Skip to content

build(deps): Bump the go-minor-and-patch group with 9 updates#503

Open
dependabot[bot] wants to merge 2 commits into
mainfrom
dependabot/go_modules/go-minor-and-patch-237ac4993e
Open

build(deps): Bump the go-minor-and-patch group with 9 updates#503
dependabot[bot] wants to merge 2 commits into
mainfrom
dependabot/go_modules/go-minor-and-patch-237ac4993e

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 9, 2026

Copy link
Copy Markdown
Contributor

Bumps the go-minor-and-patch group with 9 updates:

Package From To
cloud.google.com/go/storage 1.62.2 1.62.3
github.com/Azure/azure-sdk-for-go/sdk/azcore 1.21.1 1.22.0
github.com/aws/aws-sdk-go-v2 1.41.11 1.42.0
github.com/aws/aws-sdk-go-v2/config 1.32.22 1.32.24
github.com/aws/aws-sdk-go-v2/credentials 1.19.21 1.19.23
github.com/aws/aws-sdk-go-v2/service/s3 1.103.1 1.103.3
github.com/aws/smithy-go 1.27.0 1.27.1
github.com/sigstore/cosign/v3 3.0.6 3.1.0
golang.org/x/sync 0.20.0 0.21.0

Updates cloud.google.com/go/storage from 1.62.2 to 1.62.3

Release notes

Sourced from cloud.google.com/go/storage's releases.

storage: v1.62.3

v1.62.3 (2026-06-03)

Bug Fixes

  • fix race condition during retries in gRPC writer (#14649) (04b6c635)

  • add server closed idle connection to retriable errors (#14594) (20b37d65)

Commits
  • 8afd6a0 chore: librarian release pull request: 20260603T093646Z (#14699)
  • 04b6c63 fix(storage): fix race condition during retries in gRPC writer (#14649)
  • 20b37d6 fix(storage): add server closed idle connection to retriable errors (#14594)
  • See full diff in compare view

Updates github.com/Azure/azure-sdk-for-go/sdk/azcore from 1.21.1 to 1.22.0

Release notes

Sourced from github.com/Azure/azure-sdk-for-go/sdk/azcore's releases.

sdk/azcore/v1.22.0

1.22.0 (2026-06-04)

Features Added

  • Added type datetime.RFC7231 for date/time values in RFC 1123 format with a fixed GMT timezone.

Other Changes

  • Upgraded dependencies.
Commits
  • a19f613 Prep azcore@v1.22.0 for release (#26926)
  • 5803c0e Increment package version after release of storage/azblob (#26935) (#26943)
  • 9a979ff [Automation] Regenerate SDK based on typespec-go branch main 【batch 6】 (#26939)
  • 711094d eng/tools/generator: release v0.4.14 (#26934)
  • 20bd677 Deprecate Change Analysis SDK (#26913)
  • 92a31ec [Automation] Regenerate SDK based on typespec-go branch main 【batch 5】 (#26932)
  • 768459d azcertificates: live recording for PlatformManaged + review fixes (follow-up ...
  • e845f72 Update codeowners (#26918)
  • 118bb35 eng/tools/internal/exports: handle untyped const with selector expr value (#2...
  • 2b3767b Configurations: 'specification/containerservice/resource-manager/Microsoft.C...
  • Additional commits viewable in compare view

Updates github.com/aws/aws-sdk-go-v2 from 1.41.11 to 1.42.0

Commits

Updates github.com/aws/aws-sdk-go-v2/config from 1.32.22 to 1.32.24

Commits

Updates github.com/aws/aws-sdk-go-v2/credentials from 1.19.21 to 1.19.23

Commits

Updates github.com/aws/aws-sdk-go-v2/service/s3 from 1.103.1 to 1.103.3

Commits

Updates github.com/aws/smithy-go from 1.27.0 to 1.27.1

Changelog

Sourced from github.com/aws/smithy-go's changelog.

Release (2026-06-05)

General Highlights

  • Dependency Update: Updated to the latest SDK module versions

Module Highlights

  • github.com/aws/smithy-go: v1.27.2
    • Bug Fix: Fix incorrect serialization of unions in CBOR-based protocols.

Release (2026-06-04)

General Highlights

  • Dependency Update: Updated to the latest SDK module versions

Module Highlights

  • github.com/aws/smithy-go: v1.27.1
    • Bug Fix: Fixed a deserialization failure in all protocols when encountering a union with explicit null members.
    • Bug Fix: Fixed a panic when deserializing nested unions in JSON- and CBOR-based protocols.

Release (2026-06-02)

General Highlights

  • Dependency Update: Updated to the latest SDK module versions

Module Highlights

  • github.com/aws/smithy-go: v1.27.0
    • Feature: Add APIs for schema-based serialization.
    • Feature: Add support for all current AWS and Smithy protocols.
    • Bug Fix: Enforce max nesting depth of 128 on CBOR payloads.
  • github.com/aws/smithy-go/aws-http-auth: v1.2.0
    • Feature: Add event stream signer.

Release (2026-05-27)

General Highlights

  • Dependency Update: Updated to the latest SDK module versions

Module Highlights

  • github.com/aws/smithy-go: v1.26.0
    • Feature: Add StringSlice to endpoint rulesfn.

Release (2026-04-23)

General Highlights

  • Dependency Update: Updated to the latest SDK module versions

Module Highlights

  • github.com/aws/smithy-go: v1.25.1
    • Bug Fix: Fixed a memory leak in the LRU cache implementation used by some AWS services.

... (truncated)

Commits

Updates github.com/sigstore/cosign/v3 from 3.0.6 to 3.1.0

Changelog

Sourced from github.com/sigstore/cosign/v3's changelog.

v3.0.5

Deprecations

  • Deprecate rekor-entry-type flag (#4691)
  • Deprecate cosign triangulate (#4676)
  • Deprecate cosign copy (#4681)

Features

  • Automatically require signed timestamp with Rekor v2 entries (#4666)
  • Allow --local-image with --new-bundle-format for v2 and v3 signatures (#4626)
  • Add mTLS support for TSA client connections when signing with a signing config (#4620)
  • Enforce TSA requirement for Rekor v2, Fuclio signing (#4683)

Bug Fixes

  • Add empty predicate to cosign sign when payload type is application/vnd.in-toto+json (#4635)
  • fix: avoid panic on malformed attestation payload (#4651)
  • fix: avoid panic on malformed tlog entries (#4649)
  • fix: avoid panic on malformed replace payload (#4653)
  • Gracefully fail if bundle payload body is not a string (#4648)
  • Verify validity of chain rather than just certificate (#4663)
  • fix: avoid panic on malformed tlog entry body (#4652)

Documentation

  • docs(cosign): clarify RFC3161 revocation semantics (#4642)
  • Fix typo in CLI help (#4701)

v3.0.4

v3.0.4 resolves GHSA-whqx-f9j3-ch6m.

Changes

  • Fix bundle verify path for old bundle/trusted root (GHSA-whqx-f9j3-ch6m) (#4623)
  • Optimize cosign tree performance by caching digest resolution (#4612)
  • Don't require a trusted root to verify offline with a key (#4613)
  • Support default services for trusted-root and signing-config creation (#4592)

v2.6.2

v2.6.2 resolves GHSA-whqx-f9j3-ch6m.

Changes

... (truncated)

Commits
  • d253adf chore(deps): bump the gomod group across 1 directory with 2 updates (#4919)
  • c7b6253 test(e2e): cover Rekor v2 hashedrekord behavior (#4916)
  • 6115844 Update sigstore-go to v1.2.0 (#4914)
  • 0008f0e fix(verify): copy CheckOpts inside VerifyNewBundle to fix data race (#4917)
  • 5e053b3 fix(verify): Attach provided certificate and chain to loaded signature (#4737)
  • 0add3b5 Remove docstring references to deprecated flags (#4910)
  • ceeb6f4 Add staging support to conformance testing
  • 8cedfde Deprecate subcommands (#4894)
  • 8f34218 verify: return TUF errors for new bundle trusted roots
  • 4594450 chore(deps): bump k8s.io/client-go from 0.35.3 to 0.36.1 (#4858)
  • Additional commits viewable in compare view

Updates golang.org/x/sync from 0.20.0 to 0.21.0

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
build(deps): Bump the go-minor-and-patch group with 9 updates
1a8781f 
Bumps the go-minor-and-patch group with 9 updates:

| Package | From | To |
| --- | --- | --- |
| [cloud.google.com/go/storage](https://github.com/googleapis/google-cloud-go) | `1.62.2` | `1.62.3` |
| [github.com/Azure/azure-sdk-for-go/sdk/azcore](https://github.com/Azure/azure-sdk-for-go) | `1.21.1` | `1.22.0` |
| [github.com/aws/aws-sdk-go-v2](https://github.com/aws/aws-sdk-go-v2) | `1.41.11` | `1.42.0` |
| [github.com/aws/aws-sdk-go-v2/config](https://github.com/aws/aws-sdk-go-v2) | `1.32.22` | `1.32.24` |
| [github.com/aws/aws-sdk-go-v2/credentials](https://github.com/aws/aws-sdk-go-v2) | `1.19.21` | `1.19.23` |
| [github.com/aws/aws-sdk-go-v2/service/s3](https://github.com/aws/aws-sdk-go-v2) | `1.103.1` | `1.103.3` |
| [github.com/aws/smithy-go](https://github.com/aws/smithy-go) | `1.27.0` | `1.27.1` |
| [github.com/sigstore/cosign/v3](https://github.com/sigstore/cosign) | `3.0.6` | `3.1.0` |
| [golang.org/x/sync](https://github.com/golang/sync) | `0.20.0` | `0.21.0` |


Updates `cloud.google.com/go/storage` from 1.62.2 to 1.62.3
- [Release notes](https://github.com/googleapis/google-cloud-go/releases)
- [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/CHANGES.md)
- [Commits](googleapis/google-cloud-go@storage/v1.62.2...storage/v1.62.3)

Updates `github.com/Azure/azure-sdk-for-go/sdk/azcore` from 1.21.1 to 1.22.0
- [Release notes](https://github.com/Azure/azure-sdk-for-go/releases)
- [Commits](Azure/azure-sdk-for-go@sdk/azcore/v1.21.1...sdk/azcore/v1.22.0)

Updates `github.com/aws/aws-sdk-go-v2` from 1.41.11 to 1.42.0
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](aws/aws-sdk-go-v2@v1.41.11...v1.42.0)

Updates `github.com/aws/aws-sdk-go-v2/config` from 1.32.22 to 1.32.24
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](aws/aws-sdk-go-v2@config/v1.32.22...config/v1.32.24)

Updates `github.com/aws/aws-sdk-go-v2/credentials` from 1.19.21 to 1.19.23
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](aws/aws-sdk-go-v2@credentials/v1.19.21...credentials/v1.19.23)

Updates `github.com/aws/aws-sdk-go-v2/service/s3` from 1.103.1 to 1.103.3
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](aws/aws-sdk-go-v2@service/s3/v1.103.1...service/s3/v1.103.3)

Updates `github.com/aws/smithy-go` from 1.27.0 to 1.27.1
- [Release notes](https://github.com/aws/smithy-go/releases)
- [Changelog](https://github.com/aws/smithy-go/blob/main/CHANGELOG.md)
- [Commits](aws/smithy-go@v1.27.0...v1.27.1)

Updates `github.com/sigstore/cosign/v3` from 3.0.6 to 3.1.0
- [Release notes](https://github.com/sigstore/cosign/releases)
- [Changelog](https://github.com/sigstore/cosign/blob/main/CHANGELOG.md)
- [Commits](sigstore/cosign@v3.0.6...v3.1.0)

Updates `golang.org/x/sync` from 0.20.0 to 0.21.0
- [Commits](golang/sync@v0.20.0...v0.21.0)

---
updated-dependencies:
- dependency-name: cloud.google.com/go/storage
  dependency-version: 1.62.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go-minor-and-patch
- dependency-name: github.com/Azure/azure-sdk-for-go/sdk/azcore
  dependency-version: 1.22.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-minor-and-patch
- dependency-name: github.com/aws/aws-sdk-go-v2
  dependency-version: 1.42.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-minor-and-patch
- dependency-name: github.com/aws/aws-sdk-go-v2/config
  dependency-version: 1.32.24
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go-minor-and-patch
- dependency-name: github.com/aws/aws-sdk-go-v2/credentials
  dependency-version: 1.19.23
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go-minor-and-patch
- dependency-name: github.com/aws/aws-sdk-go-v2/service/s3
  dependency-version: 1.103.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go-minor-and-patch
- dependency-name: github.com/aws/smithy-go
  dependency-version: 1.27.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go-minor-and-patch
- dependency-name: github.com/sigstore/cosign/v3
  dependency-version: 3.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-minor-and-patch
- dependency-name: golang.org/x/sync
  dependency-version: 0.21.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-minor-and-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@github-actions github-actions Bot added documentation Improvements or additions to documentation size/S labels Jun 9, 2026
@dc-tec dc-tec self-assigned this Jun 9, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@dc-tec dc-tec

Labels

dependencies documentation Improvements or additions to documentation size/S

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@dc-tec