Skip to content

build(deps): Bump the go_modules group in /example#4345

Merged
gmlewis merged 1 commit into
masterfrom
dependabot/go_modules/example/go_modules-bd074e86fb
Jul 1, 2026
Merged

build(deps): Bump the go_modules group in /example#4345
gmlewis merged 1 commit into
masterfrom
dependabot/go_modules/example/go_modules-bd074e86fb

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 1, 2026

Copy link
Copy Markdown
Contributor

Bumps the go_modules group with 2 updates in the /example directory: github.com/sigstore/rekor and github.com/sigstore/timestamp-authority/v2.

Updates github.com/sigstore/rekor from 1.5.0 to 1.5.2

Release notes

Sourced from github.com/sigstore/rekor's releases.

v1.5.2

Changelog

  • 759b98e2a7c39ea9779b6a51299c5f0f987f8802 alpine: Enforce max size limit on decompression (#2831)
  • c7e77ee26edd8631dd417166907093a9f13b85e5 Support restricting kinds on insertion (#2814)
  • a10818a8778dcb58eb582d00ffda4b2c86bf190b fix(trillianclient): strip dns:/// scheme from TLS ServerName in gRPC dial (#2812)
  • 8a2f3a2dd023b81ad8b63e2f365676ec438dc9fa add checks to ensure returned entries match client inputs to rekor-cli (#2799)
  • 0e88bac01d1173b8b2cbc8ed790106441573bbdb add nil pointer check to resolve fuzzing crash (#2807)
  • 93da954478a2ffb1821d4904a80d9a5cbe268324 client: surface last-response details after retries are exhausted (#2796)
  • 4d67ecd8ec810bc6af9761ad10ebd2ac899cfdbd Fix internal error detail leakage in 500 responses (#2801)
  • b34ca94fc01405cb50acb956cc181d57382a6b2d add defensive check to ensure tid is in config ahead of getting client (#2795)
  • 656c832ab90feef91f5dcc751ae1cb851c73f4bd restapi: include inactiveShards in the homepage total count (#2797)

Thanks for all contributors!

v1.5.1

Changelog

  • 2d46808ce98c3dd26158364ae28f4c49921c9b0d optimize memory for DSSE v0.0.1 processing (#2766)
  • 6de110d1deb7fa2d9145584fd9446608ce1a777c return correct errors in rare failure situations (#2753)
  • 7ff7c692f51d6060c6eebba0480536f5ba28abb5 raise error if decoding hash fails during inclusion proof (#2754)

Thanks for all contributors!

Changelog

Sourced from github.com/sigstore/rekor's changelog.

v1.5.1

Features

  • optimize memory for DSSE v0.0.1 processing (#2766)

Bug Fixes

  • Type assert the entry bundle when verifying inclusion proof (#2755)
  • return correct errors in rare failure situations (#2753)
  • raise error if decoding hash fails during inclusion proof (#2754)
Commits
  • 3b75cd9 build(deps): Bump the all group across 1 directory with 7 updates (#2829)
  • 759b98e alpine: Enforce max size limit on decompression (#2831)
  • c7e77ee Support restricting kinds on insertion (#2814)
  • a10818a fix(trillianclient): strip dns:/// scheme from TLS ServerName in gRPC dial (#...
  • c31f3fc build(deps): Bump cloud.google.com/go/profiler from 0.4.3 to 0.6.0
  • f2a9fb0 build(deps): Bump go.uber.org/zap from 1.27.1 to 1.28.0
  • e3ba248 build(deps): Bump golang in the all group across 1 directory
  • 62e5ddd build(deps): Bump github.com/go-openapi/swag from 0.25.5 to 0.26.0
  • f4f91d5 build(deps): Bump github.com/tink-crypto/tink-go-awskms/v2 to v3 (#2827)
  • 9bc540f build(deps): Bump google.com/cloudsdktool/google-cloud-cli (#2820)
  • Additional commits viewable in compare view

Updates github.com/sigstore/timestamp-authority/v2 from 2.0.6 to 2.1.0

Release notes

Sourced from github.com/sigstore/timestamp-authority/v2's releases.

v2.1.0

What's Changed

Full Changelog: sigstore/timestamp-authority@v2.0.6...v2.1.0

Commits
  • 58ae149 Fix spec violations in policy, EKU, and hash verification (#1375)
  • 506ec57 Bound path and HTTP method metric label cardinality to prevent OOM (#1374)
  • ee10add chore(deps): bump the actions group with 2 updates (#1370)
  • 5238ec7 chore(deps): bump golang.org/x/net from 0.54.0 to 0.55.0 (#1369)
  • 0ff73b8 chore(deps): bump goreleaser/goreleaser-action in the actions group (#1367)
  • 97813ca chore(deps): bump the actions group with 2 updates (#1366)
  • ece88f8 chore(deps): bump github.com/go-openapi/runtime from 0.30.0 to 0.31.0 (#1365)
  • 77e0ee5 chore(deps): bump github.com/tink-crypto/tink-go-awskms/v2 to v3 (#1364)
  • 6ea07df chore(deps): bump go.step.sm/crypto from 0.80.0 to 0.81.0 (#1363)
  • f1dc03b chore(deps): bump github.com/tink-crypto/tink-go-hcvault/v2 (#1362)
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

Bumps the go_modules group with 2 updates in the /example directory: [github.com/sigstore/rekor](https://github.com/sigstore/rekor) and [github.com/sigstore/timestamp-authority/v2](https://github.com/sigstore/timestamp-authority).


Updates `github.com/sigstore/rekor` from 1.5.0 to 1.5.2
- [Release notes](https://github.com/sigstore/rekor/releases)
- [Changelog](https://github.com/sigstore/rekor/blob/main/CHANGELOG.md)
- [Commits](sigstore/rekor@v1.5.0...v1.5.2)

Updates `github.com/sigstore/timestamp-authority/v2` from 2.0.6 to 2.1.0
- [Release notes](https://github.com/sigstore/timestamp-authority/releases)
- [Changelog](https://github.com/sigstore/timestamp-authority/blob/main/CHANGELOG.md)
- [Commits](sigstore/timestamp-authority@v2.0.6...v2.1.0)

---
updated-dependencies:
- dependency-name: github.com/sigstore/rekor
  dependency-version: 1.5.2
  dependency-type: indirect
  dependency-group: go_modules
- dependency-name: github.com/sigstore/timestamp-authority/v2
  dependency-version: 2.1.0
  dependency-type: indirect
  dependency-group: go_modules
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Jul 1, 2026
@codecov

codecov Bot commented Jul 1, 2026

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 97.50%. Comparing base (cca9755) to head (9afa77a).

Additional details and impacted files
@@           Coverage Diff           @@
##           master    #4345   +/-   ##
=======================================
  Coverage   97.50%   97.50%           
=======================================
  Files         193      193           
  Lines       19481    19481           
=======================================
  Hits        18995    18995           
  Misses        269      269           
  Partials      217      217           

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@gmlewis gmlewis changed the title build(deps): Bump the go_modules group across 1 directory with 2 updates build(deps): Bump the go_modules group in /example Jul 1, 2026
@gmlewis gmlewis merged commit f55b336 into master Jul 1, 2026
19 checks passed
@dependabot dependabot Bot deleted the dependabot/go_modules/example/go_modules-bd074e86fb branch July 1, 2026 15:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file go Pull requests that update Go code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant