deps(deps): bump the go-dependencies group with 4 updates

[dependabot]

Bumps the go-dependencies group with 4 updates: github.com/google/go-containerregistry, github.com/onsi/ginkgo/v2, github.com/onsi/gomega and github.com/pb33f/libopenapi.

Updates github.com/google/go-containerregistry from 0.21.5 to 0.21.6

Release notes

Sourced from github.com/google/go-containerregistry's releases.

v0.21.6

What's Changed

• fix: update dependencies to use new azure sdk components by @​gaganhr94 in google/go-containerregistry#2262
• transport: restore resp.Body in retryError so CheckError can parse it by @​alliasgher in google/go-containerregistry#2264
• pkg/registry: return 202 Accepted for PATCH chunk uploads by @​alliasgher in google/go-containerregistry#2265
• Follow OCI distribution spec for artifactType and annotations by @​malt3 in google/go-containerregistry#2269
• actions: attach Codecov token to coverage tests on main by @​Subserial in google/go-containerregistry#2270
• remote: use DeleteScope (with "delete" action) for manifest deletion by @​alliasgher in google/go-containerregistry#2266
• remote: limit concurrent layer pulls by @​gnix0 in google/go-containerregistry#2271
• pkg/registry: reject corrupt disk blobs by @​gnix0 in google/go-containerregistry#2272
• mutate: close layer readers during export by @​gnix0 in google/go-containerregistry#2277
• crane/flatten: preserve image media type when flattening by @​alliasgher in google/go-containerregistry#2267
• build(deps): bump goreleaser/goreleaser-action from 7.0.0 to 7.2.1 in the actions group across 1 directory by @​dependabot[bot] in google/go-containerregistry#2273
• build(deps): bump go.opentelemetry.io/otel from 1.36.0 to 1.41.0 by @​dependabot[bot] in google/go-containerregistry#2278
• build(deps): bump the go-deps group across 3 directories with 6 updates by @​dependabot[bot] in google/go-containerregistry#2280
• Replace go-homedir with os.UserHomeDir by @​jammie-jelly in google/go-containerregistry#2282
• pkg/name: only treat .localhost as non-HTTPS, not .local by @​blackwell-systems in google/go-containerregistry#2281
• transport: block unspecified IPs (0.0.0.0, ::) in validateRealmURL by @​marwan9696 in google/go-containerregistry#2285
• test(mutate): add Extract round-trip test for filesystem object preservation by @​blackwell-systems in google/go-containerregistry#2283
• experiments: remove deprecated support for estargz by @​thaJeztah in google/go-containerregistry#2288
• build(deps): bump aws-actions/configure-aws-credentials from 6.1.0 to 6.1.1 in the actions group by @​dependabot[bot] in google/go-containerregistry#2289
• fix: limit HTTP response body reads to prevent OOM by @​evilgensec in google/go-containerregistry#2296
• build(deps): bump the go-deps group across 3 directories with 6 updates by @​dependabot[bot] in google/go-containerregistry#2297
• transport: block redirects from token server to private/link-local addresses (SSRF fix) by @​evilgensec in google/go-containerregistry#2292
• pkg/v1/mutate: preserve relative symlinks that stay within rootfs in Extract by @​anishesg in google/go-containerregistry#2279
• validate: skip non-layer layers by @​imjasonh in google/go-containerregistry#2298
• remote: validate foreign layer URLs to prevent SSRF (fixes #2259) by @​evilgensec in google/go-containerregistry#2293
• remote: block SSRF via private-IP Location headers in blob uploads by @​adilburaksen in google/go-containerregistry#2295
• fix(mutate): preserve config blob and layers for non-Docker OCI artifacts by @​blackwell-systems in google/go-containerregistry#2286
• fix: preserve per-occurrence layer identity in mutate.Image.Layers() by @​iahsanGill in google/go-containerregistry#2299
• transport: retry HTTP 429 (Too Many Requests) by @​iahsanGill in google/go-containerregistry#2301
• transport: allow bearer realm at same host:port as registry by @​iahsanGill in google/go-containerregistry#2302
• Update go version to 1.26.3 by @​Subserial in google/go-containerregistry#2300

New Contributors

• @​gaganhr94 made their first contribution in google/go-containerregistry#2262
• @​alliasgher made their first contribution in google/go-containerregistry#2264
• @​malt3 made their first contribution in google/go-containerregistry#2269
• @​gnix0 made their first contribution in google/go-containerregistry#2271
• @​blackwell-systems made their first contribution in google/go-containerregistry#2281
• @​marwan9696 made their first contribution in google/go-containerregistry#2285
• @​anishesg made their first contribution in google/go-containerregistry#2279
• @​adilburaksen made their first contribution in google/go-containerregistry#2295
• @​iahsanGill made their first contribution in google/go-containerregistry#2299

Full Changelog: google/go-containerregistry@v0.21.5...v0.21.6

Commits

• 53f7e39 Update go version to 1.26.3 (#2300)
• bf87c3b transport: allow bearer realm at same host:port as registry (#2302)
• c55facd transport: retry HTTP 429 (Too Many Requests) (#2301)
• 68a569e fix: preserve per-occurrence layer identity in Layers() (#2299)
• 35b354b fix(mutate): preserve config blob and layers for non-Docker OCI artifacts (#2...
• e5983f2 remote: block SSRF via private-IP Location headers in blob uploads (#2295)
• 6dad820 remote: validate foreign layer URLs to prevent SSRF (fixes #2259) (#2293)
• 78bdf1b validate: skip non-layer layers (#2298)
• c29d91c pkg/v1/mutate: preserve relative symlinks that stay within rootfs in Extract ...
• a70d75a transport: block redirects from token server to private/link-local addresses ...
• Additional commits viewable in compare view

Updates github.com/onsi/ginkgo/v2 from 2.28.3 to 2.29.0

Release notes

Sourced from github.com/onsi/ginkgo/v2's releases.

v2.29.0

2.29.0

GinkgoHelperGo makes it easier to write test helpers that need to run in goroutines. Specifically, it makes managing the failure state and capturing failure panics correctly straightforward.

ginkgo outline now includes entries defined in DescribeTableSubtree

Changelog

Sourced from github.com/onsi/ginkgo/v2's changelog.

2.29.0

GinkgoHelperGo makes it easier to write test helpers that need to run in goroutines. Specifically, it makes managing the failure state and capturing failure panics correctly straightforward.

ginkgo outline now includes entries defined in DescribeTableSubtree

Commits

• 04b5bcb v2.29.0
• 124232a docs: GinkgoHelperGo
• ad9cee8 feat: GinkgoHelperGo, with integration tests
• 9e56a0a chore: refactor devcontainer for better maintenance
• 3d235a9 chore: ignore internal/tmp_*/ integration suite temporary dirs
• 782666a feat: devcontainer configuration with local pkgsite and GH pages
• 009dd04 Support DescribeTableSubtree in ginkgo outline
• See full diff in compare view

Updates github.com/onsi/gomega from 1.40.0 to 1.41.0

Changelog

Sourced from github.com/onsi/gomega's changelog.

1.41.0

Features

Add BeASlice and BeAnArray matchers

Fixes

Object formatting now detects pointer cycles to avoid runaway formatting output.

Commits

• af2bccb v1.41.0
• 73e81f6 v1.41.0 (full)
• e35a84f feat: devcontainer configuration with local pkgsite and GH pages
• f12e5e1 fix(format): detect pointer cycles to avoid runaway formatting output
• e14831f Add optionalDescription docs to AsyncAssertion and Assertion interfaces
• 344b94d Add BeASlice and BeAnArray matchers
• See full diff in compare view

Updates github.com/pb33f/libopenapi from 0.36.3 to 0.36.4

Release notes

Sourced from github.com/pb33f/libopenapi's releases.

v0.36.4

Various fixes with bundler dealing with rewriting relative paths in composed mode, some house-keeping and cleanup.

No new features or breaking changes.

Commits

• e489129 refactor(schema): unify sibling-ref handling across schema extraction paths
• 7a0ad11 address coverage
• 8585a05 fix: rebase vendor extension $refs in composed bundles
• 335e473 housekeeping.
• 73a0ead address coverage
• 77b5a35 address daveshanley/vacuum#873
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Assignees

The following users could not be added as assignees: @genmcp/maintainers. Either the username does not exist or it does not have the correct permissions to be added as an assignee.

Please fix the above issues or remove invalid values from dependabot.yml.