Skip to content

chore(deps): bump the all group across 1 directory with 19 updates #1503

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
dependabot wants to merge 1 commit into
base: main
Choose a base branch
from
Open

chore(deps): bump the all group across 1 directory with 19 updates #1503

dependabot wants to merge 1 commit into from
+91,088 −126,353

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Dec 19, 2025
edited
Loading

Bumps the all group with 18 updates in the / directory:

Package From To
cloud.google.com/go/compute/metadata 0.8.0 0.9.0
cloud.google.com/go/storage 1.56.1 1.58.0
github.com/google/go-containerregistry 0.20.6 0.20.7
github.com/in-toto/archivista 0.10.0 0.11.1
github.com/sigstore/cosign/v2 2.6.0 2.6.1
github.com/sigstore/rekor 1.4.2 1.4.3
github.com/sigstore/sigstore 1.9.6-0.20250729224751-181c5d3339b3 1.10.3
github.com/sigstore/sigstore/pkg/signature/kms/aws 1.9.5 1.10.3
github.com/sigstore/sigstore/pkg/signature/kms/azure 1.9.5 1.10.3
github.com/sigstore/sigstore/pkg/signature/kms/gcp 1.9.6-0.20250729224751-181c5d3339b3 1.10.3
github.com/sigstore/sigstore/pkg/signature/kms/hashivault 1.9.5 1.10.3
github.com/tektoncd/pipeline 1.3.1 1.7.0
go.uber.org/zap 1.27.0 1.27.1
golang.org/x/crypto 0.45.0 0.46.0
google.golang.org/protobuf 1.36.10 1.36.11
k8s.io/apimachinery 0.34.1 0.35.0
k8s.io/client-go 0.34.1 0.35.0
k8s.io/code-generator 0.33.4 0.35.0

Updates cloud.google.com/go/compute/metadata from 0.8.0 to 0.9.0

Changelog

Sourced from cloud.google.com/go/compute/metadata's changelog.

Code changes required from v0.9.0

  • pubsub: Replace

    sub.ModifyPushConfig(ctx, pubsub.PushConfig{Endpoint: "https://example.com/push"})

    with

    sub.Update(ctx, pubsub.SubscriptionConfigToUpdate{
    PushConfig: &pubsub.PushConfig{Endpoint: "https://example.com/push"},
})

  • trace: traceGRPCServerInterceptor will be provided from *trace.Client. Given an initialized *trace.Client named tc, instead of

    s := grpc.NewServer(grpc.UnaryInterceptor(trace.GRPCServerInterceptor(tc)))

    write

    s := grpc.NewServer(grpc.UnaryInterceptor(tc.GRPCServerInterceptor()))

  • trace trace.GRPCClientInterceptor will also provided from *trace.Client. Instead of

    conn, err := grpc.Dial(srv.Addr, grpc.WithUnaryInterceptor(trace.GRPCClientInterceptor()))

    write

    conn, err := grpc.Dial(srv.Addr, grpc.WithUnaryInterceptor(tc.GRPCClientInterceptor()))

  • trace: We removed the deprecated trace.EnableGRPCTracing. Use the gRPC interceptor as a dial option as shown below when initializing Cloud package clients:

    c, err := pubsub.NewClient(ctx, "project-id", option.WithGRPCDialOption(grpc.WithUnaryInterceptor(tc.GRPCClientInterceptor())))
if err != nil {
    ...

... (truncated)

Commits
  • d4f8670 BREAKING: all: regenerate toolkit client
  • 23179f2 readme: document Trace and Error Reporting clients
  • c2e00bb trace: switch to grpc-trace-bin for gRPC calls
  • 1de0ed4 rpcreplay: Fprintf functions
  • 8878988 bigtable/bttest: Return proper error code when entity already exists
  • e432073 bigtable: Don't retry on INTERNAL errors.
  • 84bf648 rpcreplay: responses to code review comments from previous CL
  • e687f27 rpcreplay: replay of unary RPCs
  • 9da216d spanner: more integration tests
  • a089e75 logging: document that Close flushes the loggers
  • Additional commits viewable in compare view

Updates cloud.google.com/go/storage from 1.56.1 to 1.58.0

Release notes

Sourced from cloud.google.com/go/storage's releases.

storage 1.58.0

1.58.0 (2025-12-03)

Features

  • add object contexts in Go GCS SDK (#13390) (079c4d96)

  • calculate crc32c by default and pass checksum in trailing and per-chunk request (#13205) (2ab1c778)

  • add support for partial success in ListBuckets (#13320) (d91e47f2)

Bug Fixes

storage 1.57.2

1.57.2 (2025-11-14)

Features

Bug Fixes

Documentation

  • updates to docs and docs formatting (PiperOrigin-RevId: 828488192) (93ca68d5)

storage: v1.57.1

1.57.1 (2025-10-28)

Bug Fixes

  • storage: Takeover idempotence. (#13230) (cc5d2a1)
  • storage: Copy metadata when using Copier with grpc (#12919) (57a2e80)
  • storage: Fix takeover response handling. (#13239) (26d75bc)
  • storage: Remove default timeout for gRPC operations (#13022) (b94c3ba)
  • storage: Skip download of file outside of target dir (#12945) (6259aee)
  • storage: Upgrade gRPC service registration func (8fffca2)

storage: v1.56.3

1.56.3 (2025-10-14)

Bug Fixes

Commits

Updates github.com/google/go-containerregistry from 0.20.6 to 0.20.7

Release notes

Sourced from github.com/google/go-containerregistry's releases.

v0.20.7

What's Changed

New Contributors

Full Changelog: google/go-containerregistry@v0.20.6...v0.20.7

Commits
  • e075f20 go mod tidy on dependabot update (#2171)
  • 45aacf4 Bump the actions group across 1 directory with 3 updates (#2170)
  • 073b936 Update dependencies and deprecate DockerVersion field (#2164)
  • 390dacd Bump golang.org/x/crypto from 0.38.0 to 0.45.0 in /cmd/krane (#2163)
  • ca44d47 Bump golang.org/x/crypto from 0.38.0 to 0.45.0 in /pkg/authn/k8schain (#2162)
  • 999cc1f Bump github.com/docker/docker (#2161)
  • d1809c8 Build artifacts for riscv64 (#2159)
  • 7471efd Bump the auxiliary-deps group across 3 directories with 4 updates (#2156)
  • 2bb5bb0 Bump the actions group with 5 updates (#2155)
  • 16371c1 Remove manual vendor setting for dependabot (#2151)
  • Additional commits viewable in compare view

Updates github.com/in-toto/archivista from 0.10.0 to 0.11.1

Release notes

Sourced from github.com/in-toto/archivista's releases.

v0.11.1

Changelog

What's Changed

Fixes

Dependency Updates

New Contributors

Full Changelog: in-toto/archivista@v0.11.0...v0.11.1

v0.11.1-rc0

Changelog

v0.11.0

Changelog

What's Changed

... (truncated)

Commits
  • 1d6959e Allow DB connections to refresh credentials (#646)
  • 03fc694 chore: bump github.com/aws/aws-sdk-go-v2/feature/rds/auth (#654)
  • 6aa100a chore: bump github.com/aws/aws-sdk-go-v2/config from 1.31.12 to 1.31.15 (#653)
  • 03949b3 chore: bump the github-actions group across 1 directory with 2 updates (#652)
  • ee5b523 chore: bump golang from 20ee0b6 to aee43c3 (#644)
  • a546ecd chore: bump github.com/in-toto/go-witness from 0.8.6 to 0.9.1 (#645)
  • 7f5a1ee chore: bump golang from 1.25.2-alpine to 1.25.3-alpine (#643)
  • 7dacb58 fix the server.go path in Makefile (#640)
  • 03b16e3 chore: bump golang from 182059d to 06cdd34 (#641)
  • ca644e7 chore: bump the github-actions group with 2 updates (#642)
  • Additional commits viewable in compare view

Updates github.com/sigstore/cosign/v2 from 2.6.0 to 2.6.1

Release notes

Sourced from github.com/sigstore/cosign/v2's releases.

v2.6.1

Changelog

  • 634fabe54f9fbbab55d821a83ba93b2d25bdba5f Bump sigstore-go, move conformance back to tagged release
  • c5545eda23d770180880c245bf0d8f78c354ecc4 Partially populate the output of cosign verify when working with new bundles (#4416)
  • e191024a636883b4e6b7de8db2f5cfb85a1fcd0c bump go builder to use 1.25.1 and cosign (#4417)

Thanks to all contributors!

Changelog

Sourced from github.com/sigstore/cosign/v2's changelog.

v2.6.1

Bug Fixes

  • Partially populate the output of cosign verify when working with new bundles (#4416)
  • Bump sigstore-go, move conformance back to tagged release (#4426)
Commits
  • 634fabe Bump sigstore-go, move conformance back to tagged release
  • c5545ed Partially populate the output of cosign verify when working with new bundles ...
  • e191024 bump go builder to use 1.25.1 and cosign (#4417)
  • See full diff in compare view

Updates github.com/sigstore/rekor from 1.4.2 to 1.4.3

Release notes

Sourced from github.com/sigstore/rekor's releases.

v1.4.3

This release reduces dependencies for a number of exported packages.

This release also changes the format of the binary and container signature, which is now a Sigstore bundle. To verify a release, use the latest Cosign 3.x, verifying with cosign verify-blob --bundle <artifact>-keyless.sigstore.json <artifact>.

Improvements

  • use interruptable context to elegantly handle signals in rekor-cli (#2681)
  • restapi: Don't log client errors as errors (#2680)
  • pkg: separate pki types from implementations (#2668)
  • e2e: don't mix e2e and regular utilities (#2672)
  • pkg: remove viper config from spec definitions (#2669)
  • log: remove zap & go-chi dependecy from pkg/types (#2667)
  • chore: update go-openapi/runtime to v0.29.0 (#2670)
  • chore: remove double imported mapstructure pkg (#2671)
  • remove archived dependency and use stdlib slices (#2650)

Documentation

  • (docs): guard unsafe int/uint conversions flagged by gosec (#2679)

Contributors

  • AdamKorcz
  • Bob Callaway
  • Jussi Kukkonen
  • Sachin Sampras M
  • Tõnis Tiigi
Changelog

Sourced from github.com/sigstore/rekor's changelog.

v1.4.3

This release reduces dependencies for a number of exported packages.

This release also changes the format of the binary and container signature, which is now a Sigstore bundle. To verify a release, use the latest Cosign 3.x, verifying with cosign verify-blob --bundle <artifact>-keyless.sigstore.json <artifact>.

Improvements

  • use interruptable context to elegantly handle signals in rekor-cli (#2681)
  • restapi: Don't log client errors as errors (#2680)
  • pkg: separate pki types from implementations (#2668)
  • e2e: don't mix e2e and regular utilities (#2672)
  • pkg: remove viper config from spec definitions (#2669)
  • log: remove zap & go-chi dependecy from pkg/types (#2667)
  • chore: update go-openapi/runtime to v0.29.0 (#2670)
  • chore: remove double imported mapstructure pkg (#2671)
  • remove archived dependency and use stdlib slices (#2650)

Documentation

  • (docs): guard unsafe int/uint conversions flagged by gosec (#2679)

Contributors

  • AdamKorcz
  • Bob Callaway
  • Jussi Kukkonen
  • Sachin Sampras M
  • Tõnis Tiigi
Commits
  • cb5b1d5 Changelog for v1.4.3, fix goreleaser for Cosign v3 (#2682)
  • b34d99d fix remaining zizmor fixes (#2617)
  • e032725 use interruptable context to elegantly handle signals in rekor-cli (#2681)
  • 2d4e985 (docs): guard unsafe int/uint conversions flagged by gosec (#2679)
  • fdde6ec build(deps): Bump sigstore/scaffolding/trillian_log_signer (#2677)
  • 5ecf774 build(deps): Bump sigstore/scaffolding/trillian_log_server (#2678)
  • 381f351 build(deps): Bump go.step.sm/crypto from 0.73.0 to 0.74.0 (#2674)
  • e7bf948 build(deps): Bump golang.org/x/mod from 0.28.0 to 0.29.0 (#2665)
  • e8b7b7f build(deps): Bump github/codeql-action in the all group (#2663)
  • 9589399 build(deps): Bump the all group with 7 updates (#2673)
  • Additional commits viewable in compare view

Updates github.com/sigstore/sigstore from 1.9.6-0.20250729224751-181c5d3339b3 to 1.10.3

Release notes

Sourced from github.com/sigstore/sigstore's releases.

v1.10.3

What's Changed

v1.10.3 adds ValidatePubKey back to the cryptoutils package to avoid a breaking API change.

Full Changelog: sigstore/sigstore@v1.10.2...v1.10.3

v1.10.2

Functionally equivalent to v1.10.0. v1.10.1 has been retracted to remove copied code.

v1.10.0

Breaking change

sigstore/sigstore#2194 moves cryptoutils.ValidatePubKey to goodkey.ValidatePubKey to minimize the dependency tree for clients using the cryptoutils package.

Features

Refactoring

v1.10.0

Breaking change

sigstore/sigstore#2194 moves cryptoutils.ValidatePubKey to goodkey.ValidatePubKey to minimize the dependency tree for clients using the cryptoutils package.

Features

Refactoring

... (truncated)

Commits

Updates github.com/sigstore/sigstore/pkg/signature/kms/aws from 1.9.5 to 1.10.3

Release notes

Sourced from github.com/sigstore/sigstore/pkg/signature/kms/aws's releases.

v1.10.3

What's Changed

v1.10.3 adds ValidatePubKey back to the cryptoutils package to avoid a breaking API change.

Full Changelog: sigstore/sigstore@v1.10.2...v1.10.3

v1.10.2

Functionally equivalent to v1.10.0. v1.10.1 has been retracted to remove copied code.

v1.10.0

Breaking change

sigstore/sigstore#2194 moves cryptoutils.ValidatePubKey to goodkey.ValidatePubKey to minimize the dependency tree for clients using the cryptoutils package.

Features

Refactoring

v1.10.0

Breaking change

sigstore/sigstore#2194 moves cryptoutils.ValidatePubKey to goodkey.ValidatePubKey to minimize the dependency tree for clients using the cryptoutils package.

Features

Refactoring

... (truncated)

Commits
  • 72f0ed7 build(deps): Bump github.com/aws/aws-sdk-go-v2/config (#2230)
  • b257168 build(deps): Bump github.com/aws/aws-sdk-go-v2 in /pkg/signature/kms/aws (#2226)
  • 84f57b8 build(deps): Bump github.com/sigstore/sigstore (#2221)
  • bdc1a86 build(deps): Bump actions/checkout from 5.0.1 to 6.0.0 (#2220)
  • 11dfe81 build(deps): Bump golang.org/x/crypto in /pkg/signature/kms/aws (#2236)
  • 0214948 Add back ValidatePubKey as a deprecated, minimal function (#2235)
  • cc26bb8 build(deps): Bump localstack/localstack in /test/e2e in the all group (#2227)
  • 63ab8d8 build(deps): Bump github.com/aws/aws-sdk-go-v2/service/kms (#2229)
  • 9e629f0 build(deps): Bump the all group with 2 updates (#2219)
  • 234b99d build(deps): Bump github.com/coreos/go-oidc/v3 from 3.16.0 to 3.17.0 (#2223)
  • Additional commits viewable in compare view

Updates github.com/sigstore/sigstore/pkg/signature/kms/azure from 1.9.5 to 1.10.3

Release notes

Sourced from github.com/sigstore/sigstore/pkg/signature/kms/azure's releases.

v1.10.3

What's Changed

v1.10.3 adds ValidatePubKey back to the cryptoutils package to avoid a breaking API change.

Full Changelog: sigstore/sigstore@v1.10.2...v1.10.3

v1.10.2

Functionally equivalent to v1.10.0. v1.10.1 has been retracted to remove copied code.

v1.10.0

Breaking change

sigstore/sigstore#2194 moves cryptoutils.ValidatePubKey to goodkey.ValidatePubKey to minimize the dependency tree for clients using the cryptoutils package.

Features

Refactoring

v1.10.0

Breaking change

sigstore/sigstore#2194 moves cryptoutils.ValidatePubKey to goodkey.ValidatePubKey to minimize the dependency tree for clients using the cryptoutils package.

Features

Refactoring

... (truncated)

Commits
  • 72f0ed7 build(deps): Bump github.com/aws/aws-sdk-go-v2/config (#2230)
  • b257168 build(deps): Bump github.com/aws/aws-sdk-go-v2 in /pkg/signature/kms/aws (#2226)
  • 84f57b8 build(deps): Bump github.com/sigstore/sigstore (#2221)
  • bdc1a86 build(deps): Bump actions/checkout from 5.0.1 to 6.0.0 (#2220)
  • 11dfe81 build(deps): Bump golang.org/x/crypto in /pkg/signature/kms/aws (#2236)
  • 0214948 Add back ValidatePubKey as a deprecated, minimal function (#2235)
  • cc26bb8 build(deps): Bump localstack/localstack in /test/e2e in the all group (#2227)
  • 63ab8d8 build(deps): Bump github.com/aws/aws-sdk-go-v2/service/kms (#2229)
  • 9e629f0 build(deps): Bump the all group with 2 updates (#2219)
  • 234b99d build(deps): Bump github.com/coreos/go-oidc/v3 from 3.16.0 to 3.17.0 (#2223)
  • Additional commits viewable in compare view

Updates github.com/sigstore/sigstore/pkg/signature/kms/gcp from 1.9.6-0.20250729224751-181c5d3339b3 to 1.10.3

Release notes

Sourced from github.com/sigstore/sigstore/pkg/signature/kms/gcp's releases.

v1.10.3

What's Changed

v1.10.3 adds ValidatePubKey back to the cryptoutils package to avoid a breaking API change.

Full Changelog: sigstore/sigstore@v1.10.2...v1.10.3

v1.10.2

Functionally equivalent to v1.10.0. v1.10.1 has been retracted to remove copied code.

v1.10.0

Breaking change

sigstore/sigstore#2194 moves cryptoutils.ValidatePubKey to goodkey.ValidatePubKey to minimize the dependency tree for clients using the cryptoutils package.

Features

Refactoring

v1.10.0

Breaking change

sigstore/sigstore#2194 moves cryptoutils.ValidatePubKey to goodkey.ValidatePubKey to minimize the dependency tree for clients using the cryptoutils package.

Features

Refactoring

... (truncated)

Commits

Updates github.com/sigstore/sigstore/pkg/signature/kms/hashivault from 1.9.5 to 1.10.3

Release notes

Sourced from github.com/sigstore/sigstore/pkg/signature/kms/hashivault's releases.

v1.10.3

What's Changed

v1.10.3 adds ValidatePubKey back to the cryptoutils package to avoid a breaking API change.

Full Changelog: sigstore/sigstore@v1.10.2...v1.10.3

v1.10.2

Functionally equivalent to v1.10.0. v1.10.1 has been retracted to remove copied code.

v1.10.0

Breaking change

sigstore/sigstore#2194 moves cryptoutils.ValidatePubKey to goodkey.ValidatePubKey to minimize the dependency tree for clients using the cryptoutils package.

Features

Refactoring

v1.10.0

Breaking change

sigstore/sigstore#2194 moves cryptoutils.ValidatePubKey to goodkey.ValidatePubKey to minimize the dependency tree for clients using the cryptoutils package.

Features

  • feat(hashivault): token helper in

@dependabot dependabot bot added dependencies Used by dependabot - identifies all PRs created by dependabot kind/misc Categorizes issue or PR as a miscellaneuous one. ok-to-test Indicates a non-member PR verified by an org member that is safe to test. release-note-none Denotes a PR that doesnt merit a release note. labels Dec 19, 2025
@tekton-robot tekton-robot added the size/XL Denotes a PR that changes 500-999 lines, ignoring generated files. label Dec 19, 2025
@anithapriyanatarajan
Copy link
Contributor

anithapriyanatarajan commented Dec 19, 2025

/approve
/lgtm

@tekton-robot tekton-robot added the lgtm Indicates that a PR is ready to be merged. label Dec 19, 2025
@tekton-robot
Copy link

tekton-robot commented Dec 19, 2025

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: anithapriyanatarajan

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details Needs approval from an approver in each of these files:
  • OWNERS [anithapriyanatarajan]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@tekton-robot tekton-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Dec 19, 2025
@dependabot
chore(deps): bump the all group across 1 directory with 19 updates
4f3ad6e 
Bumps the all group with 18 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [cloud.google.com/go/compute/metadata](https://github.com/googleapis/google-cloud-go) | `0.8.0` | `0.9.0` |
| [cloud.google.com/go/storage](https://github.com/googleapis/google-cloud-go) | `1.56.1` | `1.58.0` |
| [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry) | `0.20.6` | `0.20.7` |
| [github.com/in-toto/archivista](https://github.com/in-toto/archivista) | `0.10.0` | `0.11.1` |
| [github.com/sigstore/cosign/v2](https://github.com/sigstore/cosign) | `2.6.0` | `2.6.1` |
| [github.com/sigstore/rekor](https://github.com/sigstore/rekor) | `1.4.2` | `1.4.3` |
| [github.com/sigstore/sigstore](https://github.com/sigstore/sigstore) | `1.9.6-0.20250729224751-181c5d3339b3` | `1.10.3` |
| [github.com/sigstore/sigstore/pkg/signature/kms/aws](https://github.com/sigstore/sigstore) | `1.9.5` | `1.10.3` |
| [github.com/sigstore/sigstore/pkg/signature/kms/azure](https://github.com/sigstore/sigstore) | `1.9.5` | `1.10.3` |
| [github.com/sigstore/sigstore/pkg/signature/kms/gcp](https://github.com/sigstore/sigstore) | `1.9.6-0.20250729224751-181c5d3339b3` | `1.10.3` |
| [github.com/sigstore/sigstore/pkg/signature/kms/hashivault](https://github.com/sigstore/sigstore) | `1.9.5` | `1.10.3` |
| [github.com/tektoncd/pipeline](https://github.com/tektoncd/pipeline) | `1.3.1` | `1.7.0` |
| [go.uber.org/zap](https://github.com/uber-go/zap) | `1.27.0` | `1.27.1` |
| [golang.org/x/crypto](https://github.com/golang/crypto) | `0.45.0` | `0.46.0` |
| google.golang.org/protobuf | `1.36.10` | `1.36.11` |
| [k8s.io/apimachinery](https://github.com/kubernetes/apimachinery) | `0.34.1` | `0.35.0` |
| [k8s.io/client-go](https://github.com/kubernetes/client-go) | `0.34.1` | `0.35.0` |
| [k8s.io/code-generator](https://github.com/kubernetes/code-generator) | `0.33.4` | `0.35.0` |



Updates `cloud.google.com/go/compute/metadata` from 0.8.0 to 0.9.0
- [Release notes](https://github.com/googleapis/google-cloud-go/releases)
- [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/CHANGES.md)
- [Commits](googleapis/google-cloud-go@v0.8.0...v0.9.0)

Updates `cloud.google.com/go/storage` from 1.56.1 to 1.58.0
- [Release notes](https://github.com/googleapis/google-cloud-go/releases)
- [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/CHANGES.md)
- [Commits](googleapis/google-cloud-go@storage/v1.56.1...spanner/v1.58.0)

Updates `github.com/google/go-containerregistry` from 0.20.6 to 0.20.7
- [Release notes](https://github.com/google/go-containerregistry/releases)
- [Commits](google/go-containerregistry@v0.20.6...v0.20.7)

Updates `github.com/in-toto/archivista` from 0.10.0 to 0.11.1
- [Release notes](https://github.com/in-toto/archivista/releases)
- [Commits](in-toto/archivista@v0.10.0...v0.11.1)

Updates `github.com/sigstore/cosign/v2` from 2.6.0 to 2.6.1
- [Release notes](https://github.com/sigstore/cosign/releases)
- [Changelog](https://github.com/sigstore/cosign/blob/main/CHANGELOG.md)
- [Commits](sigstore/cosign@v2.6.0...v2.6.1)

Updates `github.com/sigstore/rekor` from 1.4.2 to 1.4.3
- [Release notes](https://github.com/sigstore/rekor/releases)
- [Changelog](https://github.com/sigstore/rekor/blob/main/CHANGELOG.md)
- [Commits](sigstore/rekor@v1.4.2...v1.4.3)

Updates `github.com/sigstore/sigstore` from 1.9.6-0.20250729224751-181c5d3339b3 to 1.10.3
- [Release notes](https://github.com/sigstore/sigstore/releases)
- [Commits](https://github.com/sigstore/sigstore/commits/v1.10.3)

Updates `github.com/sigstore/sigstore/pkg/signature/kms/aws` from 1.9.5 to 1.10.3
- [Release notes](https://github.com/sigstore/sigstore/releases)
- [Commits](sigstore/sigstore@v1.9.5...v1.10.3)

Updates `github.com/sigstore/sigstore/pkg/signature/kms/azure` from 1.9.5 to 1.10.3
- [Release notes](https://github.com/sigstore/sigstore/releases)
- [Commits](sigstore/sigstore@v1.9.5...v1.10.3)

Updates `github.com/sigstore/sigstore/pkg/signature/kms/gcp` from 1.9.6-0.20250729224751-181c5d3339b3 to 1.10.3
- [Release notes](https://github.com/sigstore/sigstore/releases)
- [Commits](https://github.com/sigstore/sigstore/commits/v1.10.3)

Updates `github.com/sigstore/sigstore/pkg/signature/kms/hashivault` from 1.9.5 to 1.10.3
- [Release notes](https://github.com/sigstore/sigstore/releases)
- [Commits](sigstore/sigstore@v1.9.5...v1.10.3)

Updates `github.com/tektoncd/pipeline` from 1.3.1 to 1.7.0
- [Release notes](https://github.com/tektoncd/pipeline/releases)
- [Changelog](https://github.com/tektoncd/pipeline/blob/main/releases.md)
- [Commits](tektoncd/pipeline@v1.3.1...v1.7.0)

Updates `go.uber.org/zap` from 1.27.0 to 1.27.1
- [Release notes](https://github.com/uber-go/zap/releases)
- [Changelog](https://github.com/uber-go/zap/blob/master/CHANGELOG.md)
- [Commits](uber-go/zap@v1.27.0...v1.27.1)

Updates `golang.org/x/crypto` from 0.45.0 to 0.46.0
- [Commits](golang/crypto@v0.45.0...v0.46.0)

Updates `google.golang.org/grpc` from 1.75.0 to 1.76.0
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](grpc/grpc-go@v1.75.0...v1.76.0)

Updates `google.golang.org/protobuf` from 1.36.10 to 1.36.11

Updates `k8s.io/apimachinery` from 0.34.1 to 0.35.0
- [Commits](kubernetes/apimachinery@v0.34.1...v0.35.0)

Updates `k8s.io/client-go` from 0.34.1 to 0.35.0
- [Changelog](https://github.com/kubernetes/client-go/blob/master/CHANGELOG.md)
- [Commits](kubernetes/client-go@v0.34.1...v0.35.0)

Updates `k8s.io/code-generator` from 0.33.4 to 0.35.0
- [Commits](kubernetes/code-generator@v0.33.4...v0.35.0)

---
updated-dependencies:
- dependency-name: cloud.google.com/go/compute/metadata
  dependency-version: 0.9.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: cloud.google.com/go/storage
  dependency-version: 1.58.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: github.com/google/go-containerregistry
  dependency-version: 0.20.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: github.com/in-toto/archivista
  dependency-version: 0.11.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: github.com/sigstore/cosign/v2
  dependency-version: 2.6.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: github.com/sigstore/rekor
  dependency-version: 1.4.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: github.com/sigstore/sigstore
  dependency-version: 1.10.3
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/aws
  dependency-version: 1.10.3
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/azure
  dependency-version: 1.10.3
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/gcp
  dependency-version: 1.10.3
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/hashivault
  dependency-version: 1.10.3
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: github.com/tektoncd/pipeline
  dependency-version: 1.7.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: go.uber.org/zap
  dependency-version: 1.27.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: golang.org/x/crypto
  dependency-version: 0.46.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: google.golang.org/grpc
  dependency-version: 1.76.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: google.golang.org/protobuf
  dependency-version: 1.36.11
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: k8s.io/apimachinery
  dependency-version: 0.35.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: k8s.io/client-go
  dependency-version: 0.35.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: k8s.io/code-generator
  dependency-version: 0.35.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot force-pushed the dependabot/go_modules/all-55a104dda0 branch from 8fd48d2 to 4f3ad6e Compare December 23, 2025 14:05
@tekton-robot tekton-robot removed the lgtm Indicates that a PR is ready to be merged. label Dec 23, 2025
@tekton-robot
Copy link

tekton-robot commented Dec 23, 2025

New changes are detected. LGTM label has been removed.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@chitrangpatel chitrangpatel Awaiting requested review from chitrangpatel

@jkhelil jkhelil Awaiting requested review from jkhelil

Assignees

@anithapriyanatarajan anithapriyanatarajan

Labels

approved Indicates a PR has been approved by an approver from all required OWNERS files. dependencies Used by dependabot - identifies all PRs created by dependabot kind/misc Categorizes issue or PR as a miscellaneuous one. ok-to-test Indicates a non-member PR verified by an org member that is safe to test. release-note-none Denotes a PR that doesnt merit a release note. size/XL Denotes a PR that changes 500-999 lines, ignoring generated files.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@anithapriyanatarajan @tekton-robot