chore(deps): bump github.com/go-git/go-git/v6 from 6.0.0-alpha.2 to 6.0.0-alpha.4 by dependabot[bot] · Pull Request #5885 · flipt-io/flipt

dependabot · 2026-05-19T15:26:41Z

Bumps github.com/go-git/go-git/v6 from 6.0.0-alpha.2 to 6.0.0-alpha.4.

Release notes

Sourced from github.com/go-git/go-git/v6's releases.

v6.0.0-alpha.4

What's Changed

plumbing: transport/ssh, Shell-quote path and args by @hiddeco in go-git/go-git#2067

git: submodule, canonical remote for relative URLs by @hiddeco in go-git/go-git#2071

storage: filesystem, Use repository object format for writing loose objects by @pjbgf in go-git/go-git#2073

git: submodule, error on remote without URLs by @hiddeco in go-git/go-git#2076

plumbing: objfile, Pass object format into Reader by @pjbgf in go-git/go-git#2077

git: submodule, Add relative URL regression tests by @hiddeco in go-git/go-git#2072

plumbing: format/idxfile, Validate offset64 indices by @hiddeco in go-git/go-git#2083

storage: filesystem, Search alternates in HashesWithPrefix by @andrew in go-git/go-git#2087

*: Reject malformed variable-length integers by @hiddeco in go-git/go-git#2090

Add worktreeFilesystem wrapper for worktree by @pjbgf in go-git/go-git#2081

tests: fix three recurring CI flakes by @hiddeco in go-git/go-git#2093

plumbing: format/packfile, Test patchDeltaWriter cap by @hiddeco in go-git/go-git#2086

plumbing: format/packfile, Tighten delta validation by @hiddeco in go-git/go-git#2089

git: worktree path hardening by @hiddeco in go-git/go-git#2097

build: Update module github.com/go-git/go-git-fixtures/v6 to v6.0.0-20260502205956-66bffbe5a6ff (main) by @go-git-renovate[bot] in go-git/go-git#2102

build: Update golang (main) by @go-git-renovate[bot] in go-git/go-git#2099

config: validate submodule names by @hiddeco in go-git/go-git#2079

build: Update go-git (main) by @go-git-renovate[bot] in go-git/go-git#2103

worktree: skip ignored directories during Reset walk by @Soph in go-git/go-git#2075

plumbing: format/pktline, validate reader/writer inputs by @pjbgf in go-git/go-git#2104

build: Update module github.com/go-git/go-git-fixtures/v6 to v6.0.0-alpha.1 (main) by @go-git-renovate[bot] in go-git/go-git#2110

plumbing: object, tree entry validation by @hiddeco in go-git/go-git#2105

git: Stop validating symlink target paths by @pjbgf in go-git/go-git#2114

git: Allow MkdirAll on worktree-root paths by @hiddeco in go-git/go-git#2115

git: add repository and remote archive support by @aymanbagabas in go-git/go-git#2013

Fix file handle leaks by calling Repository.Close() and adding transactional.Storage.Close() by @AriehSchneier in go-git/go-git#1999

plumbing: fuzz on-disk format decoders by @hiddeco in go-git/go-git#2120

plumbing: format decoder input bounds and contracts by @hiddeco in go-git/go-git#2119

plumbing: fuzz packp and capability decoders by @hiddeco in go-git/go-git#2121

storage: dotgit, fix hasIncomingObjects race by @hiddeco in go-git/go-git#2131

plumbing: format/packfile, use ReadAt in FSObject.Reader() for concurrency safety. by @cedric-appdirect in go-git/go-git#1998

plumbing: format/packfile, harden malformed pack handling by @pjbgf in go-git/go-git#2113

New Contributors

@andrew made their first contribution in go-git/go-git#2087

Full Changelog: go-git/go-git@v6.0.0-alpha.3...v6.0.0-alpha.4

v6.0.0-alpha.3

What's Changed

plumbing: transport, add git-upload-archive support by @aymanbagabas in go-git/go-git#1986

utils: sync, Make zlib compression pluggable via x/plugin by @stiak in go-git/go-git#2012

build: establish DCO sign-off requirement for all contributions by @pjbgf in go-git/go-git#1914

docs: update CONTRIBUTING.md, README.md and add HISTORY.md by @pjbgf in go-git/go-git#1946

storage: filesystem, close packfile iterators after use by @aymanbagabas in go-git/go-git#2027

Add .github/copilot-instructions.md with PR review guidelines by @Copilot in go-git/go-git#2040

docs: update comment to reflect support for the last 2 stable Go versions by @alexandear in go-git/go-git#2041

*: clone, resolve relative local URLs against CWD in CloneOptions.Validate by @AriehSchneier in go-git/go-git#1891

... (truncated)

Commits

d9a6983 Merge pull request #2113 from go-git/validation2
f7d8537 Merge pull request #1998 from cedric-appdirect/fsobject-readerat
b3850af plumbing: format/packfile, cap delta chain depth in parser
5be028f plumbing: format/packfile, surface scanner errors in headerFromOffset
04aef2c plumbing: reject reserved object type in Valid
0d8b719 plumbing: format/packfile, propagate objectFromHeader errors in iter
7069092 Merge pull request #2131 from hiddeco/dotgit-incoming-race
8ab1a10 storage: dotgit, fix hasIncomingObjects race
41ab5f4 Merge pull request #2121 from hiddeco/protocol-fuzz-harnesses
d4d24cb Merge pull request #2119 from hiddeco/format-input-bounds
Additional commits viewable in compare view

codecov · 2026-05-19T15:34:32Z

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 34.51%. Comparing base (43026c5) to head (4646273).
⚠️ Report is 1 commits behind head on v2.

❗ There is a different number of reports uploaded between BASE (43026c5) and HEAD (4646273). Click for more details.

HEAD has 1 upload less than BASE

Flag BASE (43026c5) HEAD (4646273)

unittests 1 0

Additional details and impacted files

@@             Coverage Diff             @@
##               v2    #5885       +/-   ##
===========================================
- Coverage   61.33%   34.51%   -26.82%     
===========================================
  Files         141      133        -8     
  Lines       14211    13709      -502     
===========================================
- Hits         8716     4732     -3984     
- Misses       4767     8370     +3603     
+ Partials      728      607      -121

Flag	Coverage Δ
integrationtests	`34.51% <ø> (-0.06%)`	⬇️
unittests	`?`

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

kodiakhq · 2026-05-25T03:01:56Z

This PR currently has a merge conflict. Please resolve this and then re-add the automerge label.

Bumps [github.com/go-git/go-git/v6](https://github.com/go-git/go-git) from 6.0.0-alpha.2 to 6.0.0-alpha.4. - [Release notes](https://github.com/go-git/go-git/releases) - [Changelog](https://github.com/go-git/go-git/blob/main/HISTORY.md) - [Commits](go-git/go-git@v6.0.0-alpha.2...v6.0.0-alpha.4) --- updated-dependencies: - dependency-name: github.com/go-git/go-git/v6 dependency-version: 6.0.0-alpha.4 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot Bot added the automerge Used by Kodiak bot to automerge PRs label May 19, 2026

dependabot Bot requested a review from a team as a code owner May 19, 2026 15:26

dependabot Bot added dependencies Pull requests that update a dependency file go labels May 19, 2026

dependabot Bot mentioned this pull request May 19, 2026

chore(deps): bump github.com/go-git/go-git/v6 from 6.0.0-alpha.2 to 6.0.0-alpha.3 #5854

Closed

kodiakhq Bot approved these changes May 19, 2026

View reviewed changes

dosubot Bot added the size:S This PR changes 10-29 lines, ignoring generated files. label May 19, 2026

kodiakhq Bot removed the automerge Used by Kodiak bot to automerge PRs label May 25, 2026

dependabot Bot force-pushed the dependabot/go_modules/github.com/go-git/go-git/v6-6.0.0-alpha.4 branch from 861b080 to dde04a2 Compare May 25, 2026 03:06

dosubot Bot added size:XS This PR changes 0-9 lines, ignoring generated files. and removed size:S This PR changes 10-29 lines, ignoring generated files. labels May 25, 2026

dependabot Bot force-pushed the dependabot/go_modules/github.com/go-git/go-git/v6-6.0.0-alpha.4 branch from dde04a2 to 62c936e Compare June 1, 2026 04:38

dependabot Bot force-pushed the dependabot/go_modules/github.com/go-git/go-git/v6-6.0.0-alpha.4 branch from 62c936e to 4646273 Compare June 1, 2026 16:54

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

chore(deps): bump github.com/go-git/go-git/v6 from 6.0.0-alpha.2 to 6.0.0-alpha.4#5885

chore(deps): bump github.com/go-git/go-git/v6 from 6.0.0-alpha.2 to 6.0.0-alpha.4#5885
dependabot[bot] wants to merge 1 commit into
v2from
dependabot/go_modules/github.com/go-git/go-git/v6-6.0.0-alpha.4

dependabot Bot commented on behalf of github May 19, 2026 •

edited

Loading

Uh oh!

codecov Bot commented May 19, 2026 •

edited

Loading

Uh oh!

kodiakhq Bot commented May 25, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Uh oh!

Conversation

dependabot Bot commented on behalf of github May 19, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

v6.0.0-alpha.4

What's Changed

New Contributors

v6.0.0-alpha.3

What's Changed

Uh oh!

codecov Bot commented May 19, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Codecov Report

Uh oh!

kodiakhq Bot commented May 25, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

dependabot Bot commented on behalf of github May 19, 2026 •

edited

Loading

codecov Bot commented May 19, 2026 •

edited

Loading