Bump go to 1.25.0 and github.com/go-git/go-git/v5 from 5.16.5 to 5.19.1 by dependabot[bot] · Pull Request #819 · AliceO2Group/Control

dependabot · 2026-05-19T15:37:29Z

Bumps github.com/go-git/go-git/v5 from 5.16.5 to 5.19.1.

Release notes

Sourced from github.com/go-git/go-git/v5's releases.

v5.19.1

What's Changed

v5: plumbing: transport/ssh, Shell-quote path by @hiddeco in go-git/go-git#2068

v5: git: submodule, Fix relative URL resolution by @hiddeco in go-git/go-git#2070

v5: git: submodule, canonical remote for relative URLs by @hiddeco in go-git/go-git#2074

v5: git: submodule, error on remote without URLs by @hiddeco in go-git/go-git#2078

v5: plumbing: format/idxfile, Validate offset64 indices by @hiddeco in go-git/go-git#2084

v5: *: Reject malformed variable-length integers by @hiddeco in go-git/go-git#2092

v5: plumbing: format/packfile, Tighten delta validation by @hiddeco in go-git/go-git#2091

v5: Add worktreeFilesystem wrapper for worktree and hardening by @hiddeco in go-git/go-git#2100

v5: config: validate submodule names by @hiddeco in go-git/go-git#2082

build: Update module github.com/go-git/go-git/v5 to v5.19.0 [SECURITY] (releases/v5.x) by @go-git-renovate[bot] in go-git/go-git#2111

v5: git: Allow MkdirAll on worktree-root paths by @hiddeco in go-git/go-git#2117

v5: git: Stop validating symlink target paths by @pjbgf in go-git/go-git#2116

v5: plumbing: format decoder input bounds and contracts by @hiddeco in go-git/go-git#2125

plumbing: format/packfile, cap delta chain depth in parser by @pjbgf in go-git/go-git#2137

Full Changelog: go-git/go-git@v5.19.0...v5.19.1

v5.19.0

What's Changed

build: Update module github.com/go-git/go-git/v5 to v5.18.0 [SECURITY] (releases/v5.x) by @go-git-renovate[bot] in go-git/go-git#2010

v5: Bump sha1cd and go-billy by @pjbgf in go-git/go-git#2060

v5: Align object encoding with upstream by @pjbgf in go-git/go-git#2065

Full Changelog: go-git/go-git@v5.18.0...v5.19.0

v5.18.0

What's Changed

plumbing: transport/http, Add support for followRedirects policy by @pjbgf in go-git/go-git#2004

Full Changelog: go-git/go-git@v5.17.2...v5.18.0

v5.17.2

What's Changed

build: Update module github.com/go-git/go-git/v5 to v5.17.1 [SECURITY] (releases/v5.x) by @go-git-renovate[bot] in go-git/go-git#1941

dotgit: skip writing pack files that already exist on disk by @pjbgf in go-git/go-git#1944

⚠️ This release fixes a bug (go-git/go-git#1942) that blocked some users from upgrading to v5.17.1. Thanks @pskrbasu for reporting it. 🙇

Full Changelog: go-git/go-git@v5.17.1...v5.17.2

v5.17.1

What's Changed

build: Update module github.com/cloudflare/circl to v1.6.3 [SECURITY] (releases/v5.x) by @go-git-renovate[bot] in go-git/go-git#1930

[v5] plumbing: format/index, Improve v4 entry name validation by @pjbgf in go-git/go-git#1935

[v5] plumbing: format/idxfile, Fix version and fanout checks by @pjbgf in go-git/go-git#1937

... (truncated)

Commits

3c3be60 Merge pull request #2137 from go-git/validate-v5
3fba897 plumbing: format/packfile, cap delta chain depth in parser
a97d660 Merge pull request #2125 from hiddeco/v5/format-input-bounds
aeaa125 plumbing: format/objfile, require Header before Read
1f38e17 plumbing: format/packfile, bound inflate size
f7545a0 plumbing: format/idxfile, bound nr by file size
170b881 Merge pull request #2116 from pjbgf/symlink-v5
7b6d994 Merge pull request #2117 from hiddeco/v5/worktree-fs-mkdirall-root-noop
f0709b3 git: Stop validating symlink target paths
776d00f git: Allow MkdirAll on worktree-root paths
Additional commits viewable in compare view

Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) from 5.16.5 to 5.19.1. - [Release notes](https://github.com/go-git/go-git/releases) - [Changelog](https://github.com/go-git/go-git/blob/main/HISTORY.md) - [Commits](go-git/go-git@v5.16.5...v5.19.1) --- updated-dependencies: - dependency-name: github.com/go-git/go-git/v5 dependency-version: 5.19.1 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot Bot requested a review from knopers8 as a code owner May 19, 2026 15:37

dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update go code labels May 19, 2026

dependabot Bot requested a review from justonedev1 as a code owner May 19, 2026 15:37

dependabot Bot mentioned this pull request May 19, 2026

Bump github.com/go-git/go-git/v5 from 5.16.5 to 5.19.0 #817

Closed

dependabot Bot force-pushed the dependabot/go_modules/github.com/go-git/go-git/v5-5.19.1 branch from c566718 to d6760db Compare June 2, 2026 08:30

knopers8 changed the title ~~Bump github.com/go-git/go-git/v5 from 5.16.5 to 5.19.1~~ Bump go to 1.25.0 and github.com/go-git/go-git/v5 from 5.16.5 to 5.19.1 Jun 2, 2026

knopers8 approved these changes Jun 2, 2026

View reviewed changes

knopers8 merged commit 7f4f6df into master Jun 2, 2026
2 of 3 checks passed

knopers8 deleted the dependabot/go_modules/github.com/go-git/go-git/v5-5.19.1 branch June 2, 2026 08:52

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump go to 1.25.0 and github.com/go-git/go-git/v5 from 5.16.5 to 5.19.1#819

Bump go to 1.25.0 and github.com/go-git/go-git/v5 from 5.16.5 to 5.19.1#819
knopers8 merged 1 commit into
masterfrom
dependabot/go_modules/github.com/go-git/go-git/v5-5.19.1

dependabot Bot commented on behalf of github May 19, 2026 •

edited

Loading

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Milestone

Development

Uh oh!

1 participant

Conversation

dependabot Bot commented on behalf of github May 19, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

v5.19.1

What's Changed

v5.19.0

What's Changed

v5.18.0

What's Changed

v5.17.2

What's Changed

v5.17.1

What's Changed

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Milestone

Development

Uh oh!

1 participant

dependabot Bot commented on behalf of github May 19, 2026 •

edited

Loading