build(deps): bump the go_modules group across 1 directory with 10 updates

[dependabot]

Bumps the go_modules group with 8 updates in the / directory:

Package	From	To
helm.sh/helm/v3	3.19.0	3.20.2
github.com/moby/buildkit	0.20.2	0.28.1
github.com/moby/spdystream	0.5.0	0.5.1
go.opentelemetry.io/otel	1.39.0	1.41.0
google.golang.org/grpc	1.78.0	1.79.3
github.com/go-git/go-billy/v5	5.6.2	5.9.0
github.com/go-git/go-git/v5	5.16.5	5.19.0
golang.org/x/image	0.27.0	0.38.0

Updates helm.sh/helm/v3 from 3.19.0 to 3.20.2

Release notes

Sourced from helm.sh/helm/v3's releases.

Helm v3.20.2

v3.20.2

Helm v3.20.2 is a security patch release. Users are encouraged to upgrade for the best experience.

The community keeps growing, and we'd love to see you there!

• Join the discussion in Kubernetes Slack:
  • for questions and just to hang out
  • for discussing PRs, code, and bugs
• Hang out at the Public Developer Call: Thursday, 9:30 Pacific via Zoom
• Test, debug, and contribute charts: ArtifactHub/packages

Security fixes

• GHSA-hr2v-4r36-88hr Helm Chart extraction output directory collapse via Chart.yaml name dot-segment

Installation and Upgrading

Download Helm v3.20.2. The common platform binaries are here:

• MacOS amd64 (checksum / 7de04301f28b902a74f6286ed941cadc86ee5e6a9086a18f2ccf1f548e99d618)
• MacOS arm64 (checksum / 139c794c22f16b579d08ddd3008c8038b9bb2814f35b5bcca91f50a1f458978d)
• Linux amd64 (checksum / 258e830a9e613c8a7a302d6059b4bb3b9758f2f3e1bb8ea0d707ce10a9a72fea)
• Linux arm (checksum / a8a614c740399ff1ef32bcea6be6e4523f17e3376f9cf55c192cc48c8f2d1f19)
• Linux arm64 (checksum / 5ea2d6bc2cda3f8edf985e028809f5a9278f404fb8ab24044de9b7cb9b79a691)
• Linux i386 (checksum / 88e4c1834307cdbc9f3b80920e1a383e4ba50bb488fb0be1b1fbd4918bb6ae73)
• Linux ppc64le (checksum / 98bb26a2f3c0b0c1a50db3181dff192554e0c204a07427d98d6b01e259f23cbe)
• Linux s390x (checksum / 584dd77ef8096d6ef939a1822f72840e749fc8311b2b13ae94df5f786862a56b)
• Linux riscv64 (checksum / 957391d0710d72678acd09959b5dc77888cd007a78a4b99944d3b2fc7e1895ca)
• Windows amd64 (checksum / 24e8e5b71bab4ee17e6f989931ecf4fb144f9916cbe9990c0b6b2ec7b925c454)
• Windows arm64 (checksum / 7c940a73a6882f50b69aec3282549da4a49917669db18fc503db930fb74b9789)

The Quickstart Guide will get you going from there. For upgrade instructions or detailed installation notes, check the install guide. You can also use a script to install on any system with bash.

What's Next

• 4.1.5 and 3.20.3 are the next patch (bug fix) releases and will be on April 8, 2026
• 4.2.0 and 3.21.0 are the next minor (feature) releases and will be on May 13, 2026

Changelog

• fix: Chart dot-name path bug 8fb76d6ab555577e98e23b7500009537a471feee (George Jenkins)
• fix: pin codeql-action/upload-sarif to commit SHA in scorecards workflow 3a8927e275c50cecde273872dad2a5576bd46375 (Terry Howe)

Helm v3.20.1 is a patch release. Users are encouraged to upgrade for the best experience.

The community keeps growing, and we'd love to see you there!

• Join the discussion in Kubernetes Slack:

... (truncated)

Commits

• 8fb76d6 fix: Chart dot-name path bug
• 3a8927e fix: pin codeql-action/upload-sarif to commit SHA in scorecards workflow
• a2369ca chore(deps): bump the k8s-io group with 7 updates
• 90e1056 add image index test
• 911f2e9 fix pulling charts from OCI indices
• 76dad33 Remove refactorring changes from coalesce_test.go
• 45c12f7 Fix import
• 26c6f19 Update pkg/chart/common/util/coalesce_test.go
• 09f5129 Fix lint warning
• 417deb2 Preserve nil values in chart already
• Additional commits viewable in compare view

Updates github.com/moby/buildkit from 0.20.2 to 0.28.1

Release notes

Sourced from github.com/moby/buildkit's releases.

v0.28.1

Welcome to the v0.28.1 release of buildkit!

Please try out the release binaries and report any issues at https://github.com/moby/buildkit/issues.

Contributors

• Tõnis Tiigi
• CrazyMax
• Sebastiaan van Stijn

Notable Changes

• Fix insufficient validation of Git URL #ref:subdir fragments that could allow access to restricted files outside the checked-out repository root. GHSA-4vrq-3vrq-g6gg
• Fix a vulnerability where an untrusted custom frontend could cause files to be written outside the BuildKit state directory. GHSA-4c29-8rgm-jvjj
• Fix a panic when processing invalid .dockerignore patterns during COPY. #6610 moby/patternmatcher#9

Dependency Changes

• github.com/moby/patternmatcher v0.6.0 -> v0.6.1

Previous release can be found at v0.28.0

v0.28.0

buildkit 0.28.0

Welcome to the v0.28.0 release of buildkit!

Please try out the release binaries and report any issues at https://github.com/moby/buildkit/issues.

Contributors

• Tõnis Tiigi
• CrazyMax
• Sebastiaan van Stijn
• Jonathan A. Sternberg
• Akihiro Suda
• Amr Mahdi
• Dan Duvall
• David Karlsson
• Jonas Geiler
• Kevin L.
• rsteube

... (truncated)

Commits

• 45b038c git: normalize and validate subdir paths
• f5462c2 git: harden ref arg handling
• 71577a5 source: extract SafeFileName into shared pathutil package
• df43783 source/http: use os.Root for saved file operations
• 9ce6f62 source/http: sanitize downloaded filenames
• 099cf80 executor: validate container IDs centrally
• 2642113 Merge pull request #6610 from thaJeztah/0.28_backport_bump_patternmatcher
• 802da78 vendor: github.com/moby/patternmatcher v0.6.1
• 5245d86 Merge pull request #6551 from tonistiigi/v0.28-cherry-picks
• 90ee5de vendor: update x/net to v0.51.0
• Additional commits viewable in compare view

Updates github.com/moby/spdystream from 0.5.0 to 0.5.1

Release notes

Sourced from github.com/moby/spdystream's releases.

v0.5.1

What's Changed

Security

Fix memory amplification in SPDY frame parsing leads to denial of service (CVE-2026-35469 / GHSA-pc3f-x583-g7j2)

Changes

• spdy: fix duplicate license headers, add LICENSE, PATENTS, and update NOTICE moby/spdystream#106
• ci: update actions and test against latest Go versions moby/spdystream#107
• use ioutil.Discard for go1.13 compatibility moby/spdystream#109

Full Changelog: moby/spdystream@v0.5.0...v0.5.1

Commits

• c59e5d7 Merge pull request #109 from thaJeztah/use_ioutil
• 2fd0155 use ioutil.Discard for go1.13 compatibility
• ef6121f Merge commit from fork
• 241cec9 compare with signed Int for 32-bit Arm
• 21c3864 Add options to customize limits
• acf9b45 spdy: update godoc for MaxDataLength
• eb63605 spdy: limit header-size and header-count
• 2f21da4 spdy: fix header block byte accounting
• 5976b66 spdy: enforce 24-bit frame length limits
• cf0ec5d Guard against oversized SPDY frames
• Additional commits viewable in compare view

Updates go.opentelemetry.io/otel from 1.39.0 to 1.41.0

Changelog

Sourced from go.opentelemetry.io/otel's changelog.

[1.41.0/0.63.0/0.17.0/0.0.15] 2026-03-02

This release is the last to support [Go 1.24]. The next release will require at least [Go 1.25].

Added

• Support testing of [Go 1.26]. (#7902)

Fixed

• Update Baggage in go.opentelemetry.io/otel/propagation and Parse and New in go.opentelemetry.io/otel/baggage to comply with W3C Baggage specification limits. New and Parse now return partial baggage along with an error when limits are exceeded. Errors from baggage extraction are reported to the global error handler. (#7880)
• Return an error when the endpoint is configured as insecure and with TLS configuration in go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp. (#7914)
• Return an error when the endpoint is configured as insecure and with TLS configuration in go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp. (#7914)
• Return an error when the endpoint is configured as insecure and with TLS configuration in go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp. (#7914)

[1.40.0/0.62.0/0.16.0] 2026-02-02

Added

• Add AlwaysRecord sampler in go.opentelemetry.io/otel/sdk/trace. (#7724)
• Add Enabled method to all synchronous instrument interfaces (Float64Counter, Float64UpDownCounter, Float64Histogram, Float64Gauge, Int64Counter, Int64UpDownCounter, Int64Histogram, Int64Gauge,) in go.opentelemetry.io/otel/metric. This stabilizes the synchronous instrument enabled feature, allowing users to check if an instrument will process measurements before performing computationally expensive operations. (#7763)
• Add go.opentelemetry.io/otel/semconv/v1.39.0 package. The package contains semantic conventions from the v1.39.0 version of the OpenTelemetry Semantic Conventions. See the migration documentation for information on how to upgrade from go.opentelemetry.io/otel/semconv/v1.38.0. (#7783, #7789)

Changed

• Improve the concurrent performance of HistogramReservoir in go.opentelemetry.io/otel/sdk/metric/exemplar by 4x. (#7443)
• Improve the concurrent performance of FixedSizeReservoir in go.opentelemetry.io/otel/sdk/metric/exemplar. (#7447)
• Improve performance of concurrent histogram measurements in go.opentelemetry.io/otel/sdk/metric. (#7474)
• Improve performance of concurrent synchronous gauge measurements in go.opentelemetry.io/otel/sdk/metric. (#7478)
• Add experimental observability metrics in go.opentelemetry.io/otel/exporters/stdout/stdoutmetric. (#7492)
• Exporter in go.opentelemetry.io/otel/exporters/prometheus ignores metrics with the scope go.opentelemetry.io/contrib/bridges/prometheus. This prevents scrape failures when the Prometheus exporter is misconfigured to get data from the Prometheus bridge. (#7688)
• Improve performance of concurrent exponential histogram measurements in go.opentelemetry.io/otel/sdk/metric. (#7702)
• The rpc.grpc.status_code attribute in the experimental metrics emitted from go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc is replaced with the rpc.response.status_code attribute to align with the semantic conventions. (#7854)
• The rpc.grpc.status_code attribute in the experimental metrics emitted from go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc is replaced with the rpc.response.status_code attribute to align with the semantic conventions. (#7854)

Fixed

• Fix bad log message when key-value pairs are dropped because of key duplication in go.opentelemetry.io/otel/sdk/log. (#7662)
• Fix DroppedAttributes on Record in go.opentelemetry.io/otel/sdk/log to not count the non-attribute key-value pairs dropped because of key duplication. (#7662)
• Fix SetAttributes on Record in go.opentelemetry.io/otel/sdk/log to not log that attributes are dropped when they are actually not dropped. (#7662)
• Fix missing request.GetBody in go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp to correctly handle HTTP/2 GOAWAY frame. (#7794)
• WithHostID detector in go.opentelemetry.io/otel/sdk/resource to use full path for ioreg command on Darwin (macOS). (#7818)

... (truncated)

Commits

• 4575a97 Release 1.41.0/0.63.0/0.17.0/0.0.15 (#7977)
• 66fc10d fix: add error handling for insecure HTTP endpoints with TLS client configura...
• 76e6eec chore(deps): update github/codeql-action action to v4.32.5 (#7980)
• 0d50f90 Revert "Generate semconv/v1.40.0" (#7978)
• c38a4a5 Generate semconv/v1.40.0 (#7929)
• 0f1a224 chore(deps): update module github.com/securego/gosec/v2 to v2.23.0 (#7899)
• c79ebf4 chore(deps): update module github.com/daixiang0/gci to v0.14.0 (#7973)
• f758157 chore(deps): update module github.com/sonatard/noctx to v0.5.0 (#7968)
• 92a1164 fix(deps): update github.com/opentracing-contrib/go-grpc/test digest to d566b...
• 3cd7c27 chore(deps): update module github.com/protonmail/go-crypto to v1.4.0 (#7969)
• Additional commits viewable in compare view

Updates google.golang.org/grpc from 1.78.0 to 1.79.3

Release notes

Sourced from google.golang.org/grpc's releases.

Release 1.79.3

Security

• server: fix an authorization bypass where malformed :path headers (missing the leading slash) could bypass path-based restricted "deny" rules in interceptors like grpc/authz. Any request with a non-canonical path is now immediately rejected with an Unimplemented error. (#8981)

Release 1.79.2

Bug Fixes

• stats: Prevent redundant error logging in health/ORCA producers by skipping stats/tracing processing when no stats handler is configured. (grpc/grpc-go#8874)

Release 1.79.1

Bug Fixes

• grpc: Remove the -dev suffix from the User-Agent header. (grpc/grpc-go#8902)

Release 1.79.0

API Changes

• mem: Add experimental API SetDefaultBufferPool to change the default buffer pool. (#8806)
  • Special Thanks: @​vanja-p
• experimental/stats: Update MetricsRecorder to require embedding the new UnimplementedMetricsRecorder (a no-op struct) in all implementations for forward compatibility. (#8780)

Behavior Changes

• balancer/weightedtarget: Remove handling of Addresses and only handle Endpoints in resolver updates. (#8841)

New Features

• experimental/stats: Add support for asynchronous gauge metrics through the new AsyncMetricReporter and RegisterAsyncReporter APIs. (#8780)
• pickfirst: Add support for weighted random shuffling of endpoints, as described in gRFC A113.
  • This is enabled by default, and can be turned off using the environment variable GRPC_EXPERIMENTAL_PF_WEIGHTED_SHUFFLING. (#8864)
• xds: Implement :authority rewriting, as specified in gRFC A81. (#8779)
• balancer/randomsubsetting: Implement the random_subsetting LB policy, as specified in gRFC A68. (#8650)
  • Special Thanks: @​marek-szews

Bug Fixes

• credentials/tls: Fix a bug where the port was not stripped from the authority override before validation. (#8726)
  • Special Thanks: @​Atul1710
• xds/priority: Fix a bug causing delayed failover to lower-priority clusters when a higher-priority cluster is stuck in CONNECTING state. (#8813)
• health: Fix a bug where health checks failed for clients using legacy compression options (WithDecompressor or RPCDecompressor). (#8765)
  • Special Thanks: @​sanki92
• transport: Fix an issue where the HTTP/2 server could skip header size checks when terminating a stream early. (#8769)
  • Special Thanks: @​joybestourous
• server: Propagate status detail headers, if available, when terminating a stream during request header processing. (#8754)
  • Special Thanks: @​joybestourous

Performance Improvements

• credentials/alts: Optimize read buffer alignment to reduce copies. (#8791)
• mem: Optimize pooling and creation of buffer objects. (#8784)
• transport: Reduce slice re-allocations by reserving slice capacity. (#8797)

Commits

• dda86db Change version to 1.79.3 (#8983)
• 72186f1 grpc: enforce strict path checking for incoming requests on the server (#8981)
• 97ca352 Changing version to 1.79.3-dev (#8954)
• 8902ab6 Change the version to release 1.79.2 (#8947)
• a928670 Cherry-pick #8874 to v1.79.x (#8904)
• 06df363 Change version to 1.79.2-dev (#8903)
• 782f2de Change version to 1.79.1 (#8902)
• 850eccb Change version to 1.79.1-dev (#8851)
• 765ff05 Change version to 1.79.0 (#8850)
• 68804be Cherry pick #8864 to v1.79.x (#8896)
• Additional commits viewable in compare view

Updates github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream from 1.6.8 to 1.7.10

Commits

• 7655449 Release 2022-10-21
• dcae829 Regenerated Clients
• b82766b Update API model
• 1c05fb6 Implements IsCredentialsProvider for checking if a provider matches a target ...
• 0fab39a Merge pull request #1888 from aws/isvita/issues-1787
• 56eb993 added changelog file
• cde8cbc Release 2022-10-20
• d7765f9 Regenerated Clients
• b9dab7e Update endpoints model
• 93ed3ee Update API model
• Additional commits viewable in compare view

Updates github.com/docker/cli from 29.0.3+incompatible to 29.2.1+incompatible

Commits

• a5c7197 Merge pull request #6772 from thaJeztah/cleanup_testfile
• 435384f Merge pull request #6773 from thaJeztah/improve_mountopts
• df3e923 opts: MountOpt: extract utility functions and don't set empty values
• d781df8 opts: MountOpt: extract validation to a separate function
• f35fb0f cli/command: TestGetDefaultAuthConfig: cleanup test file
• fe1af92 opts: MountOpt: improve validation of boolean values
• 5de99e6 opts: MountOpt: improve validation for whitespace in values
• 9620e41 opts: MountOpt: improve validation for whitespace in options
• e888a6e opts: remove outdated comment
• b22f1ae Merge pull request #6771 from thaJeztah/allow_empty_target
• Additional commits viewable in compare view

Updates github.com/go-git/go-billy/v5 from 5.6.2 to 5.9.0

Release notes

Sourced from github.com/go-git/go-billy/v5's releases.

v5.9.0

What's Changed

• Use path.Clean instead of filepath.Clean in iofs.Open by @​puerco in go-git/go-billy#197
• Deprecate ChrootOS in favour of BoundOS by @​pjbgf in go-git/go-billy#201
• General Improvements by @​pjbgf in go-git/go-billy#203
• osfs: ChrootOS eval baseDir on creation by @​pjbgf in go-git/go-billy#205
• Run go-git tests as part of integration tests by @​pjbgf in go-git/go-billy#206

Full Changelog: go-git/go-billy@v5.8.0...v5.9.0

v5.8.0

What's Changed

• build: Update module golang.org/x/net to v0.45.0 [SECURITY] (releases/v5.x) by @​go-git-renovate[bot] in go-git/go-billy#183
• v5: Ensure Chmod behaviour across BoundOS and ChrootOS by @​pjbgf in go-git/go-billy#187

Full Changelog: go-git/go-billy@v5.7.0...v5.8.0

v5.7.0

What's Changed

• Add support for Chmod on billy.Filesystem by @​bitfehler in go-git/go-billy#171
• build: Update module golang.org/x/net to v0.38.0 [SECURITY] (releases/v5.x) by @​go-git-renovate[bot] in go-git/go-billy#177

Full Changelog: go-git/go-billy@v5.6.2...v5.7.0

Commits

• 237e529 Merge pull request #206 from pjbgf/v5-improvements
• 04edb39 build: Add go-git integration test
• d8efefd osfs: preserve empty ChrootOS base
• 07f2a0b Merge pull request #205 from pjbgf/v5-improvements
• 25207c8 build: Bump Go versions in workflows
• 2fda229 osfs: ChrootOS eval baseDir on creation
• 427b27f Merge pull request #203 from pjbgf/v5-improvements
• 7d5a23e chroot: Reject symlink loops
• 2c2287a util: avoid following symlinks in RemoveAll fallback
• cbd88e9 Fix mount path handling
• Additional commits viewable in compare view

Updates github.com/go-git/go-git/v5 from 5.16.5 to 5.19.0

Release notes

Sourced from github.com/go-git/go-git/v5's releases.

v5.19.0

What's Changed

• build: Update module github.com/go-git/go-git/v5 to v5.18.0 [SECURITY] (releases/v5.x) by @​go-git-renovate[bot] in go-git/go-git#2010
• v5: Bump sha1cd and go-billy by @​pjbgf in go-git/go-git#2060
• v5: Align object encoding with upstream by @​pjbgf in go-git/go-git#2065

Full Changelog: go-git/go-git@v5.18.0...v5.19.0

v5.18.0

What's Changed

• plumbing: transport/http, Add support for followRedirects policy by @​pjbgf in go-git/go-git#2004

Full Changelog: go-git/go-git@v5.17.2...v5.18.0

v5.17.2

What's Changed

• build: Update module github.com/go-git/go-git/v5 to v5.17.1 [SECURITY] (releases/v5.x) by @​go-git-renovate[bot] in go-git/go-git#1941
• dotgit: skip writing pack files that already exist on disk by @​pjbgf in go-git/go-git#1944

⚠️ This release fixes a bug (go-git/go-git#1942) that blocked some users from upgrading to v5.17.1. Thanks @​pskrbasu for reporting it. 🙇

Full Changelog: go-git/go-git@v5.17.1...v5.17.2

v5.17.1

What's Changed

• build: Update module github.com/cloudflare/circl to v1.6.3 [SECURITY] (releases/v5.x) by @​go-git-renovate[bot] in go-git/go-git#1930
• [v5] plumbing: format/index, Improve v4 entry name validation by @​pjbgf in go-git/go-git#1935
• [v5] plumbing: format/idxfile, Fix version and fanout checks by @​pjbgf in go-git/go-git#1937

Full Changelog: go-git/go-git@v5.17.0...v5.17.1

v5.17.0

What's Changed

• build: Update module github.com/go-git/go-git/v5 to v5.16.5 [SECURITY] (releases/v5.x) by @​go-git-renovate[bot] in go-git/go-git#1839
• git: worktree, optimize infiles function for very large repos by @​k-anshul in go-git/go-git#1853
• git: Add strict checks for supported extensions by @​pjbgf in go-git/go-git#1861
• backport, git: Improve Status() speed with new index.ModTime check by @​cedric-appdirect in go-git/go-git#1862
• storage: filesystem, Avoid overwriting loose obj files by @​pjbgf in go-git/go-git#1864

Full Changelog: go-git/go-git@v5.16.5...v5.17.0

Commits

• bc930f4 Merge pull request #2065 from go-git/commit-v5
• d315264 plumbing: object, Reset object before decode
• 6e1d348 plumbing: object, Align Tree handling with upstream
• e134ba3 tests: Skip double checks in Git v2.11
• 1971422 tests: Add git conformance tests for signing verification
• a387aa8 plumbing: object, Add ErrMalformedTag
• f415670 plumbing: object, Decode Tag headers via a state machine
• 5b0cd38 plumbing: object, Reject multi-signature commits at Verify
• fe8ed62 plumbing: object, Align Tag.EncodeWithoutSignature with Commit
• 98e337d plumbing: object, Add support for Tag.SignatureSHA256
• Additional commits viewable in compare view

Updates golang.org/x/image from 0.27.0 to 0.38.0

Commits

• 23ae9ed tiff: cap buffer growth to prevent OOM from malicious IFD offset
• e589e60 webp: allow VP8L + VP8X(with alpha)
• fe7d73d go.mod: update golang.org/x dependencies
• e3d762b all: upgrade go directive to at least 1.25.0 [generated]
• 833c6ed go.mod: update golang.org/x dependencies
• bc7fe0b go.mod: update golang.org/x dependencies
• c53c97f go.mod: update golang.org/x dependencies
• 9032ff7 all: eliminate vet diagnostics
• 9c9d08c go.mod: update golang.org/x dependencies
• 742b1b7 all: fix some comments
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.