, 2026 14:20

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

build(deps): bump the go-dependencies group in /tools with 13 updates#1798

build(deps): bump the go-dependencies group in /tools with 13 updates#1798
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/go_modules/tools/go-dependencies-c7db0fe05f

dependabot Bot commented on behalf of github May 20, 2026 •

edited

Loading

Uh oh!

anthony-gomez-fastly commented May 21, 2026

Uh oh!

dependabot Bot commented on behalf of github May 21, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Conversation

dependabot Bot commented on behalf of github May 20, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

storage: v1.62.2

v1.62.2 (2026-05-18)

Features

Bug Fixes

sdk/storage/azblob/v1.7.0

1.7.0 (2026-05-14)

Features Added

sdk/storage/azblob/v1.7.0-beta.1

1.7.0-beta.1 (2026-04-23)

Features Added

Bugs Fixed

sdk/storage/azfile/v1.7.0-beta.1

1.7.0-beta.1 (2026-05-05)

Features Added

v5.19.1

What's Changed

v0.31.0

0.31.0 - 2026-05-17

Implemented enhancements

Fixed bugs

Documentation

Code quality

Testing

Miscellaneous tasks

v0.21.6

What's Changed

New Contributors

v0.90.0

What's Changed

New Contributors

v1.10.6

What's Changed

v2.4.2

What's Changed

New Contributors

v0.280.0

0.280.0 (2026-05-19)

Features

0.280.0 (2026-05-19)

Features

Release 1.81.1

Security

Bug Fixes

Uh oh!

anthony-gomez-fastly commented May 21, 2026

Uh oh!

dependabot Bot commented on behalf of github May 21, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

dependabot Bot commented on behalf of github May 20, 2026 •

edited

Loading