build(deps): bump the project-dependency group across 1 directory with 15 updates

[dependabot]

Bumps the project-dependency group with 9 updates in the / directory:

Package	From	To
github.com/aws/aws-sdk-go-v2	1.41.0	1.42.0
github.com/containerd/cgroups/v3	3.1.2	3.1.3
github.com/docker/docker-credential-helpers	0.8.2	0.9.8
github.com/docker/go-connections	0.6.0	0.7.0
github.com/lima-vm/lima/v2	2.0.3	2.1.2
github.com/onsi/ginkgo/v2	2.27.3	2.30.0
github.com/xorcare/pointer	1.2.2	1.26.0
golang.org/x/crypto	0.52.0	0.53.0
k8s.io/apimachinery	0.34.3	0.36.1

Updates github.com/aws/aws-sdk-go-v2 from 1.41.0 to 1.42.0

Commits

• 9a3190f Release 2026-06-08
• b20dd5b Regenerated Clients
• 75a45ea Update API model
• e736f55 Add preview of changes for standard retry mode behind flag (#3400)
• ba08dc9 Release 2026-06-05.2
• 9a67e21 Revert schema serde (#3442)
• 51692f8 s3/transfermanager: avoid double-closing concurrentReader channel after read ...
• f696d5b Release 2026-06-05
• 7efb8fd Regenerated Clients
• 1a420c5 Update endpoints model
• Additional commits viewable in compare view

Updates github.com/containerd/cgroups/v3 from 3.1.2 to 3.1.3

Release notes

Sourced from github.com/containerd/cgroups/v3's releases.

v3.1.3

What's Changed

• build(deps): bump actions/cache from 4 to 5 by @​dependabot[bot] in containerd/cgroups#385
• Cg2: Expose OOMGroupKill event/writes by @​dcantah in containerd/cgroups#388
• Cg2: Add the ability to filter stats by @​dcantah in containerd/cgroups#387

Full Changelog: containerd/cgroups@v3.1.2...v3.1.3

Commits

• 076b5e0 Merge pull request #387 from dcantah/cg2-stats-filter
• 31da8b0 Merge pull request #388 from dcantah/oom-group-kill
• d72c9ce Cg2: Add ability to set memory.oom.group
• 4584088 Events: Add OOMGroupKill
• 9293fbb Cg2: Add the ability to filter stats
• 568b349 Merge pull request #385 from containerd/dependabot/github_actions/actions/cac...
• 90c5813 build(deps): bump actions/cache from 4 to 5
• See full diff in compare view

Updates github.com/docker/docker-credential-helpers from 0.8.2 to 0.9.8

Release notes

Sourced from github.com/docker/docker-credential-helpers's releases.

v0.9.8

What's Changed

• update to go1.26.4
• wincred: inline label, and append to existing
• build(deps): bump actions/checkout from 6.0.2 to 6.0.3
• build(deps): bump codecov/codecov-action from 6.0.0 to 6.0.1
• build(deps): bump crazy-max/.github/.github/workflows/zizmor.yml from 1.7.1 to 1.10.0
• build(deps): bump docker/bake-action from 7.1.0 to 7.2.0
• build(deps): bump docker/setup-buildx-action from 4.0.0 to 4.1.0
• build(deps): bump docker/setup-qemu-action from 4.0.0 to 4.1.0

Full Changelog: docker/docker-credential-helpers@v0.9.7...v0.9.8

v0.9.7

What's Changed

• update to go1.26.3
• ci: update zizmore action to v1.7.1

Full Changelog: docker/docker-credential-helpers@v0.9.6...v0.9.7

v0.9.6

What's Changed

• update to go1.25.9
• secretservice: allow building on openbsd
• wincred: minor cleanups
• Dockerfile: document build-args
• Dockerfile: update golangci-lint to v2.11
• Dockerfile: update xx to v1.9.0
• ci: set default permissions and timeouts
• ci: update actions
• ci: pin actions by sha
• ci: add zizmor workflow

Full Changelog: docker/docker-credential-helpers@v0.9.5...v0.9.6

v0.9.5

What's Changed

• build(deps): bump actions/checkout from 5 to 6 docker/docker-credential-helpers#395
• build(deps): bump actions/upload-artifact from 4 to 6 docker/docker-credential-helpers#398
• build(deps): bump softprops/action-gh-release from 2.3.3 to 2.4.1 docker/docker-credential-helpers#391
• build(deps): bump softprops/action-gh-release from 2.4.1 to 2.5.0 docker/docker-credential-helpers#397
• Dockerfile: remove redundant DEBIAN_FRONTEND=noninteractive docker/docker-credential-helpers#404
• Dockerfile: update golangci-lint to v2.8 docker/docker-credential-helpers#402
• gha: update some actions to ubuntu 24.04 docker/docker-credential-helpers#401

... (truncated)

Commits

• 4f6bc8a Merge pull request #433 from thaJeztah/wincred_inline
• b0820e3 Merge pull request #441 from docker/dependabot/github_actions/actions/checkou...
• f84e991 Merge pull request #445 from thaJeztah/bump_go_1.26.4
• 65d1391 update to go1.26.4
• d21de35 Merge pull request #444 from docker/dependabot/github_actions/crazy-max/dot-g...
• c6ca626 build(deps): bump actions/checkout from 6.0.2 to 6.0.3
• 1d2dd3d Merge pull request #440 from docker/dependabot/github_actions/docker/setup-qe...
• 3a54b5c Merge pull request #439 from docker/dependabot/github_actions/docker/bake-act...
• b68f2ec Merge pull request #438 from docker/dependabot/github_actions/docker/setup-bu...
• 6107240 build(deps): bump crazy-max/.github/.github/workflows/zizmor.yml
• Additional commits viewable in compare view

Updates github.com/docker/go-connections from 0.6.0 to 0.7.0

Commits

• 7997b0f Merge pull request #156 from thaJeztah/bump_go_winio
• 329724a chore(deps): bump github.com/Microsoft/go-winio v0.6.2
• 161dc9b Merge pull request #155 from thaJeztah/pin_actions
• b115e42 Merge pull request #154 from thaJeztah/fix_non_linux_tests
• 4c35b2a ci: pin actions to sha
• b4454a6 tlsconfig: make root pool tests deterministic across platforms
• 0819711 tlsconfig: certPool: pass options as argument
• 0329635 tlsconfig: rename some vars that shadowed
• 894d811 Merge pull request #150 from thaJeztah/deprecate_SystemCertPool
• 0a1293a Merge pull request #153 from thaJeztah/chachacha
• Additional commits viewable in compare view

Updates github.com/lima-vm/lima/v2 from 2.0.3 to 2.1.2

Release notes

Sourced from github.com/lima-vm/lima/v2's releases.

v2.1.2

Changes

• limactl CLI:

  • fix(shell): check if mounts contain hostCurrentDir, not just len > 0 (#4799, thanks to @​opjt)
  • limactl: add --param shortcut for template parameters (#4873, thanks to @​jandubois)
  • shell: fix path quoting for rsync 3.0.0 through 3.2.3 (#4883, thanks to @​Mysterio-17)
  • pkg/store: treat unknown terminal width as unlimited in limactl ls (#4918, thanks to @​sahitya-chandra)
  • feat: add tab suggestions for --set flag (#5000, thanks to @​Aneesh-Hegde)
  • fix(shell-sync): preserve synced guest changes on TUI interruption (#5002)

• Templates:

  • Update k8s.yaml for bootstrapToken configuration in kubeadm (#4829, thanks to @​techthumb)
  • templates: migrate from cpuType to vmOpts.qemu.cpuType (#4834, thanks to @​AkihiroSuda)
  • Multi node k8s test updates and related fixes (#4835, thanks to @​techthumb)
  • Bump k8s flannel version from 0.27.4 to 0.28.4 (#4843, thanks to @​afbjorklund)
  • templates: add ubuntu-26.04 (#4874, thanks to @​AkihiroSuda)
  • templates: k8s: pin Kubernetes version to 1.36 (#4882, thanks to @​AkihiroSuda)
  • templates: split template:alpine to template:alpine-{3.21,3.22,3.23} (#4897, thanks to @​Mysterio-17)
  • feat(templates): add Fedora 44 template; remove Fedora 41 template (#4905, thanks to @​valdela1)
  • Missing image and checksum for debian-13 riscv64 (#4978, thanks to @​afbjorklund)
  • fix: prevent docker from running as root in rootless environment (#4987, thanks to @​Aneesh-Hegde)

• Hostagent:

  • hostagent: close stale GuestAgentClient on reconnect to stop ClientConn leak (#4889, thanks to @​mn-ram)
  • hostagent: stop leaking inotify watchers and re-spawn the gRPC stream after guest-agent reconnect (#4895, thanks to @​mn-ram)
  • hostagent: stop destroying ga.sock on guest-agent reconnect (#4911, thanks to @​mn-ram)
  • hostagent: wait for the guest agent before opening the inotify stream (#4924, thanks to @​sahitya-chandra)

• Drivers:

  • Krunkit: support SSHOverVsock and replace SSH-based guestagent connection with vsock (#4822)
  • wsl2: stop spinning in for { <-ctx.Done() } after instance stop (#4892, thanks to @​mn-ram)
  • fix: track driver PID to prevent zombie processes (#4939, thanks to @​Aneesh-Hegde)
  • fix(darwin): pin main goroutine to OS thread 0 for VZ GUI (#5036, thanks to @​trodemaster)

• QEMU:

  • openSUSE dropped the 2MB OVMF images from QEMU in version 202602 (#4910, thanks to @​jandubois)
  • QEMU command line: allow kernel-irqchip enabled with WHPX (#4933, thanks to @​arixmkii)
  • qemu: fix non-deterministic boot disk with bootindex and s390x support (#4944, thanks to @​Soumya-codr)
  • Deprecate _LIMA_QEMU_UEFI_IN_BIOS flag (#4948, thanks to @​arixmkii)
  • fix(validate): correct misleading mountType validation error on Windows (#4956, thanks to @​InsidiousLion)
  • qemu: pass -vga none for headless guests (#4975, thanks to @​jandubois)

• Port Forwarding:

  • portfwd: fix gRPC tunnel connection leak (#5043, thanks to @​vasileknik76)

• Guest Support:

  • Fix DNS not propagated from base template (#4803, thanks to @​opjt)
  • feat: validate macOS 26+ requirement for macOS guest VMs (#4809, thanks to @​sharanrajt)
  • Busybox grep doesn't support the long form options (#4915, thanks to @​jandubois)

... (truncated)

Commits

• 2d4314e Merge pull request #5063 from lima-vm/dependabot/go_modules/golang-x-57bd245098
• ac5ea1a Merge pull request #5064 from lima-vm/dependabot/go_modules/github.com/modelc...
• baf101c build(deps): bump github.com/modelcontextprotocol/go-sdk
• 0d0e820 build(deps): bump golang.org/x/net
• f3a3d16 Merge pull request #5043 from vasileknik76/grpc-port-forward-leak
• 74c5d61 portfwd: fix gRPC tunnel connection leak
• 1ce9c82 Merge pull request #4911 from mn-ram/fix/ga-sock-reconnect
• 2255df1 Merge pull request #5050 from AkihiroSuda/fix-5047
• 70d3bb6 Add user to systemd-journal group so journalctl --user works
• 06fb9e3 Merge pull request #5057 from alexandear/refactor/usestdlibvars
• Additional commits viewable in compare view

Updates github.com/onsi/ginkgo/v2 from 2.27.3 to 2.30.0

Release notes

Sourced from github.com/onsi/ginkgo/v2's releases.

v2.30.0

2.30.0

Features

Ginkgo now allows extentions/global.Reset to support running multiple suites from within a single process. This may take some massaging on your part (see 1672) but can dramatically speed up codebases with O(hundreds) of test suites.

Thanks @​lawrencejones !

Fixes

• Fix nested --github-output group for progress report nested inside timeline [4f62d7a]

v2.29.0

2.29.0

GinkgoHelperGo makes it easier to write test helpers that need to run in goroutines. Specifically, it makes managing the failure state and capturing failure panics correctly straightforward.

ginkgo outline now includes entries defined in DescribeTableSubtree

v2.28.3

2.28.3

Maintenance

Bump all dependencies

v2.28.2

2.28.2

• Add ArtifactDir() to support Go 1.26 testing.TB interface [f3a36b6]
• Implement shell completion [94151c8]
• Add asan CLI option mirroring msan implementation [4d21dbb]
• Bump uri from 1.0.3 to 1.0.4 in /docs (#1630) [c102161]
• fix aspect ratio [9619647]
• update logos [5779304]

v2.28.1

2.28.1

Update all dependencies. This auto-updated the required version of Go to 1.24, consistent with the fact that Go 1.23 has been out of support for almost six months.

v2.28.0

2.28.0

Ginkgo's SemVer filter now supports filtering multiple components by SemVer version:

It("should work in a specific version range (1.0.0, 2.0.0) and third-party dependency redis in [8.0.0, ~)", SemVerConstraint(">= 3.2.0"), ComponentSemVerConstraint("redis", ">= 8.0.0") func() {
    // This test will only run when version is between 1.0.0 (exclusive) and 2.0.0 (exclusive) and redis version is >= 8.0.0
})

... (truncated)

Changelog

Sourced from github.com/onsi/ginkgo/v2's changelog.

2.30.0

Features

Ginkgo now allows extentions/global.Reset to support running multiple suites from within a single process. This may take some massaging on your part (see 1672) but can dramatically speed up codebases with O(hundreds) of test suites.

Thanks @​lawrencejones !

Fixes

• Fix nested --github-output group for progress report nested inside timeline [4f62d7a]

2.29.0

GinkgoHelperGo makes it easier to write test helpers that need to run in goroutines. Specifically, it makes managing the failure state and capturing failure panics correctly straightforward.

ginkgo outline now includes entries defined in DescribeTableSubtree

2.28.3

Maintenance

Bump all dependencies

2.28.2

• Add ArtifactDir() to support Go 1.26 testing.TB interface [f3a36b6]
• Implement shell completion [94151c8]
• Add asan CLI option mirroring msan implementation [4d21dbb]
• Bump uri from 1.0.3 to 1.0.4 in /docs (#1630) [c102161]
• fix aspect ratio [9619647]
• update logos [5779304]

2.28.1

Update all dependencies. This auto-updated the required version of Go to 1.24, consistent with the fact that Go 1.23 has been out of support for almost six months.

2.28.0

Ginkgo's SemVer filter now supports filtering multiple components by SemVer version:

It("should work in a specific version range (1.0.0, 2.0.0) and third-party dependency redis in [8.0.0, ~)", SemVerConstraint(">= 3.2.0"), ComponentSemVerConstraint("redis", ">= 8.0.0") func() {
    // This test will only run when version is between 1.0.0 (exclusive) and 2.0.0 (exclusive) and redis version is >= 8.0.0
})

can be filtered in or out with an invocation like:

ginkgo --sem-ver-filter="2.1.1, redis=8.2.0"

... (truncated)

Commits

• 31e9912 v2.30.0
• a79cdbb Document running multiple suites in a single test process
• 800291a Allow extensions/globals.Reset to support re-running RunSpecs
• 4f62d7a Fix nested --github-output group for progress report nested inside timeline
• 04b5bcb v2.29.0
• 124232a docs: GinkgoHelperGo
• ad9cee8 feat: GinkgoHelperGo, with integration tests
• 9e56a0a chore: refactor devcontainer for better maintenance
• 3d235a9 chore: ignore internal/tmp_*/ integration suite temporary dirs
• 782666a feat: devcontainer configuration with local pkgsite and GH pages
• Additional commits viewable in compare view

Updates github.com/onsi/gomega from 1.38.3 to 1.40.0

Release notes

Sourced from github.com/onsi/gomega's releases.

v1.40.0

1.40.0

We're adopting a new release strategy to minimize dependency bloat in projects that consume Gomega. It is a limitation of the go mod toolchain that test subdependencies of your project's direct dependencies get pulled in as indirect dependencies. In the case of Gomega, this ends up pulling in all of Ginkgo into your go.mod even if you are only using Gomega (Gomega uses Ginkgo for its own tests).

Going forward, releases will strip out all tests, tidy up the go.mod and then push this stripped down version to a new master-lite branch. These stripped-down versions will receive the vx.y.z git tag and will be picked up by the go toolchain.

Please open an issue if this new release process causes unexpected changes for your projects.

v1.39.1

1.39.1

Update all dependencies. This auto-updated the required version of Go to 1.24, consistent with the fact that Go 1.23 has been out of support for almost six months.

v1.39.0

1.39.0

Features

Add MatchErrorStrictly which only passes if errors.Is(actual, expected) returns true. MatchError, by contrast, will fallback to string comparison.

Changelog

Sourced from github.com/onsi/gomega's changelog.

1.40.0

We're adopting a new release strategy to minimize dependency bloat in projects that consume Gomega. It is a limitation of the go mod toolchain that test subdependencies of your project's direct dependencies get pulled in as indirect dependencies. In the case of Gomega, this ends up pulling in all of Ginkgo into your go.mod even if you are only using Gomega (Gomega uses Ginkgo for its own tests).

Going forward, releases will strip out all tests, tidy up the go.mod and then push this stripped down version to a new master-lite branch. These stripped-down versions will receive the vx.y.z git tag and will be picked up by the go toolchain.

Please open an issue if this new release process causes unexpected changes for your projects.

1.39.1

Update all dependencies. This auto-updated the required version of Go to 1.24, consistent with the fact that Go 1.23 has been out of support for almost six months.

1.39.0

Features

Add MatchErrorStrictly which only passes if errors.Is(actual, expected) returns true. MatchError, by contrast, will fallback to string comparison.

Commits

• 87ee9d3 v1.40.0
• ea66027 v1.40.0 (full)
• e3fd789 update docs to reflect new versioning strategy
• 7d4ee30 first push to master-lite
• e4a82d1 Bump github/codeql-action from 3 to 4 (#875)
• af62723 Bump rexml from 3.4.0 to 3.4.2 in /docs (#870)
• e164221 Bump github.com/onsi/ginkgo/v2 from 2.28.0 to 2.28.1 (#895)
• 334a282 Bump faraday from 2.12.2 to 2.14.1 in /docs (#896)
• 1a25a36 v1.39.1
• 406faee bump all deps
• Additional commits viewable in compare view

Updates github.com/sirupsen/logrus from 1.9.4-0.20230606125235-dd1b4c2e81af to 1.9.4

Release notes

Sourced from github.com/sirupsen/logrus's releases.

v1.9.4

Notable changes

• go.mod: update minimum supported go version to v1.17 sirupsen/logrus#1460
• go.mod: bump up dependencies sirupsen/logrus#1460
• Touch-up godoc and add "doc" links.
• README: fix links, grammar, and update examples.
• Add GNU/Hurd support sirupsen/logrus#1364
• Add WASI wasip1 support sirupsen/logrus#1388
• Remove uses of deprecated ioutil package sirupsen/logrus#1472
• CI: update actions and golangci-lint sirupsen/logrus#1459
• CI: remove appveyor, add macOS sirupsen/logrus#1460

Full Changelog: sirupsen/logrus@v1.9.3...v1.9.4

Changelog

Sourced from github.com/sirupsen/logrus's changelog.

1.9.4

Fixes:

• Remove uses of deprecated ioutil package

Features:

• Add GNU/Hurd support
• Add WASI wasip1 support

Code quality:

• Update minimum supported Go version to 1.17
• Documentation updates

1.9.3

Fixes:

• Re-apply fix for potential denial of service in logrus.Writer() when logging >64KB single-line payloads without newlines (#1376)
• Fix panic in Writer

1.9.2

Fixes:

• Revert Writer DoS fix (#1376) due to regression

1.9.1

Fixes:

• Fix potential denial of service in logrus.Writer() when logging >64KB single-line payloads without newlines (#1376)

1.9.0

Fixes:

• Multiple concurrency and race condition fixes
• Improve Windows terminal and ANSI handling

Code quality:

• Internal cleanups and modernization

1.8.3

Fixes:

• Fix potential denial of service in logrus.Writer() when logging >64KB single-line payloads without newlines (#1376)

1.8.2

... (truncated)

Commits

• See full diff in compare view

Updates github.com/xorcare/pointer from 1.2.2 to 1.26.0

Commits

• af78fd9 Deprecate package for Go 1.26+ (new(expr) replaces helpers)
• b187755 build(deps): bump actions/checkout from 5 to 6
• 8116b3f build(deps): bump actions/setup-go from 5 to 6
• 8e5343c build(deps): bump actions/checkout from 4 to 5
• 31a2563 build(deps): bump codecov/codecov-action from 4 to 5
• 4812c54 Change formatting of yaml files
• e79cacb Update golang workflow
• 0f6f672 build(deps): bump codecov/codecov-action from 2 to 4
• 653d950 build(deps): bump actions/checkout from 3 to 4
• b8e05d2 build(deps): bump actions/setup-go from 3 to 5
• Additional commits viewable in compare view

Updates golang.org/x/crypto from 0.52.0 to 0.53.0

Commits

• 45460e0 go.mod: update golang.org/x dependencies
• d37c95e pkcs12: limit PBKDF iteration count to prevent CPU exhaustion
• e2ffffe ssh: reject incomplete gssapi-with-mic configurations
• 60e158a ssh/test: isolate CLI tests from user SSH config and agent
• 1b77d23 ssh/knownhosts: reject lines with multiple or unknown markers
• 3872a2b ssh/knownhosts: verify declared key type matches decoded key
• 9f72ecc ssh/knownhosts: treat only ASCII space and tab as whitespace
• 8f405a4 ssh: validate ECDSA curve matches expected algorithm
• bb41b3d ssh: improve DH GEX group selection using PreferredBits
• e04e721 ssh/agent: validate ed25519 private key length in Add
• Additional commits viewable in compare view

Updates golang.org/x/sync from 0.20.0 to 0.21.0

Commits

• 5071ed6 all: fix some comments to improve readability
• See full diff in compare view

Updates golang.org/x/tools from 0.44.0 to 0.45.0

Commits

• 2aabba0 go.mod: update golang.org/x dependencies
• ef989b3 go/types/internal/play: show Info.Instances[Ident]
• 21d44f2 go/analysis/passes/inline: document skipping of TestF->F calls
• ec83c21 go/analysis/passes/modernize: minmax: only remove exact userdefined
• 5625353 go/analysis/passes/modernize: improve value variable name generation
• 15a3bd5 gopls/internal/analysis/errorsastype: imporove example clarity
• cd57ef8 go/packages: include dependency errors when CompiledGoFiles is missing
• 053fdbc go/analysis/passes/modernize: minmax: fix pure operands only
• bf84681 go/analysis/passes/errorsas: add example of invalid errors.As use
• 23921d1 gopls: add errorsastype analyzer
• Additional commits viewable in compare view

Updates k8s.io/apimachinery from 0.34.3 to 0.36.1

Commits

• 7af103a Update dependencies to v0.36.1 tag
• efb7f26 Merge remote-tracking branch 'origin/master' into release-1.36
• d966e56 Update github.com/moby/spdystream from v0.5.0 to v0.5.1
• 79b3632 Merge pull request #137864 from yongruilin/dv-dra-mismatch
• a8822f7 Add slice and map union member support with tests
• 7dba2d0 Use IsZero instead of IsNil for union ratcheting check
• d95710f Fix union validation ratcheting when oldObj is nil
• 729062d Merge pull request #137849 from bryantbiggs/deps/update-kube-openapi
• 13b12e6 dependencies: bump kube-openapi to drop ginkgo/gomega indirect deps
• 27f4670 Merge pull request #136657 from Jefftree/sharding-test
• Additional commits viewable in compare view

Updates golang.org/x/sys from 0.45.0 to 0.46.0

Commits

• d58dcfa unix: add GPIO constants and structs
• See full diff in compare view

Updates golang.org/x/text from 0.37.0 to 0.38.0

Commits

• f4bb632 go.mod: update golang.org/x dependencies
• See full diff in compare view