Bump github.com/smallstep/certificates from 0.26.1 to 0.28.3 (#1)

Bumps
[github.com/smallstep/certificates](https://github.com/smallstep/certificates)
from 0.26.1 to 0.28.3.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/smallstep/certificates/releases">github.com/smallstep/certificates's
releases</a>.</em></p>
<blockquote>
<h2>Step CA v0.28.3 (25-03-18)</h2>
<h2>Official Release Artifacts</h2>
<h4>Linux</h4>
<ul>
<li>📦 <a
href="https://dl.smallstep.com/gh-release/certificates/gh-release-header/v0.28.3/step-ca_linux_0.28.3_amd64.tar.gz">step-ca_linux_0.28.3_amd64.tar.gz</a></li>
<li>📦 <a
href="https://dl.smallstep.com/gh-release/certificates/gh-release-header/v0.28.3/step-ca_0.28.3-1_amd64.deb">step-ca_0.28.3-1_amd64.deb</a></li>
<li>📦 <a
href="https://dl.smallstep.com/gh-release/certificates/gh-release-header/v0.28.3/step-ca-0.28.3-1.x86_64.rpm">step-ca-0.28.3-1.x86_64.rpm</a></li>
<li>📦 <a
href="https://dl.smallstep.com/gh-release/certificates/gh-release-header/v0.28.3/step-ca_0.28.3-1_arm64.deb">step-ca_0.28.3-1_arm64.deb</a></li>
<li>📦 <a
href="https://dl.smallstep.com/gh-release/certificates/gh-release-header/v0.28.3/step-ca-0.28.3-1.aarch64.rpm">step-ca-0.28.3-1.aarch64.rpm</a></li>
</ul>
<h4>OSX Darwin</h4>
<ul>
<li>📦 <a
href="https://dl.smallstep.com/gh-release/certificates/gh-release-header/v0.28.3/step-ca_darwin_0.28.3_amd64.tar.gz">step-ca_darwin_0.28.3_amd64.tar.gz</a></li>
<li>📦 <a
href="https://dl.smallstep.com/gh-release/certificates/gh-release-header/v0.28.3/step-ca_darwin_0.28.3_arm64.tar.gz">step-ca_darwin_0.28.3_arm64.tar.gz</a></li>
</ul>
<h4>Windows</h4>
<ul>
<li>📦 <a
href="https://dl.smallstep.com/gh-release/certificates/gh-release-header/v0.28.3/step-ca_windows_0.28.3_amd64.zip">step-ca_windows_0.28.3_amd64.zip</a></li>
</ul>
<p>For more builds across platforms and architectures, see the
<code>Assets</code> section below.
And for packaged versions (Docker, k8s, Homebrew), see our <a
href="https://smallstep.com/docs/step-ca/installation">installation
docs</a>.</p>
<p>Don't see the artifact you need? Open an issue <a
href="https://github.com/smallstep/certificates/issues/new/choose">here</a>.</p>
<h2>Signatures and Checksums</h2>
<p><code>step-ca</code> uses <a
href="https://github.com/sigstore/cosign">sigstore/cosign</a> for
signing and verifying release artifacts.</p>
<p>Below is an example using <code>cosign</code> to verify a release
artifact:</p>
<pre><code>cosign verify-blob \
  --certificate step-ca_darwin_0.28.3_amd64.tar.gz.sig.pem \
  --signature step-ca_darwin_0.28.3_amd64.tar.gz.sig \
--certificate-identity-regexp
&quot;https://github\.com/smallstep/workflows/.*&quot; \
--certificate-oidc-issuer https://token.actions.githubusercontent.com \
  step-ca_darwin_0.28.3_amd64.tar.gz
</code></pre>
<p>The <code>checksums.txt</code> file (in the <code>Assets</code>
section below) contains a checksum for every artifact in the
release.</p>
<h2>Changelog</h2>
<ul>
<li>0cf1c5688708ec4a910c007d7f151c617b722268 empty commit</li>
<li>78745ba9ff05d489f4bb95789f163217818adf26 empty commit (<a
href="https://redirect.github.com/smallstep/certificates/issues/2216">#2216</a>)</li>
</ul>
<h2>Thanks!</h2>
<p>Those were the changes on v0.28.3!</p>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/smallstep/certificates/blob/master/CHANGELOG.md">github.com/smallstep/certificates's
changelog</a>.</em></p>
<blockquote>
<h2>[0.28.3] - 2025-03-17</h2>
<ul>
<li>dependabot updates</li>
</ul>
<h2>[0.28.2] - 2025-02-20</h2>
<h3>Added</h3>
<ul>
<li><code>smallstep/certificates#2113</code></li>
<li><code>smallstep/certificates#2114</code></li>
<li><code>smallstep/certificates#2124</code></li>
</ul>
<h3>Changed</h3>
<ul>
<li><code>smallstep/certificates#2098</code><a
href="https://redirect.github.com/smallstep/certificates/issues/2103">smallstep/certificates#2103</a>,
<a
href="https://redirect.github.com/smallstep/certificates/issues/2104">smallstep/certificates#2104</a>)
<ul>
<li>For example, replacing http.DefaultTransport clone in provisioner
webhook business logic.</li>
</ul>
</li>
</ul>
<h2>[0.28.1] - 2024-11-19</h2>
<h3>Added</h3>
<ul>
<li><code>smallstep/certificates#2065</code></li>
<li><code>smallstep/certificates#2066</code><a
href="https://redirect.github.com/smallstep/certificates/issues/2069">smallstep/certificates#2069</a>)</li>
<li><code>smallstep/certificates#2076</code></li>
<li><code>smallstep/certificates#2077</code></li>
</ul>
<h3>Changed</h3>
<ul>
<li><code>smallstep/certificates#2076</code></li>
</ul>
<h2>[0.28.0] - 2024-10-29</h2>
<h3>Added</h3>
<ul>
<li><code>smallstep/certificates#2045</code></li>
</ul>
<h3>Changed</h3>
<ul>
<li>For IID provisioners with disableCustomSANs set to true, validate
that the
requested DNS names are a subset of the allowed DNS names (based on the
IID token),
<code>smallstep/certificates#2044</code></li>
</ul>
<h2>[0.27.5] - 2024-10-17</h2>
<h3>Added</h3>
<ul>
<li><code>smallstep/certificates#2002</code></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/smallstep/certificates/commit/0cf1c5688708ec4a910c007d7f151c617b722268"><code>0cf1c56</code></a>
empty commit</li>
<li><a
href="https://github.com/smallstep/certificates/commit/78745ba9ff05d489f4bb95789f163217818adf26"><code>78745ba</code></a>
empty commit (<a
href="https://redirect.github.com/smallstep/certificates/issues/2216">#2216</a>)</li>
<li><a
href="https://github.com/smallstep/certificates/commit/dfdb7795b41a19772acb0cd9856ddb93a0391f77"><code>dfdb779</code></a>
Changelog for v0.28.3 (<a
href="https://redirect.github.com/smallstep/certificates/issues/2215">#2215</a>)</li>
<li><a
href="https://github.com/smallstep/certificates/commit/d17e2c586d61ff5ae402930478d872ab7b8489a8"><code>d17e2c5</code></a>
Merge pull request <a
href="https://redirect.github.com/smallstep/certificates/issues/2214">#2214</a>
from smallstep/dependabot/go_modules/github.com/ccov...</li>
<li><a
href="https://github.com/smallstep/certificates/commit/4865fdb85c262db33eab462f7aef5a4f66cd9d18"><code>4865fdb</code></a>
Bump github.com/ccoveille/go-safecast from 1.5.0 to 1.6.0</li>
<li><a
href="https://github.com/smallstep/certificates/commit/ac9048d6b1bc95cf92b47019ac42509e6d9ddfdb"><code>ac9048d</code></a>
Merge pull request <a
href="https://redirect.github.com/smallstep/certificates/issues/2212">#2212</a>
from smallstep/dependabot/go_modules/cloud.google.co...</li>
<li><a
href="https://github.com/smallstep/certificates/commit/450a35037bb21f9af9d0b508b7af831ff66a2e09"><code>450a350</code></a>
Bump cloud.google.com/go/security from 1.18.3 to 1.18.4</li>
<li><a
href="https://github.com/smallstep/certificates/commit/7afff07965487b4dd2e7cbea0674039db9e8e533"><code>7afff07</code></a>
Merge pull request <a
href="https://redirect.github.com/smallstep/certificates/issues/2213">#2213</a>
from smallstep/dependabot/go_modules/github.com/core...</li>
<li><a
href="https://github.com/smallstep/certificates/commit/fa6fd96636eea8efd062fd36a24f0d8e93addb88"><code>fa6fd96</code></a>
Merge pull request <a
href="https://redirect.github.com/smallstep/certificates/issues/2210">#2210</a>
from smallstep/dependabot/go_modules/cloud.google.co...</li>
<li><a
href="https://github.com/smallstep/certificates/commit/67aadedf2f3251c4410ae42971c0cd3d9404d67b"><code>67aaded</code></a>
Bump github.com/coreos/go-oidc/v3 from 3.12.0 to 3.13.0</li>
<li>Additional commits viewable in <a
href="https://github.com/smallstep/certificates/compare/v0.26.1...v0.28.3">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/smallstep/certificates&package-manager=go_modules&previous-version=0.26.1&new-version=0.28.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Author: dependabot[bot]

go.mod

@@ -7,7 +7,7 @@ require (
 	github.com/caddyserver/certmagic v0.23.0
 	github.com/libdns/libdns v1.0.0-beta.1
 	github.com/liujed/goutil v0.0.0
-	github.com/smallstep/certificates v0.26.1
+	github.com/smallstep/certificates v0.28.3
 	github.com/spf13/cobra v1.9.1
 	github.com/spf13/pflag v1.0.6
 	go.uber.org/zap v1.27.0
@@ -27,10 +27,12 @@ require (
 	github.com/aryann/difflib v0.0.0-20210328193216-ff5ff6dc229b // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/caddyserver/zerossl v0.1.3 // indirect
+	github.com/ccoveille/go-safecast v1.6.0 // indirect
 	github.com/cespare/xxhash v1.1.0 // indirect
 	github.com/cespare/xxhash/v2 v2.3.0 // indirect
 	github.com/chzyer/readline v1.5.1 // indirect
 	github.com/cloudflare/circl v1.6.0 // indirect
+	github.com/coreos/go-oidc/v3 v3.13.0 // indirect
 	github.com/cpuguy83/go-md2man/v2 v2.0.6 // indirect
 	github.com/dgraph-io/badger v1.6.2 // indirect
 	github.com/dgraph-io/badger/v2 v2.2007.4 // indirect
@@ -39,10 +41,8 @@ require (
 	github.com/dustin/go-humanize v1.0.1 // indirect
 	github.com/francoispqt/gojay v1.2.13 // indirect
 	github.com/go-jose/go-jose/v3 v3.0.4 // indirect
-	github.com/go-kit/kit v0.13.0 // indirect
-	github.com/go-kit/log v0.2.1 // indirect
-	github.com/go-logfmt/logfmt v0.6.0 // indirect
-	github.com/go-sql-driver/mysql v1.7.1 // indirect
+	github.com/go-jose/go-jose/v4 v4.0.5 // indirect
+	github.com/go-sql-driver/mysql v1.8.1 // indirect
 	github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 // indirect
 	github.com/golang/protobuf v1.5.4 // indirect
 	github.com/golang/snappy v0.0.4 // indirect
@@ -51,14 +51,10 @@ require (
 	github.com/google/uuid v1.6.0 // indirect
 	github.com/huandu/xstrings v1.5.0 // indirect
 	github.com/inconshreveable/mousetrap v1.1.0 // indirect
-	github.com/jackc/chunkreader/v2 v2.0.1 // indirect
-	github.com/jackc/pgconn v1.14.3 // indirect
-	github.com/jackc/pgio v1.0.0 // indirect
 	github.com/jackc/pgpassfile v1.0.0 // indirect
-	github.com/jackc/pgproto3/v2 v2.3.3 // indirect
 	github.com/jackc/pgservicefile v0.0.0-20221227161230-091c0ba34f0a // indirect
-	github.com/jackc/pgtype v1.14.0 // indirect
-	github.com/jackc/pgx/v4 v4.18.3 // indirect
+	github.com/jackc/pgx/v5 v5.6.0 // indirect
+	github.com/jackc/puddle/v2 v2.2.1 // indirect
 	github.com/klauspost/compress v1.18.0 // indirect
 	github.com/klauspost/cpuid/v2 v2.2.10 // indirect
 	github.com/manifoldco/promptui v0.9.0 // indirect
@@ -70,52 +66,55 @@ require (
 	github.com/mitchellh/copystructure v1.2.0 // indirect
 	github.com/mitchellh/go-ps v1.0.0 // indirect
 	github.com/mitchellh/reflectwalk v1.0.2 // indirect
+	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
 	github.com/onsi/ginkgo/v2 v2.13.2 // indirect
 	github.com/pbnjay/memory v0.0.0-20210728143218-7b4eea64cf58 // indirect
 	github.com/pkg/errors v0.9.1 // indirect
-	github.com/prometheus/client_golang v1.19.1 // indirect
-	github.com/prometheus/client_model v0.5.0 // indirect
-	github.com/prometheus/common v0.48.0 // indirect
-	github.com/prometheus/procfs v0.12.0 // indirect
+	github.com/prometheus/client_golang v1.21.1 // indirect
+	github.com/prometheus/client_model v0.6.1 // indirect
+	github.com/prometheus/common v0.62.0 // indirect
+	github.com/prometheus/procfs v0.15.1 // indirect
 	github.com/quic-go/qpack v0.5.1 // indirect
 	github.com/quic-go/quic-go v0.50.1 // indirect
-	github.com/rs/xid v1.5.0 // indirect
+	github.com/rs/xid v1.6.0 // indirect
 	github.com/russross/blackfriday/v2 v2.1.0 // indirect
 	github.com/shopspring/decimal v1.4.0 // indirect
 	github.com/shurcooL/sanitized_anchor_name v1.0.0 // indirect
-	github.com/slackhq/nebula v1.6.1 // indirect
-	github.com/smallstep/nosql v0.6.1 // indirect
-	github.com/smallstep/pkcs7 v0.0.0-20231024181729-3b98ecc1ca81 // indirect
-	github.com/smallstep/scep v0.0.0-20231024192529-aee96d7ad34d // indirect
+	github.com/slackhq/nebula v1.9.5 // indirect
+	github.com/smallstep/cli-utils v0.12.1 // indirect
+	github.com/smallstep/linkedca v0.23.0 // indirect
+	github.com/smallstep/nosql v0.7.0 // indirect
+	github.com/smallstep/pkcs7 v0.2.1 // indirect
+	github.com/smallstep/scep v0.0.0-20240926084937-8cf1ca453101 // indirect
 	github.com/smallstep/truststore v0.13.0 // indirect
 	github.com/spf13/cast v1.7.0 // indirect
 	github.com/stoewer/go-strcase v1.2.0 // indirect
 	github.com/tailscale/tscert v0.0.0-20240608151842-d3f834017e53 // indirect
-	github.com/urfave/cli v1.22.14 // indirect
+	github.com/urfave/cli v1.22.16 // indirect
 	github.com/zeebo/blake3 v0.2.4 // indirect
-	go.etcd.io/bbolt v1.3.9 // indirect
-	go.step.sm/cli-utils v0.9.0 // indirect
-	go.step.sm/crypto v0.45.0 // indirect
-	go.step.sm/linkedca v0.20.1 // indirect
+	go.etcd.io/bbolt v1.3.10 // indirect
+	go.step.sm/crypto v0.59.1 // indirect
 	go.uber.org/automaxprocs v1.6.0 // indirect
 	go.uber.org/mock v0.5.0 // indirect
 	go.uber.org/multierr v1.11.0 // indirect
 	go.uber.org/zap/exp v0.3.0 // indirect
 	golang.org/x/crypto v0.37.0 // indirect
 	golang.org/x/crypto/x509roots/fallback v0.0.0-20250305170421-49bf5b80c810 // indirect
-	golang.org/x/exp v0.0.0-20240506185415-9bf2ced13842 // indirect
+	golang.org/x/exp v0.0.0-20240531132922-fd00a4e0eefc // indirect
 	golang.org/x/mod v0.24.0 // indirect
 	golang.org/x/net v0.39.0 // indirect
+	golang.org/x/oauth2 v0.28.0 // indirect
 	golang.org/x/sync v0.13.0 // indirect
 	golang.org/x/sys v0.32.0 // indirect
 	golang.org/x/term v0.31.0 // indirect
 	golang.org/x/text v0.24.0 // indirect
 	golang.org/x/time v0.11.0 // indirect
 	golang.org/x/tools v0.32.0 // indirect
-	google.golang.org/genproto/googleapis/api v0.0.0-20241007155032-5fefd90f89a9 // indirect
-	google.golang.org/genproto/googleapis/rpc v0.0.0-20241007155032-5fefd90f89a9 // indirect
-	google.golang.org/grpc v1.67.1 // indirect
-	google.golang.org/protobuf v1.35.1 // indirect
+	google.golang.org/genproto/googleapis/api v0.0.0-20250303144028-a0af3efb3deb // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20250303144028-a0af3efb3deb // indirect
+	google.golang.org/grpc v1.71.0 // indirect
+	google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.5.1 // indirect
+	google.golang.org/protobuf v1.36.5 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 	howett.net/plist v1.0.0 // indirect
 )