build(deps): Bump the all group across 1 directory with 10 updates #2226

dependabot · 2024-09-16T11:51:42Z

Bumps the all group with 8 updates in the / directory:

Package	From	To
github.com/google/trillian	`1.6.0`	`1.6.1`
github.com/rs/cors	`1.11.0`	`1.11.1`
github.com/sigstore/sigstore	`1.8.8`	`1.8.9`
sigs.k8s.io/release-utils	`0.8.4`	`0.8.5`
github.com/sigstore/sigstore/pkg/signature/kms/aws	`1.8.8`	`1.8.9`
github.com/sigstore/sigstore/pkg/signature/kms/azure	`1.8.8`	`1.8.9`
github.com/sigstore/sigstore/pkg/signature/kms/gcp	`1.8.8`	`1.8.9`
github.com/sigstore/sigstore/pkg/signature/kms/hashivault	`1.8.8`	`1.8.9`

Updates github.com/google/trillian from 1.6.0 to 1.6.1

Release notes

Sourced from github.com/google/trillian's releases.

v1.6.1

What's Changed

Recommended go version for development: 1.22

This is the version used by the cloudbuild presubmits. Using a different version can lead to presubmits failing due to unexpected diffs.

MySQL

Add TLS support for MySQL by @fghanmi in google/trillian#3593

--mysql_tls_ca: users can provide a CA certificate, that is used to establish a secure communication with MySQL server.

--mysql_server_name: users can provide the name of the MySQL server to be used as the Server Name in the TLS configuration.

dedup leafidentityhash values ahead of SQL lookup of existing leaves by @bobcallaway in google/trillian#3607

Documentation

Add instructions for using docker to regen derived files by @mhutchinson in google/trillian#3489

Misc

Fix invalid Go toolchain version by @roger2hk in google/trillian#3491

Replace deprecated prune-whitelist flag with prune-allowlist for kubectl command by @roger2hk in google/trillian#3307

Remove @pphaneuf from CODEOWNERS by @roger2hk in google/trillian#3516

Don't bump to MySQL 9 until we explicitly choose to by @mhutchinson in google/trillian#3560

Don't update to MySQL 9.0 by @mhutchinson in google/trillian#3584

Dependency updates

Bump google.golang.org/api from 0.155.0 to 0.156.0 by @dependabot in google/trillian#3290

Bump golang from 688ad7f to cbee5d2 in /integration/cloudbuild/testbase by @dependabot in google/trillian#3286

Bump golang from 688ad7f to cbee5d2 in /examples/deployment/docker/db_client by @dependabot in google/trillian#3287

Bump golang from 688ad7f to cbee5d2 in /examples/deployment/docker/log_signer by @dependabot in google/trillian#3289

Bump golang from 688ad7f to cbee5d2 in /examples/deployment/docker/log_server by @dependabot in google/trillian#3288

Bump actions/upload-artifact from 4.0.0 to 4.1.0 by @dependabot in google/trillian#3292

Bump golang.org/x/tools from 0.16.1 to 0.17.0 by @dependabot in google/trillian#3291

Bump go 1.20 -> 1.21 by @mhutchinson in google/trillian#3293

Bump github.com/apache/beam/sdks/v2 from 2.52.0 to 2.53.0 by @dependabot in google/trillian#3281

Bump CockroachDB to 22.2.17 by @roger2hk in google/trillian#3301

Bump github.com/cockroachdb/cockroach-go/v2 from 2.3.5 to 2.3.6 by @dependabot in google/trillian#3305

Bump actions/upload-artifact from 4.1.0 to 4.2.0 by @dependabot in google/trillian#3302

Bump k8s.io/klog/v2 from 2.120.0 to 2.120.1 by @dependabot in google/trillian#3303

Bump google.golang.org/api from 0.156.0 to 0.157.0 by @dependabot in google/trillian#3304

Bump golang from cbee5d2 to c4b696f in /integration/cloudbuild/testbase by @dependabot in google/trillian#3298

Bump ubuntu from 6042500 to e6173d4 in /examples/deployment/kubernetes/mysql/image by @dependabot in google/trillian#3299

Bump golang from cbee5d2 to c4b696f in /examples/deployment/docker/db_client by @dependabot in google/trillian#3295

Bump golang from cbee5d2 to c4b696f in /examples/deployment/docker/log_server by @dependabot in google/trillian#3297

Bump golang from cbee5d2 to c4b696f in /examples/deployment/docker/log_signer by @dependabot in google/trillian#3296

Bump mysql from 8.2 to 8.3 in /examples/deployment/docker/db_server by @dependabot in google/trillian#3306

Bump golang from c4b696f to d8c365d in /examples/deployment/docker/log_signer by @dependabot in google/trillian#3308

Bump actions/upload-artifact from 4.2.0 to 4.3.0 by @dependabot in google/trillian#3309

Bump golang from c4b696f to d8c365d in /integration/cloudbuild/testbase by @dependabot in google/trillian#3310

Bump golang from c4b696f to d8c365d in /examples/deployment/docker/log_server by @dependabot in google/trillian#3311

... (truncated)

Changelog

Sourced from github.com/google/trillian's changelog.

v1.6.1

Recommended go version for development: 1.22

This is the version used by the cloudbuild presubmits. Using a different version can lead to presubmits failing due to unexpected diffs.

MySQL

Add TLS support for MySQL by @fghanmi in google/trillian#3593

--mysql_tls_ca: users can provide a CA certificate, that is used to establish a secure communication with MySQL server.

--mysql_server_name: users can provide the name of the MySQL server to be used as the Server Name in the TLS configuration.

dedup leafidentityhash values ahead of SQL lookup of existing leaves by @bobcallaway in google/trillian#3607

Documentation

Add instructions for using docker to regen derived files by @mhutchinson in google/trillian#3489

Misc

Fix invalid Go toolchain version by @roger2hk in google/trillian#3491

Replace deprecated prune-whitelist flag with prune-allowlist for kubectl command by @roger2hk in google/trillian#3307

Remove @pphaneuf from CODEOWNERS by @roger2hk in google/trillian#3516

Don't bump to MySQL 9 until we explicitly choose to by @mhutchinson in google/trillian#3560

Don't update to MySQL 9.0 by @mhutchinson in google/trillian#3584

Dependency updates

Bump google.golang.org/api from 0.155.0 to 0.156.0 by @dependabot in google/trillian#3290

Bump golang from 688ad7f to cbee5d2 in /integration/cloudbuild/testbase by @dependabot in google/trillian#3286

Bump golang from 688ad7f to cbee5d2 in /examples/deployment/docker/db_client by @dependabot in google/trillian#3287

Bump golang from 688ad7f to cbee5d2 in /examples/deployment/docker/log_signer by @dependabot in google/trillian#3289

Bump golang from 688ad7f to cbee5d2 in /examples/deployment/docker/log_server by @dependabot in google/trillian#3288

Bump actions/upload-artifact from 4.0.0 to 4.1.0 by @dependabot in google/trillian#3292

Bump golang.org/x/tools from 0.16.1 to 0.17.0 by @dependabot in google/trillian#3291

Bump go 1.20 -> 1.21 by @mhutchinson in google/trillian#3293

Bump github.com/apache/beam/sdks/v2 from 2.52.0 to 2.53.0 by @dependabot in google/trillian#3281

Bump CockroachDB to 22.2.17 by @roger2hk in google/trillian#3301

Bump github.com/cockroachdb/cockroach-go/v2 from 2.3.5 to 2.3.6 by @dependabot in google/trillian#3305

Bump actions/upload-artifact from 4.1.0 to 4.2.0 by @dependabot in google/trillian#3302

Bump k8s.io/klog/v2 from 2.120.0 to 2.120.1 by @dependabot in google/trillian#3303

Bump google.golang.org/api from 0.156.0 to 0.157.0 by @dependabot in google/trillian#3304

Bump golang from cbee5d2 to c4b696f in /integration/cloudbuild/testbase by @dependabot in google/trillian#3298

Bump ubuntu from 6042500 to e6173d4 in /examples/deployment/kubernetes/mysql/image by @dependabot in google/trillian#3299

Bump golang from cbee5d2 to c4b696f in /examples/deployment/docker/db_client by @dependabot in google/trillian#3295

Bump golang from cbee5d2 to c4b696f in /examples/deployment/docker/log_server by @dependabot in google/trillian#3297

Bump golang from cbee5d2 to c4b696f in /examples/deployment/docker/log_signer by @dependabot in google/trillian#3296

Bump mysql from 8.2 to 8.3 in /examples/deployment/docker/db_server by @dependabot in google/trillian#3306

Bump golang from c4b696f to d8c365d in /examples/deployment/docker/log_signer by @dependabot in google/trillian#3308

Bump actions/upload-artifact from 4.2.0 to 4.3.0 by @dependabot in google/trillian#3309

Bump golang from c4b696f to d8c365d in /integration/cloudbuild/testbase by @dependabot in google/trillian#3310

... (truncated)

Commits

68ab90c Update changelog for v1.6.1 release (#3608)
19d061d dedup leafidentityhash values ahead of SQL lookup of existing leaves (#3607)
685353d Bump github/codeql-action in the github-actions-deps group (#3605)
e2d0e34 Bump google-auth-library from 9.13.0 to 9.14.0 in /scripts/gcb2slack (#3604)
4794eb6 Bump the go-deps group with 6 updates (#3606)
433d79f Bump go version to 1.22.6 (#3602)
8d4e3b8 Bump the go-deps group with 4 updates (#3597)
99ec09e Bump golang (#3600)
38a2850 Bump golang (#3598)
a1969e6 Bump github/codeql-action in the github-actions-deps group (#3599)
Additional commits viewable in compare view

Updates github.com/prometheus/client_golang from 1.19.1 to 1.20.2

Release notes

Sourced from github.com/prometheus/client_golang's releases.

v1.20.2

[BUGFIX] promhttp: Unset Content-Encoding header when data is uncompressed. #1596

v1.20.1

This release contains the critical fix for the issue. Thanks to @geberl, @CubicrootXYZ, @zetaab and @timofurrer for helping us with the investigation!

[BUGFIX] process-collector: Fixed unregistered descriptor error when using process collector with PedanticRegistry on Linux machines. #1587

v1.20.0

Thanks everyone for contributions!

⚠️ In this release we remove one (broken anyway, given Go runtime changes) metric and add three new (representing GOGC, GOMEMLIMIT and GOMAXPROCS flags) to the default collectors.NewGoCollector() collector. Given its popular usage, expect your binary to expose two additional metric.

Changes

[CHANGE] ⚠️ go-collector: Remove go_memstat_lookups_total metric which was always 0; Go runtime stopped sharing pointer lookup statistics. #1577

[FEATURE] ⚠️ go-collector: Add 3 default metrics: go_gc_gogc_percent, go_gc_gomemlimit_bytes and go_sched_gomaxprocs_threads as those are recommended by the Go team. #1559

[FEATURE] go-collector: Add more information to all metrics' HELP e.g. the exact runtime/metrics sourcing each metric (if relevant). #1568 #1578

[FEATURE] testutil: Add CollectAndFormat method. #1503

[FEATURE] histograms: Add support for exemplars in native histograms. #1471

[FEATURE] promhttp: Add experimental support for zstd on scrape, controlled by the request Accept-Encoding header. #1496

[FEATURE] api/v1: Add WithLimit parameter to all API methods that supports it. #1544

[FEATURE] prometheus: Add support for created timestamps in constant histograms and constant summaries. #1537

[FEATURE] process-collectors: Add network usage metrics: process_network_receive_bytes_total and process_network_transmit_bytes_total. #1555

[FEATURE] promlint: Add duplicated metric lint rule. #1472

[BUGFIX] promlint: Relax metric type in name linter rule. #1455

[BUGFIX] promhttp: Make sure server instrumentation wrapping supports new and future extra responseWriter methods. #1480

[BUGFIX] testutil: Functions using compareMetricFamilies are now failing if filtered metricNames are not in the input. #1424

feat(prometheus/testutil/promlint/validations): refine lintMetricType… by @foehammer127 in prometheus/client_golang#1455

Bump github.com/prometheus/client_golang from 1.18.0 to 1.19.0 in /examples/middleware by @dependabot in prometheus/client_golang#1457

Bump github.com/prometheus/client_model from 0.5.0 to 0.6.0 by @dependabot in prometheus/client_golang#1458

Bump golang.org/x/sys from 0.16.0 to 0.17.0 by @dependabot in prometheus/client_golang#1459

Bump github.com/prometheus/client_golang from 1.18.0 to 1.19.0 in /tutorial/whatsup by @dependabot in prometheus/client_golang#1461

Merge Release 1.19 back to main by @ArthurSens in prometheus/client_golang#1462

Bump the github-actions group with 2 updates by @dependabot in prometheus/client_golang#1456

Bump google.golang.org/protobuf from 1.32.0 to 1.33.0 by @dependabot in prometheus/client_golang#1466

Bump google.golang.org/protobuf from 1.32.0 to 1.33.0 in /examples/middleware by @dependabot in prometheus/client_golang#1467

Bump google.golang.org/protobuf from 1.32.0 to 1.33.0 in /tutorial/whatsup by @dependabot in prometheus/client_golang#1469

Add LintDuplicateMetric to promlint by @bboreham in prometheus/client_golang#1472

Auto-update Go Collector Metrics for new Go versions by @SachinSahu431 in prometheus/client_golang#1476

Implement Unwrap() for responseWriterDelegator by @igor-drozdov in prometheus/client_golang#1480

Bump golang.org/x/sys from 0.17.0 to 0.18.0 by @dependabot in prometheus/client_golang#1485

Bump github.com/prometheus/procfs from 0.12.0 to 0.13.0 by @dependabot in prometheus/client_golang#1486

ci: Remove hardcoded supported Go versions from go.yml by @SachinSahu431 in prometheus/client_golang#1489

feat: metrics generation workflow by @SachinSahu431 in prometheus/client_golang#1481

... (truncated)

Changelog

Sourced from github.com/prometheus/client_golang's changelog.

1.20.2 / 2024-08-23

[BUGFIX] promhttp: Unset Content-Encoding header when data is uncompressed. #1596

1.20.1 / 2024-08-20

[BUGFIX] process-collector: Fixed unregistered descriptor error when using process collector with PedanticRegistry on linux machines. #1587

1.20.0 / 2024-08-14

[CHANGE] ⚠️ go-collector: Remove go_memstat_lookups_total metric which was always 0; Go runtime stopped sharing pointer lookup statistics. #1577

[FEATURE] ⚠️ go-collector: Add 3 default metrics: go_gc_gogc_percent, go_gc_gomemlimit_bytes and go_sched_gomaxprocs_threads as those are recommended by the Go team. #1559

[FEATURE] go-collector: Add more information to all metrics' HELP e.g. the exact runtime/metrics sourcing each metric (if relevant). #1568 #1578

[FEATURE] testutil: Add CollectAndFormat method. #1503

[FEATURE] histograms: Add support for exemplars in native histograms. #1471

[FEATURE] promhttp: Add experimental support for zstd on scrape, controlled by the request Accept-Encoding header. #1496

[FEATURE] api/v1: Add WithLimit parameter to all API methods that supports it. #1544

[FEATURE] prometheus: Add support for created timestamps in constant histograms and constant summaries. #1537

[FEATURE] process-collector: Add network usage metrics: process_network_receive_bytes_total and process_network_transmit_bytes_total. #1555

[FEATURE] promlint: Add duplicated metric lint rule. #1472

[BUGFIX] promlint: Relax metric type in name linter rule. #1455

[BUGFIX] promhttp: Make sure server instrumentation wrapping supports new and future extra responseWriter methods. #1480

[BUGFIX] testutil: Functions using compareMetricFamilies are now failing if filtered metricNames are not in the input. #1424

1.19.0 / 2024-02-27

The module prometheus/common v0.48.0 introduced an incompatibility when used together with client_golang (See prometheus/client_golang#1448 for more details). If your project uses client_golang and you want to use prometheus/common v0.48.0 or higher, please update client_golang to v1.19.0.

[CHANGE] Minimum required go version is now 1.20 (we also test client_golang against new 1.22 version). #1445 #1449

[FEATURE] collectors: Add version collector. #1422 #1427

1.18.0 / 2023-12-22

[FEATURE] promlint: Allow creation of custom metric validations. #1311

[FEATURE] Go programs using client_golang can be built in wasip1 OS. #1350

[BUGFIX] histograms: Add timer to reset ASAP after bucket limiting has happened. #1367

[BUGFIX] testutil: Fix comparison of metrics with empty Help strings. #1378

[ENHANCEMENT] Improved performance of MetricVec.WithLabelValues(...). #1360

1.17.0 / 2023-09-27

[CHANGE] Minimum required go version is now 1.19 (we also test client_golang against new 1.21 version). #1325

[FEATURE] Add support for Created Timestamps in Counters, Summaries and Historams. #1313

[ENHANCEMENT] Enable detection of a native histogram without observations. #1314

1.16.0 / 2023-06-15

[BUGFIX] api: Switch to POST for LabelNames, Series, and QueryExemplars. #1252

[BUGFIX] api: Fix undefined execution order in return statements. #1260

[BUGFIX] native histograms: Fix bug in bucket key calculation. #1279

... (truncated)

Commits

67121dc Merge pull request #1596 from mrueg/fix-uncompressed-content-header
187acd4 Cut 1.20.2
f7f8f3a fix: Unset Content-Encoding header when uncompressed
2254d6c Merge pull request #1587 from prometheus/fix-processcollector
4a15d05 Cut 1.20.1
f2dd7b3 Use pedantic registry in other places too, to double check.
261fe84 bugfix: Pass network metrics to processCollector's Describe() function
5bf3341 Use NewPedanticRegistry in Process' Collector tests
73b811c Cut 1.20.0 release. (#1580)
7ce5089 gocollector: Attach original runtime/metrics metric name to help. (#1578)
Additional commits viewable in compare view

Updates github.com/rs/cors from 1.11.0 to 1.11.1

Commits

a814d79 Re-add support for multiple Access-Control-Request-Headers field (fixes #184)...
1562b17 Removed redundant log nil checks (#178)
3d336ea Update all dependencies to latest in examples (#175)
85fc0ca Make Gin wrapper's status configurable and use 204 as default (fixes #145) (#...
See full diff in compare view

Updates github.com/sigstore/sigstore from 1.8.8 to 1.8.9

Release notes

Sourced from github.com/sigstore/sigstore's releases.

v1.8.9

What's Changed

fuzzing: improve coverage by @AdamKorcz in sigstore/sigstore#1809

Deserialize ed25519 keys from hashivault correctly by @stevenjohnstone in sigstore/sigstore#1811

oauthflow: Add SubjectFromUnverifiedToken by @adityasaky in sigstore/sigstore#1826

Full Changelog: sigstore/sigstore@v1.8.8...v1.8.9

Commits

4c750b7 oauthflow: Add SubjectFromUnverifiedToken (#1826)
b27128f build(deps): Bump the all group in /test/e2e with 2 updates (#1824)
65aaa14 build(deps): Bump github.com/jellydator/ttlcache/v3 (#1822)
21ad778 build(deps): Bump github.com/jellydator/ttlcache/v3 (#1823)
ebbebbf build(deps): Bump google.golang.org/api in /pkg/signature/kms/gcp (#1821)
615304f build(deps): Bump github.com/jellydator/ttlcache/v3 (#1820)
6fb1d8b build(deps): Bump github.com/jellydator/ttlcache/v3 (#1819)
075e85c build(deps): Bump actions/upload-artifact in the all group (#1825)
0ca1da6 build(deps): Bump the gomod group across 4 directories with 3 updates (#1818)
26aae9d build(deps): Bump cloud.google.com/go/kms in /pkg/signature/kms/gcp (#1817)
Additional commits viewable in compare view

Updates sigs.k8s.io/release-utils from 0.8.4 to 0.8.5

Release notes

Sourced from sigs.k8s.io/release-utils's releases.

v0.8.5

No release notes provided.

Commits

06acb35 Merge pull request #113 from saschagrunert/go-1.22
5e795d2 Switch to go 1.23
See full diff in compare view

Updates github.com/sigstore/sigstore/pkg/signature/kms/aws from 1.8.8 to 1.8.9

Release notes

Sourced from github.com/sigstore/sigstore/pkg/signature/kms/aws's releases.

v1.8.9

What's Changed

fuzzing: improve coverage by @AdamKorcz in sigstore/sigstore#1809

Deserialize ed25519 keys from hashivault correctly by @stevenjohnstone in sigstore/sigstore#1811

oauthflow: Add SubjectFromUnverifiedToken by @adityasaky in sigstore/sigstore#1826

Full Changelog: sigstore/sigstore@v1.8.8...v1.8.9

Commits

4c750b7 oauthflow: Add SubjectFromUnverifiedToken (#1826)
b27128f build(deps): Bump the all group in /test/e2e with 2 updates (#1824)
65aaa14 build(deps): Bump github.com/jellydator/ttlcache/v3 (#1822)
21ad778 build(deps): Bump github.com/jellydator/ttlcache/v3 (#1823)
ebbebbf build(deps): Bump google.golang.org/api in /pkg/signature/kms/gcp (#1821)
615304f build(deps): Bump github.com/jellydator/ttlcache/v3 (#1820)
6fb1d8b build(deps): Bump github.com/jellydator/ttlcache/v3 (#1819)
075e85c build(deps): Bump actions/upload-artifact in the all group (#1825)
0ca1da6 build(deps): Bump the gomod group across 4 directories with 3 updates (#1818)
26aae9d build(deps): Bump cloud.google.com/go/kms in /pkg/signature/kms/gcp (#1817)
Additional commits viewable in compare view

Updates github.com/sigstore/sigstore/pkg/signature/kms/azure from 1.8.8 to 1.8.9

Release notes

Sourced from github.com/sigstore/sigstore/pkg/signature/kms/azure's releases.

v1.8.9

What's Changed

fuzzing: improve coverage by @AdamKorcz in sigstore/sigstore#1809

Deserialize ed25519 keys from hashivault correctly by @stevenjohnstone in sigstore/sigstore#1811

oauthflow: Add SubjectFromUnverifiedToken by @adityasaky in sigstore/sigstore#1826

Full Changelog: sigstore/sigstore@v1.8.8...v1.8.9

Commits

4c750b7 oauthflow: Add SubjectFromUnverifiedToken (#1826)
b27128f build(deps): Bump the all group in /test/e2e with 2 updates (#1824)
65aaa14 build(deps): Bump github.com/jellydator/ttlcache/v3 (#1822)
21ad778 build(deps): Bump github.com/jellydator/ttlcache/v3 (#1823)
ebbebbf build(deps): Bump google.golang.org/api in /pkg/signature/kms/gcp (#1821)
615304f build(deps): Bump github.com/jellydator/ttlcache/v3 (#1820)
6fb1d8b build(deps): Bump github.com/jellydator/ttlcache/v3 (#1819)
075e85c build(deps): Bump actions/upload-artifact in the all group (#1825)
0ca1da6 build(deps): Bump the gomod group across 4 directories with 3 updates (#1818)
26aae9d build(deps): Bump cloud.google.com/go/kms in /pkg/signature/kms/gcp (#1817)
Additional commits viewable in compare view

Updates github.com/sigstore/sigstore/pkg/signature/kms/gcp from 1.8.8 to 1.8.9

Release notes

Sourced from github.com/sigstore/sigstore/pkg/signature/kms/gcp's releases.

v1.8.9

What's Changed

fuzzing: improve coverage by @AdamKorcz in sigstore/sigstore#1809

Deserialize ed25519 keys from hashivault correctly by @stevenjohnstone in sigstore/sigstore#1811

oauthflow: Add SubjectFromUnverifiedToken by @adityasaky in sigstore/sigstore#1826

Full Changelog: sigstore/sigstore@v1.8.8...v1.8.9

Commits

4c750b7 oauthflow: Add SubjectFromUnverifiedToken (#1826)
b27128f build(deps): Bump the all group in /test/e2e with 2 updates (#1824)
65aaa14 build(deps): Bump github.com/jellydator/ttlcache/v3 (#1822)
21ad778 build(deps): Bump github.com/jellydator/ttlcache/v3 (#1823)
ebbebbf build(deps): Bump google.golang.org/api in /pkg/signature/kms/gcp (#1821)
615304f build(deps): Bump github.com/jellydator/ttlcache/v3 (#1820)
6fb1d8b build(deps): Bump github.com/jellydator/ttlcache/v3 (#1819)
075e85c build(deps): Bump actions/upload-artifact in the all group (#1825)
0ca1da6 build(deps): Bump the gomod group across 4 directories with 3 updates (#1818)
26aae9d build(deps): Bump cloud.google.com/go/kms in /pkg/signature/kms/gcp (#1817)
Additional commits viewable in compare view

Updates github.com/sigstore/sigstore/pkg/signature/kms/hashivault from 1.8.8 to 1.8.9

Release notes

Sourced from github.com/sigstore/sigstore/pkg/signature/kms/hashivault's releases.

v1.8.9

What's Changed

fuzzing: improve coverage by @AdamKorcz in sigstore/sigstore#1809

Deserialize ed25519 keys from hashivault correctly by @stevenjohnstone in sigstore/sigstore#1811

oauthflow: Add SubjectFromUnverifiedToken by @adityasaky in sigstore/sigstore#1826

Full Changelog: sigstore/sigstore@v1.8.8...v1.8.9

Commits

4c750b7 oauthflow: Add SubjectFromUnverifiedToken (#1826)
b27128f build(deps): Bump the all group in /test/e2e with 2 updates (#1824)
65aaa14 build(deps): Bump github.com/jellydator/ttlcache/v3 (#1822)
21ad778 build(deps): Bump github.com/jellydator/ttlcache/v3 (#1823)
ebbebbf build(deps): Bump google.golang.org/api in /pkg/signature/kms/gcp (#1821)
615304f build(deps): Bump github.com/jellydator/ttlcache/v3 (#1820)
6fb1d8b build(deps): Bump github.com/jellydator/ttlcache/v3 (#1819)
075e85c build(deps): Bump actions/upload-artifact in the all group (#1825)
0ca1da6 build(deps): Bump the gomod group across 4 directories with 3 updates (#1818)
26aae9d build(deps): Bump cloud.google.com/go/kms in /pkg/signature/kms/gcp (#1817)
Additional commits viewable in compare view

Updates golang.org/x/exp from 0.0.0-20240112132812-db7319d0e0e3 to 0.0.0-20240325151524-a685a6edb6d8

Commits

See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the all group with 8 updates in the / directory: | Package | From | To | | --- | --- | --- | | [github.com/google/trillian](https://github.com/google/trillian) | `1.6.0` | `1.6.1` | | [github.com/rs/cors](https://github.com/rs/cors) | `1.11.0` | `1.11.1` | | [github.com/sigstore/sigstore](https://github.com/sigstore/sigstore) | `1.8.8` | `1.8.9` | | [sigs.k8s.io/release-utils](https://github.com/kubernetes-sigs/release-utils) | `0.8.4` | `0.8.5` | | [github.com/sigstore/sigstore/pkg/signature/kms/aws](https://github.com/sigstore/sigstore) | `1.8.8` | `1.8.9` | | [github.com/sigstore/sigstore/pkg/signature/kms/azure](https://github.com/sigstore/sigstore) | `1.8.8` | `1.8.9` | | [github.com/sigstore/sigstore/pkg/signature/kms/gcp](https://github.com/sigstore/sigstore) | `1.8.8` | `1.8.9` | | [github.com/sigstore/sigstore/pkg/signature/kms/hashivault](https://github.com/sigstore/sigstore) | `1.8.8` | `1.8.9` | Updates `github.com/google/trillian` from 1.6.0 to 1.6.1 - [Release notes](https://github.com/google/trillian/releases) - [Changelog](https://github.com/google/trillian/blob/master/CHANGELOG.md) - [Commits](google/trillian@v1.6.0...v1.6.1) Updates `github.com/prometheus/client_golang` from 1.19.1 to 1.20.2 - [Release notes](https://github.com/prometheus/client_golang/releases) - [Changelog](https://github.com/prometheus/client_golang/blob/main/CHANGELOG.md) - [Commits](prometheus/client_golang@v1.19.1...v1.20.2) Updates `github.com/rs/cors` from 1.11.0 to 1.11.1 - [Commits](rs/cors@v1.11.0...v1.11.1) Updates `github.com/sigstore/sigstore` from 1.8.8 to 1.8.9 - [Release notes](https://github.com/sigstore/sigstore/releases) - [Commits](sigstore/sigstore@v1.8.8...v1.8.9) Updates `sigs.k8s.io/release-utils` from 0.8.4 to 0.8.5 - [Release notes](https://github.com/kubernetes-sigs/release-utils/releases) - [Commits](kubernetes-sigs/release-utils@v0.8.4...v0.8.5) Updates `github.com/sigstore/sigstore/pkg/signature/kms/aws` from 1.8.8 to 1.8.9 - [Release notes](https://github.com/sigstore/sigstore/releases) - [Commits](sigstore/sigstore@v1.8.8...v1.8.9) Updates `github.com/sigstore/sigstore/pkg/signature/kms/azure` from 1.8.8 to 1.8.9 - [Release notes](https://github.com/sigstore/sigstore/releases) - [Commits](sigstore/sigstore@v1.8.8...v1.8.9) Updates `github.com/sigstore/sigstore/pkg/signature/kms/gcp` from 1.8.8 to 1.8.9 - [Release notes](https://github.com/sigstore/sigstore/releases) - [Commits](sigstore/sigstore@v1.8.8...v1.8.9) Updates `github.com/sigstore/sigstore/pkg/signature/kms/hashivault` from 1.8.8 to 1.8.9 - [Release notes](https://github.com/sigstore/sigstore/releases) - [Commits](sigstore/sigstore@v1.8.8...v1.8.9) Updates `golang.org/x/exp` from 0.0.0-20240112132812-db7319d0e0e3 to 0.0.0-20240325151524-a685a6edb6d8 - [Commits](https://github.com/golang/exp/commits) --- updated-dependencies: - dependency-name: github.com/google/trillian dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: github.com/prometheus/client_golang dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all - dependency-name: github.com/rs/cors dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: github.com/sigstore/sigstore dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: sigs.k8s.io/release-utils dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/aws dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/azure dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/gcp dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/hashivault dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: golang.org/x/exp dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all ... Signed-off-by: dependabot[bot] <[email protected]>

dependabot bot requested a review from a team as a code owner September 16, 2024 11:51

dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Sep 16, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

build(deps): Bump the all group across 1 directory with 10 updates #2226

build(deps): Bump the all group across 1 directory with 10 updates #2226

dependabot bot commented on behalf of github Sep 16, 2024

build(deps): Bump the all group across 1 directory with 10 updates #2226

Are you sure you want to change the base?

build(deps): Bump the all group across 1 directory with 10 updates #2226

Conversation

dependabot bot commented on behalf of github Sep 16, 2024

v1.6.1

What's Changed

MySQL

Documentation

Misc

Dependency updates

v1.6.1

MySQL

Documentation

Misc

Dependency updates

v1.20.2

v1.20.1

v1.20.0

Changes

1.20.2 / 2024-08-23

1.20.1 / 2024-08-20

1.20.0 / 2024-08-14

1.19.0 / 2024-02-27

1.18.0 / 2023-12-22

1.17.0 / 2023-09-27

1.16.0 / 2023-06-15

v1.8.9

What's Changed

v0.8.5

v1.8.9

What's Changed

v1.8.9

What's Changed

v1.8.9

What's Changed

v1.8.9

What's Changed