Bump the go-deps group across 1 directory with 8 updates

[dependabot]

Bumps the go-deps group with 8 updates in the / directory:

Package	From	To
github.com/cyphar/filepath-securejoin	0.6.0	0.6.1
github.com/fluxcd/pkg/apis/meta	1.23.0	1.24.0
github.com/fluxcd/pkg/auth	0.33.0	0.34.0
github.com/fluxcd/pkg/runtime	0.90.0	0.93.0
github.com/go-git/go-billy/v5	5.6.2	5.7.0
github.com/go-git/go-git/v5	5.16.3	5.16.4
github.com/google/go-containerregistry	0.20.6	0.20.7
github.com/onsi/gomega	1.38.2	1.38.3

Updates github.com/cyphar/filepath-securejoin from 0.6.0 to 0.6.1

Changelog

Sourced from github.com/cyphar/filepath-securejoin's changelog.

[0.6.1] - 2025-11-19

At last up jumped the cunning spider, and fiercely held her fast.

Fixed

• Our logic for deciding whether to use openat2(2) or fallback to an O_PATH resolver would cache the result to avoid doing needless test runs of openat2(2). However, this causes issues when pathrs-lite is being used by a program that applies new seccomp-bpf filters onto itself -- if the filter denies openat2(2) then we would return that error rather than falling back to the O_PATH resolver. To resolve this issue, we no longer cache the result if openat2(2) was successful, only if there was an error.
• A file descriptor leak in our openat2 wrapper (when doing the necessary dup for RESOLVE_IN_ROOT) has been removed.

[0.5.2] - 2025-11-19

"Will you walk into my parlour?" said a spider to a fly.

Fixed

• Our logic for deciding whether to use openat2(2) or fallback to an O_PATH resolver would cache the result to avoid doing needless test runs of openat2(2). However, this causes issues when pathrs-lite is being used by a program that applies new seccomp-bpf filters onto itself -- if the filter denies openat2(2) then we would return that error rather than falling back to the O_PATH resolver. To resolve this issue, we no longer cache the result if openat2(2) was successful, only if there was an error.
• A file descriptor leak in our openat2 wrapper (when doing the necessary dup for RESOLVE_IN_ROOT) has been removed.

Commits

• 9c4135b VERSION: release 0.6.1
• d952bef merge v0.5.x branch into main
• deb72a4 CHANGELOG: fix unreleased links
• 336bf8f merge #87 into cyphar/filepath-securejoin:v0.5.x
• 23c6e21 VERSION: back to development
• 6311ca8 VERSION: release v0.5.2
• 91da803 merge #86 into cyphar/filepath-securejoin:v0.5.x
• 4dbce7c gopathrs: close the fd after dup in openat2
• 1eaadd6 merge #85 into cyphar/filepath-securejoin:main
• c1c2a53 gopathrs: close the fd after dup in openat2
• Additional commits viewable in compare view

Updates github.com/fluxcd/pkg/apis/meta from 1.23.0 to 1.24.0

Commits

• f3c7b60 Merge pull request #1042 from fluxcd/add-queue
• 9b058c8 Prepare for release
• 4f7f34b runtime/controller: add support for detecting enqueue events while reconciling
• 22fc427 Merge pull request #1060 from arvatoaws-labs/main
• aa1f17c feat: add support for aws eusc domain
• a65ff96 Merge pull request #1059 from fluxcd/improve-job-kstatus
• 077fa74 runtime/statusreaders: improve Job status reader
• cac5502 Merge pull request #1054 from cappyzawa/proxy-url-validation
• e4755ca Prepare for release
• 8a1b950 runtime/secrets: validate proxy URL scheme and length
• Additional commits viewable in compare view

Updates github.com/fluxcd/pkg/auth from 0.33.0 to 0.34.0

Commits

• c866cff Merge pull request #980 from fluxcd/fix-typo
• 72ea7ac github: Remove redundant options
• 66a0184 Merge pull request #979 from fluxcd/preview-release
• e9a43c6 Add Preview Release workflow
• 6d798f4 Merge pull request #960 from fluxcd/restconfig
• 8bef64b [RFC-0010] Introduce authentication for clusters
• 97cc6ae Merge pull request #978 from fluxcd/make-sops-secret
• e4649ae runtime/secrets: Add MakeSOPSSecret
• 5d6f266 Merge pull request #977 from fluxcd/set-secret-gvk
• 5aaefdf runtime/secrets: Set GVK on generated secrets
• Additional commits viewable in compare view

Updates github.com/fluxcd/pkg/runtime from 0.90.0 to 0.93.0

Commits

• f3c7b60 Merge pull request #1042 from fluxcd/add-queue
• 9b058c8 Prepare for release
• 4f7f34b runtime/controller: add support for detecting enqueue events while reconciling
• 22fc427 Merge pull request #1060 from arvatoaws-labs/main
• aa1f17c feat: add support for aws eusc domain
• a65ff96 Merge pull request #1059 from fluxcd/improve-job-kstatus
• 077fa74 runtime/statusreaders: improve Job status reader
• cac5502 Merge pull request #1054 from cappyzawa/proxy-url-validation
• e4755ca Prepare for release
• 8a1b950 runtime/secrets: validate proxy URL scheme and length
• Additional commits viewable in compare view

Updates github.com/go-git/go-billy/v5 from 5.6.2 to 5.7.0

Release notes

Sourced from github.com/go-git/go-billy/v5's releases.

v5.7.0

What's Changed

• Add support for Chmod on billy.Filesystem by @​bitfehler in go-git/go-billy#171
• build: Update module golang.org/x/net to v0.38.0 [SECURITY] (releases/v5.x) by @​go-git-renovate[bot] in go-git/go-billy#177

Full Changelog: go-git/go-billy@v5.6.2...v5.7.0

Commits

• cc50ee7 Merge pull request #177 from go-git/renovate/releases/v5.x-go-golang.org-x-ne...
• c3a9003 build: Update module golang.org/x/net to v0.38.0 [SECURITY]
• 9263834 Merge pull request #171 from bitfehler/releases/v5.x
• 94b84fc Add support for Chmod on billy.Filesystem
• See full diff in compare view

Updates github.com/go-git/go-git/v5 from 5.16.3 to 5.16.4

Release notes

Sourced from github.com/go-git/go-git/v5's releases.

v5.16.4

What's Changed

• backport plumbing: format/idxfile, prevent panic by @​swills in go-git/go-git#1732
• [backport] build: test, Fix build on Windows. by @​pjbgf in go-git/go-git#1734
• build: Update module golang.org/x/net to v0.38.0 [SECURITY] (releases/v5.x) by @​go-git-renovate[bot] in go-git/go-git#1742
• build: Update module github.com/cloudflare/circl to v1.6.1 [SECURITY] (releases/v5.x) by @​go-git-renovate[bot] in go-git/go-git#1741
• build: Update module github.com/go-git/go-git/v5 to v5.13.0 [SECURITY] (releases/v5.x) by @​go-git-renovate[bot] in go-git/go-git#1743

Full Changelog: go-git/go-git@v5.16.3...v5.16.4

Commits

• de8ecc3 Merge pull request #1743 from go-git/renovate/releases/v5.x-go-github.com-go-...
• 3e752f0 build: Update module github.com/go-git/go-git/v5 to v5.13.0 [SECURITY]
• 3a31754 Merge pull request #1741 from go-git/renovate/releases/v5.x-go-github.com-clo...
• acc28f1 build: Update module github.com/cloudflare/circl to v1.6.1 [SECURITY]
• 95f3880 Merge pull request #1742 from go-git/renovate/releases/v5.x-go-golang.org-x-n...
• 329f926 build: Update module golang.org/x/net to v0.38.0 [SECURITY]
• 399e04b Merge pull request #1734 from pjbgf/fix-ci
• 2025eae build: test, Fix build on Windows.
• fb6806f Merge pull request #1732 from swills/find-hash-panic-fix-backport
• 382530f plumbing: format/idxfile, prevent panic
• See full diff in compare view

Updates github.com/google/go-containerregistry from 0.20.6 to 0.20.7

Release notes

Sourced from github.com/google/go-containerregistry's releases.

v0.20.7

What's Changed

• Fix ArgsEscaped lint directive by @​Subserial in google/go-containerregistry#2137
• transport: Fix broken links to distribution docs by @​guzalv in google/go-containerregistry#2136
• fix(remote): using customized retry predicate func if provided by @​derekhjray in google/go-containerregistry#2135
• Adding docker file by @​HassanJasim in google/go-containerregistry#2138
• crane: Add timestamp to flatten layer by @​Stephanie0829 in google/go-containerregistry#2117
• feat(remote): pass retryBackoff option to transport by @​aslafy-z in google/go-containerregistry#1628
• Expose clobber refusal error by @​pjbgf in google/go-containerregistry#2146
• Build artifacts for riscv64 by @​ffgan in google/go-containerregistry#2159
• Update dependencies and deprecate DockerVersion field by @​Subserial in google/go-containerregistry#2164

New Contributors

• @​guzalv made their first contribution in google/go-containerregistry#2136
• @​derekhjray made their first contribution in google/go-containerregistry#2135
• @​HassanJasim made their first contribution in google/go-containerregistry#2138
• @​Stephanie0829 made their first contribution in google/go-containerregistry#2117
• @​pjbgf made their first contribution in google/go-containerregistry#2146
• @​ffgan made their first contribution in google/go-containerregistry#2159

Full Changelog: google/go-containerregistry@v0.20.6...v0.20.7

Commits

• e075f20 go mod tidy on dependabot update (#2171)
• 45aacf4 Bump the actions group across 1 directory with 3 updates (#2170)
• 073b936 Update dependencies and deprecate DockerVersion field (#2164)
• 390dacd Bump golang.org/x/crypto from 0.38.0 to 0.45.0 in /cmd/krane (#2163)
• ca44d47 Bump golang.org/x/crypto from 0.38.0 to 0.45.0 in /pkg/authn/k8schain (#2162)
• 999cc1f Bump github.com/docker/docker (#2161)
• d1809c8 Build artifacts for riscv64 (#2159)
• 7471efd Bump the auxiliary-deps group across 3 directories with 4 updates (#2156)
• 2bb5bb0 Bump the actions group with 5 updates (#2155)
• 16371c1 Remove manual vendor setting for dependabot (#2151)
• Additional commits viewable in compare view

Updates github.com/onsi/gomega from 1.38.2 to 1.38.3

Release notes

Sourced from github.com/onsi/gomega's releases.

v1.38.3

1.38.3

Fixes

make string formatitng more consistent for users who use format.Object directly

Changelog

Sourced from github.com/onsi/gomega's changelog.

1.38.3

Fixes

make string formatitng more consistent for users who use format.Object directly

Commits

• a3ca2ca v1.38.3
• 4dada36 fix failing have http tests
• d40c691 make string formatitng more consistent for users who use format.Object directly
• 2a37b46 doc: fix typos
• ee26170 docs: fix HaveValue example
• cc85c05 Bump actions/setup-go from 5 to 6 (#866)
• 8905788 Bump github.com/onsi/ginkgo/v2 from 2.25.1 to 2.25.3 (#865)
• 67552c5 chore: apply fixes from Go modernize command
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions