chore(deps): bump the common group across 1 directory with 19 updates

[dependabot]

Bumps the common group with 18 updates in the / directory:

Package	From	To
github.com/BurntSushi/toml	1.5.0	1.6.0
github.com/GoogleCloudPlatform/docker-credential-gcr/v2	2.1.30	2.1.31
github.com/bmatcuk/doublestar/v4	4.9.1	4.9.2
github.com/containerd/containerd/v2	2.2.0	2.2.1
github.com/gocsaf/csaf/v3	3.5.0	3.5.1
github.com/hashicorp/go-getter	1.8.3	1.8.4
github.com/open-policy-agent/opa	1.11.0	1.12.2
github.com/secure-systems-lab/go-securesystemslib	0.9.1	0.10.0
github.com/spdx/tools-golang	0.5.5	0.5.7
github.com/tetratelabs/wazero	1.10.1	1.11.0
github.com/zclconf/go-cty-yaml	1.1.0	1.2.0
golang.org/x/mod	0.31.0	0.32.0
golang.org/x/term	0.38.0	0.39.0
golang.org/x/text	0.32.0	0.33.0
helm.sh/helm/v3	3.19.2	3.19.4
modernc.org/sqlite	1.40.1	1.43.0
github.com/nikolalohinski/gonja/v2	2.4.2	2.5.1

Updates github.com/BurntSushi/toml from 1.5.0 to 1.6.0

Release notes

Sourced from github.com/BurntSushi/toml's releases.

v1.6.0

TOML 1.1 is now enabled by default. The TOML changelog has an overview of changes: https://github.com/toml-lang/toml/blob/main/CHANGELOG.md

Also two small fixes:

• Encode large floats as exponent syntax so that round-tripping things like 5e+22 is correct.

• Using duplicate array keys would not give an error:

  arr = [1]
  arr = [2]
  

  This will now correctly give a "Key 'arr' has already been defined" error.

Commits

• 5253492 Enable TOML 1.1 by default (#457)
• e954445 Reject duplicate arrays (#455)
• 6b16cbd Update toml-test test cases from upstream (#456)
• 011fa2b Ensure constant format strings in wf calls
• 4b439bf Remove itemNil
• a473c12 Add test for out of range float64
• b535ff8 Add some boring tests for lex.go
• 6011ef0 Remove unreachable condition in lexTableNameStart
• c8ca9e6 Remove unreachable condition
• 1121f81 Make tomlv read from stdin
• Additional commits viewable in compare view

Updates github.com/GoogleCloudPlatform/docker-credential-gcr/v2 from 2.1.30 to 2.1.31

Release notes

Sourced from github.com/GoogleCloudPlatform/docker-credential-gcr/v2's releases.

v2.1.31

What's Changed

• Update version string tests to match version format by @​Subserial in GoogleCloudPlatform/docker-credential-gcr#185
• Bump github.com/sirupsen/logrus from 1.8.1 to 1.8.3 by @​dependabot[bot] in GoogleCloudPlatform/docker-credential-gcr#184

Full Changelog: GoogleCloudPlatform/docker-credential-gcr@v2.1.30...v2.1.31

Commits

• 96df16c Bump github.com/sirupsen/logrus from 1.8.1 to 1.8.3 (#184)
• e6984d0 Update version string tests to match version format (#185)
• See full diff in compare view

Updates github.com/bmatcuk/doublestar/v4 from 4.9.1 to 4.9.2

Release notes

Sourced from github.com/bmatcuk/doublestar/v4's releases.

Fixed Handling of Paths With Meta Chars Using Alts

@​toga4 submitted a PR that fixed a small bug with the way paths were handled when the pattern used {alts}: if some part of the on-disk path that came before the {alt} included meta characters (say, a directory name that included the character ?), these meta characters were not escaped when they were passed back through the globbing routines. This caused doublestar to interpret them as actual meta characters, rather than a fixed-string path as it should have. Nice find, @​toga4 !

What's Changed

• fix: escape meta characters in paths during brace expansion by @​toga4 in bmatcuk/doublestar#108

New Contributors

• @​toga4 made their first contribution in bmatcuk/doublestar#108

Full Changelog: bmatcuk/doublestar@v4.9.1...v4.9.2

Commits

• 3dc8306 Merge branch 'toga4-fix-brace-exp-with-meta'
• 4db19e2 fix tests
• 4ef2b00 fix: escape meta characters in paths during brace expansion
• b191bb9 test: add failing tests for brace expansion with meta char directories
• 9fded31 notes about globbing
• See full diff in compare view

Updates github.com/containerd/containerd/v2 from 2.2.0 to 2.2.1

Release notes

Sourced from github.com/containerd/containerd/v2's releases.

containerd 2.2.1

Welcome to the v2.2.1 release of containerd!

The first patch release for containerd 2.2 contains various fixes and improvements.

Highlights

Container Runtime Interface (CRI)

• Redact all query parameters in CRI error logs (#12546)

Image Distribution

• Fix image defaults on Darwin to usable configuration (#12544)
• Fix possible panic from WithMediaTypeKeyPrefix (#12516)

Runtime

• Update runc binary to v1.3.4 (#12593)
• Fix parsing of hugetlb..events files (containerd/cgroups#379)

Please try out the release binaries and report any issues at https://github.com/containerd/containerd/issues.

Contributors

• Krisztian Litkey
• Markus Lehtonen
• Akihiro Suda
• Mike Brown
• Sebastiaan van Stijn
• Derek McGowan
• Heran Yang
• Wei Fu
• Phil Estes
• Samuel Karp
• Austin Vazquez
• Sascha Grunert
• Akhil Mohan
• Andrey Noskov
• Brian Goff
• CrazyMax
• Davanum Srinivas
• Gaurav Ghildiyal
• Neeraj Krishna Gopalakrishna
• Paweł Gronowski
• Tariq Ibrahim
• TomerLev
• Tõnis Tiigi
• bo.jiang

... (truncated)

Commits

• dea7da5 Merge pull request #12677 from dmcgowan/prepare-2.2.1
• f6bae1f Prepare release notes for v2.2.1
• b77253f Merge pull request #12701 from k8s-infra-cherrypick-robot/cherry-pick-12699-t...
• c22cf5d cri,nri: pass any linux security profile to plugins.
• d7532de cri,nri: pass any linux RDT constraints to plugins.
• ef36e61 cri,nri: pass any linux net devices to plugins.
• d56faf4 cri,nri: pass any linux scheduler attributes to plugins.
• e1824d2 cri,nri: pass any linux I/O priority to plugins.
• 01d5490 go.{mod,sum}: bump NRI deps to v0.11.0, re-vendor.
• 815932a Merge pull request #12697 from thaJeztah/release_2.2_backport_bump_semconv
• Additional commits viewable in compare view

Updates github.com/gocsaf/csaf/v3 from 3.5.0 to 3.5.1

Release notes

Sourced from github.com/gocsaf/csaf/v3's releases.

v3.5.1

This is minor fix correcting a wrong validation test around the name and version of the engine.

What's Changed

• fix: engine is invalid when name is missing by @​benja-M-1 in gocsaf/csaf#710
• Update 3rd party libraries in gocsaf/csaf#711

New Contributors

• @​benja-M-1 made their first contribution in gocsaf/csaf#710

Full Changelog: gocsaf/csaf@v3.5.0...v3.5.1

Commits

• 586524a Update 3rd party libraries. (#711)
• 52ce6bc fix: engine is invalid when name is missing (#710)
• See full diff in compare view

Updates github.com/hashicorp/go-getter from 1.8.3 to 1.8.4

Release notes

Sourced from github.com/hashicorp/go-getter's releases.

v1.8.4

What's Changed

• [IND-4227][COMPLIANCE] chore: Fix lint issues-build tags by @​ssagarverma in hashicorp/go-getter#568
• [IND-4227] [COMPLIANCE] Update Copyright Headers by @​oss-core-libraries-dashboard[bot] in hashicorp/go-getter#566
• [COMPLIANCE] Update Copyright Headers by @​oss-core-libraries-dashboard[bot] in hashicorp/go-getter#571
• [chore] : Bump the actions group across 1 directory with 3 updates by @​dependabot[bot] in hashicorp/go-getter#567
• fix: allow downloading S3 files from MinIO over http by @​vsarunas in hashicorp/go-getter#570
• [chore] : Bump the actions group across 1 directory with 6 updates by @​dependabot[bot] in hashicorp/go-getter#574
• [chore] : Bump the go group across 1 directory with 12 updates by @​dependabot[bot] in hashicorp/go-getter#575

New Contributors

• @​ssagarverma made their first contribution in hashicorp/go-getter#568
• @​oss-core-libraries-dashboard[bot] made their first contribution in hashicorp/go-getter#566

Full Changelog: hashicorp/go-getter@v1.8.3...v1.8.4

Commits

• 576ab86 [chore] : Bump the go group across 1 directory with 12 updates (#575)
• efec2db Merge pull request #574 from hashicorp/dependabot/github_actions/actions-36c6...
• 7ccb947 [chore] : Bump the actions group across 1 directory with 6 updates
• 228ad65 fix: allow downloading S3 files from MinIO over http (#570)
• 5cb8b18 Merge pull request #567 from hashicorp/dependabot/github_actions/actions-92ca...
• f358fa6 Merge pull request #571 from hashicorp/compliance/update-headers
• 376d40c [COMPLIANCE] Update Copyright and License Headers
• 9d34fba [chore] : Bump the actions group across 1 directory with 3 updates
• fd63a33 Merge pull request #566 from hashicorp/compliance/update-headers
• ac8218d [COMPLIANCE] Update Copyright and License Headers
• Additional commits viewable in compare view

Updates github.com/open-policy-agent/opa from 1.11.0 to 1.12.2

Release notes

Sourced from github.com/open-policy-agent/opa's releases.

v1.12.2

This bug fix release address issues found in the new string interpolation feature

• Add (*TemplateString).Copy() method (#8159) authored by @​anderseknert
• Fix template string not serialized with escaped { (#8161) authored by @​anderseknert
• fix(ast): skip template string vars in ref safety (#8174) authored by @​thevilledev
• fix(ast): use original var names in template error (#8180) authored by @​thevilledev

v1.12.1

This bug fix release reverts a change to regex.replace that unintentionally changed its behaviour for anchored regular expressions.

• Revert "topdown: make regex.replace respect cancellation" (authored by @​srenatus)

v1.12.0

This release contains a mix of new features, performance improvements, and bugfixes. Notably:

• Support for String Interpolation in the Rego language
• Faster compilation and runtime
• Fixes published in the v1.11.1 release

String Interpolation (#4733)

The Rego language has been extended to support String Interpolation, which provides a readable means to compose strings containing dynamic values determined at evaluation time.

An interpolated string is composed of a template-string containing zero or more template-expressions that evaluates to a value at evaluation time. The $ character prefix identifies a template-string, and template-expressions are declared by being enclosed in curly-braces ({, }).

Additionally, undefined template-expression values don't halt evaluation; instead, <undefined> will be injected into the generated string.

package interpolation
allowed_roles := ["admin", "employee"]
default role := "guest"
role := input.role
deny contains $"User {input.username}'s role was '{role}', but must be one of {allowed_roles}" if {
not role in allowed_roles
}

{
</tr></table> 

... (truncated)

Changelog

Sourced from github.com/open-policy-agent/opa's changelog.

1.12.2

This bug fix release address issues found in the new string interpolation feature

• Add (*TemplateString).Copy() method (#8159) authored by @​anderseknert
• Fix template string not serialized with escaped { (#8161) authored by @​anderseknert
• fix(ast): skip template string vars in ref safety (#8174) authored by @​thevilledev
• fix(ast): use original var names in template error (#8180) authored by @​thevilledev

1.12.1

This bug fix release reverts a change to regex.replace that unintentionally changed its behaviour for anchored regular expressions.

• Revert "topdown: make regex.replace respect cancellation" (authored by @​srenatus)

1.12.0

This release contains a mix of new features, performance improvements, and bugfixes. Notably:

• Support for string interpolation in the Rego language
• Faster compilation and runtime
• Fixes published in the v1.11.1 release

String Interpolation (#4733)

The Rego language has been extended to support String Interpolation, which provides a readable means to compose strings containing dynamic values determined at evaluation time.

An interpolated string is composed of a template-string containing zero or more template-expressions that evaluates to a value at evaluation time. The $ character prefix identifies a template-string, and template-expressions are declared by being enclosed in curly-braces ({, }).

Additionally, undefined template-expression values don't halt evaluation; instead, <undefined> will be injected into the generated string.

package interpolation
allowed_roles := ["admin", "employee"]
default role := "guest"
role := input.role
deny contains $"User {input.username}'s role was '{role}', but must be one of {allowed_roles}" if {
not role in allowed_roles
}

{
  "deny": [
    "User <undefined>'s role was 'guest', but must be one of [\"admin\", \"employee\"]"
</tr></table> 

... (truncated)

Commits

• 89c6537 Release v1.12.2
• 92dd54d Release v1.12.1
• fb09d24 Revert "topdown: make regex.replace respect cancellation"
• d61ac38 Prepare v1.12.0 release (#8144)
• 5a0dc47 Template string performance improvements and more (#8143)
• f5c3743 perf: reduce allocations handling terms (#8116)
• d80ffc4 website: Show playground errors
• 7e1c361 oracle: Use typed targets for specific matchers (#8138)
• 629cbd8 String interpolation docs (#8129)
• 9c52121 ast/parser: avoid allocating slices for variadic options
• Additional commits viewable in compare view

Updates github.com/secure-systems-lab/go-securesystemslib from 0.9.1 to 0.10.0

Commits

• 93d7e1c Merge pull request #139 from secure-systems-lab/dependabot/github_actions/gol...
• b2fe7df Merge pull request #138 from secure-systems-lab/dependabot/github_actions/act...
• 7e9f79e chore(deps): bump golangci/golangci-lint-action from 8.0.0 to 9.2.0
• 1552d12 chore(deps): bump actions/setup-go from 5.5.0 to 6.1.0
• d1d5111 Merge pull request #137 from secure-systems-lab/dependabot/go_modules/golang....
• 04d651e Merge pull request #136 from secure-systems-lab/dependabot/github_actions/act...
• 145f8c2 chore(deps): bump golang.org/x/crypto from 0.45.0 to 0.46.0
• e8de185 Merge pull request #127 from secure-systems-lab/dependabot/go_modules/github....
• a50b13e chore(deps): bump actions/checkout from 6.0.0 to 6.0.1
• c24bdce chore(deps): bump github.com/stretchr/testify from 1.10.0 to 1.11.1
• Additional commits viewable in compare view

Updates github.com/spdx/tools-golang from 0.5.5 to 0.5.7

Release notes

Sourced from github.com/spdx/tools-golang's releases.

v0.5.7

What's Changed

• Fail parsing if the required prefix isn't present for IDs by @​awyeth in spdx/tools-golang#275

New Contributors

• @​awyeth made their first contribution in spdx/tools-golang#275

Full Changelog: spdx/tools-golang@v0.5.6...v0.5.7

v0.5.6

What's Changed

• Change the colon and space separator to just a colon by @​warpkwd in spdx/tools-golang#254
• build(deps): Bump sigs.k8s.io/yaml to 1.6.0 by @​dependabot[bot] in spdx/tools-golang#259
• Resolve two issues related to ExternalDocumentRef by @​KAWAHARA-souta in spdx/tools-golang#269
• fix: Fix prefixDocumentId() to use correct prefix by @​KAWAHARA-souta in spdx/tools-golang#272

New Contributors

• @​warpkwd made their first contribution in spdx/tools-golang#254
• @​KAWAHARA-souta made their first contribution in spdx/tools-golang#269

Full Changelog: spdx/tools-golang@v0.5.5...v0.5.6

Commits

• 28116d2 fix: fail parsing if the required prefix isn't present for IDs (#275)
• 3d64f16 build(deps): Bump actions/checkout from 5 to 6 (#271)
• 254d7a7 fix: Fix prefixDocumentId() to use correct prefix (#272)
• e6786a8 fix: ExternalDocumentRef in JSON serialization (#269)
• 49501ad build(deps): Bump github.com/anchore/go-struct-converter from 0.0.0-202211181...
• e95cf7f build(deps): Bump sigs.k8s.io/yaml from 1.5.0 to 1.6.0 (#259)
• eabe60c build(deps): Bump actions/checkout from 4 to 5 (#260)
• 72d8e33 build(deps): Bump github.com/stretchr/testify from 1.10.0 to 1.11.1 (#264)
• d6b5d35 build(deps): Bump actions/setup-go from 5 to 6 (#265)
• 916d962 build(deps): Bump sigs.k8s.io/yaml from 1.4.0 to 1.5.0 (#258)
• Additional commits viewable in compare view

Updates github.com/tetratelabs/wazero from 1.10.1 to 1.11.0

Release notes

Sourced from github.com/tetratelabs/wazero's releases.

v1.11.0

Hi wazero friends! The new release of wazero v1.11.0 has arrived.

This release is a small "break with the past" it the sense that we added one go.mod dependency to wazero: golang.org/x/sys; read the rational for why.

Behavioral changes

• 77db9681 Require Go 1.24 (#2448) @​ncruces
• fe2e7519 Use golang.org/x/sys (#2443) @​ncruces

Bug fixes

• 92864489 Update Wasm 2.0 spec tests. (#2458) @​ncruces
• 5e7c35eb Fix race condition in refCount initialization (#2447) @​jackorse

New Contributors

• @​jackorse made their first contribution in #2447

Full Changelog: wazero/wazero@v1.10.1...v1.11.0

Commits

• fe2e751 Use golang.org/x/sys (#2443)
• 9286448 Update Wasm 2.0 spec tests. (#2458)
• af80797 Add go-libtiff to users.md (#2457)
• 77db968 Change version policy to two versions. (#2448)
• 275c9a0 Simplify utimens. (#2449)
• 5e7c35e Fix race condition in refCount initialization (#2447)
• cc1ca4c Streamline build tags: remove tinygo, cgo (#2446)
• See full diff in compare view

Updates github.com/zclconf/go-cty-yaml from 1.1.0 to 1.2.0

Changelog

Sourced from github.com/zclconf/go-cty-yaml's changelog.

1.2.0 (December 17, 2025)

• The YAML decoder now has more complete support for tag:yaml.org,2002:merge, including support for merging a sequence of mappings rather than just a single mapping.

  Unfortunately the specification for this tag is terse and incomplete, and other existing implementations disagree even with the few behaviors that are described in the specification, so this library implements behavior that matches existing implementations while diverging slightly from the spec:

  • The untagged scalar value << is resolved as tag:yaml.org,2002:merge only in the mapping key position. In all other positions it's resolved as a normal string, "<<". Writing out the tag explicitly instead of using the shorthand is allowed in mapping key position and rejected as an error in all other positions.
  • Multiple merge keys can appear in the same mapping, and will each be handled separately as if they had all been written as a single merge.
  • Later mentions of a key override earlier mentions of a key in all cases. This is the main deviation from the spec text: the spec requires that the earliest mention of each key takes priority when merging, but that is the opposite of the normal behavior for duplicate keys in a mapping (without merging) and other implementations seem to ignore that exception.

  There are a few other implementations that disagree with what this library implements. That's unfortunate, but unavoidable because existing implementations are in conflict with one another already. The choices in this implementation were based on a survey of various other popular implementatins and will not be changed in a breaking way after this release.

Commits

• 85d6bca v1.2.0 release
• 229f481 Allow a !!merge key to be used with a sequence of mappings
• 5da71a8 Add GitHub funding metadata
• See full diff in compare view

Updates golang.org/x/mod from 0.31.0 to 0.32.0

Commits

• 4c04067 go.mod: update golang.org/x dependencies
• See full diff in compare view

Updates golang.org/x/term from 0.38.0 to 0.39.0

Commits

• a7e5b04 go.mod: update golang.org/x dependencies
• 943f25d x/term: handle transpose
• 9b991dd x/term: handle delete key
• See full diff in compare view

Updates golang.org/x/text from 0.32.0 to 0.33.0

Commits

• 536231a go.mod: update golang.org/x dependencies
• See full diff in compare view

Updates helm.sh/helm/v3 from 3.19.2 to 3.19.4

Release notes

Sourced from helm.sh/helm/v3's releases.

Helm v3.19.4 is a security fix for a Go CVE in the previous tag. This patch release rebuilds the Helm v3.19.3 release with the latest Go toolchain, to fix the Go CVE. Users are encouraged to upgrade.

The community keeps growing, and we'd love to see you there!

• Join the discussion in Kubernetes Slack:
  • for questions and just to hang out
  • for discussing PRs, code, and bugs
• Hang out at the Public Developer Call: Thursday, 9:30 Pacific via Zoom
• Test, debug, and contribute charts: ArtifactHub/packages

Installation and Upgrading

Download Helm v3.19.4. The common platform binaries are here:

• MacOS amd64 (checksum / d9c9b1fc499c54282c4127c60cdd506da2c6202506b708a2b45fb6dfdb318f43)
• MacOS arm64 (checksum / 7e82ca63fe80a298cecefad61d0c10bc47963ff3551e94ab6470be6393a6a74b)
• Linux amd64 (checksum / 759c656fbd9c11e6a47784ecbeac6ad1eb16a9e76d202e51163ab78504848862)
• Linux arm (checksum / fcbb21b657c46ad646542964c262c4efb595bc60621e34273c1a2bb92eaff1dc)
• Linux arm64 (checksum / 9e1064f5de43745bdedbff2722a1674d0397bc4b4d8d8196d52a2b730909fe62)
• Linux i386 (checksum / 5bbf5541cb021c021a7f5b3e59e3808cc09678aa2650ece24c78f8a277466c0b)
• Linux ppc64le (checksum / a38d8f75406f9bc3e12d1ebf8819fd563a5156ada6fe665402732932eec9c743)
• Linux s390x (checksum / d153b3a316ce3f2936e601d94db5909aae4fbd5d1a4b28760fad2dd18c2bb749)
• Linux riscv64 (checksum / 9d90a7532b426e5d99edfa9fa93e1dba4729f96a3b493974e847651a9aa34020)
• Windows amd64 (checksum / 18e7d1b970dfb6f4f8ddbbd1659d75d90ca818a47519411c4cc305b918508d36)
• Windows arm64 (checksum / da870dbb870e5cad243f5c7dca54f27be289237a97d84077c885769a06394223)

This release was signed with 208D D36E D5BB 3745 A167 43A4 C7C6 FBB5 B91C 1155 and can be found at @​scottrigby keybase account. Please use the attached signatures for verifying this release using gpg.

The Quickstart Guide will get you going from there. For upgrade instructions or detailed installation notes, check the install guide. You can also use a script to install on any system with bash.

What's Next

• 3.19.5 and 4.0.4 are the next patch releases and will be on January 14, 2026
• 3.20.0 and 4.1.0 is the next minor releases and will be on January 21, 2026

Changelog

• Use latest patch release of Go in releases 7cfb6e486dac026202556836bb910c37d847793e (Matt Farina)
• chore(deps): bump github.com/gofrs/flock from 0.12.1 to 0.13.0 59c951f309511dcb017900b6a19836e5bcbade04 (dependabot[bot])
• chore(deps): bump github.com/cyphar/filepath-securejoin d45f3f15dfbc05320add596102ce3ae220825ff1 (dependabot[bot])
• chore(deps): bump golang.org/x/crypto from 0.44.0 to 0.45.0 d4595449c7bd2a82f1ae23b11711f2b7b219ed32 (dependabot[bot])
• chore(deps): bump golang.org/x/term from 0.36.0 to 0.37.0 becd3876eb126cb83d8571e6e3826645e941d400 (dependabot[bot])
• chore(deps): bump the k8s-io group with 7 updates edb1579fd0d9ed81fb451ce03c68bd6365374173 (dependabot[bot])

Helm v3.19.3 is a patch release. Users are encouraged to upgrade for the best experience.

The community keeps growing, and we'd love to see you there!

• Join the discussion in Kubernetes Slack:
  • for questions and just to hang out

... (truncated)

Commits

• 7cfb6e4 Use latest patch release of Go in releases
• 59c951f chore(deps): bump github.com/gofrs/flock from 0.12.1 to 0.13.0
• d45f3f1 chore(deps): bump github.com/cyphar/filepath-securejoin
• d459544 chore(deps): bump golang.org/x/crypto from 0.44.0 to 0.45.0
• becd387 chore(deps): bump golang.org/x/term from 0.36.0 to 0.37.0
• edb1579 chore(deps): bump the k8s-io group with 7 updates
• See full diff in compare view

Updates k8s.io/utils from 0.0.0-20250820121507-0af2bda4dd1d to 0.0.0-20251002143259-bc988d571ff4

Commits

• See full diff in compare view

Updates modernc.org/sqlite from 1.40.1 to 1.43.0

Commits

• 9e521c1 builder.json: test += openbsd/arm64
• 234b299 builder.json: test += openbsd/amd64
• cc1c971 make vendor # [email protected]
• 27cd881 add conn.IsReadOnly, closes #242
• cbcb1c2 README: add sponsors
• a1e867b lib/mutex.go: robustness++
• 168ece1 adjust int time haqndling, closes #240
• 05f0a52 Merge branch 'fix-241' into 'master'
• f8f5a75 fix TOCTOU interrupt race
• 8f3ecad retract v1.42.0, revert to v1.41.0 state
• Additional commits viewable in compare view

Updates github.com/nikolalohinski/gonja/v2 from 2.4.2 to 2.5.1

Commits

• 8cd324e fix: make sure int to float comparison behave correctly
• c31cb4e feat(builtins): add missing builtin tests for python parity
• e85c8b1 adding support to supress logging
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[DmitriyLewen]

Kubernetes removed v1alpha1 in k8s.io/[email protected].

But helm.sh/helm/v3 (versions v3.19.4 and v3.19.5) still uses k8s.io/[email protected] and v1alpha1.
So we can't bump k8s.io/api to v0.35.0 without changes in helm.sh/helm/v3.

Removed updating k8s.io/api to v0.35.0 in fc6c5d5

[DmitriyLewen]

@nikpivkin, could you take a look at the update for github.com/open-policy-agent/opa?
Test_RegoScanning_WithSomeInvalidPolicies/allow_up_to_max_1_error fails after the update:
https://github.com/aquasecurity/trivy/actions/runs/21130691957/job/60766061144#step:9:7564

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.