build(deps): Bump github.com/spiffe/go-spiffe/v2 from 2.6.0 to 2.7.0 in /authbridge/authlib

[dependabot]

Bumps github.com/spiffe/go-spiffe/v2 from 2.6.0 to 2.7.0.

Release notes

Sourced from github.com/spiffe/go-spiffe/v2's releases.

v2.7.0

Added

• Experimental support for WIT-SVIDs, including the new exp/svid/witsvid and exp/bundle/witbundle packages and Workload API client support for fetching and watching WIT-SVIDs and WIT bundles (#385, #391)

Changed

• X509-SVID verification now rejects leaf certificates with a SPIFFE ID that has a root path (#375)
• Other dependency updates.

Changelog

Sourced from github.com/spiffe/go-spiffe/v2's changelog.

[2.7.0] - 2026-06-03

Added

• Experimental support for WIT-SVIDs, including the new exp/svid/witsvid and exp/bundle/witbundle packages and Workload API client support for fetching and watching WIT-SVIDs and WIT bundles (#385, #391)

Changed

• X509-SVID verification now rejects leaf certificates with a SPIFFE ID that has a root path (#375)
• Other dependency updates.

Commits

• 76b14bd v2.7.0 changelog (#392)
• 8580a01 Add missing witbundle APIs for parity with jwtbundle (#391)
• 280d52e fix(x509svid): reject leaf SPIFFE IDs with root path (#375)
• c7f2701 Add WIT-SVID (#385)
• af3667a Bump google.golang.org/grpc from 1.75.0 to 1.79.3 (#380)
• c925be7 Bump christophebedard/dco-check from 0.5.0 to 0.5.1 (#390)
• 1d02ca5 Bump google.golang.org/protobuf from 1.36.8 to 1.36.11 (#371)
• 9e0f387 Bump github.com/go-jose/go-jose/v4 from 4.1.3 to 4.1.4 (#381)
• 9e644d8 Add Marcos as maintainer (#387)
• c010fdc Fix current build break (#379)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Summary by CodeRabbit

• Chores
  • Updated internal dependencies to improve security and stability.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro Plus

Run ID: aaf967bd-8edf-49de-a16b-bde593118a1d

📥 Commits

Reviewing files that changed from the base of the PR and between 0680516 and b5f9abb.

⛔ Files ignored due to path filters (1)

• authbridge/authlib/go.sum is excluded by !**/*.sum

📒 Files selected for processing (1)

• authbridge/authlib/go.mod

---

📝 Walkthrough

Walkthrough

The authbridge/authlib Go module dependency github.com/spiffe/go-spiffe/v2 is bumped from v2.6.0 to v2.7.0 in the require directive. No other dependencies or the Go version directive are affected.

Changes

Dependency Update

Layer / File(s)	Summary
SPIFFE go-spiffe version bump authbridge/authlib/go.mod	The required dependency github.com/spiffe/go-spiffe/v2 is updated from v2.6.0 to v2.7.0.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

Poem

🐰 A spiffe of version bumps, hop, hop, hooray!
From v2.6 to v2.7 we leap and play,
Dependencies dance in the go.mod song,
Fresh SPIFFE magic helps us along! ✨

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the main change: bumping the spiffe/go-spiffe/v2 dependency from 2.6.0 to 2.7.0 in /authbridge/authlib, which matches the changeset exactly.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch dependabot/go_modules/authbridge/authlib/github.com/spiffe/go-spiffe/v2-2.7.0

Warning

There were issues while running some tools. Please review the errors and either fix the tool's configuration or disable the tool if it's a critical failure.

🔧 golangci-lint (2.12.2)

level=error msg="[linters_context] typechecking error: pattern ./...: directory prefix . does not contain main module or its selected dependencies"

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}