🌱 Bump the gomod group across 2 directories with 11 updates

[dependabot]

Bumps the gomod group with 9 updates in the / directory:

Package	From	To
github.com/go-git/go-git/v5	5.16.3	5.16.4
github.com/moby/buildkit	0.25.2	0.26.2
github.com/spf13/cobra	1.10.1	1.10.2
gocloud.dev	0.43.0	0.44.0
golang.org/x/text	0.30.0	0.31.0
github.com/google/osv-scanner/v2	2.2.4	2.3.0
gitlab.com/gitlab-org/api/client-go	0.159.0	1.7.0
cloud.google.com/go/storage	1.57.1	1.58.0
github.com/go-git/go-billy/v5	5.6.2	5.7.0

Bumps the gomod group with 2 updates in the /tools directory: github.com/golangci/golangci-lint/v2 and github.com/goreleaser/goreleaser/v2.

Updates github.com/go-git/go-git/v5 from 5.16.3 to 5.16.4

Release notes

Sourced from github.com/go-git/go-git/v5's releases.

v5.16.4

What's Changed

• backport plumbing: format/idxfile, prevent panic by @​swills in go-git/go-git#1732
• [backport] build: test, Fix build on Windows. by @​pjbgf in go-git/go-git#1734
• build: Update module golang.org/x/net to v0.38.0 [SECURITY] (releases/v5.x) by @​go-git-renovate[bot] in go-git/go-git#1742
• build: Update module github.com/cloudflare/circl to v1.6.1 [SECURITY] (releases/v5.x) by @​go-git-renovate[bot] in go-git/go-git#1741
• build: Update module github.com/go-git/go-git/v5 to v5.13.0 [SECURITY] (releases/v5.x) by @​go-git-renovate[bot] in go-git/go-git#1743

Full Changelog: go-git/go-git@v5.16.3...v5.16.4

Commits

• de8ecc3 Merge pull request #1743 from go-git/renovate/releases/v5.x-go-github.com-go-...
• 3e752f0 build: Update module github.com/go-git/go-git/v5 to v5.13.0 [SECURITY]
• 3a31754 Merge pull request #1741 from go-git/renovate/releases/v5.x-go-github.com-clo...
• acc28f1 build: Update module github.com/cloudflare/circl to v1.6.1 [SECURITY]
• 95f3880 Merge pull request #1742 from go-git/renovate/releases/v5.x-go-golang.org-x-n...
• 329f926 build: Update module golang.org/x/net to v0.38.0 [SECURITY]
• 399e04b Merge pull request #1734 from pjbgf/fix-ci
• 2025eae build: test, Fix build on Windows.
• fb6806f Merge pull request #1732 from swills/find-hash-panic-fix-backport
• 382530f plumbing: format/idxfile, prevent panic
• See full diff in compare view

Updates github.com/moby/buildkit from 0.25.2 to 0.26.2

Release notes

Sourced from github.com/moby/buildkit's releases.

v0.26.2

Welcome to the v0.26.2 release of buildkit!

Please try out the release binaries and report any issues at https://github.com/moby/buildkit/issues.

Contributors

• CrazyMax
• Tõnis Tiigi

Notable Changes

• Fix possible error when uploading big files to S3 cache exporter #6373

Dependency Changes

This release has no dependency changes

Previous release can be found at v0.26.1

v0.26.1

Welcome to the v0.26.1 release of buildkit!

Please try out the release binaries and report any issues at https://github.com/moby/buildkit/issues.

Contributors

• Tõnis Tiigi

Notable Changes

• Fix excessive chunking when fetching blobs #6366

Dependency Changes

This release has no dependency changes

Previous release can be found at v0.26.0

v0.26.0

buildkit 0.26.0

Welcome to the v0.26.0 release of buildkit!

... (truncated)

Commits

• be1f38e Merge pull request #6374 from crazy-max/0.26_picks_0.26.2
• 8a34dcd cache(s3): request checksum calculation when required
• 29fc55f Merge pull request #6367 from tonistiigi/v0.26-picks
• 247e13c contentutil: avoid defaulting to ReadAt for fetch
• a8e548f Merge pull request #4673 from bpascard/master
• cc2d332 Merge pull request #6351 from thaJeztah/bump_tarsplit
• 640f8bb Merge pull request #6349 from tonistiigi/dockerd-test-fixes
• c3fd6a3 vendor: github.com/vbatts/tar-split v0.12.2
• 2224254 test: test updates for dockerd
• a2a940e Merge pull request #6345 from tonistiigi/cap-session-policy
• Additional commits viewable in compare view

Updates github.com/spf13/cobra from 1.10.1 to 1.10.2

Release notes

Sourced from github.com/spf13/cobra's releases.

v1.10.2

🔧 Dependencies

• chore: Migrate from gopkg.in/yaml.v3 to go.yaml.in/yaml/v3 by @​dims in spf13/cobra#2336 - the gopkg.in/yaml.v3 package has been deprecated for some time: this should significantly cleanup dependency/supply-chains for consumers of spf13/cobra

📈 CI/CD

• Fix linter and allow CI to pass by @​marckhouzam in spf13/cobra#2327
• fix: actions/setup-go v6 by @​jpmcb in spf13/cobra#2337

🔥✍🏼 Docs

• Add documentation for repeated flags functionality by @​rvergis in spf13/cobra#2316

🍂 Refactors

• refactor: replace several vars with consts by @​htoyoda18 in spf13/cobra#2328
• refactor: change minUsagePadding from var to const by @​ssam18 in spf13/cobra#2325

🤗 New Contributors

• @​rvergis made their first contribution in spf13/cobra#2316
• @​htoyoda18 made their first contribution in spf13/cobra#2328
• @​ssam18 made their first contribution in spf13/cobra#2325
• @​dims made their first contribution in spf13/cobra#2336

Full Changelog: spf13/cobra@v1.10.1...v1.10.2

Thank you to our amazing contributors!!!!! 🐍 🚀

Commits

• 88b30ab chore: Migrate from gopkg.in/yaml.v3 to go.yaml.in/yaml/v3 (#2336)
• 346d408 fix: actions/setup-go v6 (#2337)
• fc81d20 refactor: change minUsagePadding from var to const (#2325)
• 117698a refactor: replace several vars with consts (#2328)
• e2dd29d Add documentation for repeated flags functionality (#2316)
• 0629892 Fix linter (#2327)
• See full diff in compare view

Updates gocloud.dev from 0.43.0 to 0.44.0

Release notes

Sourced from gocloud.dev's releases.

v0.44.0

What's Changed

• all: remove docstore/awsdynamodb v1 and other vestiges of awsv1 by @​vangent in google/go-cloud#3605

blob

• blob: add ListIterator.All, a Go 1.23 iterator by @​vangent in google/go-cloud#3608
• blob/gcsblob: allow providing a storage.Client directly (e.g., to use a gRPC-based client) by @​vangent in google/go-cloud#3616
• blob/s3blob: make it possible to configure the default integrity protection by @​stanhu in google/go-cloud#3634
• blob/azureblob: improve error handling by @​SoMuchForSubtlety in google/go-cloud#3636
• blob/azureblob: handle more precondition errors by @​SoMuchForSubtlety in google/go-cloud#3637

pubsub

• pubsub/gcppubsubv2: Add a new pubsub driver using GCP's v2 library. by @​vangent in google/go-cloud#3622

docstore

• docstore/memdocstore: add support for atomic writes by @​sandeepvinayak in google/go-cloud#3606

mysql

• mysql/awsmysql: support IAM authenticate with AssumeRole by @​giautm in google/go-cloud#3623
• mysql/awsmysql: allow refreshing the IAM token when it is expired by @​giautm in google/go-cloud#3625
• mysql/awsmysql: use otelsql.OpenDB() to wrap the connector by @​giautm in google/go-cloud#3626
• mysql/awsmysql: allow injecting HTTP client by @​giautm in google/go-cloud#3628
• mysql/awsmysql: pass TLS directly to the config by @​giautm in google/go-cloud#3627
• mysql/gcpmysql: use otelsql.OpenDB() to wrap the connector by @​giautm in google/go-cloud#3630
• mysql: use otelsql.OpenDB() to wrap the connector by @​giautm in google/go-cloud#3631
• mysql/azuremysql: use otelsql.OpenDB() to wrap the connector by @​giautm in google/go-cloud#3629
• mysql/gcpmysql: pass DialFunc directly to MySQL config by @​giautm in google/go-cloud#3632
• mysql/azuremysql: pass TLS directly to MySQL config by @​giautm in google/go-cloud#3633

New Contributors

• @​wadgamaraldeen made their first contribution in google/go-cloud#3620
• @​SoMuchForSubtlety made their first contribution in google/go-cloud#3635

Full Changelog: google/go-cloud@v0.43.0...v0.44.0

Commits

• a52bb66 all: prep for release (#3641)
• 771a4a7 blob/azureblob: handle more precondition errors (#3637)
• dfa0635 blob/azureblob: refactor error handling and add test recording (#3636)
• f1d2dbc blob/s3blob: make it possible to configure the default integrity protection (...
• eff724a blob/azureblob: handle precondition error for BlobExists (#3635)
• 7553548 mysql/azuremysql: pass TLS directly to MySQL config (#3633)
• 8badd8f mysql/gcpmysql: pass DialFunc directly to MySQL config (#3632)
• 5590aca mysql/azuremysql: use otelsql.OpenDB to wrap the connector (#3629)
• 0efbc16 mysql: use otelsql.OpenDB to wrap the connector (#3631)
• bc60307 mysql/gcpmysql: use otelsql.OpenDB to wrap the connector (#3630)
• Additional commits viewable in compare view

Updates golang.org/x/text from 0.30.0 to 0.31.0

Commits

• e7ff6b3 go.mod: update golang.org/x dependencies
• fbf012b all: use reflect.TypeFor instead of reflect.TypeOf
• See full diff in compare view

Updates github.com/google/osv-scanner/v2 from 2.2.4 to 2.3.0

Release notes

Sourced from github.com/google/osv-scanner/v2's releases.

v2.3.0

This release migrates to the new osv.dev and osv-schema proto bindings for its internal data models (#2328). This is primarily an internal change and should not impact users.

Features:

• [Feature #2321](google/osv-scanner#2321) Add support for license checks for RubyGems.
• [Feature #2294](google/osv-scanner#2294) Replace requirementsenhanceable extractor with transitive enricher.
• [Feature #2344](google/osv-scanner#2344) Use osduplicate annotators.

Fixes:

• [Bug #2329](google/osv-scanner#2329) Add --ignore-scripts flag to npm lockfile generation.
• [Bug #2311](google/osv-scanner#2311) Improve logic for --all-packages flag.
• [Bug #2309](google/osv-scanner#2309) Exit with a non-zero code when showing help.
• [Bug #2316](google/osv-scanner#2316) Pre-commit hook now defaults to scanning current directory instead of failing.
• [Bug #1507 (osv-scalibr)](google/osv-scalibr#1507) Interpolate Maven projects before extracting repositories.

New Contributors

• @​Ly-Joey made their first contribution in google/osv-scanner#2311
• @​pcastellazzi made their first contribution in google/osv-scanner#2316

Full Changelog: google/osv-scanner@v2.2.4...v2.3.0

Changelog

Sourced from github.com/google/osv-scanner/v2's changelog.

v2.3.0

This release migrates to the new osv.dev and osv-schema proto bindings for its internal data models (#2328). This is primarily an internal change and should not impact users.

Features:

• [Feature #2321](google/osv-scanner#2321) Add support for license checks for RubyGems.
• [Feature #2294](google/osv-scanner#2294) Replace requirementsenhanceable extractor with transitive enricher.
• [Feature #2344](google/osv-scanner#2344) Use osduplicate annotators.

Fixes:

• [Bug #2329](google/osv-scanner#2329) Add --ignore-scripts flag to npm lockfile generation.
• [Bug #2311](google/osv-scanner#2311) Improve logic for --all-packages flag.
• [Bug #2309](google/osv-scanner#2309) Exit with a non-zero code when showing help.
• [Bug #2316](google/osv-scanner#2316) Pre-commit hook now defaults to scanning current directory instead of failing.
• [Bug #1507 (osv-scalibr)](google/osv-scalibr#1507) Interpolate Maven projects before extracting repositories.

Commits

• b0b6027 chore: OSV-Scanner Release 2.3.0 (#2350)
• b32306c feat: update osv-scalibr (#2352)
• b8a7531 test: update snapshots (#2353)
• 0c8d19f feat: update osv-scalibr (#2349)
• 160118d chore(deps): update github/codeql-action action to v4.31.3 (#2347)
• e1e532f feat: replace requirementsenhanceable extractor with transitive enricher (#...
• 12ad8d7 fix(deps): update osv-scanner minor (#2346)
• a2268ad feat: update osv-scalibr (#2345)
• daa38bc test: update snapshots (#2348)
• 9e193da feat: Use osduplicate annotators instead (#2344)
• Additional commits viewable in compare view

Updates gitlab.com/gitlab-org/api/client-go from 0.159.0 to 1.7.0

Release notes

Sourced from gitlab.com/gitlab-org/api/client-go's releases.

v1.7.0

1.7.0

🚀 Features

• feat(users): Add support for a user to see only one file diff per page (!2597) by Zubeen

1.7.0 (2025-12-06)

Features

• users: Add support for a user to see only one file diff per page (e2a9e09)

v1.6.0

1.6.0

🚀 Features

• feat: add admin compliance policy settings API (!2610) by Hannes Lange

🔄 Other Changes

• doc: fix typo (!2603) by Guilhem Bonnefille
• chore(deps): update golangci/golangci-lint docker tag to v2.7.1 (!2611) by GitLab Dependency Bot
• chore(deps): update docker docker tag to v29.1.2 (!2609) by GitLab Dependency Bot
• chore(deps): update golangci/golangci-lint docker tag to v2.7.0 (!2608) by GitLab Dependency Bot

1.6.0 (2025-12-05)

Features

• add admin compliance policy settings API (5c17773)

v1.5.0

1.5.0

🚀 Features

• feat(Project Mirrors): Add missing Mirror attributes when reading or updating Project Mirrors (!2600) by Patrick Rice

1.5.0 (2025-12-03)

... (truncated)

Changelog

Sourced from gitlab.com/gitlab-org/api/client-go's changelog.

1.7.0

🚀 Features

• feat(users): Add support for a user to see only one file diff per page (!2597) by Zubeen

1.7.0 (2025-12-06)

Features

• users: Add support for a user to see only one file diff per page (e2a9e09)

1.6.0

🚀 Features

• feat: add admin compliance policy settings API (!2610) by Hannes Lange

🔄 Other Changes

• doc: fix typo (!2603) by Guilhem Bonnefille
• chore(deps): update golangci/golangci-lint docker tag to v2.7.1 (!2611) by GitLab Dependency Bot
• chore(deps): update docker docker tag to v29.1.2 (!2609) by GitLab Dependency Bot
• chore(deps): update golangci/golangci-lint docker tag to v2.7.0 (!2608) by GitLab Dependency Bot

1.6.0 (2025-12-05)

Features

• add admin compliance policy settings API (5c17773)

1.5.0

🚀 Features

• feat(Project Mirrors): Add missing Mirror attributes when reading or updating Project Mirrors (!2600) by Patrick Rice

1.5.0 (2025-12-03)

Features

... (truncated)

Commits

• 5067f7a chore(release): 1.7.0 [skip ci]
• 148bc57 Merge branch 'addViewDiffs' into 'main'
• e2a9e09 feat(users): Add support for a user to see only one file diff per page
• 91c5106 chore(release): 1.6.0 [skip ci]
• b724fd2 Merge branch 'add-admin-compliance-policy-settings-api' into 'main'
• 5c17773 feat: add admin compliance policy settings API
• 25c5c89 Merge branch 'patch-1' into 'main'
• 910f188 doc(no-release): fix typo
• c748285 Merge branch 'renovate/golangci-golangci-lint-2.x' into 'main'
• 3df4948 chore(deps): update golangci/golangci-lint docker tag to v2.7.1
• Additional commits viewable in compare view

Updates cloud.google.com/go/storage from 1.57.1 to 1.58.0

Release notes

Sourced from cloud.google.com/go/storage's releases.

storage 1.58.0

1.58.0 (2025-12-03)

Features

• add object contexts in Go GCS SDK (#13390) (079c4d96)

• calculate crc32c by default and pass checksum in trailing and per-chunk request (#13205) (2ab1c778)

• add support for partial success in ListBuckets (#13320) (d91e47f2)

Bug Fixes

• omit empty filter in http list object request (#13434) (377eb13b)

storage 1.57.2

1.57.2 (2025-11-14)

Features

Bug Fixes

• Handle redirect on takeover. (#13354) (b0f13626)

• add env var to allow disabling bound token (#13236) (cdaf6a6d)

Documentation

• updates to docs and docs formatting (PiperOrigin-RevId: 828488192) (93ca68d5)

Commits

• e68777c chore(main): release spanner 1.58.0 (#9423)
• 6deb969 docs(pubsub): check for nil responses for receive examples (#9516)
• e54989e chore: remove old samples that no longer compile (#9510)
• 1cf28f6 docs(run): clarify some defaults and required or optional values (#9505)
• dbd8f28 chore(main): release firestore 1.15.0 (#8918)
• d320daa doc(datastore): Add document around FitlerField (#7536)
• 07ece0f chore: release main (#9484)
• b06f2b9 chore(all): update deps (#9467)
• e5d0c2f doc(storage): update gRPC docs (#9488)
• ae1f547 feat(compute): Update Compute Engine API to revision 20240220 (#886) (#9485)
• Additional commits viewable in compare view

Updates github.com/go-git/go-billy/v5 from 5.6.2 to 5.7.0

Release notes

Sourced from github.com/go-git/go-billy/v5's releases.

v5.7.0

What's Changed

• Add support for Chmod on billy.Filesystem by @​bitfehler in go-git/go-billy#171
• build: Update module golang.org/x/net to v0.38.0 [SECURITY] (releases/v5.x) by @​go-git-renovate[bot] in go-git/go-billy#177

Full Changelog: go-git/go-billy@v5.6.2...v5.7.0

Commits

• cc50ee7 Merge pull request #177 from go-git/renovate/releases/v5.x-go-golang.org-x-ne...
• c3a9003 build: Update module golang.org/x/net to v0.38.0 [SECURITY]
• 9263834 Merge pull request #171 from bitfehler/releases/v5.x
• 94b84fc Add support for Chmod on billy.Filesystem
• See full diff in compare view

Updates github.com/golangci/golangci-lint/v2 from 2.6.1 to 2.7.2

Release notes

Sourced from github.com/golangci/golangci-lint/v2's releases.

v2.7.2

golangci-lint is a free and open-source project built by volunteers.

If you value it, consider supporting us, the maintainers and linter authors.

We appreciate it! ❤️

For key updates, see the changelog.

Changelog

• ceaf3c0cea244c3daaafad6711a9764e0d7fe2e7 build(deps): bump github.com/securego/gosec/v2 from 2.22.10 to daccba6b93d7 (#6238)
• 031b1081c61e4d4bd9a17cfb9e2f79432c3b7858 build(deps): bump github.com/spf13/cobra from 1.10.1 to 1.10.2 (#6240)

v2.7.1

golangci-lint is a free and open-source project built by volunteers.

If you value it, consider supporting us, the maintainers and linter authors.

We appreciate it! ❤️

For key updates, see the changelog.

Changelog

• c5e3dec4c425d1c1fc79043a7c72509138c3f6c4 modernize: disable stringscut analyzer (#6233)

v2.7.0

golangci-lint is a free and open-source project built by volunteers.

If you value it, consider supporting us, the maintainers and linter authors.

We appreciate it! ❤️

For key updates, see the changelog.

Changelog

• cfbf62e79a9c6d9a76e2f63bf77050dca2df628e build(deps): bump github.com/MirrexOne/unqueryvet from 1.2.1 to 1.3.0 (#6177)
• c7c1cb69f9b3e67a276cb572d8acd51f2f531198 build(deps): bump github.com/catenacyber/perfsprint from 0.10.0 to 0.10.1 (#6196)
• 115d5961370a11d57e141a857273fd88ee77ce21 build(deps): bump github.com/godoc-lint/godoc-lint from 0.10.1 to 0.10.2 (#6228)
• 0212d7c8deac16c2f1a48e0b1e1d5a282dee15f4 build(deps): bump github.com/hashicorp/go-version from 1.7.0 to 1.8.0 (#6222)
• 3a046315754a6083e89e8f30d3507c1542e0b685 build(deps): bump github.com/mgechev/revive from 1.12.0 to 1.13.0 (#6195)
• 23f63fd71c12c3e27dcbcd3b6819eb33e3e5714a build(deps): bump github.com/shirou/gopsutil/v4 from 4.25.10 to 4.25.11 (#6229)
• de3c6c7393ba4482d3f2baca06390eee3a2e0765 build(deps): bump github.com/stbenjam/no-sprintf-host-port from 0.2.0 to 0.3.1 (#6162)
• 0014498f1fc3e1f056a29ea8c08a14a8f4a1b903 build(deps): bump github.com/tomarrell/wrapcheck/v2 from 2.11.0 to 2.12.0 (#6221)
• ee422dd0edb350b9fc0cebcad310182ca34cd23f build(deps): bump golang.org/x/mod from 0.29.0 to 0.30.0 (#6197)
• 2c9d09be75377a164aec2e16b9945aaef05b9437 build(deps): bump golang.org/x/sys from 0.37.0 to 0.38.0 (#6194)
• 9da4c1d438208ed19acdf22d136b93ad9f2701b0 build(deps): bump golang.org/x/tools from 0.38.0 to 0.39.0 (#6193)
• 9a9fd5b1d9fd89b914d8bb0003350d73bd6c76ee build(deps): bump the github-actions group with 2 updates (#6211)
• db0d9093b100a21b8e4aee25fc785e8bcc7df1c6 feat: add some flags to the custom command (#6184)
• 101ccaca0df22b2e36dd917ed5d0be423baa6298 fix: clone args used by custom command (#6206)

... (truncated)

Changelog

Sourced from github.com/golangci/golangci-lint/v2's changelog.

v2.7.2

Released on 2025-12-07

1. Linter bug fixes
   • gosec: from 2.22.10 to daccba6b93d7

v2.7.1

Released on 2025-12-04

1. Linter bug fixes
   • modernize: disable stringscut analyzer

v2.7.0

Released on 2025-12-03

1. Bug fixes
   • fix: clone args used by custom command
2. Linters new features or changes
   • no-sprintf-host-port: from 0.2.0 to 0.3.1 (ignore string literals without a colon)
   • unqueryvet: from 1.2.1 to 1.3.0 (handles const and var declarations)
   • revive: from 1.12.0 to 1.13.0 (new option: enable-default-rules, new rules: forbidden-call-in-wg-go, unnecessary-if, inefficient-map-lookup)
   • modernize: from 0.38.0 to 0.39.0 (new analyzers: plusbuild, stringscut)
3. Linters bug fixes
   • perfsprint: from 0.10.0 to 0.10.1
   • wrapcheck: from 2.11.0 to 2.12.0
   • godoc-lint: from 0.10.1 to 0.10.2
4. Misc.
   • Add some flags to the custom command
5. Documentation
   • docs: split changelog v1 and v2

v2.6.2

Released on 2025-11-14

1. Bug fixes
   • fmt command with symlinks
   • use file depending on build configuration to invalidate cache
2. Linters bug fixes
   • testableexamples: from 1.0.0 to 1.0.1
   • testpackage: from 1.1.1 to 1.1.2

Commits

• 9f61b0f chore: prepare release
• 031b108 build(deps): bump github.com/spf13/cobra from 1.10.1 to 1.10.2 (#6240)
• ceaf3c0 build(deps): bump github.com/securego/gosec/v2 from 2.22.10 to daccba6b93d7 (...
• 0197688 docs: add thanks to the creator of golangci-lint (#6239)
• 5de45da docs: update GitHub Action assets (#6235)
• a4b55eb chore: prepare release
• c5e3dec modernize: disable stringscut analyzer (#6233)
• 284a5f3 docs: add missing release date
• f6a449f docs: update documentation assets (#6230)
• 84729b8 docs: update GitHub Action assets (#6231)
• Additional commits viewable in compare view

Updates github.com/goreleaser/goreleaser/v2 from 2.12.7 to 2.13.1

Release notes

Sourced from github.com/goreleaser/goreleaser/v2's releases.

v2.13.1

Announcement

Read the official announcement: Announcing GoReleaser v2.13.

Changelog

Security updates

• 9d07987ccb4b7e49a59b2fd23318708541ff29e7: sec: update to go 1.25.5 (@​caarlos0)

Bug fixes

• 694eec53d383cef635b9c29ee04308b171f09bdd: fix(github): improve create/update file (#6280) (@​caarlos0)
• 311253b610d049e5abb8c7b21c84002e47939946: fix(ko): do not fail if docker daemon not available (@​caarlos0)
• 3f07552ca421e670339686dbf1b6f2b368fc1b55: fix(mcp): its actually the committee mcp registry (#6283) (@​caarlos0)
• 0b98d10daa5ad6959ce1506d3a2c2757bec33398: fix: lint (@​caarlos0)
• 7d7986f072c05b96dc839d44a1632bf3196892c4: fix: update run script to new cosign signature check (@​caarlos0)

Documentation updates

• 95b9db9ee9976939e8dc70206aef3c24142d8cc6: docs: announce v2.13 (#6270) (@​caarlos0)
• 86368f777644664aeea7596b63f371a63ef3644d: docs: clarify deprecation policy (@​caarlos0)
• c4fe18bf1a624187a3512d64817954e3a95bd8a1: docs: update sign.md (@​caarlos0)

Other work

• 2ea7bc93749daeda802ccf596edd0084eaa565ec: chore: issue templates (@​caarlos0)
• 4eb5b18b739d08da0b4426480cbec207e436d8c7: chore: issue templates (@​caarlos0)
• 460ebca54853f2d536057b721cd9f92990498b69: chore: update issue templates (@​caarlos0)
• 6914329ccebabf730d3827783d6cb7ceba414fd7: ci(deps): bump the actions group with 4 updates (#6287) (@​dependabot[bot])
• 1e190b414026e40670d6ad78aa4de6127e8bf287: ci(sec): fix sbom job (@​caarlos0)
• 1072df26287a04f74bda264ab51338b51b2d1262: ci(sec): improve sbom scan job (@​caarlos0)
• bfd04a064174cfe74c93120e702b406308cbdba8: ci(sec): periodically scan last release sboms (#6281) (@​caarlos0)

Full Changelog: goreleaser/goreleaser@v2.13.0...v2.13.1

Helping out

This release is only possible thanks to all the support of some awesome people!

Want to be one of them? You can sponsor, get a Pro License or contribute with code.

Where to go next?

• Find examples and commented usage of all options in our website.
• Reach out on Discord and Twitter!

v2.13.0

Announcement

Read the official announcement: Announcing GoReleaser v2.13.

Changelog

... (truncated)

Commits

• 7069055 chore: auto-update generated files
• 0b98d10 fix: lint
• c4fe18b docs: update sign.md
• 2ea7bc9 chore: issue templates
• 4eb5b18 chore: issue templates
• 460ebca chore: update issue templates
• 311253b fix(ko): do not fail if docker daemon not available
• 04da593 chore(deps): update 6 dependencies
• 8c33d25 chore(deps): bump golang from 1.25.4-alpine to 1.25.5-alpine in the docker gr...
• 6914329 ci(deps): bump the actions group with 4 updates (#6287)
• Additional commits viewable in compare view

Most Recent Ignore Conditions Applied to This Pull Request

Dependency Name	Ignore Conditions
gitlab.com/gitlab-org/api/client-go	[>= 0.118.a, < 0.119]
gitlab.com/gitlab-org/api/client-go	[>= 0.117.a, < 0.118]
gocloud.dev	[>= 0.42.a, < 0.43]

You can trigger a rebase of this PR by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[spencerschrock]

@dependabot ignore github.com/google/osv-scanner/v2 minor version

[dependabot]

OK, I won't notify you about version 2.3.x of github.com/google/osv-scanner/v2 again, unless you unignore it.

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.