Skip to content

chore(deps): bump bump github.com/klauspost/compress v1.18.5, github.com/docker/compose v5.1.2#3646

Merged
mdelapenya merged 2 commits intotestcontainers:mainfrom
thaJeztah:bump_compose
Apr 9, 2026
Merged

chore(deps): bump bump github.com/klauspost/compress v1.18.5, github.com/docker/compose v5.1.2#3646
mdelapenya merged 2 commits intotestcontainers:mainfrom
thaJeztah:bump_compose

Conversation

@thaJeztah
Copy link
Copy Markdown
Contributor

@thaJeztah thaJeztah commented Apr 9, 2026

What does this PR do?

update dependencies; for klauspost/compress;

  • v1.18.3 contains a fix for CVE-2025-61728
  • v1.18.5 fixes a crash in zstd

Why is it important?

Related issues

thaJeztah added 2 commits April 9, 2026 13:14
@thaJeztah
chore(deps): bump github.com/klauspost/compress v1.18.5
69edd2b 
- v1.18.3 contains a fix for CVE-2025-61728
- v1.18.5 fixes a crash in zstd

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
@thaJeztah
chore(deps): bump github.com/docker/compose v5.1.2
76a57f2 
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
@thaJeztah thaJeztah requested a review from a team as a code owner April 9, 2026 11:20
@netlify
Copy link
Copy Markdown

netlify Bot commented Apr 9, 2026
edited
Loading

Deploy Preview for testcontainers-go ready!

Name Link
🔨 Latest commit 76a57f2
🔍 Latest deploy log https://app.netlify.com/projects/testcontainers-go/deploys/69d78b8692761d0008677399
😎 Deploy Preview https://deploy-preview-3646--testcontainers-go.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify project configuration.

@coderabbitai
Copy link
Copy Markdown

coderabbitai Bot commented Apr 9, 2026
edited
Loading

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: ccf2b148-7345-4dbb-bc44-0da04eb881de

📥 Commits

Reviewing files that changed from the base of the PR and between 359d0de and 76a57f2.

⛔ Files ignored due to path filters (66)
  • examples/nginx/go.sum is excluded by !**/*.sum
  • go.sum is excluded by !**/*.sum
  • modules/aerospike/go.sum is excluded by !**/*.sum
  • modules/arangodb/go.sum is excluded by !**/*.sum
  • modules/artemis/go.sum is excluded by !**/*.sum
  • modules/azure/go.sum is excluded by !**/*.sum
  • modules/azurite/go.sum is excluded by !**/*.sum
  • modules/cassandra/go.sum is excluded by !**/*.sum
  • modules/chroma/go.sum is excluded by !**/*.sum
  • modules/clickhouse/go.sum is excluded by !**/*.sum
  • modules/cockroachdb/go.sum is excluded by !**/*.sum
  • modules/compose/go.sum is excluded by !**/*.sum
  • modules/consul/go.sum is excluded by !**/*.sum
  • modules/couchbase/go.sum is excluded by !**/*.sum
  • modules/databend/go.sum is excluded by !**/*.sum
  • modules/dind/go.sum is excluded by !**/*.sum
  • modules/dockermcpgateway/go.sum is excluded by !**/*.sum
  • modules/dockermodelrunner/go.sum is excluded by !**/*.sum
  • modules/dolt/go.sum is excluded by !**/*.sum
  • modules/dynamodb/go.sum is excluded by !**/*.sum
  • modules/elasticsearch/go.sum is excluded by !**/*.sum
  • modules/etcd/go.sum is excluded by !**/*.sum
  • modules/forgejo/go.sum is excluded by !**/*.sum
  • modules/gcloud/go.sum is excluded by !**/*.sum
  • modules/grafana-lgtm/go.sum is excluded by !**/*.sum
  • modules/inbucket/go.sum is excluded by !**/*.sum
  • modules/influxdb/go.sum is excluded by !**/*.sum
  • modules/k3s/go.sum is excluded by !**/*.sum
  • modules/k6/go.sum is excluded by !**/*.sum
  • modules/kafka/go.sum is excluded by !**/*.sum
  • modules/localstack/go.sum is excluded by !**/*.sum
  • modules/mariadb/go.sum is excluded by !**/*.sum
  • modules/meilisearch/go.sum is excluded by !**/*.sum
  • modules/memcached/go.sum is excluded by !**/*.sum
  • modules/milvus/go.sum is excluded by !**/*.sum
  • modules/minio/go.sum is excluded by !**/*.sum
  • modules/mockserver/go.sum is excluded by !**/*.sum
  • modules/mongodb/go.sum is excluded by !**/*.sum
  • modules/mssql/go.sum is excluded by !**/*.sum
  • modules/mysql/go.sum is excluded by !**/*.sum
  • modules/nats/go.sum is excluded by !**/*.sum
  • modules/nebulagraph/go.sum is excluded by !**/*.sum
  • modules/neo4j/go.sum is excluded by !**/*.sum
  • modules/ollama/go.sum is excluded by !**/*.sum
  • modules/openfga/go.sum is excluded by !**/*.sum
  • modules/openldap/go.sum is excluded by !**/*.sum
  • modules/opensearch/go.sum is excluded by !**/*.sum
  • modules/pinecone/go.sum is excluded by !**/*.sum
  • modules/postgres/go.sum is excluded by !**/*.sum
  • modules/pulsar/go.sum is excluded by !**/*.sum
  • modules/qdrant/go.sum is excluded by !**/*.sum
  • modules/rabbitmq/go.sum is excluded by !**/*.sum
  • modules/redis/go.sum is excluded by !**/*.sum
  • modules/redpanda/go.sum is excluded by !**/*.sum
  • modules/registry/go.sum is excluded by !**/*.sum
  • modules/scylladb/go.sum is excluded by !**/*.sum
  • modules/socat/go.sum is excluded by !**/*.sum
  • modules/solace/go.sum is excluded by !**/*.sum
  • modules/surrealdb/go.sum is excluded by !**/*.sum
  • modules/tidb/go.sum is excluded by !**/*.sum
  • modules/toxiproxy/go.sum is excluded by !**/*.sum
  • modules/valkey/go.sum is excluded by !**/*.sum
  • modules/vault/go.sum is excluded by !**/*.sum
  • modules/vearch/go.sum is excluded by !**/*.sum
  • modules/weaviate/go.sum is excluded by !**/*.sum
  • modules/yugabytedb/go.sum is excluded by !**/*.sum
📒 Files selected for processing (67)
  • examples/nginx/go.mod
  • go.mod
  • modules/aerospike/go.mod
  • modules/arangodb/go.mod
  • modules/artemis/go.mod
  • modules/azure/go.mod
  • modules/azurite/go.mod
  • modules/cassandra/go.mod
  • modules/chroma/go.mod
  • modules/clickhouse/go.mod
  • modules/cockroachdb/go.mod
  • modules/compose/compose.go
  • modules/compose/go.mod
  • modules/consul/go.mod
  • modules/couchbase/go.mod
  • modules/databend/go.mod
  • modules/dind/go.mod
  • modules/dockermcpgateway/go.mod
  • modules/dockermodelrunner/go.mod
  • modules/dolt/go.mod
  • modules/dynamodb/go.mod
  • modules/elasticsearch/go.mod
  • modules/etcd/go.mod
  • modules/forgejo/go.mod
  • modules/gcloud/go.mod
  • modules/grafana-lgtm/go.mod
  • modules/inbucket/go.mod
  • modules/influxdb/go.mod
  • modules/k3s/go.mod
  • modules/k6/go.mod
  • modules/kafka/go.mod
  • modules/localstack/go.mod
  • modules/mariadb/go.mod
  • modules/meilisearch/go.mod
  • modules/memcached/go.mod
  • modules/milvus/go.mod
  • modules/minio/go.mod
  • modules/mockserver/go.mod
  • modules/mongodb/go.mod
  • modules/mssql/go.mod
  • modules/mysql/go.mod
  • modules/nats/go.mod
  • modules/nebulagraph/go.mod
  • modules/neo4j/go.mod
  • modules/ollama/go.mod
  • modules/openfga/go.mod
  • modules/openldap/go.mod
  • modules/opensearch/go.mod
  • modules/pinecone/go.mod
  • modules/postgres/go.mod
  • modules/pulsar/go.mod
  • modules/qdrant/go.mod
  • modules/rabbitmq/go.mod
  • modules/redis/go.mod
  • modules/redpanda/go.mod
  • modules/registry/go.mod
  • modules/scylladb/go.mod
  • modules/socat/go.mod
  • modules/solace/go.mod
  • modules/surrealdb/go.mod
  • modules/tidb/go.mod
  • modules/toxiproxy/go.mod
  • modules/valkey/go.mod
  • modules/vault/go.mod
  • modules/vearch/go.mod
  • modules/weaviate/go.mod
  • modules/yugabytedb/go.mod

Summary by CodeRabbit

Chores

  • Updated compression library from v1.18.4 to v1.18.5 across all modules
  • Bumped Docker CLI to v29.4.0, compose specification to v2.10.2, and Docker Compose to v5.1.2 in the compose module
  • Refreshed transitive dependencies for OpenTelemetry, containerd, buildkit, gRPC, and related infrastructure packages

Walkthrough

This PR updates the github.com/klauspost/compress indirect dependency from v1.18.4 to v1.18.5 across the root and 70+ module go.mod files. Additionally, it modifies Docker CLI initialization in the compose module and refreshes several dependencies in modules/compose/go.mod.

Changes

Cohort / File(s) Summary
Compress dependency version bump
go.mod, examples/nginx/go.mod, modules/aerospike/go.mod, modules/arangodb/go.mod, modules/artemis/go.mod, modules/azure/go.mod, modules/azurite/go.mod, modules/cassandra/go.mod, modules/chroma/go.mod, modules/clickhouse/go.mod, modules/cockroachdb/go.mod, modules/consul/go.mod, modules/couchbase/go.mod, modules/databend/go.mod, modules/dind/go.mod, modules/dockermcpgateway/go.mod, modules/dockermodelrunner/go.mod, modules/dolt/go.mod, modules/dynamodb/go.mod, modules/elasticsearch/go.mod, modules/etcd/go.mod, modules/forgejo/go.mod, modules/gcloud/go.mod, modules/grafana-lgtm/go.mod, modules/inbucket/go.mod, modules/influxdb/go.mod, modules/k3s/go.mod, modules/k6/go.mod, modules/kafka/go.mod, modules/localstack/go.mod, modules/mariadb/go.mod, modules/meilisearch/go.mod, modules/memcached/go.mod, modules/milvus/go.mod, modules/minio/go.mod, modules/mockserver/go.mod, modules/mongodb/go.mod, modules/mssql/go.mod, modules/mysql/go.mod, modules/nats/go.mod, modules/nebulagraph/go.mod, modules/neo4j/go.mod, modules/ollama/go.mod, modules/openfga/go.mod, modules/openldap/go.mod, modules/opensearch/go.mod, modules/pinecone/go.mod, modules/postgres/go.mod, modules/pulsar/go.mod, modules/qdrant/go.mod, modules/rabbitmq/go.mod, modules/redis/go.mod, modules/redpanda/go.mod, modules/registry/go.mod, modules/scylladb/go.mod, modules/socat/go.mod, modules/solace/go.mod, modules/surrealdb/go.mod, modules/tidb/go.mod, modules/toxiproxy/go.mod, modules/valkey/go.mod, modules/vault/go.mod, modules/vearch/go.mod, modules/weaviate/go.mod, modules/yugabytedb/go.mod		 Bumped github.com/klauspost/compress indirect dependency from v1.18.4 to v1.18.5 across 72 files.
Compose module code change
modules/compose/compose.go		 Modified Docker CLI initialization in NewDockerComposeWith to instantiate &flags.ClientOptions{} directly instead of calling flags.NewClientOptions().
Compose module dependencies
modules/compose/go.mod		 Updated direct dependencies: github.com/compose-spec/compose-go/v2 (v2.10.1→v2.10.2), github.com/docker/cli (v29.3.1→v29.4.0), github.com/docker/compose/v5 (v5.1.1→v5.1.2). Refreshed indirect dependencies including github.com/containerd/platforms, github.com/containerd/ttrpc, github.com/docker/buildx, github.com/moby/buildkit, go.opentelemetry.io/otel\*, golang.org/x/term, and google.golang.org/grpc.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~15 minutes

Possibly related PRs

Suggested labels

dependencies, compose, security, bug

Suggested reviewers

  • mdelapenya

Poem

🐰 A rabbit hops through code so vast,
Dependencies bump, from past to past,
Compress lifts lighter, version refined,
Compose clients flow, now better designed!
Seventy files in perfect sync,
No bugs to fear, just one swift blink!

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name Status Explanation Resolution
Docstring Coverage ⚠️ Warning Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%. Write docstrings for the functions missing them to satisfy the coverage threshold.
✅ Passed checks (2 passed)
Check name Status Explanation
Title check ✅ Passed The PR title accurately describes the main changes: bumping github.com/klauspost/compress and github.com/docker/compose dependencies to the specified versions.
Description check ✅ Passed The PR description is related to the changeset, explaining why the dependency updates are important: security fix for CVE-2025-61728 and crash fix in zstd.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@mdelapenya mdelapenya self-assigned this Apr 9, 2026
@mdelapenya mdelapenya added the dependencies Dependencies or external services label Apr 9, 2026
mdelapenya
mdelapenya approved these changes Apr 9, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@mdelapenya mdelapenya left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, thanks!

@mdelapenya mdelapenya merged commit 0d32e1f into testcontainers:main Apr 9, 2026
222 checks passed
@thaJeztah thaJeztah deleted the bump_compose branch April 9, 2026 12:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mdelapenya mdelapenya mdelapenya approved these changes

Assignees

@mdelapenya mdelapenya

Labels

dependencies Dependencies or external services

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@thaJeztah @mdelapenya