chore(deps): bump the gomod group across 1 directory with 17 updates #61

dependabot · 2025-12-02T01:19:15Z

Bumps the gomod group with 4 updates in the / directory: github.com/google/go-containerregistry, github.com/secure-systems-lab/go-securesystemslib, github.com/sigstore/rekor-tiles and github.com/sigstore/timestamp-authority.

Updates github.com/google/go-containerregistry from 0.20.6 to 0.20.7

Release notes

Sourced from github.com/google/go-containerregistry's releases.

v0.20.7

What's Changed

Fix ArgsEscaped lint directive by @Subserial in google/go-containerregistry#2137

transport: Fix broken links to distribution docs by @guzalv in google/go-containerregistry#2136

fix(remote): using customized retry predicate func if provided by @derekhjray in google/go-containerregistry#2135

Adding docker file by @HassanJasim in google/go-containerregistry#2138

crane: Add timestamp to flatten layer by @Stephanie0829 in google/go-containerregistry#2117

feat(remote): pass retryBackoff option to transport by @aslafy-z in google/go-containerregistry#1628

Expose clobber refusal error by @pjbgf in google/go-containerregistry#2146

Build artifacts for riscv64 by @ffgan in google/go-containerregistry#2159

Update dependencies and deprecate DockerVersion field by @Subserial in google/go-containerregistry#2164

New Contributors

@guzalv made their first contribution in google/go-containerregistry#2136

@derekhjray made their first contribution in google/go-containerregistry#2135

@HassanJasim made their first contribution in google/go-containerregistry#2138

@Stephanie0829 made their first contribution in google/go-containerregistry#2117

@pjbgf made their first contribution in google/go-containerregistry#2146

@ffgan made their first contribution in google/go-containerregistry#2159

Full Changelog: google/go-containerregistry@v0.20.6...v0.20.7

Commits

e075f20 go mod tidy on dependabot update (#2171)
45aacf4 Bump the actions group across 1 directory with 3 updates (#2170)
073b936 Update dependencies and deprecate DockerVersion field (#2164)
390dacd Bump golang.org/x/crypto from 0.38.0 to 0.45.0 in /cmd/krane (#2163)
ca44d47 Bump golang.org/x/crypto from 0.38.0 to 0.45.0 in /pkg/authn/k8schain (#2162)
999cc1f Bump github.com/docker/docker (#2161)
d1809c8 Build artifacts for riscv64 (#2159)
7471efd Bump the auxiliary-deps group across 3 directories with 4 updates (#2156)
2bb5bb0 Bump the actions group with 5 updates (#2155)
16371c1 Remove manual vendor setting for dependabot (#2151)
Additional commits viewable in compare view

Updates github.com/secure-systems-lab/go-securesystemslib from 0.9.0 to 0.9.1

Commits

a1a33cd Merge pull request #120 from secure-systems-lab/dependabot/github_actions/dom...
4f201c1 Merge pull request #122 from rosstimothy/tross/remove_testing
5d1cc26 Move hexDecode test helper into a test file
ebae973 Merge pull request #121 from secure-systems-lab/dependabot/go_modules/golang....
551dff1 chore(deps): bump golang.org/x/crypto from 0.39.0 to 0.40.0
50ac487 chore(deps): bump dominikh/staticcheck-action from 1.3.1 to 1.4.0
9d9f015 Merge pull request #117 from secure-systems-lab/dependabot/go_modules/golang....
9aa50ea chore(deps): bump golang.org/x/crypto from 0.38.0 to 0.39.0
3e526e2 Merge pull request #115 from secure-systems-lab/dependabot/go_modules/golang....
a1093e6 Merge pull request #116 from secure-systems-lab/dependabot/github_actions/act...
Additional commits viewable in compare view

Updates github.com/sigstore/rekor-tiles from 0.1.7-0.20250624231741-98cd4a77300f to 0.1.11

Release notes

Sourced from github.com/sigstore/rekor-tiles's releases.

v0.1.11

What's Changed

Make verifier pkg public in sigstore/rekor-tiles#479

Rename metrics by in sigstore/rekor-tiles#481

Bump Tessera library to latest release in sigstore/rekor-tiles#494

Full Changelog: sigstore/rekor-tiles@v0.1.10...v0.1.11

v0.1.10

Changelog

c0c5fc73260c54ef36ae77f942dd39afb9556194 Bump Tessera to latest release (#471)

Full Changelog: sigstore/rekor-tiles@v0.1.9...v0.1.10

v0.1.9

Changelog

fdc24378451350cadb26466e050b7e5b4b425105 Add sleep binary to released image (#451)

v0.1.8

What's Changed

Fix release container build, bump image deps in sigstore/rekor-tiles#446

Full Changelog: sigstore/rekor-tiles@v0.1.7...v0.1.8

v0.1.7

What's Changed

Move internal packages to internal/ in sigstore/rekor-tiles#390

Use protobuf-specs container for building in sigstore/rekor-tiles#391

Retract accidental tag in sigstore/rekor-tiles#392

Enable persistent antispam option in sigstore/rekor-tiles#405

Create initial sharding playbook in sigstore/rekor-tiles#254

Add end-to-end tests for sharding workflow in sigstore/rekor-tiles#400

Update clients doc for DSSE verification in sigstore/rekor-tiles#409

Update sharding for metrics and tinkey in sigstore/rekor-tiles#416

minor nits regarding slog usage in sigstore/rekor-tiles#427

Export Tessera Open Telemetry metrics in sigstore/rekor-tiles#426

Update sharding documentation for monitoring in sigstore/rekor-tiles#429

Sharding procedure updates based on feedback in sigstore/rekor-tiles#433

Catch pushback error in sigstore/rekor-tiles#442

Remove TSA from e2e test in sigstore/rekor-tiles#443

Add sleep binary to image in sigstore/rekor-tiles#444

Require deployment review for creating releases in sigstore/rekor-tiles#431

Add better shutdown handling for tessera in sigstore/rekor-tiles#432

Full Changelog: sigstore/rekor-tiles@v0.1.6...v0.1.7

Commits

See full diff in compare view

Updates github.com/sigstore/sigstore from 1.9.5 to 1.9.6-0.20250729224751-181c5d3339b3

Commits

See full diff in compare view

Updates github.com/sigstore/sigstore-go from 1.1.0 to 1.1.2-0.20250811211025-bac873564adb

Release notes

Sourced from github.com/sigstore/sigstore-go's releases.

v1.1.1

What's Changed

Make conformance compatible with rekor v2 in sigstore/sigstore-go#505

Update GetSigningConfig to use signing_config.v0.2.json in sigstore/sigstore-go#506

Refactor SelectService to return Service rather than URL, add supported API versions in sigstore/sigstore-go#503

Remove noisy log message in sigstore/sigstore-go#507

Full Changelog: sigstore/sigstore-go@v1.1.0...v1.1.1

Commits

See full diff in compare view

Updates github.com/sigstore/sigstore/pkg/signature/kms/gcp from 1.9.5 to 1.9.6-0.20250729224751-181c5d3339b3

Commits

See full diff in compare view

Updates github.com/sigstore/timestamp-authority from 1.2.8 to 1.2.9

Release notes

Sourced from github.com/sigstore/timestamp-authority's releases.

v1.2.9

What's Changed

fix panic in cosign verify-attestation in sigstore/timestamp-authority#1099

add documentation for AWS KMS example in sigstore/timestamp-authority#1094

add feature to disable intermediate cert EKU enforcement in sigstore/timestamp-authority#1146

logging: Don't use Error when logging 4xx responses in sigstore/timestamp-authority#1159

Full Changelog: sigstore/timestamp-authority@v1.2.8...v1.2.9

Changelog

Sourced from github.com/sigstore/timestamp-authority's changelog.

v1.2.9

logging: Don't use Error when logging 4xx responses (#1159)

add feature to disable intermediate cert EKU enforcement (#1146)

add documentation for AWS KMS example (#1094)

Commits

6a9f9e6 logging: Don't use Error when logging 4xx responses (#1159)
48065b9 chore(deps): bump golang from 1.25.0 to 1.25.1 in the docker group (#1160)
ead25fd chore(deps): bump github/codeql-action in the actions group (#1161)
f4dcc5d chore(deps): bump github.com/prometheus/client_golang in the gomod group (#1162)
4dce52c chore(deps): bump the gomod group with 2 updates (#1157)
0760214 chore(deps): bump codecov/codecov-action in the actions group (#1158)
b0a7e83 chore(deps): bump actions/setup-go from 5.5.0 to 6.0.0 (#1156)
9f85393 chore(deps): bump github.com/spf13/pflag in the gomod group (#1155)
ecc1d67 chore(deps): bump github.com/go-openapi/swag from 0.23.1 to 0.24.1 (#1150)
f35ae49 chore(deps): bump github.com/spf13/cobra from 1.9.1 to 1.10.1 (#1154)
Additional commits viewable in compare view

Updates github.com/spf13/cobra from 1.9.1 to 1.10.1

Release notes

Sourced from github.com/spf13/cobra's releases.

v1.10.1

🐛 Fix

chore: upgrade pflags v1.0.9 by @jpmcb in spf13/cobra#2305

v1.0.9 of pflags brought back ParseErrorsWhitelist and marked it as deprecated

Full Changelog: spf13/cobra@v1.10.0...v1.10.1

v1.10.0

What's Changed

🚨 Attention!

Bump pflag to 1.0.8 by @tomasaschan in spf13/cobra#2303

This version of pflag carried a breaking change: it renamed ParseErrorsWhitelist to ParseErrorsAllowlist which can break builds if both pflag and cobra are dependencies in your project.

If you use both pflag and cobra, upgrade pflagto 1.0.8 andcobrato1.10.0`

or use the newer, fixed version of pflag v1.0.9 which keeps the deprecated ParseErrorsWhitelist

More details can be found here: spf13/cobra#2303

✨ Features

Flow context to command in SetHelpFunc by @Frassle in spf13/cobra#2241

The default ShellCompDirective can be customized for a command and its subcommands by @albers in spf13/cobra#2238

🐛 Fix

Upgrade golangci-lint to v2, address findings by @scop in spf13/cobra#2279

🪠 Testing

Test with Go 1.24 by @harryzcy in spf13/cobra#2236

chore: Rm GitHub Action PR size labeler by @jpmcb in spf13/cobra#2256

📝 Docs

Remove traling curlybrace by @yedayak in spf13/cobra#2237

Update command.go by @styee in spf13/cobra#2248

feat: Add security policy by @jpmcb in spf13/cobra#2253

Update Readme (Warp) by @ericdachen in spf13/cobra#2267

Add Periscope to the list of projects using Cobra by @anishathalye in spf13/cobra#2299

New Contributors

@harryzcy made their first contribution in spf13/cobra#2236

@yedayak made their first contribution in spf13/cobra#2237

@Frassle made their first contribution in spf13/cobra#2241

... (truncated)

Commits

7da941c chore: Bump pflag to v1.0.9 (#2305)
51d6751 Bump pflag to 1.0.8 (#2303)
3f3b818 Update README.md with new logo
dcaf42e Add Periscope to the list of projects using Cobra (#2299)
6dec1ae The default ShellCompDirective can be customized for a command and its subcom...
c8289c1 chore(golangci-lint): add some exclusion presets
4af7b64 refactor: apply golangci-lint autofixes, work around false positives
75790e4 chore(golangci-lint): upgrade to v2
db3ddb5 Adding sponsorship to README.md
67171d6 putting sponsorship below header
Additional commits viewable in compare view

Updates github.com/spf13/pflag from 1.0.7 to 1.0.10

Release notes

Sourced from github.com/spf13/pflag's releases.

v1.0.10

What's Changed

fix deprecation comment for (FlagSet.)ParseErrorsWhitelist by @thaJeztah in spf13/pflag#447

remove uses of errors.Is, which requires go1.13, move go1.16/go1.21 tests to separate file by @thaJeztah in spf13/pflag#448

New Contributors

@thaJeztah made their first contribution in spf13/pflag#447

Full Changelog: spf13/pflag@v1.0.9...v1.0.10

v1.0.9

What's Changed

fix: Restore ParseErrorsWhitelist name for now by @tomasaschan in spf13/pflag#446

Full Changelog: spf13/pflag@v1.0.8...v1.0.9

v1.0.8

⚠️ Breaking Change

This version, while only a patch bump, includes a (very minor) breaking change: the flag.ParseErrorsWhitelist struct and corresponding FlagSet.parseErrorsWhitelist field have been renamed to ParseErrorsAllowlist.

This should result in compilation errors in any code that uses these fields, which can be fixed by adjusting the names at call sites. There is no change in semantics or behavior of the struct or field referred to by these names. If your code compiles without errors after bumping to/past v1.0.8, you are not affected by this change.

The breaking change was reverted in v1.0.9, by means of re-introducing the old names with deprecation warnings. The plan is still to remove them in a future release, so if your code does depend on the old names, please change them to use the new names at your earliest convenience.

What's Changed

Remove Redundant "Unknown-Flag" Error by @vaguecoder in spf13/pflag#364

Switching from whitelist to Allowlist terminology by @dubrie in spf13/pflag#261

Omit zero time.Time default from usage line by @mologie in spf13/pflag#438

implement CopyToGoFlagSet by @pohly in spf13/pflag#330

flag: Emulate stdlib behavior and do not print ErrHelp by @tmc in spf13/pflag#407

Print Default Values of String-to-String in Sorted Order by @vaguecoder in spf13/pflag#365

fix: Don't print ErrHelp in ParseAll by @tomasaschan in spf13/pflag#443

Reset args on re-parse even if empty by @tomasaschan in spf13/pflag#444

New Contributors

@vaguecoder made their first contribution in spf13/pflag#364

@dubrie made their first contribution in spf13/pflag#261

@mologie made their first contribution in spf13/pflag#438

@pohly made their first contribution in spf13/pflag#330

@tmc made their first contribution in spf13/pflag#407

@tomasaschan made their first contribution in spf13/pflag#443

Full Changelog: spf13/pflag@v1.0.7...v1.0.8

Commits

0491e57 Merge pull request #448 from thaJeztah/fix_go_version
72abab1 Merge pull request #447 from thaJeztah/fix_deprecation_comment
7e4dfb1 Test on Go 1.12
18a9d17 move Func, BoolFunc, tests as they require go1.21
c5b9e98 remove uses of errors.Is, which requires go1.13
45a4873 fix deprecation comment for (FlagSet.)ParseErrorsWhitelist
1043857 Merge pull request #446 from spf13/fix-backwards-compat
7412009 fix: Restore ParseErrorsWhitelist name for now
b9c16fa Merge pull request #444 from spf13/reset-args-even-if-empty
40abc49 Merge pull request #443 from spf13/silence-errhelp
Additional commits viewable in compare view

Updates github.com/stretchr/testify from 1.10.0 to 1.11.1

Release notes

Sourced from github.com/stretchr/testify's releases.

v1.11.1

This release fixes #1785 introduced in v1.11.0 where expected argument values implementing the stringer interface (String() string) with a method which mutates their value, when passed to mock.Mock.On (m.On("Method", <expected>).Return()) or actual argument values passed to mock.Mock.Called may no longer match one another where they previously did match. The behaviour prior to v1.11.0 where the stringer is always called is restored. Future testify releases may not call the stringer method at all in this case.

What's Changed

Backport #1786 to release/1.11: mock: revert to pre-v1.11.0 argument matching behavior for mutating stringers by @brackendawson in stretchr/testify#1788

Full Changelog: stretchr/testify@v1.11.0...v1.11.1

v1.11.0

What's Changed

Functional Changes

v1.11.0 Includes a number of performance improvements.

Call stack perf change for CallerInfo by @mikeauclair in stretchr/testify#1614

Lazily render mock diff output on successful match by @mikeauclair in stretchr/testify#1615

assert: check early in Eventually, EventuallyWithT, and Never by @cszczepaniak in stretchr/testify#1427

assert: add IsNotType by @bartventer in stretchr/testify#1730

assert.JSONEq: shortcut if same strings by @dolmen in stretchr/testify#1754

assert.YAMLEq: shortcut if same strings by @dolmen in stretchr/testify#1755

assert: faster and simpler isEmpty using reflect.Value.IsZero by @dolmen in stretchr/testify#1761

suite: faster methods filtering (internal refactor) by @dolmen in stretchr/testify#1758

Fixes

assert.ErrorAs: log target type by @craig65535 in stretchr/testify#1345

Fix failure message formatting for Positive and Negative asserts in stretchr/testify#1062

Improve ErrorIs message when error is nil but an error was expected by @tsioftas in stretchr/testify#1681

fix Subset/NotSubset when calling with mixed input types by @siliconbrain in stretchr/testify#1729

Improve ErrorAs failure message when error is nil by @ccoVeille in stretchr/testify#1734

mock.AssertNumberOfCalls: improve error msg by @3scalation in stretchr/testify#1743

Documentation, Build & CI

docs: Fix typo in README by @alexandear in stretchr/testify#1688

Replace deprecated io/ioutil with io and os by @alexandear in stretchr/testify#1684

Document consequences of calling t.FailNow() by @greg0ire in stretchr/testify#1710

chore: update docs for Unset #1621 by @techfg in stretchr/testify#1709

README: apply gofmt to examples by @alexandear in stretchr/testify#1687

refactor: use %q and %T to simplify fmt.Sprintf by @alexandear in stretchr/testify#1674

Propose Christophe Colombier (ccoVeille) as approver by @brackendawson in stretchr/testify#1716

Update documentation for the Error function in assert or require package by @architagr in stretchr/testify#1675

assert: remove deprecated build constraints by @alexandear in stretchr/testify#1671

assert: apply gofumpt to internal test suite by @ccoVeille in stretchr/testify#1739

CI: fix shebang in .ci.*.sh scripts by @dolmen in stretchr/testify#1746

assert,require: enable parallel testing on (almost) all top tests by @dolmen in stretchr/testify#1747

suite.Passed: add one more status test report by @Ararsa-Derese in stretchr/testify#1706

Add Helper() method in internal mocks and assert.CollectT by @dolmen in stretchr/testify#1423

assert.Same/NotSame: improve usage of Sprintf by @ccoVeille in stretchr/testify#1742

mock: enable parallel testing on internal testsuite by @dolmen in stretchr/testify#1756

suite: cleanup use of 'testing' internals at runtime by @dolmen in stretchr/testify#1751

assert: check test failure message for Empty and NotEmpty by @ccoVeille in stretchr/testify#1745

... (truncated)

Commits

2a57335 Merge pull request #1788 from brackendawson/1785-backport-1.11
af8c912 Backport #1786 to release/1.11
b7801fb Merge pull request #1778 from stretchr/dependabot/github_actions/actions/chec...
69831f3 build(deps): bump actions/checkout from 4 to 5
a53be35 Improve captureTestingT helper
aafb604 mock: improve formatting of error message
7218e03 improve error msg
929a212 Merge pull request #1758 from stretchr/dolmen/suite-faster-method-filtering
bc7459e suite: faster filtering of methods (-testify.m)
7d37b5c suite: refactor methodFilter
Additional commits viewable in compare view

Updates golang.org/x/crypto from 0.40.0 to 0.44.0

Commits

122a78f go.mod: update golang.org/x dependencies
c0531f9 all: eliminate vet diagnostics
0997000 all: fix some comments
017a1aa chacha20poly1305: panic on dst and additionalData overlap
cf29fa9 sha3: make it mostly a wrapper around crypto/sha3
0b7aa0c ssh: use reflect.TypeFor instead of reflect.TypeOf
1faea29 all: fix some typos in comment
627cb89 go.mod: update golang.org/x dependencies
dca4914 acme: fix autocert TestHTTPHandlerDefaultFallback
1336e21 x509roots/fallback: update bundle
Additional commits viewable in compare view

Updates golang.org/x/oauth2 from 0.30.0 to 0.33.0

Commits

f28b0b5 all: fix some comments
fd15e0f x/oauth2: populate RetrieveError from DeviceAuth
792c877 oauth2: use strings.Builder instead of bytes.Buffer
014cf77 all: upgrade go directive to at least 1.24.0 [generated]
3c76ce5 endpoints: correct Naver OAuth2 endpoint URLs
See full diff in compare view

Updates golang.org/x/sync from 0.16.0 to 0.18.0

Commits

1966f53 errgroup: fix some typos in comment
04914c2 all: upgrade go directive to at least 1.24.0 [generated]
See full diff in compare view

Updates golang.org/x/term from 0.33.0 to 0.37.0

Commits

1231d54 go.mod: update golang.org/x dependencies
3475bc8 term: fix some comments
3a0828a go.mod: update golang.org/x dependencies
1a11b45 go.mod: update golang.org/x dependencies
d862cd5 all: upgrade go directive to at least 1.24.0 [generated]
a35244d go.mod: update golang.org/x dependencies
4f53e0c term: allow multi-line bracketed paste to not create single line with verbati...
27f29d8 term: remove duplicate flag and add comment on windows
See full diff in compare view

Updates google.golang.org/api from 0.243.0 to 0.248.0

Release notes

Sourced from google.golang.org/api's releases.

v0.248.0

0.248.0 (2025-08-19)

Features

all: Auto-regenerate discovery clients (#3272) (8f03c8e)

all: Auto-regenerate discovery clients (#3274) (2900298)

all: Auto-regenerate discovery clients (#3275) (4c66642)

all: Auto-regenerate discovery clients (#3276) (2692170)

all: Auto-regenerate discovery clients (#3277) (23daa11)

all: Auto-regenerate discovery clients (#3279) (71f2c5f)

all: Auto-regenerate discovery clients (#3280) (59f18fd)

v0.247.0

0.247.0 (2025-08-11)

Features

all: Auto-regenerate discovery clients (#3264) (82513ca)

all: Auto-regenerate discovery clients (#3266) (e57e8b1)

all: Auto-regenerate discovery clients (#3267) (10c5490)

all: Auto-regenerate discovery clients (#3268) (2dbf1ac)

all: Auto-regenerate discovery clients (#3270) (23a4031)

v0.246.0

0.246.0 (2025-08-06)

Features

all: Auto-regenerate discovery clients (#3261) (b792200)

Bug Fixes

idtoken: Don't assume DefaultTransport is a http.Transport (#3263) (61fba51), refs #3260

v0.245.0

0.245.0 (2025-08-05)

Features

all: Auto-regenerate discovery clients (#3252) (0716728)

all: Auto-regenerate discovery clients (#3254) (702998a)

all: Auto-regenerate discovery clients (#3255) (0f10366)

all: Auto-regenerate discovery clients (#3256) (83176a9)

all: Auto-regenerate discovery clients (#3257) (efc3371)

... (truncated)

Changelog

Sourced from google.golang.org/api's changelog.

0.248.0 (2025-08-19)

Features

all: Auto-regenerate discovery clients (#3272) (8f03c8e)

all: Auto-regenerate discovery clients (#3274) (2900298)

all: Auto-regenerate discovery clients (#3275) (4c66642)

all: Auto-regenerate discovery clients (#3276) (2692170)

all: Auto-regenerate discovery clients (#3277) (23daa11)

all: Auto-regenerate discovery clients (#3279) (71f2c5f)

all: Auto-regenerate discovery clients (#3280) (59f18fd)

0.247.0 (2025-08-11)

Features

all: Auto-regenerate discovery clients (#3264) (82513ca)

all: Auto-regenerate discovery clients (#3266) (e57e8b1)

all: Auto-regenerate discovery clients (#3267) (10c5490)

all: Auto-regenerate discovery clients (#3268) (2dbf1ac)

all: Auto-regenerate discovery clients (#3270) (23a4031)

0.246.0 (2025-08-06)

Features

all: Auto-regenerate discovery clients (#3261) (b792200)

Bug Fixes

idtoken: Don't assume DefaultTransport is a http.Transport (#3263) (61fba51), refs #3260

0.245.0 (2025-08-05)

Features

all: Auto-regenerate discovery clients (#3252) (0716728)

all: Auto-regenerate discovery clients (#3254) (702998a)

all: Auto-regenerate discovery clients (#3255) (0f10366)

all: Auto-regenerate discovery clients (#3256) (83176a9)

all: Auto-regenerate discovery clients (

Bumps the gomod group with 4 updates in the / directory: [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry), [github.com/secure-systems-lab/go-securesystemslib](https://github.com/secure-systems-lab/go-securesystemslib), [github.com/sigstore/rekor-tiles](https://github.com/sigstore/rekor-tiles) and [github.com/sigstore/timestamp-authority](https://github.com/sigstore/timestamp-authority). Updates `github.com/google/go-containerregistry` from 0.20.6 to 0.20.7 - [Release notes](https://github.com/google/go-containerregistry/releases) - [Commits](google/go-containerregistry@v0.20.6...v0.20.7) Updates `github.com/secure-systems-lab/go-securesystemslib` from 0.9.0 to 0.9.1 - [Release notes](https://github.com/secure-systems-lab/go-securesystemslib/releases) - [Commits](secure-systems-lab/go-securesystemslib@v0.9.0...v0.9.1) Updates `github.com/sigstore/rekor-tiles` from 0.1.7-0.20250624231741-98cd4a77300f to 0.1.11 - [Release notes](https://github.com/sigstore/rekor-tiles/releases) - [Changelog](https://github.com/sigstore/rekor-tiles/blob/main/RELEASE.md) - [Commits](https://github.com/sigstore/rekor-tiles/commits/v0.1.11) Updates `github.com/sigstore/sigstore` from 1.9.5 to 1.9.6-0.20250729224751-181c5d3339b3 - [Release notes](https://github.com/sigstore/sigstore/releases) - [Commits](https://github.com/sigstore/sigstore/commits) Updates `github.com/sigstore/sigstore-go` from 1.1.0 to 1.1.2-0.20250811211025-bac873564adb - [Release notes](https://github.com/sigstore/sigstore-go/releases) - [Commits](https://github.com/sigstore/sigstore-go/commits) Updates `github.com/sigstore/sigstore/pkg/signature/kms/gcp` from 1.9.5 to 1.9.6-0.20250729224751-181c5d3339b3 - [Release notes](https://github.com/sigstore/sigstore/releases) - [Commits](https://github.com/sigstore/sigstore/commits) Updates `github.com/sigstore/timestamp-authority` from 1.2.8 to 1.2.9 - [Release notes](https://github.com/sigstore/timestamp-authority/releases) - [Changelog](https://github.com/sigstore/timestamp-authority/blob/main/CHANGELOG.md) - [Commits](sigstore/timestamp-authority@v1.2.8...v1.2.9) Updates `github.com/spf13/cobra` from 1.9.1 to 1.10.1 - [Release notes](https://github.com/spf13/cobra/releases) - [Commits](spf13/cobra@v1.9.1...v1.10.1) Updates `github.com/spf13/pflag` from 1.0.7 to 1.0.10 - [Release notes](https://github.com/spf13/pflag/releases) - [Commits](spf13/pflag@v1.0.7...v1.0.10) Updates `github.com/stretchr/testify` from 1.10.0 to 1.11.1 - [Release notes](https://github.com/stretchr/testify/releases) - [Commits](stretchr/testify@v1.10.0...v1.11.1) Updates `golang.org/x/crypto` from 0.40.0 to 0.44.0 - [Commits](golang/crypto@v0.40.0...v0.44.0) Updates `golang.org/x/oauth2` from 0.30.0 to 0.33.0 - [Commits](golang/oauth2@v0.30.0...v0.33.0) Updates `golang.org/x/sync` from 0.16.0 to 0.18.0 - [Commits](golang/sync@v0.16.0...v0.18.0) Updates `golang.org/x/term` from 0.33.0 to 0.37.0 - [Commits](golang/term@v0.33.0...v0.37.0) Updates `google.golang.org/api` from 0.243.0 to 0.248.0 - [Release notes](https://github.com/googleapis/google-api-go-client/releases) - [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md) - [Commits](googleapis/google-api-go-client@v0.243.0...v0.248.0) Updates `google.golang.org/protobuf` from 1.36.6 to 1.36.8 Updates `sigs.k8s.io/release-utils` from 0.12.0 to 0.12.1 - [Release notes](https://github.com/kubernetes-sigs/release-utils/releases) - [Commits](kubernetes-sigs/release-utils@v0.12.0...v0.12.1) --- updated-dependencies: - dependency-name: github.com/google/go-containerregistry dependency-version: 0.20.7 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gomod - dependency-name: github.com/secure-systems-lab/go-securesystemslib dependency-version: 0.9.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gomod - dependency-name: github.com/sigstore/rekor-tiles dependency-version: 0.1.11 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gomod - dependency-name: github.com/sigstore/sigstore dependency-version: 1.9.6-0.20250729224751-181c5d3339b3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gomod - dependency-name: github.com/sigstore/sigstore-go dependency-version: 1.1.2-0.20250811211025-bac873564adb dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gomod - dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/gcp dependency-version: 1.9.6-0.20250729224751-181c5d3339b3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gomod - dependency-name: github.com/sigstore/timestamp-authority dependency-version: 1.2.9 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gomod - dependency-name: github.com/spf13/cobra dependency-version: 1.10.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: gomod - dependency-name: github.com/spf13/pflag dependency-version: 1.0.10 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gomod - dependency-name: github.com/stretchr/testify dependency-version: 1.11.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: gomod - dependency-name: golang.org/x/crypto dependency-version: 0.44.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: gomod - dependency-name: golang.org/x/oauth2 dependency-version: 0.33.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: gomod - dependency-name: golang.org/x/sync dependency-version: 0.18.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: gomod - dependency-name: golang.org/x/term dependency-version: 0.37.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: gomod - dependency-name: google.golang.org/api dependency-version: 0.248.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: gomod - dependency-name: google.golang.org/protobuf dependency-version: 1.36.8 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gomod - dependency-name: sigs.k8s.io/release-utils dependency-version: 0.12.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gomod ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update go code labels Dec 2, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

chore(deps): bump the gomod group across 1 directory with 17 updates #61

chore(deps): bump the gomod group across 1 directory with 17 updates #61

Uh oh!

dependabot bot commented on behalf of github Dec 2, 2025 •

edited

Loading

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

chore(deps): bump the gomod group across 1 directory with 17 updates #61

Are you sure you want to change the base?

chore(deps): bump the gomod group across 1 directory with 17 updates #61

Uh oh!

Conversation

dependabot bot commented on behalf of github Dec 2, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

v0.20.7

What's Changed

New Contributors

v0.1.11

What's Changed

v0.1.10

Changelog

v0.1.9

Changelog

v0.1.8

What's Changed

v0.1.7

What's Changed

v1.1.1

What's Changed

v1.2.9

What's Changed

v1.2.9

v1.10.1

🐛 Fix

v1.10.0

What's Changed

🚨 Attention!

✨ Features

🐛 Fix

🪠 Testing

📝 Docs

New Contributors

v1.0.10

What's Changed

New Contributors

v1.0.9

What's Changed

v1.0.8

⚠️ Breaking Change

What's Changed

New Contributors

v1.11.1

What's Changed

v1.11.0

What's Changed

Functional Changes

Fixes

Documentation, Build & CI

v0.248.0

0.248.0 (2025-08-19)

Features

v0.247.0

0.247.0 (2025-08-11)

Features

v0.246.0

0.246.0 (2025-08-06)

Features

Bug Fixes

v0.245.0

0.245.0 (2025-08-05)

Features

0.248.0 (2025-08-19)

Features

0.247.0 (2025-08-11)

Features

0.246.0 (2025-08-06)

Features

Bug Fixes

0.245.0 (2025-08-05)

Features

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

dependabot bot commented on behalf of github Dec 2, 2025 •

edited

Loading