Skip to content

Bump github.com/sigstore/gitsign from 0.10.0 to 0.11.0 #365

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
cooktheryan merged 1 commit into from
Dec 31, 2025
Merged

Bump github.com/sigstore/gitsign from 0.10.0 to 0.11.0 #365

cooktheryan merged 1 commit into from
Dec 31, 2025

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Dec 30, 2025
edited
Loading

Bumps github.com/sigstore/gitsign from 0.10.0 to 0.11.0.

Release notes

Sourced from github.com/sigstore/gitsign's releases.

v0.11.0

Changelog

  • 8e08985029f0c0e5f0603d20c21864a3a97316cc Bump github.com/sigstore/cosign/v2 from 2.2.4 to 2.4.1 (#573)
  • 036c1185c264b60ebdf44abcdcd44a92675fb30d Fix matching of tlog entries to payload (#584)
  • da79e4b01ce0a408b85f44cd36f96ff352ddb184 Fix unhandled extension issue for cached certs (#583)
  • 02af74de14043f4cd59d38e7f2483208131187d5 Update credential-cache messages to user (#582)
  • 51907a63ea442648cdfd8dab31a516b9575f24fd Support gitsign-credential-cache on Windows (#579)
  • 45f647bdf5eec6bb2f73b4758e2ab6851c1f6a15 Bump google.golang.org/protobuf from 1.34.2 to 1.35.1 (#580)
  • 6b632834491f57a8aafa9515f2be699eb3b72bc6 Bump anchore/sbom-action from 0.17.3 to 0.17.4 in the actions group (#581)
  • 1b11c27e20e72d425fc1fed9d0e8208e3f513690 Trigger workflows on push only to main branch (#578)
  • 73821e121c274cd5ad6c61a6d257a1ee8560caf3 Bump the gomod group across 1 directory with 2 updates (#577)
  • 0a530d1141c604b5d06dba841b71f97ac93d7d44 Bump github.com/sigstore/fulcio from 1.5.1 to 1.6.5 (#575)
  • 3a6b5ff2831055cc4504e4a7c45954d90e41bcc4 Bump Go to 1.23.2 and golangci-lint to 1.61 (#576)
  • ec41a4ebf00c65833530cac71aa6d5b921552322 Bump anchore/sbom-action from 0.17.2 to 0.17.3 in the actions group (#572)
  • a9e5bf9fc413751d30c7e54aa783d706f0b686fb Bump github.com/docker/docker (#553)
  • aa71ea860646f5f7070c52b43712f909812569d6 Handle GeneralName as SAN (#571)
  • 7b9a59e5d512b7d375a6283348a1f09ec9b84287 Bump the actions group across 1 directory with 6 updates (#569)
  • 6619f72b0736292c6a8735683f64b42b92987015 Fix gitsign env test (#568)
  • 512c3867136538b7bf268b2b4930ab188a6ad8c4 Bump the actions group with 2 updates (#552)
  • 7d7b847b0b24985cc2bef1db67d1ff40bed9204c e2e tests: Use beacon token. (#549)
  • 6ba65fc9a6b523d4bbc64fa899ea989bde776054 Bump github.com/sigstore/fulcio from 1.4.5 to 1.5.1 (#541)
  • 3a204ff69839513b53151d7d1888b949f7338cda Bump github.com/mattn/go-tty from 0.0.5 to 0.0.7 in the gomod group (#546)
  • 0504d6b56a41aa41a5d27c8ae22078017bd4caf0 Bump docker/login-action from 3.2.0 to 3.3.0 in the actions group (#545)
  • a7b5867c6695dc8dcf8533b17d4a95210cec7c8d Bump anchore/sbom-action from 0.16.1 to 0.17.0 in the actions group (#543)
  • fdd6e3a64a7035aaf43260f03b28744f3b683259 update go to 1.22.5 and fix golangci-lint action (#542)
  • e9990771dc6f1634f1eeffb85946002a497c438e Bump github.com/sigstore/sigstore from 1.8.6 to 1.8.7 in the gomod group (#539)
  • 94dc60924edc692b68e53f5d332181b241600465 Bump github.com/coreos/go-oidc/v3 from 3.10.0 to 3.11.0 (#540)
  • 7d10c99b6f16c941ac1f41e42b9688dc54e7426a Bump the actions group with 3 updates (#538)
  • 359a77d4426e3d3196bd0f6da1520fa5fa20e376 Bump google.golang.org/grpc from 1.64.0 to 1.64.1 (#536)
  • 1624fdb110950e24e5ded0b3e903a42f2702a702 Bump golang.org/x/crypto from 0.24.0 to 0.25.0 (#535)
  • 0ba49a1ccf816826c8549eaced8dee6cebc0bf5e Bump github.com/sigstore/sigstore from 1.8.4 to 1.8.6 in the gomod group (#534)
  • 64315005d2d710a005de1600a9cda3b78a78c879 Support for Client Secret File (#533)
  • d911d96c1b5617560cb4008c9e14c3534dbb7550 Point to homebrew-core (#531)
  • 7819bd089cd649672e171884fcc577858321645c Bump actions/attest-build-provenance in the actions group (#530)
  • 56549b77ee36e7945ca2c6b663165dca34839824 Bump actions/attest-build-provenance in the actions group (#529)
  • 3e5444abad80a221337f2366e60e7fd0dde91f1f Updates ci/dependabot/release (#528)
  • d20b0f04d73214a9ab7325f886dc5bea20775e72 Bump github.com/spf13/cobra from 1.8.0 to 1.8.1 (#527)
  • 36ec1cc00750e2a05851c0107a484fd9f882c76b Bump imjasonh/setup-crane from 0.3 to 0.4 (#524)
  • bed15d115bb25e7bd8c4a5629e94f187373bd417 Bump actions/checkout from 4.1.6 to 4.1.7 (#525)
  • 024ac5f3e7f2e663efce9f12745dea8a58949da0 Bump goreleaser/goreleaser-action from 5.1.0 to 6.0.0 (#521)
  • 42af7c1f21d005262df19e1e53f68e9268e64855 Bump golang.org/x/oauth2 from 0.20.0 to 0.21.0 (#522)
  • 3c280a2cd68bf2ad0cb76a4bbf144ec68228cf46 Bump golang.org/x/crypto from 0.23.0 to 0.24.0 (#523)
  • bc5ec37699e0fb6e2a18bc60cdc1ee3f6741b3f1 resolves #516 adds support for private rekor for gitsign attest (#517)
  • d94bdd93cb0e8a1f1f37326d27af20dc183f849a launchctl commands for macOS users (#520)
  • 51c08dc8317729f759d2f1885fb50003fccc4031 Bump github.com/sigstore/sigstore from 1.8.3 to 1.8.4 (#518)
  • 7dbcc46ff5469593fcedcdf2c9112708d1e3a941 Bump docker/login-action from 3.1.0 to 3.2.0 (#519)
  • 2818752c3773f4b6048ad16fd498a1ae19ed0d13 Bump anchore/sbom-action from 0.15.11 to 0.16.0 (#514)
  • 7c3d86db51bce4cff1fc481b8733615b9830b9d5 Bump actions/checkout from 4.1.5 to 4.1.6 (#513)

Thanks to all contributors!

... (truncated)

Commits
  • 8e08985 Bump github.com/sigstore/cosign/v2 from 2.2.4 to 2.4.1 (#573)
  • 036c118 Fix matching of tlog entries to payload (#584)
  • da79e4b Fix unhandled extension issue for cached certs (#583)
  • 02af74d Update credential-cache messages to user (#582)
  • 51907a6 Support gitsign-credential-cache on Windows (#579)
  • 45f647b Bump google.golang.org/protobuf from 1.34.2 to 1.35.1 (#580)
  • 6b63283 Bump anchore/sbom-action from 0.17.3 to 0.17.4 in the actions group (#581)
  • 1b11c27 Trigger workflows on push only to main branch (#578)
  • 73821e1 Bump the gomod group across 1 directory with 2 updates (#577)
  • 0a530d1 Bump github.com/sigstore/fulcio from 1.5.1 to 1.6.5 (#575)
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update go code labels Dec 30, 2025
@cooktheryan
Copy link
Collaborator

cooktheryan commented Dec 31, 2025

@dependabot rebase

@dependabot
Bump github.com/sigstore/gitsign from 0.10.0 to 0.11.0
3e84814 
Bumps [github.com/sigstore/gitsign](https://github.com/sigstore/gitsign) from 0.10.0 to 0.11.0.
- [Release notes](https://github.com/sigstore/gitsign/releases)
- [Commits](sigstore/gitsign@v0.10.0...v0.11.0)

---
updated-dependencies:
- dependency-name: github.com/sigstore/gitsign
  dependency-version: 0.11.0
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot force-pushed the dependabot/go_modules/github.com/sigstore/gitsign-0.11.0 branch from 7f49e3e to 3e84814 Compare December 31, 2025 03:17
@cooktheryan cooktheryan merged commit 2b0589f into main Dec 31, 2025
39 checks passed
@dependabot dependabot bot deleted the dependabot/go_modules/github.com/sigstore/gitsign-0.11.0 branch December 31, 2025 13:09
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cooktheryan cooktheryan cooktheryan approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file go Pull requests that update go code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@cooktheryan