Skip to content

chore(deps): bump the all group with 13 updates#1727

Merged
vdemeester merged 1 commit into
release-v0.20.xfrom
dependabot/go_modules/release-v0.20.x/all-a2823006a5
Jun 30, 2026
Merged

chore(deps): bump the all group with 13 updates#1727
vdemeester merged 1 commit into
release-v0.20.xfrom
dependabot/go_modules/release-v0.20.x/all-a2823006a5

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 23, 2026

Copy link
Copy Markdown
Contributor

Bumps the all group with 13 updates:

Package From To
cloud.google.com/go/storage 1.57.1 1.57.2
github.com/google/go-containerregistry 0.20.7 0.20.8
github.com/sigstore/cosign/v2 2.6.2 2.6.3
github.com/sigstore/sigstore 1.10.3 1.10.8
github.com/sigstore/sigstore/pkg/signature/kms/aws 1.10.3 1.10.8
github.com/sigstore/sigstore/pkg/signature/kms/azure 1.10.3 1.10.8
github.com/sigstore/sigstore/pkg/signature/kms/gcp 1.10.3 1.10.8
github.com/sigstore/sigstore/pkg/signature/kms/hashivault 1.10.3 1.10.8
github.com/tektoncd/pipeline 0.56.0 0.56.9
k8s.io/api 0.34.1 0.34.9
k8s.io/apimachinery 0.34.1 0.34.9
k8s.io/client-go 0.34.1 0.34.9
k8s.io/code-generator 0.26.5 0.26.15

Updates cloud.google.com/go/storage from 1.57.1 to 1.57.2

Commits
  • 54f5f63 chore: librarian release pull request: 20251114T145800Z (#13361)
  • 315f65b fix(spanner): decoding spanner rows using SelectAll should map values in corr...
  • d1224e8 test(spanner): additional tests for SelectAll() (#13360)
  • b9196cf feat: Add grpc.xds.resource_type label to xDS client metrics (#13358)
  • b0f1362 fix(storage): Handle redirect on takeover. (#13354)
  • 5574f5b chore: librarian update image pull request: 20251113T211851Z (#13355)
  • 3fef58b chore(internal/librariangen): bump gapic-generator-go to 0.55.1 (#13352)
  • e978a68 chore: update the go version in renovate.json (#13348)
  • 29b6c97 chore: librarian update image pull request: 20251112T170525Z (#13346)
  • 1f4da37 chore(internal/librariangen): bump gapic-generator-go to 0.55.0 (#13345)
  • Additional commits viewable in compare view

Updates github.com/google/go-containerregistry from 0.20.7 to 0.20.8

Commits

Updates github.com/sigstore/cosign/v2 from 2.6.2 to 2.6.3

Release notes

Sourced from github.com/sigstore/cosign/v2's releases.

v2.6.3

Changelog

v2.6.3 resolves GHSA-w6c6-c85g-mmv6.

  • fecddd3c22045a39f52392e71e79f66854b41352 Fix DSSE predicate check (#4802)
  • 564c5b1b0bed7bd991910774c47df1150ffb8aa8 Backport bundle detection to sign and attest (#4727)

Thanks to all contributors!

Changelog

Sourced from github.com/sigstore/cosign/v2's changelog.

v3.0.5

Deprecations

  • Deprecate rekor-entry-type flag (#4691)
  • Deprecate cosign triangulate (#4676)
  • Deprecate cosign copy (#4681)

Features

  • Automatically require signed timestamp with Rekor v2 entries (#4666)
  • Allow --local-image with --new-bundle-format for v2 and v3 signatures (#4626)
  • Add mTLS support for TSA client connections when signing with a signing config (#4620)
  • Enforce TSA requirement for Rekor v2, Fuclio signing (#4683)

Bug Fixes

  • Add empty predicate to cosign sign when payload type is application/vnd.in-toto+json (#4635)
  • fix: avoid panic on malformed attestation payload (#4651)
  • fix: avoid panic on malformed tlog entries (#4649)
  • fix: avoid panic on malformed replace payload (#4653)
  • Gracefully fail if bundle payload body is not a string (#4648)
  • Verify validity of chain rather than just certificate (#4663)
  • fix: avoid panic on malformed tlog entry body (#4652)

Documentation

  • docs(cosign): clarify RFC3161 revocation semantics (#4642)
  • Fix typo in CLI help (#4701)

v3.0.4

v3.0.4 resolves GHSA-whqx-f9j3-ch6m.

Changes

  • Fix bundle verify path for old bundle/trusted root (GHSA-whqx-f9j3-ch6m) (#4623)
  • Optimize cosign tree performance by caching digest resolution (#4612)
  • Don't require a trusted root to verify offline with a key (#4613)
  • Support default services for trusted-root and signing-config creation (#4592)
Commits

Updates github.com/sigstore/sigstore from 1.10.3 to 1.10.8

Release notes

Sourced from github.com/sigstore/sigstore's releases.

v1.10.8

What's Changed

Full Changelog: sigstore/sigstore@v1.10.7...v1.10.8

v1.10.7

What's Changed

Full Changelog: sigstore/sigstore@v1.10.6...v1.10.7

v1.10.6

What's Changed

Full Changelog: sigstore/sigstore@v1.10.5...v1.10.6

v1.10.5

What's Changed

Full Changelog: sigstore/sigstore@v1.10.4...v1.10.5

v1.10.4

What's Changed

Full Changelog: sigstore/sigstore@v1.10.3...v1.10.4

Commits
  • c761681 Support standard PKCS#8 encrypted private key decryption (#2333)
  • 005faf9 Extend PEM private key unmarshalling to support legacy format (#2332)
  • e70e4ed add functional options to DSSE to improve memory usage, validation (#2326)
  • 899684d build(deps): Bump github.com/letsencrypt/boulder (#2307)
  • 181dc40 build(deps): Bump golang.org/x/crypto in /pkg/signature/kms/azure (#2308)
  • 2c141a7 build(deps): Bump golangci/golangci-lint-action in the all group (#2328)
  • b6c0214 build(deps): Bump actions/upload-artifact from 6.0.0 to 7.0.1 (#2329)
  • 2ff50c9 build(deps): Bump actions/dependency-review-action from 4.8.3 to 5.0.0 (#2330)
  • d0204c3 build(deps): Bump hashicorp/vault from 1.21.4 to 2.0.1 in /test/e2e (#2331)
  • afdf897 build(deps): Bump google.golang.org/grpc in /pkg/signature/kms/gcp (#2312)
  • Additional commits viewable in compare view

Updates github.com/sigstore/sigstore/pkg/signature/kms/aws from 1.10.3 to 1.10.8

Release notes

Sourced from github.com/sigstore/sigstore/pkg/signature/kms/aws's releases.

v1.10.8

What's Changed

Full Changelog: sigstore/sigstore@v1.10.7...v1.10.8

v1.10.7

What's Changed

Full Changelog: sigstore/sigstore@v1.10.6...v1.10.7

v1.10.6

What's Changed

Full Changelog: sigstore/sigstore@v1.10.5...v1.10.6

v1.10.5

What's Changed

Full Changelog: sigstore/sigstore@v1.10.4...v1.10.5

v1.10.4

What's Changed

Full Changelog: sigstore/sigstore@v1.10.3...v1.10.4

Commits
  • c761681 Support standard PKCS#8 encrypted private key decryption (#2333)
  • 005faf9 Extend PEM private key unmarshalling to support legacy format (#2332)
  • e70e4ed add functional options to DSSE to improve memory usage, validation (#2326)
  • 899684d build(deps): Bump github.com/letsencrypt/boulder (#2307)
  • 181dc40 build(deps): Bump golang.org/x/crypto in /pkg/signature/kms/azure (#2308)
  • 2c141a7 build(deps): Bump golangci/golangci-lint-action in the all group (#2328)
  • b6c0214 build(deps): Bump actions/upload-artifact from 6.0.0 to 7.0.1 (#2329)
  • 2ff50c9 build(deps): Bump actions/dependency-review-action from 4.8.3 to 5.0.0 (#2330)
  • d0204c3 build(deps): Bump hashicorp/vault from 1.21.4 to 2.0.1 in /test/e2e (#2331)
  • afdf897 build(deps): Bump google.golang.org/grpc in /pkg/signature/kms/gcp (#2312)
  • Additional commits viewable in compare view

Updates github.com/sigstore/sigstore/pkg/signature/kms/azure from 1.10.3 to 1.10.8

Release notes

Sourced from github.com/sigstore/sigstore/pkg/signature/kms/azure's releases.

v1.10.8

What's Changed

Full Changelog: sigstore/sigstore@v1.10.7...v1.10.8

v1.10.7

What's Changed

Full Changelog: sigstore/sigstore@v1.10.6...v1.10.7

v1.10.6

What's Changed

Full Changelog: sigstore/sigstore@v1.10.5...v1.10.6

v1.10.5

What's Changed

Full Changelog: sigstore/sigstore@v1.10.4...v1.10.5

v1.10.4

What's Changed

Full Changelog: sigstore/sigstore@v1.10.3...v1.10.4

Commits
  • c761681 Support standard PKCS#8 encrypted private key decryption (#2333)
  • 005faf9 Extend PEM private key unmarshalling to support legacy format (#2332)
  • e70e4ed add functional options to DSSE to improve memory usage, validation (#2326)
  • 899684d build(deps): Bump github.com/letsencrypt/boulder (#2307)
  • 181dc40 build(deps): Bump golang.org/x/crypto in /pkg/signature/kms/azure (#2308)
  • 2c141a7 build(deps): Bump golangci/golangci-lint-action in the all group (#2328)
  • b6c0214 build(deps): Bump actions/upload-artifact from 6.0.0 to 7.0.1 (#2329)
  • 2ff50c9 build(deps): Bump actions/dependency-review-action from 4.8.3 to 5.0.0 (#2330)
  • d0204c3 build(deps): Bump hashicorp/vault from 1.21.4 to 2.0.1 in /test/e2e (#2331)
  • afdf897 build(deps): Bump google.golang.org/grpc in /pkg/signature/kms/gcp (#2312)
  • Additional commits viewable in compare view

Updates github.com/sigstore/sigstore/pkg/signature/kms/gcp from 1.10.3 to 1.10.8

Release notes

Sourced from github.com/sigstore/sigstore/pkg/signature/kms/gcp's releases.

v1.10.8

What's Changed

Full Changelog: sigstore/sigstore@v1.10.7...v1.10.8

v1.10.7

What's Changed

Full Changelog: sigstore/sigstore@v1.10.6...v1.10.7

v1.10.6

What's Changed

Full Changelog: sigstore/sigstore@v1.10.5...v1.10.6

v1.10.5

What's Changed

Full Changelog: sigstore/sigstore@v1.10.4...v1.10.5

v1.10.4

What's Changed

Full Changelog: sigstore/sigstore@v1.10.3...v1.10.4

Commits
  • c761681 Support standard PKCS#8 encrypted private key decryption (#2333)
  • 005faf9 Extend PEM private key unmarshalling to support legacy format (#2332)
  • e70e4ed add functional options to DSSE to improve memory usage, validation (#2326)
  • 899684d build(deps): Bump github.com/letsencrypt/boulder (#2307)
  • 181dc40 build(deps): Bump golang.org/x/crypto in /pkg/signature/kms/azure (#2308)
  • 2c141a7 build(deps): Bump golangci/golangci-lint-action in the all group (#2328)
  • b6c0214 build(deps): Bump actions/upload-artifact from 6.0.0 to 7.0.1 (#2329)
  • 2ff50c9 build(deps): Bump actions/dependency-review-action from 4.8.3 to 5.0.0 (#2330)
  • d0204c3 build(deps): Bump hashicorp/vault from 1.21.4 to 2.0.1 in /test/e2e (#2331)
  • afdf897 build(deps): Bump google.golang.org/grpc in /pkg/signature/kms/gcp (#2312)
  • Additional commits viewable in compare view

Updates github.com/sigstore/sigstore/pkg/signature/kms/hashivault from 1.10.3 to 1.10.8

Release notes

Sourced from github.com/sigstore/sigstore/pkg/signature/kms/hashivault's releases.

v1.10.8

What's Changed

Full Changelog: sigstore/sigstore@v1.10.7...v1.10.8

v1.10.7

What's Changed

Full Changelog: sigstore/sigstore@v1.10.6...v1.10.7

v1.10.6

What's Changed

Full Changelog: sigstore/sigstore@v1.10.5...v1.10.6

v1.10.5

What's Changed

Full Changelog: sigstore/sigstore@v1.10.4...v1.10.5

v1.10.4

What's Changed

Full Changelog: sigstore/sigstore@v1.10.3...v1.10.4

Commits
  • c761681 Support standard PKCS#8 encrypted private key decryption (#2333)
  • 005faf9 Extend PEM private key unmarshalling to support legacy format (#2332)
  • e70e4ed add functional options to DSSE to improve memory usage, validation (#2326)
  • 899684d build(deps): Bump github.com/letsencrypt/boulder (#2307)
  • 181dc40 build(deps): Bump golang.org/x/crypto in /pkg/signature/kms/azure (#2308)
  • 2c141a7 build(deps): Bump golangci/golangci-lint-action in the all group (#2328)
  • b6c0214 build(deps): Bump actions/upload-artifact from 6.0.0 to 7.0.1 (#2329)
  • 2ff50c9 build(deps): Bump actions/dependency-review-action from 4.8.3 to 5.0.0 (#2330)
  • d0204c3 build(deps): Bump hashicorp/vault from 1.21.4 to 2.0.1 in /test/e2e (#2331)
  • afdf897 build(deps): Bump google.golang.org/grpc in /pkg/signature/kms/gcp (#2312)
  • Additional commits viewable in compare view

Updates github.com/tektoncd/pipeline from 0.56.0 to 0.56.9

Release notes

Sourced from github.com/tektoncd/pipeline's releases.

Tekton Pipeline release v0.56.9 "Persian Terminator"

-Docs @ v0.56.9 -Examples @ v0.56.9

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.56.9/release.yaml

Attestation

The Rekor UUID for this release is 108e9186e8c5677ab4262cd1303dc779dd2b6103fa7a05fb29fc2d5304a747c0ed41061c23d8302b

Obtain the attestation:

REKOR_UUID=108e9186e8c5677ab4262cd1303dc779dd2b6103fa7a05fb29fc2d5304a747c0ed41061c23d8302b
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.56.9/release.yaml
REKOR_UUID=108e9186e8c5677ab4262cd1303dc779dd2b6103fa7a05fb29fc2d5304a747c0ed41061c23d8302b
Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.56.9@sha256:" + .digest.sha256')
Download the release file
curl "$RELEASE_FILE" > release.yaml
For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

... (truncated)

Commits
  • 2b7eeec Fix number of completed and failed task in case of ValidationFailed
  • 95e7a4e Remove permanent error and improve skip logic
  • c418e52 Exit reconcilation and markfailed if finally is not present
  • effd78f Resolve review comments 1
  • 52b25ed Run finally pipeline even if task is failed at the validation
  • 3380e34 Backport release "scripts" changes from main…
  • f63fb0e Fix isolated workspaces ignored when using StepTemplate
  • 01616c1 Mark steps as deleted when TaskRun fails
  • d2b057d pkg/taskrunmetrics/fake shouldn't be imported…
  • 064bafc Refine check if the result is from a matrix task
  • Additional commits viewable in compare view

Updates k8s.io/api from 0.34.1 to 0.34.9

Commits
  • 65439ae Update dependencies to v0.34.9 tag
  • ad42a1f Merge pull request #138357 from dims/update-moby-spdystream-v0.5.1-1.34
  • f7287d9 Merge pull request #138349 from dashpole/update_prop_34
  • 39fcc47 Update github.com/moby/spdystream from v0.5.0 to v0.5.1
  • dfcdfcd update go.opentelemetry.io/otel to v1.41.0
  • See full diff in compare view

Updates k8s.io/apimachinery from 0.34.1 to 0.34.9

Commits
  • 454f531 Merge pull request #138357 from dims/update-moby-spdystream-v0.5.1-1.34
  • e44e450 Merge pull request #138349 from dashpole/update_prop_34
  • e2c5a26 Update github.com/moby/spdystream from v0.5.0 to v0.5.1
  • 03b02ab update go.opentelemetry.io/otel to v1.41.0
  • See full diff in compare view

Updates k8s.io/client-go from 0.34.1 to 0.34.9

Commits
  • 1976477 Update dependencies to v0.34.9 tag
  • e4156f3 Merge pull request #138357 from dims/update-moby-spdystream-v0.5.1-1.34
  • e7de3f2 Merge pull request #138349 from dashpole/update_prop_34
  • 32b5239 Update github.com/moby/spdystream from v0.5.0 to v0.5.1
  • 3f8d3ef update go.opentelemetry.io/otel to v1.41.0
  • 3a88ce1 Merge pull request #135716p0lyn0mial/automated-cherry-pick-of-#135591
  • c80976c downgrade reflector watchlist fallback log to V(4)
  • ab04e77 Merge pull request #135592serathius/automated-cherry-pick-of-#135580
  • 25da701 Use transformer in consistency checker
  • 0c76ee5 Add unit tests for Data Consistency Detector
  • Additional commits viewable in compare view

Updates k8s.io/code-generator from 0.26.5 to 0.26.15

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the all group with 13 updates:

| Package | From | To |
| --- | --- | --- |
| [cloud.google.com/go/storage](https://github.com/googleapis/google-cloud-go) | `1.57.1` | `1.57.2` |
| [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry) | `0.20.7` | `0.20.8` |
| [github.com/sigstore/cosign/v2](https://github.com/sigstore/cosign) | `2.6.2` | `2.6.3` |
| [github.com/sigstore/sigstore](https://github.com/sigstore/sigstore) | `1.10.3` | `1.10.8` |
| [github.com/sigstore/sigstore/pkg/signature/kms/aws](https://github.com/sigstore/sigstore) | `1.10.3` | `1.10.8` |
| [github.com/sigstore/sigstore/pkg/signature/kms/azure](https://github.com/sigstore/sigstore) | `1.10.3` | `1.10.8` |
| [github.com/sigstore/sigstore/pkg/signature/kms/gcp](https://github.com/sigstore/sigstore) | `1.10.3` | `1.10.8` |
| [github.com/sigstore/sigstore/pkg/signature/kms/hashivault](https://github.com/sigstore/sigstore) | `1.10.3` | `1.10.8` |
| [github.com/tektoncd/pipeline](https://github.com/tektoncd/pipeline) | `0.56.0` | `0.56.9` |
| [k8s.io/api](https://github.com/kubernetes/api) | `0.34.1` | `0.34.9` |
| [k8s.io/apimachinery](https://github.com/kubernetes/apimachinery) | `0.34.1` | `0.34.9` |
| [k8s.io/client-go](https://github.com/kubernetes/client-go) | `0.34.1` | `0.34.9` |
| [k8s.io/code-generator](https://github.com/kubernetes/code-generator) | `0.26.5` | `0.26.15` |


Updates `cloud.google.com/go/storage` from 1.57.1 to 1.57.2
- [Release notes](https://github.com/googleapis/google-cloud-go/releases)
- [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/CHANGES.md)
- [Commits](googleapis/google-cloud-go@storage/v1.57.1...storage/v1.57.2)

Updates `github.com/google/go-containerregistry` from 0.20.7 to 0.20.8
- [Release notes](https://github.com/google/go-containerregistry/releases)
- [Commits](google/go-containerregistry@v0.20.7...v0.20.8)

Updates `github.com/sigstore/cosign/v2` from 2.6.2 to 2.6.3
- [Release notes](https://github.com/sigstore/cosign/releases)
- [Changelog](https://github.com/sigstore/cosign/blob/main/CHANGELOG.md)
- [Commits](sigstore/cosign@v2.6.2...v2.6.3)

Updates `github.com/sigstore/sigstore` from 1.10.3 to 1.10.8
- [Release notes](https://github.com/sigstore/sigstore/releases)
- [Commits](sigstore/sigstore@v1.10.3...v1.10.8)

Updates `github.com/sigstore/sigstore/pkg/signature/kms/aws` from 1.10.3 to 1.10.8
- [Release notes](https://github.com/sigstore/sigstore/releases)
- [Commits](sigstore/sigstore@v1.10.3...v1.10.8)

Updates `github.com/sigstore/sigstore/pkg/signature/kms/azure` from 1.10.3 to 1.10.8
- [Release notes](https://github.com/sigstore/sigstore/releases)
- [Commits](sigstore/sigstore@v1.10.3...v1.10.8)

Updates `github.com/sigstore/sigstore/pkg/signature/kms/gcp` from 1.10.3 to 1.10.8
- [Release notes](https://github.com/sigstore/sigstore/releases)
- [Commits](sigstore/sigstore@v1.10.3...v1.10.8)

Updates `github.com/sigstore/sigstore/pkg/signature/kms/hashivault` from 1.10.3 to 1.10.8
- [Release notes](https://github.com/sigstore/sigstore/releases)
- [Commits](sigstore/sigstore@v1.10.3...v1.10.8)

Updates `github.com/tektoncd/pipeline` from 0.56.0 to 0.56.9
- [Release notes](https://github.com/tektoncd/pipeline/releases)
- [Changelog](https://github.com/tektoncd/pipeline/blob/main/releases.md)
- [Commits](tektoncd/pipeline@v0.56.0...v0.56.9)

Updates `k8s.io/api` from 0.34.1 to 0.34.9
- [Commits](kubernetes/api@v0.34.1...v0.34.9)

Updates `k8s.io/apimachinery` from 0.34.1 to 0.34.9
- [Commits](kubernetes/apimachinery@v0.34.1...v0.34.9)

Updates `k8s.io/client-go` from 0.34.1 to 0.34.9
- [Changelog](https://github.com/kubernetes/client-go/blob/master/CHANGELOG.md)
- [Commits](kubernetes/client-go@v0.34.1...v0.34.9)

Updates `k8s.io/code-generator` from 0.26.5 to 0.26.15
- [Commits](kubernetes/code-generator@v0.26.5...v0.26.15)

---
updated-dependencies:
- dependency-name: cloud.google.com/go/storage
  dependency-version: 1.57.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: github.com/google/go-containerregistry
  dependency-version: 0.20.8
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: github.com/sigstore/cosign/v2
  dependency-version: 2.6.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: github.com/sigstore/sigstore
  dependency-version: 1.10.8
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/aws
  dependency-version: 1.10.8
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/azure
  dependency-version: 1.10.8
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/gcp
  dependency-version: 1.10.8
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/hashivault
  dependency-version: 1.10.8
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: github.com/tektoncd/pipeline
  dependency-version: 0.56.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: k8s.io/api
  dependency-version: 0.34.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: k8s.io/apimachinery
  dependency-version: 0.34.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: k8s.io/client-go
  dependency-version: 0.34.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: k8s.io/code-generator
  dependency-version: 0.26.15
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Used by dependabot - identifies all PRs created by dependabot kind/misc Categorizes issue or PR as a miscellaneuous one. ok-to-test Indicates a non-member PR verified by an org member that is safe to test. release-note-none Denotes a PR that doesnt merit a release note. labels Jun 23, 2026
@tekton-robot tekton-robot requested review from lcarva and wlynch June 23, 2026 07:38
@tekton-robot tekton-robot added the size/L Denotes a PR that changes 100-499 lines, ignoring generated files. label Jun 23, 2026
@anithapriyanatarajan

Copy link
Copy Markdown
Contributor

/lgtm

@tekton-robot tekton-robot added the lgtm Indicates that a PR is ready to be merged. label Jun 23, 2026
@jkhelil

jkhelil commented Jun 24, 2026

Copy link
Copy Markdown
Member

/approve

1 similar comment
@jkhelil

jkhelil commented Jun 29, 2026

Copy link
Copy Markdown
Member

/approve

@tekton-robot

Copy link
Copy Markdown

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: jkhelil
To complete the pull request process, please assign chitrangpatel after the PR has been reviewed.
You can assign the PR to them by writing /assign @chitrangpatel in a comment when ready.

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@jkhelil

jkhelil commented Jun 30, 2026

Copy link
Copy Markdown
Member

@vdemeester Can you merge this please

@vdemeester vdemeester merged commit a337ee4 into release-v0.20.x Jun 30, 2026
8 of 9 checks passed
@vdemeester vdemeester deleted the dependabot/go_modules/release-v0.20.x/all-a2823006a5 branch June 30, 2026 07:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Used by dependabot - identifies all PRs created by dependabot kind/misc Categorizes issue or PR as a miscellaneuous one. lgtm Indicates that a PR is ready to be merged. ok-to-test Indicates a non-member PR verified by an org member that is safe to test. release-note-none Denotes a PR that doesnt merit a release note. size/L Denotes a PR that changes 100-499 lines, ignoring generated files.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

4 participants