Update to v1.3.9 #404

tommyd450 · 2025-03-18T15:23:58Z

No description provided.

Signed-off-by: Appu Goundan <appu@google.com>

Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.206.0 to 0.209.0. - [Release notes](https://github.com/googleapis/google-api-go-client/releases) - [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md) - [Commits](googleapis/google-api-go-client@v0.206.0...v0.209.0) --- updated-dependencies: - dependency-name: google.golang.org/api dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>

Bumps the all group with 1 update: [codecov/codecov-action](https://github.com/codecov/codecov-action). Updates `codecov/codecov-action` from 5.0.2 to 5.0.7 - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](codecov/codecov-action@5c47607...015f24e) --- updated-dependencies: - dependency-name: codecov/codecov-action dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all ... Signed-off-by: dependabot[bot] <support@github.com>

Bumps google/cloud-sdk from 501.0.0 to 502.0.0. --- updated-dependencies: - dependency-name: google/cloud-sdk dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>

Bumps [github.com/google/trillian](https://github.com/google/trillian) from 1.6.1 to 1.7.0. - [Release notes](https://github.com/google/trillian/releases) - [Changelog](https://github.com/google/trillian/blob/master/CHANGELOG.md) - [Commits](google/trillian@v1.6.1...v1.7.0) --- updated-dependencies: - dependency-name: github.com/google/trillian dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>

Bumps [golang.org/x/sync](https://github.com/golang/sync) from 0.9.0 to 0.10.0. - [Commits](golang/sync@v0.9.0...v0.10.0) --- updated-dependencies: - dependency-name: golang.org/x/sync dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>

Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.29.0 to 0.30.0. - [Commits](golang/crypto@v0.29.0...v0.30.0) --- updated-dependencies: - dependency-name: golang.org/x/crypto dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>

Bumps [go.step.sm/crypto](https://github.com/smallstep/crypto) from 0.54.2 to 0.55.0. - [Release notes](https://github.com/smallstep/crypto/releases) - [Commits](smallstep/crypto@v0.54.2...v0.55.0) --- updated-dependencies: - dependency-name: go.step.sm/crypto dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>

Bumps [golang.org/x/net](https://github.com/golang/net) from 0.31.0 to 0.32.0. - [Commits](golang/net@v0.31.0...v0.32.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>

Bumps the all group with 1 update: [codecov/codecov-action](https://github.com/codecov/codecov-action). Updates `codecov/codecov-action` from 5.0.7 to 5.1.1 - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](codecov/codecov-action@015f24e...7f8b4b4) --- updated-dependencies: - dependency-name: codecov/codecov-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all ... Signed-off-by: dependabot[bot] <support@github.com>

Bumps the all group with 4 updates: [google.golang.org/grpc](https://github.com/grpc/grpc-go), [cloud.google.com/go/pubsub](https://github.com/googleapis/google-cloud-go), [google.golang.org/genproto/googleapis/rpc](https://github.com/googleapis/go-genproto) and [google.golang.org/api](https://github.com/googleapis/google-api-go-client). Updates `google.golang.org/grpc` from 1.68.0 to 1.68.1 - [Release notes](https://github.com/grpc/grpc-go/releases) - [Commits](grpc/grpc-go@v1.68.0...v1.68.1) Updates `cloud.google.com/go/pubsub` from 1.45.1 to 1.45.3 - [Release notes](https://github.com/googleapis/google-cloud-go/releases) - [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/CHANGES.md) - [Commits](googleapis/google-cloud-go@pubsub/v1.45.1...pubsub/v1.45.3) Updates `google.golang.org/genproto/googleapis/rpc` from 0.0.0-20241113202542-65e8d215514f to 0.0.0-20241118233622-e639e219e697 - [Commits](https://github.com/googleapis/go-genproto/commits) Updates `google.golang.org/api` from 0.209.0 to 0.210.0 - [Release notes](https://github.com/googleapis/google-api-go-client/releases) - [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md) - [Commits](googleapis/google-api-go-client@v0.209.0...v0.210.0) --- updated-dependencies: - dependency-name: google.golang.org/grpc dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: cloud.google.com/go/pubsub dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: google.golang.org/genproto/googleapis/rpc dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: google.golang.org/api dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all ... Signed-off-by: dependabot[bot] <support@github.com>

Bumps the all group with 1 update: golang. Updates `golang` from 1.23.3 to 1.23.4 --- updated-dependencies: - dependency-name: golang dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all ... Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: Bob Callaway <bcallaway@google.com>

Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.23.0 to 0.31.0. - [Commits](golang/crypto@v0.23.0...v0.31.0) --- updated-dependencies: - dependency-name: golang.org/x/crypto dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>

Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.30.0 to 0.31.0. - [Commits](golang/crypto@v0.30.0...v0.31.0) --- updated-dependencies: - dependency-name: golang.org/x/crypto dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: cpanato <ctadeu@gmail.com>

* bump min go to 1.23.4 Signed-off-by: cpanato <ctadeu@gmail.com> * bump golangci-lint to v1.62.x Signed-off-by: cpanato <ctadeu@gmail.com> --------- Signed-off-by: cpanato <ctadeu@gmail.com>

Bumps the all group with 1 update: [actions/setup-go](https://github.com/actions/setup-go). Updates `actions/setup-go` from 5.1.0 to 5.2.0 - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](actions/setup-go@41dfa10...3041bf5) --- updated-dependencies: - dependency-name: actions/setup-go dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all ... Signed-off-by: dependabot[bot] <support@github.com>

Bumps google/cloud-sdk from 502.0.0 to 503.0.0. --- updated-dependencies: - dependency-name: google/cloud-sdk dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>

Bumps golang from `574185e` to `7003184`. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>

Bumps the all group with 6 updates: | Package | From | To | | --- | --- | --- | | [github.com/sigstore/sigstore](https://github.com/sigstore/sigstore) | `1.8.10` | `1.8.11` | | [cloud.google.com/go/profiler](https://github.com/googleapis/google-cloud-go) | `0.4.1` | `0.4.2` | | [github.com/sigstore/sigstore/pkg/signature/kms/aws](https://github.com/sigstore/sigstore) | `1.8.10` | `1.8.11` | | [github.com/sigstore/sigstore/pkg/signature/kms/azure](https://github.com/sigstore/sigstore) | `1.8.10` | `1.8.11` | | [github.com/sigstore/sigstore/pkg/signature/kms/gcp](https://github.com/sigstore/sigstore) | `1.8.10` | `1.8.11` | | [github.com/sigstore/sigstore/pkg/signature/kms/hashivault](https://github.com/sigstore/sigstore) | `1.8.10` | `1.8.11` | Updates `github.com/sigstore/sigstore` from 1.8.10 to 1.8.11 - [Release notes](https://github.com/sigstore/sigstore/releases) - [Commits](sigstore/sigstore@v1.8.10...v1.8.11) Updates `cloud.google.com/go/profiler` from 0.4.1 to 0.4.2 - [Release notes](https://github.com/googleapis/google-cloud-go/releases) - [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/CHANGES.md) - [Commits](googleapis/google-cloud-go@ai/v0.4.1...apps/v0.4.2) Updates `github.com/sigstore/sigstore/pkg/signature/kms/aws` from 1.8.10 to 1.8.11 - [Release notes](https://github.com/sigstore/sigstore/releases) - [Commits](sigstore/sigstore@v1.8.10...v1.8.11) Updates `github.com/sigstore/sigstore/pkg/signature/kms/azure` from 1.8.10 to 1.8.11 - [Release notes](https://github.com/sigstore/sigstore/releases) - [Commits](sigstore/sigstore@v1.8.10...v1.8.11) Updates `github.com/sigstore/sigstore/pkg/signature/kms/gcp` from 1.8.10 to 1.8.11 - [Release notes](https://github.com/sigstore/sigstore/releases) - [Commits](sigstore/sigstore@v1.8.10...v1.8.11) Updates `github.com/sigstore/sigstore/pkg/signature/kms/hashivault` from 1.8.10 to 1.8.11 - [Release notes](https://github.com/sigstore/sigstore/releases) - [Commits](sigstore/sigstore@v1.8.10...v1.8.11) --- updated-dependencies: - dependency-name: github.com/sigstore/sigstore dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: cloud.google.com/go/profiler dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/aws dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/azure dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/gcp dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/hashivault dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all ... Signed-off-by: dependabot[bot] <support@github.com>

Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.210.0 to 0.211.0. - [Release notes](https://github.com/googleapis/google-api-go-client/releases) - [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md) - [Commits](googleapis/google-api-go-client@v0.210.0...v0.211.0) --- updated-dependencies: - dependency-name: google.golang.org/api dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>

Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.68.1 to 1.69.0. - [Release notes](https://github.com/grpc/grpc-go/releases) - [Commits](grpc/grpc-go@v1.68.1...v1.69.0) --- updated-dependencies: - dependency-name: google.golang.org/grpc dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>

Bumps [github.com/secure-systems-lab/go-securesystemslib](https://github.com/secure-systems-lab/go-securesystemslib) from 0.8.0 to 0.9.0. - [Release notes](https://github.com/secure-systems-lab/go-securesystemslib/releases) - [Commits](secure-systems-lab/go-securesystemslib@v0.8.0...v0.9.0) --- updated-dependencies: - dependency-name: github.com/secure-systems-lab/go-securesystemslib dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>

Bumps the all group with 1 update: [google.golang.org/grpc](https://github.com/grpc/grpc-go). Updates `google.golang.org/grpc` from 1.69.0 to 1.69.2 - [Release notes](https://github.com/grpc/grpc-go/releases) - [Commits](grpc/grpc-go@v1.69.0...v1.69.2) --- updated-dependencies: - dependency-name: google.golang.org/grpc dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all ... Signed-off-by: dependabot[bot] <support@github.com>

Bumps google/cloud-sdk from 503.0.0 to 504.0.1. --- updated-dependencies: - dependency-name: google/cloud-sdk dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>

Bumps [go.step.sm/crypto](https://github.com/smallstep/crypto) from 0.55.0 to 0.56.0. - [Release notes](https://github.com/smallstep/crypto/releases) - [Commits](smallstep/crypto@v0.55.0...v0.56.0) --- updated-dependencies: - dependency-name: go.step.sm/crypto dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>

Bumps [golang.org/x/net](https://github.com/golang/net) from 0.32.0 to 0.33.0. - [Commits](golang/net@v0.32.0...v0.33.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>

Bumps google.golang.org/protobuf from 1.35.2 to 1.36.1. --- updated-dependencies: - dependency-name: google.golang.org/protobuf dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>

Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.211.0 to 0.214.0. - [Release notes](https://github.com/googleapis/google-api-go-client/releases) - [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md) - [Commits](googleapis/google-api-go-client@v0.211.0...v0.214.0) --- updated-dependencies: - dependency-name: google.golang.org/api dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>

* fetch minisign from homebrew instead of custom ppa Signed-off-by: Bob Callaway <bcallaway@google.com> * brew is only installed by default on macos runners Signed-off-by: Bob Callaway <bcallaway@google.com> * sigh, use homebrew setup-homebrew action Signed-off-by: Bob Callaway <bcallaway@google.com> --------- Signed-off-by: Bob Callaway <bcallaway@google.com>

…2326) Bumps google/cloud-sdk from 504.0.1 to 505.0.0. --- updated-dependencies: - dependency-name: google/cloud-sdk dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps the all group with 11 updates: | Package | From | To | | --- | --- | --- | | [github.com/google/trillian](https://github.com/google/trillian) | `1.7.0` | `1.7.1` | | [github.com/sigstore/sigstore](https://github.com/sigstore/sigstore) | `1.8.11` | `1.8.12` | | [golang.org/x/crypto](https://github.com/golang/crypto) | `0.31.0` | `0.32.0` | | [golang.org/x/net](https://github.com/golang/net) | `0.33.0` | `0.34.0` | | [google.golang.org/grpc](https://github.com/grpc/grpc-go) | `1.69.2` | `1.69.4` | | google.golang.org/protobuf | `1.36.1` | `1.36.2` | | [github.com/sigstore/protobuf-specs](https://github.com/sigstore/protobuf-specs) | `0.3.2` | `0.3.3` | | [github.com/sigstore/sigstore/pkg/signature/kms/aws](https://github.com/sigstore/sigstore) | `1.8.11` | `1.8.12` | | [github.com/sigstore/sigstore/pkg/signature/kms/azure](https://github.com/sigstore/sigstore) | `1.8.11` | `1.8.12` | | [github.com/sigstore/sigstore/pkg/signature/kms/gcp](https://github.com/sigstore/sigstore) | `1.8.11` | `1.8.12` | | [github.com/sigstore/sigstore/pkg/signature/kms/hashivault](https://github.com/sigstore/sigstore) | `1.8.11` | `1.8.12` | Updates `github.com/google/trillian` from 1.7.0 to 1.7.1 - [Release notes](https://github.com/google/trillian/releases) - [Changelog](https://github.com/google/trillian/blob/master/CHANGELOG.md) - [Commits](google/trillian@v1.7.0...v1.7.1) Updates `github.com/sigstore/sigstore` from 1.8.11 to 1.8.12 - [Release notes](https://github.com/sigstore/sigstore/releases) - [Commits](sigstore/sigstore@v1.8.11...v1.8.12) Updates `golang.org/x/crypto` from 0.31.0 to 0.32.0 - [Commits](golang/crypto@v0.31.0...v0.32.0) Updates `golang.org/x/net` from 0.33.0 to 0.34.0 - [Commits](golang/net@v0.33.0...v0.34.0) Updates `google.golang.org/grpc` from 1.69.2 to 1.69.4 - [Release notes](https://github.com/grpc/grpc-go/releases) - [Commits](grpc/grpc-go@v1.69.2...v1.69.4) Updates `google.golang.org/protobuf` from 1.36.1 to 1.36.2 Updates `github.com/sigstore/protobuf-specs` from 0.3.2 to 0.3.3 - [Release notes](https://github.com/sigstore/protobuf-specs/releases) - [Changelog](https://github.com/sigstore/protobuf-specs/blob/main/CHANGELOG.md) - [Commits](sigstore/protobuf-specs@v0.3.2...v0.3.3) Updates `github.com/sigstore/sigstore/pkg/signature/kms/aws` from 1.8.11 to 1.8.12 - [Release notes](https://github.com/sigstore/sigstore/releases) - [Commits](sigstore/sigstore@v1.8.11...v1.8.12) Updates `github.com/sigstore/sigstore/pkg/signature/kms/azure` from 1.8.11 to 1.8.12 - [Release notes](https://github.com/sigstore/sigstore/releases) - [Commits](sigstore/sigstore@v1.8.11...v1.8.12) Updates `github.com/sigstore/sigstore/pkg/signature/kms/gcp` from 1.8.11 to 1.8.12 - [Release notes](https://github.com/sigstore/sigstore/releases) - [Commits](sigstore/sigstore@v1.8.11...v1.8.12) Updates `github.com/sigstore/sigstore/pkg/signature/kms/hashivault` from 1.8.11 to 1.8.12 - [Release notes](https://github.com/sigstore/sigstore/releases) - [Commits](sigstore/sigstore@v1.8.11...v1.8.12) --- updated-dependencies: - dependency-name: github.com/google/trillian dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: github.com/sigstore/sigstore dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: golang.org/x/crypto dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all - dependency-name: golang.org/x/net dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all - dependency-name: google.golang.org/grpc dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: google.golang.org/protobuf dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: github.com/sigstore/protobuf-specs dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/aws dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/azure dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/gcp dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/hashivault dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

…tore#2328) Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.214.0 to 0.216.0. - [Release notes](https://github.com/googleapis/google-api-go-client/releases) - [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md) - [Commits](googleapis/google-api-go-client@v0.214.0...v0.216.0) --- updated-dependencies: - dependency-name: google.golang.org/api dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Setting this to 1.23.4 requires all consumers to be building with the absolute latest 1.23.4 or newer release of Go 1.23 and to update their own go.mod accordingly — this seems unnecessarily restrictive for a library module, particularly as the code itself doesn't currently use any modern language constructs and builds fine even with older Go versions. Instead set the go directive to 1.22.0 and use the toolchain directive to recommend the latest 1.23.x when building locally. Note: this also upgrades google/trillian to v1.7.1 and downgrades sigs.k8s.io/release-utils to v0.8.4, which are both required in order to allow the go directive to be relaxed here. Signed-off-by: Dominic Evans <dominic.evans@uk.ibm.com>

Signed-off-by: cpanato <ctadeu@gmail.com>

* Support per-shard signing keys This change enables key rotation with a per-shard signing key configuration. The LogRanges structure now holds both active and inactive shards, with the LogRange structure containing a signer, encoded public key and log ID based on the public key. This change is backwards compatible. If no signing configuration is specified, the active shard signing configuration is used for all shards. Minor change: Standardized log ID vs tree ID, where the former is the pubkey hash and the latter is the ID for the Trillian tree. Signed-off-by: Hayden Blauzvern <hblauzvern@google.com> * resolve codeql, remove key password from string Signed-off-by: Hayden Blauzvern <hblauzvern@google.com> * Update rekor-cli to pass tree ID for verification Signed-off-by: Hayden Blauzvern <hblauzvern@google.com> * Fix range printing Signed-off-by: Hayden Blauzvern <hblauzvern@google.com> * suppress codeql Signed-off-by: Hayden Blauzvern <hblauzvern@google.com> * remove lgtm, it does nothing Signed-off-by: Hayden Blauzvern <hblauzvern@google.com> * address comments Signed-off-by: Hayden Blauzvern <hblauzvern@google.com> * Apply suggestions from code review Co-authored-by: Bob Callaway <bobcallaway@users.noreply.github.com> Signed-off-by: Hayden B <hblauzvern@google.com> --------- Signed-off-by: Hayden Blauzvern <hblauzvern@google.com> Signed-off-by: Hayden B <hblauzvern@google.com> Co-authored-by: Bob Callaway <bobcallaway@users.noreply.github.com>

Bumps the all group with 1 update: golang. Updates `golang` from 1.23.4 to 1.23.5 --- updated-dependencies: - dependency-name: golang dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all ... Signed-off-by: dependabot[bot] <support@github.com>

Bumps the all group with 3 updates: [ko-build/setup-ko](https://github.com/ko-build/setup-ko), [github/codeql-action](https://github.com/github/codeql-action) and [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action). Updates `ko-build/setup-ko` from 0.7 to 0.8 - [Release notes](https://github.com/ko-build/setup-ko/releases) - [Commits](ko-build/setup-ko@3aebd05...d982fec) Updates `github/codeql-action` from 3.28.0 to 3.28.1 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@48ab28a...b6a472f) Updates `golangci/golangci-lint-action` from 6.1.1 to 6.2.0 - [Release notes](https://github.com/golangci/golangci-lint-action/releases) - [Commits](golangci/golangci-lint-action@971e284...ec5d184) --- updated-dependencies: - dependency-name: ko-build/setup-ko dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: golangci/golangci-lint-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all ... Signed-off-by: dependabot[bot] <support@github.com>

Bumps the all group with 1 update: google.golang.org/protobuf. Updates `google.golang.org/protobuf` from 1.36.2 to 1.36.3 --- updated-dependencies: - dependency-name: google.golang.org/protobuf dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all ... Signed-off-by: dependabot[bot] <support@github.com>

Bumps [go.step.sm/crypto](https://github.com/smallstep/crypto) from 0.56.0 to 0.57.0. - [Release notes](https://github.com/smallstep/crypto/releases) - [Commits](smallstep/crypto@v0.56.0...v0.57.0) --- updated-dependencies: - dependency-name: go.step.sm/crypto dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>

Bumps [github.com/tink-crypto/tink-go/v2](https://github.com/tink-crypto/tink-go) from 2.2.0 to 2.3.0. - [Release notes](https://github.com/tink-crypto/tink-go/releases) - [Commits](tink-crypto/tink-go@v2.2.0...v2.3.0) --- updated-dependencies: - dependency-name: github.com/tink-crypto/tink-go/v2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>

Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.216.0 to 0.217.0. - [Release notes](https://github.com/googleapis/google-api-go-client/releases) - [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md) - [Commits](googleapis/google-api-go-client@v0.216.0...v0.217.0) --- updated-dependencies: - dependency-name: google.golang.org/api dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>

Bumps google/cloud-sdk from 505.0.0 to 506.0.0. --- updated-dependencies: - dependency-name: google/cloud-sdk dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>

* Cache checkpoint for inactive shards On service startup, Rekor will sign checkpoints for the inactive shards, since inactive tree lengths do not change. The calls to CreateAndSignCheckpoint that were not updated are because the checkpoint is being signed only for the active shard, e.g. on entry upload and when returning the active shard checkpoint. Signed-off-by: Hayden Blauzvern <hblauzvern@google.com> * reorder PublicKey Signed-off-by: Hayden Blauzvern <hblauzvern@google.com> * update error message Signed-off-by: Hayden Blauzvern <hblauzvern@google.com> --------- Signed-off-by: Hayden Blauzvern <hblauzvern@google.com>

Bumps the all group with 1 update: google.golang.org/protobuf. Updates `google.golang.org/protobuf` from 1.36.3 to 1.36.4 --- updated-dependencies: - dependency-name: google.golang.org/protobuf dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all ... Signed-off-by: dependabot[bot] <support@github.com>

Bumps the all group with 3 updates: [actions/setup-go](https://github.com/actions/setup-go), [github/codeql-action](https://github.com/github/codeql-action) and [codecov/codecov-action](https://github.com/codecov/codecov-action). Updates `actions/setup-go` from 5.2.0 to 5.3.0 - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](actions/setup-go@3041bf5...f111f33) Updates `github/codeql-action` from 3.28.1 to 3.28.5 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@b6a472f...f6091c0) Updates `codecov/codecov-action` from 5.1.2 to 5.3.1 - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](codecov/codecov-action@1e68e06...13ce06b) --- updated-dependencies: - dependency-name: actions/setup-go dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: codecov/codecov-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all ... Signed-off-by: dependabot[bot] <support@github.com>

Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.217.0 to 0.218.0. - [Release notes](https://github.com/googleapis/google-api-go-client/releases) - [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md) - [Commits](googleapis/google-api-go-client@v0.217.0...v0.218.0) --- updated-dependencies: - dependency-name: google.golang.org/api dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>

Bumps google/cloud-sdk from 506.0.0 to 507.0.0. --- updated-dependencies: - dependency-name: google/cloud-sdk dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>

Bumps golang from `51a6466` to `8c10f21`. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>

Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.69.4 to 1.70.0. - [Release notes](https://github.com/grpc/grpc-go/releases) - [Commits](grpc/grpc-go@v1.69.4...v1.70.0) --- updated-dependencies: - dependency-name: google.golang.org/grpc dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>

v1.3.9

openshift-ci · 2025-03-18T15:24:03Z

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: tommyd450

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

pkg/sharding/ranges.go

Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.33.0 to 0.36.0. - [Commits](golang/crypto@v0.33.0...v0.36.0) --- updated-dependencies: - dependency-name: golang.org/x/crypto dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>

Bumps [golang.org/x/net](https://github.com/golang/net) from 0.35.0 to 0.37.0. - [Commits](golang/net@v0.35.0...v0.37.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>

…igstore#2357) * build(deps): Bump cloud.google.com/go/pubsub from 1.45.3 to 1.47.0 Bumps [cloud.google.com/go/pubsub](https://github.com/googleapis/google-cloud-go) from 1.45.3 to 1.47.0. - [Release notes](https://github.com/googleapis/google-cloud-go/releases) - [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/CHANGES.md) - [Commits](googleapis/google-cloud-go@pubsub/v1.45.3...pubsub/v1.47.0) --- updated-dependencies: - dependency-name: cloud.google.com/go/pubsub dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * go mod tidy Signed-off-by: Bob Callaway <bcallaway@google.com> --------- Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Bob Callaway <bcallaway@google.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Bob Callaway <bcallaway@google.com>

Without applying this patch, the log message will be: ``` Using config file:%!(EXTRA string=/tmp/rekor_test.q1FmiY.rekor.yaml) ``` Signed-off-by: Sascha Grunert <sgrunert@redhat.com>

loosebazooka and others added 30 commits November 22, 2024 09:08

clean up spaces

2a6f6aa

Signed-off-by: Appu Goundan <appu@google.com>

fix zizmor issues (sigstore#2298)

d3f96ec

Signed-off-by: Bob Callaway <bcallaway@google.com>

update builder to use go1.23.4 (sigstore#2301)

cbee873

Signed-off-by: cpanato <ctadeu@gmail.com>

Updates go and golangci-lint (sigstore#2302)

c08f843

* bump min go to 1.23.4 Signed-off-by: cpanato <ctadeu@gmail.com> * bump golangci-lint to v1.62.x Signed-off-by: cpanato <ctadeu@gmail.com> --------- Signed-off-by: cpanato <ctadeu@gmail.com>

build(deps): Bump golang from 574185e to 7003184

652850c

Bumps golang from `574185e` to `7003184`. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>

bobcallaway and others added 22 commits January 13, 2025 08:31

add changelog for v1.3.8 (sigstore#2331)

88b5ce5

Signed-off-by: cpanato <ctadeu@gmail.com>

build(deps): Bump golang from 51a6466 to 8c10f21

40f29ba

Bumps golang from `51a6466` to `8c10f21`. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>

Merge tag 'v1.3.9'

1225418

v1.3.9

github-advanced-security bot found potential problems Mar 18, 2025

View reviewed changes

pkg/sharding/ranges.go Dismissed Show dismissed Hide dismissed

pkg/sharding/ranges.go Dismissed Show dismissed Hide dismissed

dependabot bot and others added 6 commits March 21, 2025 12:11

run go mod tidy

26c32d9

run go mod tidy

1d6072b

Fix 'Using config file:' log message

669b488

Without applying this patch, the log message will be: ``` Using config file:%!(EXTRA string=/tmp/rekor_test.q1FmiY.rekor.yaml) ``` Signed-off-by: Sascha Grunert <sgrunert@redhat.com>

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Update to v1.3.9 #404

Update to v1.3.9 #404

tommyd450 commented Mar 18, 2025

openshift-ci bot commented Mar 18, 2025

Update to v1.3.9 #404

Are you sure you want to change the base?

Update to v1.3.9 #404

Conversation

tommyd450 commented Mar 18, 2025

openshift-ci bot commented Mar 18, 2025