Skip to content

Bump the all group across 1 directory with 14 updates#1379

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/go_modules/all-d059dd87d5
Closed

Bump the all group across 1 directory with 14 updates#1379
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/go_modules/all-d059dd87d5

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 17, 2025

Copy link
Copy Markdown
Contributor

Bumps the all group with 11 updates in the / directory:

Package From To
cloud.google.com/go/storage 1.54.0 1.55.0
github.com/google/go-containerregistry 0.20.4 0.20.6
github.com/in-toto/attestation 1.1.1 1.1.2
github.com/in-toto/go-witness 0.8.4 0.8.6
github.com/sigstore/cosign/v2 2.5.0 2.5.1
github.com/sigstore/sigstore 1.9.4 1.9.5
github.com/sigstore/sigstore/pkg/signature/kms/aws 1.9.4 1.9.5
github.com/sigstore/sigstore/pkg/signature/kms/azure 1.9.4 1.9.5
github.com/sigstore/sigstore/pkg/signature/kms/gcp 1.9.4 1.9.5
github.com/sigstore/sigstore/pkg/signature/kms/hashivault 1.9.4 1.9.5
github.com/tektoncd/pipeline 1.0.0 1.1.0

Updates cloud.google.com/go/storage from 1.54.0 to 1.55.0

Release notes

Sourced from cloud.google.com/go/storage's releases.

storage: v1.55.0

1.55.0 (2025-05-29)

Features

  • storage/control: Add Client Libraries Storage IntelligenceConfig (2aaada3)
  • storage/internal: Add IpFilter to Bucket (#12309) (d8ae687)
  • storage/internal: Add Object.Retention message (d8ae687)

Bug Fixes

  • storage: Add EnableNewAuthLibrary internalOption to HTTP newClient (#12320) (0036073)
  • storage: Migrate oauth2/google usages to cloud.google.com/go/auth (#11191) (3a22349)
  • storage: Omit check on MultiRangeDownloader (#12342) (774621c)
  • storage: Retry url.Error and net.OpErrors when they wrap an io.EOF (#12289) (080f6b0)

Documentation

  • storage/internal: Add explicit Optional annotations to fields that have always been treated as optional (d8ae687)
  • storage/internal: Add note that Bucket.project output format is always project number format (d8ae687)
  • storage/internal: Add note that managedFolders are supported for GetIamPolicy and SetIamPolicy (d8ae687)
Changelog

Sourced from cloud.google.com/go/storage's changelog.

Changes

0.121.2 (2025-05-21)

Documentation

  • internal/generated: Remove outdated pubsub snippets (#12284) (0338a40)

0.121.1 (2025-05-13)

Bug Fixes

  • civil: Add support for civil.Date, civil.Time and civil.DateTime arguments to their respective Scan methods (#12240) (7127ce9), refs #12060

0.121.0 (2025-04-28)

Features

0.120.1 (2025-04-14)

Bug Fixes

0.120.0 (2025-03-20)

Features

Bug Fixes

  • third_party/pkgsite: Increase comment size limit (#11877) (587b5cc)

0.119.0 (2025-03-11)

Features

  • main: Add support for listening on custom host to internal/testutil (#11780) (9608a09), refs #11586

... (truncated)

Commits
  • 70d74c0 chore(main): release spanner 1.55.0 (#9231)
  • 9debdb6 chore: release main (#9223)
  • bd30055 feat(deploy): Add stable cutback duration configuration to the k8s gateway se...
  • ebbb610 fix(storage): migrate deprecated proto dep (#9232)
  • 9a79290 chore(all): update opentelemetry-go monorepo (#9230)
  • c2969d3 chore(all): update deps (#9229)
  • a42604a feat(spanner): add directed reads feature (#7668)
  • bbff8ac feat(bigquery): expose query id on row iterator if available (#9224)
  • 57e2d7b feat(cloudquotas): new clients (#9222)
  • 82054d0 docs(securitycentermanagement): updates on multiple comments, syncing termino...
  • Additional commits viewable in compare view

Updates github.com/google/go-containerregistry from 0.20.4 to 0.20.6

Release notes

Sourced from github.com/google/go-containerregistry's releases.

v0.20.6

What's Changed

New Contributors

Full Changelog: google/go-containerregistry@v0.20.4...v0.20.6

v0.20.5

What's Changed

New Contributors

Full Changelog: google/go-containerregistry@v0.20.3...v0.20.5

Commits

Updates github.com/in-toto/attestation from 1.1.1 to 1.1.2

Release notes

Sourced from github.com/in-toto/attestation's releases.

v1.1.2

What's Changed

New Contributors

Full Changelog: in-toto/attestation@v1.1.1...v1.1.2

Commits
  • 98dd36d Bump brace-expansion from 2.0.1 to 2.0.2 (#467)
  • 6d000a3 Merge pull request #465 from marcelamelara/update-maintainers
  • 07dce2f make linter happy
  • a086c30 Add Trishank as attestation maintainer
  • 9d60fbe fix typo in docstring (#443)
  • 306ddee Merge pull request #455 from in-toto/actions-regenerate-attestation-libraries
  • e7fe5bc Regenerate attestation libraries
  • 112dbba update workflow to use updated version of go (#454)
  • 9d96129 update go mod to v1.22 to fix parsing issues (#453)
  • cfb391e Merge pull request #446 from in-toto/dependabot/github_actions/peter-evans/cr...
  • Additional commits viewable in compare view

Updates github.com/in-toto/go-witness from 0.8.4 to 0.8.6

Commits
  • 0c8bb30 fix: update gitleaks and fix config usage (#499)
  • bd01443 feat: add ability to pass headers to archivista client (#498)
  • e0990ed chore: bump github.com/open-policy-agent/opa from 1.4.0 to 1.4.2 (#495)
  • d6d6d68 chore: bump actions/setup-go from 5.4.0 to 5.5.0 (#496)
  • 15ff04a chore: bump actions/dependency-review-action from 4.6.0 to 4.7.0 (#497)
  • a0ece0d chore: bump github.com/open-policy-agent/opa from 1.1.0 to 1.4.0 in the go_mo...
  • a799b23 chore: bump github/codeql-action from 3.28.16 to 3.28.17 (#492)
  • cc3c452 chore: bump golangci/golangci-lint-action from 7.0.0 to 8.0.0 (#491)
  • fe21e80 chore: bump github.com/aws/aws-sdk-go from 1.55.6 to 1.55.7 (#489)
  • 3e1d242 Update release workflow triggers for efficeincy and witness version (#494)
  • Additional commits viewable in compare view

Updates github.com/sigstore/cosign/v2 from 2.5.0 to 2.5.1

Release notes

Sourced from github.com/sigstore/cosign/v2's releases.

v2.5.1

Features

  • Add Rekor v2 support for trusted-root create (#4242)
  • Add baseUrl and Uri to trusted-root create command
  • Upgrade to TUF v2 client with trusted root
  • Don't verify SCT for a private PKI cert (#4225)
  • Bump TSA library to relax EKU chain validation rules (#4219)

Bug Fixes

  • Bump sigstore-go to pick up log index=0 fix (#4162)
  • remove unused recursive flag on attest command (#4187)

Docs

  • Fix indentation in verify-blob cmd examples (#4160)

Releases

  • ensure we copy the latest tags on each release (#4157)
Changelog

Sourced from github.com/sigstore/cosign/v2's changelog.

v2.5.1

Features

  • Add Rekor v2 support for trusted-root create (#4242)
  • Add baseUrl and Uri to trusted-root create command
  • Upgrade to TUF v2 client with trusted root
  • Don't verify SCT for a private PKI cert (#4225)
  • Bump TSA library to relax EKU chain validation rules (#4219)

Bug Fixes

  • Bump sigstore-go to pick up log index=0 fix (#4162)
  • remove unused recursive flag on attest command (#4187)

Docs

  • Fix indentation in verify-blob cmd examples (#4160)

Releases

  • ensure we copy the latest tags on each release (#4157)

Contributors

  • arthurus-rex
  • Babak K. Shandiz
  • Bob Callaway
  • Carlos Tadeu Panato Junior
  • Colleen Murphy
  • Dmitry Savintsev
  • Emmanuel Ferdman
  • Hayden B
  • Ville Skyttä
Commits
  • a7345fb Add Rekor v2 support for trusted-root create (#4242)
  • 3df894e Add baseUrl and Uri to trusted-root create command
  • fb26ffd update builder to use go1.24.4 (#4241)
  • 5b82c30 Bump to sigstore-go v1.0, fix lint errors (#4240)
  • a8fb9ee chore(deps): bump github.com/open-policy-agent/opa from 1.4.2 to 1.5.1 (#4233)
  • 8bbd493 chore(deps): bump k8s.io/client-go from 0.28.3 to 0.33.1 (#4235)
  • 32a2d62 Upgrade to TUF v2 client with trusted root
  • 95bec1a Run reusable dependency review workflow from main (#4239)
  • 9b508f5 chore(deps): bump google.golang.org/api from 0.234.0 to 0.236.0 (#4236)
  • 08c0240 chore(deps): bump gitlab.com/gitlab-org/api/client-go (#4231)
  • Additional commits viewable in compare view

Updates github.com/sigstore/sigstore from 1.9.4 to 1.9.5

Release notes

Sourced from github.com/sigstore/sigstore's releases.

v1.9.5

What's Changed

Full Changelog: sigstore/sigstore@v1.9.4...v1.9.5

Commits
  • 75efc00 build(deps): Bump localstack/localstack in /test/e2e in the all group (#2092)
  • 32d462f build(deps): Bump the all group in /test/e2e with 3 updates (#2091)
  • 007cd79 build(deps): Bump the all group in /test/e2e with 3 updates (#2074)
  • bbd546b build(deps): Bump github.com/Azure/azure-sdk-for-go/sdk/azidentity (#2087)
  • 540126b build(deps): Bump google.golang.org/api in /pkg/signature/kms/gcp (#2088)
  • 0996ba4 build(deps): Bump actions/dependency-review-action in the all group (#2085)
  • 7eafe24 build(deps): Bump golang.org/x/oauth2 from 0.29.0 to 0.30.0 (#2081)
  • d771343 build(deps): Bump golang.org/x/crypto in /pkg/signature/kms/azure (#2082)
  • 1b0bd69 build(deps): Bump the all group with 2 updates (#2078)
  • e2f3b71 build(deps): Bump google.golang.org/api in /pkg/signature/kms/gcp (#2084)
  • Additional commits viewable in compare view

Updates github.com/sigstore/sigstore/pkg/signature/kms/aws from 1.9.4 to 1.9.5

Release notes

Sourced from github.com/sigstore/sigstore/pkg/signature/kms/aws's releases.

v1.9.5

What's Changed

Full Changelog: sigstore/sigstore@v1.9.4...v1.9.5

Commits
  • 75efc00 build(deps): Bump localstack/localstack in /test/e2e in the all group (#2092)
  • 32d462f build(deps): Bump the all group in /test/e2e with 3 updates (#2091)
  • 007cd79 build(deps): Bump the all group in /test/e2e with 3 updates (#2074)
  • bbd546b build(deps): Bump github.com/Azure/azure-sdk-for-go/sdk/azidentity (#2087)
  • 540126b build(deps): Bump google.golang.org/api in /pkg/signature/kms/gcp (#2088)
  • 0996ba4 build(deps): Bump actions/dependency-review-action in the all group (#2085)
  • 7eafe24 build(deps): Bump golang.org/x/oauth2 from 0.29.0 to 0.30.0 (#2081)
  • d771343 build(deps): Bump golang.org/x/crypto in /pkg/signature/kms/azure (#2082)
  • 1b0bd69 build(deps): Bump the all group with 2 updates (#2078)
  • e2f3b71 build(deps): Bump google.golang.org/api in /pkg/signature/kms/gcp (#2084)
  • Additional commits viewable in compare view

Updates github.com/sigstore/sigstore/pkg/signature/kms/azure from 1.9.4 to 1.9.5

Release notes

Sourced from github.com/sigstore/sigstore/pkg/signature/kms/azure's releases.

v1.9.5

What's Changed

Full Changelog: sigstore/sigstore@v1.9.4...v1.9.5

Commits
  • 75efc00 build(deps): Bump localstack/localstack in /test/e2e in the all group (#2092)
  • 32d462f build(deps): Bump the all group in /test/e2e with 3 updates (#2091)
  • 007cd79 build(deps): Bump the all group in /test/e2e with 3 updates (#2074)
  • bbd546b build(deps): Bump github.com/Azure/azure-sdk-for-go/sdk/azidentity (#2087)
  • 540126b build(deps): Bump google.golang.org/api in /pkg/signature/kms/gcp (#2088)
  • 0996ba4 build(deps): Bump actions/dependency-review-action in the all group (#2085)
  • 7eafe24 build(deps): Bump golang.org/x/oauth2 from 0.29.0 to 0.30.0 (#2081)
  • d771343 build(deps): Bump golang.org/x/crypto in /pkg/signature/kms/azure (#2082)
  • 1b0bd69 build(deps): Bump the all group with 2 updates (#2078)
  • e2f3b71 build(deps): Bump google.golang.org/api in /pkg/signature/kms/gcp (#2084)
  • Additional commits viewable in compare view

Updates github.com/sigstore/sigstore/pkg/signature/kms/gcp from 1.9.4 to 1.9.5

Release notes

Sourced from github.com/sigstore/sigstore/pkg/signature/kms/gcp's releases.

v1.9.5

What's Changed

Full Changelog: sigstore/sigstore@v1.9.4...v1.9.5

Commits
  • 75efc00 build(deps): Bump localstack/localstack in /test/e2e in the all group (#2092)
  • 32d462f build(deps): Bump the all group in /test/e2e with 3 updates (#2091)
  • 007cd79 build(deps): Bump the all group in /test/e2e with 3 updates (#2074)
  • bbd546b build(deps): Bump github.com/Azure/azure-sdk-for-go/sdk/azidentity (#2087)
  • 540126b build(deps): Bump google.golang.org/api in /pkg/signature/kms/gcp (#2088)
  • 0996ba4 build(deps): Bump actions/dependency-review-action in the all group (#2085)
  • 7eafe24 build(deps): Bump golang.org/x/oauth2 from 0.29.0 to 0.30.0 (#2081)
  • d771343 build(deps): Bump golang.org/x/crypto in /pkg/signature/kms/azure (#2082)
  • 1b0bd69 build(deps): Bump the all group with 2 updates (#2078)
  • e2f3b71 build(deps): Bump google.golang.org/api in /pkg/signature/kms/gcp (#2084)
  • Additional commits viewable in compare view

Updates github.com/sigstore/sigstore/pkg/signature/kms/hashivault from 1.9.4 to 1.9.5

Release notes

Sourced from github.com/sigstore/sigstore/pkg/signature/kms/hashivault's releases.

v1.9.5

What's Changed

Full Changelog: sigstore/sigstore@v1.9.4...v1.9.5

Commits
  • 75efc00 build(deps): Bump localstack/localstack in /test/e2e in the all group (#2092)
  • 32d462f build(deps): Bump the all group in /test/e2e with 3 updates (#2091)
  • 007cd79 build(deps): Bump the all group in /test/e2e with 3 updates (#2074)
  • bbd546b build(deps): Bump github.com/Azure/azure-sdk-for-go/sdk/azidentity (#2087)
  • 540126b build(deps): Bump google.golang.org/api in /pkg/signature/kms/gcp (#2088)
  • 0996ba4 build(deps): Bump actions/dependency-review-action in the all group (#2085)
  • 7eafe24 build(deps): Bump golang.org/x/oauth2 from 0.29.0 to 0.30.0 (#2081)
  • d771343 build(deps): Bump golang.org/x/crypto in /pkg/signature/kms/azure (#2082)
  • 1b0bd69 build(deps): Bump the all group with 2 updates (#2078)
  • e2f3b71 build(deps): Bump google.golang.org/api in /pkg/signature/kms/gcp (#2084)
  • Additional commits viewable in compare view

Updates github.com/tektoncd/pipeline from 1.0.0 to 1.1.0

Release notes

Sourced from github.com/tektoncd/pipeline's releases.

Tekton Pipeline release v1.1.0 "Selkirk Rex Saul Tigh"

-Docs @ v1.1.0 -Examples @ v1.1.0

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v1.1.0/release.yaml

Attestation

The Rekor UUID for this release is 108e9186e8c5677a4abf3bb44246e552fdd917a58075df15b5f99ad1aa9e1da6ffd3c6aebc69689d

Obtain the attestation:

REKOR_UUID=108e9186e8c5677a4abf3bb44246e552fdd917a58075df15b5f99ad1aa9e1da6ffd3c6aebc69689d
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v1.1.0/release.yaml
REKOR_UUID=108e9186e8c5677a4abf3bb44246e552fdd917a58075df15b5f99ad1aa9e1da6ffd3c6aebc69689d
Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v1.1.0@sha256:" + .digest.sha256')
Download the release file
curl "$RELEASE_FILE" > release.yaml
For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

Fixes

  • 🐛 fix: Ensure retryable errors during validation do not fail Runs (#8746)

Retryable errors during dry-run Task validation will no longer cause a PipelineRun to be failed.

... (truncated)

Changelog

Sourced from github.com/tektoncd/pipeline's changelog.

Tekton Pipeline Releases

Release Frequency

Tekton Pipelines follows the Tekton community [release policy][release-policy] as follows:

  • Versions are numbered according to semantic versioning: vX.Y.Z
  • A new release is produced on a monthly basis
  • Four releases a year are chosen for long term support (LTS). All remaining releases are supported for approximately 1 month (until the next release is produced)
    • LTS releases take place in January, April, July and October every year
    • The first Tekton Pipelines LTS release will be v0.41.0 in October 2022
    • Releases happen towards the middle of the month, between the 13th and the 20th, depending on week-ends and readiness

Tekton Pipelines produces nightly builds, publicly available on gcr.io/tekton-nightly.

Transition Process

Before release v0.41 Tekton Pipelines has worked on the basis of an undocumented support period of four months, which will be maintained for the releases between v0.37 and v0.40.

Release Process

Tekton Pipeline releases are made of YAML manifests and container images. Manifests are published to cloud object-storage as well as [GitHub][tekton-pipeline-releases]. Container images are signed by [Sigstore][sigstore] via [Tekton Chains][tekton-chains]; signatures can be verified through the [public key][chains-public-key] hosted by the Tekton Chains project.

Further documentation available:

  • The Tekton Pipeline [release process][tekton-releases-docs]
  • [Installing Tekton][tekton-installation]
  • Standard for [release notes][release-notes-standards]

Release

v1.1

  • Latest Release: [v1.1.0][v1.1-0] (2025-06-04) ([docs][v1.1-0-docs], [examples][v1.1-0-examples])
  • Initial Release: [v1.1.0][v1.1-0] (2025-06-04)
  • End of Life: 2025-07-04
  • Patch Releases: [v1.1.0][v1.1-0]

v1.0 (LTS)

... (truncated)

Commits
  • 43c0bb9 refactor: use os.UserHomeDir instead of go-homedir
  • 40fd892 build(deps): bump google.golang.org/grpc from 1.72.1 to 1.72.2
  • c3f2096 build(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptrace...
  • 86a738b build(deps): bump go.opentelemetry.io/otel/sdk from 1.35.0 to 1.36.0
  • 5e8a54c build(deps): bump tj-actions/changed-files
  • 4a3c113 build(deps): bump go.opentelemetry.io/otel/trace from 1.35.0 to 1.36.0
  • 6284f84 build(deps): bump the all group in /tekton with 4 updates
  • 9580713 build(deps): bump github.com/google/go-containerregistry
  • e97fed6 Fix subpath capitalisation
  • 9197361 build(deps): bump k8s.io/apiextensions-apiserver from 0.32.4 to 0.32.5
  • Additional commits viewable in compare view

Updates golang.org/x/crypto from 0.38.0 to 0.39.0

Commits
  • 3bf9d2a ssh/test: skip KEX test if unsupported by system SSH client
  • 9bab967 go.mod: update golang.org/x dependencies
  • 4f9f0ca x509roots/fallback: add init time benchmark
  • eac7cf0 x509roots/fallback: move parsing code to a non-generated file
  • 18228cd acme: return err from deprecated TLS-SNI-[01|02] functions
  • 73f6362 acme: remove dead code
  • ebc8e46 ssh: add server side support for Diffie Hellman Group Exchange
  • e944286 ssh: expose negotiated algorithms
  • 78a1fd7 ssh: automatically add curve25519-sha256@libssh.org KEX alias
  • ac58737 ssh: export supported algorithms
  • Additional commits viewable in compare view

Updates golang.org/x/exp from 0.0.0-20250218142911-aa4b98e5adaa to 0.0.0-20250506013437-ce4c2cf36ca6

Commits

Updates google.golang.org/grpc from 1.72.0 to 1.72.2

Release notes

Sourced from google.golang.org/grpc's releases.

Release 1.72.2

Bug Fixes

  • client: restore support for NO_PROXY environment variable when connecting to locally-resolved addresses (case 2 from gRFC A1). (#8329)
  • balancer/least_request: fix panic on resolver errors. (#8333)

Release 1.72.1

Bug Fixes

  • client: HTTP Proxy connections are no longer attempted for addresses with non-TCP network types. (#8215)
  • client: Fix bug that causes RPCs to fail with status INTERNAL instead of CANCELLED or DEADLINE_EXCEEDED when receiving a RST_STREAM frame in the middle of the gRPC message. (#8289)
Commits
  • 6135a73 Change version to v1.72.2 (#8357)
  • eef8c9c delegatingresolver: avoid proxy for resolved addresses in NO_PROXY env (#8329...
  • 3b5fa74 balancer/least_request : Fix panic while handling resolver errors (#8333) (#8...
  • edf643f Change version to v1.72.2-dev (#8326)
  • 4cf3cf7 Change version to 1.72.1 (#8319)
  • 537fe8d transport: Propagate status code on receiving RST_STREAM during message read ...
  • f32eab3 cherry-pick #8302 and #8304 to v1.72.x branch (#8303)
  • 7fcfc87 internal/delegatingresolver: avoid proxy if networktype of target address is ...
  • ad1e120 Change version to 1.72.1-dev (#8219)
  • See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the all group with 11 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [cloud.google.com/go/storage](https://github.com/googleapis/google-cloud-go) | `1.54.0` | `1.55.0` |
| [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry) | `0.20.4` | `0.20.6` |
| [github.com/in-toto/attestation](https://github.com/in-toto/attestation) | `1.1.1` | `1.1.2` |
| [github.com/in-toto/go-witness](https://github.com/in-toto/go-witness) | `0.8.4` | `0.8.6` |
| [github.com/sigstore/cosign/v2](https://github.com/sigstore/cosign) | `2.5.0` | `2.5.1` |
| [github.com/sigstore/sigstore](https://github.com/sigstore/sigstore) | `1.9.4` | `1.9.5` |
| [github.com/sigstore/sigstore/pkg/signature/kms/aws](https://github.com/sigstore/sigstore) | `1.9.4` | `1.9.5` |
| [github.com/sigstore/sigstore/pkg/signature/kms/azure](https://github.com/sigstore/sigstore) | `1.9.4` | `1.9.5` |
| [github.com/sigstore/sigstore/pkg/signature/kms/gcp](https://github.com/sigstore/sigstore) | `1.9.4` | `1.9.5` |
| [github.com/sigstore/sigstore/pkg/signature/kms/hashivault](https://github.com/sigstore/sigstore) | `1.9.4` | `1.9.5` |
| [github.com/tektoncd/pipeline](https://github.com/tektoncd/pipeline) | `1.0.0` | `1.1.0` |



Updates `cloud.google.com/go/storage` from 1.54.0 to 1.55.0
- [Release notes](https://github.com/googleapis/google-cloud-go/releases)
- [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/CHANGES.md)
- [Commits](googleapis/google-cloud-go@spanner/v1.54.0...spanner/v1.55.0)

Updates `github.com/google/go-containerregistry` from 0.20.4 to 0.20.6
- [Release notes](https://github.com/google/go-containerregistry/releases)
- [Changelog](https://github.com/google/go-containerregistry/blob/main/.goreleaser.yml)
- [Commits](google/go-containerregistry@v0.20.4...v0.20.6)

Updates `github.com/in-toto/attestation` from 1.1.1 to 1.1.2
- [Release notes](https://github.com/in-toto/attestation/releases)
- [Commits](in-toto/attestation@v1.1.1...v1.1.2)

Updates `github.com/in-toto/go-witness` from 0.8.4 to 0.8.6
- [Release notes](https://github.com/in-toto/go-witness/releases)
- [Changelog](https://github.com/in-toto/go-witness/blob/main/.goreleaser.yaml)
- [Commits](in-toto/go-witness@v0.8.4...v0.8.6)

Updates `github.com/sigstore/cosign/v2` from 2.5.0 to 2.5.1
- [Release notes](https://github.com/sigstore/cosign/releases)
- [Changelog](https://github.com/sigstore/cosign/blob/main/CHANGELOG.md)
- [Commits](sigstore/cosign@v2.5.0...v2.5.1)

Updates `github.com/sigstore/sigstore` from 1.9.4 to 1.9.5
- [Release notes](https://github.com/sigstore/sigstore/releases)
- [Commits](sigstore/sigstore@v1.9.4...v1.9.5)

Updates `github.com/sigstore/sigstore/pkg/signature/kms/aws` from 1.9.4 to 1.9.5
- [Release notes](https://github.com/sigstore/sigstore/releases)
- [Commits](sigstore/sigstore@v1.9.4...v1.9.5)

Updates `github.com/sigstore/sigstore/pkg/signature/kms/azure` from 1.9.4 to 1.9.5
- [Release notes](https://github.com/sigstore/sigstore/releases)
- [Commits](sigstore/sigstore@v1.9.4...v1.9.5)

Updates `github.com/sigstore/sigstore/pkg/signature/kms/gcp` from 1.9.4 to 1.9.5
- [Release notes](https://github.com/sigstore/sigstore/releases)
- [Commits](sigstore/sigstore@v1.9.4...v1.9.5)

Updates `github.com/sigstore/sigstore/pkg/signature/kms/hashivault` from 1.9.4 to 1.9.5
- [Release notes](https://github.com/sigstore/sigstore/releases)
- [Commits](sigstore/sigstore@v1.9.4...v1.9.5)

Updates `github.com/tektoncd/pipeline` from 1.0.0 to 1.1.0
- [Release notes](https://github.com/tektoncd/pipeline/releases)
- [Changelog](https://github.com/tektoncd/pipeline/blob/main/releases.md)
- [Commits](tektoncd/pipeline@v1.0.0...v1.1.0)

Updates `golang.org/x/crypto` from 0.38.0 to 0.39.0
- [Commits](golang/crypto@v0.38.0...v0.39.0)

Updates `golang.org/x/exp` from 0.0.0-20250218142911-aa4b98e5adaa to 0.0.0-20250506013437-ce4c2cf36ca6
- [Commits](https://github.com/golang/exp/commits)

Updates `google.golang.org/grpc` from 1.72.0 to 1.72.2
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](grpc/grpc-go@v1.72.0...v1.72.2)

---
updated-dependencies:
- dependency-name: cloud.google.com/go/storage
  dependency-version: 1.55.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: github.com/google/go-containerregistry
  dependency-version: 0.20.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: github.com/in-toto/attestation
  dependency-version: 1.1.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: github.com/in-toto/go-witness
  dependency-version: 0.8.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: github.com/sigstore/cosign/v2
  dependency-version: 2.5.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: github.com/sigstore/sigstore
  dependency-version: 1.9.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/aws
  dependency-version: 1.9.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/azure
  dependency-version: 1.9.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/gcp
  dependency-version: 1.9.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/hashivault
  dependency-version: 1.9.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: github.com/tektoncd/pipeline
  dependency-version: 1.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: golang.org/x/crypto
  dependency-version: 0.39.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: golang.org/x/exp
  dependency-version: 0.0.0-20250506013437-ce4c2cf36ca6
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: google.golang.org/grpc
  dependency-version: 1.72.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Used by dependabot - identifies all PRs created by dependabot kind/misc Categorizes issue or PR as a miscellaneuous one. ok-to-test Indicates a non-member PR verified by an org member that is safe to test. release-note-none Denotes a PR that doesnt merit a release note. labels Jun 17, 2025
@tekton-robot

Copy link
Copy Markdown

Hi @dependabot[bot]. Thanks for your PR.

I'm waiting for a tektoncd member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@tekton-robot tekton-robot added the size/L Denotes a PR that changes 100-499 lines, ignoring generated files. label Jun 17, 2025
@tekton-robot

Copy link
Copy Markdown

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
To complete the pull request process, please assign chuangw6 after the PR has been reviewed.
You can assign the PR to them by writing /assign @chuangw6 in a comment when ready.

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@dependabot @github

dependabot Bot commented on behalf of github Jun 20, 2025

Copy link
Copy Markdown
Contributor Author

Looks like these dependencies are updatable in another way, so this is no longer needed.

@dependabot dependabot Bot closed this Jun 20, 2025
@dependabot dependabot Bot deleted the dependabot/go_modules/all-d059dd87d5 branch June 20, 2025 14:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Used by dependabot - identifies all PRs created by dependabot kind/misc Categorizes issue or PR as a miscellaneuous one. ok-to-test Indicates a non-member PR verified by an org member that is safe to test. release-note-none Denotes a PR that doesnt merit a release note. size/L Denotes a PR that changes 100-499 lines, ignoring generated files.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant