Skip to content

Bump the go-dependencies group across 1 directory with 4 updates#1255

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/go_modules/go-dependencies-98bebb0e6a
Open

Bump the go-dependencies group across 1 directory with 4 updates#1255
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/go_modules/go-dependencies-98bebb0e6a

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 22, 2026
edited by entire Bot
Loading

https://entire.io/gh/entireio/cli/trails/418

Bumps the go-dependencies group with 3 updates in the / directory: github.com/betterleaks/betterleaks, github.com/posthog/posthog-go and golang.org/x/crypto.

Updates github.com/betterleaks/betterleaks from 1.2.0 to 1.3.1

Release notes

Sourced from github.com/betterleaks/betterleaks's releases.

v1.3.1

Changelog

  • ea102f10e2255c28a2e45cd58db643ee5864e05b Update README.md
  • 5877fac24e50140cb277e8538e2412139cba4a0c Update betterleaks config link to main branch (#144)
  • 2d72998e2c2d2f5f6a4526de60eb6281439f1cdb bump min bl config version (#143)
  • 92cea1164d1cc551ead2402b1257055dd0080016 use filter in rule generation instead of relying on translate (#145)

v1.3.0

What's New

S3 Source

You can scan S3 and other S3 compatible object stores with the betterleaks s3 command:

betterleaks s3 <url> [flags]

Scan an AWS bucket


betterleaks s3 https://my-bucket.s3.us-east-1.amazonaws.com/logs/


AWS shorthand (region auto-probed)


betterleaks s3 s3://my-bucket/logs/


Enumerate and scan all buckets in the account


(requires s3:ListAllMyBuckets on the credentials)


betterleaks s3 'https://s3.us-east-1.amazonaws.com/*'


Enumerate buckets matching a glob, scan a shared prefix in each


(same permission requirement as above)


betterleaks s3 'https://s3.us-east-1.amazonaws.com/prod-*/logs/'


Scan a public bucket without credentials


(the bucket policy must grant anonymous s3:ListBucket, not just s3:GetObject)


betterleaks s3 --anonymous https://<public-bucket>.s3.<region>.amazonaws.com/


Scan a single Cloudflare R2 bucket


betterleaks s3 https://my-bucket.acct123.r2.cloudflarestorage.com/


Enumerate all R2 buckets in an account


(requires an admin-scoped R2 API token, not a bucket-scoped one)


betterleaks s3 'https://acct123.r2.cloudflarestorage.com/*'


Scan a MinIO bucket


betterleaks s3 --region=us-east-1 http://localhost:9000/mybucket


Flags:
--access-key string      AWS access key (overrides AWS_ACCESS_KEY_ID)
--anonymous              do not sign requests; ignore AWS_* env vars and --access-key/--secret-key
-h, --help                   help for s3
--max-object-size int    objects larger than this many bytes are skipped (0 = 250 MiB default)
--region string          AWS region (required for some non-AWS endpoints; auto-probed for AWS)
</tr></table>

... (truncated)

Commits

Updates github.com/posthog/posthog-go from 1.12.5 to 1.12.6

Release notes

Sourced from github.com/posthog/posthog-go's releases.

1.12.6

Unreleased

Changelog

Sourced from github.com/posthog/posthog-go's changelog.

1.12.6

Patch Changes

  • 9289d53: Reject semver values with leading zeros in local flag evaluation. Per semver 2.0.0 §2, numeric identifiers must not include leading zeros — values like 1.07.3 are not valid semver and should not match targeting conditions. Both override values and flag values are now validated; invalid inputs surface an InconclusiveMatchError so the condition does not match.
Commits
  • a99dc57 chore: release v1.12.6 [version bump] [skip ci]
  • 9289d53 fix: reject leading-zero semver values in local evaluation (#200)
  • 4caaa1e chore: pin github actions to commit shas (#202)
  • See full diff in compare view

Updates golang.org/x/crypto from 0.51.0 to 0.52.0

Commits
  • a1c0d99 go.mod: update golang.org/x dependencies
  • 3c7c869 ssh: fix deadlock on unexpected channel responses
  • 533fb3f ssh: fix source-address critical option bypass
  • abbc44d ssh: fix incorrect operator order
  • e052873 ssh: fix infinite loop on large channel writes due to integer overflow
  • b61cf85 ssh: enforce user presence verification for security keys
  • 9c2cd33 ssh: enforce strict limits on DSA key parameters
  • 8907318 ssh: reject RSA keys with excessively large moduli
  • ffd87b4 ssh: fix panic when authority callbacks are nil
  • 4e7a738 ssh: fix deadlock on unexpected global responses
  • Additional commits viewable in compare view

Updates golang.org/x/sys from 0.44.0 to 0.45.0

Commits
  • 397d5f8 unix: update to Linux kernel 7.0
  • 0a387f7 cpu: detect zbc extension on riscv64
  • 758f71c cpu: add LLACQ_SCREL, SCQ, DBAR_HINTS detection for loong64
  • 99666ae unix: merge Linux readv/writev implementation with Darwin/OpenBSD
  • e4444cb windows: add NtSetEaFile, NtQueryEaFile and NtQueryInformationFile
  • 04396e8 unix: add Readv, Writev, Preadv, Pwritev for OpenBSD
  • See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Bump the go-dependencies group across 1 directory with 4 updates
95624fe 
Bumps the go-dependencies group with 3 updates in the / directory: [github.com/betterleaks/betterleaks](https://github.com/betterleaks/betterleaks), [github.com/posthog/posthog-go](https://github.com/posthog/posthog-go) and [golang.org/x/crypto](https://github.com/golang/crypto).


Updates `github.com/betterleaks/betterleaks` from 1.2.0 to 1.3.1
- [Release notes](https://github.com/betterleaks/betterleaks/releases)
- [Commits](betterleaks/betterleaks@v1.2.0...v1.3.1)

Updates `github.com/posthog/posthog-go` from 1.12.5 to 1.12.6
- [Release notes](https://github.com/posthog/posthog-go/releases)
- [Changelog](https://github.com/PostHog/posthog-go/blob/main/CHANGELOG.md)
- [Commits](PostHog/posthog-go@v1.12.5...v1.12.6)

Updates `golang.org/x/crypto` from 0.51.0 to 0.52.0
- [Commits](golang/crypto@v0.51.0...v0.52.0)

Updates `golang.org/x/sys` from 0.44.0 to 0.45.0
- [Commits](golang/sys@v0.44.0...v0.45.0)

---
updated-dependencies:
- dependency-name: github.com/betterleaks/betterleaks
  dependency-version: 1.3.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-dependencies
- dependency-name: github.com/posthog/posthog-go
  dependency-version: 1.12.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go-dependencies
- dependency-name: golang.org/x/crypto
  dependency-version: 0.52.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-dependencies
- dependency-name: golang.org/x/sys
  dependency-version: 0.45.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update go code labels May 22, 2026
@dependabot dependabot Bot requested a review from a team as a code owner May 22, 2026 19:07
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update go code labels May 22, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file go Pull requests that update go code

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants