Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(deps): Bump the sigstore group with 9 updates #1809

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

chore(deps): Bump the sigstore group with 9 updates #1809

wants to merge 1 commit into from
+344 −326

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Apr 4, 2025
edited
Loading

⚠️ Dependabot is rebasing this PR ⚠️

Rebasing might not happen immediately, so don't worry if this takes some time.

Note: if you make any changes to this PR yourself, they will take precedence over the rebase.

Bumps the sigstore group with 9 updates:

Package From To
github.com/sigstore/cosign/v2 2.4.1 2.4.3
github.com/sigstore/rekor 1.3.7 1.3.9
github.com/sigstore/sigstore 1.8.12 1.8.15
github.com/sigstore/protobuf-specs 0.4.0 0.4.1
github.com/sigstore/scaffolding 0.7.18 0.7.21
github.com/sigstore/sigstore/pkg/signature/kms/aws 1.8.12 1.8.15
github.com/sigstore/sigstore/pkg/signature/kms/azure 1.8.12 1.8.15
github.com/sigstore/sigstore/pkg/signature/kms/gcp 1.8.12 1.8.15
github.com/sigstore/sigstore/pkg/signature/kms/hashivault 1.8.12 1.8.15

Updates github.com/sigstore/cosign/v2 from 2.4.1 to 2.4.3

Release notes

Sourced from github.com/sigstore/cosign/v2's releases.

v2.4.3

Features

  • Bump sigstore/sigstore to support KMS plugins (#4073)
  • Enable fetching signatures without remote get. (#4047)
  • Feat/file flag completion improvements (#4028)
  • Update builder to use go1.23.6 (#4052)

Bug Fixes

  • fix parsing error in --only for cosign copy (#4049)

Cleanup

  • Refactor verifyNewBundle into library function (#4013)
  • fix comment typo and imports order (#4061)
  • sync comment with parameter name in function signature (#4063)
  • sort properly Go imports (#4071)

Contributors

  • Bob Callaway
  • Carlos Tadeu Panato Junior
  • Cody Soyland
  • Dmitry Savintsev
  • Hayden B
  • Tomasz Janiszewski
  • Ville Skyttä

v2.4.2

Features

  • Updated open-policy-agent to 1.1.0 library (#4036)
    • Note that only Rego v0 policies are supported at this time
  • Add UseSignedTimestamps to CheckOpts, refactor TSA options (#4006)
  • Add support for verifying root checksum in cosign initialize (#3953)
  • Detect if user supplied a valid protobuf bundle (#3931)
  • Add a log message if user doesn't provide --trusted-root (#3933)
  • Support mTLS towards container registry (#3922)
  • Add bundle create helper command (#3901)
  • Add trusted-root create helper command (#3876)

Bug Fixes

  • fix: set tls config while retaining other fields from default http transport (#4007)
  • policy fuzzer: ignore known panics (#3993)
  • Fix for multiple WithRemote options (#3982)
  • Add nightly conformance test workflow (#3979)
  • Fix copy --only for signatures + update/align docs (#3904)

... (truncated)

Changelog

Sourced from github.com/sigstore/cosign/v2's changelog.

v2.4.3

Features

  • Bump sigstore/sigstore to support KMS plugins (#4073)
  • Enable fetching signatures without remote get. (#4047)
  • Feat/file flag completion improvements (#4028)
  • Update builder to use go1.23.6 (#4052)

Bug Fixes

  • fix parsing error in --only for cosign copy (#4049)

Cleanup

  • Refactor verifyNewBundle into library function (#4013)
  • fix comment typo and imports order (#4061)
  • sync comment with parameter name in function signature (#4063)
  • sort properly Go imports (#4071)

Contributors

  • Bob Callaway
  • Carlos Tadeu Panato Junior
  • Cody Soyland
  • Dmitry Savintsev
  • Hayden B
  • Tomasz Janiszewski
  • Ville Skyttä

v2.4.2

Features

  • Updated open-policy-agent to 1.1.0 library (#4036)
    • Note that only Rego v0 policies are supported at this time
  • Add UseSignedTimestamps to CheckOpts, refactor TSA options (#4006)
  • Add support for verifying root checksum in cosign initialize (#3953)
  • Detect if user supplied a valid protobuf bundle (#3931)
  • Add a log message if user doesn't provide --trusted-root (#3933)
  • Support mTLS towards container registry (#3922)
  • Add bundle create helper command (#3901)
  • Add trusted-root create helper command (#3876)

Bug Fixes

  • fix: set tls config while retaining other fields from default http transport (#4007)
  • policy fuzzer: ignore known panics (#3993)
  • Fix for multiple WithRemote options (#3982)
  • Add nightly conformance test workflow (#3979)

... (truncated)

Commits
  • 6a7abbf chore(deps): bump the gomod group across 1 directory with 4 updates (#4074)
  • 0b69cc5 chore(deps): bump github.com/buildkite/agent/v3 from 3.91.0 to 3.92.1 (#4066)
  • 3564b3e chore(deps): bump gitlab.com/gitlab-org/api/client-go (#4065)
  • d6aeeb2 Enable fetching signatures without remote get. (#4047)
  • 26d0ee5 Bump sigstore/sigstore to support KMS plugins (#4073)
  • 5181623 chore(deps): bump golangci/golangci-lint-action in the actions group (#4070)
  • c1b1a78 chore(deps): bump github.com/spf13/cobra from 1.8.1 to 1.9.1 (#4067)
  • a0b20b7 sort properly Go imports (#4071)
  • b4be5f7 chore(deps): bump google.golang.org/api from 0.220.0 to 0.221.0 (#4068)
  • 01fde81 sync comment with parameter name in function signature (#4063)
  • Additional commits viewable in compare view

Updates github.com/sigstore/rekor from 1.3.7 to 1.3.9

Release notes

Sourced from github.com/sigstore/rekor's releases.

v1.3.9

Changelog

  • f3db95b2bb18be7e1904fa25d1bcdb7d55caa73a Cache checkpoint for inactive shards (#2332)
  • f875aa2d39b2bcef0e84e43a6153447bed0077f6 Support per-shard signing keys (#2330)

Thanks for all contributors!

v1.3.8

Changelog

Please see https://github.com/sigstore/rekor/blob/main/CHANGELOG.md for changes included in this release.

New Contributors

Full Changelog: sigstore/rekor@v1.3.7...v1.3.8

Changelog

Sourced from github.com/sigstore/rekor's changelog.

v1.3.9

Features

  • Cache checkpoint for inactive shards (#2332)
  • Support per-shard signing keys (#2330)

Contributors

  • Hayden B

v1.3.8

Bug Fixes

  • fix zizmor issues (#2298)
  • remove unneeded value in log message (#2282)

Quality Enhancements

  • chore: relax go directive to permit 1.22.x
  • fetch minisign from homebrew instead of custom ppa (#2329)
  • fix(ci): simplify GOVERSION extraction
  • chore(deps): bump actions pins to latest
  • Updates go and golangci-lint (#2302)
  • update builder to use go1.23.4 (#2301)
  • clean up spaces
  • log request body on 500 error to aid debugging (#2283)

Contributors

  • Appu Goundan
  • Bob Callaway
  • Carlos Tadeu Panato Junior
  • Dominic Evans
  • sgpinkus
Commits
  • b67ee82 build(deps): Bump google.golang.org/grpc from 1.69.4 to 1.70.0
  • 40f29ba build(deps): Bump golang from 51a6466 to 8c10f21
  • 2497b42 build(deps): Bump google/cloud-sdk from 506.0.0 to 507.0.0
  • ac42c19 build(deps): Bump google.golang.org/api from 0.217.0 to 0.218.0
  • 10e8115 build(deps): Bump the all group with 3 updates
  • 2f182a1 build(deps): Bump google.golang.org/protobuf in the all group
  • f3db95b Cache checkpoint for inactive shards (#2332)
  • 1cb78ca build(deps): Bump google/cloud-sdk from 505.0.0 to 506.0.0
  • b68f6bb build(deps): Bump google.golang.org/api from 0.216.0 to 0.217.0
  • 15c696c build(deps): Bump github.com/tink-crypto/tink-go/v2 from 2.2.0 to 2.3.0
  • Additional commits viewable in compare view

Updates github.com/sigstore/sigstore from 1.8.12 to 1.8.15

Release notes

Sourced from github.com/sigstore/sigstore's releases.

v1.8.15

What's Changed

Full Changelog: sigstore/sigstore@v1.8.14...v1.8.15

v1.8.14

What's Changed

This is the same content as v1.8.13, with a CI/CD fix.

v1.8.13

What's Changed

Full Changelog: sigstore/sigstore@v1.8.12...v1.8.13

Commits
  • 0c5004e build(deps): Bump golang.org/x/oauth2 from 0.25.0 to 0.26.0 (#1968)
  • 08ccf77 build(deps): Bump github.com/aws/aws-sdk-go-v2 in /pkg/signature/kms/aws (#1970)
  • 9720b04 build(deps): Bump golangci/golangci-lint-action (#1984)
  • ce0fa17 fix: cliplugin: return ErrorProviderNotFound when calling Get with a path (#1...
  • a5ada3f check concrete type for non-nil (#1983)
  • 75b85e2 pkg/signature: fix RSA PSS 3072 key size in algorithm registry (#1981)
  • 351b102 export variable (#1978)
  • 0a1ec6f build(deps): Bump golang.org/x/oauth2 in /pkg/signature/kms/gcp (#1973)
  • a806b7e build(deps): Bump github.com/hashicorp/vault/api (#1974)
  • a235f11 build(deps): Bump localstack/localstack in /test/e2e in the all group (#1965)
  • Additional commits viewable in compare view

Updates github.com/sigstore/protobuf-specs from 0.4.0 to 0.4.1

Changelog

Sourced from github.com/sigstore/protobuf-specs's changelog.

0.4.1

Changed

  • Updated SigningConfig to specify API versions and validity periods (#539)
  • Added deprecated, but still in use, algorithms for ECDSA P384 and P512 using SHA256 (#572)
Commits
  • 9581010 protos/PublicKeyDetails: add compatibility algorithms using SHA256 (#572)
  • 44b9830 build(deps): bump quote from 1.0.38 to 1.0.40 in /gen/pb-rust (#580)
  • e5bccce build(deps): bump syn from 2.0.98 to 2.0.100 in /gen/pb-rust (#581)
  • ed1f69d build(deps): bump prost from 0.13.4 to 0.13.5 in /gen/pb-rust (#584)
  • 3629838 build(deps): bump serde_json from 1.0.139 to 1.0.140 in /gen/pb-rust (#583)
  • a9885b2 build(deps): bump anyhow from 1.0.96 to 1.0.97 in /gen/pb-rust (#582)
  • 7e4a1ad Update Dockerfile.protobuf to 29.4 (#571)
  • bf91edb minor zizmor fixes to specify permissions (#570)
  • 01c386e build(deps): bump gradle/actions from 4.3.0 to 4.3.1 (#567)
  • 793836f build(deps): bump ruby/setup-ruby from 1.227.0 to 1.229.0 (#569)
  • Additional commits viewable in compare view

Updates github.com/sigstore/scaffolding from 0.7.18 to 0.7.21

Release notes

Sourced from github.com/sigstore/scaffolding's releases.

v0.7.21

Thanks to all contributors!

There were tags for v0.7.19 and v0.17.20 but due to CI issues those were not formally released.

Full Changelog: sigstore/scaffolding@v0.7.18...v0.7.21

Commits
  • 4f267e0 go mod tidy (#1494)
  • 4a71cd9 bump smallstep/crypto (#1493)
  • 5493614 bump terraform to 1.11.0 (#1491)
  • c081f09 Bump cloud-sql-connectors/cloud-sql-proxy from 2.15.0-alpine to 2.15.1-alpine...
  • f24630a Bump trillian-opensource-ci/db_server in /config/trillian/mysql (#1488)
  • b2bd2cc Bump go.step.sm/crypto from 0.58.0 to 0.59.0 (#1489)
  • db0f5b3 Bump golang.org/x/crypto from 0.34.0 to 0.35.0 (#1490)
  • 702db8b Fix scaffolding trust root (#1486)
  • 527c985 Bump the terraform group across 25 directories with 1 update (#1487)
  • 8549da7 Bump github.com/go-jose/go-jose/v3 from 3.0.3 to 3.0.4 (#1484)
  • Additional commits viewable in compare view

Updates github.com/sigstore/sigstore/pkg/signature/kms/aws from 1.8.12 to 1.8.15

Release notes

Sourced from github.com/sigstore/sigstore/pkg/signature/kms/aws's releases.

v1.8.15

What's Changed

Full Changelog: sigstore/sigstore@v1.8.14...v1.8.15

v1.8.14

What's Changed

This is the same content as v1.8.13, with a CI/CD fix.

v1.8.13

What's Changed

Full Changelog: sigstore/sigstore@v1.8.12...v1.8.13

Commits
  • 0c5004e build(deps): Bump golang.org/x/oauth2 from 0.25.0 to 0.26.0 (#1968)
  • 08ccf77 build(deps): Bump github.com/aws/aws-sdk-go-v2 in /pkg/signature/kms/aws (#1970)
  • 9720b04 build(deps): Bump golangci/golangci-lint-action (#1984)
  • ce0fa17 fix: cliplugin: return ErrorProviderNotFound when calling Get with a path (#1...
  • a5ada3f check concrete type for non-nil (#1983)
  • 75b85e2 pkg/signature: fix RSA PSS 3072 key size in algorithm registry (#1981)
  • 351b102 export variable (#1978)
  • 0a1ec6f build(deps): Bump golang.org/x/oauth2 in /pkg/signature/kms/gcp (#1973)
  • a806b7e build(deps): Bump github.com/hashicorp/vault/api (#1974)
  • a235f11 build(deps): Bump localstack/localstack in /test/e2e in the all group (#1965)
  • Additional commits viewable in compare view

Updates github.com/sigstore/sigstore/pkg/signature/kms/azure from 1.8.12 to 1.8.15

Release notes

Sourced from github.com/sigstore/sigstore/pkg/signature/kms/azure's releases.

v1.8.15

What's Changed

Full Changelog: sigstore/sigstore@v1.8.14...v1.8.15

v1.8.14

What's Changed

This is the same content as v1.8.13, with a CI/CD fix.

v1.8.13

What's Changed

Full Changelog: sigstore/sigstore@v1.8.12...v1.8.13

Commits
  • 0c5004e build(deps): Bump golang.org/x/oauth2 from 0.25.0 to 0.26.0 (#1968)
  • 08ccf77 build(deps): Bump github.com/aws/aws-sdk-go-v2 in /pkg/signature/kms/aws (#1970)
  • 9720b04 build(deps): Bump golangci/golangci-lint-action (#1984)
  • ce0fa17 fix: cliplugin: return ErrorProviderNotFound when calling Get with a path (#1...
  • a5ada3f check concrete type for non-nil (#1983)
  • 75b85e2 pkg/signature: fix RSA PSS 3072 key size in algorithm registry (#1981)
  • 351b102 export variable (#1978)
  • 0a1ec6f build(deps): Bump golang.org/x/oauth2 in /pkg/signature/kms/gcp (#1973)
  • a806b7e build(deps): Bump github.com/hashicorp/vault/api (#1974)
  • a235f11 build(deps): Bump localstack/localstack in /test/e2e in the all group (#1965)
  • Additional commits viewable in compare view

Updates github.com/sigstore/sigstore/pkg/signature/kms/gcp from 1.8.12 to 1.8.15

Release notes

Sourced from github.com/sigstore/sigstore/pkg/signature/kms/gcp's releases.

v1.8.15

What's Changed

Full Changelog: sigstore/sigstore@v1.8.14...v1.8.15

v1.8.14

What's Changed

This is the same content as v1.8.13, with a CI/CD fix.

v1.8.13

What's Changed

Full Changelog: sigstore/sigstore@v1.8.12...v1.8.13

Commits
  • 0c5004e build(deps): Bump golang.org/x/oauth2 from 0.25.0 to 0.26.0 (#1968)
  • 08ccf77 build(deps): Bump github.com/aws/aws-sdk-go-v2 in /pkg/signature/kms/aws (#1970)
  • 9720b04 build(deps): Bump golangci/golangci-lint-action (#1984)
  • ce0fa17 fix: cliplugin: return ErrorProviderNotFound when calling Get with a path (#1...
  • a5ada3f check concrete type for non-nil (#1983)
  • 75b85e2 pkg/signature: fix RSA PSS 3072 key size in algorithm registry (#1981)
  • 351b102 export variable (#1978)
  • 0a1ec6f build(deps): Bump golang.org/x/oauth2 in /pkg/signature/kms/gcp (#1973)
  • a806b7e build(deps): Bump github.com/hashicorp/vault/api (#1974)
  • a235f11 build(deps): Bump localstack/localstack in /test/e2e in the all group (#1965)
  • Additional commits viewable in compare view

Updates github.com/sigstore/sigstore/pkg/signature/kms/hashivault from 1.8.12 to 1.8.15

Release notes

Sourced from github.com/sigstore/sigstore/pkg/signature/kms/hashivault's releases.

v1.8.15

What's Changed

Full Changelog: sigstore/sigstore@v1.8.14...v1.8.15

v1.8.14

What's Changed

This is the same content as v1.8.13, with a CI/CD fix.

v1.8.13

What's Changed

Full Changelog: sigstore/sigstore@v1.8.12...v1.8.13

Commits
  • 0c5004e build(deps): Bump golang.org/x/oauth2 from 0.25.0 to 0.26.0 (#1968)
  • 08ccf77 build(deps): Bump github.com/aws/aws-sdk-go-v2 in /pkg/signature/kms/aws (#1970)
  • 9720b04 build(deps): Bump golangci/golangci-lint-action (#1984)
  • ce0fa17 fix: cliplugin: return ErrorProviderNotFound when calling Get with a path (#1...
  • a5ada3f check concrete type for non-nil (#1983)
  • 75b85e2 pkg/signature: fix RSA PSS 3072 key size in algorithm registry (#1981)
  • 351b102 export variable (#1978)
  • 0a1ec6f build(deps): Bump golang.org/x/oauth2 in /pkg/signature/kms/gcp (#1973)
  • a806b7e build(deps): Bump github.com/hashicorp/vault/api (#1974)
  • a235f11 build(deps): Bump localstack/localstack in /test/e2e in the all group (#1965)
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Apr 4, 2025
This was referenced Apr 4, 2025
Closed
Closed
Closed
@dependabot
chore(deps): Bump the sigstore group with 9 updates
4232f5f 
Bumps the sigstore group with 9 updates:

| Package | From | To |
| --- | --- | --- |
| [github.com/sigstore/cosign/v2](https://github.com/sigstore/cosign) | `2.4.1` | `2.4.3` |
| [github.com/sigstore/rekor](https://github.com/sigstore/rekor) | `1.3.7` | `1.3.9` |
| [github.com/sigstore/sigstore](https://github.com/sigstore/sigstore) | `1.8.12` | `1.8.15` |
| [github.com/sigstore/protobuf-specs](https://github.com/sigstore/protobuf-specs) | `0.4.0` | `0.4.1` |
| [github.com/sigstore/scaffolding](https://github.com/sigstore/scaffolding) | `0.7.18` | `0.7.21` |
| [github.com/sigstore/sigstore/pkg/signature/kms/aws](https://github.com/sigstore/sigstore) | `1.8.12` | `1.8.15` |
| [github.com/sigstore/sigstore/pkg/signature/kms/azure](https://github.com/sigstore/sigstore) | `1.8.12` | `1.8.15` |
| [github.com/sigstore/sigstore/pkg/signature/kms/gcp](https://github.com/sigstore/sigstore) | `1.8.12` | `1.8.15` |
| [github.com/sigstore/sigstore/pkg/signature/kms/hashivault](https://github.com/sigstore/sigstore) | `1.8.12` | `1.8.15` |


Updates `github.com/sigstore/cosign/v2` from 2.4.1 to 2.4.3
- [Release notes](https://github.com/sigstore/cosign/releases)
- [Changelog](https://github.com/sigstore/cosign/blob/main/CHANGELOG.md)
- [Commits](sigstore/cosign@v2.4.1...v2.4.3)

Updates `github.com/sigstore/rekor` from 1.3.7 to 1.3.9
- [Release notes](https://github.com/sigstore/rekor/releases)
- [Changelog](https://github.com/sigstore/rekor/blob/main/CHANGELOG.md)
- [Commits](sigstore/rekor@v1.3.7...v1.3.9)

Updates `github.com/sigstore/sigstore` from 1.8.12 to 1.8.15
- [Release notes](https://github.com/sigstore/sigstore/releases)
- [Commits](sigstore/sigstore@v1.8.12...v1.8.15)

Updates `github.com/sigstore/protobuf-specs` from 0.4.0 to 0.4.1
- [Release notes](https://github.com/sigstore/protobuf-specs/releases)
- [Changelog](https://github.com/sigstore/protobuf-specs/blob/main/CHANGELOG.md)
- [Commits](sigstore/protobuf-specs@v0.4.0...v0.4.1)

Updates `github.com/sigstore/scaffolding` from 0.7.18 to 0.7.21
- [Release notes](https://github.com/sigstore/scaffolding/releases)
- [Changelog](https://github.com/sigstore/scaffolding/blob/main/release.md)
- [Commits](sigstore/scaffolding@v0.7.18...v0.7.21)

Updates `github.com/sigstore/sigstore/pkg/signature/kms/aws` from 1.8.12 to 1.8.15
- [Release notes](https://github.com/sigstore/sigstore/releases)
- [Commits](sigstore/sigstore@v1.8.12...v1.8.15)

Updates `github.com/sigstore/sigstore/pkg/signature/kms/azure` from 1.8.12 to 1.8.15
- [Release notes](https://github.com/sigstore/sigstore/releases)
- [Commits](sigstore/sigstore@v1.8.12...v1.8.15)

Updates `github.com/sigstore/sigstore/pkg/signature/kms/gcp` from 1.8.12 to 1.8.15
- [Release notes](https://github.com/sigstore/sigstore/releases)
- [Commits](sigstore/sigstore@v1.8.12...v1.8.15)

Updates `github.com/sigstore/sigstore/pkg/signature/kms/hashivault` from 1.8.12 to 1.8.15
- [Release notes](https://github.com/sigstore/sigstore/releases)
- [Commits](sigstore/sigstore@v1.8.12...v1.8.15)

---
updated-dependencies:
- dependency-name: github.com/sigstore/cosign/v2
  dependency-version: 2.4.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: sigstore
- dependency-name: github.com/sigstore/rekor
  dependency-version: 1.3.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: sigstore
- dependency-name: github.com/sigstore/sigstore
  dependency-version: 1.8.15
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: sigstore
- dependency-name: github.com/sigstore/protobuf-specs
  dependency-version: 0.4.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: sigstore
- dependency-name: github.com/sigstore/scaffolding
  dependency-version: 0.7.21
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: sigstore
- dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/aws
  dependency-version: 1.8.15
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: sigstore
- dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/azure
  dependency-version: 1.8.15
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: sigstore
- dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/gcp
  dependency-version: 1.8.15
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: sigstore
- dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/hashivault
  dependency-version: 1.8.15
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: sigstore
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot force-pushed the dependabot/go_modules/sigstore-a9d63554b5 branch from 63fe55f to 4232f5f Compare April 7, 2025 18:44
@codysoyland
Copy link
Member

@dependabot recreate

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file go Pull requests that update Go code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@codysoyland