chore(deps): bump the go-minor-patch group across 1 directory with 24 updates by dependabot[bot] · Pull Request #98 · securebuildhq/securebuild

dependabot · 2026-05-11T17:52:20Z

Bumps the go-minor-patch group with 16 updates in the / directory:

Package	From	To
chainguard.dev/apko	`1.2.7`	`1.2.12`
chainguard.dev/melange	`0.48.2`	`0.50.6`
cloud.google.com/go/iam	`1.7.0`	`1.11.0`
github.com/Masterminds/semver/v3	`3.4.0`	`3.5.0`
github.com/anchore/clio	`0.0.0-20250715152405-a0fa658e5084`	`0.1.0`
github.com/anchore/grype	`0.110.0`	`0.112.0`
github.com/anthropics/anthropic-sdk-go	`1.30.0`	`1.42.0`
github.com/aws/aws-sdk-go-v2/feature/s3/manager	`1.22.12`	`1.22.18`
github.com/aws/aws-sdk-go-v2/service/ecr	`1.56.2`	`1.57.2`
github.com/go-openapi/strfmt	`0.26.1`	`0.26.2`
github.com/sigstore/cosign/v2	`2.6.2`	`2.6.3`
github.com/testcontainers/testcontainers-go	`0.41.0`	`0.42.0`
github.com/testcontainers/testcontainers-go/modules/minio	`0.41.0`	`0.42.0`
github.com/testcontainers/testcontainers-go/modules/postgres	`0.41.0`	`0.42.0`
go.uber.org/zap	`1.27.1`	`1.28.0`
golang.org/x/crypto	`0.50.0`	`0.51.0`

Updates chainguard.dev/apko from 1.2.7 to 1.2.12

Release notes

Sourced from chainguard.dev/apko's releases.

Release v1.2.12

Changelog

b7931baa8cd8aa1718dcea63208eacebb27148d9 build(deps): bump chainguard-dev/actions from 1.6.17 to 1.6.19 (#2219)

34a75306b40ee67508c6ce6ee34e447dd1454fec fix(ci): harden against template injection and credential exposure (#2217)

Release v1.2.11

Changelog

bfd6776788292e020d8cbee9928f441781af72c0 Tweak solver's same-origin heuristic (#2208)

1564c07a4aa6a714b54c196e25a5c0f55d3a8f9b build(deps): bump chainguard-dev/actions from 1.6.15 to 1.6.17 (#2215)

4700edf9b270a3941512c3e116ea0377aa33fa69 build(deps): bump github.com/klauspost/compress from 1.18.5 to 1.18.6 (#2211)

b593d2c4d2940e227713c026acdb43e6abf93cbd build(deps): bump github/codeql-action from 4.35.2 to 4.35.3 (#2213)

9157b1ab4335afea3c85e62ae5b5a3b02705e83c build(deps): bump google.golang.org/api from 0.276.0 to 0.277.0 (#2212)

0e4728d2007a54b94a0eb415a92018127c69d66f build(deps): bump k8s.io/apimachinery from 0.35.4 to 0.36.0 (#2189)

d81a5d4a622db7c1101b991e3ae596cc5ad5944b build(deps): bump step-security/harden-runner from 2.19.0 to 2.19.1 (#2214)

5644a414d21af5d077c96405f749b878699a3405 retry package fetch+expand on transient errors (#2210)

Release v1.2.10

Changelog

0670f2240b7ef2904739fb8ad12580961cf970fd build(deps): bump go.step.sm/crypto from 0.77.2 to 0.77.9 (#2209)

eebbe627f86c584c3ff9df826411a2b33dca5ca6 build(deps): bump goreleaser/goreleaser-action from 7.1.0 to 7.2.1 (#2207)

Release v1.2.9

Changelog

8d34c756b1acdec0d18c82247f900a54255500f5 apk: verify package data hash against .PKGINFO for completeness (#2206)

312a1507941c846eadc2ff22d1e2e1f7d82bebe7 build(deps): bump chainguard.dev/sdk from 0.1.52 to 0.1.54 (#2199)

5f7949b8716d56dcd3e091e65b1c63c9d0cab776 build(deps): bump github.com/invopop/jsonschema from 0.13.0 to 0.14.0 (#2197)

e7c2fdf0b02a5a23398beb617f6c4682707c0de9 build(deps): bump goreleaser/goreleaser-action from 7.0.0 to 7.1.0 (#2198)

0d06d1ce763f6a13ea7ba63db777aea73f10dc6a chore(zizmor): trigger zizmor on updates to dependabot config [PSEC-871] (#2186)

a7f10d8972fa035714387d9621745397a2f4135c ci: bump golangci-lint to v2.11 and clear new findings (#2205)

8ccb1ed4bb1f847d71dc4accb1f85c18550f405f testdata: refresh apko-discover lock for rotated chainguard key (#2203)

Release v1.2.8

Changelog

beb28670f43ae44cf8a73fa1346acc2e536d789e release: fetch full history for goreleaser changelog (#2192)

Commits

b7931ba build(deps): bump chainguard-dev/actions from 1.6.17 to 1.6.19 (#2219)
34a7530 fix(ci): harden against template injection and credential exposure (#2217)
bfd6776 Tweak solver's same-origin heuristic (#2208)
0e4728d build(deps): bump k8s.io/apimachinery from 0.35.4 to 0.36.0 (#2189)
9157b1a build(deps): bump google.golang.org/api from 0.276.0 to 0.277.0 (#2212)
4700edf build(deps): bump github.com/klauspost/compress from 1.18.5 to 1.18.6 (#2211)
b593d2c build(deps): bump github/codeql-action from 4.35.2 to 4.35.3 (#2213)
d81a5d4 build(deps): bump step-security/harden-runner from 2.19.0 to 2.19.1 (#2214)
1564c07 build(deps): bump chainguard-dev/actions from 1.6.15 to 1.6.17 (#2215)
5644a41 retry package fetch+expand on transient errors (#2210)
Additional commits viewable in compare view

Updates chainguard.dev/melange from 0.48.2 to 0.50.6

Release notes

Sourced from chainguard.dev/melange's releases.

Release v0.50.6

What's Changed

fix(ci): harden against template injection and credential exposure by @stevebeattie in chainguard-dev/melange#2514

linter: validate cfg.Package.Version against path traversal in saveLintResults by @antitree in chainguard-dev/melange#2515

build(deps): bump github.com/chainguard-dev/yam from 0.2.57 to 0.2.58 in the gomod group across 1 directory by @dependabot[bot] in chainguard-dev/melange#2516

Add linter to complain about shipping libtool linker files. by @smoser in chainguard-dev/melange#2520

Full Changelog: chainguard-dev/melange@v0.50.5...v0.50.6

Release v0.50.5

What's Changed

chore(workflows): add tcp.dl.google.com allowed endpoint by @stevebeattie in chainguard-dev/melange#2509

build(deps): bump the gomod group with 3 updates by @dependabot[bot] in chainguard-dev/melange#2510

Full Changelog: chainguard-dev/melange@v0.50.4...v0.50.5

Release v0.50.4

What's Changed

Bump apko to v1.2.9 by @codysoyland in chainguard-dev/melange#2506

build(deps): bump the gomod group across 1 directory with 4 updates by @dependabot[bot] in chainguard-dev/melange#2507

build(deps): bump the actions group across 1 directory with 2 updates by @dependabot[bot] in chainguard-dev/melange#2505

Full Changelog: chainguard-dev/melange@v0.50.3...v0.50.4

Release v0.50.3

What's Changed

Update apko to 1.2.7 to pick up bug fixes by @codysoyland in chainguard-dev/melange#2499

New Contributors

@codysoyland made their first contribution in chainguard-dev/melange#2499

Full Changelog: chainguard-dev/melange@v0.50.2...v0.50.3

Release v0.50.2

What's Changed

build(deps): bump github.com/go-git/go-git/v5 from 5.17.2 to 5.18.0 by @dependabot[bot] in chainguard-dev/melange#2490

build(deps): bump the actions group with 2 updates by @dependabot[bot] in chainguard-dev/melange#2493

Bump apko to v1.2.6 by @markusthoemmes in chainguard-dev/melange#2495

Full Changelog: chainguard-dev/melange@v0.50.1...v0.50.2

Release v0.50.1

What's Changed

fix(qemu): fix CPU/Memory resource precedence by @egibs in chainguard-dev/melange#2489

... (truncated)

Commits

02f6591 Add linter to complain about shipping libtool linker files. (#2520)
d3ba2e5 build(deps): bump github.com/chainguard-dev/yam from 0.2.57 to 0.2.58 in the ...
2f47547 linter: validate cfg.Package.Version against path traversal in saveLintResult...
04312dd fix(ci): harden against template injection and credential exposure (#2514)
e04248b build(deps): bump the gomod group with 3 updates (#2510)
ec29706 chore(workflows): add tcp.dl.google.com allowed endpoint (#2509)
2582b68 build(deps): bump the actions group across 1 directory with 2 updates (#2505)
d892f07 build(deps): bump the gomod group across 1 directory with 4 updates (#2507)
9852e87 Bump apko to v1.2.9 (#2506)
79c8d06 Update apko to 1.2.7 to pick up bug fixes (#2499)
Additional commits viewable in compare view

Updates cloud.google.com/go/iam from 1.7.0 to 1.11.0

Release notes

Sourced from cloud.google.com/go/iam's releases.

shopping: v1.11.0

v1.11.0 (2026-05-07)

support: v1.10.0

v1.10.0 (2026-05-07)

securesourcemanager: v1.9.0

v1.9.0 (2026-05-07)

vmwareengine: v1.8.0

v1.8.0 (2026-05-07)

Changelog

Sourced from cloud.google.com/go/iam's changelog.

1.7.0 (2023-01-31)

Features

documentai: Add REST client (06a54a1)

documentai: Added advanced_ocr_options field in OcrConfig (45c70e3)

documentai: Added field_mask field in DocumentOutputConfig.GcsOutputConfig in document_io.proto (2a0b1ae)

documentai: Added font_family to document.proto feat: added ImageQualityScores message to document.proto feat: added PropertyMetadata and EntityTypeMetadata to document_schema.proto (9c5d6c8)

documentai: Added TrainProcessorVersion, EvaluateProcessorVersion, GetEvaluation, and ListEvaluations v1beta3 APIs feat: added evaluation.proto feat: added document_schema field in ProcessorVersion processor.proto feat: added image_quality_scores field in Document.Page in document.proto feat: added font_family field in Document.Style in document.proto (ac0c5c2)

documentai: Exposed GetProcessorType to v1 (447afdd)

documentai: Exposed GetProcessorType to v1beta3 (447afdd)

documentai: Rewrite signatures in terms of new location (3c4b2b3)

documentai: Rewrite signatures in terms of new types for betas (9f303f9)

documentai: Start generating proto message types (563f546)

documentai: Start generating stubs dir (de2d180)

1.6.0 (2023-01-26)

Features

documentai/apiv1beta3: Add REST transport (f7b0822)

documentai: Add REST client (06a54a1)

documentai: Added field_mask field in DocumentOutputConfig.GcsOutputConfig in document_io.proto (2a0b1ae)

documentai: Added font_family to document.proto feat: added ImageQualityScores message to document.proto feat: added PropertyMetadata and EntityTypeMetadata to document_schema.proto (9c5d6c8)

documentai: Added TrainProcessorVersion, EvaluateProcessorVersion, GetEvaluation, and ListEvaluations v1beta3 APIs feat: added evaluation.proto feat: added document_schema field in ProcessorVersion processor.proto feat: added image_quality_scores field in Document.Page in document.proto feat: added font_family field in Document.Style in document.proto (ac0c5c2)

documentai: Exposed GetProcessorType to v1 (447afdd)

documentai: Exposed GetProcessorType to v1beta3 (447afdd)

documentai: Rewrite signatures in terms of new location (3c4b2b3)

documentai: Rewrite signatures in terms of new types for betas (9f303f9)

documentai: Start generating proto message types (563f546)

documentai: Start generating stubs dir (de2d180)

1.5.0 (2023-01-26)

⚠ BREAKING CHANGES

documentai: Changed the name field for ProcessRequest and BatchProcessorRequest to accept * so the name field can accept Processor and ProcessorVersion.

Features

documentai/apiv1beta3: Add REST transport (f7b0822)

documentai: Add REST client (06a54a1)

documentai: Added field_mask field in DocumentOutputConfig.GcsOutputConfig in document_io.proto (2a0b1ae)

documentai: Added field_mask to ProcessRequest object in document_processor_service.proto feat: Added parent_ids to Revision object in document.proto feat: Added integer_values, float_values and non_present to Entity object in document.proto feat: Added corrected_key_text, correct_value_text to FormField object in document.proto feat: Added OperationMetadata resource feat!: Added Processor Management and Processor Version support to v1 library (370e23e)

documentai: Added font_family to document.proto feat: added ImageQualityScores message to document.proto feat: added PropertyMetadata and EntityTypeMetadata to document_schema.proto (9c5d6c8)

documentai: Added TrainProcessorVersion, EvaluateProcessorVersion, GetEvaluation, and ListEvaluations v1beta3 APIs feat: added evaluation.proto feat: added document_schema field in ProcessorVersion processor.proto feat: added image_quality_scores field in Document.Page in document.proto feat: added font_family field in Document.Style in document.proto (ac0c5c2)

documentai: Exposed GetProcessorType to v1 (447afdd)

... (truncated)

Commits

6e77611 chore: release main (#8936)
34103cb feat(redis): new client(s) (#8948)
4d40180 docs(batch): update default max parallel tasks per job (#8940)
1a2f20c chore(redis/cluster): add config to generate apiv1 (#8947)
43bc0f7 chore(main): release storage 1.34.0 (#8620)
21ec815 fix(pubsub): set x-goog-request-params for streaming pull request (#8753)
fe1e195 feat(storage): support autoclass v2.1 (#8721)
3053c79 build(ai/generativelanguage): include gRPC service config in BUILD.bazel file...
6e20312 chore(profiler): upgrade go version used in kokoro integration test to fix bu...
ffb0dda feat(spanner): add PG.OID type cod annotation (#8749)
Additional commits viewable in compare view

Updates github.com/Masterminds/semver/v3 from 3.4.0 to 3.5.0

Release notes

Sourced from github.com/Masterminds/semver/v3's releases.

v3.5.0

What's Changed

Adding more prerelease tests by @mattfarina in Masterminds/semver#273

Update constraint error messages by @mattfarina in Masterminds/semver#278

Fix edge cases by @mattfarina in Masterminds/semver#279

Adding some checks in by @mattfarina in Masterminds/semver#280

Updating deps by @mattfarina in Masterminds/semver#281

Bump github/codeql-action from 4.35.1 to 4.35.2 by @dependabot[bot] in Masterminds/semver#282

Bump actions/cache from 4.2.3 to 5.0.5 by @dependabot[bot] in Masterminds/semver#283

Bump golangci/golangci-lint-action from 7.0.1 to 9.2.0 by @dependabot[bot] in Masterminds/semver#284

Updating gitignore for devcontainers by @mattfarina in Masterminds/semver#286

Fixing some quality issues by @mattfarina in Masterminds/semver#287

New Contributors

@dependabot[bot] made their first contribution in Masterminds/semver#282

Full Changelog: Masterminds/semver@v3.4.0...v3.5.0

Changelog

Sourced from github.com/Masterminds/semver/v3's changelog.

Changelog

Commits

8b89c86 Merge pull request #287 from mattfarina/fix-da-issues
29d51d0 Fixing some quality issues
87f651d Merge pull request #286 from mattfarina/update-devcontainer
158a685 Updating gitignore for devcontainers
7e83c08 Merge pull request #284 from Masterminds/dependabot/github_actions/golangci/g...
697e27f Merge pull request #283 from Masterminds/dependabot/github_actions/actions/ca...
1591f8e Merge pull request #282 from Masterminds/dependabot/github_actions/github/cod...
3f5ff17 Bump golangci/golangci-lint-action from 7.0.1 to 9.2.0
04baa33 Bump actions/cache from 4.2.3 to 5.0.5
45939fe Bump github/codeql-action from 4.35.1 to 4.35.2
Additional commits viewable in compare view

Updates github.com/anchore/clio from 0.0.0-20250715152405-a0fa658e5084 to 0.1.0

Release notes

Sourced from github.com/anchore/clio's releases.

v0.1.0

Initial release 🎉

Commits

See full diff in compare view

Updates github.com/anchore/grype from 0.110.0 to 0.112.0

Release notes

Sourced from github.com/anchore/grype's releases.

v0.112.0

Added Features

Expand ignore rules to owned sub packages of distro packages [#3368 #3326 @kzantow]

Additional Changes

update anchore dependencies [#3391 @anchore-oss-update-bot]

(Full Changelog)

v0.111.1

Bug Fixes

apply overlap by ownership removal to dynamically created relationships [#3363 @kzantow]

compare mismatched package / db versions [#3372 @kzantow]

Grype doesn't recognize debian component when "group" : "debian" is specified [#2967]

HelpURI missing information in SARIF output [#2874 #3351 @will-bates11]

(Full Changelog)

v0.111.0

Added Features

db diff for v6 [#3277 @kzantow]

add ProvideFromReader for in-memory SBOM processing [#3344 @jspilman]

match on hummingbird [#3331 @willmurphyscode]

CSAF vex transformer [#3349 @willmurphyscode]

curated mapping of known CPE to grype package specifiers [#3332 @westonsteimel]

templates/html.tmpl - Add Grype version and vulnerability DB version [#2877 #3345 @kenvez]

Bug Fixes

normalise version constraint types in v6 db [#3328 @westonsteimel]

set alpm ecosystem for Arch Linux packages [#3324 @westonsteimel]

spec-compliant CPE string formatting for db search commands [#3308 @westonsteimel]

Update APK NAK handling to be based on ownership-by-file-overlap relationship [#3267 #3286 @kzantow]

Wrong version output [#3306]

Additional Changes

update anchore dependencies [#3321 @anchore-oss-update-bot]

update tool versions [#3319 @anchore-oss-update-bot]

(Full Changelog)

Commits

244f2a1 chore(deps): update anchore dependencies (#3391)
d646a93 feat: ignore known not-vulnerable records across related packages (#3326)
d11ee91 chore(units): use in-process CDX and Sarif validation (#3402)
6d0b66c Add DB test harness (#3284)
8981927 chore(deps): update anchore dependencies (#3387)
1d73349 restore go version to 1.25.8 (#3386)
d47248b chore(deps): update anchore dependencies (#3383)
8f43856 chore(deps): update quality gate database (#3338)
6a2eebe chore(deps): update anchore dependencies (#3381)
7f42c1e chore(deps): update Go version (#3382)
Additional commits viewable in compare view

Updates github.com/anchore/stereoscope from 0.1.22 to 0.1.23

Release notes

Sourced from github.com/anchore/stereoscope's releases.

v0.1.23

Dependency Updates

restore minimum go version to 1.25.6 [#576 @wagoodman]

update anchore dependencies [#562 @anchore-oss-update-bot]

migrate to github.com/pelletier/go-toml/v2 [#574 @thaJeztah]

bump github.com/google/go-containerregistry from 0.21.2 to 0.21.5 [#558 @dependabot]

bump actions/cache from 5.0.3 to 5.0.4 [#568 @dependabot]

bump github.com/containerd/platforms from 1.0.0-rc.2 to 1.0.0-rc.4 [#571 @dependabot]

bump actions/cache from 5.0.3 to 5.0.4 in /.github/actions/bootstrap [#555 @dependabot]

bump actions/setup-go from 6.3.0 to 6.4.0 in /.github/actions/bootstrap [#563 @dependabot]

bump github.com/gkampitakis/go-snaps from 0.5.20 to 0.5.21 [#559 @dependabot]

bump actions/cache from 5.0.3 to 5.0.4 in /.github/workflows [#556 @dependabot]

bump slackapi/slack-github-action from 2.1.1 to 3.0.1 in /.github/workflows [#551 @dependabot]

bump github.com/containerd/containerd/v2 from 2.2.1 to 2.2.2 [#549 @dependabot]

bump golang.org/x/crypto from 0.48.0 to 0.49.0 [#550 @dependabot]

(Full Changelog)

Commits

c6e16e2 chore(internal/podman): migrate to github.com/pelletier/go-toml/v2 (#574)
1430c6a chore(deps): bump github.com/google/go-containerregistry (#558)
d32601d chore(deps): update anchore dependencies (#562)
689583e chore(deps): bump actions/cache from 5.0.3 to 5.0.4 (#568)
1f61e88 chore(deps): bump github.com/containerd/platforms (#571)
03ea466 chore(deps): bump actions/cache in /.github/actions/bootstrap (#555)
664d199 chore(deps): bump actions/setup-go in /.github/actions/bootstrap (#563)
965f4ca chore(deps): bump github.com/gkampitakis/go-snaps from 0.5.20 to 0.5.21 (#559)
339b8ca chore(deps): bump actions/cache in /.github/workflows (#556)
684f9f6 chore(deps): bump slackapi/slack-github-action in /.github/workflows (#551)
Additional commits viewable in compare view

Updates github.com/anchore/syft from 1.42.3 to 1.44.0

Release notes

Sourced from github.com/anchore/syft's releases.

v1.44.0

Added Features

Add support for linux-riscv64 [#4757 @luhenry]

Bug Fixes

Yarn lockfile cataloguing does not handle aliases [#4833 #4836 @cyphercodes]

Some snippet files are saved in the previous test directory [#4829 #4830 @witchcraze]

empty rockspec causes index out of range [#4824 #4827 @aki1770-del]

PE cataloger shows asp.net core ref assemblies using fileversion build stamp instead of productversion [#4813 #4814 @rezmoss]

Syft safeCopy silently swallows archive decompression errors [#4806 #4807 @SAY-5]

(Full Changelog)

v1.43.0

Added Features

added deno bin classifiers [#4677 @rezmoss]

Support haskell old versions [#3237 #4793 @witchcraze]

Add support for OpenLDAP binary detection [#4768 #4755 @nadimz]

Support erlang ols versions [#3235 #4766 @witchcraze]

Bug Fixes

improve redhat-release parsing fallback for RHEL clones [#4808 @westonsteimel]

fix format string in search results struct [#4775 @willmurphyscode]

prevent infinite recursion in Document.UnmarshalJSON with encoding/json/v2 [#4748 @benja-M-1]

Syft can not complete scanning golang image [#4686]

javascript-package-cataloger drops entire package.json when authors/contributors/maintainers is a single string [#4778 #4779 @yoav-orca]

pnpm lock file cataloger produces unstable output [#4648 #4765 @lawrence3699]

Linux Kernel bzImage and zImage not cataloged by linux-kernel-cataloger [#4769 #4751 @nadimz]

Support istio binary (pilot-discovery, pilot-agent) alpha,beta,rc,dev version [#4546 #4645 @witchcraze]

Scanning mounted ISO: duplicate entries [#4759]

Additional Changes

update CPE dictionary index [#4767 @anchore-oss-update-bot]

(Full Changelog)

v1.42.4

Bug Fixes

Similar Packages Should Be Aggregated [#1162]

Support arangodb binary recent version [#4571 #4662 @witchcraze]

Support go binary various versions [#4687 #4694 @kzantow]

Additional Changes

... (truncated)

Commits

8cb78ce fix: resolve yarn lock aliases to source package (#4836)
3b046b3 chore: move snippet files from test-fixtures to testdata (#4830)
05cc8ee Add support for linux-riscv64 (#4757)
3562dab fix(lua-rockspec): handle empty and whitespace-only rockspec files gracefully...
014a4c9 chore: tidy go.mod (#4823)
3cb838e fixed pe dotnet wrong ver , fixed #4813 (#4814)
758324b fix: propagate non-EOF errors out of safeCopy (#4807)
390cf6c chore(deps): update anchore dependencies (#4797)
4393654 Chore fix sync bump (#4809)
d179724 fix: improve redhat-release parsing fallback for RHEL clones (#4808)
Additional commits viewable in compare view

Updates github.com/anthropics/anthropic-sdk-go from 1.30.0 to 1.42.0

Release notes

Sourced from github.com/anthropics/anthropic-sdk-go's releases.

v1.42.0

1.42.0 (2026-05-11)

Full Changelog: v1.41.0...v1.42.0

Features

aws: Add AWS client for Claude Platform on AWS (596baf4)

Bug Fixes

examples: update examples dependencies (e832b79)

go: avoid panic when http.DefaultTransport is wrapped (6b75bef)

Chores

client: update dependency checksums (64c1d95)

go mod tidy (#816) (09b5f9c)

internal: codegen related update (6e83495)

internal: codegen related update (34d1379)

internal: codegen related update (c068475)

redact api-key headers in debug logs (46a074f)

redact api-key headers in debug logs (1fe2ebb)

v1.41.0

1.41.0 (2026-05-06)

Full Changelog: v1.40.0...v1.41.0

Features

api: add support for Managed Agents multiagents and outcomes, webhooks, vault validation (33762b0)

mcp: add mcp tool helpers (#752) (4edf9f5)

Bug Fixes

api: Adjust webhook configuration (8b2f194)

v1.40.0

1.40.0 (2026-05-05)

Full Changelog: v1.39.0...v1.40.0

Features

client: allow targeting a workspace for OIDC federation token exchange (6bf66ac)

... (truncated)

Changelog

Sourced from github.com/anthropics/anthropic-sdk-go's changelog.

1.42.0 (2026-05-11)

Full Changelog: v1.41.0...v1.42.0

Features

aws: Add AWS client for Claude Platform on AWS (596baf4)

Bug Fixes

examples: update examples dependencies (e832b79)

go: avoid panic when http.DefaultTransport is wrapped (6b75bef)

Chores

client: update dependency checksums (64c1d95)

go mod tidy (#816) (09b5f9c)

internal: codegen related update (6e83495)

internal: codegen related update (34d1379)

internal: codegen related update (c068475)

redact api-key headers in debug logs (46a074f)

redact api-key headers in debug logs (1fe2ebb)

1.41.0 (2026-05-06)

Full Changelog: v1.40.0...v1.41.0

Features

api: add support for Managed Agents multiagents and outcomes, webhooks, vault validation (33762b0)

mcp: add mcp tool helpers (#752) (4edf9f5)

Bug Fixes

api: Adjust webhook configuration (8b2f194)

1.40.0 (2026-05-05)

Full Changelog: v1.39.0...v1.40.0

Features

client: allow targeting a workspace for OIDC federation token exchange (6bf66ac)

1.39.0 (2026-05-04)

Full Changelog:

dependabot · 2026-05-11T17:52:21Z

Labels

The following labels could not be found: dependencies, go, securebuild-worker. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

… updates Bumps the go-minor-patch group with 16 updates in the / directory: | Package | From | To | | --- | --- | --- | | [chainguard.dev/apko](https://github.com/chainguard-dev/apko) | `1.2.7` | `1.2.12` | | [chainguard.dev/melange](https://github.com/chainguard-dev/melange) | `0.48.2` | `0.50.6` | | [cloud.google.com/go/iam](https://github.com/googleapis/google-cloud-go) | `1.7.0` | `1.11.0` | | [github.com/Masterminds/semver/v3](https://github.com/Masterminds/semver) | `3.4.0` | `3.5.0` | | [github.com/anchore/clio](https://github.com/anchore/clio) | `0.0.0-20250715152405-a0fa658e5084` | `0.1.0` | | [github.com/anchore/grype](https://github.com/anchore/grype) | `0.110.0` | `0.112.0` | | [github.com/anthropics/anthropic-sdk-go](https://github.com/anthropics/anthropic-sdk-go) | `1.30.0` | `1.42.0` | | [github.com/aws/aws-sdk-go-v2/feature/s3/manager](https://github.com/aws/aws-sdk-go-v2) | `1.22.12` | `1.22.18` | | [github.com/aws/aws-sdk-go-v2/service/ecr](https://github.com/aws/aws-sdk-go-v2) | `1.56.2` | `1.57.2` | | [github.com/go-openapi/strfmt](https://github.com/go-openapi/strfmt) | `0.26.1` | `0.26.2` | | [github.com/sigstore/cosign/v2](https://github.com/sigstore/cosign) | `2.6.2` | `2.6.3` | | [github.com/testcontainers/testcontainers-go](https://github.com/testcontainers/testcontainers-go) | `0.41.0` | `0.42.0` | | [github.com/testcontainers/testcontainers-go/modules/minio](https://github.com/testcontainers/testcontainers-go) | `0.41.0` | `0.42.0` | | [github.com/testcontainers/testcontainers-go/modules/postgres](https://github.com/testcontainers/testcontainers-go) | `0.41.0` | `0.42.0` | | [go.uber.org/zap](https://github.com/uber-go/zap) | `1.27.1` | `1.28.0` | | [golang.org/x/crypto](https://github.com/golang/crypto) | `0.50.0` | `0.51.0` | Updates `chainguard.dev/apko` from 1.2.7 to 1.2.12 - [Release notes](https://github.com/chainguard-dev/apko/releases) - [Changelog](https://github.com/chainguard-dev/apko/blob/main/NEWS.md) - [Commits](chainguard-dev/apko@v1.2.7...v1.2.12) Updates `chainguard.dev/melange` from 0.48.2 to 0.50.6 - [Release notes](https://github.com/chainguard-dev/melange/releases) - [Changelog](https://github.com/chainguard-dev/melange/blob/main/NEWS.md) - [Commits](chainguard-dev/melange@v0.48.2...v0.50.6) Updates `cloud.google.com/go/iam` from 1.7.0 to 1.11.0 - [Release notes](https://github.com/googleapis/google-cloud-go/releases) - [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/documentai/CHANGES.md) - [Commits](googleapis/google-cloud-go@iam/v1.7.0...dlp/v1.11.0) Updates `github.com/Masterminds/semver/v3` from 3.4.0 to 3.5.0 - [Release notes](https://github.com/Masterminds/semver/releases) - [Changelog](https://github.com/Masterminds/semver/blob/master/CHANGELOG.md) - [Commits](Masterminds/semver@v3.4.0...v3.5.0) Updates `github.com/anchore/clio` from 0.0.0-20250715152405-a0fa658e5084 to 0.1.0 - [Release notes](https://github.com/anchore/clio/releases) - [Commits](https://github.com/anchore/clio/commits/v0.1.0) Updates `github.com/anchore/grype` from 0.110.0 to 0.112.0 - [Release notes](https://github.com/anchore/grype/releases) - [Changelog](https://github.com/anchore/grype/blob/main/RELEASE.md) - [Commits](anchore/grype@v0.110.0...v0.112.0) Updates `github.com/anchore/stereoscope` from 0.1.22 to 0.1.23 - [Release notes](https://github.com/anchore/stereoscope/releases) - [Changelog](https://github.com/anchore/stereoscope/blob/main/RELEASE.md) - [Commits](anchore/stereoscope@v0.1.22...v0.1.23) Updates `github.com/anchore/syft` from 1.42.3 to 1.44.0 - [Release notes](https://github.com/anchore/syft/releases) - [Changelog](https://github.com/anchore/syft/blob/main/RELEASE.md) - [Commits](anchore/syft@v1.42.3...v1.44.0) Updates `github.com/anthropics/anthropic-sdk-go` from 1.30.0 to 1.42.0 - [Release notes](https://github.com/anthropics/anthropic-sdk-go/releases) - [Changelog](https://github.com/anthropics/anthropic-sdk-go/blob/main/CHANGELOG.md) - [Commits](anthropics/anthropic-sdk-go@v1.30.0...v1.42.0) Updates `github.com/aws/aws-sdk-go-v2` from 1.41.5 to 1.41.6 - [Release notes](https://github.com/aws/aws-sdk-go-v2/releases) - [Commits](aws/aws-sdk-go-v2@v1.41.5...v1.41.6) Updates `github.com/aws/aws-sdk-go-v2/config` from 1.32.14 to 1.32.16 - [Release notes](https://github.com/aws/aws-sdk-go-v2/releases) - [Commits](aws/aws-sdk-go-v2@config/v1.32.14...config/v1.32.16) Updates `github.com/aws/aws-sdk-go-v2/credentials` from 1.19.14 to 1.19.15 - [Release notes](https://github.com/aws/aws-sdk-go-v2/releases) - [Commits](aws/aws-sdk-go-v2@credentials/v1.19.14...credentials/v1.19.15) Updates `github.com/aws/aws-sdk-go-v2/feature/s3/manager` from 1.22.12 to 1.22.18 - [Release notes](https://github.com/aws/aws-sdk-go-v2/releases) - [Commits](aws/aws-sdk-go-v2@service/mq/v1.22.12...feature/s3/manager/v1.22.18) Updates `github.com/aws/aws-sdk-go-v2/service/ecr` from 1.56.2 to 1.57.2 - [Release notes](https://github.com/aws/aws-sdk-go-v2/releases) - [Commits](aws/aws-sdk-go-v2@service/ssm/v1.56.2...service/ssm/v1.57.2) Updates `github.com/aws/aws-sdk-go-v2/service/s3` from 1.98.0 to 1.101.0 - [Release notes](https://github.com/aws/aws-sdk-go-v2/releases) - [Commits](aws/aws-sdk-go-v2@service/s3/v1.98.0...service/s3/v1.101.0) Updates `github.com/go-openapi/strfmt` from 0.26.1 to 0.26.2 - [Release notes](https://github.com/go-openapi/strfmt/releases) - [Commits](go-openapi/strfmt@v0.26.1...v0.26.2) Updates `github.com/sigstore/cosign/v2` from 2.6.2 to 2.6.3 - [Release notes](https://github.com/sigstore/cosign/releases) - [Changelog](https://github.com/sigstore/cosign/blob/main/CHANGELOG.md) - [Commits](sigstore/cosign@v2.6.2...v2.6.3) Updates `github.com/testcontainers/testcontainers-go` from 0.41.0 to 0.42.0 - [Release notes](https://github.com/testcontainers/testcontainers-go/releases) - [Commits](testcontainers/testcontainers-go@v0.41.0...v0.42.0) Updates `github.com/testcontainers/testcontainers-go/modules/minio` from 0.41.0 to 0.42.0 - [Release notes](https://github.com/testcontainers/testcontainers-go/releases) - [Commits](testcontainers/testcontainers-go@v0.41.0...v0.42.0) Updates `github.com/testcontainers/testcontainers-go/modules/postgres` from 0.41.0 to 0.42.0 - [Release notes](https://github.com/testcontainers/testcontainers-go/releases) - [Commits](testcontainers/testcontainers-go@v0.41.0...v0.42.0) Updates `go.uber.org/zap` from 1.27.1 to 1.28.0 - [Release notes](https://github.com/uber-go/zap/releases) - [Changelog](https://github.com/uber-go/zap/blob/master/CHANGELOG.md) - [Commits](uber-go/zap@v1.27.1...v1.28.0) Updates `golang.org/x/crypto` from 0.50.0 to 0.51.0 - [Commits](golang/crypto@v0.50.0...v0.51.0) Updates `google.golang.org/api` from 0.276.0 to 0.277.0 - [Release notes](https://github.com/googleapis/google-api-go-client/releases) - [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md) - [Commits](googleapis/google-api-go-client@v0.276.0...v0.277.0) Updates `google.golang.org/protobuf` from 1.36.11 to 1.36.12-0.20260120151049-f2248ac996af --- updated-dependencies: - dependency-name: chainguard.dev/apko dependency-version: 1.2.12 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go-minor-patch - dependency-name: chainguard.dev/melange dependency-version: 0.50.6 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-minor-patch - dependency-name: cloud.google.com/go/iam dependency-version: 1.11.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-minor-patch - dependency-name: github.com/anchore/clio dependency-version: 0.1.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-minor-patch - dependency-name: github.com/anchore/grype dependency-version: 0.112.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-minor-patch - dependency-name: github.com/anchore/stereoscope dependency-version: 0.1.23 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go-minor-patch - dependency-name: github.com/anchore/syft dependency-version: 1.44.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-minor-patch - dependency-name: github.com/anthropics/anthropic-sdk-go dependency-version: 1.42.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-minor-patch - dependency-name: github.com/aws/aws-sdk-go-v2 dependency-version: 1.41.6 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go-minor-patch - dependency-name: github.com/aws/aws-sdk-go-v2/config dependency-version: 1.32.16 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go-minor-patch - dependency-name: github.com/aws/aws-sdk-go-v2/credentials dependency-version: 1.19.15 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go-minor-patch - dependency-name: github.com/aws/aws-sdk-go-v2/feature/s3/manager dependency-version: 1.22.18 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go-minor-patch - dependency-name: github.com/aws/aws-sdk-go-v2/service/ecr dependency-version: 1.57.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-minor-patch - dependency-name: github.com/aws/aws-sdk-go-v2/service/s3 dependency-version: 1.101.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-minor-patch - dependency-name: github.com/go-openapi/strfmt dependency-version: 0.26.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go-minor-patch - dependency-name: github.com/Masterminds/semver/v3 dependency-version: 3.5.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-minor-patch - dependency-name: github.com/sigstore/cosign/v2 dependency-version: 2.6.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go-minor-patch - dependency-name: github.com/testcontainers/testcontainers-go dependency-version: 0.42.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-minor-patch - dependency-name: github.com/testcontainers/testcontainers-go/modules/minio dependency-version: 0.42.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-minor-patch - dependency-name: github.com/testcontainers/testcontainers-go/modules/postgres dependency-version: 0.42.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-minor-patch - dependency-name: go.uber.org/zap dependency-version: 1.28.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-minor-patch - dependency-name: golang.org/x/crypto dependency-version: 0.51.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-minor-patch - dependency-name: google.golang.org/api dependency-version: 0.277.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-minor-patch - dependency-name: google.golang.org/protobuf dependency-version: 1.36.12-0.20260120151049-f2248ac996af dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go-minor-patch ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot Bot requested a review from a team as a code owner May 11, 2026 17:52

dependabot Bot force-pushed the dependabot/go_modules/go-minor-patch-80aa01df1e branch from 167fd18 to 4678d0a Compare May 11, 2026 23:55

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): bump the go-minor-patch group across 1 directory with 24 updates#98

chore(deps): bump the go-minor-patch group across 1 directory with 24 updates#98
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/go_modules/go-minor-patch-80aa01df1e

dependabot Bot commented on behalf of github May 11, 2026 •

edited

Loading

Uh oh!

dependabot Bot commented on behalf of github May 11, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot Bot commented on behalf of github May 11, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Release v1.2.12

Changelog

Release v1.2.11

Changelog

Release v1.2.10

Changelog

Release v1.2.9

Changelog

Release v1.2.8

Changelog

Release v0.50.6

What's Changed

Release v0.50.5

What's Changed

Release v0.50.4

What's Changed

Release v0.50.3

What's Changed

New Contributors

Release v0.50.2

What's Changed

Release v0.50.1

What's Changed

shopping: v1.11.0

v1.11.0 (2026-05-07)

support: v1.10.0

v1.10.0 (2026-05-07)

securesourcemanager: v1.9.0

v1.9.0 (2026-05-07)

vmwareengine: v1.8.0

v1.8.0 (2026-05-07)

1.7.0 (2023-01-31)

Features

1.6.0 (2023-01-26)

Features

1.5.0 (2023-01-26)

⚠ BREAKING CHANGES

Features

v3.5.0

What's Changed

New Contributors

Changelog

v0.1.0

v0.112.0

Added Features

Additional Changes

v0.111.1

Bug Fixes

v0.111.0

Added Features

Bug Fixes

Additional Changes

v0.1.23

Dependency Updates

v1.44.0

Added Features

Bug Fixes

v1.43.0

Added Features

Bug Fixes

Additional Changes

v1.42.4

Bug Fixes

Additional Changes

v1.42.0

1.42.0 (2026-05-11)

Features

Bug Fixes

Chores

v1.41.0

1.41.0 (2026-05-06)

Features

Bug Fixes

v1.40.0

1.40.0 (2026-05-05)

Features

1.42.0 (2026-05-11)

dependabot Bot commented on behalf of github May 11, 2026 •

edited

Loading