chore(deps): Bump the minor-patch group across 1 directory with 19 updates #1850

dependabot · 2025-06-16T18:42:02Z

Bumps the minor-patch group with 10 updates in the / directory:

Package	From	To
github.com/aws/aws-sdk-go	`1.55.6`	`1.55.7`
github.com/google/go-containerregistry	`0.20.3`	`0.20.6`
github.com/sigstore/cosign/v2	`2.5.0`	`2.5.1`
github.com/sigstore/sigstore	`1.9.4`	`1.9.5`
golang.org/x/time	`0.11.0`	`0.12.0`
github.com/sigstore/scaffolding	`0.7.22`	`0.7.23`
github.com/sigstore/sigstore/pkg/signature/kms/aws	`1.9.4`	`1.9.5`
github.com/sigstore/sigstore/pkg/signature/kms/azure	`1.9.4`	`1.9.5`
github.com/sigstore/sigstore/pkg/signature/kms/gcp	`1.9.4`	`1.9.5`
github.com/sigstore/sigstore/pkg/signature/kms/hashivault	`1.9.4`	`1.9.5`

Updates github.com/aws/aws-sdk-go from 1.55.6 to 1.55.7

Release notes

Sourced from github.com/aws/aws-sdk-go's releases.

Release v1.55.7 (2025-04-22)

SDK Bugs

service/s3/s3manager: Abort multipart download if object is modified during download

Fixes 4986

Commits

163aada release v1.55.7 (2025-04-22) (#5346)
9eb2bfd Abort multi part download if the object is modified during download
8d203cc Update bug-report.yml
See full diff in compare view

Updates github.com/google/go-containerregistry from 0.20.3 to 0.20.6

Release notes

Sourced from github.com/google/go-containerregistry's releases.

v0.20.6

What's Changed

Ensure that tag name is not empty if name contains colon by @SaschaSchwarze0 in google/go-containerregistry#2094

Bump some deps by @jonjohnsonjr in google/go-containerregistry#2110

New Contributors

@SaschaSchwarze0 made their first contribution in google/go-containerregistry#2094

Full Changelog: google/go-containerregistry@v0.20.4...v0.20.6

v0.20.5

What's Changed

build(deps): bump docker/docker to v28.0.0+incompatible by @luhring in google/go-containerregistry#2071

Migrate linter to v2 by @Subserial in google/go-containerregistry#2096

bump go version + bump deps by @Subserial in google/go-containerregistry#2093

implement TextMarshaler/JSONMarshaler more consistently by @imjasonh in google/go-containerregistry#2097

Update CodeQL permissions by @Subserial in google/go-containerregistry#2103

Update goreleaser permissions by @Subserial in google/go-containerregistry#2104

Update provenance action in release by @Subserial in google/go-containerregistry#2105

Update validator action by @Subserial in google/go-containerregistry#2106

New Contributors

@luhring made their first contribution in google/go-containerregistry#2071

@Subserial made their first contribution in google/go-containerregistry#2096

Full Changelog: google/go-containerregistry@v0.20.3...v0.20.5

v0.20.4 - Not usable as a go module

🚨 This release was published to the Go module proxy and then re-tagged with a different commit. This means it's not usable as a Go module (google/go-containerregistry#2107) -- please us v0.20.5 instead.

What's Changed

build(deps): bump docker/docker to v28.0.0+incompatible by @luhring in google/go-containerregistry#2071

Migrate linter to v2 by @Subserial in google/go-containerregistry#2096

bump go version + bump deps by @Subserial in google/go-containerregistry#2093

implement TextMarshaler/JSONMarshaler more consistently by @imjasonh in google/go-containerregistry#2097

Update CodeQL permissions by @Subserial in google/go-containerregistry#2103

Update goreleaser permissions by @Subserial in google/go-containerregistry#2104

Update provenance action in release by @Subserial in google/go-containerregistry#2105

Update validator action by @Subserial in google/go-containerregistry#2106

New Contributors

@luhring made their first contribution in google/go-containerregistry#2071

@Subserial made their first contribution in google/go-containerregistry#2096

Full Changelog: google/go-containerregistry@v0.20.3...v0.20.4

Commits

59a4b85 Bump some deps (#2110)
5b10395 Ensure that tag name is not empty if name contains colon (#2094)
4eb8c4d Update validator action (#2106)
78d4a6e Update provenance action (#2105)
33840ff Update goreleaser permissions (#2104)
8d47c37 Update CodeQL permissions (#2103)
a61de15 implement TextMarshaler/JSONMarshaler more consistently (#2097)
1d5b256 bump go version + bump deps (#2093)
ccaa0d6 Migrate linter to v2 (#2096)
098045d build(deps): bump docker/docker to v28.0.0+incompatible (#2071)
See full diff in compare view

Updates github.com/sigstore/cosign/v2 from 2.5.0 to 2.5.1

Commits

a7345fb Add Rekor v2 support for trusted-root create (#4242)
3df894e Add baseUrl and Uri to trusted-root create command
fb26ffd update builder to use go1.24.4 (#4241)
5b82c30 Bump to sigstore-go v1.0, fix lint errors (#4240)
a8fb9ee chore(deps): bump github.com/open-policy-agent/opa from 1.4.2 to 1.5.1 (#4233)
8bbd493 chore(deps): bump k8s.io/client-go from 0.28.3 to 0.33.1 (#4235)
32a2d62 Upgrade to TUF v2 client with trusted root
95bec1a Run reusable dependency review workflow from main (#4239)
9b508f5 chore(deps): bump google.golang.org/api from 0.234.0 to 0.236.0 (#4236)
08c0240 chore(deps): bump gitlab.com/gitlab-org/api/client-go (#4231)
Additional commits viewable in compare view

Updates github.com/sigstore/sigstore from 1.9.4 to 1.9.5

Release notes

Sourced from github.com/sigstore/sigstore's releases.

v1.9.5

What's Changed

Add context from opts to Azure signer in sigstore/sigstore#2070

add RWMutex around providerMap to protect concurrent ops in sigstore/sigstore#2077

Full Changelog: sigstore/sigstore@v1.9.4...v1.9.5

Commits

75efc00 build(deps): Bump localstack/localstack in /test/e2e in the all group (#2092)
32d462f build(deps): Bump the all group in /test/e2e with 3 updates (#2091)
007cd79 build(deps): Bump the all group in /test/e2e with 3 updates (#2074)
bbd546b build(deps): Bump github.com/Azure/azure-sdk-for-go/sdk/azidentity (#2087)
540126b build(deps): Bump google.golang.org/api in /pkg/signature/kms/gcp (#2088)
0996ba4 build(deps): Bump actions/dependency-review-action in the all group (#2085)
7eafe24 build(deps): Bump golang.org/x/oauth2 from 0.29.0 to 0.30.0 (#2081)
d771343 build(deps): Bump golang.org/x/crypto in /pkg/signature/kms/azure (#2082)
1b0bd69 build(deps): Bump the all group with 2 updates (#2078)
e2f3b71 build(deps): Bump google.golang.org/api in /pkg/signature/kms/gcp (#2084)
Additional commits viewable in compare view

Updates golang.org/x/crypto from 0.37.0 to 0.39.0

Commits

3bf9d2a ssh/test: skip KEX test if unsupported by system SSH client
9bab967 go.mod: update golang.org/x dependencies
4f9f0ca x509roots/fallback: add init time benchmark
eac7cf0 x509roots/fallback: move parsing code to a non-generated file
18228cd acme: return err from deprecated TLS-SNI-[01|02] functions
73f6362 acme: remove dead code
ebc8e46 ssh: add server side support for Diffie Hellman Group Exchange
e944286 ssh: expose negotiated algorithms
78a1fd7 ssh: automatically add [email protected] KEX alias
ac58737 ssh: export supported algorithms
Additional commits viewable in compare view

Updates golang.org/x/net from 0.39.0 to 0.41.0

Commits

6e41cae go.mod: update golang.org/x dependencies
15f7d40 http2: correctly wrap ErrFrameTooLarge in Framer.ReadFrame
ef33bc0 internal/http3: use bubbled context in synctest tests
919c6bc http2: use an array instead of a map in typeFrameParser
bae01a7 trace: add missing td tag
7d6e62a go.mod: update golang.org/x dependencies
ea0c1d9 internal/timeseries: use built-in max/min to simplify the code
3e7a445 quic: skip packet numbers for optimistic ack defense
3f563d3 quic: use an enum for sentPacket state
a3b6e77 quic: don't re-lose packets when discarding keys
Additional commits viewable in compare view

Updates golang.org/x/time from 0.11.0 to 0.12.0

Commits

1616a7f rate: skip time.Now call in Sometimes.Do unless necessary
See full diff in compare view

Updates k8s.io/api from 0.32.3 to 0.33.1

Commits

04f698e Update dependencies to v0.33.1 tag
16cedc7 Merge pull request #131088 from atiratree/rename-terminating-replicas-fg
dc88679 Merge pull request #131103 from ahrtr/etcd_sdk_20250328
4a456a2 bump etcd 3.5.21 sdk
96e38c9 rename DeploymentPodReplacementPolicy FG to DeploymentReplicaSetTerminatingRe...
c21a017 Merge pull request #129970 from mortent/AddResourceV1beta2API
d0673db Run make update
118546d Merge pull request #130556 from sreeram-venkitesh/kep-4960-container-stop-sig...
f9401a3 Merge pull request #130797 from jm-franc/configurable-tolerance
9b3e544 Generated UPDATE_COMPATIBILITY_FIXTURE_DATA
Additional commits viewable in compare view

Updates k8s.io/apimachinery from 0.32.3 to 0.33.1

Commits

173776a Merge pull request #131708tigrato/automated-cherry-pick-of-#131702
a3d1fde fix: fixes a possible panic in NewYAMLToJSONDecoder
955939f bump etcd 3.5.21 sdk
e8a77bd Merge pull request #130910 from googs1025/fix/datarace
7e8c77e Merge pull request #130906 from serathius/streaming-validation
27fd396 flake: fix data race for func TestBackoff_Step
8bcc6f1 Update kube-openapi and integrate streaming tags validation
6ce776c Merge pull request #130857 from thockin/kk_small_vg_diffs
f2c94d6 Comment on origin and JSON schema
b63ba07 Use origin in validateFalse's own test
Additional commits viewable in compare view

Updates k8s.io/client-go from 0.32.3 to 0.33.1

Commits

e7397e5 Update dependencies to v0.33.1 tag
ecbbb06 bump etcd 3.5.21 sdk
2086688 Merge pull request #129970 from mortent/AddResourceV1beta2API
dba34c7 Run make update
e359642 Merge pull request #130556 from sreeram-venkitesh/kep-4960-container-stop-sig...
3bf0a05 Merge pull request #130797 from jm-franc/configurable-tolerance
7a03a3b Generated files
1676beb Refresh autogenerated files following the configurable tolerance updates.
387edb8 Merge pull request #130967 from aojea/listers
21dc3b4 benchmark to show inefficient linear search lookup
Additional commits viewable in compare view

Updates github.com/Azure/azure-sdk-for-go/sdk/azidentity from 1.9.0 to 1.10.0

Release notes

Sourced from github.com/Azure/azure-sdk-for-go/sdk/azidentity's releases.

sdk/azidentity/v1.10.0

1.10.0 (2025-05-14)

Features Added

DefaultAzureCredential reads environment variable AZURE_TOKEN_CREDENTIALS to enable a subset of its credentials:

dev selects AzureCLICredential and AzureDeveloperCLICredential

prod selects EnvironmentCredential, WorkloadIdentityCredential and ManagedIdentityCredential

Commits

91de7c6 Prep azcore for release (#22481)
6e61c5e Updating changelog for v1.1.1 release (#22479)
f1530dc Updates for aztables metadata (#22472)
fa064d6 Updating changelog for v1.2.1 release (#22478)
d742ee8 Add MatchConditions to azcore (#22476)
da33ad0 azfile, azdatalake: Updating the type of number of chunks to uint64 (#22468)
2b23e14 [aznamespaces] Moving to new folder site, updating readme and autorest (#22441)
367d699 Update azappconfig with latest code generator (#22473)
4769244 NewListEntitiesPager fix (#22469)
4718139 Increment package version after release of storage/azblob (#22471)
Additional commits viewable in compare view

Updates github.com/docker/docker from 28.1.1+incompatible to 28.2.2+incompatible

Release notes

Sourced from github.com/docker/docker's releases.

28.2.2

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

docker/cli, 28.2.2 milestone

moby/moby, 28.2.2 milestone

Bug fixes and enhancements

containerd image store: Fix a regression causing docker build --push to fail. This reverts the fix for docker build not persisting overridden images as dangling. moby/moby#50105

Networking

When creating the iptables DOCKER-USER chain, do not add an explicit RETURN rule, allowing users to append as well as insert their own rules. Existing rules are not removed on upgrade, but it won't be replaced after a reboot. moby/moby#50098

28.2.1

Packaging updates

Fix packaging regression in v28.2.0 which broke creating the docker group/user on fresh installations. docker-ce-packaging#1209

28.2.0

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

docker/cli, 28.2.0 milestone

moby/moby, 28.2.0 milestone

Deprecated and removed features, see Deprecated Features.

Changes to the Engine API, see API version history.

[!NOTE] RHEL packages are currently not available and will be released later.

New

Add {{.Platform}} as formatting option for docker ps to show the platform of the image the container is running. docker/cli#6042

Add support for relative parent paths (../) on bind mount sources when using docker run/create with -v/--volume or --mount type=bind options. docker/cli#4966

CDI is now enabled by default. moby/moby#49963

Show discovered CDI devices in docker info. docker/cli#6078

docker image rm: add --platform option to remove a variant from multi-platform images. docker/cli#6109

containerd image store: Initial BuildKit support for building Windows container images on Windows (requires an opt-in with DOCKER_BUILDKIT=1). moby/moby#49740

Bug fixes and enhancements

Add a new log option for fluentd log driver (fluentd-write-timeout), which enables specifying write timeouts for fluentd connections. moby/moby#49911

Add support for DOCKER_AUTH_CONFIG for the experimental --use-api-socket option. docker/cli#6019

Fix docker exec waiting for 10 seconds if a non-existing user or group was specified. moby/moby#49868

Fix docker swarm init ignoring cacert option of --external-ca. docker/cli#5995

Fix an issue where the CLI would not correctly save the configuration file (~/.docker/config.json) if it was a relative symbolic link. docker/cli#5282

Fix containers with --restart always policy using CDI devices failing to start on daemon restart. moby/moby#49990

... (truncated)

Commits

45873be Merge pull request #50105 from jsternberg/revert-build-dangling
7994426 Revert "containerd: images overridden by a build are kept dangling"
f144264 Merge pull request #50090 from corhere/libn/overlay-netip
768cfae Merge pull request #50050 from robmry/nftables_internal_dns
d3289dd Add nftables NAT rules for internal DNS resolver
7a0bf74 Merge pull request #50038 from ctalledo/fix-for-50037
b43afbf Merge pull request #50098 from robmry/remove_docker-user_return_rule
c299ba3 Update worker.Platforms() in builder-next worker.
0e2cc22 Merge pull request #50049 from robmry/nftables_env_var_enable
e37efd4 Merge pull request #50068 from mmorel-35/github.com/containerd/errdefs
Additional commits viewable in compare view

Updates github.com/sigstore/protobuf-specs from 0.4.1 to 0.4.2

Changelog

Sourced from github.com/sigstore/protobuf-specs's changelog.

0.4.2

Changed

Deprecated LMS/LMS-OTS as supported signing algorithms (#597)

Added stronger language around how clients should handle service selection (#607)

Revised checkpoint key ID comment, deprecated log ID (#629)

Added operator for SigningConfig services, log and TSA roots (#634)

Added ML-DSA to algorithm registry (#616)

Commits

011f5a0 Add CHANGELOG, bump releases for v0.4.2 (#637)
8beee48 build(deps): bump ruby/setup-ruby from 1.238.0 to 1.239.0 (#636)
966b43d add: ML-DSA to algorithm registry (#616)
a4c70fe Add operator for SigningConfig services, log and TSA roots (#634)
ef40dfb build(deps): bump ruby/setup-ruby from 1.237.0 to 1.238.0 (#635)
8b886ff Revise checkpoint key ID comment, deprecate log ID (#629)
8e998ce build(deps): bump prost-reflect-build in /gen/pb-rust (#623)
1124687 build(deps): bump distroless/nodejs22-debian12 in /protoc-builder (#622)
33a35cc Update GOOGLEAPIS_COMMIT in versions.mk (#617)
bda1b2c build(deps): bump distroless/base-debian12 in /protoc-builder (#621)
Additional commits viewable in compare view

Updates github.com/sigstore/scaffolding from 0.7.22 to 0.7.23

Release notes

Sourced from github.com/sigstore/scaffolding's releases.

v0.7.23

Thanks to all contributors!

What's Changed

have prober test use staging TSA by @bobcallaway in sigstore/scaffolding#1540

Remove Terraform modules from scaffolding by @haydentherapper in sigstore/scaffolding#1507

Fix dependabot by @haydentherapper in sigstore/scaffolding#1542

Bump github/codeql-action from 3.28.12 to 3.28.15 by @dependabot in sigstore/scaffolding#1545

Bump ko-build/setup-ko from 0.8 to 0.9 by @dependabot in sigstore/scaffolding#1546

Bump golang.org/x/net from 0.37.0 to 0.39.0 by @dependabot in sigstore/scaffolding#1547

Bump go.step.sm/crypto from 0.59.1 to 0.60.0 by @dependabot in sigstore/scaffolding#1529

Bump github.com/go-openapi/swag from 0.23.0 to 0.23.1 by @dependabot in sigstore/scaffolding#1510

Bump google.golang.org/grpc from 1.71.0 to 1.71.1 by @dependabot in sigstore/scaffolding#1549

Bump go.step.sm/crypto from 0.60.0 to 0.61.0 by @dependabot in sigstore/scaffolding#1552

Bump cloud-sql-connectors/cloud-sql-proxy from 2.15.2-alpine@sha256:ab3068069deb05806c80d9fc7e6e542853283860cf7f1e4d6fa6ddeedfdc8600 to sha256:7487d086006d4b32e489fad6098343ec23a6c03c55874f0a3e4551d4fe5fb903 by @dependabot in sigstore/scaffolding#1553

feat: action for test containers by @ramonpetgrave64 in sigstore/scaffolding#1544

Bump golang.org/x/crypto from 0.32.0 to 0.35.0 in /actions/setup-sigstore-env/fakeoidc by @dependabot in sigstore/scaffolding#1556

Bump github.com/google/trillian from 1.7.1 to 1.7.2 by @dependabot in sigstore/scaffolding#1561

Bump github/codeql-action from 3.28.15 to 3.28.16 by @dependabot in sigstore/scaffolding#1558

Bump sigstore/cosign-installer from 3.8.1 to 3.8.2 by @dependabot in sigstore/scaffolding#1557

Bump github.com/sigstore/sigstore from 1.9.0 to 1.9.4 by @dependabot in sigstore/scaffolding#1563

Bump trillian-opensource-ci/db_server from 94a0852 to ce3a107 in /config/trillian/mysql by @dependabot in sigstore/scaffolding#1541

Bump k8s.io/client-go from 0.32.2 to 0.33.0 by @dependabot in sigstore/scaffolding#1559

add support for testing on k8s 1.33 by @bobcallaway in sigstore/scaffolding#1567

Bump k8s.io/code-generator from 0.32.2 to 0.33.0 by @dependabot in sigstore/scaffolding#1565

bump cloud-sql-proxy to v2.16.0 by @bobcallaway in sigstore/scaffolding#1568

Bump github/codeql-action from 3.28.16 to 3.28.17 by @dependabot in sigstore/scaffolding#1575

Bump github.com/go-sql-driver/mysql from 1.9.1 to 1.9.2 by @dependabot in sigstore/scaffolding#1573

Bump github.com/golang/glog from 1.2.4 to 1.2.5 by @dependabot in sigstore/scaffolding#1572

Bump github.com/sigstore/timestamp-authority from 1.2.5 to 1.2.6 by @dependabot in sigstore/scaffolding#1569

Bump github.com/go-jose/go-jose/v4 from 4.0.5 to 4.1.0 by @dependabot in sigstore/scaffolding#1571

Bump go.step.sm/crypto from 0.61.0 to 0.63.0 by @dependabot in sigstore/scaffolding#1570

Bump golangci/golangci-lint-action from 7.0.0 to 8.0.0 by @dependabot in sigstore/scaffolding#1574

New Contributors

@ramonpetgrave64 made their first contribution in sigstore/scaffolding#1544

Full Changelog: sigstore/scaffolding@v0.7.22...v0.7.23

Commits

57c1c47 Bump golangci/golangci-lint-action from 7.0.0 to 8.0.0 (#1574)
6524e0c Bump go.step.sm/crypto from 0.61.0 to 0.63.0 (#1570)
49e68a5 Bump github.com/go-jose/go-jose/v4 from 4.0.5 to 4.1.0 (#1571)
aa457fa Bump github.com/sigstore/timestamp-authority from 1.2.5 to 1.2.6 (#1569)
ee6e244 Bump github.com/golang/glog from 1.2.4 to 1.2.5 (#1572)
d4d6d74 Bump github.com/go-sql-driver/mysql from 1.9.1 to 1.9.2 (#1573)
f13df2b Bump github/codeql-action from 3.28.16 to 3.28.17 (#1575)
832418b bump cloud-sql-proxy to v2.16.0 (#1568)
fd22420 Bump k8s.io/code-generator from 0.32.2 to 0.33.0 (#1565)
ea1250f add support for testing on k8s 1.33 (#1567)
Additional commits viewable in compare view

Updates github.com/sigstore/sigstore-go from 0.7.2 to 1.0.0

Release notes

Sourced from github.com/sigstore/sigstore-go's releases.

v1.0.0

We're very excited to release sigstore-go 1.0! View the blog post announcing this release for more details.

This release should contain the last set of breaking changes until version 2.0, including a few renames (such as SignedEntityVerifier -> Verifier and VerifyTimestampAuthority -> VerifySignedTimestamp). We are excited to begin a new phase of simple, stable APIs!

What's Changed

Prevent duplicate timestamps from same TSA by @codysoyland in sigstore/sigstore-go#472

Update theupdateframework/go-tuf to v2.1.0 and copy in unexported repo type from theupdateframework/go-tuf/examples/repository directory by @malancas in sigstore/sigstore-go#474

Add verification errors to output of VerifyTimestampAuthority by @codysoyland in sigstore/sigstore-go#473

Use repository.Type from go-tuf in tests by @codysoyland in sigstore/sigstore-go#475

Rename and deprecate SignedEntityVerifier in favor of Verifier by @codysoyland in sigstore/sigstore-go#476

Deprecate and rename VerifyTimestampAuthority/VerifyArtifactTransparencyLog by @codysoyland in sigstore/sigstore-go#477

Update README for 1.0.0 release by @codysoyland in sigstore/sigstore-go#480

Full Changelog: sigstore/sigstore-go@v0.7.3...v1.0.0

v0.7.3

Note: v0.7.3 will likely be the last release before v1.0.

What's Changed

Add context to Rekor interactions in signer by @codysoyland in sigstore/sigstore-go#461

Use default Verifier for the public key contained in a certificate (closes #74) by @ret2libc in sigstore/sigstore-go#424

Select highest API version with multiple SigningConfig services by @haydentherapper in sigstore/sigstore-go#459

Fix SigningConfig ValidFor when dates are missing by @jku in sigstore/sigstore-go#465

correct error on unsupported TrustedRoot media type by @dmitris in sigstore/sigstore-go#466

Signing example improvements by @jku in sigstore/sigstore-go#458

Disable TUF timestamping when TUF cache disabled by @codysoyland in sigstore/sigstore-go#470

Full Changelog: sigstore/sigstore-go@v0.7.2...v0.7.3

Commits

cedac1b Update README for 1.0.0 release. (#480)
48df3a9 Bump the minor-patch group across 2 directories with 3 updates (#479)
fed666a Bump actions/setup-go from 5.4.0 to 5.5.0 (#478)
6392d0e Deprecate and rename VerifyTimestampAuthority/VerifyArtifactTransparencyLog (...
b47323b Rename and deprecate SignedEntityVerifier in favor of Verifier (#476)
d1f9d7f Use repository.Type from go-tuf in tests (#475)
94bb81b Add verification errors to output of VerifyTimestampAuthority (#473)
2bb86a1 Update theupdateframework/go-tuf to v2.1.0 and copy in unexported repo type f...
6207d62 Prevent duplicate timestamps from same TSA (#472)
8dff965 Disable TUF timestamping when TUF cache disabled (#470)
Additional commits viewable in compare view

Updates github.com/sigstore/sigstore/pkg/signature/kms/aws from 1.9.4 to 1.9.5

Release notes

Sourced from github.com/sigstore/sigstore/pkg/signature/kms/aws's releases.

v1.9.5

What's Changed

Add context from opts to Azure signer in sigstore/sigstore#2070

add RWMutex around providerMap to protect concurrent ops in sigstore/sigstore#2077

Full Changelog: sigstore/sigstore@v1.9.4...v1.9.5

Commits

75efc00 build(deps): Bump localstack/localstack in /test/e2e in the all group (#2092)
32d462f build(deps): Bump the all group in /test/e2e with 3 updates (#2091)
007cd79 build(deps): Bump the all group in /test/e2e with 3 updates (#2074)
bbd546b build(deps): Bump github.com/Azure/azure-sdk-for-go/sdk/azidentity (#2087)
540126b build(deps): Bump google.go...
Description has been truncated

…dates Bumps the minor-patch group with 10 updates in the / directory: | Package | From | To | | --- | --- | --- | | [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) | `1.55.6` | `1.55.7` | | [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry) | `0.20.3` | `0.20.6` | | [github.com/sigstore/cosign/v2](https://github.com/sigstore/cosign) | `2.5.0` | `2.5.1` | | [github.com/sigstore/sigstore](https://github.com/sigstore/sigstore) | `1.9.4` | `1.9.5` | | [golang.org/x/time](https://github.com/golang/time) | `0.11.0` | `0.12.0` | | [github.com/sigstore/scaffolding](https://github.com/sigstore/scaffolding) | `0.7.22` | `0.7.23` | | [github.com/sigstore/sigstore/pkg/signature/kms/aws](https://github.com/sigstore/sigstore) | `1.9.4` | `1.9.5` | | [github.com/sigstore/sigstore/pkg/signature/kms/azure](https://github.com/sigstore/sigstore) | `1.9.4` | `1.9.5` | | [github.com/sigstore/sigstore/pkg/signature/kms/gcp](https://github.com/sigstore/sigstore) | `1.9.4` | `1.9.5` | | [github.com/sigstore/sigstore/pkg/signature/kms/hashivault](https://github.com/sigstore/sigstore) | `1.9.4` | `1.9.5` | Updates `github.com/aws/aws-sdk-go` from 1.55.6 to 1.55.7 - [Release notes](https://github.com/aws/aws-sdk-go/releases) - [Changelog](https://github.com/aws/aws-sdk-go/blob/main/CHANGELOG_PENDING.md) - [Commits](aws/aws-sdk-go@v1.55.6...v1.55.7) Updates `github.com/google/go-containerregistry` from 0.20.3 to 0.20.6 - [Release notes](https://github.com/google/go-containerregistry/releases) - [Changelog](https://github.com/google/go-containerregistry/blob/main/.goreleaser.yml) - [Commits](google/go-containerregistry@v0.20.3...v0.20.6) Updates `github.com/sigstore/cosign/v2` from 2.5.0 to 2.5.1 - [Release notes](https://github.com/sigstore/cosign/releases) - [Changelog](https://github.com/sigstore/cosign/blob/main/CHANGELOG.md) - [Commits](sigstore/cosign@v2.5.0...v2.5.1) Updates `github.com/sigstore/sigstore` from 1.9.4 to 1.9.5 - [Release notes](https://github.com/sigstore/sigstore/releases) - [Commits](sigstore/sigstore@v1.9.4...v1.9.5) Updates `golang.org/x/crypto` from 0.37.0 to 0.39.0 - [Commits](golang/crypto@v0.37.0...v0.39.0) Updates `golang.org/x/net` from 0.39.0 to 0.41.0 - [Commits](golang/net@v0.39.0...v0.41.0) Updates `golang.org/x/time` from 0.11.0 to 0.12.0 - [Commits](golang/time@v0.11.0...v0.12.0) Updates `k8s.io/api` from 0.32.3 to 0.33.1 - [Commits](kubernetes/api@v0.32.3...v0.33.1) Updates `k8s.io/apimachinery` from 0.32.3 to 0.33.1 - [Commits](kubernetes/apimachinery@v0.32.3...v0.33.1) Updates `k8s.io/client-go` from 0.32.3 to 0.33.1 - [Changelog](https://github.com/kubernetes/client-go/blob/master/CHANGELOG.md) - [Commits](kubernetes/client-go@v0.32.3...v0.33.1) Updates `github.com/Azure/azure-sdk-for-go/sdk/azidentity` from 1.9.0 to 1.10.0 - [Release notes](https://github.com/Azure/azure-sdk-for-go/releases) - [Changelog](https://github.com/Azure/azure-sdk-for-go/blob/main/documentation/go-mgmt-sdk-release-guideline.md) - [Commits](Azure/azure-sdk-for-go@sdk/azcore/v1.9.0...sdk/azcore/v1.10.0) Updates `github.com/docker/docker` from 28.1.1+incompatible to 28.2.2+incompatible - [Release notes](https://github.com/docker/docker/releases) - [Commits](moby/moby@v28.1.1...v28.2.2) Updates `github.com/sigstore/protobuf-specs` from 0.4.1 to 0.4.2 - [Release notes](https://github.com/sigstore/protobuf-specs/releases) - [Changelog](https://github.com/sigstore/protobuf-specs/blob/main/CHANGELOG.md) - [Commits](sigstore/protobuf-specs@v0.4.1...v0.4.2) Updates `github.com/sigstore/scaffolding` from 0.7.22 to 0.7.23 - [Release notes](https://github.com/sigstore/scaffolding/releases) - [Changelog](https://github.com/sigstore/scaffolding/blob/main/release.md) - [Commits](sigstore/scaffolding@v0.7.22...v0.7.23) Updates `github.com/sigstore/sigstore-go` from 0.7.2 to 1.0.0 - [Release notes](https://github.com/sigstore/sigstore-go/releases) - [Commits](sigstore/sigstore-go@v0.7.2...v1.0.0) Updates `github.com/sigstore/sigstore/pkg/signature/kms/aws` from 1.9.4 to 1.9.5 - [Release notes](https://github.com/sigstore/sigstore/releases) - [Commits](sigstore/sigstore@v1.9.4...v1.9.5) Updates `github.com/sigstore/sigstore/pkg/signature/kms/azure` from 1.9.4 to 1.9.5 - [Release notes](https://github.com/sigstore/sigstore/releases) - [Commits](sigstore/sigstore@v1.9.4...v1.9.5) Updates `github.com/sigstore/sigstore/pkg/signature/kms/gcp` from 1.9.4 to 1.9.5 - [Release notes](https://github.com/sigstore/sigstore/releases) - [Commits](sigstore/sigstore@v1.9.4...v1.9.5) Updates `github.com/sigstore/sigstore/pkg/signature/kms/hashivault` from 1.9.4 to 1.9.5 - [Release notes](https://github.com/sigstore/sigstore/releases) - [Commits](sigstore/sigstore@v1.9.4...v1.9.5) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go dependency-version: 1.55.7 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: minor-patch - dependency-name: github.com/google/go-containerregistry dependency-version: 0.20.6 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: minor-patch - dependency-name: github.com/sigstore/cosign/v2 dependency-version: 2.5.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: minor-patch - dependency-name: github.com/sigstore/sigstore dependency-version: 1.9.5 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: minor-patch - dependency-name: golang.org/x/crypto dependency-version: 0.39.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor-patch - dependency-name: golang.org/x/net dependency-version: 0.41.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor-patch - dependency-name: golang.org/x/time dependency-version: 0.12.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor-patch - dependency-name: k8s.io/api dependency-version: 0.33.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor-patch - dependency-name: k8s.io/apimachinery dependency-version: 0.33.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor-patch - dependency-name: k8s.io/client-go dependency-version: 0.33.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor-patch - dependency-name: github.com/Azure/azure-sdk-for-go/sdk/azidentity dependency-version: 1.10.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor-patch - dependency-name: github.com/docker/docker dependency-version: 28.2.2+incompatible dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor-patch - dependency-name: github.com/sigstore/protobuf-specs dependency-version: 0.4.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: minor-patch - dependency-name: github.com/sigstore/scaffolding dependency-version: 0.7.23 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: minor-patch - dependency-name: github.com/sigstore/sigstore-go dependency-version: 1.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: minor-patch - dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/aws dependency-version: 1.9.5 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: minor-patch - dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/azure dependency-version: 1.9.5 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: minor-patch - dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/gcp dependency-version: 1.9.5 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: minor-patch - dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/hashivault dependency-version: 1.9.5 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: minor-patch ... Signed-off-by: dependabot[bot] <[email protected]>

dependabot · 2025-06-23T18:02:30Z

Looks like these dependencies are updatable in another way, so this is no longer needed.

dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Jun 16, 2025

dependabot bot mentioned this pull request Jun 16, 2025

chore(deps): Bump the sigstore group across 1 directory with 9 updates #1849

Closed

dependabot bot closed this Jun 23, 2025

dependabot bot deleted the dependabot/go_modules/minor-patch-2b76b0f246 branch June 23, 2025 18:02

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

chore(deps): Bump the minor-patch group across 1 directory with 19 updates #1850

chore(deps): Bump the minor-patch group across 1 directory with 19 updates #1850

Uh oh!

dependabot bot commented on behalf of github Jun 16, 2025 •

edited

Loading

Uh oh!

dependabot bot commented on behalf of github Jun 23, 2025

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

chore(deps): Bump the minor-patch group across 1 directory with 19 updates #1850

chore(deps): Bump the minor-patch group across 1 directory with 19 updates #1850

Uh oh!

Conversation

dependabot bot commented on behalf of github Jun 16, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Release v1.55.7 (2025-04-22)

SDK Bugs

v0.20.6

What's Changed

New Contributors

v0.20.5

What's Changed

New Contributors

v0.20.4 - Not usable as a go module

What's Changed

New Contributors

v1.9.5

What's Changed

sdk/azidentity/v1.10.0

1.10.0 (2025-05-14)

Features Added

28.2.2

Bug fixes and enhancements

Networking

28.2.1

Packaging updates

28.2.0

New

Bug fixes and enhancements

0.4.2

Changed

v0.7.23

Thanks to all contributors!

What's Changed

New Contributors

v1.0.0

What's Changed

v0.7.3

What's Changed

v1.9.5

What's Changed

Uh oh!

dependabot bot commented on behalf of github Jun 23, 2025

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

dependabot bot commented on behalf of github Jun 16, 2025 •

edited

Loading