Skip to content

Bump the gomod group across 1 directory with 5 updates#818

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/go_modules/gomod-c3a2c29567
Open

Bump the gomod group across 1 directory with 5 updates#818
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/go_modules/gomod-c3a2c29567

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Jun 1, 2026

Bumps the gomod group with 4 updates in the / directory: github.com/go-git/go-git/v5, github.com/go-openapi/strfmt, github.com/sigstore/fulcio and github.com/sigstore/rekor.

Updates github.com/go-git/go-git/v5 from 5.19.0 to 5.19.1

Release notes

Sourced from github.com/go-git/go-git/v5's releases.

v5.19.1

What's Changed

Full Changelog: go-git/go-git@v5.19.0...v5.19.1

Commits
  • 3c3be60 Merge pull request #2137 from go-git/validate-v5
  • 3fba897 plumbing: format/packfile, cap delta chain depth in parser
  • a97d660 Merge pull request #2125 from hiddeco/v5/format-input-bounds
  • aeaa125 plumbing: format/objfile, require Header before Read
  • 1f38e17 plumbing: format/packfile, bound inflate size
  • f7545a0 plumbing: format/idxfile, bound nr by file size
  • 170b881 Merge pull request #2116 from pjbgf/symlink-v5
  • 7b6d994 Merge pull request #2117 from hiddeco/v5/worktree-fs-mkdirall-root-noop
  • f0709b3 git: Stop validating symlink target paths
  • 776d00f git: Allow MkdirAll on worktree-root paths
  • Additional commits viewable in compare view

Updates github.com/go-openapi/strfmt from 0.26.2 to 0.26.3

Release notes

Sourced from github.com/go-openapi/strfmt's releases.

v0.26.3

0.26.3 - 2026-05-31

Full Changelog: go-openapi/strfmt@v0.26.2...v0.26.3

15 commits in this release.

Documentation

Miscellaneous tasks

Updates

People who contributed to this release

strfmt license terms

[License][license-url]

... (truncated)

Commits
  • d93543f chore: prepare release v0.26.3
  • 7841767 build(deps): bump the other-dependencies group across 3 directories with 2 up...
  • f041a88 build(deps): bump golang.org/x/net
  • 6ac9968 build(deps): bump the go-openapi-dependencies group across 2 directories with...
  • 1d31844 fix(ci): monitor - work around dependabot identity requirements
  • 1531efc fix(ci): typo in sha
  • cb7dd25 fix(ci): updated shared ci worflows (fix monitor-bot identity)
  • 62db01a fix(ci): updated shared ci worflows (fix monitor-bot permissions)
  • c7cf6fb fix(ci): updated shared ci worflows (fix monitor-bot filter) (#259)
  • c2e3626 doc: updated contributors file
  • Additional commits viewable in compare view

Updates github.com/sigstore/fulcio from 1.8.5 to 1.8.7

Release notes

Sourced from github.com/sigstore/fulcio's releases.

v1.8.7

Changelog

  • 8254f95cac5652eed07420c360775b2ae513053b Allow directly-configured Kubernetes issuers to use in-cluster auth path (#2356)

Thanks for all contributors!

v1.8.6

Changelog

  • 378c654f48c3bafdced04ead7010aab2cb4c6ca1 Block cross-host redirects and restrict bearer token to expected host (#2354)
  • 39b48e6a8f2efe1809a1b19b4301666c3fd36667 Include raw subject in certificates (#2307)
  • 80eaed06e911cdfd26dd18f02b8e862f7f6ee453 Update Azure AKS OIDC issuer URL regex (#2266)
  • 001376a50932095cf4b6e65299ed2d29abe83524 add support for new circleci root issuer (#2278)

Thanks for all contributors!

Changelog

Sourced from github.com/sigstore/fulcio's changelog.

v1.8.6

Features

  • Include raw subject in certificates (#2307)
Commits
  • 8254f95 Allow directly-configured Kubernetes issuers to use in-cluster auth path (#2356)
  • d614dd4 build(deps): bump cloud.google.com/go/security from 1.19.2 to 1.24.0 (#2346)
  • 92cfd93 build(deps): bump protocolbuffers/protobuf from 34.1 to 35.0 (#2351)
  • 378c654 Block cross-host redirects and restrict bearer token to expected host (#2354)
  • 7a5d3e3 bump builder image to use go1.26.3 (#2353)
  • a05982e build(deps): bump go.step.sm/crypto from 0.75.0 to 0.81.0 (#2348)
  • dfa63a8 build(deps): bump golang from 313faae to 2d6c802 (#2344)
  • 7b3a344 build(deps): bump google.golang.org/api from 0.279.0 to 0.280.0 (#2349)
  • 9290f7f build(deps): bump the all group with 2 updates (#2350)
  • 423d535 build(deps): bump nginx from 1.31.0 to 1.31.1 in the all group (#2352)
  • Additional commits viewable in compare view

Updates github.com/sigstore/rekor from 1.5.1 to 1.5.2

Release notes

Sourced from github.com/sigstore/rekor's releases.

v1.5.2

Changelog

  • 759b98e2a7c39ea9779b6a51299c5f0f987f8802 alpine: Enforce max size limit on decompression (#2831)
  • c7e77ee26edd8631dd417166907093a9f13b85e5 Support restricting kinds on insertion (#2814)
  • a10818a8778dcb58eb582d00ffda4b2c86bf190b fix(trillianclient): strip dns:/// scheme from TLS ServerName in gRPC dial (#2812)
  • 8a2f3a2dd023b81ad8b63e2f365676ec438dc9fa add checks to ensure returned entries match client inputs to rekor-cli (#2799)
  • 0e88bac01d1173b8b2cbc8ed790106441573bbdb add nil pointer check to resolve fuzzing crash (#2807)
  • 93da954478a2ffb1821d4904a80d9a5cbe268324 client: surface last-response details after retries are exhausted (#2796)
  • 4d67ecd8ec810bc6af9761ad10ebd2ac899cfdbd Fix internal error detail leakage in 500 responses (#2801)
  • b34ca94fc01405cb50acb956cc181d57382a6b2d add defensive check to ensure tid is in config ahead of getting client (#2795)
  • 656c832ab90feef91f5dcc751ae1cb851c73f4bd restapi: include inactiveShards in the homepage total count (#2797)

Thanks for all contributors!

Commits
  • 3b75cd9 build(deps): Bump the all group across 1 directory with 7 updates (#2829)
  • 759b98e alpine: Enforce max size limit on decompression (#2831)
  • c7e77ee Support restricting kinds on insertion (#2814)
  • a10818a fix(trillianclient): strip dns:/// scheme from TLS ServerName in gRPC dial (#...
  • c31f3fc build(deps): Bump cloud.google.com/go/profiler from 0.4.3 to 0.6.0
  • f2a9fb0 build(deps): Bump go.uber.org/zap from 1.27.1 to 1.28.0
  • e3ba248 build(deps): Bump golang in the all group across 1 directory
  • 62e5ddd build(deps): Bump github.com/go-openapi/swag from 0.25.5 to 0.26.0
  • f4f91d5 build(deps): Bump github.com/tink-crypto/tink-go-awskms/v2 to v3 (#2827)
  • 9bc540f build(deps): Bump google.com/cloudsdktool/google-cloud-cli (#2820)
  • Additional commits viewable in compare view

Updates github.com/sigstore/sigstore from 1.10.5 to 1.10.6

Release notes

Sourced from github.com/sigstore/sigstore's releases.

v1.10.6

What's Changed

Full Changelog: sigstore/sigstore@v1.10.5...v1.10.6

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Bump the gomod group across 1 directory with 5 updates
e942d26 
Bumps the gomod group with 4 updates in the / directory: [github.com/go-git/go-git/v5](https://github.com/go-git/go-git), [github.com/go-openapi/strfmt](https://github.com/go-openapi/strfmt), [github.com/sigstore/fulcio](https://github.com/sigstore/fulcio) and [github.com/sigstore/rekor](https://github.com/sigstore/rekor).


Updates `github.com/go-git/go-git/v5` from 5.19.0 to 5.19.1
- [Release notes](https://github.com/go-git/go-git/releases)
- [Changelog](https://github.com/go-git/go-git/blob/main/HISTORY.md)
- [Commits](go-git/go-git@v5.19.0...v5.19.1)

Updates `github.com/go-openapi/strfmt` from 0.26.2 to 0.26.3
- [Release notes](https://github.com/go-openapi/strfmt/releases)
- [Commits](go-openapi/strfmt@v0.26.2...v0.26.3)

Updates `github.com/sigstore/fulcio` from 1.8.5 to 1.8.7
- [Release notes](https://github.com/sigstore/fulcio/releases)
- [Changelog](https://github.com/sigstore/fulcio/blob/main/CHANGELOG.md)
- [Commits](sigstore/fulcio@v1.8.5...v1.8.7)

Updates `github.com/sigstore/rekor` from 1.5.1 to 1.5.2
- [Release notes](https://github.com/sigstore/rekor/releases)
- [Changelog](https://github.com/sigstore/rekor/blob/main/CHANGELOG.md)
- [Commits](sigstore/rekor@v1.5.1...v1.5.2)

Updates `github.com/sigstore/sigstore` from 1.10.5 to 1.10.6
- [Release notes](https://github.com/sigstore/sigstore/releases)
- [Commits](sigstore/sigstore@v1.10.5...v1.10.6)

---
updated-dependencies:
- dependency-name: github.com/go-git/go-git/v5
  dependency-version: 5.19.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: gomod
- dependency-name: github.com/go-openapi/strfmt
  dependency-version: 0.26.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: gomod
- dependency-name: github.com/sigstore/fulcio
  dependency-version: 1.8.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: gomod
- dependency-name: github.com/sigstore/rekor
  dependency-version: 1.5.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: gomod
- dependency-name: github.com/sigstore/sigstore
  dependency-version: 1.10.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: gomod
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Jun 1, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file go Pull requests that update Go code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants