Bump the go-deps group across 11 directories with 17 updates by dependabot[bot] · Pull Request #1935 · sigstore/scaffolding

dependabot · 2026-06-26T02:46:51Z

Bumps the go-deps group with 1 update in the / directory: k8s.io/code-generator.
Bumps the go-deps group with 1 update in the /hack directory: k8s.io/code-generator.
Bumps the go-deps group with 1 update in the /tools/cloudsqlproxy directory: chainguard.dev/exitdir.
Bumps the go-deps group with 3 updates in the /tools/create-tink-keyset directory: github.com/sigstore/rekor-tiles/v2, github.com/tink-crypto/tink-go-gcpkms/v2 and github.com/tink-crypto/tink-go/v2.
Bumps the go-deps group with 5 updates in the /tools/ctlog directory:

Package	From	To
k8s.io/apimachinery	`0.35.3`	`0.36.2`
k8s.io/client-go	`0.35.3`	`0.36.2`
github.com/sigstore/sigstore	`1.10.5`	`1.10.8`
github.com/sigstore/fulcio	`1.8.5`	`1.8.7`
github.com/sigstore/rekor	`1.5.1`	`1.5.2`

Bumps the go-deps group with 2 updates in the /tools/fulcio directory: k8s.io/client-go and go.step.sm/crypto.
Bumps the go-deps group with 2 updates in the /tools/rekor directory: k8s.io/client-go and go.step.sm/crypto.
Bumps the go-deps group with 2 updates in the /tools/secret directory: k8s.io/apimachinery and k8s.io/client-go.
Bumps the go-deps group with 5 updates in the /tools/trillian directory:

Package	From	To
github.com/go-sql-driver/mysql	`1.9.3`	`1.10.0`
google.golang.org/grpc	`1.80.0`	`1.81.1`
k8s.io/apimachinery	`0.35.3`	`0.36.2`
k8s.io/client-go	`0.35.3`	`0.36.2`
chainguard.dev/exitdir	`0.0.2`	`0.0.3`

Bumps the go-deps group with 4 updates in the /tools/tsa directory: k8s.io/apimachinery, k8s.io/client-go, github.com/sigstore/sigstore and github.com/sigstore/timestamp-authority/v2.
Bumps the go-deps group with 4 updates in the /tools/tuf directory: k8s.io/apimachinery, k8s.io/client-go, github.com/sigstore/rekor-tiles/v2 and github.com/sigstore/sigstore-go.

Updates k8s.io/code-generator from 0.35.3 to 0.36.2

Commits

c64281a Update dependencies to v0.36.2 tag
a85207c Merge remote-tracking branch 'origin/master' into release-1.36
634d8b3 Update github.com/moby/spdystream from v0.5.0 to v0.5.1
a8853d1 Merge pull request #137772 from lalitc375/fix-linter
eae1aca Merge pull request #137864 from yongruilin/dv-dra-mismatch
6770f5f Merge pull request #137846 from lalitc375/required-forbidden
9681623 Add slice and map union member support with tests
6c2d782 Add nil OldValue test coverage for union doc_tests
f4e4b3a Merge pull request #137849 from bryantbiggs/deps/update-kube-openapi
8a4544d Add tests for validateTrueBeta and ValidateTrueAlpha
Additional commits viewable in compare view

Updates google.golang.org/genproto from 0.0.0-20260217215200-42d3e9bedb6d to 0.0.0-20260316180232-0b37fe3546d5

Commits

See full diff in compare view

Updates google.golang.org/protobuf from 1.36.11 to 1.36.12-0.20260120151049-f2248ac996af

Updates k8s.io/apimachinery from 0.35.3 to 0.36.2

Commits

ae3f98e Update dependencies to v0.36.2 tag
2ec982d Merge pull request #139508lalitc375/automated-cherry-pick-of-#139480
6a88102 Fix wrong marking of errors
efb7f26 Merge remote-tracking branch 'origin/master' into release-1.36
d966e56 Update github.com/moby/spdystream from v0.5.0 to v0.5.1
79b3632 Merge pull request #137864 from yongruilin/dv-dra-mismatch
a8822f7 Add slice and map union member support with tests
7dba2d0 Use IsZero instead of IsNil for union ratcheting check
d95710f Fix union validation ratcheting when oldObj is nil
729062d Merge pull request #137849 from bryantbiggs/deps/update-kube-openapi
Additional commits viewable in compare view

Updates k8s.io/code-generator from 0.35.3 to 0.36.2

Commits

c64281a Update dependencies to v0.36.2 tag
a85207c Merge remote-tracking branch 'origin/master' into release-1.36
634d8b3 Update github.com/moby/spdystream from v0.5.0 to v0.5.1
a8853d1 Merge pull request #137772 from lalitc375/fix-linter
eae1aca Merge pull request #137864 from yongruilin/dv-dra-mismatch
6770f5f Merge pull request #137846 from lalitc375/required-forbidden
9681623 Add slice and map union member support with tests
6c2d782 Add nil OldValue test coverage for union doc_tests
f4e4b3a Merge pull request #137849 from bryantbiggs/deps/update-kube-openapi
8a4544d Add tests for validateTrueBeta and ValidateTrueAlpha
Additional commits viewable in compare view

Updates chainguard.dev/exitdir from 0.0.2 to 0.0.3

Release notes

Sourced from chainguard.dev/exitdir's releases.

v0.0.3

What's Changed

[StepSecurity] Apply security best practices by @stepsecurity-app[bot] in chainguard-dev/exitdir#51

Bump chainguard-dev/actions from 1.5.10 to 1.5.11 by @dependabot[bot] in chainguard-dev/exitdir#52

Bump actions/setup-go from 6.1.0 to 6.2.0 by @dependabot[bot] in chainguard-dev/exitdir#55

Bump actions/cache from 5.0.1 to 5.0.2 by @dependabot[bot] in chainguard-dev/exitdir#54

Bump chainguard-dev/actions from 1.5.11 to 1.5.12 by @dependabot[bot] in chainguard-dev/exitdir#53

Bump chainguard-dev/actions from 1.5.12 to 1.5.13 by @dependabot[bot] in chainguard-dev/exitdir#56

Bump actions/checkout from 6.0.1 to 6.0.2 by @dependabot[bot] in chainguard-dev/exitdir#57

Bump chainguard-dev/actions from 1.5.13 to 1.5.14 by @dependabot[bot] in chainguard-dev/exitdir#59

Bump actions/cache from 5.0.2 to 5.0.3 by @dependabot[bot] in chainguard-dev/exitdir#58

Bump step-security/harden-runner from 2.14.0 to 2.14.1 by @dependabot[bot] in chainguard-dev/exitdir#60

[StepSecurity] Apply security best practices by @stepsecurity-app[bot] in chainguard-dev/exitdir#61

Bump step-security/harden-runner from 2.14.1 to 2.14.2 by @dependabot[bot] in chainguard-dev/exitdir#63

Bump chainguard-dev/actions from 1.5.14 to 1.5.16 by @dependabot[bot] in chainguard-dev/exitdir#62

Bump chainguard-dev/actions from 1.5.16 to 1.6.1 by @dependabot[bot] in chainguard-dev/exitdir#64

Bump chainguard-dev/actions from 1.6.1 to 1.6.3 by @dependabot[bot] in chainguard-dev/exitdir#65

Bump actions/setup-go from 6.2.0 to 6.3.0 by @dependabot[bot] in chainguard-dev/exitdir#68

Bump step-security/harden-runner from 2.14.2 to 2.15.0 by @dependabot[bot] in chainguard-dev/exitdir#66

Bump chainguard-dev/actions from 1.6.3 to 1.6.8 by @dependabot[bot] in chainguard-dev/exitdir#71

Bump step-security/harden-runner from 2.15.0 to 2.15.1 by @dependabot[bot] in chainguard-dev/exitdir#70

Bump chainguard-dev/actions from 1.6.8 to 1.6.9 by @dependabot[bot] in chainguard-dev/exitdir#74

Bump actions/cache from 5.0.3 to 5.0.4 by @dependabot[bot] in chainguard-dev/exitdir#73

Bump step-security/harden-runner from 2.15.1 to 2.16.0 by @dependabot[bot] in chainguard-dev/exitdir#72

Bump chainguard-dev/actions from 1.6.9 to 1.6.11 by @dependabot[bot] in chainguard-dev/exitdir#76

Bump actions/setup-go from 6.3.0 to 6.4.0 by @dependabot[bot] in chainguard-dev/exitdir#75

Bump chainguard-dev/actions from 1.6.11 to 1.6.13 by @dependabot[bot] in chainguard-dev/exitdir#78

Bump step-security/harden-runner from 2.16.0 to 2.16.1 by @dependabot[bot] in chainguard-dev/exitdir#77

chore(workflows): add actionlint and zizmor action linters [SECINT-75] by @stevebeattie in chainguard-dev/exitdir#79

Bump chainguard-dev/actions from 1.6.13 to 1.6.14 by @dependabot[bot] in chainguard-dev/exitdir#81

Bump step-security/harden-runner from 2.16.0 to 2.17.0 by @dependabot[bot] in chainguard-dev/exitdir#82

Bump step-security/action-actionlint from 1.69.1 to 1.72.0 by @dependabot[bot] in chainguard-dev/exitdir#80

Bump zizmorcore/zizmor-action from 0.5.2 to 0.5.3 by @dependabot[bot] in chainguard-dev/exitdir#86

Bump chainguard-dev/actions from 1.6.14 to 1.6.15 by @dependabot[bot] in chainguard-dev/exitdir#85

Bump actions/cache from 5.0.4 to 5.0.5 by @dependabot[bot] in chainguard-dev/exitdir#84

Bump step-security/harden-runner from 2.17.0 to 2.18.0 by @dependabot[bot] in chainguard-dev/exitdir#83

Bump step-security/harden-runner from 2.18.0 to 2.19.0 by @dependabot[bot] in chainguard-dev/exitdir#87

Bump chainguard-dev/actions from 1.6.15 to 1.6.16 by @dependabot[bot] in chainguard-dev/exitdir#88

Bump step-security/harden-runner from 2.19.0 to 2.19.1 by @dependabot[bot] in chainguard-dev/exitdir#91

Bump github.com/fsnotify/fsnotify from 1.6.0 to 1.10.0 by @dependabot[bot] in chainguard-dev/exitdir#90

Bump chainguard-dev/actions from 1.6.16 to 1.6.18 by @dependabot[bot] in chainguard-dev/exitdir#89

fix(ci): add zizmor pedantic persona, suppress noisy findings, fix cache key by @stevebeattie in chainguard-dev/exitdir#92

Bump chainguard-dev/actions from 1.6.18 to 1.6.19 by @dependabot[bot] in chainguard-dev/exitdir#93

Bump github.com/fsnotify/fsnotify from 1.10.0 to 1.10.1 by @dependabot[bot] in chainguard-dev/exitdir#94

Bump step-security/harden-runner from 2.19.1 to 2.19.3 by @dependabot[bot] in chainguard-dev/exitdir#96

Bump zizmorcore/zizmor-action from 0.5.3 to 0.5.6 by @dependabot[bot] in chainguard-dev/exitdir#95

Bump step-security/harden-runner from 2.19.3 to 2.19.4 by @dependabot[bot] in chainguard-dev/exitdir#99

Bump step-security/setup-ko from 0.9.0 to 0.9.1 by @dependabot[bot] in chainguard-dev/exitdir#98

Bump golangci/golangci-lint-action from 9.2.0 to 9.2.1 by @dependabot[bot] in chainguard-dev/exitdir#97

Bump chainguard-dev/actions from 1.6.19 to 1.6.22 by @dependabot[bot] in chainguard-dev/exitdir#100

... (truncated)

Commits

c56f2cf general housekeeping (#106)
3361e05 Bump actions/checkout from 6.0.3 to 7.0.0 (#103)
364c9dd Bump chainguard-dev/actions from 1.6.23 to 1.6.25 (#104)
ec8b697 Bump zizmorcore/zizmor-action from 0.5.6 to 0.5.7 (#105)
daf4da1 Bump chainguard-dev/actions from 1.6.22 to 1.6.23 (#102)
39e8bf2 Bump actions/checkout from 6.0.2 to 6.0.3 (#101)
3b695fd Bump chainguard-dev/actions from 1.6.19 to 1.6.22 (#100)
3723c80 Bump golangci/golangci-lint-action from 9.2.0 to 9.2.1 (#97)
1a8bcd0 Bump step-security/setup-ko from 0.9.0 to 0.9.1 (#98)
e21b249 Bump step-security/harden-runner from 2.19.3 to 2.19.4 (#99)
Additional commits viewable in compare view

Updates github.com/sigstore/rekor-tiles/v2 from 2.2.1 to 2.3.0

Release notes

Sourced from github.com/sigstore/rekor-tiles/v2's releases.

v2.3.0

What's Changed

v2.3.0 drops support for the DSSE entry type. All Sigstore SDKs will now upload DSSEs as hashedrekord entries, to support uploading large DSSEs, such as signed SBOMs, for the public instance. We strongly recommend not relying on the previous DSSE type in any way, as going forward, there will only be one supported entry type.

Breaking Changes

Drop DSSE support in sigstore/rekor-tiles#744

Library Features

Add ToEntryHash and VerifyLogEntryWithHash in sigstore/rekor-tiles#787

Fixes

don't return full panic in user-facing error message in sigstore/rekor-tiles#707

ensure error can be Unwrapped in sigstore/rekor-tiles#710

defensive fix if err is wrapped in sigstore/rekor-tiles#708

Limit client response reads, set default timeouts, and validate digest sizes in sigstore/rekor-tiles#806

Full Changelog: sigstore/rekor-tiles@v2.2.1...v2.3.0

Commits

fa390b1 Drop DSSE support (#744)
cc556d2 Bump zizmorcore/zizmor from 1.19.0 to 1.25.2 (#799)
89af73c Bump golangci/golangci-lint from v2.7.2 to v2.12.2 (#796)
4ba10fe Bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.101.0 to 1.102.2 (#822)
057d8d8 Bump google.golang.org/api from 0.280.0 to 0.283.0 (#820)
73c5d83 Bump go.opentelemetry.io/otel/exporters/prometheus from 0.65.0 to 0.66.0 (#819)
1acc2a2 Bump the go-patch-updates group across 1 directory with 4 updates (#818)
67a318a Bump github/codeql-action from 4.35.5 to 4.36.1 (#817)
76fd5d6 workflows: Bump codecov to fix CI (#823)
a88619d Bump the docker-compose-patch-updates group across 2 directories with 1 updat...
Additional commits viewable in compare view

Updates github.com/tink-crypto/tink-go-gcpkms/v2 from 2.2.0 to 2.3.0

Release notes

Sourced from github.com/tink-crypto/tink-go-gcpkms/v2's releases.

Tink Go Google Cloud KMS Extension v2.3.0

Tink is a multi-language, cross-platform library that provides simple and misuse-proof APIs for common cryptographic tasks.

This is Tink Go GCP KMS 2.3.0

What's new

The complete list of changes since 2.2.0 can be found here.

Added conventional asymmetric signing capabilities

Added post-quantum asymmetric signing capabilities

Added support for MAC computation and verification.

Removed Bazel config. With this change Bazel users will no longer be able to import tink-go-gcpkms as a pure Bazel dependency (bazel_dep) in their MODULE.bazel file. However, Bazel users can continue importing tink-go using bazel-gazelle. If this causes any issues in your project, please file an issue.

Upgraded direct deps:

github.com/tink-crypto/tink-go/v2 to v2.4.0

google.golang.org/api to v0.248.0

cloud.google.com/go/kms to v1.22.0

google.golang.org/grpc to v1.75.0

google.golang.org/protobuf to v1.36.6

google.golang.org/genproto to v0.0.0-20250826171959-ef028d996bc1

Set minimum supported Go version to 1.24.0

Future work

To see what we're working towards, check our project roadmap.

Get started

To get started using Tink, see the setup guide.

Go tooling
go get github.com/tink-crypto/tink-go-gcpkms/v2@v2.3.0
Bazel
workspace(name = "example")
load("@bazel_tools//tools/build_defs/repo:http.bzl", "http_archive")
Release X.25.2 from 2024-01-09.
</tr></table>

... (truncated)

Commits

acfbf86 Bump version to 2.3.0
7ab0a99 Implement verifyMac.
6b5a8e1 Implement ComputeMac and add unit Tests.
57d0063 Move mock KMS setup to a separate test file.
45d555e Add skeleton for Mac.
be791f7 Ensure we use always request raw bytes format for PQC algorithms.
056b322 Merge pull request #14 from winor30:chore/client-close
2b0b67a Merge pull request #16 from winor30:fix/gcpkms-aead-pointer
dd3f87b Revert "Refactor GCP KMS AEAD package import order"
8a82927 Add the option of making prereleases.
Additional commits viewable in compare view

Updates github.com/tink-crypto/tink-go/v2 from 2.6.0 to 2.7.0

Release notes

Sourced from github.com/tink-crypto/tink-go/v2's releases.

v2.7.0

This is Tink Go 2.7.0.

What's new

The complete list of changes since 2.7.0 can be found here.

Added ML-DSA-44 support to signatures.

Added test-only dependency on github.com/c2sp/wycheproof.

Removed runtime download of Wycheproof test vectors.

Removed internal test utilities from the testutil package:

PopulateSuite()

WycheproofSuite

WycheproofGroup

WycheproofCase

Added X-Wing and ML-KEM support to HPKE.

Added more SLH-DSA parameter sets.

ECDSA verification primitives no longer accept IEEE P1363 encoded signatures (IEEE Std 1363-2000) of a larger size than what's expected by the used curve. This is to reject signatures with extra 0...0 prefix, e.g., 0...0S||0....0R.

Future work

To see what we're working towards, check our project roadmap.

Get started

To get started using Tink, see the setup guide.

Go tooling
go get github.com/tink-crypto/tink-go/v2@2.7.0

Commits

25ed99c Bump Tink Go version to 2.7.0.
7da7ef8 Fix error message
294502d Rename MAC test functions from "Decrypt" to "Verify".
8b8a800 Consistently error on nil or empty keyset handles in factory functions.
01e7e2c Fix error message for legacy compatibility.
d6d305e Return error for empty keyset handle in NewWithConfig
95b367a Refactor StreamingAEAD factory to use factoryutil.
53c270f Remove the internal primitiveset package.
896d4f9 Remove keyset.Primitives
af6875f Refactor signature factories to use factoryutil.
Additional commits viewable in compare view

Updates k8s.io/apimachinery from 0.35.3 to 0.36.2

Commits

ae3f98e Update dependencies to v0.36.2 tag
2ec982d Merge pull request #139508lalitc375/automated-cherry-pick-of-#139480
6a88102 Fix wrong marking of errors
efb7f26 Merge remote-tracking branch 'origin/master' into release-1.36
d966e56 Update github.com/moby/spdystream from v0.5.0 to v0.5.1
79b3632 Merge pull request #137864 from yongruilin/dv-dra-mismatch
a8822f7 Add slice and map union member support with tests
7dba2d0 Use IsZero instead of IsNil for union ratcheting check
d95710f Fix union validation ratcheting when oldObj is nil
729062d Merge pull request #137849 from bryantbiggs/deps/update-kube-openapi
Additional commits viewable in compare view

Updates k8s.io/client-go from 0.35.3 to 0.36.2

Commits

877f535 Update dependencies to v0.36.2 tag
f22a53e Merge remote-tracking branch 'origin/master' into release-1.36
a948641 Update github.com/moby/spdystream from v0.5.0 to v0.5.1
7e44ffc Add Workload-Aware Preemption fields to Workload and PodGroup APIs
df2d882 Merge pull request #136989 from nojnhuh/podgroup-resourceclaim
4eece52 Workload API: PodGroup ResourceClaims (KEP-5729)
3d35c51 Merge pull request #137190 from everpeace/KEP-5491-alpha
0434117 Merge pull request #137028 from nmn3m/feature/dra-resource-pool-status
ba785be Drop CSR analogy, mark ObjectMeta +required,reduce limits (maxItems=500, maxL...
4a9c878 Add ResourcePoolStatusRequest API types and generated code
Additional commits viewable in compare view

Updates github.com/sigstore/sigstore from 1.10.5 to 1.10.8

Release notes

Sourced from github.com/sigstore/sigstore's releases.

v1.10.8

What's Changed

Support standard PKCS#8 encrypted private key decryption in sigstore/sigstore#2333

Full Changelog: sigstore/sigstore@v1.10.7...v1.10.8

v1.10.7

What's Changed

add functional options to DSSE to improve memory usage, validation in sigstore/sigstore#2326

Extend PEM private key unmarshalling to support legacy format in sigstore/sigstore#2332

Full Changelog: sigstore/sigstore@v1.10.6...v1.10.7

v1.10.6

What's Changed

fix: remove leftover Go template syntax from success page by @imjasonh in sigstore/sigstore#2324

Full Changelog: sigstore/sigstore@v1.10.5...v1.10.6

Commits

c761681 Support standard PKCS#8 encrypted private key decryption (#2333)
005faf9 Extend PEM private key unmarshalling to support legacy format (#2332)
e70e4ed add functional options to DSSE to improve memory usage, validation (#2326)
899684d build(deps): Bump github.com/letsencrypt/boulder (#2307)
181dc40 build(deps): Bump golang.org/x/crypto in /pkg/signature/kms/azure (#2308)
2c141a7 build(deps): Bump golangci/golangci-lint-action in the all group (#2328)
b6c0214 build(deps): Bump actions/upload-artifact from 6.0.0 to 7.0.1 (#2329)
2ff50c9 build(deps): Bump actions/dependency-review-action from 4.8.3 to 5.0.0 (#2330)
d0204c3 build(deps): Bump hashicorp/vault from 1.21.4 to 2.0.1 in /test/e2e (#2331)
afdf897 build(deps): Bump google.golang.org/grpc in /pkg/signature/kms/gcp (#2312)
Additional commits viewable in compare view

Updates github.com/sigstore/fulcio from 1.8.5 to 1.8.7

Release notes

Sourced from github.com/sigstore/fulcio's releases.

v1.8.7

Changelog

8254f95cac5652eed07420c360775b2ae513053b Allow directly-configured Kubernetes issuers to use in-cluster auth path (#2356)

Thanks for all contributors!

v1.8.6

Changelog

378c654f48c3bafdced04ead7010aab2cb4c6ca1 Block cross-host redirects and restrict bearer token to expected host (#2354)

39b48e6a8f2efe1809a1b19b4301666c3fd36667 Include raw subject in certificates (#2307)

80eaed06e911cdfd26dd18f02b8e862f7f6ee453 Update Azure AKS OIDC issuer URL regex (#2266)

001376a50932095cf4b6e65299ed2d29abe83524 add support for new circleci root issuer (#2278)

Thanks for all contributors!

Changelog

Sourced from github.com/sigstore/fulcio's changelog.

v1.8.6

Features

Include raw subject in certificates (#2307)

Commits

8254f95 Allow directly-configured Kubernetes issuers to use in-cluster auth path (#2356)
d614dd4 build(deps): bump cloud.google.com/go/security from 1.19.2 to 1.24.0 (#2346)
92cfd93 build(deps): bump protocolbuffers/protobuf from 34.1 to 35.0 (#2351)
378c654 Block cross-host redirects and restrict bearer token to expected host (#2354)
7a5d3e3 bump builder image to use go1.26.3 (#2353)
a05982e build(deps): bump go.step.sm/crypto from 0.75.0 to 0.81.0 (#2348)
dfa63a8 build(deps): bump golang from 313faae to 2d6c802 (#2344)
7b3a344 build(deps): bump google.golang.org/api from 0.279.0 to 0.280.0 (#2349)
9290f7f build(deps): bump the all group with 2 updates (#2350)
423d535 build(deps): bump nginx from 1.31.0 to 1.31.1 in the all group (#2352)
Additional commits viewable in compare view

Updates github.com/sigstore/rekor from 1.5.1 to 1.5.2

Release notes

Sourced from github.com/sigstore/rekor's releases.

v1.5.2

Changelog

759b98e2a7c39ea9779b6a51299c5f0f987f8802 alpine: Enforce max size limit on decompression (#2831)

c7e77ee26edd8631dd417166907093a9f13b85e5 Support restricting kinds on insertion (#2814)

a10818a8778dcb58eb582d00ffda4b2c86bf190b fix(trillianclient): strip dns:/// scheme from TLS ServerName in gRPC dial (#2812)

8a2f3a2dd023b81ad8b63e2f365676ec438dc9fa add checks to ensure returned entries match client inputs to rekor-cli (#2799)

0e88bac01d1173b8b2cbc8ed790106441573bbdb add nil pointer check to resolve fuzzing crash (#2807)

93da954478a2ffb1821d4904a80d9a5cbe268324 client: surface last-response details after retries are exhausted (#2796)

4d67ecd8ec810bc6af9761ad10ebd2ac899cfdbd Fix internal error detail leakage in 500 responses (#2801)

b34ca94fc01405cb50acb956cc181d57382a6b2d add defensive check to ensure tid is in config ahead of getting client (#2795)

656c832ab90feef91f5dcc751ae1cb851c73f4bd restapi: include inactiveShards in the homepage total count (#2797)

Thanks for all contributors!

Commits

3b75cd9 build(deps): Bump the all group across 1 directory with 7 updates (#2829)
759b98e alpine: Enforce max size limit on decompression (#2831)
c7e77ee Support restricting kinds on insertion (#2814)
a10818a fix(trillianclient): strip dns:/// scheme from TLS ServerName in gRPC dial (#...
c31f3fc build(deps): Bump cloud.google.com/go/profiler from 0.4.3 to 0.6.0
f2a9fb0 build(deps): Bump go.uber.org/zap from 1.27.1 to 1.28.0
e3ba248 build(deps): Bump golang in the all group across 1 directory
62e5ddd build(deps): Bump github.com/go-openapi/swag from 0.25.5 to 0.26.0
f4f91d5 build(deps): Bump github.com/tink-crypto/tink-go-awskms/v2 to v3 (#2827)
9bc540f build(deps): Bump google.com/cloudsdktool/google-cloud-cli (#2820)
Additional commits viewable in compare view

Updates k8s.io/client-go from 0.35.3 to 0.36.2

Commits

877f535 Update dependencies to v0.36.2 tag
f22a53e Merge remote-tracking branch 'origin/master' into release-1.36
a948641 Update github.com/moby/spdystream from v0.5.0 to v0.5.1
7e44ffc Add Workload-Aware Preemption fields to Workload and PodGroup APIs
df2d882 Merge pull request #136989 from nojnhuh/podgroup-resourceclaim
4eece52 Workload API: PodGroup ResourceClaims (KEP-5729)
3d35c51 Merge pull request #137190 from everpeace/KEP-5491-alpha
0434117 Merge pull request #137028 from nmn3m/feature/dra-resource-pool-status
ba785be Drop CSR analogy, mark ObjectMeta +required,reduce limits (maxItems=500, maxL...
4a9c878 Add ResourcePoolStatusRequest API types and generated code
Additional commits viewable in compare view

Updates go.step.sm/crypto from 0.77.2 to 0.84.1

Release notes

Sourced from go.step.sm/crypto's releases.

Release v0.84.1

What's Changed

Delete CNG private keys when CleanupCredentials removes expired certs by @darkfronza in smallstep/crypto#1030

Full Changelog: smallstep/crypto@v0.84.0...v0.84.1

Release v0.84.0

What's Changed

Fix pull-requests: write permission for triage workflow by @hslatman in smallstep/crypto#1054

Use correct CNG-key value for 'dwKeySpec' when setting key provider info by @joshdrake in smallstep/crypto#1062

Dependencies

chore(deps): Bump golang.org/x/crypto from 0.52.0 to 0.53.0 by @dependabot[bot] in smallstep/crypto#1051

chore(deps): Bump golang.org/x/term from 0.43.0 to 0.44.0 by @dependabot[bot] in smallstep/crypto#1049

chore(deps): Bump github.com/Azure/azure-sdk-for-go/sdk/azcore from 1.21.1 to 1.22.0 by @dependabot[bot] in smallstep/crypto#1047

chore(deps): Bump github.com/aws/aws-sdk-go-v2/service/kms from 1.53.2 to 1.53.4 by @dependabot[bot] in smallstep/crypto#1048

chore(deps): Bump github.com/google/go-tpm-tools from 0.4.8 to 0.4.9 by @dependabot[bot] in smallstep/crypto#1050

chore(deps): Bump github.com/aws/aws-sdk-go-v2/config from 1.32.22 to 1.32.25 by @dependabot[bot] in smallstep/crypto#1055

chore(deps): Bump modernc.org/sqlite from 1.51.0 to 1.52.0 by @dependabot[bot] in smallstep/crypto#1056

chore(deps): Bump github.com/Azure/azure-sdk-for-go/sdk/azidentity from 1.13.1 to 1.14.0 by @dependabot[bot] in smallstep/crypto#1057

chore(deps): Bump golang.org/x/net from 0.55.0 to 0.56.0 by @dependabot[bot] in smallstep/crypto#1059

chore(deps): Bump google.golang.org/api from 0.283.0 to 0.285.0 by @dependabot[bot] in smallstep/crypto#1058

chore(deps): Bump google.golang.org/api from 0.285.0 to 0.286.0 by @dependabot[bot] in smallstep/crypto#1061

chore(deps): Bump modernc.org/sqlite from 1.52.0 to 1.53.0 by @dependabot[bot] in smallstep/crypto#1060

Full Changelog: smallstep/crypto@v0.83.0...v0.84.0

Release v0.83.0

What's Changed

fix(windows): associate machine-scoped TPM keys with stored certificates by @darkfronza in smallstep/crypto#1053

Full Changelog: smallstep/crypto@v0.82.0...v0.83.0

Release v0.82.0

What's Changed

Add per-key key-scope option for Windows machine vs user key store by @joshdrake in smallstep/crypto#1021

Dependencies:

chore(deps): Bump github.com/aws/aws-sdk-go-v2/config from 1.32.17 to 1.32.22 by @dependabot[bot] in smallstep/crypto#1046

chore(deps): Bump github.com/aws/aws-sdk-go-v2/service/kms from 1.52.0 to 1.53.2 by @dependabot[bot] in smallstep/crypto#1043

chore(deps): Bump modernc.org/sqlite from 1.50.1 to 1.51.0 by Description has been truncated

Bumps the go-deps group with 1 update in the / directory: [k8s.io/code-generator](https://github.com/kubernetes/code-generator). Bumps the go-deps group with 1 update in the /hack directory: [k8s.io/code-generator](https://github.com/kubernetes/code-generator). Bumps the go-deps group with 1 update in the /tools/cloudsqlproxy directory: [chainguard.dev/exitdir](https://github.com/chainguard-dev/exitdir). Bumps the go-deps group with 3 updates in the /tools/create-tink-keyset directory: [github.com/sigstore/rekor-tiles/v2](https://github.com/sigstore/rekor-tiles), [github.com/tink-crypto/tink-go-gcpkms/v2](https://github.com/tink-crypto/tink-go-gcpkms) and [github.com/tink-crypto/tink-go/v2](https://github.com/tink-crypto/tink-go). Bumps the go-deps group with 5 updates in the /tools/ctlog directory: | Package | From | To | | --- | --- | --- | | [k8s.io/apimachinery](https://github.com/kubernetes/apimachinery) | `0.35.3` | `0.36.2` | | [k8s.io/client-go](https://github.com/kubernetes/client-go) | `0.35.3` | `0.36.2` | | [github.com/sigstore/sigstore](https://github.com/sigstore/sigstore) | `1.10.5` | `1.10.8` | | [github.com/sigstore/fulcio](https://github.com/sigstore/fulcio) | `1.8.5` | `1.8.7` | | [github.com/sigstore/rekor](https://github.com/sigstore/rekor) | `1.5.1` | `1.5.2` | Bumps the go-deps group with 2 updates in the /tools/fulcio directory: [k8s.io/client-go](https://github.com/kubernetes/client-go) and [go.step.sm/crypto](https://github.com/smallstep/crypto). Bumps the go-deps group with 2 updates in the /tools/rekor directory: [k8s.io/client-go](https://github.com/kubernetes/client-go) and [go.step.sm/crypto](https://github.com/smallstep/crypto). Bumps the go-deps group with 2 updates in the /tools/secret directory: [k8s.io/apimachinery](https://github.com/kubernetes/apimachinery) and [k8s.io/client-go](https://github.com/kubernetes/client-go). Bumps the go-deps group with 5 updates in the /tools/trillian directory: | Package | From | To | | --- | --- | --- | | [github.com/go-sql-driver/mysql](https://github.com/go-sql-driver/mysql) | `1.9.3` | `1.10.0` | | [google.golang.org/grpc](https://github.com/grpc/grpc-go) | `1.80.0` | `1.81.1` | | [k8s.io/apimachinery](https://github.com/kubernetes/apimachinery) | `0.35.3` | `0.36.2` | | [k8s.io/client-go](https://github.com/kubernetes/client-go) | `0.35.3` | `0.36.2` | | [chainguard.dev/exitdir](https://github.com/chainguard-dev/exitdir) | `0.0.2` | `0.0.3` | Bumps the go-deps group with 4 updates in the /tools/tsa directory: [k8s.io/apimachinery](https://github.com/kubernetes/apimachinery), [k8s.io/client-go](https://github.com/kubernetes/client-go), [github.com/sigstore/sigstore](https://github.com/sigstore/sigstore) and [github.com/sigstore/timestamp-authority/v2](https://github.com/sigstore/timestamp-authority). Bumps the go-deps group with 4 updates in the /tools/tuf directory: [k8s.io/apimachinery](https://github.com/kubernetes/apimachinery), [k8s.io/client-go](https://github.com/kubernetes/client-go), [github.com/sigstore/rekor-tiles/v2](https://github.com/sigstore/rekor-tiles) and [github.com/sigstore/sigstore-go](https://github.com/sigstore/sigstore-go). Updates `k8s.io/code-generator` from 0.35.3 to 0.36.2 - [Commits](kubernetes/code-generator@v0.35.3...v0.36.2) Updates `google.golang.org/genproto` from 0.0.0-20260217215200-42d3e9bedb6d to 0.0.0-20260316180232-0b37fe3546d5 - [Commits](https://github.com/googleapis/go-genproto/commits) Updates `google.golang.org/protobuf` from 1.36.11 to 1.36.12-0.20260120151049-f2248ac996af Updates `k8s.io/apimachinery` from 0.35.3 to 0.36.2 - [Commits](kubernetes/apimachinery@v0.35.3...v0.36.2) Updates `k8s.io/code-generator` from 0.35.3 to 0.36.2 - [Commits](kubernetes/code-generator@v0.35.3...v0.36.2) Updates `chainguard.dev/exitdir` from 0.0.2 to 0.0.3 - [Release notes](https://github.com/chainguard-dev/exitdir/releases) - [Commits](chainguard-dev/exitdir@v0.0.2...v0.0.3) Updates `github.com/sigstore/rekor-tiles/v2` from 2.2.1 to 2.3.0 - [Release notes](https://github.com/sigstore/rekor-tiles/releases) - [Changelog](https://github.com/sigstore/rekor-tiles/blob/main/RELEASE.md) - [Commits](sigstore/rekor-tiles@v2.2.1...v2.3.0) Updates `github.com/tink-crypto/tink-go-gcpkms/v2` from 2.2.0 to 2.3.0 - [Release notes](https://github.com/tink-crypto/tink-go-gcpkms/releases) - [Commits](tink-crypto/tink-go-gcpkms@v2.2.0...v2.3.0) Updates `github.com/tink-crypto/tink-go/v2` from 2.6.0 to 2.7.0 - [Release notes](https://github.com/tink-crypto/tink-go/releases) - [Commits](tink-crypto/tink-go@v2.6.0...v2.7.0) Updates `k8s.io/apimachinery` from 0.35.3 to 0.36.2 - [Commits](kubernetes/apimachinery@v0.35.3...v0.36.2) Updates `k8s.io/client-go` from 0.35.3 to 0.36.2 - [Changelog](https://github.com/kubernetes/client-go/blob/master/CHANGELOG.md) - [Commits](kubernetes/client-go@v0.35.3...v0.36.2) Updates `github.com/sigstore/sigstore` from 1.10.5 to 1.10.8 - [Release notes](https://github.com/sigstore/sigstore/releases) - [Commits](sigstore/sigstore@v1.10.5...v1.10.8) Updates `github.com/sigstore/fulcio` from 1.8.5 to 1.8.7 - [Release notes](https://github.com/sigstore/fulcio/releases) - [Changelog](https://github.com/sigstore/fulcio/blob/main/CHANGELOG.md) - [Commits](sigstore/fulcio@v1.8.5...v1.8.7) Updates `github.com/sigstore/rekor` from 1.5.1 to 1.5.2 - [Release notes](https://github.com/sigstore/rekor/releases) - [Changelog](https://github.com/sigstore/rekor/blob/main/CHANGELOG.md) - [Commits](sigstore/rekor@v1.5.1...v1.5.2) Updates `k8s.io/client-go` from 0.35.3 to 0.36.2 - [Changelog](https://github.com/kubernetes/client-go/blob/master/CHANGELOG.md) - [Commits](kubernetes/client-go@v0.35.3...v0.36.2) Updates `go.step.sm/crypto` from 0.77.2 to 0.84.1 - [Release notes](https://github.com/smallstep/crypto/releases) - [Commits](smallstep/crypto@v0.77.2...v0.84.1) Updates `k8s.io/client-go` from 0.35.3 to 0.36.2 - [Changelog](https://github.com/kubernetes/client-go/blob/master/CHANGELOG.md) - [Commits](kubernetes/client-go@v0.35.3...v0.36.2) Updates `go.step.sm/crypto` from 0.77.2 to 0.84.1 - [Release notes](https://github.com/smallstep/crypto/releases) - [Commits](smallstep/crypto@v0.77.2...v0.84.1) Updates `k8s.io/apimachinery` from 0.35.3 to 0.36.2 - [Commits](kubernetes/apimachinery@v0.35.3...v0.36.2) Updates `k8s.io/client-go` from 0.35.3 to 0.36.2 - [Changelog](https://github.com/kubernetes/client-go/blob/master/CHANGELOG.md) - [Commits](kubernetes/client-go@v0.35.3...v0.36.2) Updates `github.com/go-sql-driver/mysql` from 1.9.3 to 1.10.0 - [Release notes](https://github.com/go-sql-driver/mysql/releases) - [Changelog](https://github.com/go-sql-driver/mysql/blob/master/CHANGELOG.md) - [Commits](go-sql-driver/mysql@v1.9.3...v1.10.0) Updates `google.golang.org/grpc` from 1.80.0 to 1.81.1 - [Release notes](https://github.com/grpc/grpc-go/releases) - [Commits](grpc/grpc-go@v1.80.0...v1.81.1) Updates `k8s.io/apimachinery` from 0.35.3 to 0.36.2 - [Commits](kubernetes/apimachinery@v0.35.3...v0.36.2) Updates `k8s.io/client-go` from 0.35.3 to 0.36.2 - [Changelog](https://github.com/kubernetes/client-go/blob/master/CHANGELOG.md) - [Commits](kubernetes/client-go@v0.35.3...v0.36.2) Updates `chainguard.dev/exitdir` from 0.0.2 to 0.0.3 - [Release notes](https://github.com/chainguard-dev/exitdir/releases) - [Commits](chainguard-dev/exitdir@v0.0.2...v0.0.3) Updates `k8s.io/apimachinery` from 0.35.3 to 0.36.2 - [Commits](kubernetes/apimachinery@v0.35.3...v0.36.2) Updates `k8s.io/client-go` from 0.35.3 to 0.36.2 - [Changelog](https://github.com/kubernetes/client-go/blob/master/CHANGELOG.md) - [Commits](kubernetes/client-go@v0.35.3...v0.36.2) Updates `github.com/sigstore/sigstore` from 1.10.5 to 1.10.8 - [Release notes](https://github.com/sigstore/sigstore/releases) - [Commits](sigstore/sigstore@v1.10.5...v1.10.8) Updates `github.com/sigstore/timestamp-authority/v2` from 2.0.6 to 2.1.2 - [Release notes](https://github.com/sigstore/timestamp-authority/releases) - [Changelog](https://github.com/sigstore/timestamp-authority/blob/main/CHANGELOG.md) - [Commits](sigstore/timestamp-authority@v2.0.6...v2.1.2) Updates `k8s.io/apimachinery` from 0.35.3 to 0.36.2 - [Commits](kubernetes/apimachinery@v0.35.3...v0.36.2) Updates `k8s.io/client-go` from 0.35.3 to 0.36.2 - [Changelog](https://github.com/kubernetes/client-go/blob/master/CHANGELOG.md) - [Commits](kubernetes/client-go@v0.35.3...v0.36.2) Updates `github.com/sigstore/rekor-tiles/v2` from 2.2.1 to 2.3.0 - [Release notes](https://github.com/sigstore/rekor-tiles/releases) - [Changelog](https://github.com/sigstore/rekor-tiles/blob/main/RELEASE.md) - [Commits](sigstore/rekor-tiles@v2.2.1...v2.3.0) Updates `github.com/sigstore/sigstore` from 1.10.5 to 1.10.8 - [Release notes](https://github.com/sigstore/sigstore/releases) - [Commits](sigstore/sigstore@v1.10.5...v1.10.8) Updates `github.com/sigstore/sigstore-go` from 1.1.4 to 1.2.1 - [Release notes](https://github.com/sigstore/sigstore-go/releases) - [Commits](sigstore/sigstore-go@v1.1.4...v1.2.1) --- updated-dependencies: - dependency-name: k8s.io/code-generator dependency-version: 0.36.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-deps - dependency-name: google.golang.org/genproto dependency-version: 0.0.0-20260316180232-0b37fe3546d5 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go-deps - dependency-name: google.golang.org/protobuf dependency-version: 1.36.12-0.20260120151049-f2248ac996af dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go-deps - dependency-name: k8s.io/apimachinery dependency-version: 0.36.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-deps - dependency-name: k8s.io/code-generator dependency-version: 0.36.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-deps - dependency-name: chainguard.dev/exitdir dependency-version: 0.0.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go-deps - dependency-name: github.com/sigstore/rekor-tiles/v2 dependency-version: 2.3.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-deps - dependency-name: github.com/tink-crypto/tink-go-gcpkms/v2 dependency-version: 2.3.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-deps - dependency-name: github.com/tink-crypto/tink-go/v2 dependency-version: 2.7.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-deps - dependency-name: k8s.io/apimachinery dependency-version: 0.36.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-deps - dependency-name: k8s.io/client-go dependency-version: 0.36.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-deps - dependency-name: github.com/sigstore/sigstore dependency-version: 1.10.8 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go-deps - dependency-name: github.com/sigstore/fulcio dependency-version: 1.8.7 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go-deps - dependency-name: github.com/sigstore/rekor dependency-version: 1.5.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go-deps - dependency-name: k8s.io/client-go dependency-version: 0.36.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-deps - dependency-name: go.step.sm/crypto dependency-version: 0.84.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-deps - dependency-name: k8s.io/client-go dependency-version: 0.36.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-deps - dependency-name: go.step.sm/crypto dependency-version: 0.84.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-deps - dependency-name: k8s.io/apimachinery dependency-version: 0.36.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-deps - dependency-name: k8s.io/client-go dependency-version: 0.36.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-deps - dependency-name: github.com/go-sql-driver/mysql dependency-version: 1.10.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-deps - dependency-name: google.golang.org/grpc dependency-version: 1.81.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-deps - dependency-name: k8s.io/apimachinery dependency-version: 0.36.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-deps - dependency-name: k8s.io/client-go dependency-version: 0.36.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-deps - dependency-name: chainguard.dev/exitdir dependency-version: 0.0.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go-deps - dependency-name: k8s.io/apimachinery dependency-version: 0.36.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-deps - dependency-name: k8s.io/client-go dependency-version: 0.36.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-deps - dependency-name: github.com/sigstore/sigstore dependency-version: 1.10.8 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go-deps - dependency-name: github.com/sigstore/timestamp-authority/v2 dependency-version: 2.1.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-deps - dependency-name: k8s.io/apimachinery dependency-version: 0.36.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-deps - dependency-name: k8s.io/client-go dependency-version: 0.36.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-deps - dependency-name: github.com/sigstore/rekor-tiles/v2 dependency-version: 2.3.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-deps - dependency-name: github.com/sigstore/sigstore dependency-version: 1.10.8 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go-deps - dependency-name: github.com/sigstore/sigstore-go dependency-version: 1.2.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-deps ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Jun 26, 2026

dependabot Bot requested review from a team as code owners June 26, 2026 02:46

dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Jun 26, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Bump the go-deps group across 11 directories with 17 updates#1935

Bump the go-deps group across 11 directories with 17 updates#1935
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/go_modules/go-deps-025aac080f

dependabot Bot commented on behalf of github Jun 26, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Uh oh!

Conversation

dependabot Bot commented on behalf of github Jun 26, 2026

v0.0.3

What's Changed

v2.3.0

What's Changed

Breaking Changes

Library Features

Fixes

Tink Go Google Cloud KMS Extension v2.3.0

What's new

Future work

Get started

Go tooling

Bazel

v2.7.0

What's new

Future work

Get started

Go tooling

v1.10.8

What's Changed

v1.10.7

What's Changed

v1.10.6

What's Changed

v1.8.7

Changelog

Thanks for all contributors!

v1.8.6

Changelog

Thanks for all contributors!

v1.8.6

Features

v1.5.2

Changelog

Thanks for all contributors!

Release v0.84.1

What's Changed

Release v0.84.0

What's Changed

Dependencies

Release v0.83.0

What's Changed

Release v0.82.0

What's Changed

Dependencies:

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants