Skip to content

build(deps): bump the go-deps group across 1 directory with 5 updates #1884

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

build(deps): bump the go-deps group across 1 directory with 5 updates #1884

wants to merge 1 commit into from

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Sep 4, 2025
edited
Loading

Bumps the go-deps group with 5 updates in the / directory:

Package From To
github.com/fluxcd/pkg/oci 0.54.0 0.55.0
github.com/fluxcd/pkg/runtime 0.82.0 0.83.0
github.com/minio/minio-go/v7 7.0.94 7.0.95
github.com/sigstore/cosign/v2 2.5.2 2.5.3
github.com/spf13/pflag 1.0.7 1.0.10

Updates github.com/fluxcd/pkg/oci from 0.54.0 to 0.55.0

Commits
  • 6ce1a83 Merge pull request #1019 from fluxcd/update-otel
  • 828f74f Prepare release
  • e7a2b15 Update otel to v1.38.0
  • d2f54dd Merge pull request #1018 from fluxcd/meta-artifact
  • 9adb480 apis: Add Artifact type to meta package
  • 7201e2c Merge pull request #1017 from fluxcd/kustomize-ignore-components
  • 929f4b4 kustomize: Add ignoreMissingComponents option
  • a5e02ce Merge pull request #1013 from fluxcd/meta-history
  • 71c0a08 Prepare release
  • 4aaf176 meta: Add History API for tracking reconcile runs in status
  • See full diff in compare view

Updates github.com/fluxcd/pkg/runtime from 0.82.0 to 0.83.0

Commits

Updates github.com/minio/minio-go/v7 from 7.0.94 to 7.0.95

Release notes

Sourced from github.com/minio/minio-go/v7's releases.

Bugfix Release

What's Changed

New Contributors

Full Changelog: minio/minio-go@v7.0.94...v7.0.95

Commits
  • bd91926 make sure to avoid closing the input reader (#2137)
  • 94f7e5e fix: DurationSeconds is a QueryValues not a Form data (#2128) (#2129)
  • 456f9b2 fix: explicitly use UTC for expiration field when marshaling PostPolicy (#2135)
  • beae4df setting multiple keys to trailer is not allowed
  • 6358be6 extend more missing headers for PartUploads (#2132)
  • bab3180 fix: missing append() API behavior (#2131)
  • 8a07725 set checksum headers requested properly (#2130)
  • 9b18e49 update all deps (#2125)
  • 68615a3 fix: prefix should use stringLike when new a bucketPolicy (2) (#2124)
  • 8eacd80 test: add test for PresignedPostPolicy with empty fileName (#2119)
  • Additional commits viewable in compare view

Updates github.com/sigstore/cosign/v2 from 2.5.2 to 2.5.3

Release notes

Sourced from github.com/sigstore/cosign/v2's releases.

v2.5.3

Changelog

  • 488ef8ceed5ab5d77379e9077a124a0d0df41d06 Add signing-config create command (#4280)
  • 722207e0059efea600a7c03ea4ff6caa889d84d3 Allow multiple services to be specified for trusted-root create (#4285)
  • 2ee22fcdf520a984281ff0195be89810a952280c force when copying the latest image to overwrite (#4298)
  • 86560e15eb407f7fa2ddddc7d9dbc4ba33cff635 Fix cert verification logic for trusted-root/SCTs (#4294)
  • 9f3b013feb3d46c8ee6d5539e7b13eb736ba14ce Fix lint error for types package (#4295)
  • 3b3c0fc20b621ed148b3efea00204f67bfda039d feat: Add OCI 1.1+ experimental support to tree (#4205)
  • 49c8d784a78d298d0eef1f9898d70eb2d0f07536 Add validity period end for trusted-root create (#4271)
  • ba8214ec0c6e50ef8c4e4272a16ccfacf5f3147d avoid double-loading trustedroot from file (#4264)

Thanks to all contributors!

Changelog

Sourced from github.com/sigstore/cosign/v2's changelog.

v2.5.3

Features

  • Add signing-config create command (#4280)
  • Allow multiple services to be specified for trusted-root create (#4285)
  • feat: Add OCI 1.1+ experimental support to tree (#4205)
  • Add validity period end for trusted-root create (#4271)

Bug Fixes

  • Fix cert verification logic for trusted-root/SCTs (#4294)
  • force when copying the latest image to overwrite (#4298)
  • avoid double-loading trustedroot from file (#4264)
Commits
  • 488ef8c Add signing-config create command (#4280)
  • 722207e Allow multiple services to be specified for trusted-root create (#4285)
  • e31d70b bump go-github to v73 (#4297)
  • 2ee22fc force when copying the latest image to overwrite (#4298)
  • 86560e1 Fix cert verification logic for trusted-root/SCTs (#4294)
  • 9f3b013 Fix lint error for types package (#4295)
  • 34f0ff9 chore(deps): bump github.com/buildkite/agent/v3 from 3.101.0 to 3.102.1 (#4288)
  • b2b9462 chore(deps): bump github.com/sigstore/protobuf-specs from 0.4.3 to 0.5.0 (#4289)
  • 60d47a0 chore(deps): bump google.golang.org/api from 0.240.0 to 0.241.0 (#4291)
  • 5dac117 chore(deps): bump golang.org/x/crypto from 0.39.0 to 0.40.0 (#4293)
  • Additional commits viewable in compare view

Updates github.com/spf13/pflag from 1.0.7 to 1.0.10

Release notes

Sourced from github.com/spf13/pflag's releases.

v1.0.10

What's Changed

New Contributors

Full Changelog: spf13/pflag@v1.0.9...v1.0.10

v1.0.9

What's Changed

Full Changelog: spf13/pflag@v1.0.8...v1.0.9

v1.0.8

⚠️ Breaking Change

This version, while only a patch bump, includes a (very minor) breaking change: the flag.ParseErrorsWhitelist struct and corresponding FlagSet.parseErrorsWhitelist field have been renamed to ParseErrorsAllowlist.

This should result in compilation errors in any code that uses these fields, which can be fixed by adjusting the names at call sites. There is no change in semantics or behavior of the struct or field referred to by these names. If your code compiles without errors after bumping to/past v1.0.8, you are not affected by this change.

The breaking change was reverted in v1.0.9, by means of re-introducing the old names with deprecation warnings. The plan is still to remove them in a future release, so if your code does depend on the old names, please change them to use the new names at your earliest convenience.

What's Changed

New Contributors

Full Changelog: spf13/pflag@v1.0.7...v1.0.8

Commits
  • 0491e57 Merge pull request #448 from thaJeztah/fix_go_version
  • 72abab1 Merge pull request #447 from thaJeztah/fix_deprecation_comment
  • 7e4dfb1 Test on Go 1.12
  • 18a9d17 move Func, BoolFunc, tests as they require go1.21
  • c5b9e98 remove uses of errors.Is, which requires go1.13
  • 45a4873 fix deprecation comment for (FlagSet.)ParseErrorsWhitelist
  • 1043857 Merge pull request #446 from spf13/fix-backwards-compat
  • 7412009 fix: Restore ParseErrorsWhitelist name for now
  • b9c16fa Merge pull request #444 from spf13/reset-args-even-if-empty
  • 40abc49 Merge pull request #443 from spf13/silence-errhelp
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
build(deps): bump the go-deps group across 1 directory with 5 updates
f5aae5d 
Bumps the go-deps group with 5 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [github.com/fluxcd/pkg/oci](https://github.com/fluxcd/pkg) | `0.54.0` | `0.55.0` |
| [github.com/fluxcd/pkg/runtime](https://github.com/fluxcd/pkg) | `0.82.0` | `0.83.0` |
| [github.com/minio/minio-go/v7](https://github.com/minio/minio-go) | `7.0.94` | `7.0.95` |
| [github.com/sigstore/cosign/v2](https://github.com/sigstore/cosign) | `2.5.2` | `2.5.3` |
| [github.com/spf13/pflag](https://github.com/spf13/pflag) | `1.0.7` | `1.0.10` |



Updates `github.com/fluxcd/pkg/oci` from 0.54.0 to 0.55.0
- [Commits](fluxcd/pkg@oci/v0.54.0...oci/v0.55.0)

Updates `github.com/fluxcd/pkg/runtime` from 0.82.0 to 0.83.0
- [Commits](fluxcd/pkg@runtime/v0.82.0...runtime/v0.83.0)

Updates `github.com/minio/minio-go/v7` from 7.0.94 to 7.0.95
- [Release notes](https://github.com/minio/minio-go/releases)
- [Commits](minio/minio-go@v7.0.94...v7.0.95)

Updates `github.com/sigstore/cosign/v2` from 2.5.2 to 2.5.3
- [Release notes](https://github.com/sigstore/cosign/releases)
- [Changelog](https://github.com/sigstore/cosign/blob/main/CHANGELOG.md)
- [Commits](sigstore/cosign@v2.5.2...v2.5.3)

Updates `github.com/spf13/pflag` from 1.0.7 to 1.0.10
- [Release notes](https://github.com/spf13/pflag/releases)
- [Commits](spf13/pflag@v1.0.7...v1.0.10)

---
updated-dependencies:
- dependency-name: github.com/fluxcd/pkg/oci
  dependency-version: 0.55.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-deps
- dependency-name: github.com/fluxcd/pkg/runtime
  dependency-version: 0.83.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-deps
- dependency-name: github.com/minio/minio-go/v7
  dependency-version: 7.0.95
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go-deps
- dependency-name: github.com/sigstore/cosign/v2
  dependency-version: 2.5.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go-deps
- dependency-name: github.com/spf13/pflag
  dependency-version: 1.0.10
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go-deps
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added the dependencies Pull requests that update a dependency label Sep 4, 2025
@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Sep 4, 2025

Looks like these dependencies are updatable in another way, so this is no longer needed.

@dependabot dependabot bot closed this Sep 4, 2025
@dependabot dependabot bot deleted the dependabot/go_modules/go-deps-266d81246a branch September 4, 2025 16:46
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant