chore(deps): bump the gomod group with 12 updates #4541

dependabot · 2025-11-24T16:37:01Z

Bumps the gomod group with 12 updates:

Package	From	To
cuelang.org/go	`0.15.0`	`0.15.1`
github.com/go-openapi/swag	`0.25.1`	`0.25.3`
github.com/go-openapi/swag/conv	`0.25.1`	`0.25.3`
github.com/sigstore/fulcio	`1.8.1`	`1.8.2`
github.com/sigstore/rekor	`1.4.2`	`1.4.3`
github.com/sigstore/sigstore	`1.9.6-0.20250729224751-181c5d3339b3`	`1.10.0`
github.com/sigstore/sigstore/pkg/signature/kms/aws	`1.9.5`	`1.10.0`
github.com/sigstore/sigstore/pkg/signature/kms/azure	`1.9.5`	`1.10.0`
github.com/sigstore/sigstore/pkg/signature/kms/gcp	`1.9.6-0.20250729224751-181c5d3339b3`	`1.10.0`
github.com/sigstore/sigstore/pkg/signature/kms/hashivault	`1.9.5`	`1.10.0`
gitlab.com/gitlab-org/api/client-go	`0.160.0`	`0.160.2`
google.golang.org/api	`0.255.0`	`0.256.0`

Updates cuelang.org/go from 0.15.0 to 0.15.1

Updates github.com/go-openapi/swag from 0.25.1 to 0.25.3

Commits

4db976a prepare v0.25.3
c65e588 fix(mangler): name mangler panics on trailing pluralized initialisms
47cac45 ci: lint now runs in 1 single job, not a matrix
5434c90 lint: fix modernize issues
ca4d1dd build(deps): bump the development-dependencies group across 2 directories wit...
8e10796 fix(typo): correct typos in funcs, comments, and docs
274f279 build(deps): bump the development-dependencies group across 2 directories wit...
23684ce build(deps): bump the development-dependencies group across 2 directories wit...
48179bd fixup dependabot.yaml
59456ad ci: pinned github actions used with their sha...
Additional commits viewable in compare view

Updates github.com/go-openapi/swag/conv from 0.25.1 to 0.25.3

Commits

4db976a prepare v0.25.3
c65e588 fix(mangler): name mangler panics on trailing pluralized initialisms
47cac45 ci: lint now runs in 1 single job, not a matrix
5434c90 lint: fix modernize issues
ca4d1dd build(deps): bump the development-dependencies group across 2 directories wit...
8e10796 fix(typo): correct typos in funcs, comments, and docs
274f279 build(deps): bump the development-dependencies group across 2 directories wit...
23684ce build(deps): bump the development-dependencies group across 2 directories wit...
48179bd fixup dependabot.yaml
59456ad ci: pinned github actions used with their sha...
Additional commits viewable in compare view

Updates github.com/sigstore/fulcio from 1.8.1 to 1.8.2

Release notes

Sourced from github.com/sigstore/fulcio's releases.

v1.8.2

This release also changes the format of the binary and container signature, which is now a Sigstore bundle. To verify a release, use the latest Cosign 3.x, verifying with cosign verify-blob --bundle <artifact>-keyless.sigstore.json <artifact>.

Testing

make email address in test cases rfc822 conformant (#2205)

Changelog

Sourced from github.com/sigstore/fulcio's changelog.

v1.8.2

Testing

make email address in test cases rfc822 conformant (#2205)

Commits

33129d0 Bump sigstore/sigstore, prep for v1.8.2 (#2214)
33a0384 build(deps): bump google.golang.org/api from 0.255.0 to 0.256.0 (#2213)
f8ecdcb Handle optional environment claim (#2212)
e91dc16 update go builder and cosign (#2211)
bb7f782 convert tools.go over to go tool paradigm (#2209)
44da357 Update Cosign commands for goreleaser for Cosign v3.x (#2208)
918c5c6 build(deps): bump sigstore/scaffolding/trillian_log_signer (#2202)
52d48ac build(deps): bump the all group with 2 updates (#2197)
47a29e5 build(deps): bump sigstore/scaffolding/trillian_log_server (#2203)
b7fafaf build(deps): bump chainguard-dev/actions in the all group (#2198)
Additional commits viewable in compare view

Updates github.com/sigstore/rekor from 1.4.2 to 1.4.3

Release notes

Sourced from github.com/sigstore/rekor's releases.

v1.4.3

This release reduces dependencies for a number of exported packages.

This release also changes the format of the binary and container signature, which is now a Sigstore bundle. To verify a release, use the latest Cosign 3.x, verifying with cosign verify-blob --bundle <artifact>-keyless.sigstore.json <artifact>.

Improvements

use interruptable context to elegantly handle signals in rekor-cli (#2681)

restapi: Don't log client errors as errors (#2680)

pkg: separate pki types from implementations (#2668)

e2e: don't mix e2e and regular utilities (#2672)

pkg: remove viper config from spec definitions (#2669)

log: remove zap & go-chi dependecy from pkg/types (#2667)

chore: update go-openapi/runtime to v0.29.0 (#2670)

chore: remove double imported mapstructure pkg (#2671)

remove archived dependency and use stdlib slices (#2650)

Documentation

(docs): guard unsafe int/uint conversions flagged by gosec (#2679)

Contributors

AdamKorcz

Bob Callaway

Jussi Kukkonen

Sachin Sampras M

Tõnis Tiigi

Changelog

Sourced from github.com/sigstore/rekor's changelog.

v1.4.3

This release reduces dependencies for a number of exported packages.

This release also changes the format of the binary and container signature, which is now a Sigstore bundle. To verify a release, use the latest Cosign 3.x, verifying with cosign verify-blob --bundle <artifact>-keyless.sigstore.json <artifact>.

Improvements

use interruptable context to elegantly handle signals in rekor-cli (#2681)

restapi: Don't log client errors as errors (#2680)

pkg: separate pki types from implementations (#2668)

e2e: don't mix e2e and regular utilities (#2672)

pkg: remove viper config from spec definitions (#2669)

log: remove zap & go-chi dependecy from pkg/types (#2667)

chore: update go-openapi/runtime to v0.29.0 (#2670)

chore: remove double imported mapstructure pkg (#2671)

remove archived dependency and use stdlib slices (#2650)

Documentation

(docs): guard unsafe int/uint conversions flagged by gosec (#2679)

Contributors

AdamKorcz

Bob Callaway

Jussi Kukkonen

Sachin Sampras M

Tõnis Tiigi

Commits

cb5b1d5 Changelog for v1.4.3, fix goreleaser for Cosign v3 (#2682)
b34d99d fix remaining zizmor fixes (#2617)
e032725 use interruptable context to elegantly handle signals in rekor-cli (#2681)
2d4e985 (docs): guard unsafe int/uint conversions flagged by gosec (#2679)
fdde6ec build(deps): Bump sigstore/scaffolding/trillian_log_signer (#2677)
5ecf774 build(deps): Bump sigstore/scaffolding/trillian_log_server (#2678)
381f351 build(deps): Bump go.step.sm/crypto from 0.73.0 to 0.74.0 (#2674)
e7bf948 build(deps): Bump golang.org/x/mod from 0.28.0 to 0.29.0 (#2665)
e8b7b7f build(deps): Bump github/codeql-action in the all group (#2663)
9589399 build(deps): Bump the all group with 7 updates (#2673)
Additional commits viewable in compare view

Updates github.com/sigstore/sigstore from 1.9.6-0.20250729224751-181c5d3339b3 to 1.10.0

Release notes

Sourced from github.com/sigstore/sigstore's releases.

v1.10.0

Breaking change

sigstore/sigstore#2194 moves cryptoutils.ValidatePubKey to goodkey.ValidatePubKey to minimize the dependency tree for clients using the cryptoutils package.

Features

feat(hashivault): token helper in sigstore/sigstore#2174

set GoogleAPIClientOption on GCP KMS provider in sigstore/sigstore#2128

Refactoring

cryptoutils: move goodkey validation to separate package in sigstore/sigstore#2194

Stop depending on golang.org/x/crypto for sha3 in sigstore/sigstore#2209

remove duplicative dependency for portable browser opener in sigstore/sigstore#2178

consolidate deep Equal usage to one library in sigstore/sigstore#2177

Drop redundant aws-sdk-go dependency in the e2e kms tests in sigstore/sigstore#2172

Full Changelog: sigstore/sigstore@v1.9.5...v1.10.0

Commits

See full diff in compare view

Updates github.com/sigstore/sigstore/pkg/signature/kms/aws from 1.9.5 to 1.10.0

Release notes

Sourced from github.com/sigstore/sigstore/pkg/signature/kms/aws's releases.

v1.10.0

Breaking change

sigstore/sigstore#2194 moves cryptoutils.ValidatePubKey to goodkey.ValidatePubKey to minimize the dependency tree for clients using the cryptoutils package.

Features

feat(hashivault): token helper in sigstore/sigstore#2174

set GoogleAPIClientOption on GCP KMS provider in sigstore/sigstore#2128

Refactoring

cryptoutils: move goodkey validation to separate package in sigstore/sigstore#2194

Stop depending on golang.org/x/crypto for sha3 in sigstore/sigstore#2209

remove duplicative dependency for portable browser opener in sigstore/sigstore#2178

consolidate deep Equal usage to one library in sigstore/sigstore#2177

Drop redundant aws-sdk-go dependency in the e2e kms tests in sigstore/sigstore#2172

Full Changelog: sigstore/sigstore@v1.9.5...v1.10.0

Commits

46cc860 Bump deps to latest (#2215)
4b02c4f build(deps): Bump the gomod group across 1 directory with 2 updates (#2211)
262a7ca build(deps): Bump the all group with 2 updates (#2210)
5ec760a build(deps): Bump golang.org/x/crypto in /pkg/signature/kms/azure (#2214)
4507d1c Stop depending on golang.org/x/crypto/sha3 (#2209)
51865f8 build(deps): Bump github.com/aws/aws-sdk-go-v2/config (#2208)
decdb7b build(deps): Bump google.golang.org/api in /pkg/signature/kms/gcp (#2203)
b7afeb3 Bump all deps to prep for new release (#2207)
d8ab8af modify the content of fuzzcert_test.go to fix the fuzzing build error (#2206)
a869988 build(deps): Bump golangci/golangci-lint-action from 8.0.0 to 9.0.0 (#2197)
Additional commits viewable in compare view

Updates github.com/sigstore/sigstore/pkg/signature/kms/azure from 1.9.5 to 1.10.0

Release notes

Sourced from github.com/sigstore/sigstore/pkg/signature/kms/azure's releases.

v1.10.0

Breaking change

sigstore/sigstore#2194 moves cryptoutils.ValidatePubKey to goodkey.ValidatePubKey to minimize the dependency tree for clients using the cryptoutils package.

Features

feat(hashivault): token helper in sigstore/sigstore#2174

set GoogleAPIClientOption on GCP KMS provider in sigstore/sigstore#2128

Refactoring

cryptoutils: move goodkey validation to separate package in sigstore/sigstore#2194

Stop depending on golang.org/x/crypto for sha3 in sigstore/sigstore#2209

remove duplicative dependency for portable browser opener in sigstore/sigstore#2178

consolidate deep Equal usage to one library in sigstore/sigstore#2177

Drop redundant aws-sdk-go dependency in the e2e kms tests in sigstore/sigstore#2172

Full Changelog: sigstore/sigstore@v1.9.5...v1.10.0

Commits

46cc860 Bump deps to latest (#2215)
4b02c4f build(deps): Bump the gomod group across 1 directory with 2 updates (#2211)
262a7ca build(deps): Bump the all group with 2 updates (#2210)
5ec760a build(deps): Bump golang.org/x/crypto in /pkg/signature/kms/azure (#2214)
4507d1c Stop depending on golang.org/x/crypto/sha3 (#2209)
51865f8 build(deps): Bump github.com/aws/aws-sdk-go-v2/config (#2208)
decdb7b build(deps): Bump google.golang.org/api in /pkg/signature/kms/gcp (#2203)
b7afeb3 Bump all deps to prep for new release (#2207)
d8ab8af modify the content of fuzzcert_test.go to fix the fuzzing build error (#2206)
a869988 build(deps): Bump golangci/golangci-lint-action from 8.0.0 to 9.0.0 (#2197)
Additional commits viewable in compare view

Updates github.com/sigstore/sigstore/pkg/signature/kms/gcp from 1.9.6-0.20250729224751-181c5d3339b3 to 1.10.0

Release notes

Sourced from github.com/sigstore/sigstore/pkg/signature/kms/gcp's releases.

v1.10.0

Breaking change

sigstore/sigstore#2194 moves cryptoutils.ValidatePubKey to goodkey.ValidatePubKey to minimize the dependency tree for clients using the cryptoutils package.

Features

feat(hashivault): token helper in sigstore/sigstore#2174

set GoogleAPIClientOption on GCP KMS provider in sigstore/sigstore#2128

Refactoring

cryptoutils: move goodkey validation to separate package in sigstore/sigstore#2194

Stop depending on golang.org/x/crypto for sha3 in sigstore/sigstore#2209

remove duplicative dependency for portable browser opener in sigstore/sigstore#2178

consolidate deep Equal usage to one library in sigstore/sigstore#2177

Drop redundant aws-sdk-go dependency in the e2e kms tests in sigstore/sigstore#2172

Full Changelog: sigstore/sigstore@v1.9.5...v1.10.0

Commits

See full diff in compare view

Updates github.com/sigstore/sigstore/pkg/signature/kms/hashivault from 1.9.5 to 1.10.0

Release notes

Sourced from github.com/sigstore/sigstore/pkg/signature/kms/hashivault's releases.

v1.10.0

Breaking change

sigstore/sigstore#2194 moves cryptoutils.ValidatePubKey to goodkey.ValidatePubKey to minimize the dependency tree for clients using the cryptoutils package.

Features

feat(hashivault): token helper in sigstore/sigstore#2174

set GoogleAPIClientOption on GCP KMS provider in sigstore/sigstore#2128

Refactoring

cryptoutils: move goodkey validation to separate package in sigstore/sigstore#2194

Stop depending on golang.org/x/crypto for sha3 in sigstore/sigstore#2209

remove duplicative dependency for portable browser opener in sigstore/sigstore#2178

consolidate deep Equal usage to one library in sigstore/sigstore#2177

Drop redundant aws-sdk-go dependency in the e2e kms tests in sigstore/sigstore#2172

Full Changelog: sigstore/sigstore@v1.9.5...v1.10.0

Commits

46cc860 Bump deps to latest (#2215)
4b02c4f build(deps): Bump the gomod group across 1 directory with 2 updates (#2211)
262a7ca build(deps): Bump the all group with 2 updates (#2210)
5ec760a build(deps): Bump golang.org/x/crypto in /pkg/signature/kms/azure (#2214)
4507d1c Stop depending on golang.org/x/crypto/sha3 (#2209)
51865f8 build(deps): Bump github.com/aws/aws-sdk-go-v2/config (#2208)
decdb7b build(deps): Bump google.golang.org/api in /pkg/signature/kms/gcp (#2203)
b7afeb3 Bump all deps to prep for new release (#2207)
d8ab8af modify the content of fuzzcert_test.go to fix the fuzzing build error (#2206)
a869988 build(deps): Bump golangci/golangci-lint-action from 8.0.0 to 9.0.0 (#2197)
Additional commits viewable in compare view

Updates gitlab.com/gitlab-org/api/client-go from 0.160.0 to 0.160.2

Release notes

Sourced from gitlab.com/gitlab-org/api/client-go's releases.

v0.160.2

0.160.2

🐛 Bug Fixes

Fix double escaping in paths (!2583) by Timo Furrer

0.160.2 (2025-11-24)

v0.160.1

[DO NOT USE] 0.160.1

DO NOT USE THIS RELEASE. It contains a bug and has been fixed in v0.160.1. See #2177+.

🐛 Bug Fixes

fix: update input field from "key" to "name" in pipeline schedules to prevent an API error (!2580) by Zubeen

🔄 Other Changes

Code Refactor Using Request Handlers - 9 (!2524) by Yashesvinee V

Code Refactor Using Request Handlers - 7 (!2522) by Yashesvinee V

Code Refactor Using Request Handlers - 5 (!2518) by Yashesvinee V

Code Refactor Using Request Handlers - 2 (!2515) by Yashesvinee V

Code Refactor Using Request Handlers - 4 (!2517) by Yashesvinee V

Code Refactor Using Request Handlers - 3 (!2516) by Yashesvinee V

chore(deps): update module github.com/godbus/dbus/v5 to v5.2.0 (!2576) by GitLab Dependency Bot

chore(deps): update golangci/golangci-lint docker tag to v2.6.2 (!2577) by GitLab Dependency Bot

Code Refactor Using Request Handlers - 1 (!2514) by Yashesvinee V

0.160.1 (2025-11-19)

Bug Fixes

update input field from "key" to "name" in pipeline schedules to prevent an API error (062133f)

Changelog

Sourced from gitlab.com/gitlab-org/api/client-go's changelog.

0.160.2

🐛 Bug Fixes

Fix double escaping in paths (!2583) by Timo Furrer

0.160.2 (2025-11-24)

0.160.1

🐛 Bug Fixes

fix: update input field from "key" to "name" in pipeline schedules to prevent an API error (!2580) by Zubeen

🔄 Other Changes

Code Refactor Using Request Handlers - 9 (!2524) by Yashesvinee V

Code Refactor Using Request Handlers - 7 (!2522) by Yashesvinee V

Code Refactor Using Request Handlers - 5 (!2518) by Yashesvinee V

Code Refactor Using Request Handlers - 2 (!2515) by Yashesvinee V

Code Refactor Using Request Handlers - 4 (!2517) by Yashesvinee V

Code Refactor Using Request Handlers - 3 (!2516) by Yashesvinee V

chore(deps): update module github.com/godbus/dbus/v5 to v5.2.0 (!2576) by GitLab Dependency Bot

chore(deps): update golangci/golangci-lint docker tag to v2.6.2 (!2577) by GitLab Dependency Bot

Code Refactor Using Request Handlers - 1 (!2514) by Yashesvinee V

0.160.1 (2025-11-19)

Bug Fixes

update input field from "key" to "name" in pipeline schedules to prevent an API error (062133f)

Commits

c7ae361 chore(release): 0.160.2 [skip ci]
3141835 Merge branch 'fix-double-escape' into 'main'
30ef8e5 Fix double escaping in paths
34e3ffd chore(release): 0.160.1 [skip ci]
6a71725 Merge branch 'fixInputFieldName' into 'main'
062133f fix: update input field from "key" to "name" in pipeline schedules to prevent...
18823b5 Merge branch 'feature/code-refactor-9' into 'main'
0fd2aa8 Code Refactor Using Request Handlers - 9
b3b9f27 Merge branch 'feature/code-refactor-7' into 'main'
2034055 Code Refactor Using Request Handlers - 7
Additional commits viewable in compare view

Updates google.golang.org/api from 0.255.0 to 0.256.0

Release notes

Sourced from google.golang.org/api's releases.

v0.256.0

0.256.0 (2025-11-10)

Features

all: Auto-regenerate discovery clients (#3366) (997c613)

all: Auto-regenerate discovery clients (#3368) (57e958d)

all: Auto-regenerate discovery clients (#3369) (5d436f7)

all: Auto-regenerate discovery clients (#3370) (140a610)

all: Auto-regenerate discovery clients (#3371) (39a2bc0)

Changelog

Sourced from google.golang.org/api's changelog.

0.256.0 (2025-11-10)

Features

all: Auto-regenerate discovery clients (#3366) (997c613)

all: Auto-regenerate discovery clients (#3368) (57e958d)

all: Auto-regenerate discovery clients (#3369) (5d436f7)

all: Auto-regenerate discovery clients (#3370) (140a610)

all: Auto-regenerate discovery clients (#3371) (39a2bc0)

Commits

811ba14 chore(main): release 0.256.0 (#3367)
11afd81 chore(all): update all (#3372)
39a2bc0 feat(all): auto-regenerate discovery clients (#3371)
140a610 feat(all): auto-regenerate discovery clients (#3370)
5d436f7 feat(all): auto-regenerate discovery clients (#3369)
57e958d feat(all): auto-regenerate discovery clients (#3368)
997c613 feat(all): auto-regenerate discovery clients (#3366)
See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the gomod group with 12 updates: | Package | From | To | | --- | --- | --- | | cuelang.org/go | `0.15.0` | `0.15.1` | | [github.com/go-openapi/swag](https://github.com/go-openapi/swag) | `0.25.1` | `0.25.3` | | [github.com/go-openapi/swag/conv](https://github.com/go-openapi/swag) | `0.25.1` | `0.25.3` | | [github.com/sigstore/fulcio](https://github.com/sigstore/fulcio) | `1.8.1` | `1.8.2` | | [github.com/sigstore/rekor](https://github.com/sigstore/rekor) | `1.4.2` | `1.4.3` | | [github.com/sigstore/sigstore](https://github.com/sigstore/sigstore) | `1.9.6-0.20250729224751-181c5d3339b3` | `1.10.0` | | [github.com/sigstore/sigstore/pkg/signature/kms/aws](https://github.com/sigstore/sigstore) | `1.9.5` | `1.10.0` | | [github.com/sigstore/sigstore/pkg/signature/kms/azure](https://github.com/sigstore/sigstore) | `1.9.5` | `1.10.0` | | [github.com/sigstore/sigstore/pkg/signature/kms/gcp](https://github.com/sigstore/sigstore) | `1.9.6-0.20250729224751-181c5d3339b3` | `1.10.0` | | [github.com/sigstore/sigstore/pkg/signature/kms/hashivault](https://github.com/sigstore/sigstore) | `1.9.5` | `1.10.0` | | [gitlab.com/gitlab-org/api/client-go](https://gitlab.com/gitlab-org/api/client-go) | `0.160.0` | `0.160.2` | | [google.golang.org/api](https://github.com/googleapis/google-api-go-client) | `0.255.0` | `0.256.0` | Updates `cuelang.org/go` from 0.15.0 to 0.15.1 Updates `github.com/go-openapi/swag` from 0.25.1 to 0.25.3 - [Commits](go-openapi/swag@v0.25.1...v0.25.3) Updates `github.com/go-openapi/swag/conv` from 0.25.1 to 0.25.3 - [Commits](go-openapi/swag@v0.25.1...v0.25.3) Updates `github.com/sigstore/fulcio` from 1.8.1 to 1.8.2 - [Release notes](https://github.com/sigstore/fulcio/releases) - [Changelog](https://github.com/sigstore/fulcio/blob/main/CHANGELOG.md) - [Commits](sigstore/fulcio@v1.8.1...v1.8.2) Updates `github.com/sigstore/rekor` from 1.4.2 to 1.4.3 - [Release notes](https://github.com/sigstore/rekor/releases) - [Changelog](https://github.com/sigstore/rekor/blob/main/CHANGELOG.md) - [Commits](sigstore/rekor@v1.4.2...v1.4.3) Updates `github.com/sigstore/sigstore` from 1.9.6-0.20250729224751-181c5d3339b3 to 1.10.0 - [Release notes](https://github.com/sigstore/sigstore/releases) - [Commits](https://github.com/sigstore/sigstore/commits/v1.10.0) Updates `github.com/sigstore/sigstore/pkg/signature/kms/aws` from 1.9.5 to 1.10.0 - [Release notes](https://github.com/sigstore/sigstore/releases) - [Commits](sigstore/sigstore@v1.9.5...v1.10.0) Updates `github.com/sigstore/sigstore/pkg/signature/kms/azure` from 1.9.5 to 1.10.0 - [Release notes](https://github.com/sigstore/sigstore/releases) - [Commits](sigstore/sigstore@v1.9.5...v1.10.0) Updates `github.com/sigstore/sigstore/pkg/signature/kms/gcp` from 1.9.6-0.20250729224751-181c5d3339b3 to 1.10.0 - [Release notes](https://github.com/sigstore/sigstore/releases) - [Commits](https://github.com/sigstore/sigstore/commits/v1.10.0) Updates `github.com/sigstore/sigstore/pkg/signature/kms/hashivault` from 1.9.5 to 1.10.0 - [Release notes](https://github.com/sigstore/sigstore/releases) - [Commits](sigstore/sigstore@v1.9.5...v1.10.0) Updates `gitlab.com/gitlab-org/api/client-go` from 0.160.0 to 0.160.2 - [Release notes](https://gitlab.com/gitlab-org/api/client-go/tags) - [Changelog](https://gitlab.com/gitlab-org/api/client-go/blob/main/CHANGELOG.md) - [Commits](https://gitlab.com/gitlab-org/api/client-go/compare/v0.160.0...v0.160.2) Updates `google.golang.org/api` from 0.255.0 to 0.256.0 - [Release notes](https://github.com/googleapis/google-api-go-client/releases) - [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md) - [Commits](googleapis/google-api-go-client@v0.255.0...v0.256.0) --- updated-dependencies: - dependency-name: cuelang.org/go dependency-version: 0.15.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gomod - dependency-name: github.com/go-openapi/swag dependency-version: 0.25.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gomod - dependency-name: github.com/go-openapi/swag/conv dependency-version: 0.25.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gomod - dependency-name: github.com/sigstore/fulcio dependency-version: 1.8.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gomod - dependency-name: github.com/sigstore/rekor dependency-version: 1.4.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gomod - dependency-name: github.com/sigstore/sigstore dependency-version: 1.10.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: gomod - dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/aws dependency-version: 1.10.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: gomod - dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/azure dependency-version: 1.10.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: gomod - dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/gcp dependency-version: 1.10.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: gomod - dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/hashivault dependency-version: 1.10.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: gomod - dependency-name: gitlab.com/gitlab-org/api/client-go dependency-version: 0.160.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gomod - dependency-name: google.golang.org/api dependency-version: 0.256.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: gomod ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Nov 24, 2025

dependabot bot requested a review from a team as a code owner November 24, 2025 16:37

dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Nov 24, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

chore(deps): bump the gomod group with 12 updates #4541

chore(deps): bump the gomod group with 12 updates #4541

Uh oh!

dependabot bot commented on behalf of github Nov 24, 2025

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

chore(deps): bump the gomod group with 12 updates #4541

Are you sure you want to change the base?

chore(deps): bump the gomod group with 12 updates #4541

Uh oh!

Conversation

dependabot bot commented on behalf of github Nov 24, 2025

v1.8.2

Testing

v1.8.2

Testing

v1.4.3

Improvements

Documentation

Contributors

v1.4.3

Improvements

Documentation

Contributors

v1.10.0

Breaking change

Features

Refactoring

v1.10.0

Breaking change

Features

Refactoring

v1.10.0

Breaking change

Features

Refactoring

v1.10.0

Breaking change

Features

Refactoring

v1.10.0

Breaking change

Features

Refactoring

v0.160.2

0.160.2

🐛 Bug Fixes

0.160.2 (2025-11-24)

v0.160.1

[DO NOT USE] 0.160.1

🐛 Bug Fixes

🔄 Other Changes

0.160.1 (2025-11-19)

Bug Fixes

0.160.2

🐛 Bug Fixes

0.160.2 (2025-11-24)

0.160.1

🐛 Bug Fixes

🔄 Other Changes

0.160.1 (2025-11-19)

Bug Fixes

v0.256.0

0.256.0 (2025-11-10)

Features

0.256.0 (2025-11-10)

Features

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant