Skip to content

Bump the minor-patch group across 2 directories with 10 updates#599

Closed
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/go_modules/minor-patch-de37abdfe5
Closed

Bump the minor-patch group across 2 directories with 10 updates#599
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/go_modules/minor-patch-de37abdfe5

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Mar 16, 2026
edited
Loading

Bumps the minor-patch group with 7 updates in the / directory:

Package From To
github.com/go-openapi/runtime 0.29.2 0.29.3
github.com/google/certificate-transparency-go 1.3.2 1.3.3
github.com/sigstore/rekor 1.5.0 1.5.1
github.com/sigstore/rekor-tiles/v2 2.2.0 2.2.1
github.com/sigstore/timestamp-authority/v2 2.0.4 2.0.5
golang.org/x/crypto 0.48.0 0.49.0
golang.org/x/mod 0.33.0 0.34.0

Bumps the minor-patch group with 1 update in the /examples/oci-image-verification directory: github.com/google/go-containerregistry.

Updates github.com/go-openapi/runtime from 0.29.2 to 0.29.3

Release notes

Sourced from github.com/go-openapi/runtime's releases.

v0.29.3

0.29.3 - 2026-03-08

Full Changelog: go-openapi/runtime@v0.29.2...v0.29.3

27 commits in this release.

Fixed bugs

Documentation

Code quality

  • chore: updated dependencies (removed mongodb indirect dependency) by @​fredbi in #399 ...

Miscellaneous tasks

Updates

... (truncated)

Commits
  • b00b2f1 chore: prepare release v0.29.3
  • b5088b8 ci: fixed dropped trivy release - updated shared workflow
  • c9809a6 docs: add FAQ from resolved GitHub issues (#403)
  • 3d599d6 build(deps): bump the development-dependencies group across 2 directories wit...
  • 3b063c0 chore: updated dependencies (removed mongodb indirect dependency) (#399)
  • f9c40d3 build(deps): bump the other-dependencies group with 3 updates
  • adabde2 build(deps): bump the go-openapi-dependencies group with 6 updates
  • 2e68776 build(deps): bump the go-openapi-dependencies group with 2 updates
  • bb7e2f0 build(deps): bump the go-openapi-dependencies group with 2 updates
  • b3119ae build(deps): bump the go-openapi-dependencies group with 2 updates
  • Additional commits viewable in compare view

Updates github.com/go-openapi/strfmt from 0.25.0 to 0.26.0

Release notes

Sourced from github.com/go-openapi/strfmt's releases.

v0.26.0

0.26.0 - 2026-03-07

Dropped mongodb dependency - Kept backward-compatibility

Full Changelog: go-openapi/strfmt@v0.25.0...v0.26.0

43 commits in this release.

Documentation

Code quality

Testing

Miscellaneous tasks

Updates

... (truncated)

Commits
  • 189f0cc chore: prepare release v0.26.0
  • 8d2d66c test: updated testify/v2 (#226)
  • 397a475 build(deps): bump filippo.io/edwards25519 in /internal/testintegration (#221)
  • 56a7663 ci: fix coverage reporting for integration tests (#225)
  • f309793 build(deps): bump the development-dependencies group across 2 directories wit...
  • 435a1e4 refactor: decouple mongodb driver from root module (#222)
  • 7304ce1 Test/integration mariadb (#220)
  • 8b27f48 chore: reverted go requirement back to go1.24 (#219)
  • 6a4afe0 chore: doc, lint, test (#218)
  • cd99722 doc: updated contributors file
  • Additional commits viewable in compare view

Updates github.com/go-openapi/swag/conv from 0.25.4 to 0.25.5

Release notes

Sourced from github.com/go-openapi/swag/conv's releases.

v0.25.5

0.25.5 - 2026-03-02

Full Changelog: go-openapi/swag@v0.25.4...v0.25.5

16 commits in this release.

Documentation

Code quality

Testing

Miscellaneous tasks

Updates

People who contributed to this release

... (truncated)

Commits
  • 86905cc chore: prepare release v0.25.5
  • 345f85b doc: updated docs, links (#180)
  • 01b074b ci: updated ci workflows (#179)
  • 607decd build(deps): bump the go-openapi-dependencies group across 15 directories wit...
  • 4924f95 doc: updated contributors file
  • 281942d test: upgraded tests to use generics (#176)
  • b9f9e45 test: upgraded to go-openapi/testify@v2.3.0 (#175)
  • b7e96e1 ci: upgraded shared workflows (fixed secret propagation, fuzz matrix) (#174)
  • 236d975 ci: upgraded shared workflows (fixes mono-repo releases) (#173)
  • fd4d373 build(deps): bump the development-dependencies group across 2 directories wit...
  • Additional commits viewable in compare view

Updates github.com/google/certificate-transparency-go from 1.3.2 to 1.3.3

Release notes

Sourced from github.com/google/certificate-transparency-go's releases.

v1.3.3

What's Changed

CTFE

Tools

Log list library

Submission proxy

Other

Misc

Dependency updates

... (truncated)

Changelog

Sourced from github.com/google/certificate-transparency-go's changelog.

v1.3.3

CTFE

Tools

Log list library

Submission proxy

Other

Misc

Dependency updates

... (truncated)

Commits
  • e8f9317 Support tiled logs in the loglist3 logfilter functions (#1762)
  • f571c2e Cap request body size in submission proxy (#1754)
  • b0a55e9 Bump golangci-lint version to v2.10.1 (#1769)
  • f8d8cda Bump the docker-deps group across 2 directories with 2 updates (#1766)
  • e030cb1 Bump github/codeql-action from 4.32.0 to 4.32.4 in the all-deps group (#1767)
  • 537ff1f Bump the all-deps group with 7 updates (#1768)
  • 8c5792c Remove internal witness (#1765)
  • a599ccc Add FindTiledLog* functions (#1763)
  • 3782b4d Bump filippo.io/edwards25519 from 1.1.0 to 1.1.1 (#1764)
  • a6d1ef5 Bump golang.org/x/crypto from 0.46.0 to 0.47.0 in the all-deps group (#1756)
  • Additional commits viewable in compare view

Updates github.com/sigstore/rekor from 1.5.0 to 1.5.1

Release notes

Sourced from github.com/sigstore/rekor's releases.

v1.5.1

Changelog

  • 2d46808ce98c3dd26158364ae28f4c49921c9b0d optimize memory for DSSE v0.0.1 processing (#2766)
  • 6de110d1deb7fa2d9145584fd9446608ce1a777c return correct errors in rare failure situations (#2753)
  • 7ff7c692f51d6060c6eebba0480536f5ba28abb5 raise error if decoding hash fails during inclusion proof (#2754)

Thanks for all contributors!

Commits
  • bb573aa build(deps): Bump actions/upload-artifact from 6.0.0 to 7.0.0 (#2773)
  • 6188957 build(deps): Bump google.golang.org/api from 0.264.0 to 0.269.0 (#2770)
  • f76fb2a build(deps): Bump github/codeql-action in the all group (#2772)
  • ae85b80 build(deps): Bump github.com/redis/go-redis/v9 from 9.17.3 to 9.18.0 (#2769)
  • 9836e32 build(deps): Bump the all group with 11 updates (#2768)
  • b81ecd3 build(deps): Bump gocloud.dev from 0.40.0 to 0.44.0 (#2757)
  • 2d46808 optimize memory for DSSE v0.0.1 processing (#2766)
  • bd11cb9 build(deps): Bump go.step.sm/crypto from 0.74.0 to 0.76.2 (#2760)
  • c302fdb build(deps): Bump github.com/secure-systems-lab/go-securesystemslib (#2758)
  • 3444350 build(deps): Bump go.opentelemetry.io/otel/sdk from 1.39.0 to 1.40.0 (#2763)
  • Additional commits viewable in compare view

Updates github.com/sigstore/rekor-tiles/v2 from 2.2.0 to 2.2.1

Release notes

Sourced from github.com/sigstore/rekor-tiles/v2's releases.

v2.2.1

What's Changed

This release includes a fix to prevent large leaf entries from corrupting the log. We recommend updating ASAP.

Full Changelog: sigstore/rekor-tiles@v2.2.0...v2.2.1

Commits
  • e028746 Apply reasonable signature and verifiers limits to DSSE requests (#684)
  • 85fd865 Bump filippo.io/edwards25519 from 1.1.0 to 1.1.1 (#692)
  • b0281c5 Bump Tessera to v1.0.2 (#691)
  • 84ec509 Bump go.opentelemetry.io/otel/exporters/prometheus from 0.61.0 to 0.62.0 (#688)
  • e367e66 Bump distroless/static-debian13 from f9f84bd to 01e550f (#685)
  • 6173b01 Bump google.golang.org/api from 0.264.0 to 0.265.0 (#687)
  • b8df7a5 Bump anchore/sbom-action from 0.21.1 to 0.22.2 (#690)
  • 79c01ed Bump go.opentelemetry.io/otel/sdk/metric from 1.39.0 to 1.40.0 (#689)
  • 5ff3296 Bump the go-patch-updates group with 3 updates (#679)
  • 3c625cd Bump actions/attest-build-provenance from 3.1.0 to 3.2.0 (#682)
  • Additional commits viewable in compare view

Updates github.com/sigstore/timestamp-authority/v2 from 2.0.4 to 2.0.5

Release notes

Sourced from github.com/sigstore/timestamp-authority/v2's releases.

v2.0.5

What's Changed

This release updates the chi middleware to resolve a panic.

Full Changelog: sigstore/timestamp-authority@v2.0.4...v2.0.5

Changelog

Sourced from github.com/sigstore/timestamp-authority/v2's changelog.

v2.0.5

This release updates the chi middleware to resolve a panic.

Bug Fixes

  • Upgrade chi middleware v4 -> v5 (#1307)

Docs

  • Update the semantics of the NTP monitoring so its clear in the README (#1276)
  • docs: note that CRL/OCSP checks are not performed (#1277)

Misc

  • Increase default HTTP idle timeout (#1287)
Commits
  • 992e412 chore(deps): bump goreleaser/goreleaser-action from 6.4.0 to 7.0.0 (#1301)
  • af3b9f0 chore(deps): bump the actions group across 1 directory with 3 updates (#1303)
  • eccfa11 Upgrade chi middleware v4 -> v5 (#1307)
  • 8a7bbc1 chore(deps): bump the gomod group across 1 directory with 3 updates (#1305)
  • 99da763 chore(deps): bump golang from 9edf713 to fb612b7 (#1304)
  • fce9326 chore(deps): bump golang from c83e68f to 9edf713 (#1302)
  • 801ef53 chore(deps): bump filippo.io/edwards25519 from 1.1.0 to 1.1.1 (#1299)
  • 18ed54f chore(deps): bump github/codeql-action in the actions group (#1297)Description has been truncated

@dependabot
Bump the minor-patch group across 2 directories with 10 updates
62273be 
Bumps the minor-patch group with 7 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [github.com/go-openapi/runtime](https://github.com/go-openapi/runtime) | `0.29.2` | `0.29.3` |
| [github.com/google/certificate-transparency-go](https://github.com/google/certificate-transparency-go) | `1.3.2` | `1.3.3` |
| [github.com/sigstore/rekor](https://github.com/sigstore/rekor) | `1.5.0` | `1.5.1` |
| [github.com/sigstore/rekor-tiles/v2](https://github.com/sigstore/rekor-tiles) | `2.2.0` | `2.2.1` |
| [github.com/sigstore/timestamp-authority/v2](https://github.com/sigstore/timestamp-authority) | `2.0.4` | `2.0.5` |
| [golang.org/x/crypto](https://github.com/golang/crypto) | `0.48.0` | `0.49.0` |
| [golang.org/x/mod](https://github.com/golang/mod) | `0.33.0` | `0.34.0` |

Bumps the minor-patch group with 1 update in the /examples/oci-image-verification directory: [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry).


Updates `github.com/go-openapi/runtime` from 0.29.2 to 0.29.3
- [Release notes](https://github.com/go-openapi/runtime/releases)
- [Commits](go-openapi/runtime@v0.29.2...v0.29.3)

Updates `github.com/go-openapi/strfmt` from 0.25.0 to 0.26.0
- [Release notes](https://github.com/go-openapi/strfmt/releases)
- [Commits](go-openapi/strfmt@v0.25.0...v0.26.0)

Updates `github.com/go-openapi/swag/conv` from 0.25.4 to 0.25.5
- [Release notes](https://github.com/go-openapi/swag/releases)
- [Commits](go-openapi/swag@v0.25.4...v0.25.5)

Updates `github.com/google/certificate-transparency-go` from 1.3.2 to 1.3.3
- [Release notes](https://github.com/google/certificate-transparency-go/releases)
- [Changelog](https://github.com/google/certificate-transparency-go/blob/master/CHANGELOG.md)
- [Commits](google/certificate-transparency-go@v1.3.2...v1.3.3)

Updates `github.com/sigstore/rekor` from 1.5.0 to 1.5.1
- [Release notes](https://github.com/sigstore/rekor/releases)
- [Changelog](https://github.com/sigstore/rekor/blob/main/CHANGELOG.md)
- [Commits](sigstore/rekor@v1.5.0...v1.5.1)

Updates `github.com/sigstore/rekor-tiles/v2` from 2.2.0 to 2.2.1
- [Release notes](https://github.com/sigstore/rekor-tiles/releases)
- [Changelog](https://github.com/sigstore/rekor-tiles/blob/main/RELEASE.md)
- [Commits](sigstore/rekor-tiles@v2.2.0...v2.2.1)

Updates `github.com/sigstore/timestamp-authority/v2` from 2.0.4 to 2.0.5
- [Release notes](https://github.com/sigstore/timestamp-authority/releases)
- [Changelog](https://github.com/sigstore/timestamp-authority/blob/main/CHANGELOG.md)
- [Commits](sigstore/timestamp-authority@v2.0.4...v2.0.5)

Updates `golang.org/x/crypto` from 0.48.0 to 0.49.0
- [Commits](golang/crypto@v0.48.0...v0.49.0)

Updates `golang.org/x/mod` from 0.33.0 to 0.34.0
- [Commits](golang/mod@v0.33.0...v0.34.0)

Updates `github.com/google/go-containerregistry` from 0.20.7 to 0.21.2
- [Release notes](https://github.com/google/go-containerregistry/releases)
- [Commits](google/go-containerregistry@v0.20.7...v0.21.2)

---
updated-dependencies:
- dependency-name: github.com/go-openapi/runtime
  dependency-version: 0.29.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-patch
- dependency-name: github.com/go-openapi/strfmt
  dependency-version: 0.26.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-patch
- dependency-name: github.com/go-openapi/swag/conv
  dependency-version: 0.25.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-patch
- dependency-name: github.com/google/certificate-transparency-go
  dependency-version: 1.3.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-patch
- dependency-name: github.com/sigstore/rekor
  dependency-version: 1.5.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-patch
- dependency-name: github.com/sigstore/rekor-tiles/v2
  dependency-version: 2.2.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-patch
- dependency-name: github.com/sigstore/timestamp-authority/v2
  dependency-version: 2.0.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-patch
- dependency-name: golang.org/x/crypto
  dependency-version: 0.49.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-patch
- dependency-name: golang.org/x/mod
  dependency-version: 0.34.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-patch
- dependency-name: github.com/google/go-containerregistry
  dependency-version: 0.21.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Mar 16, 2026
@dependabot dependabot bot requested a review from a team as a code owner March 16, 2026 10:07
@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot bot commented on behalf of github Mar 20, 2026

Looks like these dependencies are updatable in another way, so this is no longer needed.

@dependabot dependabot bot closed this Mar 20, 2026
@dependabot dependabot bot deleted the dependabot/go_modules/minor-patch-de37abdfe5 branch March 20, 2026 14:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file go Pull requests that update Go code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants