Skip to content

⬆️ deps(gomod): update module github.com/sigstore/sigstore-go to v1.2.2#223

Open
Open-Source-Bot wants to merge 1 commit into
mainfrom
renovate/github.com-sigstore-sigstore-go-1.x
Open

⬆️ deps(gomod): update module github.com/sigstore/sigstore-go to v1.2.2#223
Open-Source-Bot wants to merge 1 commit into
mainfrom
renovate/github.com-sigstore-sigstore-go-1.x

Conversation

@Open-Source-Bot

@Open-Source-Bot Open-Source-Bot commented Jun 17, 2026

Copy link
Copy Markdown
Contributor

This PR contains the following updates:

Package Change Age Confidence
github.com/sigstore/sigstore-go v1.1.4v1.2.2 age confidence

Release Notes

sigstore/sigstore-go (github.com/sigstore/sigstore-go)

v1.2.2

Compare Source

What's Changed

  • Reject certificate identity with no SAN or issuer criteria in #​645
  • Support Verification in sigstore/cosign with X.509 Certificate Chain in #​581

Full Changelog: sigstore/sigstore-go@v1.2.1...v1.2.2

v1.2.1

Compare Source

What's Changed

v1.2.1 resolves GHSA-wqqc-jjcq-vfxm.

  • Check signature time against public key validity window in #​642

Full Changelog: sigstore/sigstore-go@v1.2.0...v1.2.1

v1.2.0

Compare Source

What's Changed

New Contributors

Full Changelog: sigstore/sigstore-go@v1.1.4...v1.2.0


Configuration

📅 Schedule: (in timezone Europe/Paris)

  • Branch creation
    • At 10:00 PM through 11:59 PM and 12:00 AM through 06:59 AM (* 22-23,0-6 * * *)
    • Only on Sunday and Saturday (* * * * 0,6)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate.

@Open-Source-Bot Open-Source-Bot requested a review from a team June 17, 2026 21:26
@Open-Source-Bot Open-Source-Bot added the dependencies Dependency update label Jun 17, 2026
@Open-Source-Bot

Open-Source-Bot commented Jun 17, 2026

Copy link
Copy Markdown
Contributor Author

ℹ️ Artifact update notice

File name: go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

  • 60 additional dependencies were updated

Details:

Package Change
github.com/aws/aws-sdk-go-v2 v1.39.6 -> v1.41.9
github.com/aws/aws-sdk-go-v2/config v1.31.20 -> v1.32.20
github.com/aws/aws-sdk-go-v2/service/s3 v1.72.3 -> v1.102.2
github.com/aws/smithy-go v1.25.1 -> v1.26.0
github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.7.7 -> v1.7.11
github.com/aws/aws-sdk-go-v2/credentials v1.18.24 -> v1.19.19
github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.13 -> v1.18.25
github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.13 -> v1.4.25
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.13 -> v2.7.25
github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.27 -> v1.4.26
github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.7 -> v1.13.10
github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.4.8 -> v1.9.18
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.13 -> v1.13.25
github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.18.8 -> v1.19.25
github.com/aws/aws-sdk-go-v2/service/sso v1.30.3 -> v1.30.19
github.com/aws/aws-sdk-go-v2/service/ssooidc v1.35.7 -> v1.36.2
github.com/aws/aws-sdk-go-v2/service/sts v1.40.2 -> v1.42.3
github.com/go-openapi/analysis v0.24.1 -> v0.25.2
github.com/go-openapi/errors v0.22.4 -> v0.22.8
github.com/go-openapi/jsonpointer v0.22.1 -> v0.23.1
github.com/go-openapi/jsonreference v0.21.3 -> v0.21.6
github.com/go-openapi/loads v0.23.2 -> v0.24.0
github.com/go-openapi/runtime v0.29.2 -> v0.32.4
github.com/go-openapi/spec v0.22.1 -> v0.22.6
github.com/go-openapi/strfmt v0.25.0 -> v0.26.4
github.com/go-openapi/swag v0.25.4 -> v0.26.1
github.com/go-openapi/swag/cmdutils v0.25.4 -> v0.26.1
github.com/go-openapi/swag/conv v0.25.4 -> v0.27.0
github.com/go-openapi/swag/fileutils v0.25.4 -> v0.26.1
github.com/go-openapi/swag/jsonname v0.25.4 -> v0.26.1
github.com/go-openapi/swag/jsonutils v0.25.4 -> v0.26.1
github.com/go-openapi/swag/loading v0.25.4 -> v0.26.1
github.com/go-openapi/swag/mangling v0.25.4 -> v0.26.1
github.com/go-openapi/swag/netutils v0.25.4 -> v0.26.1
github.com/go-openapi/swag/stringutils v0.25.4 -> v0.26.1
github.com/go-openapi/swag/typeutils v0.25.4 -> v0.27.0
github.com/go-openapi/swag/yamlutils v0.25.4 -> v0.26.1
github.com/go-openapi/validate v0.25.1 -> v0.26.0
github.com/go-viper/mapstructure/v2 v2.4.0 -> v2.5.0
github.com/google/certificate-transparency-go v1.3.2 -> v1.3.3
github.com/google/go-containerregistry v0.20.7 -> v0.21.7
github.com/grpc-ecosystem/grpc-gateway/v2 v2.27.7 -> v2.29.0
github.com/in-toto/attestation v1.1.2 -> v1.2.0
github.com/in-toto/in-toto-golang v0.9.0 -> v0.11.0
github.com/secure-systems-lab/go-securesystemslib v0.9.1 -> v0.11.0
github.com/sigstore/protobuf-specs v0.5.0 -> v0.5.1
github.com/sigstore/rekor v1.4.3 -> v1.5.3
github.com/sigstore/rekor-tiles/v2 v2.0.1 -> v2.3.0
github.com/sigstore/sigstore v1.10.0 -> v1.10.8
github.com/sigstore/timestamp-authority/v2 v2.0.3 -> v2.1.2
github.com/theupdateframework/go-tuf/v2 v2.3.0 -> v2.4.2
github.com/transparency-dev/formats v0.0.0-20251017110053-404c0d5b696c -> v0.1.1
go.opentelemetry.io/otel v1.41.0 -> v1.44.0
go.opentelemetry.io/otel/metric v1.41.0 -> v1.44.0
go.opentelemetry.io/otel/trace v1.41.0 -> v1.44.0
golang.org/x/oauth2 v0.34.0 -> v0.36.0
golang.org/x/time v0.14.0 -> v0.15.0
google.golang.org/genproto/googleapis/api v0.0.0-20260128011058-8636f8732409 -> v0.0.0-20260526163538-3dc84a4a5aaa
google.golang.org/genproto/googleapis/rpc v0.0.0-20260128011058-8636f8732409 -> v0.0.0-20260523011958-0a33c5d7ca68
google.golang.org/grpc v1.79.3 -> v1.82.0

@github-actions

Copy link
Copy Markdown

No diff in reference doc 😀

@github-actions

github-actions Bot commented Jun 17, 2026

Copy link
Copy Markdown

Binary size: 82.2MB => 83.0MB (change +752KB, +0.8%) 😭

@Open-Source-Bot Open-Source-Bot force-pushed the renovate/github.com-sigstore-sigstore-go-1.x branch from cd5add9 to 9e93911 Compare July 9, 2026 16:11
@github-actions

github-actions Bot commented Jul 9, 2026

Copy link
Copy Markdown

🔖 auto-tagging: Adding label "dependencies"

@Open-Source-Bot Open-Source-Bot force-pushed the renovate/github.com-sigstore-sigstore-go-1.x branch from 9e93911 to 03cdfe0 Compare July 9, 2026 17:17
@Open-Source-Bot Open-Source-Bot changed the title ⬆️ deps(gomod): update module github.com/sigstore/sigstore-go to v1.2.1 ⬆️ deps(gomod): update module github.com/sigstore/sigstore-go to v1.2.2 Jul 9, 2026
@github-actions

github-actions Bot commented Jul 9, 2026

Copy link
Copy Markdown

🔖 auto-tagging: Adding label "dependencies"

@Open-Source-Bot Open-Source-Bot force-pushed the renovate/github.com-sigstore-sigstore-go-1.x branch from 03cdfe0 to 6782e37 Compare July 10, 2026 02:20
@github-actions

Copy link
Copy Markdown

🔖 auto-tagging: Adding label "dependencies"

@Open-Source-Bot Open-Source-Bot force-pushed the renovate/github.com-sigstore-sigstore-go-1.x branch from 6782e37 to ed41c9c Compare July 10, 2026 08:15
@github-actions

Copy link
Copy Markdown

🔖 auto-tagging: Adding label "dependencies"

@Open-Source-Bot Open-Source-Bot force-pushed the renovate/github.com-sigstore-sigstore-go-1.x branch from ed41c9c to 2c2441a Compare July 10, 2026 10:13
@github-actions

Copy link
Copy Markdown

🔖 auto-tagging: Adding label "dependencies"

@Open-Source-Bot Open-Source-Bot force-pushed the renovate/github.com-sigstore-sigstore-go-1.x branch from 2c2441a to 3be5a05 Compare July 10, 2026 14:46
@github-actions

Copy link
Copy Markdown

🔖 auto-tagging: Adding label "dependencies"

@Open-Source-Bot Open-Source-Bot force-pushed the renovate/github.com-sigstore-sigstore-go-1.x branch from 3be5a05 to 496977a Compare July 13, 2026 07:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Dependency update

Development

Successfully merging this pull request may close these issues.

1 participant