build(deps): bump the dependencies group across 1 directory with 16 updates

[dependabot]

Bumps the dependencies group with 16 updates in the / directory:

Package	From	To
github.com/docker/cli	29.3.0+incompatible	29.4.3+incompatible
github.com/docker/go-connections	0.6.0	0.7.0
github.com/go-git/go-git/v5	5.16.5	5.19.0
github.com/mattn/go-isatty	0.0.20	0.0.22
github.com/moby/patternmatcher	0.6.0	0.6.1
github.com/opencontainers/selinux	1.13.1	1.14.1
github.com/rhysd/actionlint	1.7.7	1.7.12
github.com/sirupsen/logrus	1.9.3	1.9.4
github.com/spf13/cobra	1.10.1	1.10.2
github.com/spf13/pflag	1.0.9	1.0.10
golang.org/x/term	0.42.0	0.43.0
github.com/golang-jwt/jwt/v5	5.3.0	5.3.1
github.com/moby/go-archive	0.1.0	0.2.0
github.com/moby/moby/api	1.54.0	1.54.2
github.com/moby/moby/client	0.3.0	0.4.1
google.golang.org/protobuf	1.36.9	1.36.11

Updates github.com/docker/cli from 29.3.0+incompatible to 29.4.3+incompatible

Commits

• 055a478 Merge pull request #6945 from thaJeztah/bump_moby
• d0f5b27 cmd/docker-trust: bump moby/client v0.4.1, moby/api v1.54.2
• b7f37e8 vendor: github.com/moby/moby/client v0.4.1, moby/api v1.54.2
• c93d892 Merge pull request #6949 from thaJeztah/bump_utils
• 3553caf Merge pull request #6948 from thaJeztah/bump_trust_deps
• 266f039 Dockerfile: update compose to v5.1.3
• d74d3c3 Dockerfile: update buildx to v0.33.0
• 134c2a0 Merge pull request #6826 from thaJeztah/bump_golangci_lint2
• 58a7c31 golangci-lint: fix lint failures from v2.10.1 upgrade
• f37a9e6 Dockerfile: update golangci-lint to v2.10.1
• Additional commits viewable in compare view

Updates github.com/docker/go-connections from 0.6.0 to 0.7.0

Commits

• 7997b0f Merge pull request #156 from thaJeztah/bump_go_winio
• 329724a chore(deps): bump github.com/Microsoft/go-winio v0.6.2
• 161dc9b Merge pull request #155 from thaJeztah/pin_actions
• b115e42 Merge pull request #154 from thaJeztah/fix_non_linux_tests
• 4c35b2a ci: pin actions to sha
• b4454a6 tlsconfig: make root pool tests deterministic across platforms
• 0819711 tlsconfig: certPool: pass options as argument
• 0329635 tlsconfig: rename some vars that shadowed
• 894d811 Merge pull request #150 from thaJeztah/deprecate_SystemCertPool
• 0a1293a Merge pull request #153 from thaJeztah/chachacha
• Additional commits viewable in compare view

Updates github.com/go-git/go-git/v5 from 5.16.5 to 5.19.0

Release notes

Sourced from github.com/go-git/go-git/v5's releases.

v5.19.0

What's Changed

• build: Update module github.com/go-git/go-git/v5 to v5.18.0 [SECURITY] (releases/v5.x) by @​go-git-renovate[bot] in go-git/go-git#2010
• v5: Bump sha1cd and go-billy by @​pjbgf in go-git/go-git#2060
• v5: Align object encoding with upstream by @​pjbgf in go-git/go-git#2065

Full Changelog: go-git/go-git@v5.18.0...v5.19.0

v5.18.0

What's Changed

• plumbing: transport/http, Add support for followRedirects policy by @​pjbgf in go-git/go-git#2004

Full Changelog: go-git/go-git@v5.17.2...v5.18.0

v5.17.2

What's Changed

• build: Update module github.com/go-git/go-git/v5 to v5.17.1 [SECURITY] (releases/v5.x) by @​go-git-renovate[bot] in go-git/go-git#1941
• dotgit: skip writing pack files that already exist on disk by @​pjbgf in go-git/go-git#1944

⚠️ This release fixes a bug (go-git/go-git#1942) that blocked some users from upgrading to v5.17.1. Thanks @​pskrbasu for reporting it. 🙇

Full Changelog: go-git/go-git@v5.17.1...v5.17.2

v5.17.1

What's Changed

• build: Update module github.com/cloudflare/circl to v1.6.3 [SECURITY] (releases/v5.x) by @​go-git-renovate[bot] in go-git/go-git#1930
• [v5] plumbing: format/index, Improve v4 entry name validation by @​pjbgf in go-git/go-git#1935
• [v5] plumbing: format/idxfile, Fix version and fanout checks by @​pjbgf in go-git/go-git#1937

Full Changelog: go-git/go-git@v5.17.0...v5.17.1

v5.17.0

What's Changed

• build: Update module github.com/go-git/go-git/v5 to v5.16.5 [SECURITY] (releases/v5.x) by @​go-git-renovate[bot] in go-git/go-git#1839
• git: worktree, optimize infiles function for very large repos by @​k-anshul in go-git/go-git#1853
• git: Add strict checks for supported extensions by @​pjbgf in go-git/go-git#1861
• backport, git: Improve Status() speed with new index.ModTime check by @​cedric-appdirect in go-git/go-git#1862
• storage: filesystem, Avoid overwriting loose obj files by @​pjbgf in go-git/go-git#1864

Full Changelog: go-git/go-git@v5.16.5...v5.17.0

Commits

• bc930f4 Merge pull request #2065 from go-git/commit-v5
• d315264 plumbing: object, Reset object before decode
• 6e1d348 plumbing: object, Align Tree handling with upstream
• e134ba3 tests: Skip double checks in Git v2.11
• 1971422 tests: Add git conformance tests for signing verification
• a387aa8 plumbing: object, Add ErrMalformedTag
• f415670 plumbing: object, Decode Tag headers via a state machine
• 5b0cd38 plumbing: object, Reject multi-signature commits at Verify
• fe8ed62 plumbing: object, Align Tag.EncodeWithoutSignature with Commit
• 98e337d plumbing: object, Add support for Tag.SignatureSHA256
• Additional commits viewable in compare view

Updates github.com/mattn/go-isatty from 0.0.20 to 0.0.22

Commits

• 9a68506 Fix isCygwinPipeName to accept Windows 7 trailing suffix (#90)
• 4237fb1 Update Go test matrix to current versions (1.24-1.26)
• 433c12b Update GitHub Actions to latest versions
• 1cf5589 Add wasip1 and wasip2 to build constraints in isatty_others.go
• 1237245 Update dependencies: go 1.15 -> 1.21, golang.org/x/sys v0.6.0 -> v0.28.0
• ac9c88d Fix typo in comment: undocomented -> undocumented
• 8b7124e Add availability check for NtQueryObject in init
• 08d0313 Fix isCygwinPipeName to reject names with extra trailing tokens
• See full diff in compare view

Updates github.com/moby/patternmatcher from 0.6.0 to 0.6.1

Release notes

Sourced from github.com/moby/patternmatcher's releases.

v0.6.1

What's Changed

• fix panic / nil pointer dereference on invalid patterns moby/patternmatcher#9
• ci: update actions and test against "oldest", "oldstable" and "stable" moby/patternmatcher#8

Full Changelog: moby/patternmatcher@v0.6.0...v0.6.1

Commits

• 5a6d842 Merge pull request #9 from thaJeztah/fix_panic
• e5d80c7 fix panic / nil pointer dereference on invalid patterns
• 7f236f5 Merge pull request #8 from thaJeztah/update_ci
• a95e09c ci: update actions and test against "oldest", "oldstable" and "stable"
• See full diff in compare view

Updates github.com/opencontainers/selinux from 1.13.1 to 1.14.1

Release notes

Sourced from github.com/opencontainers/selinux's releases.

v1.14.1

This release mostly fixes label.InitLabels regression introduced in v1.14.0.

What's Changed

• README: rm travis, add gha badge by @​kolyshkin in opencontainers/selinux#268
• Fix label.InitLabels regression in v1.14.0; amend ReserveLabelV2 doc by @​kolyshkin in opencontainers/selinux#267

Full Changelog: opencontainers/selinux@v1.14.0...v1.14.1

v1.14.0

This release fixes a regression in ExecLabel, bumps the minimal Go version to 1.22, and deprecates several functions in favor of improved API.

Fixed

• ExecLabel was using an incorrect path (regression in v1.13.0). (opencontainers/selinux#253)

Deprecated

• CategoryRange is deprecated; use SetCategoryRange instead. (opencontainers/selinux#262)
• KVMContainerLabels is deprecated; use KVMContainerLabel instead. (opencontainers/selinux#262)
• InitContainerLabels is deprecated; use InitContainerLabel instead. (opencontainers/selinux#262)
• ReserveLabel is deprecated; use ReserveLabelV2 instead. (opencontainers/selinux#262)
• ROFileLabel is deprecated; if you use it, open a new issue. (opencontainers/selinux#262)
• ContainerLabels is deprecated, if you use it, open a new issue. (opencontainers/selinux#262)

Added

• SEUserByName. (opencontainers/selinux#232, opencontainers/selinux#251)
• CheckLabel. (opencontainers/selinux#250)
• SetCategoryRange, KVMContainerLabel, InitContainerLabel, ReserveLabelV2. (opencontainers/selinux#262)

Changed

• Switch to Go 1.22 as the minimally supported version (opencontainers/selinux#256)
• Update GetDefaultContextWithLevel to fall back to failsafe context (opencontainers/selinux#232)
• Use math/rand/v2 rather than crypto/rand for MCS label generation (opencontainers/selinux#257)

Miscellaneous

• MAINTAINERS: add Aleksa as a maintainer. (opencontainers/selinux#243)
• Assorted CI bumps and related fixes. (opencontainers/selinux#255)
• Remove intToMcs. (opencontainers/selinux#259)
• Use Cut more. (opencontainers/selinux#254)
• Simplify getSelinuxMountPoint. (opencontainers/selinux#258)
• Simplify/remove some code. (opencontainers/selinux#261)
• selinux: release map key when call mcsDelete. (opencontainers/selinux#263)

New Contributors

• @​capnspacehook made their first contribution in opencontainers/selinux#232
• @​mschiff made their first contribution in opencontainers/selinux#253
• @​espadolini made their first contribution in opencontainers/selinux#257

Full Changelog: opencontainers/selinux@v1.13.1...v1.14.0

Commits

• 89b039b Merge pull request #267 from kolyshkin/damage-control
• 8c517ef Merge pull request #268 from kolyshkin/readme
• e184f46 selinux.ReserveLabelV2: note on ignoring ErrMCSAlreadyExists
• fa15885 label.InitLabels: dont't return ErrMCSAlreadyExists
• 0ab5ce2 README: update badges
• b510478 label: fix tests
• c81386b ci: fix ignoring test failures on lima
• 60872cb Merge pull request #262 from kolyshkin/no-var
• 97d2a7c Add ReserveLabelV2, deprecate ReserveLabel
• bdfae09 Deprecate {KVM,Init}ContainerLabels, add {KVM,Init}ContainerLabel
• Additional commits viewable in compare view

Updates github.com/rhysd/actionlint from 1.7.7 to 1.7.12

Release notes

Sourced from github.com/rhysd/actionlint's releases.

v1.7.12

• Support the timezone configuration in on.schedule with checks for IANA timezone string. See the documentation for more details. Note that actionlint starts to embed the timezone database in the executables from this version so the binary sizes slightly increase. (#641, thanks @​martincostello)

  on:
    schedule:
      # ERROR: The timezone is not a valid IANA timezone string
      - cron: '*/5 * * * *'
        timezone: 'Asia/Somewhere'

• Support the jobs.<job_name>.environment.deployment configuration. (#639, thanks @​springmeyer)
• Support the macos-26-intel runner label. (#629, thanks @​hugovk)
• Fix the outdated table of webhook activity types by rebuilding the script to scrape the table from scratch.
• Support Go 1.26 and drop the support for Go 1.24. Now supported versions are 1.25 and 1.26.
• Tests are run on arm64 Windows in CI.
• Update the popular actions data set to the latest.

v1.7.11

• Support the case() function in ${{ }} expressions which was recently added to GitHub Actions. (#612, #614, thanks @​heppu)

  env:
    # ERROR: case() requires an odd number of arguments
    ENVIRONMENT: |-
      ${{ case(
        github.ref == 'refs/heads/main', 'production',
        github.ref == 'refs/heads/staging', 'staging'
      ) }}

• Support new macos-26-large and windows-2025-vs2026 runner labels. See the GitHub's announce for more details. (#615, thanks @​hugovk and @​muzimuzhi)
• Enable Artifact attestations for the released binaries. From v1.7.11 gh command can verify the integrity of the downloaded binaries as follows. The verification is highly recommended in terms of supply chain security. (#608, thanks @​takaram)

  $ gh release download --repo rhysd/actionlint --pattern '*_darwin_amd64.tar.gz' v1.7.11
  $ gh attestation verify --repo rhysd/actionlint actionlint_1.7.11_darwin_amd64.tar.gz
  Loaded digest sha256:17ffc17fed8f0258ef6ad4aed932d3272464c7ef7d64e1cb0d65aa97c9752107 for file://actionlint_1.7.11_darwin_amd64.tar.gz
  Loaded 1 attestation from GitHub API
  The following policy criteria will be enforced:
  
  Predicate type must match:................ https://slsa.dev/provenance/v1
  Source Repository Owner URI must match:... https://github.com/rhysd
  Source Repository URI must match:......... https://github.com/rhysd/actionlint
  Subject Alternative Name must match regex: (?i)^https://github.com/rhysd/actionlint/
  OIDC Issuer must match:................... https://token.actions.githubusercontent.com
  
  ✓ Verification succeeded!
  The following 1 attestation matched the policy criteria
  
  Attestation #1
  
  Build repo:..... rhysd/actionlint
  Build workflow:. .github/workflows/release.yaml@refs/tags/v1.7.11
  Signer repo:.... rhysd/actionlint

... (truncated)

Changelog

Sourced from github.com/rhysd/actionlint's changelog.

v1.7.12 - 2026-03-30

• Support the timezone configuration in on.schedule with checks for IANA timezone string. See the documentation for more details. Note that actionlint starts to embed the timezone database in the executables from this version so the binary sizes slightly increase. (#641, thanks @​martincostello)

  on:
    schedule:
      # ERROR: The timezone is not a valid IANA timezone string
      - cron: '*/5 * * * *'
        timezone: 'Asia/Somewhere'

• Support the jobs.<job_name>.environment.deployment configuration. (#639, thanks @​springmeyer)
• Support the macos-26-intel runner label. (#629, thanks @​hugovk)
• Fix the table of webhook activity types are outdated by rebuilding the script to scrape the table from scratch.
• Support Go 1.26 and drop the support for Go 1.24. Now supported versions are 1.25 and 1.26.
• Tests are run on arm64 Windows in CI.
• Update the popular actions data set to the latest.

[Changes][v1.7.12]

v1.7.11 - 2026-02-14

• Support the case() function in ${{ }} expressions which was recently added to GitHub Actions. (#612, #614, thanks @​heppu)

  env:
    # ERROR: case() requires an odd number of arguments
    ENVIRONMENT: |-
      ${{ case(
        github.ref == 'refs/heads/main', 'production',
        github.ref == 'refs/heads/staging', 'staging'
      ) }}

• Support new macos-26-large and windows-2025-vs2026 runner labels. See the GitHub's announce for more details. (#615, thanks @​hugovk and @​muzimuzhi)
• Enable Artifact attestations for the released binaries. From v1.7.11 gh command can verify the integrity of the downloaded binaries as follows. The verification is highly recommended in terms of supply chain security. (#608, thanks @​takaram)

  $ gh release download --repo rhysd/actionlint --pattern '*_darwin_amd64.tar.gz' v1.7.11
  $ gh attestation verify --repo rhysd/actionlint actionlint_1.7.11_darwin_amd64.tar.gz
  Loaded digest sha256:17ffc17fed8f0258ef6ad4aed932d3272464c7ef7d64e1cb0d65aa97c9752107 for file://actionlint_1.7.11_darwin_amd64.tar.gz
  Loaded 1 attestation from GitHub API
  The following policy criteria will be enforced:
  
  Predicate type must match:................ https://slsa.dev/provenance/v1
  Source Repository Owner URI must match:... https://github.com/rhysd
  Source Repository URI must match:......... https://github.com/rhysd/actionlint
  Subject Alternative Name must match regex: (?i)^https://github.com/rhysd/actionlint/
  OIDC Issuer must match:................... https://token.actions.githubusercontent.com
  
  ✓ Verification succeeded!

... (truncated)

Commits

• 914e7df bump up version to v1.7.12
• f1fe8a1 update popular actions data set to the latest
• 0ef3e18 add support for https://github.blog/changelog/2026-03-19-github-actions-late-...
• d2f9e65 update document to describe the timezone check in on.schedule
• c03b271 Merge branch 'followup-issue641' (#641)
• c9efd91 fix staticcheck checks files inside ./playground/node_modules
• 08e2336 include timezone database in executable statically
• f48c0a4 fix timezone check is incomplete
• 6b811d3 fix problem matcher test fails due to line ending in test data
• 4897c1d Merge pull request #641 from martincostello/gh-638
• Additional commits viewable in compare view

Updates github.com/sirupsen/logrus from 1.9.3 to 1.9.4

Release notes

Sourced from github.com/sirupsen/logrus's releases.

v1.9.4

Notable changes

• go.mod: update minimum supported go version to v1.17 sirupsen/logrus#1460
• go.mod: bump up dependencies sirupsen/logrus#1460
• Touch-up godoc and add "doc" links.
• README: fix links, grammar, and update examples.
• Add GNU/Hurd support sirupsen/logrus#1364
• Add WASI wasip1 support sirupsen/logrus#1388
• Remove uses of deprecated ioutil package sirupsen/logrus#1472
• CI: update actions and golangci-lint sirupsen/logrus#1459
• CI: remove appveyor, add macOS sirupsen/logrus#1460

Full Changelog: sirupsen/logrus@v1.9.3...v1.9.4

Changelog

Sourced from github.com/sirupsen/logrus's changelog.

1.9.4

Fixes:

• Remove uses of deprecated ioutil package

Features:

• Add GNU/Hurd support
• Add WASI wasip1 support

Code quality:

• Update minimum supported Go version to 1.17
• Documentation updates

Commits

• b61f268 Merge pull request #1472 from goldlinker/master
• 15c29db refactor: replace the deprecated function in the ioutil package
• cb253f3 Merge pull request #1464 from thaJeztah/touchup_godoc
• 29b2337 Merge pull request #1468 from thaJeztah/touchup_readme
• d916819 Merge pull request #1427 from dolmen/fix-testify-usage
• 135e482 README: small touch-ups
• 2c5fa36 Merge pull request #1467 from thaJeztah/rm_old_badge
• 877ecec README: remove travis badge
• 55cf256 Merge pull request #1393 from jsoref/grammar
• 21bae50 Merge pull request #1426 from dolmen/testing-fix-use-of-math-rand
• Additional commits viewable in compare view

Updates github.com/spf13/cobra from 1.10.1 to 1.10.2

Release notes

Sourced from github.com/spf13/cobra's releases.

v1.10.2

🔧 Dependencies

• chore: Migrate from gopkg.in/yaml.v3 to go.yaml.in/yaml/v3 by @​dims in spf13/cobra#2336 - the gopkg.in/yaml.v3 package has been deprecated for some time: this should significantly cleanup dependency/supply-chains for consumers of spf13/cobra

📈 CI/CD

• Fix linter and allow CI to pass by @​marckhouzam in spf13/cobra#2327
• fix: actions/setup-go v6 by @​jpmcb in spf13/cobra#2337

🔥✍🏼 Docs

• Add documentation for repeated flags functionality by @​rvergis in spf13/cobra#2316

🍂 Refactors

• refactor: replace several vars with consts by @​htoyoda18 in spf13/cobra#2328
• refactor: change minUsagePadding from var to const by @​ssam18 in spf13/cobra#2325

🤗 New Contributors

• @​rvergis made their first contribution in spf13/cobra#2316
• @​htoyoda18 made their first contribution in spf13/cobra#2328
• @​ssam18 made their first contribution in spf13/cobra#2325
• @​dims made their first contribution in spf13/cobra#2336

Full Changelog: spf13/cobra@v1.10.1...v1.10.2

Thank you to our amazing contributors!!!!! 🐍 🚀

Commits

• 88b30ab chore: Migrate from gopkg.in/yaml.v3 to go.yaml.in/yaml/v3 (#2336)
• 346d408 fix: actions/setup-go v6 (#2337)
• fc81d20 refactor: change minUsagePadding from var to const (#2325)
• 117698a refactor: replace several vars with consts (#2328)
• e2dd29d Add documentation for repeated flags functionality (#2316)
• 0629892 Fix linter (#2327)
• See full diff in compare view

Updates github.com/spf13/pflag from 1.0.9 to 1.0.10

Release notes

Sourced from github.com/spf13/pflag's releases.

v1.0.10

What's Changed

• fix deprecation comment for (FlagSet.)ParseErrorsWhitelist by @​thaJeztah in spf13/pflag#447
• remove uses of errors.Is, which requires go1.13, move go1.16/go1.21 tests to separate file by @​thaJeztah in spf13/pflag#448

New Contributors

• @​thaJeztah made their first contribution in spf13/pflag#447

Full Changelog: spf13/pflag@v1.0.9...v1.0.10

Commits

• 0491e57 Merge pull request #448 from thaJeztah/fix_go_version
• 72abab1 Merge pull request #447 from thaJeztah/fix_deprecation_comment
• 7e4dfb1 Test on Go 1.12
• 18a9d17 move Func, BoolFunc, tests as they require go1.21
• c5b9e98 remove uses of errors.Is, which requires go1.13
• 45a4873 fix deprecation comment for (FlagSet.)ParseErrorsWhitelist
• See full diff in compare view

Updates golang.org/x/term from 0.42.0 to 0.43.0

Commits

• 3c3e485 go.mod: update golang.org/x dependencies
• See full diff in compare view

Updates github.com/golang-jwt/jwt/v5 from 5.3.0 to 5.3.1

Release notes

Sourced from github.com/golang-jwt/jwt/v5's releases.

v5.3.1

What's Changed

🔐 Features

• Add spellcheck Github action to catch common spelling mistakes by @​equalsgibson in golang-jwt/jwt#458
• Add WithNotBeforeRequired parser option and add test coverage by @​equalsgibson in golang-jwt/jwt#456
• Update godoc example func to properly refer to NewWithClaims() by @​equalsgibson in golang-jwt/jwt#459
• Update github workflows by @​mfridman in golang-jwt/jwt#462
• Additional test for CustomClaims that validates unmarshalling behaviour by @​equalsgibson in golang-jwt/jwt#457
• Fix early file close in jwt cli by @​mfridman in golang-jwt/jwt#472
• Add TPM signature reference by @​salrashid123 in golang-jwt/jwt#473
• Remove misleading ParserOptions documentation in golang-jwt/jwt#484
• Save signature to Token struct after successful signing by @​EgorSheff in golang-jwt/jwt#417
• Set token.Signature in ParseUnverified by @​slickwilli in golang-jwt/jwt#414

👒 Dependencies

• Bump crate-ci/typos from 1.34.0 to 1.35.3 by @​dependabot[bot] in golang-jwt/jwt#461
• Bump crate-ci/typos from 1.35.4 to 1.36.2 by @​dependabot[bot] in golang-jwt/jwt#470
• Bump github/codeql-action from 3 to 4 by @​dependabot[bot] in golang-jwt/jwt#478
• Bump crate-ci/typos from 1.36.2 to 1.39.0 by @​dependabot[bot] in golang-jwt/jwt#480
• Bump golangci/golangci-lint-action from 8 to 9 by @​dependabot[bot] in golang-jwt/jwt#481
• Bump actions/setup-go from 5 to 6 by @​dependabot[bot] in golang-jwt/jwt#469
• Bump crate-ci/typos from 1.39.0 to 1.40.0 by @​dependabot[bot] in golang-jwt/jwt#488
• Bump actions/checkout from 5 to 6 by @​dependabot[bot] in golang-jwt/jwt#487
• Bump crate-ci/typos from 1.40.0 to 1.41.0 by @​dependabot[bot] in golang-jwt/jwt#490
• Bump crate-ci/typos from 1.41.0 to 1.42.1 by @​dependabot[bot] in golang-jwt/jwt#492

New Contributors

• @​equalsgibson made their first contribution in golang-jwt/jwt#458
• @​salrashid123 made their first contribution in golang-jwt/jwt#473
• @​EgorSheff made their first contribution in golang-jwt/jwt#417
• @​slickwilli made their first contribution in golang-jwt/jwt#414

Full Changelog: golang-jwt/jwt@v5.3.0...v5.3.1

Commits

• 7ceae61 Add release.yml for changelog configuration
• dce8e4d Set token.Signature in ParseUnverified (#414)
• 8889e20 Save signature to Token struct after successful signing (#417)
• d237f82 ci: update github-actions schedule interval to monthly
• d8dce95 Bump crate-ci/typos from 1.41.0 to 1.42.1 (#492)
• e931803 Bump crate-ci/typos from 1.40.0 to 1.41.0 (#490)
• e6a0afa Bump actions/checkout from 5 to 6 (#487)
• 9f85c9e Bump crate-ci/typos from 1.39.0 to 1.40.0 (#488)
• 60a8669 Bump actions/setup-go from 5 to 6 (#469)
• 76f5828 Remove misleading ParserOptions documentation (#484)
• Additional commits viewable in compare view

Updates github.com/moby/go-archive from 0.1.0 to 0.2.0

Release notes

Sourced from github.com/moby/go-archive's releases.

v0.2.0

What's Changed

• remove aliases for deprecated types and functions moby/go-archive#10
• chrootarchive: remove redundant "init" mitigation for CVE-2019-14271 moby/go-archive#11
• xattr: Fix OS matching moby/go-archive#20
• TestOverlayTarUntar: remove redundant cmpopts.EquateEmpty moby/go-archive#9
• go.mod: bump github.com/klauspost/compress v1.18.2 moby/go-archive#19
• gha: update actions moby/go-archive#18

Full Changelog: moby/go-archive@v0.1.0...v0.2.0

Commits

• 263611f Merge pull request #20 from thaJeztah/carry_17
• a1d4e73 Merge pull request #18 from thaJeztah/bump_gha
• da4e566 xattr: Fix OS matching.
• df87f45 Merge pull request #19 from thaJeztah/bump_deps
• 8996f22 gha: update CodeQL Action to v4
• 985c60f gha: codeql: use go stable
• 4752b25 gha: update actions/setup-go@v6
• 280f775 gha: update actions/checkout@v6
• 4c912d3 gha: update golangci/golangci-lint-action@v9
• 2cd730e go.mod: bump github.com/klauspost/compress v1.18.2
• Additional commits viewable in compare view

Updates github.com/moby/moby/api from 1.54.0 to 1.54.2

Release notes

Sourced from github.com/moby/moby/api's releases.

api/v1.54.2

Changelog

• api/docs: cleanup changelog. moby/moby#52379
• api/docs: lower deprecation heading to a h4. moby/moby#52315
• api/docs: restore API docs and change-logs for API v1.0 - v1.23. moby/moby#52312
• api: align Topology swagger with Segments JSON shape. moby/moby#52358

Full Changelog: moby/moby@api/v1.54.1...api/v1.54.2

api/v1.54.1

Changelog

• api/types/network: add Port.Port() method to return the port-number as a string. moby/moby#52165
• api, client: add //go:fix inline directives to deprecated functions. moby/moby#52178
• api, client: go.mod: remove patch version. moby/moby#52174
• api/types/network: fix handling of unmapped ports (ephemeral ports). moby/moby#52288

Full Changelog: moby/moby@api/v1.54.0...api/v1.54.1

Commits

• 6cbde19 Merge pull request #52387 from renovate-bot/renovate/golang-x
• b602ac9 Merge pull request #52413 from justincormack/update-justin
• d1a966e Merge pull request #51049 from thaJeztah/bump_memberlist_serf
• 463f4c0 No longer a reviewer; update email address
• 3ede246 Merge pull request #52410 from renovate-bot/renovate/github.com-aws-smithy-go...
• 179985c Merge pull request #52358 from geekcoderr/52355-topology-swagger
• 98c7106 vendor: github.com/hashicorp/memberlist v0.5.4, hashicorp/serf v0.10.2
• b29d903Description has been truncated