Skip to content

build(deps): bump the chainguard group across 1 directory with 4 updates #1861

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
dependabot wants to merge 1 commit into
base: main
Choose a base branch
from
Open

build(deps): bump the chainguard group across 1 directory with 4 updates #1861

dependabot wants to merge 1 commit into from
+42 −42

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Feb 4, 2026
edited
Loading

Bumps the chainguard group with 4 updates in the / directory: chainguard.dev/apko, chainguard.dev/melange, github.com/chainguard-dev/yam and github.com/chainguard-dev/advisory-schema.

Updates chainguard.dev/apko from 1.1.3 to 1.1.4

Release notes

Sourced from chainguard.dev/apko's releases.

Release v1.1.4

Changelog

  • 0387ed17e521d80481cedef413ca85333399475a fix(spdx): Only warn when the same LicenseIDs have different text (#2053)
Commits

Updates chainguard.dev/melange from 0.40.2 to 0.40.4

Release notes

Sourced from chainguard.dev/melange's releases.

Release v0.40.4

What's Changed

Full Changelog: chainguard-dev/melange@v0.40.3...v0.40.4

Release v0.40.3

What's Changed

Full Changelog: chainguard-dev/melange@v0.40.2...v0.40.3

Commits
  • d3bebaf build(deps): bump chainguard.dev/apko in the gomod group (#2321)
  • ebcf6f6 Revert "fix: add and leverage helper functions for [safely] setting capacity ...
  • bd13253 Merge commit from fork
  • acdbc00 bump apko dependency to v1.1.0 (#2319)
  • ae3c12f fix: add and leverage helper functions for [safely] setting capacity (#2318)
  • 2f95c9f Merge commit from fork
  • 0ea1438 chore: fix linting issues; update golangci-lint and address findings (#2317)
  • bcb8142 Improve kernel SCA to handle raspberry pi images (#2315)
  • d1de42c Merge commit from fork
  • 6e243d0 Merge commit from fork
  • Additional commits viewable in compare view

Updates github.com/chainguard-dev/yam from 0.2.46 to 0.2.47

Commits
  • 2da8b1a build(deps): bump chainguard-dev/actions from 1.5.12 to 1.5.13 (#179)
  • 19f02f1 build(deps): bump step-security/harden-runner from 2.14.0 to 2.14.1 (#178)
  • See full diff in compare view

Updates github.com/chainguard-dev/advisory-schema from 0.37.34 to 0.37.35

Commits
  • 4cf5e5e build(deps): bump github.com/chainguard-dev/yam in the all group (#117)
  • c4e11a2 build(deps): bump chainguard-dev/actions from 1.5.13 to 1.5.14 (#118)
  • See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Feb 4, 2026
@dependabot
build(deps): bump the chainguard group across 1 directory with 4 updates
8b826ed 
Bumps the chainguard group with 4 updates in the / directory: [chainguard.dev/apko](https://github.com/chainguard-dev/apko), [chainguard.dev/melange](https://github.com/chainguard-dev/melange), [github.com/chainguard-dev/yam](https://github.com/chainguard-dev/yam) and [github.com/chainguard-dev/advisory-schema](https://github.com/chainguard-dev/advisory-schema).


Updates `chainguard.dev/apko` from 1.1.3 to 1.1.4
- [Release notes](https://github.com/chainguard-dev/apko/releases)
- [Changelog](https://github.com/chainguard-dev/apko/blob/main/NEWS.md)
- [Commits](chainguard-dev/apko@v1.1.3...v1.1.4)

Updates `chainguard.dev/melange` from 0.40.2 to 0.40.4
- [Release notes](https://github.com/chainguard-dev/melange/releases)
- [Changelog](https://github.com/chainguard-dev/melange/blob/main/NEWS.md)
- [Commits](chainguard-dev/melange@v0.40.2...v0.40.4)

Updates `github.com/chainguard-dev/yam` from 0.2.46 to 0.2.47
- [Commits](chainguard-dev/yam@v0.2.46...v0.2.47)

Updates `github.com/chainguard-dev/advisory-schema` from 0.37.34 to 0.37.35
- [Commits](chainguard-dev/advisory-schema@v0.37.34...v0.37.35)

---
updated-dependencies:
- dependency-name: chainguard.dev/apko
  dependency-version: 1.1.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: chainguard
- dependency-name: chainguard.dev/melange
  dependency-version: 0.40.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: chainguard
- dependency-name: github.com/chainguard-dev/yam
  dependency-version: 0.2.47
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: chainguard
- dependency-name: github.com/chainguard-dev/advisory-schema
  dependency-version: 0.37.35
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: chainguard
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot force-pushed the dependabot/go_modules/chainguard-3cc6b29841 branch from 70fe21e to 8b826ed Compare February 10, 2026 08:53
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file go Pull requests that update Go code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants