Skip to content

Bump the gomod group across 1 directory with 6 updates #727

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
dependabot wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Bump the gomod group across 1 directory with 6 updates #727

dependabot wants to merge 1 commit into from

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Nov 24, 2025
edited
Loading

Bumps the gomod group with 2 updates in the / directory: github.com/go-git/go-git/v5 and github.com/sigstore/rekor.

Updates github.com/go-git/go-git/v5 from 5.16.2 to 5.16.4

Release notes

Sourced from github.com/go-git/go-git/v5's releases.

v5.16.4

What's Changed

Full Changelog: go-git/go-git@v5.16.3...v5.16.4

v5.16.3

What's Changed

Full Changelog: go-git/go-git@v5.16.2...v5.16.3

Commits
  • de8ecc3 Merge pull request #1743 from go-git/renovate/releases/v5.x-go-github.com-go-...
  • 3e752f0 build: Update module github.com/go-git/go-git/v5 to v5.13.0 [SECURITY]
  • 3a31754 Merge pull request #1741 from go-git/renovate/releases/v5.x-go-github.com-clo...
  • acc28f1 build: Update module github.com/cloudflare/circl to v1.6.1 [SECURITY]
  • 95f3880 Merge pull request #1742 from go-git/renovate/releases/v5.x-go-golang.org-x-n...
  • 329f926 build: Update module golang.org/x/net to v0.38.0 [SECURITY]
  • 399e04b Merge pull request #1734 from pjbgf/fix-ci
  • 2025eae build: test, Fix build on Windows.
  • fb6806f Merge pull request #1732 from swills/find-hash-panic-fix-backport
  • 382530f plumbing: format/idxfile, prevent panic
  • Additional commits viewable in compare view

Updates github.com/sigstore/rekor from 1.4.0 to 1.4.3

Release notes

Sourced from github.com/sigstore/rekor's releases.

v1.4.3

This release reduces dependencies for a number of exported packages.

This release also changes the format of the binary and container signature, which is now a Sigstore bundle. To verify a release, use the latest Cosign 3.x, verifying with cosign verify-blob --bundle <artifact>-keyless.sigstore.json <artifact>.

Improvements

  • use interruptable context to elegantly handle signals in rekor-cli (#2681)
  • restapi: Don't log client errors as errors (#2680)
  • pkg: separate pki types from implementations (#2668)
  • e2e: don't mix e2e and regular utilities (#2672)
  • pkg: remove viper config from spec definitions (#2669)
  • log: remove zap & go-chi dependecy from pkg/types (#2667)
  • chore: update go-openapi/runtime to v0.29.0 (#2670)
  • chore: remove double imported mapstructure pkg (#2671)
  • remove archived dependency and use stdlib slices (#2650)

Documentation

  • (docs): guard unsafe int/uint conversions flagged by gosec (#2679)

Contributors

  • AdamKorcz
  • Bob Callaway
  • Jussi Kukkonen
  • Sachin Sampras M
  • Tõnis Tiigi

v1.4.2

What's Changed

Full Changelog: sigstore/rekor@v1.4.1...v1.4.2

v1.4.1

... (truncated)

Changelog

Sourced from github.com/sigstore/rekor's changelog.

v1.4.3

This release reduces dependencies for a number of exported packages.

This release also changes the format of the binary and container signature, which is now a Sigstore bundle. To verify a release, use the latest Cosign 3.x, verifying with cosign verify-blob --bundle <artifact>-keyless.sigstore.json <artifact>.

Improvements

  • use interruptable context to elegantly handle signals in rekor-cli (#2681)
  • restapi: Don't log client errors as errors (#2680)
  • pkg: separate pki types from implementations (#2668)
  • e2e: don't mix e2e and regular utilities (#2672)
  • pkg: remove viper config from spec definitions (#2669)
  • log: remove zap & go-chi dependecy from pkg/types (#2667)
  • chore: update go-openapi/runtime to v0.29.0 (#2670)
  • chore: remove double imported mapstructure pkg (#2671)
  • remove archived dependency and use stdlib slices (#2650)

Documentation

  • (docs): guard unsafe int/uint conversions flagged by gosec (#2679)

Contributors

  • AdamKorcz
  • Bob Callaway
  • Jussi Kukkonen
  • Sachin Sampras M
  • Tõnis Tiigi

v1.4.2

This release includes some performance optimizations and a bug fix for publishing events to a pub/sub topic.

Fixes

  • use pubsub client to check IAM permissions (#2605)
  • process type contents serially (#2604)
  • move to direct decoding instead of mapstructure (#2598)
  • optimize performance of regex operations (#2603)

Contributors

  • Bob Callaway

v1.4.1

... (truncated)

Commits
  • cb5b1d5 Changelog for v1.4.3, fix goreleaser for Cosign v3 (#2682)
  • b34d99d fix remaining zizmor fixes (#2617)
  • e032725 use interruptable context to elegantly handle signals in rekor-cli (#2681)
  • 2d4e985 (docs): guard unsafe int/uint conversions flagged by gosec (#2679)
  • fdde6ec build(deps): Bump sigstore/scaffolding/trillian_log_signer (#2677)
  • 5ecf774 build(deps): Bump sigstore/scaffolding/trillian_log_server (#2678)
  • 381f351 build(deps): Bump go.step.sm/crypto from 0.73.0 to 0.74.0 (#2674)
  • e7bf948 build(deps): Bump golang.org/x/mod from 0.28.0 to 0.29.0 (#2665)
  • e8b7b7f build(deps): Bump github/codeql-action in the all group (#2663)
  • 9589399 build(deps): Bump the all group with 7 updates (#2673)
  • Additional commits viewable in compare view

Updates github.com/spf13/pflag from 1.0.9 to 1.0.10

Release notes

Sourced from github.com/spf13/pflag's releases.

v1.0.10

What's Changed

New Contributors

Full Changelog: spf13/pflag@v1.0.9...v1.0.10

Commits
  • 0491e57 Merge pull request #448 from thaJeztah/fix_go_version
  • 72abab1 Merge pull request #447 from thaJeztah/fix_deprecation_comment
  • 7e4dfb1 Test on Go 1.12
  • 18a9d17 move Func, BoolFunc, tests as they require go1.21
  • c5b9e98 remove uses of errors.Is, which requires go1.13
  • 45a4873 fix deprecation comment for (FlagSet.)ParseErrorsWhitelist
  • See full diff in compare view

Updates golang.org/x/crypto from 0.41.0 to 0.43.0

Commits
  • 627cb89 go.mod: update golang.org/x dependencies
  • dca4914 acme: fix autocert TestHTTPHandlerDefaultFallback
  • 1336e21 x509roots/fallback: update bundle
  • 2beaa59 ssh: add VerifiedPublicKeyCallback
  • 66c3d8c ssh: add support for FIPS mode
  • ddb4e80 ssh: remove custom contains, use slices.Contains
  • f4d47b0 ssh: return clearer error when signature algorithm is used as key format
  • 96dc232 x509roots/fallback/bundle: add bundle package to export root certs
  • 8c9ba31 all: freeze and deprecate more packages
  • 559e062 ssh/agent: return an error for unexpected message types
  • Additional commits viewable in compare view

Updates golang.org/x/oauth2 from 0.31.0 to 0.32.0

Commits

Updates google.golang.org/protobuf from 1.36.8 to 1.36.10

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Bump the gomod group across 1 directory with 6 updates
f614078 
Bumps the gomod group with 2 updates in the / directory: [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) and [github.com/sigstore/rekor](https://github.com/sigstore/rekor).


Updates `github.com/go-git/go-git/v5` from 5.16.2 to 5.16.4
- [Release notes](https://github.com/go-git/go-git/releases)
- [Commits](go-git/go-git@v5.16.2...v5.16.4)

Updates `github.com/sigstore/rekor` from 1.4.0 to 1.4.3
- [Release notes](https://github.com/sigstore/rekor/releases)
- [Changelog](https://github.com/sigstore/rekor/blob/main/CHANGELOG.md)
- [Commits](sigstore/rekor@v1.4.0...v1.4.3)

Updates `github.com/spf13/pflag` from 1.0.9 to 1.0.10
- [Release notes](https://github.com/spf13/pflag/releases)
- [Commits](spf13/pflag@v1.0.9...v1.0.10)

Updates `golang.org/x/crypto` from 0.41.0 to 0.43.0
- [Commits](golang/crypto@v0.41.0...v0.43.0)

Updates `golang.org/x/oauth2` from 0.31.0 to 0.32.0
- [Commits](golang/oauth2@v0.31.0...v0.32.0)

Updates `google.golang.org/protobuf` from 1.36.8 to 1.36.10

---
updated-dependencies:
- dependency-name: github.com/go-git/go-git/v5
  dependency-version: 5.16.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: gomod
- dependency-name: github.com/sigstore/rekor
  dependency-version: 1.4.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: gomod
- dependency-name: github.com/spf13/pflag
  dependency-version: 1.0.10
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: gomod
- dependency-name: golang.org/x/crypto
  dependency-version: 0.43.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gomod
- dependency-name: golang.org/x/oauth2
  dependency-version: 0.32.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gomod
- dependency-name: google.golang.org/protobuf
  dependency-version: 1.36.10
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: gomod
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Nov 24, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file go Pull requests that update Go code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant