Skip to content

build(deps): bump the go-deps group with 4 updates #1818

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

build(deps): bump the go-deps group with 4 updates #1818

wants to merge 1 commit into from

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github May 28, 2025
edited
Loading

Bumps the go-deps group with 4 updates: github.com/fluxcd/pkg/helmtestserver, github.com/sigstore/sigstore, google.golang.org/api and oras.land/oras-go/v2.

Updates github.com/fluxcd/pkg/helmtestserver from 0.24.0 to 0.25.0

Commits
  • 090c3ce Merge pull request #886 from dipti-pai/move-github-provider
  • 84883b4 Move auth/github to git/github
  • 0d627fb Merge pull request #885 from fluxcd/gh-app-cache-key
  • 4380ea7 Take the hash of all the parts in the GitHub App token cache key
  • 84d0d45 Merge pull request #882 from kathleenfrench/kfrench/cel-eval-string
  • 567773d support string evaluation in CEL expressions
  • 8b1f852 Merge pull request #881 from fluxcd/token-cache-flags
  • 4b34b01 Add CLI flags for the token cache and method to delete all events
  • c05eb67 Merge pull request #880 from fluxcd/cache-custom-metric-labels
  • 4d91aae Add option for custom event namespace label in cache metrics
  • Additional commits viewable in compare view

Updates github.com/sigstore/sigstore from 1.9.1 to 1.9.4

Release notes

Sourced from github.com/sigstore/sigstore's releases.

v1.9.4

What's Changed

Full Changelog: sigstore/sigstore@v1.9.3...v1.9.4

v1.9.3

What's Changed

New Contributors

Full Changelog: sigstore/sigstore@v1.9.2...v1.9.3

v1.9.2

What's Changed

New Contributors

Full Changelog: sigstore/sigstore@v1.9.1...v1.9.2

Commits
  • 0c2ec3a Update to use Tink v2.3.0 API (#2069)
  • 8f79f87 Add a Name field to the TargetFile struct (#2068)
  • 0923918 Update signing algorithm policy (#2066)
  • d49b18c build(deps): Bump cloud.google.com/go/kms (#2067)
  • 844f42d build(deps): Bump golang.org/x/net in /pkg/signature/kms/hashivault (#2064)
  • 2f15489 build(deps): Bump github.com/Azure/azure-sdk-for-go/sdk/azidentity (#2057)
  • 6e3c093 build(deps): Bump golang.org/x/oauth2 from 0.28.0 to 0.29.0 (#2052)
  • 20f1b38 build(deps): Bump github.com/tink-crypto/tink-go/v2 from 2.3.0 to 2.4.0 (#2053)
  • ca90b6d build(deps): Bump github.com/coreos/go-oidc/v3 from 3.13.0 to 3.14.1 (#2055)
  • fcf4f5d build(deps): Bump github.com/Azure/azure-sdk-for-go/sdk/azcore (#2059)
  • Additional commits viewable in compare view

Updates google.golang.org/api from 0.227.0 to 0.234.0

Release notes

Sourced from google.golang.org/api's releases.

v0.234.0

0.234.0 (2025-05-21)

Features

Bug Fixes

  • Check for auth creds in options to trigger new auth lib usage (#3162) (b356c44)

v0.233.0

0.233.0 (2025-05-13)

Features

v0.232.0

0.232.0 (2025-05-05)

Features

v0.231.0

0.231.0 (2025-04-29)

... (truncated)

Changelog

Sourced from google.golang.org/api's changelog.

0.234.0 (2025-05-21)

Features

Bug Fixes

  • Check for auth creds in options to trigger new auth lib usage (#3162) (b356c44)

0.233.0 (2025-05-13)

Features

0.232.0 (2025-05-05)

Features

0.231.0 (2025-04-29)

Features

... (truncated)

Commits

Updates oras.land/oras-go/v2 from 2.5.0 to 2.6.0

Release notes

Sourced from oras.land/oras-go/v2's releases.

v2.6.0

New Features

Bug Fixes

  • Fix #640: Unclear error message from oci.NewFromTar
  • Fix #865: Symbolic links are not automatically overwritten when extracted from tar archive to File store
  • Fix #851: Dot‑prefixed paths in tar archives were not recognized by ReadOnlyOCIStore
  • Fix #880: The index.json generated by the OCI store lacked a mediaType field
  • Fix #895: The Docker-Content-Digest header was not verified in Repository.Blobs().Fetch()
  • Fix #916: Incorrect use of atomic.Value in the syncutil.Go utility function causes panics
  • Fix #923: Pushing descriptors with invalid digests to memory or file store caused panics
  • Other minor bug fixes

Documentation

  • Add documentation for artifact modeling
  • Add documentation for targets and content store
  • Add quickstart tutorial
  • Improve examples
  • Other minor improvements

Other Changes

  • Upgrade the Go support window to [1.23, 1.24]
  • Increase test coverage to 80%
  • Update dependencies
  • Minor optimization

Detailed Commits

... (truncated)

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot dependabot bot added the dependencies Pull requests that update a dependency label May 28, 2025
@dependabot
build(deps): bump the go-deps group with 4 updates
3c4f009 
Bumps the go-deps group with 4 updates: [github.com/fluxcd/pkg/helmtestserver](https://github.com/fluxcd/pkg), [github.com/sigstore/sigstore](https://github.com/sigstore/sigstore), [google.golang.org/api](https://github.com/googleapis/google-api-go-client) and [oras.land/oras-go/v2](https://github.com/oras-project/oras-go).


Updates `github.com/fluxcd/pkg/helmtestserver` from 0.24.0 to 0.25.0
- [Commits](fluxcd/pkg@git/v0.24.0...git/v0.25.0)

Updates `github.com/sigstore/sigstore` from 1.9.1 to 1.9.4
- [Release notes](https://github.com/sigstore/sigstore/releases)
- [Commits](sigstore/sigstore@v1.9.1...v1.9.4)

Updates `google.golang.org/api` from 0.227.0 to 0.234.0
- [Release notes](https://github.com/googleapis/google-api-go-client/releases)
- [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md)
- [Commits](googleapis/google-api-go-client@v0.227.0...v0.234.0)

Updates `oras.land/oras-go/v2` from 2.5.0 to 2.6.0
- [Release notes](https://github.com/oras-project/oras-go/releases)
- [Commits](oras-project/oras-go@v2.5.0...v2.6.0)

---
updated-dependencies:
- dependency-name: github.com/fluxcd/pkg/helmtestserver
  dependency-version: 0.25.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-deps
- dependency-name: github.com/sigstore/sigstore
  dependency-version: 1.9.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go-deps
- dependency-name: google.golang.org/api
  dependency-version: 0.234.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-deps
- dependency-name: oras.land/oras-go/v2
  dependency-version: 2.6.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-deps
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot force-pushed the dependabot/go_modules/go-deps-6b5d9a04d7 branch from d4ca885 to 3c4f009 Compare May 28, 2025 13:20
@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Jun 9, 2025

Looks like these dependencies are updatable in another way, so this is no longer needed.

@dependabot dependabot bot closed this Jun 9, 2025
@dependabot dependabot bot deleted the dependabot/go_modules/go-deps-6b5d9a04d7 branch June 9, 2025 16:46
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant