Skip to content

build(deps): bump the go-deps group across 1 directory with 9 updates #1841

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

build(deps): bump the go-deps group across 1 directory with 9 updates #1841

wants to merge 1 commit into from

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Jun 27, 2025
edited
Loading

Bumps the go-deps group with 7 updates in the / directory:

Package From To
github.com/fluxcd/pkg/apis/meta 1.12.0 1.13.0
github.com/fluxcd/pkg/helmtestserver 0.24.0 0.25.0
github.com/fluxcd/pkg/runtime 0.60.0 0.61.0
github.com/fluxcd/pkg/version 0.7.0 0.8.0
github.com/minio/minio-go/v7 7.0.92 7.0.94
github.com/sigstore/cosign/v2 2.5.0 2.5.2
oras.land/oras-go/v2 2.5.0 2.6.0

Updates github.com/fluxcd/pkg/apis/meta from 1.12.0 to 1.13.0

Commits
  • 246bc82 Merge pull request #942 from fluxcd/force-annotation
  • 86ef319 Introduce reconcile.fluxcd.io/forceAt annotation
  • 9be33b3 Merge pull request #941 from fluxcd/crypto-v0.39.0
  • 8957219 Update golang.org/x/crypto to v0.39.0
  • 406c48d Merge pull request #940 from fluxcd/release-git-pkgs
  • 2298005 Release git/v0.32.0 and git/gogit/v0.34.0
  • 47a1b23 Merge pull request #938 from fluxcd/public-ecr
  • a0d4442 Fix support for public.ecr.aws
  • 53c7b2d Merge pull request #939 from kane8n/update-go-git
  • 77f008c update go-git
  • Additional commits viewable in compare view

Updates github.com/fluxcd/pkg/helmtestserver from 0.24.0 to 0.25.0

Commits
  • 090c3ce Merge pull request #886 from dipti-pai/move-github-provider
  • 84883b4 Move auth/github to git/github
  • 0d627fb Merge pull request #885 from fluxcd/gh-app-cache-key
  • 4380ea7 Take the hash of all the parts in the GitHub App token cache key
  • 84d0d45 Merge pull request #882 from kathleenfrench/kfrench/cel-eval-string
  • 567773d support string evaluation in CEL expressions
  • 8b1f852 Merge pull request #881 from fluxcd/token-cache-flags
  • 4b34b01 Add CLI flags for the token cache and method to delete all events
  • c05eb67 Merge pull request #880 from fluxcd/cache-custom-metric-labels
  • 4d91aae Add option for custom event namespace label in cache metrics
  • Additional commits viewable in compare view

Updates github.com/fluxcd/pkg/runtime from 0.60.0 to 0.61.0

Commits
  • e5de5fa Merge pull request #951 from cappyzawa/remove-runtime-tls-package
  • aab4541 runtime/tls: remove deprecated package
  • 5d70542 Merge pull request #950 from cappyzawa/add-runtime-secrets-package
  • deb3fae fixup! fixup! runtime/secrets: add package for consolidated secret handling
  • 9eb2c69 fixup! fixup! fixup! fixup! runtime/secrets: add package for consolidated sec...
  • 94fce87 fixup! fixup! fixup! runtime/secrets: add package for consolidated secret han...
  • 27e72a9 fixup! fixup! runtime/secrets: add package for consolidated secret handling
  • 939a696 fixup! fixup! runtime/secrets: add package for consolidated secret handling
  • 86bf9bb fixup! runtime/secrets: add package for consolidated secret handling
  • 2abb738 fixup! runtime/secrets: add package for consolidated secret handling
  • Additional commits viewable in compare view

Updates github.com/fluxcd/pkg/version from 0.7.0 to 0.8.0

Commits
  • 7ef01b0 Merge pull request #442 from blurpy/feature/git_bearer_token
  • 659695f Add back support for passphrase protected ssh keys
  • 767e771 Validate that basic auth and bearer token cannot be set at the same time
  • cbf091c Add test to verify that username from Secret is preferred
  • b6c6888 Refactor of NewAuthOptions to only fill the auth options that are relevant
  • fef9d6a Add more test scenarios for NewAuthOptions
  • 9b9b723 Validate that bearer token is not used over http
  • 04d0d48 Add some quick tests of basic auth in client.validateUrl()
  • a451505 Support specifying bearerToken for git http token authentication.
  • bfb6385 Merge pull request #448 from fluxcd/e2e-ux
  • Additional commits viewable in compare view

Updates github.com/minio/minio-go/v7 from 7.0.92 to 7.0.94

Release notes

Sourced from github.com/minio/minio-go/v7's releases.

Bugfix Release

What's Changed

New Contributors

Full Changelog: minio/minio-go@v7.0.92...v7.0.93

Commits
  • 564e213 fix: canceled context should not start list before do listObjects (#2122)
  • 99a107f Update version to next release
  • dc94dff Add constants for response errors (#2120)
  • 7a9dff0 Add support of error responses in 200 OK body (#2115)
  • 496595d test: add mint test case for metadata with non-us-ascll (#2118)
  • 14d7d61 fix: parse the mime metadata when do get/head object (#2106)
  • 258935a update documented API.md (#2111)
  • ebcbfeb add iterator based RemoveObjects implementation (#2113)
  • 07f51b1 Add Checksums to versioned list results (#2116)
  • 48ee2d3 replication: add in progress metric and target status (#2109)
  • Additional commits viewable in compare view

Updates github.com/sigstore/cosign/v2 from 2.5.0 to 2.5.2

Release notes

Sourced from github.com/sigstore/cosign/v2's releases.

v2.5.2

Changelog

  • b1261098fbe8a7680732d36b52237ecf574808d5 Do not load trusted root when CT env key is set
  • 19ef59d3d55e2c987de30bbd3b72fe3df0d1ec34 docs: improve doc for --no-upload option (#4206)

Thanks to all contributors!

v2.5.1

Features

  • Add Rekor v2 support for trusted-root create (#4242)
  • Add baseUrl and Uri to trusted-root create command
  • Upgrade to TUF v2 client with trusted root
  • Don't verify SCT for a private PKI cert (#4225)
  • Bump TSA library to relax EKU chain validation rules (#4219)

Bug Fixes

  • Bump sigstore-go to pick up log index=0 fix (#4162)
  • remove unused recursive flag on attest command (#4187)

Docs

  • Fix indentation in verify-blob cmd examples (#4160)

Releases

  • ensure we copy the latest tags on each release (#4157)
Changelog

Sourced from github.com/sigstore/cosign/v2's changelog.

v2.5.2

Bug Fixes

  • Do not load trusted root when CT env key is set

Documentation

  • docs: improve doc for --no-upload option (#4206)

v2.5.1

Features

  • Add Rekor v2 support for trusted-root create (#4242)
  • Add baseUrl and Uri to trusted-root create command
  • Upgrade to TUF v2 client with trusted root
  • Don't verify SCT for a private PKI cert (#4225)
  • Bump TSA library to relax EKU chain validation rules (#4219)

Bug Fixes

  • Bump sigstore-go to pick up log index=0 fix (#4162)
  • remove unused recursive flag on attest command (#4187)

Docs

  • Fix indentation in verify-blob cmd examples (#4160)

Releases

  • ensure we copy the latest tags on each release (#4157)

Contributors

  • arthurus-rex
  • Babak K. Shandiz
  • Bob Callaway
  • Carlos Tadeu Panato Junior
  • Colleen Murphy
  • Dmitry Savintsev
  • Emmanuel Ferdman
  • Hayden B
  • Ville Skyttä
Commits
  • af5a988 Add changelog for v2.5.2 (#4253)
  • 2eb0d91 chore(deps): bump the gomod group across 1 directory with 11 updates (#4252)
  • dbbe60e chore(deps): bump gitlab.com/gitlab-org/api/client-go (#4246)
  • a71cb51 chore(deps): bump chainguard-dev/actions in the actions group (#4249)
  • b126109 Do not load trusted root when CT env key is set
  • 19ef59d docs: improve doc for --no-upload option (#4206)
  • 6839e63 Add CHANGELOG for v2.5.1 (#4245)
  • a7345fb Add Rekor v2 support for trusted-root create (#4242)
  • 3df894e Add baseUrl and Uri to trusted-root create command
  • fb26ffd update builder to use go1.24.4 (#4241)
  • Additional commits viewable in compare view

Updates github.com/sigstore/sigstore from 1.9.1 to 1.9.5

Release notes

Sourced from github.com/sigstore/sigstore's releases.

v1.9.5

What's Changed

Full Changelog: sigstore/sigstore@v1.9.4...v1.9.5

v1.9.4

What's Changed

Full Changelog: sigstore/sigstore@v1.9.3...v1.9.4

v1.9.3

What's Changed

New Contributors

Full Changelog: sigstore/sigstore@v1.9.2...v1.9.3

v1.9.2

What's Changed

New Contributors

Full Changelog: sigstore/sigstore@v1.9.1...v1.9.2

Commits
  • 75efc00 build(deps): Bump localstack/localstack in /test/e2e in the all group (#2092)
  • 32d462f build(deps): Bump the all group in /test/e2e with 3 updates (#2091)
  • 007cd79 build(deps): Bump the all group in /test/e2e with 3 updates (#2074)
  • bbd546b build(deps): Bump github.com/Azure/azure-sdk-for-go/sdk/azidentity (#2087)
  • 540126b build(deps): Bump google.golang.org/api in /pkg/signature/kms/gcp (#2088)
  • 0996ba4 build(deps): Bump actions/dependency-review-action in the all group (#2085)
  • 7eafe24 build(deps): Bump golang.org/x/oauth2 from 0.29.0 to 0.30.0 (#2081)
  • d771343 build(deps): Bump golang.org/x/crypto in /pkg/signature/kms/azure (#2082)
  • 1b0bd69 build(deps): Bump the all group with 2 updates (#2078)
  • e2f3b71 build(deps): Bump google.golang.org/api in /pkg/signature/kms/gcp (#2084)
  • Additional commits viewable in compare view

Updates google.golang.org/api from 0.227.0 to 0.237.0

Release notes

Sourced from google.golang.org/api's releases.

v0.237.0

0.237.0 (2025-06-12)

Features

v0.236.0

0.236.0 (2025-06-03)

Features

Bug Fixes

v0.235.0

0.235.0 (2025-05-28)

Features

Bug Fixes

  • internaloption: AuthCreds should honor WithoutAuthentication (#3166) (d117646)

... (truncated)

Changelog

Sourced from google.golang.org/api's changelog.

0.237.0 (2025-06-12)

Features

0.236.0 (2025-06-03)

Features

Bug Fixes

0.235.0 (2025-05-28)

Features

Bug Fixes

  • internaloption: AuthCreds should honor WithoutAuthentication (#3166) (d117646)

0.234.0 (2025-05-21)

... (truncated)

Commits

Updates oras.land/oras-go/v2 from 2.5.0 to 2.6.0

Release notes

Sourced from oras.land/oras-go/v2's releases.

v2.6.0

New Features

Bug Fixes

  • Fix #640: Unclear error message from oci.NewFromTar
  • Fix #865: Symbolic links are not automatically overwritten when extracted from tar archive to File store
  • Fix #851: Dot‑prefixed paths in tar archives were not recognized by ReadOnlyOCIStore
  • Fix #880: The index.json generated by the OCI store lacked a mediaType field
  • Fix #895: The Docker-Content-Digest header was not verified in Repository.Blobs().Fetch()
  • Fix #916: Incorrect use of atomic.Value in the syncutil.Go utility function causes panics
  • Fix #923: Pushing descriptors with invalid digests to memory or file store caused panics
  • Other minor bug fixes

Documentation

  • Add documentation for artifact modeling
  • Add documentation for targets and content store
  • Add quickstart tutorial
  • Improve examples
  • Other minor improvements

Other Changes

  • Upgrade the Go support window to [1.23, 1.24]
  • Increase test coverage to 80%
  • Update dependencies
  • Minor optimization

Detailed Commits

... (truncated)

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot dependabot bot added the dependencies Pull requests that update a dependency label Jun 27, 2025
@dependabot dependabot bot force-pushed the dependabot/go_modules/go-deps-5b4faed1e2 branch from 445b71f to e23fbcf Compare July 1, 2025 06:16
@dependabot
build(deps): bump the go-deps group across 1 directory with 9 updates
fef8b2c 
Bumps the go-deps group with 7 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [github.com/fluxcd/pkg/apis/meta](https://github.com/fluxcd/pkg) | `1.12.0` | `1.13.0` |
| [github.com/fluxcd/pkg/helmtestserver](https://github.com/fluxcd/pkg) | `0.24.0` | `0.25.0` |
| [github.com/fluxcd/pkg/runtime](https://github.com/fluxcd/pkg) | `0.60.0` | `0.61.0` |
| [github.com/fluxcd/pkg/version](https://github.com/fluxcd/pkg) | `0.7.0` | `0.8.0` |
| [github.com/minio/minio-go/v7](https://github.com/minio/minio-go) | `7.0.92` | `7.0.94` |
| [github.com/sigstore/cosign/v2](https://github.com/sigstore/cosign) | `2.5.0` | `2.5.2` |
| [oras.land/oras-go/v2](https://github.com/oras-project/oras-go) | `2.5.0` | `2.6.0` |



Updates `github.com/fluxcd/pkg/apis/meta` from 1.12.0 to 1.13.0
- [Commits](fluxcd/pkg@apis/meta/v1.12.0...apis/meta/v1.13.0)

Updates `github.com/fluxcd/pkg/helmtestserver` from 0.24.0 to 0.25.0
- [Commits](fluxcd/pkg@git/v0.24.0...git/v0.25.0)

Updates `github.com/fluxcd/pkg/runtime` from 0.60.0 to 0.61.0
- [Commits](fluxcd/pkg@runtime/v0.60.0...runtime/v0.61.0)

Updates `github.com/fluxcd/pkg/version` from 0.7.0 to 0.8.0
- [Commits](fluxcd/pkg@tar/v0.7.0...git/v0.8.0)

Updates `github.com/minio/minio-go/v7` from 7.0.92 to 7.0.94
- [Release notes](https://github.com/minio/minio-go/releases)
- [Commits](minio/minio-go@v7.0.92...v7.0.94)

Updates `github.com/sigstore/cosign/v2` from 2.5.0 to 2.5.2
- [Release notes](https://github.com/sigstore/cosign/releases)
- [Changelog](https://github.com/sigstore/cosign/blob/main/CHANGELOG.md)
- [Commits](sigstore/cosign@v2.5.0...v2.5.2)

Updates `github.com/sigstore/sigstore` from 1.9.1 to 1.9.5
- [Release notes](https://github.com/sigstore/sigstore/releases)
- [Commits](sigstore/sigstore@v1.9.1...v1.9.5)

Updates `google.golang.org/api` from 0.227.0 to 0.237.0
- [Release notes](https://github.com/googleapis/google-api-go-client/releases)
- [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md)
- [Commits](googleapis/google-api-go-client@v0.227.0...v0.237.0)

Updates `oras.land/oras-go/v2` from 2.5.0 to 2.6.0
- [Release notes](https://github.com/oras-project/oras-go/releases)
- [Commits](oras-project/oras-go@v2.5.0...v2.6.0)

---
updated-dependencies:
- dependency-name: github.com/fluxcd/pkg/apis/meta
  dependency-version: 1.13.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-deps
- dependency-name: github.com/fluxcd/pkg/helmtestserver
  dependency-version: 0.25.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-deps
- dependency-name: github.com/fluxcd/pkg/runtime
  dependency-version: 0.61.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-deps
- dependency-name: github.com/fluxcd/pkg/version
  dependency-version: 0.8.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-deps
- dependency-name: github.com/minio/minio-go/v7
  dependency-version: 7.0.94
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go-deps
- dependency-name: github.com/sigstore/cosign/v2
  dependency-version: 2.5.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go-deps
- dependency-name: github.com/sigstore/sigstore
  dependency-version: 1.9.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go-deps
- dependency-name: google.golang.org/api
  dependency-version: 0.237.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-deps
- dependency-name: oras.land/oras-go/v2
  dependency-version: 2.6.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-deps
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot force-pushed the dependabot/go_modules/go-deps-5b4faed1e2 branch from e23fbcf to fef8b2c Compare July 9, 2025 11:21
@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Jul 14, 2025

Looks like these dependencies are no longer updatable, so this is no longer needed.

@dependabot dependabot bot closed this Jul 14, 2025
@dependabot dependabot bot deleted the dependabot/go_modules/go-deps-5b4faed1e2 branch July 14, 2025 21:10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant