chore(deps): bump the go_modules group across 3 directories with 5 updates by dependabot[bot] · Pull Request #784 · obot-platform/tools

dependabot · 2026-03-05T03:25:02Z

Bumps the go_modules group with 1 update in the /credential-stores directory: filippo.io/edwards25519.
Bumps the go_modules group with 2 updates in the /knowledge directory: github.com/go-git/go-git/v5 and github.com/cloudflare/circl.
Bumps the go_modules group with 4 updates in the /tests directory: github.com/modelcontextprotocol/go-sdk, github.com/go-git/go-git/v5, github.com/cloudflare/circl and github.com/docker/cli.

Updates filippo.io/edwards25519 from 1.1.0 to 1.1.1

Commits

d1c650a extra: initialize receiver in MultiScalarMult
See full diff in compare view

Updates github.com/go-git/go-git/v5 from 5.16.3 to 5.16.5

Release notes

Sourced from github.com/go-git/go-git/v5's releases.

v5.16.5

What's Changed

build: Update module golang.org/x/crypto to v0.45.0 [SECURITY] (releases/v5.x) by @go-git-renovate[bot] in go-git/go-git#1744

build: Bump Go test versions to 1.23-1.25 (v5) by @pjbgf in go-git/go-git#1746

[v5] git: worktree, Don't delete local untracked files when resetting worktree by @Ch00k in go-git/go-git#1800

Expand packfile checks by @pjbgf in go-git/go-git#1836

Full Changelog: go-git/go-git@v5.16.4...v5.16.5

v5.16.4

What's Changed

backport plumbing: format/idxfile, prevent panic by @swills in go-git/go-git#1732

[backport] build: test, Fix build on Windows. by @pjbgf in go-git/go-git#1734

build: Update module golang.org/x/net to v0.38.0 [SECURITY] (releases/v5.x) by @go-git-renovate[bot] in go-git/go-git#1742

build: Update module github.com/cloudflare/circl to v1.6.1 [SECURITY] (releases/v5.x) by @go-git-renovate[bot] in go-git/go-git#1741

build: Update module github.com/go-git/go-git/v5 to v5.13.0 [SECURITY] (releases/v5.x) by @go-git-renovate[bot] in go-git/go-git#1743

Full Changelog: go-git/go-git@v5.16.3...v5.16.4

Commits

48a1ae0 Merge pull request #1836 from go-git/check-v5
42bdf1f storage: filesystem, Verify idx matches pack file
4146a56 plumbing: format/idxfile, Verify idxfile's checksum
63d78ec plumbing: format/packfile, Add new ErrMalformedPackFile
25f1624 Merge pull request #1800 from Ch00k/no-delete-untracked-v5
600fb13 git: worktree, Don't delete local untracked files when resetting worktree
390a569 Merge pull request #1746 from pjbgf/bump-go
61c8b85 build: Bump Go test versions to 1.23-1.25 (v5)
e5a05ec Merge pull request #1744 from go-git/renovate/releases/v5.x-go-golang.org-x-c...
1495930 plumbing: Remove use of non-constant format strings
Additional commits viewable in compare view

Updates github.com/cloudflare/circl from 1.6.1 to 1.6.3

Release notes

Sourced from github.com/cloudflare/circl's releases.

CIRCL v1.6.3

Fix a bug on ecc/p384 scalar multiplication.

What's Changed

sign/mldsa: Check opts for nil value by @armfazh in cloudflare/circl#582

ecc/p384: Point addition must handle point doubling case. by @armfazh in cloudflare/circl#583

Release CIRCL v1.6.3 by @armfazh in cloudflare/circl#584

Full Changelog: cloudflare/circl@v1.6.2...v1.6.3

CIRCL v1.6.2

New SLH-DSA, improvements in ML-DSA for arm64.

Tested compilation on WASM.

What's Changed

Optimize pairing product computation by moving exponentiations to G1. by @dfaranha in cloudflare/circl#547

sign: Adding SLH-DSA signature by @armfazh in cloudflare/circl#512

Update code generators to CIRCL v1.6.1. by @armfazh in cloudflare/circl#548

ML-DSA: Add preliminary Wycheproof test vectors by @bwesterb in cloudflare/circl#552

go fmt by @bwesterb in cloudflare/circl#554

gz-compressing test vectors, use of HexBytes and ReadGzip functions. by @armfazh in cloudflare/circl#555

group: Removes use of elliptic Marshal and Unmarshal functions. by @armfazh in cloudflare/circl#556

Support encoding/decoding ML-DSA private keys (as long as they contain seeds) by @bwesterb in cloudflare/circl#559

Update to golangci-lint v2 by @bwesterb in cloudflare/circl#560

Preparation for ARM64 Implementation of poly operations for dilithium package. by @elementrics in cloudflare/circl#562

prepare power2Round for custom implementations in assembly by @elementrics in cloudflare/circl#564

ARM64 implementation for poly.PackLe16 by @elementrics in cloudflare/circl#563

add arm64 version of polyMulBy2toD by @elementrics in cloudflare/circl#565

add arm64 version of polySub by @elementrics in cloudflare/circl#566

group: add byteLen method for short groups and RandomScalar uses rand.Int by @armfazh in cloudflare/circl#568

add arm64 version of poly.Add/Sub by @elementrics in cloudflare/circl#572

group: Adding cryptobyte marshaling to scalars by @armfazh in cloudflare/circl#569

Bumping up to Go1.25 by @armfazh in cloudflare/circl#574

ci: Including WASM compilation. by @armfazh in cloudflare/circl#577

Revert to using package-declared HPKE errors for shortkem instead of standard library errors by @harshiniwho in cloudflare/circl#578

Release v1.6.2 by @armfazh in cloudflare/circl#579

New Contributors

@dfaranha made their first contribution in cloudflare/circl#547

@elementrics made their first contribution in cloudflare/circl#562

@harshiniwho made their first contribution in cloudflare/circl#578

Full Changelog: cloudflare/circl@v1.6.1...v1.6.2

Commits

24ae53c Release CIRCL v1.6.3
581020b Rename method to oddMultiplesProjective.
12209a4 Removing unused cmov for jacobian points.
fcba359 ecc/p384: use of complete projective formulas for scalar multiplication.
5e1bae8 ecc/p384: handle point doubling in point addition with Jacobian coordinates.
3416046 Check opts for nil value.
a763d47 Release CIRCL v1.6.2
3c70bf9 Bump x/crypto x/sys dependencies.
3f0f15b Revert to using package-declared HPKE errors for shortkem instead of standard...
23491bd Adding generic Power2Round method.
Additional commits viewable in compare view

Updates github.com/modelcontextprotocol/go-sdk from 0.2.0 to 1.3.1

Release notes

Sourced from github.com/modelcontextprotocol/go-sdk's releases.

v1.3.1

This release is a patch release for v1.3.0.

It contains a cherry-pick for a security issue reported in #805, which takes advantage of the default behavior of Go's standard library JSON decoder that allows case-insensitive matches to struct field names (or "json" tags). The issue has been addressed by changing the JSON decoder to one that supports case sensitive matching.

Fixes

all: use case-sensitive JSON unmarshaling by @maciej-kisiel in modelcontextprotocol/go-sdk#807

New external dependencies

https://github.com/segmentio/encoding, which is the package that provides the new decoder.

Full Changelog: modelcontextprotocol/go-sdk@v1.3.0...v1.3.1

v1.3.0

This release is equivalent to v1.3.0-pre.1. Thank you to those who tested the pre-release.

This release includes several enhancements and bugfixes. Worth mentioning is the addition of schema caching, which significantly improves the performance in some stateless server deployment scenarios.

Dependency updates

go.mod: upgrade to jsonschema v0.4.2 by @jba in modelcontextprotocol/go-sdk#732

Enhancements

perf: add schema caching to avoid repeated reflection by @SamMorrowDrums in modelcontextprotocol/go-sdk#685

mcp: add DisableListening option to StreamableClientTransport by @zxxf18 in modelcontextprotocol/go-sdk#729

feat: deprecated logger in client & add Logger in ClientOption by @CocaineCong in modelcontextprotocol/go-sdk#738

feat: deleted the old logger in client by @CocaineCong in modelcontextprotocol/go-sdk#744

Export GetError and SetError methods by @jba in modelcontextprotocol/go-sdk#753

Bugfixes

fix: connectStandaloneSSE checking Content-Type header by @liushuangls in modelcontextprotocol/go-sdk#736

mcp: fix SSEClientTransport to report HTTP errors properly by @hassan123789 in modelcontextprotocol/go-sdk#740

mcp: add Allow header to 405 responses per RFC 9110 §15.5.6 by @SamMorrowDrums in modelcontextprotocol/go-sdk#757

mcp: fix a race condition in logging by @maciej-kisiel in modelcontextprotocol/go-sdk#761

Chores

docs: adds SDK version support matrix by @La002 in modelcontextprotocol/go-sdk#737

.github/workflows: add nightly conformance tests by @findleyr in modelcontextprotocol/go-sdk#752

New Contributors

@La002 made their first contribution in modelcontextprotocol/go-sdk#737

@hassan123789 made their first contribution in modelcontextprotocol/go-sdk#740

@liushuangls made their first contribution in modelcontextprotocol/go-sdk#736

@CocaineCong made their first contribution in modelcontextprotocol/go-sdk#738

@zxxf18 made their first contribution in modelcontextprotocol/go-sdk#729

@SamMorrowDrums made their first contribution in modelcontextprotocol/go-sdk#685

@maciej-kisiel made their first contribution in modelcontextprotocol/go-sdk#761

Full Changelog: modelcontextprotocol/go-sdk@v1.2.0...v1.3.0

... (truncated)

Commits

6e8ca56 all: use case-sensitive JSON unmarshaling (#807)
6b75899 mcp: fix a race condition in logging
52e03de mcp: add Allow header to 405 responses per RFC 9110 §15.5.6 (#757)
c2c7edc perf: add schema caching to avoid repeated reflection (#685)
3381035 .github/workflows: add nightly conformance tests
13488f7 Export GetError and SetError methods (#753)
b4f957f mcp: add DisableListening option to StreamableClientTransport (#729)
a225d4d delete the old logger in client (#744)
61be548 feat: deprecated logger in client & add Logger in ClientOption (#738)
e66c23f mcp: fix connectStandaloneSSE checking Content-Type header (#736)
Additional commits viewable in compare view

Updates github.com/go-git/go-git/v5 from 5.16.3 to 5.16.5

Release notes

Sourced from github.com/go-git/go-git/v5's releases.

v5.16.5

What's Changed

build: Update module golang.org/x/crypto to v0.45.0 [SECURITY] (releases/v5.x) by @go-git-renovate[bot] in go-git/go-git#1744

build: Bump Go test versions to 1.23-1.25 (v5) by @pjbgf in go-git/go-git#1746

[v5] git: worktree, Don't delete local untracked files when resetting worktree by @Ch00k in go-git/go-git#1800

Expand packfile checks by @pjbgf in go-git/go-git#1836

Full Changelog: go-git/go-git@v5.16.4...v5.16.5

v5.16.4

What's Changed

backport plumbing: format/idxfile, prevent panic by @swills in go-git/go-git#1732

[backport] build: test, Fix build on Windows. by @pjbgf in go-git/go-git#1734

build: Update module golang.org/x/net to v0.38.0 [SECURITY] (releases/v5.x) by @go-git-renovate[bot] in go-git/go-git#1742

build: Update module github.com/cloudflare/circl to v1.6.1 [SECURITY] (releases/v5.x) by @go-git-renovate[bot] in go-git/go-git#1741

build: Update module github.com/go-git/go-git/v5 to v5.13.0 [SECURITY] (releases/v5.x) by @go-git-renovate[bot] in go-git/go-git#1743

Full Changelog: go-git/go-git@v5.16.3...v5.16.4

Commits

48a1ae0 Merge pull request #1836 from go-git/check-v5
42bdf1f storage: filesystem, Verify idx matches pack file
4146a56 plumbing: format/idxfile, Verify idxfile's checksum
63d78ec plumbing: format/packfile, Add new ErrMalformedPackFile
25f1624 Merge pull request #1800 from Ch00k/no-delete-untracked-v5
600fb13 git: worktree, Don't delete local untracked files when resetting worktree
390a569 Merge pull request #1746 from pjbgf/bump-go
61c8b85 build: Bump Go test versions to 1.23-1.25 (v5)
e5a05ec Merge pull request #1744 from go-git/renovate/releases/v5.x-go-golang.org-x-c...
1495930 plumbing: Remove use of non-constant format strings
Additional commits viewable in compare view

Updates github.com/cloudflare/circl from 1.6.1 to 1.6.3

Release notes

Sourced from github.com/cloudflare/circl's releases.

CIRCL v1.6.3

Fix a bug on ecc/p384 scalar multiplication.

What's Changed

sign/mldsa: Check opts for nil value by @armfazh in cloudflare/circl#582

ecc/p384: Point addition must handle point doubling case. by @armfazh in cloudflare/circl#583

Release CIRCL v1.6.3 by @armfazh in cloudflare/circl#584

Full Changelog: cloudflare/circl@v1.6.2...v1.6.3

CIRCL v1.6.2

New SLH-DSA, improvements in ML-DSA for arm64.

Tested compilation on WASM.

What's Changed

Optimize pairing product computation by moving exponentiations to G1. by @dfaranha in cloudflare/circl#547

sign: Adding SLH-DSA signature by @armfazh in cloudflare/circl#512

Update code generators to CIRCL v1.6.1. by @armfazh in cloudflare/circl#548

ML-DSA: Add preliminary Wycheproof test vectors by @bwesterb in cloudflare/circl#552

go fmt by @bwesterb in cloudflare/circl#554

gz-compressing test vectors, use of HexBytes and ReadGzip functions. by @armfazh in cloudflare/circl#555

group: Removes use of elliptic Marshal and Unmarshal functions. by @armfazh in cloudflare/circl#556

Support encoding/decoding ML-DSA private keys (as long as they contain seeds) by @bwesterb in cloudflare/circl#559

Update to golangci-lint v2 by @bwesterb in cloudflare/circl#560

Preparation for ARM64 Implementation of poly operations for dilithium package. by @elementrics in cloudflare/circl#562

prepare power2Round for custom implementations in assembly by @elementrics in cloudflare/circl#564

ARM64 implementation for poly.PackLe16 by @elementrics in cloudflare/circl#563

add arm64 version of polyMulBy2toD by @elementrics in cloudflare/circl#565

add arm64 version of polySub by @elementrics in cloudflare/circl#566

group: add byteLen method for short groups and RandomScalar uses rand.Int by @armfazh in cloudflare/circl#568

add arm64 version of poly.Add/Sub by @elementrics in cloudflare/circl#572

group: Adding cryptobyte marshaling to scalars by @armfazh in cloudflare/circl#569

Bumping up to Go1.25 by @armfazh in cloudflare/circl#574

ci: Including WASM compilation. by @armfazh in cloudflare/circl#577

Revert to using package-declared HPKE errors for shortkem instead of standard library errors by @harshiniwho in cloudflare/circl#578

Release v1.6.2 by @armfazh in cloudflare/circl#579

New Contributors

@dfaranha made their first contribution in cloudflare/circl#547

@elementrics made their first contribution in cloudflare/circl#562

@harshiniwho made their first contribution in cloudflare/circl#578

Full Changelog: cloudflare/circl@v1.6.1...v1.6.2

Commits

24ae53c Release CIRCL v1.6.3
581020b Rename method to oddMultiplesProjective.
12209a4 Removing unused cmov for jacobian points.
fcba359 ecc/p384: use of complete projective formulas for scalar multiplication.
5e1bae8 ecc/p384: handle point doubling in point addition with Jacobian coordinates.
3416046 Check opts for nil value.
a763d47 Release CIRCL v1.6.2
3c70bf9 Bump x/crypto x/sys dependencies.
3f0f15b Revert to using package-declared HPKE errors for shortkem instead of standard...
23491bd Adding generic Power2Round method.
Additional commits viewable in compare view

Updates github.com/docker/cli from 26.0.0+incompatible to 29.2.0+incompatible

Commits

0b9d198 Merge pull request #6764 from vvoland/update-docker
9c9ec73 vendor: github.com/moby/moby/client v0.2.2
bab3e81 vendor: github.com/moby/moby/api v1.53.0
2e64fc1 Merge pull request #6367 from thaJeztah/template_slicejoin
1f2ba2a Merge pull request #6760 from thaJeztah/container_create_fix_error
e34a342 templates: make "join" work with non-string slices and map values
a86356d Merge pull request #6763 from thaJeztah/bump_mapstructure
771660a vendor: github.com/go-viper/mapstructure/v2 v2.5.0
9cff36b Merge pull request #6762 from thaJeztah/bump_x_deps
08ed2bc cli/command/container: make injecting config.json failures a warning
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
You can disable automated security fix PRs for this repo from the Security Alerts page.

…dates Bumps the go_modules group with 1 update in the /credential-stores directory: [filippo.io/edwards25519](https://github.com/FiloSottile/edwards25519). Bumps the go_modules group with 2 updates in the /knowledge directory: [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) and [github.com/cloudflare/circl](https://github.com/cloudflare/circl). Bumps the go_modules group with 4 updates in the /tests directory: [github.com/modelcontextprotocol/go-sdk](https://github.com/modelcontextprotocol/go-sdk), [github.com/go-git/go-git/v5](https://github.com/go-git/go-git), [github.com/cloudflare/circl](https://github.com/cloudflare/circl) and [github.com/docker/cli](https://github.com/docker/cli). Updates `filippo.io/edwards25519` from 1.1.0 to 1.1.1 - [Commits](FiloSottile/edwards25519@v1.1.0...v1.1.1) Updates `github.com/go-git/go-git/v5` from 5.16.3 to 5.16.5 - [Release notes](https://github.com/go-git/go-git/releases) - [Commits](go-git/go-git@v5.16.3...v5.16.5) Updates `github.com/cloudflare/circl` from 1.6.1 to 1.6.3 - [Release notes](https://github.com/cloudflare/circl/releases) - [Commits](cloudflare/circl@v1.6.1...v1.6.3) Updates `github.com/modelcontextprotocol/go-sdk` from 0.2.0 to 1.3.1 - [Release notes](https://github.com/modelcontextprotocol/go-sdk/releases) - [Commits](modelcontextprotocol/go-sdk@v0.2.0...v1.3.1) Updates `github.com/go-git/go-git/v5` from 5.16.3 to 5.16.5 - [Release notes](https://github.com/go-git/go-git/releases) - [Commits](go-git/go-git@v5.16.3...v5.16.5) Updates `github.com/cloudflare/circl` from 1.6.1 to 1.6.3 - [Release notes](https://github.com/cloudflare/circl/releases) - [Commits](cloudflare/circl@v1.6.1...v1.6.3) Updates `github.com/docker/cli` from 26.0.0+incompatible to 29.2.0+incompatible - [Commits](docker/cli@v26.0.0...v29.2.0) --- updated-dependencies: - dependency-name: filippo.io/edwards25519 dependency-version: 1.1.1 dependency-type: indirect dependency-group: go_modules - dependency-name: github.com/go-git/go-git/v5 dependency-version: 5.16.5 dependency-type: direct:production dependency-group: go_modules - dependency-name: github.com/cloudflare/circl dependency-version: 1.6.3 dependency-type: indirect dependency-group: go_modules - dependency-name: github.com/modelcontextprotocol/go-sdk dependency-version: 1.3.1 dependency-type: indirect dependency-group: go_modules - dependency-name: github.com/go-git/go-git/v5 dependency-version: 5.16.5 dependency-type: indirect dependency-group: go_modules - dependency-name: github.com/cloudflare/circl dependency-version: 1.6.3 dependency-type: indirect dependency-group: go_modules - dependency-name: github.com/docker/cli dependency-version: 29.2.0+incompatible dependency-type: indirect dependency-group: go_modules ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update go code labels Mar 5, 2026

dependabot bot mentioned this pull request Mar 5, 2026

chore(deps): bump the go_modules group across 3 directories with 4 updates #782

Closed

github-actions bot requested review from g-linville, njhale and thedadams March 5, 2026 03:25

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): bump the go_modules group across 3 directories with 5 updates#784

chore(deps): bump the go_modules group across 3 directories with 5 updates#784
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/go_modules/credential-stores/go_modules-3fe5beca32

dependabot bot commented on behalf of github Mar 5, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot bot commented on behalf of github Mar 5, 2026

v5.16.5

What's Changed

v5.16.4

What's Changed

CIRCL v1.6.3

What's Changed

CIRCL v1.6.2

What's Changed

New Contributors

v1.3.1

Fixes

New external dependencies

v1.3.0

Dependency updates

Enhancements

Bugfixes

Chores

New Contributors

v5.16.5

What's Changed

v5.16.4

What's Changed

CIRCL v1.6.3

What's Changed

CIRCL v1.6.2

What's Changed

New Contributors

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants