fix(deps): Update Go

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
github.com/stacklok/frizbee	v0.0.16 → v0.1.8
github.com/stretchr/testify	v1.10.0 → v1.11.1

---

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

---

Release Notes

stacklok/frizbee (github.com/stacklok/frizbee)

v0.1.8

Compare Source

What's Changed

• Bump golang.org/x/sync from 0.12.0 to 0.13.0 by @​dependabot[bot] in #​239
• Bump github.com/moby/buildkit from 0.20.2 to 0.21.0 by @​dependabot[bot] in #​240
• Add SARIF output and upload to Trivy workflow by @​JAORMX in #​241
• Bump github.com/moby/buildkit from 0.21.0 to 0.21.1 by @​dependabot[bot] in #​243
• Bump golang.org/x/sync from 0.13.0 to 0.14.0 by @​dependabot[bot] in #​244
• Bump github.com/google/go-containerregistry from 0.20.3 to 0.20.4 by @​dependabot[bot] in #​249
• Bump github.com/google/go-containerregistry from 0.20.4 to 0.20.5 by @​dependabot[bot] in #​251
• Bump github.com/moby/buildkit from 0.21.1 to 0.22.0 by @​dependabot[bot] in #​250
• Bump github.com/google/go-containerregistry from 0.20.5 to 0.20.6 by @​dependabot[bot] in #​254
• Bump github.com/moby/buildkit from 0.22.0 to 0.23.2 by @​dependabot[bot] in #​257
• fix: strip quotes from uses field by @​datosh in #​260
• Bump golang.org/x/sync from 0.14.0 to 0.16.0 by @​dependabot[bot] in #​259
• chore: Configure Renovate by @​renovate[bot] in #​262
• chore(deps): update actions/upload-artifact action to v4.6.2 by @​renovate[bot] in #​272
• chore(deps): update anchore/sbom-action action to v0.20.4 by @​renovate[bot] in #​273
• chore(deps): update aquasecurity/trivy-action action to v0.32.0 by @​renovate[bot] in #​274
• chore(deps): update sigstore/cosign-installer action to v3.9.2 by @​renovate[bot] in #​275
• chore(deps): update actions/download-artifact action to v4.3.0 by @​renovate[bot] in #​271
• chore(deps): update coverallsapp/github-action action to v2.3.6 by @​renovate[bot] in #​269
• chore(deps): update actions/checkout digest by @​renovate[bot] in #​263
• chore(deps): update dependency go to v1.24.6 by @​renovate[bot] in #​270
• chore(deps): update goreleaser/goreleaser-action digest to 5742e2a by @​renovate[bot] in #​268
• chore(deps): update golangci/golangci-lint-action digest to 3a91952 by @​renovate[bot] in #​267
• chore(deps): update github/codeql-action digest by @​renovate[bot] in #​266
• chore(deps): update actions/setup-go digest to 19bb512 by @​renovate[bot] in #​264
• chore(deps): update slsa-framework/slsa-github-generator action to v2.1.0 by @​renovate[bot] in #​276
• chore(deps): update slsa-framework/slsa-verifier action to v2.7.1 by @​renovate[bot] in #​277
• chore(deps): update actions/download-artifact action to v5 - autoclosed by @​renovate[bot] in #​279
• chore(deps): update actions/checkout action to v4 by @​renovate[bot] in #​278
• chore(deps): update actions/setup-go action to v5 by @​renovate[bot] in #​280
• chore(deps): update github/codeql-action action to v3 by @​renovate[bot] in #​281
• chore(deps): update goreleaser/goreleaser-action action to v6 by @​renovate[bot] in #​283
• Bump github.com/stretchr/testify from 1.10.0 to 1.11.1 by @​dependabot[bot] in #​294
• chore(deps): update anchore/sbom-action action to v0.20.5 by @​renovate[bot] in #​292
• chore(deps): update goreleaser/goreleaser-action digest to e435ccd by @​renovate[bot] in #​291
• chore(deps): update aquasecurity/trivy-action action to v0.33.0 by @​renovate[bot] in #​295
• chore(deps): update github/codeql-action digest to d3678e2 by @​renovate[bot] in #​289
• Bump github.com/spf13/cobra from 1.9.1 to 1.10.1 by @​dependabot[bot] in #​296
• chore(deps): update aquasecurity/trivy-action action to v0.33.1 by @​renovate[bot] in #​301
• Bump golang.org/x/sync from 0.16.0 to 0.17.0 by @​dependabot[bot] in #​300
• Bump github.com/moby/buildkit from 0.23.2 to 0.24.0 by @​dependabot[bot] in #​299
• chore(deps): update actions/checkout digest to 08eba0b by @​renovate[bot] in #​287
• chore(deps): update golangci/golangci-lint-action action to v8 by @​renovate[bot] in #​282
• Fix tablewriter API compatibility for v1.0.9 dependency upgrade by @​Copilot in #​302
• Fix the linter failing by @​rdimitrov in #​305
• chore(deps): update sigstore/cosign-installer action to v3.10.0 by @​renovate[bot] in #​306
• chore(deps): bump github.com/moby/buildkit from 0.24.0 to 0.25.1 by @​dependabot[bot] in #​316
• chore(deps): update github/codeql-action action to v4 by @​renovate[bot] in #​315
• chore(deps): update dependency go to v1.25.2 by @​renovate[bot] in #​314
• chore(deps): update github artifact actions (major) by @​renovate[bot] in #​321
• Pins go and bumps dependencies by @​rdimitrov in #​342
• chore(deps): update actions/checkout action to v6 by @​renovate[bot] in #​344
• chore(deps): update actions/setup-go digest to 40f1582 by @​renovate[bot] in #​343
• chore(deps): update anchore/sbom-action action to v0.22.1 by @​renovate[bot] in #​307
• chore(deps): update github/codeql-action digest to b20883b by @​renovate[bot] in #​311
• chore(deps): update sigstore/cosign-installer action to v3.10.1 - autoclosed by @​renovate[bot] in #​319
• chore(deps): update golangci/golangci-lint-action action to v9 by @​renovate[bot] in #​325
• chore(deps): update sigstore/cosign-installer action to v4 by @​renovate[bot] in #​320
• Update goreleaser by @​rdimitrov in #​345

New Contributors

• @​datosh made their first contribution in #​260
• @​renovate[bot] made their first contribution in #​262
• @​Copilot made their first contribution in #​302

Full Changelog: stacklok/frizbee@v0.1.7...v0.1.8

v0.1.7

Compare Source

What's Changed

• Bump github.com/go-git/go-billy/v5 from 5.6.0 to 5.6.1 by @​dependabot in #​224
• chore: fix typos by @​chenrui333 in #​226
• chore: update golangci-lint by @​chenrui333 in #​225
• Bump github.com/moby/buildkit from 0.18.2 to 0.19.0 by @​dependabot in #​229
• Bump github.com/google/go-containerregistry from 0.20.2 to 0.20.3 by @​dependabot in #​228
• Bump github.com/go-git/go-billy/v5 from 5.6.1 to 5.6.2 by @​dependabot in #​227
• Bump github.com/spf13/cobra from 1.8.1 to 1.9.1 by @​dependabot in #​231
• Bump golang.org/x/sync from 0.10.0 to 0.11.0 by @​dependabot in #​230
• Bump github.com/moby/buildkit from 0.19.0 to 0.20.0 by @​dependabot in #​232
• feat: implement --error by @​cedws in #​237
• Bump golang.org/x/sync from 0.11.0 to 0.12.0 by @​dependabot in #​233
• Bump github.com/moby/buildkit from 0.20.0 to 0.20.2 by @​dependabot in #​238
• Bump github.com/deckarep/golang-set/v2 from 2.7.0 to 2.8.0 by @​dependabot in #​235

New Contributors

• @​cedws made their first contribution in #​237

Full Changelog: stacklok/frizbee@v0.1.6...v0.1.7

v0.1.6

Compare Source

What's Changed

• Temporarily disable publishing to winget by @​rdimitrov in #​222

Full Changelog: stacklok/frizbee@v0.1.5...v0.1.6

v0.1.5

Compare Source

What's Changed

• Remove the homebrew token from releaser.yml by @​rdimitrov in #​203
• Bump github.com/go-git/go-billy/v5 from 5.5.0 to 5.6.0 by @​dependabot in #​204
• Bump github.com/moby/buildkit from 0.16.0 to 0.17.0 by @​dependabot in #​205
• chore(deps): update to go 1.23 and go-github 66 by @​chenrui333 in #​207
• Bump github.com/moby/buildkit from 0.17.0 to 0.17.1 by @​dependabot in #​210
• Bump golang.org/x/sync from 0.8.0 to 0.9.0 by @​dependabot in #​211
• Bump trivy action and add mirrors. by @​blkt in #​213
• Resolve commit ref correctly. by @​blkt in #​212
• Bump github.com/stretchr/testify from 1.9.0 to 1.10.0 by @​dependabot in #​215
• Bump github.com/moby/buildkit from 0.17.1 to 0.17.2 by @​dependabot in #​214
• Bump github.com/moby/buildkit from 0.17.2 to 0.18.0 by @​dependabot in #​216
• Bump github.com/moby/buildkit from 0.18.0 to 0.18.1 by @​dependabot in #​217
• Bump github.com/deckarep/golang-set/v2 from 2.6.0 to 2.7.0 by @​dependabot in #​218
• Bump golang.org/x/sync from 0.9.0 to 0.10.0 by @​dependabot in #​219
• Bump github.com/moby/buildkit from 0.18.1 to 0.18.2 by @​dependabot in #​220

New Contributors

• @​blkt made their first contribution in #​213

Full Changelog: stacklok/frizbee@v0.1.4...v0.1.5

v0.1.4

Compare Source

What's Changed

• Stop releasing a brew formula to stacklok/tap by @​rdimitrov in #​202

Full Changelog: stacklok/frizbee@v0.1.3...v0.1.4

v0.1.3

Compare Source

What's Changed

• Bump actions/upload-artifact from 4.3.6 to 4.4.0 by @​dependabot in #​199
• Bump github.com/moby/buildkit from 0.15.2 to 0.16.0 by @​dependabot in #​200
• Patch 3 by @​joergi in #​201

New Contributors

• @​joergi made their first contribution in #​201

Full Changelog: stacklok/frizbee@v0.1.2...v0.1.3

v0.1.2

Compare Source

What's Changed

• Output certificate as part of frizbee release by @​JAORMX in #​196
• Bump anchore/sbom-action from 0.17.1 to 0.17.2 by @​dependabot in #​197
• Add cert string to goreleaser configuration by @​JAORMX in #​198

Full Changelog: stacklok/frizbee@v0.1.1...v0.1.2

v0.1.1

Compare Source

What's Changed

• Use unchanging version tag in tests by @​eleftherias in #​187
• Bump golangci/golangci-lint-action from 6.0.1 to 6.1.0 by @​eleftherias in #​188
• Bump github.com/moby/buildkit from 0.15.0 to 0.15.1 by @​dependabot in #​185
• Bump actions/upload-artifact from 4.3.4 to 4.3.5 by @​dependabot in #​189
• Bump golang.org/x/sync from 0.7.0 to 0.8.0 by @​dependabot in #​190
• Bump github.com/google/go-containerregistry from 0.20.1 to 0.20.2 by @​dependabot in #​191
• Bump actions/upload-artifact from 4.3.5 to 4.3.6 by @​dependabot in #​192
• Bump sigstore/cosign-installer from 3.5.0 to 3.6.0 by @​dependabot in #​193
• Bump anchore/sbom-action from 0.17.0 to 0.17.1 by @​dependabot in #​194
• Bump github.com/moby/buildkit from 0.15.1 to 0.15.2 by @​dependabot in #​195

New Contributors

• @​eleftherias made their first contribution in #​187

Full Changelog: stacklok/frizbee@v0.1.0...v0.1.1

v0.1.0

Compare Source

What's Changed

• Bump github.com/moby/buildkit from 0.14.0 to 0.14.1 by @​dependabot in #​162
• Add readme entry pointing to the github action by @​lukehinds in #​163
• Bump buf hashes again by @​jhrozek in #​166
• Update Contributor License Agreement link in CONTRIBUTING.md by @​staceypotter in #​165
• Update Contributing & Community section in README.md by @​staceypotter in #​164
• Bump actions/upload-artifact from 4.3.3 to 4.3.4 by @​dependabot in #​169
• Bump actions/download-artifact from 4.1.7 to 4.1.8 by @​dependabot in #​168
• Bump github.com/google/go-containerregistry from 0.19.2 to 0.20.0 by @​dependabot in #​170
• Bump anchore/sbom-action from 0.16.0 to 0.16.1 by @​dependabot in #​171
• Bump aquasecurity/trivy-action from 0.23.0 to 0.24.0 by @​dependabot in #​172
• Bump actions/setup-go from 5.0.1 to 5.0.2 by @​dependabot in #​173
• Bump github.com/moby/buildkit from 0.14.1 to 0.15.0 by @​dependabot in #​174
• docs: update to use core tap by @​chenrui333 in #​176
• chore: improve release binary by @​chenrui333 in #​177
• Bump slsa-framework/slsa-verifier from 2.5.1 to 2.6.0 by @​dependabot in #​179
• Bump anchore/sbom-action from 0.16.1 to 0.17.0 by @​dependabot in #​178
• Bump github.com/google/go-containerregistry from 0.20.0 to 0.20.1 by @​dependabot in #​180
• Only ignore main and master, not all branches when pinning actions by @​jhrozek in #​181
• Fix the default configuration note in README by @​jhrozek in #​182

New Contributors

• @​lukehinds made their first contribution in #​163
• @​staceypotter made their first contribution in #​165
• @​chenrui333 made their first contribution in #​176

Full Changelog: stacklok/frizbee@v0.0.20...v0.1.0

v0.0.20

Compare Source

What's Changed

• Bump actions/checkout from 4.1.6 to 4.1.7 by @​dependabot in #​152
• Fix unit test hash reference and bump cobra and go-containerregistry by @​rdimitrov in #​156
• Bump aquasecurity/trivy-action from 0.22.0 to 0.23.0 by @​dependabot in #​160
• Add option to filter image names or tags, parser fixes by @​jhrozek in #​159
• Always ignore the scratch image even with an empty config by @​jhrozek in #​161

Full Changelog: stacklok/frizbee@v0.0.19...v0.0.20

v0.0.19

What's Changed

• Bump goreleaser/goreleaser-action from 5.1.0 to 6.0.0 by @​dependabot in #​141
• Bump aquasecurity/trivy-action from 0.21.0 to 0.22.0 by @​dependabot in #​142
• Fix version variable path in goreleaser config by @​JAORMX in #​144
• Update goreleaser to v2 by @​rdimitrov in #​145
• Rename folder to directory field by @​rdimitrov in #​146
• Fix missing ldflags while releasing by @​rdimitrov in #​147

Full Changelog: stacklok/frizbee@v0.0.16...v0.0.19

stretchr/testify (github.com/stretchr/testify)

v1.11.1

Compare Source

This release fixes #​1785 introduced in v1.11.0 where expected argument values implementing the stringer interface (String() string) with a method which mutates their value, when passed to mock.Mock.On (m.On("Method", <expected>).Return()) or actual argument values passed to mock.Mock.Called may no longer match one another where they previously did match. The behaviour prior to v1.11.0 where the stringer is always called is restored. Future testify releases may not call the stringer method at all in this case.

What's Changed

• Backport #​1786 to release/1.11: mock: revert to pre-v1.11.0 argument matching behavior for mutating stringers by @​brackendawson in #​1788

Full Changelog: stretchr/testify@v1.11.0...v1.11.1

v1.11.0

Compare Source

What's Changed

Functional Changes

v1.11.0 Includes a number of performance improvements.

• Call stack perf change for CallerInfo by @​mikeauclair in #​1614
• Lazily render mock diff output on successful match by @​mikeauclair in #​1615
• assert: check early in Eventually, EventuallyWithT, and Never by @​cszczepaniak in #​1427
• assert: add IsNotType by @​bartventer in #​1730
• assert.JSONEq: shortcut if same strings by @​dolmen in #​1754
• assert.YAMLEq: shortcut if same strings by @​dolmen in #​1755
• assert: faster and simpler isEmpty using reflect.Value.IsZero by @​dolmen in #​1761
• suite: faster methods filtering (internal refactor) by @​dolmen in #​1758

Fixes

• assert.ErrorAs: log target type by @​craig65535 in #​1345
• Fix failure message formatting for Positive and Negative asserts in #​1062
• Improve ErrorIs message when error is nil but an error was expected by @​tsioftas in #​1681
• fix Subset/NotSubset when calling with mixed input types by @​siliconbrain in #​1729
• Improve ErrorAs failure message when error is nil by @​ccoVeille in #​1734
• mock.AssertNumberOfCalls: improve error msg by @​3scalation in #​1743

Documentation, Build & CI

• docs: Fix typo in README by @​alexandear in #​1688
• Replace deprecated io/ioutil with io and os by @​alexandear in #​1684
• Document consequences of calling t.FailNow() by @​greg0ire in #​1710
• chore: update docs for Unset #​1621 by @​techfg in #​1709
• README: apply gofmt to examples by @​alexandear in #​1687
• refactor: use %q and %T to simplify fmt.Sprintf by @​alexandear in #​1674
• Propose Christophe Colombier (ccoVeille) as approver by @​brackendawson in #​1716
• Update documentation for the Error function in assert or require package by @​architagr in #​1675
• assert: remove deprecated build constraints by @​alexandear in #​1671
• assert: apply gofumpt to internal test suite by @​ccoVeille in #​1739
• CI: fix shebang in .ci.*.sh scripts by @​dolmen in #​1746
• assert,require: enable parallel testing on (almost) all top tests by @​dolmen in #​1747
• suite.Passed: add one more status test report by @​Ararsa-Derese in #​1706
• Add Helper() method in internal mocks and assert.CollectT by @​dolmen in #​1423
• assert.Same/NotSame: improve usage of Sprintf by @​ccoVeille in #​1742
• mock: enable parallel testing on internal testsuite by @​dolmen in #​1756
• suite: cleanup use of 'testing' internals at runtime by @​dolmen in #​1751
• assert: check test failure message for Empty and NotEmpty by @​ccoVeille in #​1745
• deps: fix dependency cycle with objx (again) by @​dolmen in #​1567
• assert.Empty: comprehensive doc of "Empty"-ness rules by @​dolmen in #​1753
• doc: improve godoc of top level 'testify' package by @​dolmen in #​1760
• assert.ErrorAs: simplify retrieving the type name by @​ccoVeille in #​1740
• assert.EqualValues: improve test coverage to 100% by @​dolmen in #​1763
• suite.Run: simplify running of Setup/TeardownSuite by @​renzoarreaza in #​1769
• assert.CallerInfo: micro optimization by using LastIndexByte by @​dolmen in #​1767
• assert.CallerInfo: micro cleanup by @​dolmen in #​1768
• assert: refactor TestFileExists and TestDirExists tests to enable parallel testing by @​dolmen in #​1766
• suite.Run: refactor handling of stats for improved readability by @​dolmen in #​1764
• tests: improve captureTestingT helper by @​ccoVeille in #​1741
• build(deps): bump actions/checkout from 4 to 5 by @​dependabot[bot] in #​1778

New Contributors

• @​greg0ire made their first contribution in #​1710
• @​techfg made their first contribution in #​1709
• @​mikeauclair made their first contribution in #​1614
• @​cszczepaniak made their first contribution in #​1427
• @​architagr made their first contribution in #​1675
• @​tsioftas made their first contribution in #​1681
• @​siliconbrain made their first contribution in #​1729
• @​bartventer made their first contribution in #​1730
• @​Ararsa-Derese made their first contribution in #​1706
• @​renzoarreaza made their first contribution in #​1769
• @​3scalation made their first contribution in #​1743

Full Changelog: stretchr/testify@v1.10.0...v1.11.0

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[cloudflare-workers-and-pages]

Deploying pinned-actions with    Cloudflare Pages

Latest commit:	1fbc758
Status:	✅  Deploy successful!
Preview URL:	https://1e77126d.pinned-actions.pages.dev
Branch Preview URL:	https://renovate-go.pinned-actions.pages.dev

View logs

[renovate]

ℹ️ Artifact update notice

File name: go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

• 22 additional dependencies were updated
• The go directive was updated for compatibility reasons

Details:

Package	Change
go	1.22.0 -> 1.25.0
github.com/Microsoft/go-winio	v0.6.1 -> v0.6.2
github.com/ProtonMail/go-crypto	v1.1.3 -> v1.3.0
github.com/cloudflare/circl	v1.3.7 -> v1.6.1
github.com/containerd/stargz-snapshotter/estargz	v0.14.3 -> v0.18.1
github.com/cyphar/filepath-securejoin	v0.2.5 -> v0.6.0
github.com/deckarep/golang-set/v2	v2.6.0 -> v2.8.0
github.com/docker/cli	v24.0.0+incompatible -> v29.1.4+incompatible
github.com/docker/distribution	v2.8.2+incompatible -> v2.8.3+incompatible
github.com/docker/docker-credential-helpers	v0.7.0 -> v0.9.5
github.com/go-git/go-billy/v5	v5.6.0 -> v5.7.0
github.com/golang/groupcache	v0.0.0-20210331224755-41bb18bfe9da -> v0.0.0-20241129210726-2c02b8208cf8
github.com/google/go-containerregistry	v0.19.1 -> v0.20.7
github.com/klauspost/compress	v1.16.5 -> v1.18.3
github.com/opencontainers/image-spec	v1.1.0-rc3 -> v1.1.1
github.com/sirupsen/logrus	v1.9.1 -> v1.9.4
github.com/spf13/cobra	v1.8.0 -> v1.10.2
github.com/spf13/pflag	v1.0.5 -> v1.0.10
github.com/vbatts/tar-split	v0.11.3 -> v0.12.2
golang.org/x/crypto	v0.31.0 -> v0.46.0
golang.org/x/net	v0.33.0 -> v0.48.0
golang.org/x/sync	v0.10.0 -> v0.19.0
golang.org/x/sys	v0.28.0 -> v0.40.0