🌱 Bump the gomod group across 2 directories with 3 updates #4544

dependabot · 2025-03-03T08:54:22Z

Bumps the gomod group with 3 updates in the / directory: github.com/go-git/go-git/v5, gitlab.com/gitlab-org/api/client-go and golang.org/x/oauth2.
Bumps the gomod group with 3 updates in the /tools directory: github.com/go-git/go-git/v5, gitlab.com/gitlab-org/api/client-go and golang.org/x/oauth2.

Updates github.com/go-git/go-git/v5 from 5.13.2 to 5.14.0

Release notes

Sourced from github.com/go-git/go-git/v5's releases.

v5.14.0

What's Changed

v5: Bump Go and dependencies to mitigate GO-2025-3487 by @pjbgf in go-git/go-git#1436

⚠️ Note that this version requires Go 1.23, due to the bump to golang.org/x/[email protected] which mitigates the CVE above. User's that can't bump to Go 1.23 will need to remain on the previous v5.13.x release.

Full Changelog: go-git/go-git@v5.13.2...v5.14.0

Commits

863c621 Merge pull request #1436 from pjbgf/v5-bumps
2e69e81 build: Bump dependencies
b2c1ec9 build: Bump Go versions
See full diff in compare view

Updates gitlab.com/gitlab-org/api/client-go from 0.123.0 to 0.124.0

Release notes

Sourced from gitlab.com/gitlab-org/api/client-go's releases.

v0.124.0

0.124.0 (2025-02-28)

Breaking Changes (4 changes)

Refactor ShareWithGroup as a Named Struct instead of an Anonymous Struct by @heidi.berry (merge request)

Add support for instance member roles API, and align CreateMemberRoleOptions... by @heidi.berry (merge request)

Switch to using BasicMergeRequest for API endpoints that use it by @heidi.berry (merge request)

Add state option when listing project access tokens. This requires that... by @heidi.berry (merge request)

Improvements (13 changes)

Add bundled reviewable command for ease of local development by @heidi.berry (merge request)

Add function for uploading a wiki attachment by @heidi.berry (merge request)

Add internal flag when creating different types of notes. Update documentation... by @heidi.berry (merge request)

Add Internal support to CreateIssueNoteOptions by @ebuildy (merge request)

Add support for Secure Files API by @heidi.berry (merge request)

add ci_delete_pipelines_in_seconds to project edit and read by @kingcrunch (merge request)

Add filter to group variables update and delete by @heidi.berry (merge request)

Add support for group releases API by @heidi.berry (merge request)

Add description to personal access token APIs by @heidi.berry (merge request)

Add description to group access token APIs by @heidi.berry (merge request)

Add description to project access token APIs by @heidi.berry (merge request)

Add 'username' support to AddProjectMemberOptions by @sy-be (merge request)

Update Group Hooks to add missing options and fix documentation links by @heidi.berry (merge request)

Breaking Change (1 change)

Fix return value of CreateMergeRequestDependency to return a single... by @llxp (merge request)

Features (1 change)

Add support for project security settings API by @heidi.berry (merge request)

Commits

04cfd77 Merge branch 'named-struct-for-shared-with-group' into 'main'
65524df Refactor ShareWithGroup as a Named Struct instead of an Anonymous Struct
1be3465 Merge branch 'support-instance-custom-roles' into 'main'
6d63332 Add support for instance member roles API, and align `CreateMemberRoleOptions...
8b50e96 Merge branch 'use-basic-merge-request' into 'main'
42ec248 Switch to using BasicMergeRequest for API endpoints that use it
34a1106 Merge branch 'add-reviewable-command' into 'main'
fd06b55 Add bundled reviewable command for ease of local development
3d91c3a Merge branch 'add-wiki-attachment-uploads' into 'main'
bf2d5c0 Add function for uploading a wiki attachment
Additional commits viewable in compare view

Updates golang.org/x/oauth2 from 0.26.0 to 0.27.0

Commits

681b4d8 jws: split token into fixed number of parts
3f78298 all: upgrade go directive to at least 1.23.0 [generated]
109dabf endpoints: add links/provider for Discord
ac571fa oauth2: fix docs for Config.DeviceAuth
314ee5b endpoints: add patreon endpoint
See full diff in compare view

Updates github.com/go-git/go-git/v5 from 5.13.2 to 5.14.0

Release notes

Sourced from github.com/go-git/go-git/v5's releases.

v5.14.0

What's Changed

v5: Bump Go and dependencies to mitigate GO-2025-3487 by @pjbgf in go-git/go-git#1436

⚠️ Note that this version requires Go 1.23, due to the bump to golang.org/x/[email protected] which mitigates the CVE above. User's that can't bump to Go 1.23 will need to remain on the previous v5.13.x release.

Full Changelog: go-git/go-git@v5.13.2...v5.14.0

Commits

863c621 Merge pull request #1436 from pjbgf/v5-bumps
2e69e81 build: Bump dependencies
b2c1ec9 build: Bump Go versions
See full diff in compare view

Updates gitlab.com/gitlab-org/api/client-go from 0.123.0 to 0.124.0

Release notes

Sourced from gitlab.com/gitlab-org/api/client-go's releases.

v0.124.0

0.124.0 (2025-02-28)

Breaking Changes (4 changes)

Refactor ShareWithGroup as a Named Struct instead of an Anonymous Struct by @heidi.berry (merge request)

Add support for instance member roles API, and align CreateMemberRoleOptions... by @heidi.berry (merge request)

Switch to using BasicMergeRequest for API endpoints that use it by @heidi.berry (merge request)

Add state option when listing project access tokens. This requires that... by @heidi.berry (merge request)

Improvements (13 changes)

Add bundled reviewable command for ease of local development by @heidi.berry (merge request)

Add function for uploading a wiki attachment by @heidi.berry (merge request)

Add internal flag when creating different types of notes. Update documentation... by @heidi.berry (merge request)

Add Internal support to CreateIssueNoteOptions by @ebuildy (merge request)

Add support for Secure Files API by @heidi.berry (merge request)

add ci_delete_pipelines_in_seconds to project edit and read by @kingcrunch (merge request)

Add filter to group variables update and delete by @heidi.berry (merge request)

Add support for group releases API by @heidi.berry (merge request)

Add description to personal access token APIs by @heidi.berry (merge request)

Add description to group access token APIs by @heidi.berry (merge request)

Add description to project access token APIs by @heidi.berry (merge request)

Add 'username' support to AddProjectMemberOptions by @sy-be (merge request)

Update Group Hooks to add missing options and fix documentation links by @heidi.berry (merge request)

Breaking Change (1 change)

Fix return value of CreateMergeRequestDependency to return a single... by @llxp (merge request)

Features (1 change)

Add support for project security settings API by @heidi.berry (merge request)

Commits

04cfd77 Merge branch 'named-struct-for-shared-with-group' into 'main'
65524df Refactor ShareWithGroup as a Named Struct instead of an Anonymous Struct
1be3465 Merge branch 'support-instance-custom-roles' into 'main'
6d63332 Add support for instance member roles API, and align `CreateMemberRoleOptions...
8b50e96 Merge branch 'use-basic-merge-request' into 'main'
42ec248 Switch to using BasicMergeRequest for API endpoints that use it
34a1106 Merge branch 'add-reviewable-command' into 'main'
fd06b55 Add bundled reviewable command for ease of local development
3d91c3a Merge branch 'add-wiki-attachment-uploads' into 'main'
bf2d5c0 Add function for uploading a wiki attachment
Additional commits viewable in compare view

Updates golang.org/x/oauth2 from 0.26.0 to 0.27.0

Commits

681b4d8 jws: split token into fixed number of parts
3f78298 all: upgrade go directive to at least 1.23.0 [generated]
109dabf endpoints: add links/provider for Discord
ac571fa oauth2: fix docs for Config.DeviceAuth
314ee5b endpoints: add patreon endpoint
See full diff in compare view

Most Recent Ignore Conditions Applied to This Pull Request

Dependency Name	Ignore Conditions
gitlab.com/gitlab-org/api/client-go	[>= 0.118.a, < 0.119]
gitlab.com/gitlab-org/api/client-go	[>= 0.117.a, < 0.118]

You can trigger a rebase of this PR by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the gomod group with 3 updates in the / directory: [github.com/go-git/go-git/v5](https://github.com/go-git/go-git), [gitlab.com/gitlab-org/api/client-go](https://gitlab.com/gitlab-org/api/client-go) and [golang.org/x/oauth2](https://github.com/golang/oauth2). Bumps the gomod group with 3 updates in the /tools directory: [github.com/go-git/go-git/v5](https://github.com/go-git/go-git), [gitlab.com/gitlab-org/api/client-go](https://gitlab.com/gitlab-org/api/client-go) and [golang.org/x/oauth2](https://github.com/golang/oauth2). Updates `github.com/go-git/go-git/v5` from 5.13.2 to 5.14.0 - [Release notes](https://github.com/go-git/go-git/releases) - [Commits](go-git/go-git@v5.13.2...v5.14.0) Updates `gitlab.com/gitlab-org/api/client-go` from 0.123.0 to 0.124.0 - [Release notes](https://gitlab.com/gitlab-org/api/client-go/tags) - [Commits](https://gitlab.com/gitlab-org/api/client-go/compare/v0.123.0...v0.124.0) Updates `golang.org/x/oauth2` from 0.26.0 to 0.27.0 - [Commits](golang/oauth2@v0.26.0...v0.27.0) Updates `github.com/go-git/go-git/v5` from 5.13.2 to 5.14.0 - [Release notes](https://github.com/go-git/go-git/releases) - [Commits](go-git/go-git@v5.13.2...v5.14.0) Updates `gitlab.com/gitlab-org/api/client-go` from 0.123.0 to 0.124.0 - [Release notes](https://gitlab.com/gitlab-org/api/client-go/tags) - [Commits](https://gitlab.com/gitlab-org/api/client-go/compare/v0.123.0...v0.124.0) Updates `golang.org/x/oauth2` from 0.26.0 to 0.27.0 - [Commits](golang/oauth2@v0.26.0...v0.27.0) --- updated-dependencies: - dependency-name: github.com/go-git/go-git/v5 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: gomod - dependency-name: gitlab.com/gitlab-org/api/client-go dependency-type: direct:production update-type: version-update:semver-minor dependency-group: gomod - dependency-name: golang.org/x/oauth2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: gomod - dependency-name: github.com/go-git/go-git/v5 dependency-type: indirect update-type: version-update:semver-minor dependency-group: gomod - dependency-name: gitlab.com/gitlab-org/api/client-go dependency-type: indirect update-type: version-update:semver-minor dependency-group: gomod - dependency-name: golang.org/x/oauth2 dependency-type: indirect update-type: version-update:semver-minor dependency-group: gomod ... Signed-off-by: dependabot[bot] <[email protected]>

dependabot bot requested a review from a team as a code owner March 3, 2025 08:54

dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Mar 3, 2025

dependabot bot requested review from justaugustus and spencerschrock and removed request for a team March 3, 2025 08:54

dependabot bot temporarily deployed to gitlab March 3, 2025 08:54 Inactive

dependabot bot temporarily deployed to integration-test March 3, 2025 08:54 Inactive

spencerschrock mentioned this pull request Mar 3, 2025

🌱 Require minimum version of Go 1.23.0 #4547

Open

2 tasks

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

🌱 Bump the gomod group across 2 directories with 3 updates #4544

🌱 Bump the gomod group across 2 directories with 3 updates #4544

dependabot bot commented on behalf of github Mar 3, 2025

🌱 Bump the gomod group across 2 directories with 3 updates #4544

Are you sure you want to change the base?

🌱 Bump the gomod group across 2 directories with 3 updates #4544

Conversation

dependabot bot commented on behalf of github Mar 3, 2025

v5.14.0

What's Changed

v0.124.0

0.124.0 (2025-02-28)

Breaking Changes (4 changes)

Improvements (13 changes)

Breaking Change (1 change)

Features (1 change)

v5.14.0

What's Changed

v0.124.0

0.124.0 (2025-02-28)

Breaking Changes (4 changes)

Improvements (13 changes)

Breaking Change (1 change)

Features (1 change)