Skip to content

build(deps): bump github.com/go-git/go-git/v5 from 5.17.2 to 5.18.0 in /cmd/firmware-action#878

Merged
AtomicFS merged 1 commit intomainfrom
dependabot/go_modules/cmd/firmware-action/github.com/go-git/go-git/v5-5.18.0
Apr 20, 2026
Merged

build(deps): bump github.com/go-git/go-git/v5 from 5.17.2 to 5.18.0 in /cmd/firmware-action#878
AtomicFS merged 1 commit intomainfrom
dependabot/go_modules/cmd/firmware-action/github.com/go-git/go-git/v5-5.18.0

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Apr 17, 2026

Bumps github.com/go-git/go-git/v5 from 5.17.2 to 5.18.0.

Release notes

Sourced from github.com/go-git/go-git/v5's releases.

v5.18.0

What's Changed

Full Changelog: go-git/go-git@v5.17.2...v5.18.0

Commits
  • ea3e7ec Merge pull request #2004 from go-git/v5-http-hardening
  • bcd20a9 plumbing: transport/http, Add support for followRedirects policy
  • See full diff in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
build(deps): bump github.com/go-git/go-git/v5 in /cmd/firmware-action
408005b 
Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) from 5.17.2 to 5.18.0.
- [Release notes](https://github.com/go-git/go-git/releases)
- [Commits](go-git/go-git@v5.17.2...v5.18.0)

---
updated-dependencies:
- dependency-name: github.com/go-git/go-git/v5
  dependency-version: 5.18.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Apr 17, 2026
@dependabot dependabot Bot requested review from AtomicFS and MDr164 as code owners April 17, 2026 00:11
@dependabot dependabot Bot added the go Pull requests that update Go code label Apr 17, 2026
@AtomicFS AtomicFS enabled auto-merge April 17, 2026 00:11
@github-actions
Copy link
Copy Markdown

github-actions Bot commented Apr 17, 2026

⚠️MegaLinter analysis: Success with warnings

Descriptor Linter Files Fixed Errors Warnings Elapsed time
✅ ACTION actionlint 15 0 0 0.46s
✅ BASH bash-exec 10 0 0 0.05s
✅ BASH shellcheck 9 0 0 0.11s
✅ BASH shfmt 9 0 0 0.01s
✅ DOCKERFILE hadolint 5 0 0 0.34s
✅ EDITORCONFIG editorconfig-checker 227 0 0 0.33s
✅ GO revive 31 0 0 34.6s
✅ JSON jsonlint 14 0 0 0.1s
✅ JSON prettier 14 0 0 1.03s
✅ JSON v8r 14 0 0 5.28s
✅ MARKDOWN markdownlint 32 0 0 4.88s
⚠️ PYTHON black 20 1 0 1.61s
✅ PYTHON flake8 20 0 0 1.03s
✅ PYTHON isort 20 0 0 2.42s
✅ PYTHON mypy 20 0 0 10.24s
✅ PYTHON pylint 20 0 0 11.45s
✅ PYTHON pyright 20 0 0 0.95s
✅ PYTHON ruff 20 0 0 0.11s
✅ REPOSITORY checkov yes no no 26.11s
✅ REPOSITORY gitleaks yes no no 5.74s
✅ REPOSITORY git_diff yes no no 0.05s
✅ REPOSITORY grype yes no no 77.73s
✅ REPOSITORY secretlint yes no no 1.48s
✅ REPOSITORY syft yes no no 19.11s
✅ REPOSITORY trivy yes no no 17.54s
✅ REPOSITORY trivy-sbom yes no no 4.95s
✅ REPOSITORY trufflehog yes no no 6.85s
✅ SPELL cspell 227 0 0 6.17s
⚠️ YAML prettier 35 1 2 4.33s
✅ YAML v8r 35 0 0 14.09s
✅ YAML yamllint 35 0 0 13.62s

Detailed Issues

⚠️ PYTHON / black - 1 error 
--- .dagger-ci/daggerci/lib/cli.py	2026-04-17 00:12:48.945447+00:00
+++ .dagger-ci/daggerci/lib/cli.py	2026-04-17 00:13:34.170866+00:00
@@ -32,17 +32,15 @@
         action="store_true",
     )
     parser.add_argument(
         "-d",
         "--dockerfile",
-        help=textwrap.dedent(
-            """\
+        help=textwrap.dedent("""\
                 select which dockerfile to build
                 - enter name from docker-compose
                 - multiple entries are possible
-                - by default tries to build all"""
-        ),
+                - by default tries to build all"""),
         nargs="+",
     )
     parser.add_argument(
         "-p",
         "--publish",
would reformat .dagger-ci/daggerci/lib/cli.py
--- .dagger-ci/daggerci/main.py	2026-04-17 00:12:48.945447+00:00
+++ .dagger-ci/daggerci/main.py	2026-04-17 00:13:34.287334+00:00
@@ -1,9 +1,10 @@
 #!/usr/bin/python
 """
 Python script to build and test Docker containers for coreboot and EDK2 compilation
 """
+
 # mypy: disable-error-code="import"
 
 # Logging
 # https://docs.python.org/3/howto/logging.html
 # DEBUG, INFO, WARNING, ERROR, CRITICAL
would reformat .dagger-ci/daggerci/main.py
--- .dagger-ci/daggerci/tests/conftest.py	2026-04-17 00:12:48.945447+00:00
+++ .dagger-ci/daggerci/tests/conftest.py	2026-04-17 00:13:34.643705+00:00
@@ -88,63 +88,55 @@
 @pytest.fixture(name="dockerfile")
 def fixture_dockerfile():
     """
     Generic Dockerfile content
     """
-    return textwrap.dedent(
-        """\
+    return textwrap.dedent("""\
         FROM ubuntu:22.04 AS base
         ARG TARGETARCH=amd64\
-        """
-    )
+        """)
 
 
 @pytest.fixture
 def dockerfile_dummy_tests_success():
     """
     Dockerfile content specifically for executing tests inside docker
     """
-    return textwrap.dedent(
-        """\
+    return textwrap.dedent("""\
         FROM ubuntu:22.04 AS base
         ARG TARGETARCH=amd64
         ARG CONTEXT=dummy
         ARG VARIANT=success
         ENV VERIFICATION_TEST=./tests/test_${CONTEXT}_${VARIANT}.sh
         RUN echo 'hello world'\
-        """
-    )
+        """)
 
 
 @pytest.fixture
 def dockerfile_dummy_tests_fail():
     """
     Dockerfile content specifically for executing tests inside docker
     """
-    return textwrap.dedent(
-        """\
+    return textwrap.dedent("""\
         FROM ubuntu:22.04 AS base
         ARG TARGETARCH=amd64
         ARG CONTEXT=dummy
         ARG VARIANT=fail
         ENV VERIFICATION_TEST=./tests/test_${CONTEXT}_${VARIANT}.sh
         RUN echo 'hello world'\
-        """
-    )
+        """)
 
 
 @pytest.fixture
 def dockerfile_broken():
     """
     Dockerfile content which should fail to build
     """
-    return textwrap.dedent(
-        """\
+    return textwrap.dedent("""\
         FROM ubuntu:22.04 AS base
         RUN false\
-        """
-    )
+        """)
 
 
 # ===========================
 #
 #  Docker Compose fixtures
would reformat .dagger-ci/daggerci/tests/conftest.py

Oh no! 💥 💔 💥
3 files would be reformatted, 17 files would be left unchanged.
⚠️ YAML / prettier - 1 error 
Checking formatting...
[warn] .github/workflows/go-test.yml
[warn] Code style issues found in the above file. Run Prettier with --write to fix.

See detailed reports in MegaLinter artifacts

Your project could benefit from a custom flavor, which would allow you to run only the linters you need, and thus improve runtime performances. (Skip this info by defining FLAVOR_SUGGESTIONS: false)

  • Documentation: Custom Flavors
  • Command: npx mega-linter-runner@9.4.0 --custom-flavor-setup --custom-flavor-linters PYTHON_PYLINT,PYTHON_BLACK,PYTHON_FLAKE8,PYTHON_ISORT,PYTHON_MYPY,PYTHON_PYRIGHT,PYTHON_RUFF,ACTION_ACTIONLINT,BASH_EXEC,BASH_SHELLCHECK,BASH_SHFMT,DOCKERFILE_HADOLINT,EDITORCONFIG_EDITORCONFIG_CHECKER,GO_REVIVE,JSON_JSONLINT,JSON_V8R,JSON_PRETTIER,MARKDOWN_MARKDOWNLINT,REPOSITORY_CHECKOV,REPOSITORY_GIT_DIFF,REPOSITORY_GITLEAKS,REPOSITORY_GRYPE,REPOSITORY_SECRETLINT,REPOSITORY_SYFT,REPOSITORY_TRIVY,REPOSITORY_TRIVY_SBOM,REPOSITORY_TRUFFLEHOG,SPELL_CSPELL,YAML_PRETTIER,YAML_YAMLLINT,YAML_V8R

MegaLinter is graciously provided by OX Security
Show us your support by starring ⭐ the repository

@AtomicFS AtomicFS added this pull request to the merge queue Apr 17, 2026
@github-merge-queue github-merge-queue Bot removed this pull request from the merge queue due to failed status checks Apr 17, 2026
@AtomicFS AtomicFS merged commit bba4e29 into main Apr 20, 2026
63 of 69 checks passed
@AtomicFS AtomicFS deleted the dependabot/go_modules/cmd/firmware-action/github.com/go-git/go-git/v5-5.18.0 branch April 20, 2026 09:52
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@AtomicFS AtomicFS AtomicFS approved these changes

@MDr164 MDr164 Awaiting requested review from MDr164 MDr164 is a code owner

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file go Pull requests that update Go code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@AtomicFS