From 3cd9a70e259169bd40f7e3d61d7352aa6df6a51d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 10 Jun 2026 07:13:54 +0000 Subject: [PATCH] Bump the gomod group across 1 directory with 2 updates Bumps the gomod group with 2 updates in the / directory: [github.com/carabiner-dev/signer](https://github.com/carabiner-dev/signer) and [github.com/sigstore/sigstore-go](https://github.com/sigstore/sigstore-go). Updates `github.com/carabiner-dev/signer` from 0.5.1 to 0.5.2 - [Release notes](https://github.com/carabiner-dev/signer/releases) - [Commits](https://github.com/carabiner-dev/signer/compare/v0.5.1...v0.5.2) Updates `github.com/sigstore/sigstore-go` from 1.2.0 to 1.2.1 - [Release notes](https://github.com/sigstore/sigstore-go/releases) - [Commits](https://github.com/sigstore/sigstore-go/compare/v1.2.0...v1.2.1) --- updated-dependencies: - dependency-name: github.com/carabiner-dev/signer dependency-version: 0.5.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gomod - dependency-name: github.com/sigstore/sigstore-go dependency-version: 1.2.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gomod ... Signed-off-by: dependabot[bot] --- go.mod | 4 ++-- go.sum | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/go.mod b/go.mod index 61ff92e..e514e3a 100644 --- a/go.mod +++ b/go.mod @@ -5,7 +5,7 @@ go 1.25.11 require ( github.com/carabiner-dev/attestation v0.2.1 github.com/carabiner-dev/collector v0.3.7 - github.com/carabiner-dev/signer v0.5.1 + github.com/carabiner-dev/signer v0.5.2 github.com/carabiner-dev/vcslocator v0.4.4 github.com/fatih/color v1.19.0 github.com/go-git/go-billy/v5 v5.9.0 @@ -16,7 +16,7 @@ require ( github.com/in-toto/attestation v1.2.0 github.com/maxbrunsfeld/counterfeiter/v6 v6.12.2 github.com/migueleliasweb/go-github-mock v1.5.0 - github.com/sigstore/sigstore-go v1.2.0 + github.com/sigstore/sigstore-go v1.2.1 github.com/spf13/cobra v1.10.2 github.com/stretchr/testify v1.11.1 google.golang.org/protobuf v1.36.11 diff --git a/go.sum b/go.sum index 7e86d0a..31eecac 100644 --- a/go.sum +++ b/go.sum @@ -112,8 +112,8 @@ github.com/carabiner-dev/predicates v0.5.0 h1:CG2xO5xTXWXakjJkAFuS2xSA2olP9Ew25k github.com/carabiner-dev/predicates v0.5.0/go.mod h1:EUm2p0CwKoUuc+OLbGkoxLdRqBrg/r957b8iN/ACWSA= github.com/carabiner-dev/sbomfs v0.1.0 h1:gEsmn85hod7JTLs2dDr5C1x4Af7FUEhI0lbTurNaEZs= github.com/carabiner-dev/sbomfs v0.1.0/go.mod h1:UyPyTSNx9JOLZVgTmM9WXdmgVqDWXCYwr1LK1Ts+7H0= -github.com/carabiner-dev/signer v0.5.1 h1:gqWXoN7QXdMCWhMVtnZcyAd6dNNLuG0MtZirPzakit8= -github.com/carabiner-dev/signer v0.5.1/go.mod h1:QSdF3/d+MqKehGQMw8NYSVa1vIm4cZ32bJ4smcV8PTw= +github.com/carabiner-dev/signer v0.5.2 h1:0mWCaekAinluwm/gxLlX3Btrof2r04v68dO1kUZUiNc= +github.com/carabiner-dev/signer v0.5.2/go.mod h1:QSdF3/d+MqKehGQMw8NYSVa1vIm4cZ32bJ4smcV8PTw= github.com/carabiner-dev/vcslocator v0.4.4 h1:5uzb2yKfslMHY9RkkpUW28jLx2iVX93Al/GjSvG/2Ok= github.com/carabiner-dev/vcslocator v0.4.4/go.mod h1:qfYEs44nf9Fm/kiN120rTgruJn7PoHQyLXWQ9aO+SwE= github.com/cenkalti/backoff/v4 v4.3.0 h1:MyRJ/UdXutAwSAT+s3wNd7MfTIcy71VQueUuFK343L8= @@ -427,8 +427,8 @@ github.com/sigstore/rekor-tiles/v2 v2.2.2-0.20260601073857-5d098a2b6443 h1:/CO8F github.com/sigstore/rekor-tiles/v2 v2.2.2-0.20260601073857-5d098a2b6443/go.mod h1:w1h8wF8vq9lHjmtRdwJiEaoVxhP+WHIMpj4M39pkzp0= github.com/sigstore/sigstore v1.10.8 h1:1Mgkxvkw4AXMfIP1DOjc6kw0GkUgA8pGVpveN/EfOq4= github.com/sigstore/sigstore v1.10.8/go.mod h1:f9+B/4iaYimvUkySyb2mvc73n3RLqNn24grHZM/ET8M= -github.com/sigstore/sigstore-go v1.2.0 h1:8k8sGMVUUWwZ/KA+s4Q66yEPEzcC1xZ8UsTgI46J9Fc= -github.com/sigstore/sigstore-go v1.2.0/go.mod h1:I8BqVwAb/SaQJ5pBu5IDFY+ksq8O/1/kCag8XUgrsko= +github.com/sigstore/sigstore-go v1.2.1 h1:YWP/rDbBaEBvtbkj6xtwsSj38ZCFEhTVVadNOXjVe3A= +github.com/sigstore/sigstore-go v1.2.1/go.mod h1:I8BqVwAb/SaQJ5pBu5IDFY+ksq8O/1/kCag8XUgrsko= github.com/sigstore/sigstore/pkg/signature/kms/aws v1.10.8 h1:tofVQ+UWJgad/69I5zbqxdFCN5gpIn9tRQP7iBzIpBw= github.com/sigstore/sigstore/pkg/signature/kms/aws v1.10.8/go.mod h1:73AfJE8H6w5KGCFPBu4x/OG+i1Yxgmh0L/FtV7prd88= github.com/sigstore/sigstore/pkg/signature/kms/azure v1.10.8 h1:8Mt7J36GcUEmbiJaiFhz2tud5ZIgkfVVCe2H/WJCHmw=