deps(deps): update all non-major dependencies

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
github.com/awslabs/amazon-ecr-credential-helper/ecr-login	v0.9.1 -> v0.10.1
github.com/go-logr/logr	v1.4.2 -> v1.4.3
github.com/google/go-containerregistry	v0.20.3 -> v0.20.6
github.com/onsi/ginkgo/v2	v2.22.2 -> v2.25.2
github.com/onsi/gomega	v1.36.2 -> v1.38.2
github.com/sigstore/cosign/v2	v2.4.3 -> v2.5.3
github.com/sigstore/sigstore	v1.8.15 -> v1.9.5
github.com/stretchr/testify	v1.10.0 -> v1.11.1
k8s.io/api	v0.32.2 -> v0.34.0
k8s.io/apimachinery	v0.32.2 -> v0.34.0
k8s.io/client-go	v0.32.2 -> v0.34.0
sigs.k8s.io/cluster-api	v1.9.5 -> v1.11.0
sigs.k8s.io/controller-runtime	v0.20.2 -> v0.22.0

---

Release Notes

awslabs/amazon-ecr-credential-helper (github.com/awslabs/amazon-ecr-credential-helper/ecr-login)

v0.10.1: Amazon ECR Credential Helper - Release v0.10.1

Compare Source

• Drop golang 1.22 support.
• Upgrade dependencies.

Assets

• release.tar.gz (SHA256)
• release-novendor.tar.gz (SHA256)
• linux-amd64/docker-credential-ecr-login (SHA256)
• linux-arm64/docker-credential-ecr-login (SHA256)
• darwin-amd64/docker-credential-ecr-login (SHA256)
• darwin-arm64/docker-credential-ecr-login (SHA256)
• windows-amd64/docker-credential-ecr-login.exe (SHA256)
• windows-arm64/docker-credential-ecr-login.exe (SHA256)

v0.10.0: Amazon ECR Credential Helper - Release v0.10.0

Compare Source

• Enhancement - Updated ECR pattern for ECR dual-stack endpoints for IPv6 support. (#​967)

Assets

• release.tar.gz (SHA256)
• release-novendor.tar.gz (SHA256)
• linux-amd64/docker-credential-ecr-login (SHA256)
• linux-arm64/docker-credential-ecr-login (SHA256)
• darwin-amd64/docker-credential-ecr-login (SHA256)
• darwin-arm64/docker-credential-ecr-login (SHA256)
• windows-amd64/docker-credential-ecr-login.exe (SHA256)
• windows-arm64/docker-credential-ecr-login.exe (SHA256)

go-logr/logr (github.com/go-logr/logr)

v1.4.3

Compare Source

Minor release.

What's Changed

• Fix slog tests for 1.25 by @​hoeppi-google in #​361
• Remove one exception from Slog testing by @​thockin in #​362

New Contributors

• @​hoeppi-google made their first contribution in #​361

Full Changelog: go-logr/logr@v1.4.2...v1.4.3

google/go-containerregistry (github.com/google/go-containerregistry)

v0.20.6

Compare Source

What's Changed

• Ensure that tag name is not empty if name contains colon by @​SaschaSchwarze0 in #​2094
• Bump some deps by @​jonjohnsonjr in #​2110

New Contributors

• @​SaschaSchwarze0 made their first contribution in #​2094

Full Changelog: google/go-containerregistry@v0.20.4...v0.20.6

v0.20.5

Compare Source

What's Changed

• build(deps): bump docker/docker to v28.0.0+incompatible by @​luhring in #​2071
• Migrate linter to v2 by @​Subserial in #​2096
• bump go version + bump deps by @​Subserial in #​2093
• implement TextMarshaler/JSONMarshaler more consistently by @​imjasonh in #​2097
• Update CodeQL permissions by @​Subserial in #​2103
• Update goreleaser permissions by @​Subserial in #​2104
• Update provenance action in release by @​Subserial in #​2105
• Update validator action by @​Subserial in #​2106

New Contributors

• @​luhring made their first contribution in #​2071
• @​Subserial made their first contribution in #​2096

Full Changelog: google/go-containerregistry@v0.20.3...v0.20.5

v0.20.4: - Not usable as a go module

Compare Source

🚨 This release was published to the Go module proxy and then re-tagged with a different commit. This means it's not usable as a Go module (#​2107) -- please us v0.20.5 instead.

What's Changed

• build(deps): bump docker/docker to v28.0.0+incompatible by @​luhring in #​2071
• Migrate linter to v2 by @​Subserial in #​2096
• bump go version + bump deps by @​Subserial in #​2093
• implement TextMarshaler/JSONMarshaler more consistently by @​imjasonh in #​2097
• Update CodeQL permissions by @​Subserial in #​2103
• Update goreleaser permissions by @​Subserial in #​2104
• Update provenance action in release by @​Subserial in #​2105
• Update validator action by @​Subserial in #​2106

New Contributors

• @​luhring made their first contribution in #​2071
• @​Subserial made their first contribution in #​2096

Full Changelog: google/go-containerregistry@v0.20.3...v0.20.4

onsi/ginkgo (github.com/onsi/ginkgo/v2)

v2.25.2

Compare Source

2.25.2

Fixes

Add github output group for progress report content

Maintenance

Bump Gomega

v2.25.1

Compare Source

2.25.1

Fixes

• fix(types): ignore nameless nodes on FullText() [10866d3]
• chore: fix some CodeQL warnings [2e42cff]

v2.25.0

Compare Source

2.25.0

AroundNode

This release introduces a new decorator to support more complex spec setup usecases.

AroundNode registers a function that runs before each individual node. This is considered a more advanced decorator.

Please read the docs for more information and some examples.

Allowed signatures:

• AroundNode(func()) - func will be called before the node is run.
• AroundNode(func(ctx context.Context) context.Context) - func can wrap the passed in context and return a new one which will be passed on to the node.
• AroundNode(func(ctx context.Context, body func(ctx context.Context))) - ctx is the context for the node and body is a function that must be called to run the node. This gives you complete control over what runs before and after the node.

Multiple AroundNode decorators can be applied to a single node and they will run in the order they are applied.

Unlike setup nodes like BeforeEach and DeferCleanup, AroundNode is guaranteed to run in the same goroutine as the decorated node. This is necessary when working with lower-level libraries that must run on a single thread (you can call runtime.LockOSThread() in the AroundNode to ensure that the node runs on a single thread).

Since AroundNode allows you to modify the context you can also use AroundNode to implement shared setup that attaches values to the context.

If applied to a container, AroundNode will run before every node in the container. Including setup nodes like BeforeEach and DeferCleanup.

AroundNode can also be applied to RunSpecs to run before every node in the suite. This opens up new mechanisms for instrumenting individual nodes across an entire suite.

v2.24.0

Compare Source

2.24.0

Features

Specs can now be decorated with (e.g.) SemVerConstraint("2.1.0") and ginkgo --sem-ver-filter="2.1.1" will only run constrained specs that match the requested version. Learn more in the docs here! Thanks to @​Icarus9913 for the PR.

Fixes

• remove -o from run command [3f5d379]. fixes #​1582

Maintenance

Numerous dependency bumps and documentation fixes

v2.23.4

Compare Source

2.23.4

Prior to this release Ginkgo would compute the incorrect number of available CPUs when running with -p in a linux container. Thanks to @​emirot for the fix!

Features

• Add automaxprocs for using CPUQuota [2b9c428]

Fixes

• clarify gotchas about -vet flag [1f59d07]

Maintenance

• bump dependencies [2d134d5]

v2.23.3

Compare Source

2.23.3

Fixes

• allow - as a standalone argument [cfcc1a5]
• Bug Fix: Add GinkoTBWrapper.Chdir() and GinkoTBWrapper.Context() [feaf292]
• ignore exit code for symbol test on linux [88e2282]

v2.23.2

Compare Source

2.23.2

🎉🎉🎉

At long last, some long-standing performance gaps between ginkgo and go test have been resolved!

Ginkgo operates by running go test -c to generate test binaries, and then running those binaries. It turns out that the compilation step of go test -c is slower than go test's compilation step because go test strips out debug symbols (ldflags=-w) whereas go test -c does not.

Ginkgo now passes the appropriate ldflags to go test -c when running specs to strip out symbols. This is only done when it is safe to do so and symbols are preferred when profiling is enabled and when ginkgo build is called explicitly.

This, coupled, with the instructions for disabling XProtect on MacOS yields a much better performance experience with Ginkgo.

v2.23.1

Compare Source

2.23.1

🚨 For users on MacOS 🚨

A long-standing Ginkgo performance issue on MacOS seems to be due to mac's antimalware XProtect. You can follow the instructions here to disable it in your terminal. Doing so sped up Ginkgo's own test suite from 1m8s to 47s.

Fixes

Ginkgo's CLI is now a bit clearer if you pass flags in incorrectly:

• make it clearer that you need to pass a filename to the various profile flags, not an absolute directory [a0e52ff]
• emit an error and exit if the ginkgo invocation includes flags after positional arguments [b799d8d]

This might cause existing CI builds to fail. If so then it's likely that your CI build was misconfigured and should be corrected. Open an issue if you need help.

v2.23.0

Compare Source

2.23.0

Ginkgo 2.23.0 adds a handful of methods to GinkgoT() to make it compatible with the testing.TB interface in Go 1.24. GinkgoT().Context(), in particular, is a useful shorthand for generating a new context that will clean itself up in a DeferCleanup(). This has subtle behavior differences from the golang implementation but should make sense in a Ginkgo... um... context.

Features

• bump to go 1.24.0 - support new testing.TB methods and add a test to cover testing.TB regressions [37a511b]

Fixes

• fix edge case where build -o is pointing at an explicit file, not a directory [7556a86]
• Fix binary paths when precompiling multiple suites. [4df06c6]

Maintenance

• Fix: Correct Markdown list rendering in MIGRATING_TO_V2.md [cbcf39a]
• docs: fix test workflow badge (#​1512) [9b261ff]
• Bump golang.org/x/net in /integration/_fixtures/version_mismatch_fixture (#​1516) [00f19c8]
• Bump golang.org/x/tools from 0.28.0 to 0.30.0 (#​1515) [e98a4df]
• Bump activesupport from 6.0.6.1 to 6.1.7.5 in /docs (#​1504) [60cc4e2]
• Bump github-pages from 231 to 232 in /docs (#​1447) [fea6f2d]
• Bump rexml from 3.2.8 to 3.3.9 in /docs (#​1497) [31d7813]
• Bump webrick from 1.8.1 to 1.9.1 in /docs (#​1501) [fc3bbd6]
• Code linting (#​1500) [aee0d56]
• change interface{} to any (#​1502) [809a710]

onsi/gomega (github.com/onsi/gomega)

v1.38.2

Compare Source

1.38.2

• roll back to go 1.23.0 [c404969]

v1.38.1

Compare Source

1.38.1

Fixes

Numerous minor fixes and dependency bumps

v1.38.0

Compare Source

1.38.0

Features

• gstruct handles extra unexported fields [4ee7ed0]

Fixes

• support [] in IgnoringTopFunction function signatures (#​851) [36bbf72]

Maintenance

• Bump golang.org/x/net from 0.40.0 to 0.41.0 (#​846) [529d408]
• Fix typo [acd1f55]
• Bump google.golang.org/protobuf from 1.36.5 to 1.36.6 (#​835) [bae65a0]
• Bump nokogiri from 1.18.4 to 1.18.8 in /docs (#​842) [8dda91f]
• Bump golang.org/x/net from 0.39.0 to 0.40.0 (#​843) [212d812]
• Bump github.com/onsi/ginkgo/v2 from 2.23.3 to 2.23.4 (#​839) [59bd7f9]
• Bump nokogiri from 1.18.1 to 1.18.4 in /docs (#​834) [328c729]
• Bump uri from 1.0.2 to 1.0.3 in /docs (#​826) [9a798a1]
• Bump golang.org/x/net from 0.37.0 to 0.39.0 (#​841) [04a72c6]

v1.37.0

Compare Source

1.37.0

Features

• add To/ToNot/NotTo aliases for AsyncAssertion [5666f98]

v1.36.3

Compare Source

1.36.3

Maintenance

• bump all the things [adb8b49]
• chore: replace interface{} with any [7613216]
• Bump google.golang.org/protobuf from 1.36.1 to 1.36.5 (#​822) [9fe5259]
• remove spurious "toolchain" from go.mod (#​819) [a0e85b9]
• Bump golang.org/x/net from 0.33.0 to 0.35.0 (#​823) [604a8b1]
• Bump activesupport from 6.0.6.1 to 6.1.7.5 in /docs (#​772) [36fbc84]
• Bump github-pages from 231 to 232 in /docs (#​778) [ced70d7]
• Bump rexml from 3.2.6 to 3.3.9 in /docs (#​788) [c8b4a07]
• Bump github.com/onsi/ginkgo/v2 from 2.22.1 to 2.22.2 (#​812) [06431b9]
• Bump webrick from 1.8.1 to 1.9.1 in /docs (#​800) [b55a92d]
• Fix typos (#​813) [a1d518b]

sigstore/cosign (github.com/sigstore/cosign/v2)

v2.5.3

Compare Source

Features

• Add signing-config create command (#​4280)
• Allow multiple services to be specified for trusted-root create (#​4285)
• feat: Add OCI 1.1+ experimental support to tree (#​4205)
• Add validity period end for trusted-root create (#​4271)

Bug Fixes

• Fix cert verification logic for trusted-root/SCTs (#​4294)
• force when copying the latest image to overwrite (#​4298)
• avoid double-loading trustedroot from file (#​4264)

v2.5.2

Compare Source

Bug Fixes

• Do not load trusted root when CT env key is set

Documentation

• docs: improve doc for --no-upload option (#​4206)

v2.5.1

Compare Source

Features

• Add Rekor v2 support for trusted-root create (#​4242)
• Add baseUrl and Uri to trusted-root create command
• Upgrade to TUF v2 client with trusted root
• Don't verify SCT for a private PKI cert (#​4225)
• Bump TSA library to relax EKU chain validation rules (#​4219)

Bug Fixes

• Bump sigstore-go to pick up log index=0 fix (#​4162)
• remove unused recursive flag on attest command (#​4187)

Docs

• Fix indentation in verify-blob cmd examples (#​4160)

Releases

• ensure we copy the latest tags on each release (#​4157)

Contributors

• arthurus-rex
• Babak K. Shandiz
• Bob Callaway
• Carlos Tadeu Panato Junior
• Colleen Murphy
• Dmitry Savintsev
• Emmanuel Ferdman
• Hayden B
• Ville Skyttä

v2.5.0

Compare Source

v2.5.0 includes an implementation of the new bundle specification,
attesting and verifying OCI image attestations uploaded as OCI artifacts.
This feature is currently gated behind the --new-bundle-format flag
when running cosign attest.

Features

• Add support for new bundle specification for attesting/verifying OCI image attestations (#​3889)
• Feat/non filename completions (#​4115)
• Add TSA certificate related flags and fields for cosign attest (#​4079)

Fixes

• cmd/cosign/cli: fix typo in ignoreTLogMessage (#​4111)
• Fix replace with compliant image mediatype (#​4077)

Contributors

• Bob Callaway
• Carlos Tadeu Panato Junior
• Cody Soyland
• Dmitry Savintsev
• Hayden B
• Ramon Petgrave
• Riccardo Schirone
• Stef Graces
• Ville Skyttä

sigstore/sigstore (github.com/sigstore/sigstore)

v1.9.5

Compare Source

What's Changed

• Add context from opts to Azure signer in #​2070
• add RWMutex around providerMap to protect concurrent ops in #​2077

Full Changelog: sigstore/sigstore@v1.9.4...v1.9.5

v1.9.4

Compare Source

What's Changed

• Add a Name field to the TargetFile struct in #​2068
• Update to use Tink v2.3.0 API in #​2069

Full Changelog: sigstore/sigstore@v1.9.3...v1.9.4

v1.9.3

Compare Source

What's Changed

• add proto hash algorithm to registry by @​loosebazooka in #​2048

New Contributors

• @​loosebazooka made their first contribution in #​2048

Full Changelog: sigstore/sigstore@v1.9.2...v1.9.3

v1.9.2

Compare Source

What's Changed

• Add tink package by @​cmurphy in #​2024
• pkg/signature: add P384/P521 compatibility algo to algorithm registry by @​ret2libc in #​2037

New Contributors

• @​cmurphy made their first contribution in #​2024

Full Changelog: sigstore/sigstore@v1.9.1...v1.9.2

v1.9.1

Compare Source

What's Changed

• Implement default signing algorithms based on the key type by @​ret2libc in #​2014

Full Changelog: sigstore/sigstore@v1.9.0...v1.9.1

v1.9.0

Compare Source

What's Changed

• Update KMS policy for new plugin interface by @​haydentherapper in #​1987
• Update TUF root to latest v12 root by @​haydentherapper in #​1988
• build(deps): Bump github.com/go-jose/go-jose/v4 from 4.0.2 to 4.0.5 by @​dependabot in #​1994
• upgrade go-jose to v4 by @​cpanato in #​2000
• pkg/signature: expose Algorithm Details information by @​ret2libc in #​2001

Full Changelog: sigstore/sigstore@v1.8.15...v1.9.0

stretchr/testify (github.com/stretchr/testify)

v1.11.1

Compare Source

This release fixes #​1785 introduced in v1.11.0 where expected argument values implementing the stringer interface (String() string) with a method which mutates their value, when passed to mock.Mock.On (m.On("Method", <expected>).Return()) or actual argument values passed to mock.Mock.Called may no longer match one another where they previously did match. The behaviour prior to v1.11.0 where the stringer is always called is restored. Future testify releases may not call the stringer method at all in this case.

What's Changed

• Backport #​1786 to release/1.11: mock: revert to pre-v1.11.0 argument matching behavior for mutating stringers by @​brackendawson in #​1788

Full Changelog: stretchr/testify@v1.11.0...v1.11.1

v1.11.0

Compare Source

What's Changed

Functional Changes

v1.11.0 Includes a number of performance improvements.

• Call stack perf change for CallerInfo by @​mikeauclair in #​1614
• Lazily render mock diff output on successful match by @​mikeauclair in #​1615
• assert: check early in Eventually, EventuallyWithT, and Never by @​cszczepaniak in #​1427
• assert: add IsNotType by @​bartventer in #​1730
• assert.JSONEq: shortcut if same strings by @​dolmen in #​1754
• assert.YAMLEq: shortcut if same strings by @​dolmen in #​1755
• assert: faster and simpler isEmpty using reflect.Value.IsZero by @​dolmen in #​1761
• suite: faster methods filtering (internal refactor) by @​dolmen in #​1758

Fixes

• assert.ErrorAs: log target type by @​craig65535 in #​1345
• Fix failure message formatting for Positive and Negative asserts in #​1062
• Improve ErrorIs message when error is nil but an error was expected by @​tsioftas in #​1681
• fix Subset/NotSubset when calling with mixed input types by @​siliconbrain in #​1729
• Improve ErrorAs failure message when error is nil by @​ccoVeille in #​1734
• mock.AssertNumberOfCalls: improve error msg by @​3scalation in #​1743

Documentation, Build & CI

• docs: Fix typo in README by @​alexandear in #​1688
• Replace deprecated io/ioutil with io and os by @​alexandear in #​1684
• Document consequences of calling t.FailNow() by @​greg0ire in #​1710
• chore: update docs for Unset #​1621 by @​techfg in #​1709
• README: apply gofmt to examples by @​alexandear in #​1687
• refactor: use %q and %T to simplify fmt.Sprintf by @​alexandear in #​1674
• Propose Christophe Colombier (ccoVeille) as approver by @​brackendawson in #​1716
• Update documentation for the Error function in assert or require package by @​architagr in #​1675
• assert: remove deprecated build constraints by @​alexandear in #​1671
• assert: apply gofumpt to internal test suite by @​ccoVeille in #​1739
• CI: fix shebang in .ci.*.sh scripts by @​dolmen in #​1746
• assert,require: enable parallel testing on (almost) all top tests by @​dolmen in #​1747
• suite.Passed: add one more status test report by @​Ararsa-Derese in #​1706
• Add Helper() method in internal mocks and assert.CollectT by @​dolmen in #​1423
• assert.Same/NotSame: improve usage of Sprintf by @​ccoVeille in #​1742
• mock: enable parallel testing on internal testsuite by @​dolmen in #​1756
• suite: cleanup use of 'testing' internals at runtime by @​dolmen in #​1751
• assert: check test failure message for Empty and NotEmpty by @​ccoVeille in #​1745
• deps: fix dependency cycle with objx (again) by @​dolmen in #​1567
• assert.Empty: comprehensive doc of "Empty"-ness rules by @​dolmen in #​1753
• doc: improve godoc of top level 'testify' package by @​dolmen in #​1760
• assert.ErrorAs: simplify retrieving the type name by @​ccoVeille in #​1740
• assert.EqualValues: improve test coverage to 100% by @​dolmen in #​1763
• suite.Run: simplify running of Setup/TeardownSuite by @​renzoarreaza in #​1769
• assert.CallerInfo: micro optimization by using LastIndexByte by @​dolmen in #​1767
• assert.CallerInfo: micro cleanup by @​dolmen in #​1768
• assert: refactor TestFileExists and TestDirExists tests to enable parallel testing by @​dolmen in #​1766
• suite.Run: refactor handling of stats for improved readability by @​dolmen in #​1764
• tests: improve captureTestingT helper by @​ccoVeille in #​1741
• build(deps): bump actions/checkout from 4 to 5 by @​dependabot[bot] in #​1778

New Contributors

• @​greg0ire made their first contribution in #​1710
• @​techfg made their first contribution in #​1709
• @​mikeauclair made their first contribution in #​1614
• @​cszczepaniak made their first contribution in #​1427
• @​architagr made their first contribution in #​1675
• @​tsioftas made their first contribution in #​1681
• @​siliconbrain made their first contribution in #​1729
• @​bartventer made their first contribution in #​1730
• @​Ararsa-Derese made their first contribution in #​1706
• @​renzoarreaza made their first contribution in #​1769
• @​3scalation made their first contribution in #​1743

Full Changelog: stretchr/testify@v1.10.0...v1.11.0

kubernetes/api (k8s.io/api)

v0.34.0

Compare Source

v0.33.4

Compare Source

v0.33.3

Compare Source

v0.33.2

Compare Source

v0.33.1

Compare Source

v0.33.0

Compare Source

v0.32.8

Compare Source

v0.32.7

Compare Source

v0.32.6

Compare Source

v0.32.5

Compare Source

v0.32.4

Compare Source

v0.32.3

Compare Source

kubernetes/apimachinery (k8s.io/apimachinery)

v0.34.0

Compare Source

v0.33.4

Compare Source

v0.33.3

Compare Source

v0.33.2

Compare Source

v0.33.1

Compare Source

v0.33.0

Compare Source

v0.32.8

Compare Source

v0.32.7

Compare Source

v0.32.6

Compare Source

v0.32.5

[Compare Source](ht

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[renovate]

ℹ Artifact update notice

File name: go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

• 55 additional dependencies were updated

Details:

Package	Change
cel.dev/expr	v0.19.0 -> v0.19.1
github.com/aws/aws-sdk-go-v2	v1.36.1 -> v1.36.3
github.com/aws/aws-sdk-go-v2/config	v1.29.6 -> v1.29.10
github.com/aws/aws-sdk-go-v2/credentials	v1.17.59 -> v1.17.63
github.com/aws/aws-sdk-go-v2/feature/ec2/imds	v1.16.28 -> v1.16.30
github.com/aws/aws-sdk-go-v2/internal/configsources	v1.3.32 -> v1.3.34
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2	v2.6.32 -> v2.6.34
github.com/aws/aws-sdk-go-v2/internal/ini	v1.8.2 -> v1.8.3
github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding	v1.12.2 -> v1.12.3
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url	v1.12.13 -> v1.12.15
github.com/aws/aws-sdk-go-v2/service/sso	v1.24.15 -> v1.25.1
github.com/aws/aws-sdk-go-v2/service/ssooidc	v1.28.14 -> v1.29.2
github.com/aws/aws-sdk-go-v2/service/sts	v1.33.14 -> v1.33.17
github.com/emicklei/go-restful/v3	v3.12.1 -> v3.12.2
github.com/go-jose/go-jose/v4	v4.0.4 -> v4.0.5
github.com/go-openapi/errors	v0.22.0 -> v0.22.1
github.com/go-openapi/swag	v0.23.0 -> v0.23.1
github.com/golang-jwt/jwt/v4	v4.5.1 -> v4.5.2
github.com/google/go-cmp	v0.6.0 -> v0.7.0
github.com/google/pprof	v0.0.0-20241210010833-40e02aabc2ad -> v0.0.0-20250403155104-27863c87afa6
github.com/in-toto/attestation	v1.1.0 -> v1.1.1
github.com/mailru/easyjson	v0.7.7 -> v0.9.0
github.com/prometheus/client_golang	v1.20.5 -> v1.21.1
github.com/sagikazarmark/locafero	v0.4.0 -> v0.7.0
github.com/sigstore/protobuf-specs	v0.4.0 -> v0.4.1
github.com/sigstore/sigstore-go	v0.7.0 -> v0.7.1
github.com/sigstore/timestamp-authority	v1.2.4 -> v1.2.5
github.com/spf13/afero	v1.11.0 -> v1.12.0
github.com/spf13/cast	v1.7.0 -> v1.7.1
github.com/spf13/viper	v1.19.0 -> v1.20.1
gitlab.com/gitlab-org/api/client-go	v0.123.0 -> v0.127.0
go.opentelemetry.io/otel	v1.34.0 -> v1.35.0
go.opentelemetry.io/otel/metric	v1.34.0 -> v1.35.0
go.opentelemetry.io/otel/sdk	v1.34.0 -> v1.35.0
go.opentelemetry.io/otel/trace	v1.34.0 -> v1.35.0
golang.org/x/crypto	v0.33.0 -> v0.37.0
golang.org/x/mod	v0.22.0 -> v0.24.0
golang.org/x/net	v0.35.0 -> v0.38.0
golang.org/x/oauth2	v0.26.0 -> v0.29.0
golang.org/x/sync	v0.11.0 -> v0.13.0
golang.org/x/sys	v0.30.0 -> v0.32.0
golang.org/x/term	v0.29.0 -> v0.31.0
golang.org/x/text	v0.22.0 -> v0.24.0
golang.org/x/time	v0.10.0 -> v0.11.0
golang.org/x/tools	v0.29.0 -> v0.31.0
gomodules.xyz/jsonpatch/v2	v2.4.0 -> v2.5.0
google.golang.org/genproto/googleapis/api	v0.0.0-20250115164207-1a7da9e5054f -> v0.0.0-20250303144028-a0af3efb3deb
google.golang.org/genproto/googleapis/rpc	v0.0.0-20250207221924-e9438ea467c6 -> v0.0.0-20250313205543-e70fdf4c4cb4
google.golang.org/grpc	v1.70.0 -> v1.71.0
google.golang.org/protobuf	v1.36.5 -> v1.36.6
k8s.io/apiextensions-apiserver	v0.32.1 -> v0.32.3
k8s.io/apiserver	v0.32.1 -> v0.32.3
k8s.io/component-base	v0.32.1 -> v0.32.3
k8s.io/utils	v0.0.0-20241104100929-3ea5e8cea738 -> v0.0.0-20241210054802-24370beab758
sigs.k8s.io/release-utils	v0.11.0 -> v0.11.1