build(deps): bump the go-deps group across 1 directory with 13 updates #1801

dependabot · 2025-05-16T02:55:32Z

Bumps the go-deps group with 12 updates in the / directory:

Package	From	To
github.com/Masterminds/semver/v3	`3.3.0`	`3.3.1`
github.com/fluxcd/pkg/apis/meta	`1.11.0`	`1.12.0`
github.com/fluxcd/pkg/auth	`0.12.0`	`0.13.0`
github.com/fluxcd/pkg/git	`0.29.0`	`0.30.0`
github.com/fluxcd/pkg/git/gogit	`0.31.0`	`0.32.0`
github.com/notaryproject/notation-core-go	`1.2.0`	`1.3.0`
github.com/notaryproject/notation-go	`1.3.0`	`1.3.2`
github.com/ory/dockertest/v3	`3.11.0`	`3.12.0`
github.com/sigstore/sigstore	`1.8.15`	`1.9.4`
golang.org/x/crypto	`0.37.0`	`0.38.0`
golang.org/x/oauth2	`0.29.0`	`0.30.0`
oras.land/oras-go/v2	`2.5.0`	`2.6.0`

Updates github.com/Masterminds/semver/v3 from 3.3.0 to 3.3.1

Release notes

Sourced from github.com/Masterminds/semver/v3's releases.

v3.3.1

What's Changed

Fix for allowing some version that were invalid by @mattfarina in Masterminds/semver#253

Full Changelog: Masterminds/semver@v3.3.0...v3.3.1

Changelog

Sourced from github.com/Masterminds/semver/v3's changelog.

Changelog

Commits

1558ca3 Merge pull request #253 from mattfarina/fix-bad-versions
252dd61 Fix for allowing some version that were invalid
See full diff in compare view

Updates github.com/fluxcd/pkg/apis/meta from 1.11.0 to 1.12.0

Commits

7a72e48 Merge pull request #927 from fluxcd/rfc-0010-feature-gate
d1cd390 [RFC-0010] Introduce feature gate for enabling object-level workload identity
a556f82 Merge pull request #926 from fluxcd/azure-int-tests
d8a62c1 Enable scheduled Azure integration tests
a7adfff Merge pull request #922 from fluxcd/dependabot/github_actions/ci-1bf90fd100
b5058d4 build(deps): bump the ci group across 1 directory with 4 updates
8204f92 Merge pull request #925 from fluxcd/federation
4d58d6d [RFC-0010] Support cross-cloud object-level workload identity
284f566 Merge pull request #924 from fluxcd/wi-int-tests
0b6d5a6 [RFC-0010] Add integration tests for object-level workload identity
Additional commits viewable in compare view

Updates github.com/fluxcd/pkg/auth from 0.12.0 to 0.13.0

Commits

04a0963 Merge pull request #597 from fluxcd/tag-verification
0f40956 git: add support for lightweight tags
320d78f git/gogit: add tag info to commit if refname points to an annotated tag
5658f3b git/gogit: add tag info to commit when checking out via semver
75c942d git/gogit: add tag info to commit when checking out via tag
fba7100 git: add support for linking a parent tag to a commit
540f61e Merge pull request #631 from mihaiandreiratoiu/feature/gov-arm
174a5e9 Ops: Update azure cloud token auth
5eb935a Merge pull request #632 from fluxcd/disable-azure-ci-jobs
1330800 Disable azure CI jobs
Additional commits viewable in compare view

Updates github.com/fluxcd/pkg/git from 0.29.0 to 0.30.0

Commits

7a72e48 Merge pull request #927 from fluxcd/rfc-0010-feature-gate
d1cd390 [RFC-0010] Introduce feature gate for enabling object-level workload identity
a556f82 Merge pull request #926 from fluxcd/azure-int-tests
d8a62c1 Enable scheduled Azure integration tests
a7adfff Merge pull request #922 from fluxcd/dependabot/github_actions/ci-1bf90fd100
b5058d4 build(deps): bump the ci group across 1 directory with 4 updates
8204f92 Merge pull request #925 from fluxcd/federation
4d58d6d [RFC-0010] Support cross-cloud object-level workload identity
284f566 Merge pull request #924 from fluxcd/wi-int-tests
0b6d5a6 [RFC-0010] Add integration tests for object-level workload identity
Additional commits viewable in compare view

Updates github.com/fluxcd/pkg/git/gogit from 0.31.0 to 0.32.0

Commits

6dc2f17 Merge pull request #656 from fluxcd/update-tar-deps
ec9b48a Update internal dependencies
5275de8 Decommission untar package
57d9588 Merge pull request #655 from fluxcd/oci-skip-symlinks
c62dc82 Skip symlinks during OCI layer decompression
4f69e78 Merge pull request #653 from errordeveloper/pull-any-artifact
887bad4 oci/clinet: ensure Pull sets URL field in metadata it returns
3b8d634 oci/client: drop custom platfrom from default client options
0202722 oci/client: relax annotation parser
56bc0ab Merge pull request #654 from fluxcd/dependabot/github_actions/ci-663ed1f0b6
Additional commits viewable in compare view

Updates github.com/notaryproject/notation-core-go from 1.2.0 to 1.3.0

Release notes

Sourced from github.com/notaryproject/notation-core-go's releases.

v1.3.0

Vote PASSED [+4 -0]: #271

Updates

Support of delta CRL during certificate revocation check.

Upgraded go version to v1.23.0

Error message fix and dependency updates.

What's Changed since v1.2.0

feat: delta CRL by @JeyJeyGao in notaryproject/notation-core-go#247

bump: update go v1.23 by @JeyJeyGao in notaryproject/notation-core-go#260

build(deps): bump golang.org/x/crypto from 0.32.0 to 0.35.0 by @dependabot in notaryproject/notation-core-go#261

build(deps): bump apache/skywalking-eyes from 0.6.0 to 0.7.0 by @dependabot in notaryproject/notation-core-go#258

fix: use iterator instead of looping through multiple slices by @JeyJeyGao in notaryproject/notation-core-go#259

build(deps): bump golang.org/x/crypto from 0.35.0 to 0.36.0 by @dependabot in notaryproject/notation-core-go#262

build(deps): bump github.com/golang-jwt/jwt/v4 from 4.5.1 to 4.5.2 by @dependabot in notaryproject/notation-core-go#263

build(deps): bump github.com/fxamacker/cbor/v2 from 2.7.0 to 2.8.0 by @dependabot in notaryproject/notation-core-go#265

build(deps): bump golang.org/x/crypto from 0.36.0 to 0.37.0 by @dependabot in notaryproject/notation-core-go#267

fix: error message of SignatureAuthenticityError by @Two-Hearts in notaryproject/notation-core-go#269

Full Changelog: notaryproject/notation-core-go@v1.2.0...v1.3.0

Commits

ef87896 fix: error message of SignatureAuthenticityError (#269)
46726d8 build(deps): bump golang.org/x/crypto from 0.36.0 to 0.37.0 (#267)
b85e8f7 build(deps): bump github.com/fxamacker/cbor/v2 from 2.7.0 to 2.8.0 (#265)
4d73532 build(deps): bump github.com/golang-jwt/jwt/v4 from 4.5.1 to 4.5.2 (#263)
6a378d5 build(deps): bump golang.org/x/crypto from 0.35.0 to 0.36.0 (#262)
ea37e4e fix: use iterator instead of looping through multiple slices (#259)
fcf4512 build(deps): bump apache/skywalking-eyes from 0.6.0 to 0.7.0 (#258)
9c4662f build(deps): bump golang.org/x/crypto from 0.32.0 to 0.35.0 (#261)
441bbe8 bump: update go v1.23 (#260)
7510083 feat: delta CRL (#247)
See full diff in compare view

Updates github.com/notaryproject/notation-go from 1.3.0 to 1.3.2

Release notes

Sourced from github.com/notaryproject/notation-go's releases.

v1.3.2

Vote PASSED [+5 -0]: #538

Update

Error message and dependency updates

What's Changed since notation-go v1.3.1

bump: release v1.3.1 by @Two-Hearts in notaryproject/notation-go#517

backport: from main to release-1.3 branch by @Two-Hearts in notaryproject/notation-go#536

Full Changelog: notaryproject/notation-go@v1.3.1...v1.3.2

New Contributors

@qba73 made their first contribution in notaryproject/notation-go#529

v1.3.1

Vote PASSED [+5 -0]: #517

Bug fix

This patch release removes the timestamp check against signing time during authentic timestamp verification due to potential time skew and the unauthenticated nature of signing time field.

What's Changed

bump: release v1.3.0 by @Two-Hearts in notaryproject/notation-go#507

fix: remove signing time check during authenticTimestamp by @Two-Hearts in notaryproject/notation-go#514

bump: bump up dependencies for release-1.3 branch by @Two-Hearts in notaryproject/notation-go#516

Full Changelog: notaryproject/notation-go@v1.3.0...v1.3.1

Commits

34a1aba bump: release v1.3.2
c447774 backport: from main to release-1.3 branch (#536)
727046d Merge pull request #517 from Two-Hearts/release-1.3
961cef1 bump: release v1.3.1
f171fb0 bump: bump up dependencies for release-1.3 branch (#516)
540cc34 fix: remove signing time check during authenticTimestamp (#514)
1864576 Merge pull request #507 from Two-Hearts/release-1.3
See full diff in compare view

Updates github.com/ory/dockertest/v3 from 3.11.0 to 3.12.0

Release notes

Sourced from github.com/ory/dockertest/v3's releases.

v3.12.0

What's Changed

chore(deps): bump github.com/docker/cli from 26.1.4+incompatible to 27.1.2+incompatible by @dependabot in ory/dockertest#524

chore(deps): bump actions/checkout from 3 to 4 by @dependabot in ory/dockertest#514

chore(deps): bump actions/stale from 4 to 9 by @dependabot in ory/dockertest#526

chore(deps): bump github.com/opencontainers/runc from 1.1.13 to 1.1.15 by @dependabot in ory/dockertest#538

chore(deps): bump actions/checkout from 2 to 4 by @dependabot in ory/dockertest#527

feat: use creds helper by @GuillaumeSmaha in ory/dockertest#520

added AuthConfigs to BuildOptions and pass that to BuildImage by @DGollings in ory/dockertest#488

add multiple test container example by @akoserwal in ory/dockertest#515

fix: trying to bind to an outbound ip returns an empty list of port bindings by @atzoum in ory/dockertest#533

chore(deps): bump golang.org/x/sys from 0.21.0 to 0.28.0 by @dependabot in ory/dockertest#548

chore(deps): bump actions/stale from 4 to 9 by @dependabot in ory/dockertest#550

chore(deps): bump actions/checkout from 2 to 4 by @dependabot in ory/dockertest#549

chore(deps): bump actions/checkout from 2 to 4 by @dependabot in ory/dockertest#555

chore(deps): bump github.com/docker/cli from 27.1.2+incompatible to 27.4.1+incompatible by @dependabot in ory/dockertest#553

chore(deps): bump github.com/opencontainers/runc from 1.1.15 to 1.2.3 by @dependabot in ory/dockertest#551

chore(deps): bump github.com/stretchr/testify from 1.9.0 to 1.10.0 by @dependabot in ory/dockertest#547

feat: add support for BuildKit when building images by @tmc in ory/dockertest#416

chore(deps): bump actions/setup-node from 2.pre.beta to 4.1.0 by @dependabot in ory/dockertest#539

chore(deps): bump actions/stale from 4 to 9 by @dependabot in ory/dockertest#554

New Contributors

@GuillaumeSmaha made their first contribution in ory/dockertest#520

@DGollings made their first contribution in ory/dockertest#488

@akoserwal made their first contribution in ory/dockertest#515

@atzoum made their first contribution in ory/dockertest#533

Full Changelog: ory/dockertest@v3.11.0...v3.12.0

Commits

8a76ff0 chore: update repository templates to ory/meta@bc60...
207b20a chore: update repository templates to ory/meta@83e7...
fabf563 autogen: update license overview
4b1e539 chore: update repository templates to ory/meta@44ef...
46d1a7b chore: update repository templates to ory/meta@c091...
13e6e33 chore(deps): bump actions/stale from 4 to 9 (#554)
91b7d0b chore(deps): bump actions/setup-node from 2.pre.beta to 4.1.0 (#539)
28c8c5b chore(deps): bump github.com/containerd/continuity from 0.4.3 to 0.4.5 (#545)
eec3a4f feat: add support for BuildKit when building images (#416)
f6e65ba chore(deps): bump github.com/stretchr/testify from 1.9.0 to 1.10.0 (#547)
Additional commits viewable in compare view

Updates github.com/sigstore/sigstore from 1.8.15 to 1.9.4

Release notes

Sourced from github.com/sigstore/sigstore's releases.

v1.9.4

What's Changed

Add a Name field to the TargetFile struct in sigstore/sigstore#2068

Update to use Tink v2.3.0 API in sigstore/sigstore#2069

Full Changelog: sigstore/sigstore@v1.9.3...v1.9.4

v1.9.3

What's Changed

add proto hash algorithm to registry by @loosebazooka in sigstore/sigstore#2048

New Contributors

@loosebazooka made their first contribution in sigstore/sigstore#2048

Full Changelog: sigstore/sigstore@v1.9.2...v1.9.3

v1.9.2

What's Changed

Add tink package by @cmurphy in sigstore/sigstore#2024

pkg/signature: add P384/P521 compatibility algo to algorithm registry by @ret2libc in sigstore/sigstore#2037

New Contributors

@cmurphy made their first contribution in sigstore/sigstore#2024

Full Changelog: sigstore/sigstore@v1.9.1...v1.9.2

v1.9.1

What's Changed

Implement default signing algorithms based on the key type by @ret2libc in sigstore/sigstore#2014

Full Changelog: sigstore/sigstore@v1.9.0...v1.9.1

v1.9.0

What's Changed

Update KMS policy for new plugin interface by @haydentherapper in sigstore/sigstore#1987

Update TUF root to latest v12 root by @haydentherapper in sigstore/sigstore#1988

build(deps): Bump github.com/go-jose/go-jose/v4 from 4.0.2 to 4.0.5 by @dependabot in sigstore/sigstore#1994

upgrade go-jose to v4 by @cpanato in sigstore/sigstore#2000

pkg/signature: expose Algorithm Details information by @ret2libc in sigstore/sigstore#2001

Full Changelog: sigstore/sigstore@v1.8.15...v1.9.0

Commits

0c2ec3a Update to use Tink v2.3.0 API (#2069)
8f79f87 Add a Name field to the TargetFile struct (#2068)
0923918 Update signing algorithm policy (#2066)
d49b18c build(deps): Bump cloud.google.com/go/kms (#2067)
844f42d build(deps): Bump golang.org/x/net in /pkg/signature/kms/hashivault (#2064)
2f15489 build(deps): Bump github.com/Azure/azure-sdk-for-go/sdk/azidentity (#2057)
6e3c093 build(deps): Bump golang.org/x/oauth2 from 0.28.0 to 0.29.0 (#2052)
20f1b38 build(deps): Bump github.com/tink-crypto/tink-go/v2 from 2.3.0 to 2.4.0 (#2053)
ca90b6d build(deps): Bump github.com/coreos/go-oidc/v3 from 3.13.0 to 3.14.1 (#2055)
fcf4f5d build(deps): Bump github.com/Azure/azure-sdk-for-go/sdk/azcore (#2059)
Additional commits viewable in compare view

Updates golang.org/x/crypto from 0.37.0 to 0.38.0

Commits

aae6e61 go.mod: update golang.org/x dependencies
9c1aa6a ssh/test: reset the random source before capturing a recording
8819902 ssh/test: enable Diffie-Hellman key exchange algorithms
3f311e4 acme: return error from pre-authorization when unsupported
1f7c62c ssh/test: skip unsupported tests on js/wasm
a5f8048 acme/autocert: use standard functions to pick the cache directory
958cde8 Revert "chacha20: add loong64 SIMD implementation"
51f005c Revert "salsa20: add loong64 SIMD implementation"
7c35866 Revert "argon2: add loong64 SIMD implementation"
0091fc8 Revert "blake2s: add loong64 SIMD implementation"
Additional commits viewable in compare view

Updates golang.org/x/oauth2 from 0.29.0 to 0.30.0

Commits

cf14319 oauth2: fix expiration time window check
32d34ef internal: include clientID in auth style cache key
2d34e30 oauth2: replace a magic number with AuthStyleUnknown
696f7b3 all: modernize with doc links and any
471209b oauth2: drop dependency on go-cmp
6968da2 oauth2: sync Token.ExpiresIn from internal Token
d2c4e0a oauth2: context instead of golang.org/x/net/context in doc
883dc3c endpoints: add various endpoints from stale CLs
1c06e87 all: make use of oauth.Token.ExpiresIn
See full diff in compare view

Updates golang.org/x/sync from 0.13.0 to 0.14.0

Commits

506c70f errgroup: propagate panic and Goexit through Wait
See full diff in compare view

Updates oras.land/oras-go/v2 from 2.5.0 to 2.6.0

Release notes

Sourced from oras.land/oras-go/v2's releases.

v2.6.0

New Features

Upgrade to image-spec v1.1.1 and distribution-spec v1.1.1

Support context cancellation in file.Store.Add()

Introduce credentials.NewMemoryStoreFromDockerConfig to load Docker config bytes into an in-memory credentials store

Add PreservePermissions option to file store to retain original permissions when extracting tar archives

Introduce oras.CopyError to identify error sources in copy operations

Bug Fixes

Fix #640: Unclear error message from oci.NewFromTar

Fix #865: Symbolic links are not automatically overwritten when extracted from tar archive to File store

Fix #851: Dot‑prefixed paths in tar archives were not recognized by ReadOnlyOCIStore

Fix #880: The index.json generated by the OCI store lacked a mediaType field

Fix #895: The Docker-Content-Digest header was not verified in Repository.Blobs().Fetch()

Fix #916: Incorrect use of atomic.Value in the syncutil.Go utility function causes panics

Fix #923: Pushing descriptors with invalid digests to memory or file store caused panics

Other minor bug fixes

Documentation

Add documentation for artifact modeling

Add documentation for targets and content store

Add quickstart tutorial

Improve examples

Other minor improvements

Other Changes

Upgrade the Go support window to [1.23, 1.24]

Increase test coverage to 80%

Update dependencies

Minor optimization

Detailed Commits

fix: cancel goroutine before the next one is created by @wangxiaoxuan273 in oras-project/oras-go#739

build(deps): bump apache/skywalking-eyes from 0.5.0 to 0.6.0 by @dependabot in oras-project/oras-go#740

bump(ci): update codecov to v4 by @wangxiaoxuan273 in oras-project/oras-go#741

docs: update migration guide and copy doc by @Wwwsylvia in oras-project/oras-go#752

test: fix file closing issue on windows by @shizhMSFT in oras-project/oras-go#764

docs: document PackManifestOptions to make PackManifest reproducible by @wangxiaoxuan273 in oras-project/oras-go#749

build: enforce diff code coverage of 80% by @Wwwsylvia in oras-project/oras-go#769

fix: add missing operation to fs path error by @qweeah in oras-project/oras-go#799

build(deps): bump golang.org/x/sync from 0.7.0 to 0.8.0 by @dependabot in oras-project/oras-go#801

feat: support context cancellation in file store by @lucasrod16 in oras-project/oras-go#803

build(go): shift Go support window to [1.22, 1.23] by @Wwwsylvia in oras-project/oras-go#820

refactor: fix seed for retry policy by @Wwwsylvia in oras-project/oras-go#821

fix: check close error in oci/storage.go during ingestion by @Wwwsylvia in oras-project/oras-go#830

chore(workflow): add stale bot by @Wwwsylvia in oras-project/oras-go#837

... (truncated)

Commits

05a2b09 build(deps): bump golang.org/x/sync from 0.13.0 to 0.14.0 (#955)
753f8a8 docs: improve README.md (#950)
5043a7b docs: updated broken links (#951)
17e7d15 docs: add quick start for oras-go (#939)
34a87ef test: add unit tests for validateMediaType (#946)
f7a6126 docs: add more practical examples (#940)
0c12035 docs: improve docs for OCI store (#941)
7963626 feat: introduce CopyError to identify error source in copy operations (#933)
6dd6913 build(deps): bump golang.org/x/sync from 0.12.0 to 0.13.0 (#937)
d0ac8e4 docs: update example tests (#932)
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the go-deps group with 12 updates in the / directory: | Package | From | To | | --- | --- | --- | | [github.com/Masterminds/semver/v3](https://github.com/Masterminds/semver) | `3.3.0` | `3.3.1` | | [github.com/fluxcd/pkg/apis/meta](https://github.com/fluxcd/pkg) | `1.11.0` | `1.12.0` | | [github.com/fluxcd/pkg/auth](https://github.com/fluxcd/pkg) | `0.12.0` | `0.13.0` | | [github.com/fluxcd/pkg/git](https://github.com/fluxcd/pkg) | `0.29.0` | `0.30.0` | | [github.com/fluxcd/pkg/git/gogit](https://github.com/fluxcd/pkg) | `0.31.0` | `0.32.0` | | [github.com/notaryproject/notation-core-go](https://github.com/notaryproject/notation-core-go) | `1.2.0` | `1.3.0` | | [github.com/notaryproject/notation-go](https://github.com/notaryproject/notation-go) | `1.3.0` | `1.3.2` | | [github.com/ory/dockertest/v3](https://github.com/ory/dockertest) | `3.11.0` | `3.12.0` | | [github.com/sigstore/sigstore](https://github.com/sigstore/sigstore) | `1.8.15` | `1.9.4` | | [golang.org/x/crypto](https://github.com/golang/crypto) | `0.37.0` | `0.38.0` | | [golang.org/x/oauth2](https://github.com/golang/oauth2) | `0.29.0` | `0.30.0` | | [oras.land/oras-go/v2](https://github.com/oras-project/oras-go) | `2.5.0` | `2.6.0` | Updates `github.com/Masterminds/semver/v3` from 3.3.0 to 3.3.1 - [Release notes](https://github.com/Masterminds/semver/releases) - [Changelog](https://github.com/Masterminds/semver/blob/master/CHANGELOG.md) - [Commits](Masterminds/semver@v3.3.0...v3.3.1) Updates `github.com/fluxcd/pkg/apis/meta` from 1.11.0 to 1.12.0 - [Commits](fluxcd/pkg@apis/meta/v1.11.0...apis/meta/v1.12.0) Updates `github.com/fluxcd/pkg/auth` from 0.12.0 to 0.13.0 - [Commits](fluxcd/pkg@git/v0.12.0...git/v0.13.0) Updates `github.com/fluxcd/pkg/git` from 0.29.0 to 0.30.0 - [Commits](fluxcd/pkg@git/v0.29.0...git/v0.30.0) Updates `github.com/fluxcd/pkg/git/gogit` from 0.31.0 to 0.32.0 - [Commits](fluxcd/pkg@oci/v0.31.0...oci/v0.32.0) Updates `github.com/notaryproject/notation-core-go` from 1.2.0 to 1.3.0 - [Release notes](https://github.com/notaryproject/notation-core-go/releases) - [Commits](notaryproject/notation-core-go@v1.2.0...v1.3.0) Updates `github.com/notaryproject/notation-go` from 1.3.0 to 1.3.2 - [Release notes](https://github.com/notaryproject/notation-go/releases) - [Changelog](https://github.com/notaryproject/notation-go/blob/main/RELEASE_CHECKLIST.md) - [Commits](notaryproject/notation-go@v1.3.0...v1.3.2) Updates `github.com/ory/dockertest/v3` from 3.11.0 to 3.12.0 - [Release notes](https://github.com/ory/dockertest/releases) - [Commits](ory/dockertest@v3.11.0...v3.12.0) Updates `github.com/sigstore/sigstore` from 1.8.15 to 1.9.4 - [Release notes](https://github.com/sigstore/sigstore/releases) - [Commits](sigstore/sigstore@v1.8.15...v1.9.4) Updates `golang.org/x/crypto` from 0.37.0 to 0.38.0 - [Commits](golang/crypto@v0.37.0...v0.38.0) Updates `golang.org/x/oauth2` from 0.29.0 to 0.30.0 - [Commits](golang/oauth2@v0.29.0...v0.30.0) Updates `golang.org/x/sync` from 0.13.0 to 0.14.0 - [Commits](golang/sync@v0.13.0...v0.14.0) Updates `oras.land/oras-go/v2` from 2.5.0 to 2.6.0 - [Release notes](https://github.com/oras-project/oras-go/releases) - [Commits](oras-project/oras-go@v2.5.0...v2.6.0) --- updated-dependencies: - dependency-name: github.com/Masterminds/semver/v3 dependency-version: 3.3.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go-deps - dependency-name: github.com/fluxcd/pkg/apis/meta dependency-version: 1.12.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-deps - dependency-name: github.com/fluxcd/pkg/auth dependency-version: 0.13.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-deps - dependency-name: github.com/fluxcd/pkg/git dependency-version: 0.30.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-deps - dependency-name: github.com/fluxcd/pkg/git/gogit dependency-version: 0.32.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-deps - dependency-name: github.com/notaryproject/notation-core-go dependency-version: 1.3.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-deps - dependency-name: github.com/notaryproject/notation-go dependency-version: 1.3.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go-deps - dependency-name: github.com/ory/dockertest/v3 dependency-version: 3.12.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-deps - dependency-name: github.com/sigstore/sigstore dependency-version: 1.9.4 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-deps - dependency-name: golang.org/x/crypto dependency-version: 0.38.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-deps - dependency-name: golang.org/x/oauth2 dependency-version: 0.30.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-deps - dependency-name: golang.org/x/sync dependency-version: 0.14.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-deps - dependency-name: oras.land/oras-go/v2 dependency-version: 2.6.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-deps ... Signed-off-by: dependabot[bot] <[email protected]>

dependabot · 2025-05-20T03:03:11Z

Looks like these dependencies are updatable in another way, so this is no longer needed.

dependabot bot added the dependencies Pull requests that update a dependency label May 16, 2025

dependabot bot closed this May 20, 2025

dependabot bot deleted the dependabot/go_modules/go-deps-beb7e20fa6 branch May 20, 2025 03:03

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

build(deps): bump the go-deps group across 1 directory with 13 updates #1801

build(deps): bump the go-deps group across 1 directory with 13 updates #1801

Uh oh!

dependabot bot commented on behalf of github May 16, 2025 •

edited

Loading

Uh oh!

dependabot bot commented on behalf of github May 20, 2025

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Uh oh!

build(deps): bump the go-deps group across 1 directory with 13 updates #1801

build(deps): bump the go-deps group across 1 directory with 13 updates #1801

Uh oh!

Conversation

dependabot bot commented on behalf of github May 16, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

v3.3.1

What's Changed

Changelog

v1.3.0

Updates

What's Changed since v1.2.0

v1.3.2

Update

What's Changed since notation-go v1.3.1

New Contributors

v1.3.1

Bug fix

What's Changed

v3.12.0

What's Changed

New Contributors

v1.9.4

What's Changed

v1.9.3

What's Changed

New Contributors

v1.9.2

What's Changed

New Contributors

v1.9.1

What's Changed

v1.9.0

What's Changed

v2.6.0

New Features

Bug Fixes

Documentation

Other Changes

Detailed Commits

Uh oh!

dependabot bot commented on behalf of github May 20, 2025

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

dependabot bot commented on behalf of github May 16, 2025 •

edited

Loading