chore(deps): bump the others group across 1 directory with 6 updates by dependabot[bot] · Pull Request #2540 · future-architect/vuls

dependabot · 2026-05-03T00:08:30Z

Test failed by packageurl-go v0.1.6. I left it as it is, v0.1.5, and defer updating.

  scanner/TestAnalyzeLibrary_Golden/juddiv3-war-3.3.5.war — single line diff againt golden:

  Got:  "purl": "pkg:maven/France%20Telecom%20R\u0026D/ASM@3.3.1"   ← raw `&`, JSON \u0026
  Want: "purl": "pkg:maven/France%20Telecom%20R%26D/ASM@3.3.1"      ← percent encoded

  change in upstream

  packageurl-go PR #86 (https://github.com/package-url/packageurl-go/pull/86) "Optimize parsing and serialization performance"
  ToString() has been rewritten, RFC 3986 sub-delims (! $ & ' ( ) * , ; =) is now no-escape-needed in path segment

  - 0.1.5: pkg:maven/France%20Telecom%20R%26D/ASM@3.3.1
  - 0.1.6: pkg:maven/France%20Telecom%20R&D/ASM@3.3.1 (\u0026 in JSON output)

↑ 2026-05-11 by shino

Bumps the others group with 4 updates in the / directory: github.com/aws/aws-sdk-go-v2, github.com/aws/aws-sdk-go-v2/config, github.com/aws/aws-sdk-go-v2/service/s3 and github.com/package-url/packageurl-go.

Updates github.com/aws/aws-sdk-go-v2 from 1.41.6 to 1.41.7

Commits

2223642 Release 2026-04-29
04c7e46 Regenerated Clients
5f56925 Update endpoints model
aac6d2b Update API model
bdaead7 upgrade to smithy-go v1.25.1 (#3399)
008e12c Release 2026-04-27
ef109d9 Regenerated Clients
6411e63 Update API model
e5bf970 Release 2026-04-24
bdbb88c Regenerated Clients
Additional commits viewable in compare view

Updates github.com/aws/aws-sdk-go-v2/config from 1.32.16 to 1.32.17

Commits

2223642 Release 2026-04-29
04c7e46 Regenerated Clients
5f56925 Update endpoints model
aac6d2b Update API model
bdaead7 upgrade to smithy-go v1.25.1 (#3399)
008e12c Release 2026-04-27
ef109d9 Regenerated Clients
6411e63 Update API model
e5bf970 Release 2026-04-24
bdbb88c Regenerated Clients
Additional commits viewable in compare view

Updates github.com/aws/aws-sdk-go-v2/credentials from 1.19.15 to 1.19.16

Commits

2223642 Release 2026-04-29
04c7e46 Regenerated Clients
5f56925 Update endpoints model
aac6d2b Update API model
bdaead7 upgrade to smithy-go v1.25.1 (#3399)
008e12c Release 2026-04-27
ef109d9 Regenerated Clients
6411e63 Update API model
e5bf970 Release 2026-04-24
bdbb88c Regenerated Clients
Additional commits viewable in compare view

Updates github.com/aws/aws-sdk-go-v2/service/s3 from 1.99.1 to 1.101.0

Commits

84ddd08 Release 2026-05-06
23645b4 Regenerated Clients
848eb59 Update API model
1d7b134 Release 2026-05-05
5bbbc97 Regenerated Clients
8dbb936 Update endpoints model
369e649 Update API model
dc2d13f Release 2026-05-04
da4bcff Regenerated Clients
a8b1180 Update API model
Additional commits viewable in compare view

Updates github.com/aws/aws-sdk-go-v2/service/sts from 1.42.0 to 1.42.1

Commits

5aa6e2b Release 2023-11-09
7dbcd52 Regenerated Clients
9b17844 Update API model
efa5486 Allowlist bucket owner header (#2358)
5118d3b Release 2023-11-08
f3c195f Regenerated Clients
f24b6a0 Update endpoints model
f5a0876 Update API model
3674c38 Release 2023-11-07
b856b28 Regenerated Clients
Additional commits viewable in compare view

Updates github.com/package-url/packageurl-go from 0.1.5 to 0.1.6

Commits

a74324e Optimize parsing and serialization performance (#86)
b41f387 Address review feedback and add chrome-extension validation
a546cc5 Optimize parsing and serialization performance
See full diff in compare view

Bumps the others group with 4 updates in the / directory: [github.com/aws/aws-sdk-go-v2](https://github.com/aws/aws-sdk-go-v2), [github.com/aws/aws-sdk-go-v2/config](https://github.com/aws/aws-sdk-go-v2), [github.com/aws/aws-sdk-go-v2/service/s3](https://github.com/aws/aws-sdk-go-v2) and [github.com/package-url/packageurl-go](https://github.com/package-url/packageurl-go). Updates `github.com/aws/aws-sdk-go-v2` from 1.41.6 to 1.41.7 - [Release notes](https://github.com/aws/aws-sdk-go-v2/releases) - [Commits](aws/aws-sdk-go-v2@v1.41.6...v1.41.7) Updates `github.com/aws/aws-sdk-go-v2/config` from 1.32.16 to 1.32.17 - [Release notes](https://github.com/aws/aws-sdk-go-v2/releases) - [Commits](aws/aws-sdk-go-v2@config/v1.32.16...config/v1.32.17) Updates `github.com/aws/aws-sdk-go-v2/credentials` from 1.19.15 to 1.19.16 - [Release notes](https://github.com/aws/aws-sdk-go-v2/releases) - [Commits](aws/aws-sdk-go-v2@credentials/v1.19.15...credentials/v1.19.16) Updates `github.com/aws/aws-sdk-go-v2/service/s3` from 1.99.1 to 1.101.0 - [Release notes](https://github.com/aws/aws-sdk-go-v2/releases) - [Commits](aws/aws-sdk-go-v2@service/s3/v1.99.1...service/s3/v1.101.0) Updates `github.com/aws/aws-sdk-go-v2/service/sts` from 1.42.0 to 1.42.1 - [Release notes](https://github.com/aws/aws-sdk-go-v2/releases) - [Commits](aws/aws-sdk-go-v2@service/s3/v1.42.0...service/s3/v1.42.1) Updates `github.com/package-url/packageurl-go` from 0.1.5 to 0.1.6 - [Release notes](https://github.com/package-url/packageurl-go/releases) - [Commits](package-url/packageurl-go@v0.1.5...v0.1.6) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go-v2 dependency-version: 1.41.7 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: others - dependency-name: github.com/aws/aws-sdk-go-v2/config dependency-version: 1.32.17 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: others - dependency-name: github.com/aws/aws-sdk-go-v2/credentials dependency-version: 1.19.16 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: others - dependency-name: github.com/aws/aws-sdk-go-v2/service/s3 dependency-version: 1.100.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: others - dependency-name: github.com/aws/aws-sdk-go-v2/service/sts dependency-version: 1.42.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: others - dependency-name: github.com/package-url/packageurl-go dependency-version: 0.1.6 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: others ... Signed-off-by: dependabot[bot] <support@github.com>

v0.1.6 changed path-segment encoding to leave RFC 3986 sub-delims (including `&`) unencoded, which breaks the juddiv3-war golden test (France Telecom R&D namespace serializes as raw `&` instead of `%26`). Keep v0.1.5 in this PR; the bump can be taken separately together with the golden update. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels May 3, 2026

dependabot Bot force-pushed the dependabot/go_modules/master/others-6a75beb636 branch from 40fee0e to 2f1e0dd Compare May 11, 2026 00:11

shino approved these changes May 11, 2026

View reviewed changes

shino merged commit 1f896e5 into master May 11, 2026
8 checks passed

shino deleted the dependabot/go_modules/master/others-6a75beb636 branch May 11, 2026 02:09

shino mentioned this pull request May 11, 2026

Update packageurl-go to v0.1.6 (or not) #2545

Open

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

chore(deps): bump the others group across 1 directory with 6 updates#2540

chore(deps): bump the others group across 1 directory with 6 updates#2540
shino merged 2 commits into
masterfrom
dependabot/go_modules/master/others-6a75beb636

dependabot Bot commented on behalf of github May 3, 2026 •

edited by shino

Loading

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Uh oh!

Conversation

dependabot Bot commented on behalf of github May 3, 2026 • edited by shino Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

dependabot Bot commented on behalf of github May 3, 2026 •

edited by shino

Loading