Skip to content

Bump the oc-mirror-v2-version-updates group with 8 updates#1459

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/go_modules/oc-mirror-v2-version-updates-b28242ff4e
Open

Bump the oc-mirror-v2-version-updates group with 8 updates#1459
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/go_modules/oc-mirror-v2-version-updates-b28242ff4e

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 1, 2026

Copy link
Copy Markdown
Contributor

Bumps the oc-mirror-v2-version-updates group with 8 updates:

Package From To
github.com/Masterminds/semver/v3 3.4.0 3.5.0
github.com/google/go-containerregistry 0.21.1 0.21.7
github.com/operator-framework/operator-registry 1.69.0 1.72.0
github.com/vbauerster/mpb/v8 8.12.0 8.12.1
golang.org/x/crypto 0.51.0 0.53.0
golang.org/x/term 0.43.0 0.44.0
helm.sh/helm/v3 3.18.6 3.21.2
github.com/docker/cli 29.5.2+incompatible 29.5.3+incompatible

Updates github.com/Masterminds/semver/v3 from 3.4.0 to 3.5.0

Release notes

Sourced from github.com/Masterminds/semver/v3's releases.

v3.5.0

What's Changed

New Contributors

Full Changelog: Masterminds/semver@v3.4.0...v3.5.0

Changelog

Sourced from github.com/Masterminds/semver/v3's changelog.

Changelog

Commits
  • 8b89c86 Merge pull request #287 from mattfarina/fix-da-issues
  • 29d51d0 Fixing some quality issues
  • 87f651d Merge pull request #286 from mattfarina/update-devcontainer
  • 158a685 Updating gitignore for devcontainers
  • 7e83c08 Merge pull request #284 from Masterminds/dependabot/github_actions/golangci/g...
  • 697e27f Merge pull request #283 from Masterminds/dependabot/github_actions/actions/ca...
  • 1591f8e Merge pull request #282 from Masterminds/dependabot/github_actions/github/cod...
  • 3f5ff17 Bump golangci/golangci-lint-action from 7.0.1 to 9.2.0
  • 04baa33 Bump actions/cache from 4.2.3 to 5.0.5
  • 45939fe Bump github/codeql-action from 4.35.1 to 4.35.2
  • Additional commits viewable in compare view

Updates github.com/google/go-containerregistry from 0.21.1 to 0.21.7

Release notes

Sourced from github.com/google/go-containerregistry's releases.

v0.21.7

What's Changed

New Contributors

Full Changelog: google/go-containerregistry@v0.21.6...v0.21.7

v0.21.6

What's Changed

... (truncated)

Commits
  • c68d899 Bump go version to 1.26.4 (#2350)
  • da61d86 transport: do not re-attach bearer token after cross-host redirect (#2349)
  • 09fe1e5 fix(tarball): normalize paths when matching files (#2334)
  • 5baa399 build(deps): bump the go-deps group across 3 directories with 4 updates (#2348)
  • 97a8a17 fix(transport): apply refreshed bearer token after cross-host redirect (#2337)
  • e963497 internal/gzip: fix goroutine leak in ReadCloserLevel (#2347)
  • 02649ea fix: prevent SSRF in google.List() pagination (#2332)
  • 7204b40 build(deps): bump the actions group across 1 directory with 2 updates (#2344)
  • 4cfaa93 build(deps): bump the go-deps group across 1 directory with 2 updates (#2343)
  • 6849394 pkg/registry: export RedirectError (#2177)
  • Additional commits viewable in compare view

Updates github.com/operator-framework/operator-registry from 1.69.0 to 1.72.0

Release notes

Sourced from github.com/operator-framework/operator-registry's releases.

v1.72.0

What's Changed

Full Changelog: operator-framework/operator-registry@v1.71.0...v1.72.0

v1.71.0

What's Changed

Full Changelog: operator-framework/operator-registry@v1.70.0...v1.71.0

v1.70.0

What's Changed

Full Changelog: operator-framework/operator-registry@v1.69.0...v1.70.0

Commits

Updates github.com/vbauerster/mpb/v8 from 8.12.0 to 8.12.1

Release notes

Sourced from github.com/vbauerster/mpb/v8's releases.

v8.12.1

Full Changelog: vbauerster/mpb@v8.12.0...v8.12.1

Commits
  • 1fcdadd v8.12.1
  • 98992b5 go get -u
  • eb5935a feat: ToBuilder() BarFillerBuilder
  • cf7d4dc refactor: iTip is iLen
  • 9af2c34 refactor: drop SpinnerStyleComposer interface
  • 050fe87 refactor: drop BarStyleComposer interface
  • a03d9e1 refactor: proxywriter_test with ewma
  • 4c4ab56 refactor: proxywriter_test
  • 2208a21 refactor: proxyreader_test with ewma
  • 7db7229 refactor: proxyreader_test
  • Additional commits viewable in compare view

Updates golang.org/x/crypto from 0.51.0 to 0.53.0

Commits
  • 45460e0 go.mod: update golang.org/x dependencies
  • d37c95e pkcs12: limit PBKDF iteration count to prevent CPU exhaustion
  • e2ffffe ssh: reject incomplete gssapi-with-mic configurations
  • 60e158a ssh/test: isolate CLI tests from user SSH config and agent
  • 1b77d23 ssh/knownhosts: reject lines with multiple or unknown markers
  • 3872a2b ssh/knownhosts: verify declared key type matches decoded key
  • 9f72ecc ssh/knownhosts: treat only ASCII space and tab as whitespace
  • 8f405a4 ssh: validate ECDSA curve matches expected algorithm
  • bb41b3d ssh: improve DH GEX group selection using PreferredBits
  • e04e721 ssh/agent: validate ed25519 private key length in Add
  • Additional commits viewable in compare view

Updates golang.org/x/term from 0.43.0 to 0.44.0

Commits

Updates helm.sh/helm/v3 from 3.18.6 to 3.21.2

Release notes

Sourced from helm.sh/helm/v3's releases.

Helm v3.21.2 is a patch release to correct bump the Kubernetes client libraries (client-go, etc) to match the expected Kubernetes v1.36 release. Users are encouraged to upgrade for the best experience.

The community keeps growing, and we'd love to see you there!

  • Join the discussion in Kubernetes Slack:
    • for questions and just to hang out
    • for discussing PRs, code, and bugs
  • Hang out at the Public Developer Call: Thursday, 9:30 Pacific via Zoom
  • Test, debug, and contribute charts: ArtifactHub/packages

Notable Changes

  • Update Kubernetes client libraries to v1.36

Installation and Upgrading

Download Helm v3.21.2. The common platform binaries are here:

This release was signed by @​gjenkins8 with key BF88 8333 D96A 1C18 E268 2AAE D79D 67C9 EC01 6739, which can be found at https://keys.openpgp.org/vks/v1/by-fingerprint/BF888333D96A1C18E2682AAED79D67C9EC016739. Please use the attached signatures for verifying this release using gpg.

The Quickstart Guide will get you going from there. For upgrade instructions or detailed installation notes, check the install guide. You can also use a script to install on any system with bash.

What's Next

  • 3.21.3 will contain only bug fixes.
  • 3.22.0 is the next (and final) Helm 3 feature release

Changelog

  • chore(deps): bump the k8s-io group with 2 updates 125963406833fe0525be91f46c8b5b0f22fb9e32 (dependabot[bot])
  • fixes b52e27609b4420d206c1874ce9b0c75e271665e7 (Matheus Pimenta)
  • chore(deps): bump the k8s-io group across 1 directory with 2 updates 3342dbfec8f39776a9accd50fa91a52d68673af1 (dependabot[bot])

Full Changelog: helm/helm@v3.21.1...v3.21.2

Helm v3.21.1 is a patch release. Users are encouraged to upgrade for the best experience.

The community keeps growing, and we'd love to see you there!

... (truncated)

Commits
  • 1259634 chore(deps): bump the k8s-io group with 2 updates
  • b52e276 fixes
  • 3342dbf chore(deps): bump the k8s-io group across 1 directory with 2 updates
  • c56dd00 fix(action): avoid nil REST client getter panic when installing CRDs
  • 702529f fix(registry): keep credentials on plain-HTTP fallback with oras-go v2.6.1
  • 178e120 chore(deps): bump oras.land/oras-go/v2 from 2.6.0 to 2.6.1
  • dcf35f8 chore(deps): bump golang.org/x/crypto from 0.52.0 to 0.53.0
  • 44aff8b chore(deps): bump golang.org/x/term from 0.43.0 to 0.44.0
  • ae2f31f chore(deps): bump golang.org/x/text from 0.37.0 to 0.38.0
  • 402225f Update .github/env
  • Additional commits viewable in compare view

Updates github.com/docker/cli from 29.5.2+incompatible to 29.5.3+incompatible

Commits
  • d1c06ef Merge pull request #7022 from mickael-docker/docs-request-field
  • 7dd053b Merge pull request #7003 from thaJeztah/logs_links
  • 37c3d31 Merge pull request #7024 from thaJeztah/add_zizmor
  • 45f10f2 Merge pull request #7025 from vvoland/update-go
  • b458dc9 update to go1.26.4
  • 1953194 gha: apply zizmor fixes
  • ac0419e gha: add zizmor workflow
  • 1aa0416 docs: recommend default deny and clarify requesturi field
  • 3a85952 Merge pull request #7020 from thaJeztah/full_semver
  • 8d3fbdf Merge pull request #7019 from thaJeztah/dependabot_labels
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Summary by CodeRabbit

  • Chores
    • Updated the app to a newer Go version and refreshed several dependencies across the stack.
    • Brought Kubernetes, Helm, OpenTelemetry, and container-related libraries up to date for improved compatibility and reliability.
    • Removed a couple of no-longer-needed dependency entries.

Bumps the oc-mirror-v2-version-updates group with 8 updates:

| Package | From | To |
| --- | --- | --- |
| [github.com/Masterminds/semver/v3](https://github.com/Masterminds/semver) | `3.4.0` | `3.5.0` |
| [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry) | `0.21.1` | `0.21.7` |
| [github.com/operator-framework/operator-registry](https://github.com/operator-framework/operator-registry) | `1.69.0` | `1.72.0` |
| [github.com/vbauerster/mpb/v8](https://github.com/vbauerster/mpb) | `8.12.0` | `8.12.1` |
| [golang.org/x/crypto](https://github.com/golang/crypto) | `0.51.0` | `0.53.0` |
| [golang.org/x/term](https://github.com/golang/term) | `0.43.0` | `0.44.0` |
| [helm.sh/helm/v3](https://github.com/helm/helm) | `3.18.6` | `3.21.2` |
| [github.com/docker/cli](https://github.com/docker/cli) | `29.5.2+incompatible` | `29.5.3+incompatible` |


Updates `github.com/Masterminds/semver/v3` from 3.4.0 to 3.5.0
- [Release notes](https://github.com/Masterminds/semver/releases)
- [Changelog](https://github.com/Masterminds/semver/blob/master/CHANGELOG.md)
- [Commits](Masterminds/semver@v3.4.0...v3.5.0)

Updates `github.com/google/go-containerregistry` from 0.21.1 to 0.21.7
- [Release notes](https://github.com/google/go-containerregistry/releases)
- [Commits](google/go-containerregistry@v0.21.1...v0.21.7)

Updates `github.com/operator-framework/operator-registry` from 1.69.0 to 1.72.0
- [Release notes](https://github.com/operator-framework/operator-registry/releases)
- [Commits](operator-framework/operator-registry@v1.69.0...v1.72.0)

Updates `github.com/vbauerster/mpb/v8` from 8.12.0 to 8.12.1
- [Release notes](https://github.com/vbauerster/mpb/releases)
- [Commits](vbauerster/mpb@v8.12.0...v8.12.1)

Updates `golang.org/x/crypto` from 0.51.0 to 0.53.0
- [Commits](golang/crypto@v0.51.0...v0.53.0)

Updates `golang.org/x/term` from 0.43.0 to 0.44.0
- [Commits](golang/term@v0.43.0...v0.44.0)

Updates `helm.sh/helm/v3` from 3.18.6 to 3.21.2
- [Release notes](https://github.com/helm/helm/releases)
- [Commits](helm/helm@v3.18.6...v3.21.2)

Updates `github.com/docker/cli` from 29.5.2+incompatible to 29.5.3+incompatible
- [Commits](docker/cli@v29.5.2...v29.5.3)

---
updated-dependencies:
- dependency-name: github.com/Masterminds/semver/v3
  dependency-version: 3.5.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: oc-mirror-v2-version-updates
- dependency-name: github.com/google/go-containerregistry
  dependency-version: 0.21.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: oc-mirror-v2-version-updates
- dependency-name: github.com/operator-framework/operator-registry
  dependency-version: 1.72.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: oc-mirror-v2-version-updates
- dependency-name: github.com/vbauerster/mpb/v8
  dependency-version: 8.12.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: oc-mirror-v2-version-updates
- dependency-name: golang.org/x/crypto
  dependency-version: 0.53.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: oc-mirror-v2-version-updates
- dependency-name: golang.org/x/term
  dependency-version: 0.44.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: oc-mirror-v2-version-updates
- dependency-name: helm.sh/helm/v3
  dependency-version: 3.21.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: oc-mirror-v2-version-updates
- dependency-name: github.com/docker/cli
  dependency-version: 29.5.3+incompatible
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: oc-mirror-v2-version-updates
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Jul 1, 2026
@coderabbitai

coderabbitai Bot commented Jul 1, 2026

Copy link
Copy Markdown

Note

Currently processing new changes in this PR. This may take a few minutes, please wait...

⚙️ Run configuration

Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 3f8e4325-6df2-41ea-9d55-dc391fcbe28b

📥 Commits

Reviewing files that changed from the base of the PR and between c3552e2 and 433a0b9.

⛔ Files ignored due to path filters (1)
  • go.sum is excluded by !**/*.sum
📒 Files selected for processing (1)
  • go.mod
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch dependabot/go_modules/oc-mirror-v2-version-updates-b28242ff4e

Comment @coderabbitai help to get the list of available commands.

@openshift-ci openshift-ci Bot requested review from dorzel and r4f4 July 1, 2026 05:54
@openshift-ci

openshift-ci Bot commented Jul 1, 2026

Copy link
Copy Markdown

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: dependabot[bot]
Once this PR has been reviewed and has the lgtm label, please assign aguidirh for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci openshift-ci Bot added the needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. label Jul 1, 2026
@openshift-ci

openshift-ci Bot commented Jul 1, 2026

Copy link
Copy Markdown

Hi @dependabot[bot]. Thanks for your PR.

I'm waiting for a openshift member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work.

Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file go Pull requests that update Go code needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants