chore(deps): bump the go-minor-patch group across 1 directory with 3 updates

[dependabot]

Bumps the go-minor-patch group with 3 updates in the / directory: github.com/klauspost/compress, github.com/containerd/stargz-snapshotter/estargz and golang.org/x/sync.

Updates github.com/klauspost/compress from 1.18.3 to 1.18.4

Release notes

Sourced from github.com/klauspost/compress's releases.

v1.18.4

What's Changed

• gzhttp: Add zstandard to server handler wrapper by @​klauspost in klauspost/compress#1121
• zstd: Add ResetWithOptions to encoder/decoder by @​klauspost in klauspost/compress#1122
• gzhttp: preserve qvalue when extra parameters follow in Accept-Encoding by @​analytically in klauspost/compress#1116

New Contributors

• @​analytically made their first contribution in klauspost/compress#1116
• @​ethaizone made their first contribution in klauspost/compress#1124
• @​zwass made their first contribution in klauspost/compress#1125

Full Changelog: klauspost/compress@v1.18.2...v1.18.4

Commits

• c03560f zstd: Add ResetWithOptions to encoder/decoder (#1122)
• 0874ab8 build(deps): bump the github-actions group with 3 updates (#1126)
• 4a36836 doc: Clarify documentation in readme (#1125)
• 4309644 zstd: document concurrency option handling in encoder (#1124)
• c262ec6 Update README.md
• 861ca97 Downstream CVE-2025-61728 (#1123)
• 03de960 gzhttp: Add zstandard to server handler wrapper (#1121)
• bb1ab3b build(deps): bump the github-actions group with 2 updates (#1120)
• 986a51e fix(gzhttp): preserve qvalue when extra parameters follow in Accept-Encoding ...
• fbe3b12 build(deps): bump the github-actions group with 3 updates (#1118)
• Additional commits viewable in compare view

Updates github.com/containerd/stargz-snapshotter/estargz from 0.18.1 to 0.18.2

Release notes

Sourced from github.com/containerd/stargz-snapshotter/estargz's releases.

v0.18.2

Notable Changes

• Fixed restart failure when kubeconfig-based authentication is enabled (#2217)
• Fixed the filesystem to display ".." and "." entries in directories (#2188)
• Allowed asynchronous prefetch via configurable threshold (#2216), thanks to @​wswsmao
• Allowed configuring the global request timeout duration (#2215), thanks to @​wswsmao
• Allowed optionally adding log file access information on first access (#2205), thanks to @​wswsmao
• Fixed ctr-remote's "-t" flag's not defined error when optimizing an image (#2186), thanks to @​bettermultiply
• Fixed ctr-remote's "--reuse" flag being ignored when "--no-optimize" is set (#2206), thanks to @​wswsmao
• Fixed passthrough mode to ensure closing fds (#2226), thanks to @​luochenglcs
• Fixed incorrect variable assign in the estargz lib (#2222), thanks to @​bettermultiply
• Fixed errors in k3s CI (#2207), thanks to @​wswsmao

Commits

• 3070538 Merge pull request #2231 from ktock/prepare-v0.18.2
• 3528ff6 Prepare for v0.18.2
• 26b36ca Merge pull request #2233 from ktock/dockerifle202602
• 812ba6c Dockerfile: bump up dependencies
• 78a117d Merge pull request #2230 from containerd/dependabot/go_modules/gomod-79093de63b
• 4c0f6a0 build(deps): bump the gomod group across 3 directories with 2 updates
• ee524fe Merge pull request #2227 from containerd/dependabot/go_modules/gomod-a2c59b68ad
• 4ba62f4 build(deps): bump github.com/sirupsen/logrus
• b4360b7 Merge pull request #2226 from luochenglcs/fix
• d6c57a3 Merge pull request #2205 from wswsmao/pathlog
• Additional commits viewable in compare view

Updates golang.org/x/sync from 0.19.0 to 0.20.0

Commits

• ec11c4a errgroup: fix a typo in the documentation
• 1a58307 all: modernize interface{} -> any
• 3172ca5 all: upgrade go directive to at least 1.25.0 [generated]
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[cloudflare-workers-and-pages]

Deploying with    Cloudflare Workers

The latest updates on your project. Learn more about integrating Git with Workers.

Status	Name	Latest Commit	Preview URL	Updated (UTC)
✅ Deployment successful! View logs	blob	a3d946e	Commit Preview URL Branch Preview URL	Mar 09 2026, 09:45 AM

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.