Sourced from github.com/go-git/go-billy/v5's releases.

v5.8.0

What's Changed

• build: Update module golang.org/x/net to v0.45.0 [SECURITY] (releases/v5.x) by @​go-git-renovate[bot] in go-git/go-billy#183
• v5: Ensure Chmod behaviour across BoundOS and ChrootOS by @​pjbgf in go-git/go-billy#187

Full Changelog: go-git/go-billy@v5.7.0...v5.8.0

v5.7.0

What's Changed

• Add support for Chmod on billy.Filesystem by @​bitfehler in go-git/go-billy#171
• build: Update module golang.org/x/net to v0.38.0 [SECURITY] (releases/v5.x) by @​go-git-renovate[bot] in go-git/go-billy#177

Full Changelog: go-git/go-billy@v5.6.2...v5.7.0

• 8662784 Merge pull request #187 from pjbgf/windows-rename
• f387d62 build: Update test workflow to rely on oldstable/stable
• 915dae9 polyfill: Add support for Chmod
• f3d5600 osfs: Create dir for BoundOS Tempfiles
• 247a741 Merge pull request #183 from go-git/renovate/releases/v5.x-go-golang.org-x-ne...
• 1c0c9d5 build: Update module golang.org/x/net to v0.45.0 [SECURITY]
• cc50ee7 Merge pull request #177 from go-git/renovate/releases/v5.x-go-golang.org-x-ne...
• c3a9003 build: Update module golang.org/x/net to v0.38.0 [SECURITY]
• 9263834 Merge pull request #171 from bitfehler/releases/v5.x
• 94b84fc Add support for Chmod on billy.Filesystem
• See full diff in compare view

Sourced from github.com/go-git/go-git/v5's releases.

v5.17.0

What's Changed

• build: Update module github.com/go-git/go-git/v5 to v5.16.5 [SECURITY] (releases/v5.x) by @​go-git-renovate[bot] in go-git/go-git#1839
• git: worktree, optimize infiles function for very large repos by @​k-anshul in go-git/go-git#1853
• git: Add strict checks for supported extensions by @​pjbgf in go-git/go-git#1861
• backport, git: Improve Status() speed with new index.ModTime check by @​cedric-appdirect in go-git/go-git#1862
• storage: filesystem, Avoid overwriting loose obj files by @​pjbgf in go-git/go-git#1864

Full Changelog: go-git/go-git@v5.16.5...v5.17.0

• bdf0688 Merge pull request #1864 from pjbgf/v5-issue-55
• 5290e52 storage: filesystem, Avoid overwriting loose obj files. Fixes #55
• 5d20a62 storage: filesystem, Fix permissions for loose and packed objs
• 8ed442c backport, git: Improve Status() speed with new index.ModTime check (#1862)
• c7b5960 build: Align test workflow with main
• 8e71edf git: Add strict checks for supported extensions
• 438a37f git: worktree, optimize infiles function for very large repos (#1853)
• 67c7006 Merge pull request #1839 from go-git/renovate/releases/v5.x-go-github.com-go-...
• 4ca3f02 build: Update module github.com/go-git/go-git/v5 to v5.16.5 [SECURITY]
• See full diff in compare view

Sourced from github.com/rhysd/actionlint's releases.

v1.7.11

• Support the case() function in ${{ }} expressions which was recently added to GitHub Actions. (#612, #614, thanks @​heppu)

  env:
    # ERROR: case() requires an odd number of arguments
    ENVIRONMENT: |-
      ${{ case(
        github.ref == 'refs/heads/main', 'production',
        github.ref == 'refs/heads/staging', 'staging'
      ) }}

• Support new macos-26-large and windows-2025-vs2026 runner labels. See the GitHub's announce for more details. (#615, thanks @​hugovk and @​muzimuzhi)
• Enable Artifact attestations for the released binaries. From v1.7.11 gh command can verify the integrity of the downloaded binaries as follows. The verification is highly recommended in terms of supply chain security. (#608, thanks @​takaram)

  $ gh release download --repo rhysd/actionlint --pattern '*_darwin_amd64.tar.gz' v1.7.11
  $ gh attestation verify --repo rhysd/actionlint actionlint_1.7.11_darwin_amd64.tar.gz
  Loaded digest sha256:17ffc17fed8f0258ef6ad4aed932d3272464c7ef7d64e1cb0d65aa97c9752107 for file://actionlint_1.7.11_darwin_amd64.tar.gz
  Loaded 1 attestation from GitHub API
  The following policy criteria will be enforced:
  
  Predicate type must match:................ https://slsa.dev/provenance/v1
  Source Repository Owner URI must match:... https://github.com/rhysd
  Source Repository URI must match:......... https://github.com/rhysd/actionlint
  Subject Alternative Name must match regex: (?i)^https://github.com/rhysd/actionlint/
  OIDC Issuer must match:................... https://token.actions.githubusercontent.com
  
  ✓ Verification succeeded!
  The following 1 attestation matched the policy criteria
  
  Attestation #1
  
  Build repo:..... rhysd/actionlint
  Build workflow:. .github/workflows/release.yaml@refs/tags/v1.7.11
  Signer repo:.... rhysd/actionlint
  Signer workflow: .github/workflows/release.yaml@refs/tags/v1.7.11

Report path filters with ./ as error because they never match anything. (#521)

on:
  push:
    paths:
      # ERROR: This never matches anything. `foo/bar.txt` is correct.
      - ./foo/bar.txt

Fix comparing matrix items when an item is a super set of another item. (#523, #613, thanks @​michaelgruenewald)

Fix stack overflow crash by a recursive anchor in matrix items. (#610)

Fix an unassigned variable false positive from shellcheck by disabling SC2153 rule. (#573)

Reduce the number of memory allocations on resolving anchors.

Update the popular actions data set to the latest.

Update Go dependencies to the latest.

... (truncated)

Sourced from github.com/rhysd/actionlint's changelog.

v1.7.11 - 2026-02-14

• Support the case() function in ${{ }} expressions which was recently added to GitHub Actions. (#612, #614, thanks @​heppu)

  env:
    # ERROR: case() requires an odd number of arguments
    ENVIRONMENT: |-
      ${{ case(
        github.ref == 'refs/heads/main', 'production',
        github.ref == 'refs/heads/staging', 'staging'
      ) }}

• Support new macos-26-large and windows-2025-vs2026 runner labels. See the GitHub's announce for more details. (#615, thanks @​hugovk and @​muzimuzhi)
• Enable Artifact attestations for the released binaries. From v1.7.11 gh command can verify the integrity of the downloaded binaries as follows. The verification is highly recommended in terms of supply chain security. (#608, thanks @​takaram)

  $ gh release download --repo rhysd/actionlint --pattern '*_darwin_amd64.tar.gz' v1.7.11
  $ gh attestation verify --repo rhysd/actionlint actionlint_1.7.11_darwin_amd64.tar.gz
  Loaded digest sha256:17ffc17fed8f0258ef6ad4aed932d3272464c7ef7d64e1cb0d65aa97c9752107 for file://actionlint_1.7.11_darwin_amd64.tar.gz
  Loaded 1 attestation from GitHub API
  The following policy criteria will be enforced:
  
  Predicate type must match:................ https://slsa.dev/provenance/v1
  Source Repository Owner URI must match:... https://github.com/rhysd
  Source Repository URI must match:......... https://github.com/rhysd/actionlint
  Subject Alternative Name must match regex: (?i)^https://github.com/rhysd/actionlint/
  OIDC Issuer must match:................... https://token.actions.githubusercontent.com
  
  ✓ Verification succeeded!
  The following 1 attestation matched the policy criteria
  
  Attestation #1
  
  Build repo:..... rhysd/actionlint
  Build workflow:. .github/workflows/release.yaml@refs/tags/v1.7.11
  Signer repo:.... rhysd/actionlint
  Signer workflow: .github/workflows/release.yaml@refs/tags/v1.7.11

Report path filters with ./ because they never match anything. (#521)

on:
  push:
    paths:
      # ERROR: This never matches anything. `foo/bar.txt` is correct.
      - ./foo/bar.txt

Fix comparing matrix items when an item is a super set of another item. (#523, #613, thanks @​michaelgruenewald)

Fix stack overflow crash by a recursive anchor in matrix items. (#610)

Fix a unassigned variable false positive from shellcheck by disabling SC2153 rule. (#573)

Reduce the number of memory allocations on resolving anchors.

Update the popular actions data set to the latest.

... (truncated)

• 393031a bump up version to v1.7.11
• 63589e8 add link to the release note of the version in playground heading
• 58a2626 remove legacy Homebrew formula
• d22c104 fix test script for download script to check error case failures
• 50d2134 describe how to download and verify artifact using gh (fix #617)
• 226bb4a update playground npm deps including jsdom v28
• 1e85edb disable SC2153 shellcheck rule to avoid unassigned variable false positive (f...
• 8776d64 Merge pull request #619 from takaram/patch-1
• e3eb8cb reduce memory allocations on resolving anchors
• db08cec Fix variable name in release workflow
• Additional commits viewable in compare view

Sourced from github.com/sirupsen/logrus's releases.

v1.9.4

Notable changes

• go.mod: update minimum supported go version to v1.17 sirupsen/logrus#1460
• go.mod: bump up dependencies sirupsen/logrus#1460
• Touch-up godoc and add "doc" links.
• README: fix links, grammar, and update examples.
• Add GNU/Hurd support sirupsen/logrus#1364
• Add WASI wasip1 support sirupsen/logrus#1388
• Remove uses of deprecated ioutil package sirupsen/logrus#1472
• CI: update actions and golangci-lint sirupsen/logrus#1459
• CI: remove appveyor, add macOS sirupsen/logrus#1460

Full Changelog: sirupsen/logrus@v1.9.3...v1.9.4

Sourced from github.com/sirupsen/logrus's changelog.

1.9.4

Fixes:

• Remove uses of deprecated ioutil package

Features:

• Add GNU/Hurd support
• Add WASI wasip1 support

Code quality:

• Update minimum supported Go version to 1.17
• Documentation updates

• b61f268 Merge pull request #1472 from goldlinker/master
• 15c29db refactor: replace the deprecated function in the ioutil package
• cb253f3 Merge pull request #1464 from thaJeztah/touchup_godoc
• 29b2337 Merge pull request #1468 from thaJeztah/touchup_readme
• d916819 Merge pull request #1427 from dolmen/fix-testify-usage
• 135e482 README: small touch-ups
• 2c5fa36 Merge pull request #1467 from thaJeztah/rm_old_badge
• 877ecec README: remove travis badge
• 55cf256 Merge pull request #1393 from jsoref/grammar
• 21bae50 Merge pull request #1426 from dolmen/testing-fix-use-of-math-rand
• Additional commits viewable in compare view

Sourced from github.com/spf13/cobra's releases.

v1.10.2

🔧 Dependencies

• chore: Migrate from gopkg.in/yaml.v3 to go.yaml.in/yaml/v3 by @​dims in spf13/cobra#2336 - the gopkg.in/yaml.v3 package has been deprecated for some time: this should significantly cleanup dependency/supply-chains for consumers of spf13/cobra

📈 CI/CD

• Fix linter and allow CI to pass by @​marckhouzam in spf13/cobra#2327
• fix: actions/setup-go v6 by @​jpmcb in spf13/cobra#2337

🔥✍🏼 Docs

• Add documentation for repeated flags functionality by @​rvergis in spf13/cobra#2316

🍂 Refactors

• refactor: replace several vars with consts by @​htoyoda18 in spf13/cobra#2328
• refactor: change minUsagePadding from var to const by @​ssam18 in spf13/cobra#2325

🤗 New Contributors

• @​rvergis made their first contribution in spf13/cobra#2316
• @​htoyoda18 made their first contribution in spf13/cobra#2328
• @​ssam18 made their first contribution in spf13/cobra#2325
• @​dims made their first contribution in spf13/cobra#2336

Full Changelog: spf13/cobra@v1.10.1...v1.10.2

Thank you to our amazing contributors!!!!! 🐍 🚀

• 88b30ab chore: Migrate from gopkg.in/yaml.v3 to go.yaml.in/yaml/v3 (#2336)
• 346d408 fix: actions/setup-go v6 (#2337)
• fc81d20 refactor: change minUsagePadding from var to const (#2325)
• 117698a refactor: replace several vars with consts (#2328)
• e2dd29d Add documentation for repeated flags functionality (#2316)
• 0629892 Fix linter (#2327)
• See full diff in compare view

Sourced from github.com/spf13/pflag's releases.

v1.0.10

What's Changed

• fix deprecation comment for (FlagSet.)ParseErrorsWhitelist by @​thaJeztah in spf13/pflag#447
• remove uses of errors.Is, which requires go1.13, move go1.16/go1.21 tests to separate file by @​thaJeztah in spf13/pflag#448

New Contributors

• @​thaJeztah made their first contribution in spf13/pflag#447

Full Changelog: spf13/pflag@v1.0.9...v1.0.10

• 0491e57 Merge pull request #448 from thaJeztah/fix_go_version
• 72abab1 Merge pull request #447 from thaJeztah/fix_deprecation_comment
• 7e4dfb1 Test on Go 1.12
• 18a9d17 move Func, BoolFunc, tests as they require go1.21
• c5b9e98 remove uses of errors.Is, which requires go1.13
• 45a4873 fix deprecation comment for (FlagSet.)ParseErrorsWhitelist
• See full diff in compare view

• 9d2dc07 go.mod: update golang.org/x dependencies
• d954e03 all: upgrade go directive to at least 1.25.0 [generated]
• 3aff304 go.mod: update golang.org/x dependencies
• a7e5b04 go.mod: update golang.org/x dependencies
• 943f25d x/term: handle transpose
• 9b991dd x/term: handle delete key
• See full diff in compare view

Sourced from github.com/golang-jwt/jwt/v5's releases.

v5.3.1

What's Changed

🔐 Features

• Add spellcheck Github action to catch common spelling mistakes by @​equalsgibson in golang-jwt/jwt#458
• Add WithNotBeforeRequired parser option and add test coverage by @​equalsgibson in golang-jwt/jwt#456
• Update godoc example func to properly refer to NewWithClaims() by @​equalsgibson in golang-jwt/jwt#459
• Update github workflows by @​mfridman in golang-jwt/jwt#462
• Additional test for CustomClaims that validates unmarshalling behaviour by @​equalsgibson in golang-jwt/jwt#457
• Fix early file close in jwt cli by @​mfridman in golang-jwt/jwt#472
• Add TPM signature reference by @​salrashid123 in golang-jwt/jwt#473
• Remove misleading ParserOptions documentation in golang-jwt/jwt#484
• Save signature to Token struct after successful signing by @​EgorSheff in golang-jwt/jwt#417
• Set token.Signature in ParseUnverified by @​slickwilli in golang-jwt/jwt#414

👒 Dependencies

• Bump crate-ci/typos from 1.34.0 to 1.35.3 by @​dependabot[bot] in golang-jwt/jwt#461
• Bump crate-ci/typos from 1.35.4 to 1.36.2 by @​dependabot[bot] in golang-jwt/jwt#470
• Bump github/codeql-action from 3 to 4 by @​dependabot[bot] in golang-jwt/jwt#478
• Bump crate-ci/typos from 1.36.2 to 1.39.0 by @​dependabot[bot] in golang-jwt/jwt#480
• Bump golangci/golangci-lint-action from 8 to 9 by @​dependabot[bot] in golang-jwt/jwt#481
• Bump actions/setup-go from 5 to 6 by @​dependabot[bot] in golang-jwt/jwt#469
• Bump crate-ci/typos from 1.39.0 to 1.40.0 by @​dependabot[bot] in golang-jwt/jwt#488
• Bump actions/checkout from 5 to 6 by @​dependabot[bot] in golang-jwt/jwt#487
• Bump crate-ci/typos from 1.40.0 to 1.41.0 by @​dependabot[bot] in golang-jwt/jwt#490
• Bump crate-ci/typos from 1.41.0 to 1.42.1 by @​dependabot[bot] in golang-jwt/jwt#492

New Contributors

• @​equalsgibson made their first contribution in golang-jwt/jwt#458
• @​salrashid123 made their first contribution in golang-jwt/jwt#473
• @​EgorSheff made their first contribution in golang-jwt/jwt#417
• @​slickwilli made their first contribution in golang-jwt/jwt#414

Full Changelog: golang-jwt/jwt@v5.3.0...v5.3.1

• 7ceae61 Add release.yml for changelog configuration
• dce8e4d Set token.Signature in ParseUnverified (#414)
• 8889e20 Save signature to Token struct after successful signing (#417)
• d237f82 ci: update github-actions schedule interval to monthly
• d8dce95 Bump crate-ci/typos from 1.41.0 to 1.42.1 (#492)
• e931803 Bump crate-ci/typos from 1.40.0 to 1.41.0 (#490)
• e6a0afa Bump actions/checkout from 5 to 6 (#487)
• 9f85c9e Bump crate-ci/typos from 1.39.0 to 1.40.0 (#488)
• 60a8669 Bump actions/setup-go from 5 to 6 (#469)
• 76f5828 Remove misleading ParserOptions documentation (#484)
• Additional commits viewable in compare view

Sourced from github.com/moby/go-archive's releases.

v0.2.0

What's Changed

• remove aliases for deprecated types and functions moby/go-archive#10
• chrootarchive: remove redundant "init" mitigation for CVE-2019-14271 moby/go-archive#11
• xattr: Fix OS matching moby/go-archive#20
• TestOverlayTarUntar: remove redundant cmpopts.EquateEmpty moby/go-archive#9
• go.mod: bump github.com/klauspost/compress v1.18.2 moby/go-archive#19
• gha: update actions moby/go-archive#18

Full Changelog: moby/go-archive@v0.1.0...v0.2.0

• 263611f Merge pull request #20 from thaJeztah/carry_17
• a1d4e73 Merge pull request #18 from thaJeztah/bump_gha
• da4e566 xattr: Fix OS matching.
• df87f45 Merge pull request #19 from thaJeztah/bump_deps
• 8996f22 gha: update CodeQL Action to v4
• 985c60f gha: codeql: use go stable
• 4752b25 gha: update actions/setup-go@v6
• 280f775 gha: update actions/checkout@v6
• 4c912d3 gha: update golangci/golangci-lint-action@v9
• 2cd730e go.mod: bump github.com/klauspost/compress v1.18.2
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions