Skip to content

chore(deps): bump the all group across 1 directory with 13 updates#1761

Closed
dependabot[bot] wants to merge 1 commit into
release-v0.27.xfrom
dependabot/go_modules/release-v0.27.x/all-a8e4fe4978
Closed

chore(deps): bump the all group across 1 directory with 13 updates#1761
dependabot[bot] wants to merge 1 commit into
release-v0.27.xfrom
dependabot/go_modules/release-v0.27.x/all-a8e4fe4978

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 6, 2026

Copy link
Copy Markdown
Contributor

Bumps the all group with 11 updates in the / directory:

Package From To
cloud.google.com/go/storage 1.62.1 1.62.3
github.com/google/go-containerregistry 0.21.5 0.21.7
github.com/sigstore/sigstore 1.10.6 1.10.8
github.com/sigstore/sigstore/pkg/signature/kms/aws 1.10.6 1.10.8
github.com/sigstore/sigstore/pkg/signature/kms/azure 1.10.6 1.10.8
github.com/sigstore/sigstore/pkg/signature/kms/gcp 1.10.6 1.10.8
github.com/sigstore/sigstore/pkg/signature/kms/hashivault 1.10.6 1.10.8
github.com/tektoncd/pipeline 1.12.0 1.12.2
k8s.io/api 0.36.1 0.36.2
k8s.io/client-go 0.36.1 0.36.2
k8s.io/code-generator 0.36.1 0.36.2

Updates cloud.google.com/go/storage from 1.62.1 to 1.62.3

Release notes

Sourced from cloud.google.com/go/storage's releases.

storage: v1.62.3

v1.62.3 (2026-06-03)

Bug Fixes

  • fix race condition during retries in gRPC writer (#14649) (04b6c635)

  • add server closed idle connection to retriable errors (#14594) (20b37d65)

storage: v1.62.2

v1.62.2 (2026-05-18)

Features

Bug Fixes

  • restore metadata operations timeout in gRPC (#14575) (275ff562)

  • Set default chunkRetryDeadline to 32s in NewWriterFromAppendableObject (#14458) (ec7c7d66)

  • refactor userProject metadata propagation in ListObjects (#14533) (fbb543e3)

Commits
  • 8afd6a0 chore: librarian release pull request: 20260603T093646Z (#14699)
  • 04b6c63 fix(storage): fix race condition during retries in gRPC writer (#14649)
  • 20b37d6 fix(storage): add server closed idle connection to retriable errors (#14594)
  • 50a5755 chore: librarian release pull request: 20260518T161338Z (#14610)
  • 585840f spanner: skip flaky TestIntegration_DbRemovalRecovery (#14607)
  • f8bf88f test(spanner): retry query after database recreation in integration test (#14...
  • 9168ab8 chore(librariangen): tweak release preview test (#14599)
  • f8b9a93 fix(spanner/spannertest): Support UUID as a base data type (#14117)
  • a42fd83 fix(internal/librariange): release preview support (#14588)
  • d944830 fix(datastore): add retries to emulator (#14591)
  • Additional commits viewable in compare view

Updates github.com/google/go-containerregistry from 0.21.5 to 0.21.7

Release notes

Sourced from github.com/google/go-containerregistry's releases.

v0.21.7

What's Changed

New Contributors

Full Changelog: google/go-containerregistry@v0.21.6...v0.21.7

v0.21.6

What's Changed

... (truncated)

Commits
  • c68d899 Bump go version to 1.26.4 (#2350)
  • da61d86 transport: do not re-attach bearer token after cross-host redirect (#2349)
  • 09fe1e5 fix(tarball): normalize paths when matching files (#2334)
  • 5baa399 build(deps): bump the go-deps group across 3 directories with 4 updates (#2348)
  • 97a8a17 fix(transport): apply refreshed bearer token after cross-host redirect (#2337)
  • e963497 internal/gzip: fix goroutine leak in ReadCloserLevel (#2347)
  • 02649ea fix: prevent SSRF in google.List() pagination (#2332)
  • 7204b40 build(deps): bump the actions group across 1 directory with 2 updates (#2344)
  • 4cfaa93 build(deps): bump the go-deps group across 1 directory with 2 updates (#2343)
  • 6849394 pkg/registry: export RedirectError (#2177)
  • Additional commits viewable in compare view

Updates github.com/sigstore/sigstore from 1.10.6 to 1.10.8

Release notes

Sourced from github.com/sigstore/sigstore's releases.

v1.10.8

What's Changed

Full Changelog: sigstore/sigstore@v1.10.7...v1.10.8

v1.10.7

What's Changed

Full Changelog: sigstore/sigstore@v1.10.6...v1.10.7

Commits
  • c761681 Support standard PKCS#8 encrypted private key decryption (#2333)
  • 005faf9 Extend PEM private key unmarshalling to support legacy format (#2332)
  • e70e4ed add functional options to DSSE to improve memory usage, validation (#2326)
  • 899684d build(deps): Bump github.com/letsencrypt/boulder (#2307)
  • 181dc40 build(deps): Bump golang.org/x/crypto in /pkg/signature/kms/azure (#2308)
  • 2c141a7 build(deps): Bump golangci/golangci-lint-action in the all group (#2328)
  • b6c0214 build(deps): Bump actions/upload-artifact from 6.0.0 to 7.0.1 (#2329)
  • 2ff50c9 build(deps): Bump actions/dependency-review-action from 4.8.3 to 5.0.0 (#2330)
  • d0204c3 build(deps): Bump hashicorp/vault from 1.21.4 to 2.0.1 in /test/e2e (#2331)
  • afdf897 build(deps): Bump google.golang.org/grpc in /pkg/signature/kms/gcp (#2312)
  • Additional commits viewable in compare view

Updates github.com/sigstore/sigstore/pkg/signature/kms/aws from 1.10.6 to 1.10.8

Release notes

Sourced from github.com/sigstore/sigstore/pkg/signature/kms/aws's releases.

v1.10.8

What's Changed

Full Changelog: sigstore/sigstore@v1.10.7...v1.10.8

v1.10.7

What's Changed

Full Changelog: sigstore/sigstore@v1.10.6...v1.10.7

Commits
  • c761681 Support standard PKCS#8 encrypted private key decryption (#2333)
  • 005faf9 Extend PEM private key unmarshalling to support legacy format (#2332)
  • e70e4ed add functional options to DSSE to improve memory usage, validation (#2326)
  • 899684d build(deps): Bump github.com/letsencrypt/boulder (#2307)
  • 181dc40 build(deps): Bump golang.org/x/crypto in /pkg/signature/kms/azure (#2308)
  • 2c141a7 build(deps): Bump golangci/golangci-lint-action in the all group (#2328)
  • b6c0214 build(deps): Bump actions/upload-artifact from 6.0.0 to 7.0.1 (#2329)
  • 2ff50c9 build(deps): Bump actions/dependency-review-action from 4.8.3 to 5.0.0 (#2330)
  • d0204c3 build(deps): Bump hashicorp/vault from 1.21.4 to 2.0.1 in /test/e2e (#2331)
  • afdf897 build(deps): Bump google.golang.org/grpc in /pkg/signature/kms/gcp (#2312)
  • Additional commits viewable in compare view

Updates github.com/sigstore/sigstore/pkg/signature/kms/azure from 1.10.6 to 1.10.8

Release notes

Sourced from github.com/sigstore/sigstore/pkg/signature/kms/azure's releases.

v1.10.8

What's Changed

Full Changelog: sigstore/sigstore@v1.10.7...v1.10.8

v1.10.7

What's Changed

Full Changelog: sigstore/sigstore@v1.10.6...v1.10.7

Commits
  • c761681 Support standard PKCS#8 encrypted private key decryption (#2333)
  • 005faf9 Extend PEM private key unmarshalling to support legacy format (#2332)
  • e70e4ed add functional options to DSSE to improve memory usage, validation (#2326)
  • 899684d build(deps): Bump github.com/letsencrypt/boulder (#2307)
  • 181dc40 build(deps): Bump golang.org/x/crypto in /pkg/signature/kms/azure (#2308)
  • 2c141a7 build(deps): Bump golangci/golangci-lint-action in the all group (#2328)
  • b6c0214 build(deps): Bump actions/upload-artifact from 6.0.0 to 7.0.1 (#2329)
  • 2ff50c9 build(deps): Bump actions/dependency-review-action from 4.8.3 to 5.0.0 (#2330)
  • d0204c3 build(deps): Bump hashicorp/vault from 1.21.4 to 2.0.1 in /test/e2e (#2331)
  • afdf897 build(deps): Bump google.golang.org/grpc in /pkg/signature/kms/gcp (#2312)
  • Additional commits viewable in compare view

Updates github.com/sigstore/sigstore/pkg/signature/kms/gcp from 1.10.6 to 1.10.8

Release notes

Sourced from github.com/sigstore/sigstore/pkg/signature/kms/gcp's releases.

v1.10.8

What's Changed

Full Changelog: sigstore/sigstore@v1.10.7...v1.10.8

v1.10.7

What's Changed

Full Changelog: sigstore/sigstore@v1.10.6...v1.10.7

Commits
  • c761681 Support standard PKCS#8 encrypted private key decryption (#2333)
  • 005faf9 Extend PEM private key unmarshalling to support legacy format (#2332)
  • e70e4ed add functional options to DSSE to improve memory usage, validation (#2326)
  • 899684d build(deps): Bump github.com/letsencrypt/boulder (#2307)
  • 181dc40 build(deps): Bump golang.org/x/crypto in /pkg/signature/kms/azure (#2308)
  • 2c141a7 build(deps): Bump golangci/golangci-lint-action in the all group (#2328)
  • b6c0214 build(deps): Bump actions/upload-artifact from 6.0.0 to 7.0.1 (#2329)
  • 2ff50c9 build(deps): Bump actions/dependency-review-action from 4.8.3 to 5.0.0 (#2330)
  • d0204c3 build(deps): Bump hashicorp/vault from 1.21.4 to 2.0.1 in /test/e2e (#2331)
  • afdf897 build(deps): Bump google.golang.org/grpc in /pkg/signature/kms/gcp (#2312)
  • Additional commits viewable in compare view

Updates github.com/sigstore/sigstore/pkg/signature/kms/hashivault from 1.10.6 to 1.10.8

Release notes

Sourced from github.com/sigstore/sigstore/pkg/signature/kms/hashivault's releases.

v1.10.8

What's Changed

Full Changelog: sigstore/sigstore@v1.10.7...v1.10.8

v1.10.7

What's Changed

Full Changelog: sigstore/sigstore@v1.10.6...v1.10.7

Commits
  • c761681 Support standard PKCS#8 encrypted private key decryption (#2333)
  • 005faf9 Extend PEM private key unmarshalling to support legacy format (#2332)
  • e70e4ed add functional options to DSSE to improve memory usage, validation (#2326)
  • 899684d build(deps): Bump github.com/letsencrypt/boulder (#2307)
  • 181dc40 build(deps): Bump golang.org/x/crypto in /pkg/signature/kms/azure (#2308)
  • 2c141a7 build(deps): Bump golangci/golangci-lint-action in the all group (#2328)
  • b6c0214 build(deps): Bump actions/upload-artifact from 6.0.0 to 7.0.1 (#2329)
  • 2ff50c9 build(deps): Bump actions/dependency-review-action from 4.8.3 to 5.0.0 (#2330)
  • d0204c3 build(deps): Bump hashicorp/vault from 1.21.4 to 2.0.1 in /test/e2e (#2331)
  • afdf897 build(deps): Bump google.golang.org/grpc in /pkg/signature/kms/gcp (#2312)
  • Additional commits viewable in compare view

Updates github.com/tektoncd/pipeline from 1.12.0 to 1.12.2

Release notes

Sourced from github.com/tektoncd/pipeline's releases.

Tekton Pipeline release v1.12.2 "Exotic Shorthair Elektrobots LTS"

-Docs @ v1.12.2 -Examples @ v1.12.2

Installation one-liner

kubectl apply -f https://infra.tekton.dev/tekton-releases/pipeline/previous/v1.12.2/release.yaml

Attestation

The Rekor UUID for this release is cb0a4d44223cf8dd164d8eec84c25d204f7a37a023c2d28f1f8dcde79ca3c187

Obtain the attestation:

REKOR_UUID=cb0a4d44223cf8dd164d8eec84c25d204f7a37a023c2d28f1f8dcde79ca3c187
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://infra.tekton.dev/tekton-releases/pipeline/previous/v1.12.2/release.yaml
REKOR_UUID=cb0a4d44223cf8dd164d8eec84c25d204f7a37a023c2d28f1f8dcde79ca3c187
Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v1.12.2@sha256:" + .digest.sha256')
Download the release file
curl -L "$RELEASE_FILE" > release.yaml
For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

... (truncated)

Commits
  • a1fc405 build(deps): bump k8s.io/client-go from 0.35.5 to 0.35.6
  • f6ecc12 build(deps): bump the all group in /tekton with 4 updates
  • 829429b fix(resolvers): Allow ResolutionRequests to resolve all Tekton kinds
  • 2046a4c build(deps): bump the all group in /tekton with 4 updates
  • b8f43ba build(deps): bump chainguard-dev/actions from 1.6.21 to 1.6.22
  • 64ec216 fix: add automated draft release support to release pipeline
  • aedbed0 build(deps): bump github.com/sigstore/sigstore from 1.10.6 to 1.10.8
  • 13e5821 build(deps): bump chainguard-dev/actions from 1.6.19 to 1.6.21
  • 1e0b0e7 build(deps): bump the all group in /tekton with 4 updates
  • 25e1258 build(deps): bump actions/checkout from 6.0.2 to 6.0.3
  • Additional commits viewable in compare view

Updates golang.org/x/crypto from 0.51.0 to 0.53.0

Commits
  • 45460e0 go.mod: update golang.org/x dependencies
  • d37c95e pkcs12: limit PBKDF iteration count to prevent CPU exhaustion
  • e2ffffe ssh: reject incomplete gssapi-with-mic configurations
  • 60e158a ssh/test: isolate CLI tests from user SSH config and agent
  • 1b77d23 ssh/knownhosts: reject lines with multiple or unknown markers
  • 3872a2b ssh/knownhosts: verify declared key type matches decoded key
  • 9f72ecc ssh/knownhosts: treat only ASCII space and tab as whitespace
  • 8f405a4 ssh: validate ECDSA curve matches expected algorithm
  • bb41b3d ssh: improve DH GEX group selection using PreferredBits
  • e04e721 ssh/agent: validate ed25519 private key length in Add
  • Additional commits viewable in compare view

Updates k8s.io/api from 0.36.1 to 0.36.2

Commits

Updates k8s.io/apimachinery from 0.36.1 to 0.36.2

Commits

Updates k8s.io/client-go from 0.36.1 to 0.36.2

Commits

Updates k8s.io/code-generator from 0.36.1 to 0.36.2

Commits

@dependabot dependabot Bot added dependencies Used by dependabot - identifies all PRs created by dependabot kind/misc Categorizes issue or PR as a miscellaneuous one. ok-to-test Indicates a non-member PR verified by an org member that is safe to test. release-note-none Denotes a PR that doesnt merit a release note. labels Jul 6, 2026
@tekton-robot

Copy link
Copy Markdown

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
To complete the pull request process, please assign anithapriyanatarajan after the PR has been reviewed.
You can assign the PR to them by writing /assign @anithapriyanatarajan in a comment when ready.

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@tekton-robot tekton-robot added the size/L Denotes a PR that changes 100-499 lines, ignoring generated files. label Jul 6, 2026
Bumps the all group with 11 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [cloud.google.com/go/storage](https://github.com/googleapis/google-cloud-go) | `1.62.1` | `1.62.3` |
| [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry) | `0.21.5` | `0.21.7` |
| [github.com/sigstore/sigstore](https://github.com/sigstore/sigstore) | `1.10.6` | `1.10.8` |
| [github.com/sigstore/sigstore/pkg/signature/kms/aws](https://github.com/sigstore/sigstore) | `1.10.6` | `1.10.8` |
| [github.com/sigstore/sigstore/pkg/signature/kms/azure](https://github.com/sigstore/sigstore) | `1.10.6` | `1.10.8` |
| [github.com/sigstore/sigstore/pkg/signature/kms/gcp](https://github.com/sigstore/sigstore) | `1.10.6` | `1.10.8` |
| [github.com/sigstore/sigstore/pkg/signature/kms/hashivault](https://github.com/sigstore/sigstore) | `1.10.6` | `1.10.8` |
| [github.com/tektoncd/pipeline](https://github.com/tektoncd/pipeline) | `1.12.0` | `1.12.2` |
| [k8s.io/api](https://github.com/kubernetes/api) | `0.36.1` | `0.36.2` |
| [k8s.io/client-go](https://github.com/kubernetes/client-go) | `0.36.1` | `0.36.2` |
| [k8s.io/code-generator](https://github.com/kubernetes/code-generator) | `0.36.1` | `0.36.2` |



Updates `cloud.google.com/go/storage` from 1.62.1 to 1.62.3
- [Release notes](https://github.com/googleapis/google-cloud-go/releases)
- [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/CHANGES.md)
- [Commits](googleapis/google-cloud-go@storage/v1.62.1...storage/v1.62.3)

Updates `github.com/google/go-containerregistry` from 0.21.5 to 0.21.7
- [Release notes](https://github.com/google/go-containerregistry/releases)
- [Commits](google/go-containerregistry@v0.21.5...v0.21.7)

Updates `github.com/sigstore/sigstore` from 1.10.6 to 1.10.8
- [Release notes](https://github.com/sigstore/sigstore/releases)
- [Commits](sigstore/sigstore@v1.10.6...v1.10.8)

Updates `github.com/sigstore/sigstore/pkg/signature/kms/aws` from 1.10.6 to 1.10.8
- [Release notes](https://github.com/sigstore/sigstore/releases)
- [Commits](sigstore/sigstore@v1.10.6...v1.10.8)

Updates `github.com/sigstore/sigstore/pkg/signature/kms/azure` from 1.10.6 to 1.10.8
- [Release notes](https://github.com/sigstore/sigstore/releases)
- [Commits](sigstore/sigstore@v1.10.6...v1.10.8)

Updates `github.com/sigstore/sigstore/pkg/signature/kms/gcp` from 1.10.6 to 1.10.8
- [Release notes](https://github.com/sigstore/sigstore/releases)
- [Commits](sigstore/sigstore@v1.10.6...v1.10.8)

Updates `github.com/sigstore/sigstore/pkg/signature/kms/hashivault` from 1.10.6 to 1.10.8
- [Release notes](https://github.com/sigstore/sigstore/releases)
- [Commits](sigstore/sigstore@v1.10.6...v1.10.8)

Updates `github.com/tektoncd/pipeline` from 1.12.0 to 1.12.2
- [Release notes](https://github.com/tektoncd/pipeline/releases)
- [Changelog](https://github.com/tektoncd/pipeline/blob/main/releases.md)
- [Commits](tektoncd/pipeline@v1.12.0...v1.12.2)

Updates `golang.org/x/crypto` from 0.51.0 to 0.53.0
- [Commits](golang/crypto@v0.51.0...v0.53.0)

Updates `k8s.io/api` from 0.36.1 to 0.36.2
- [Commits](kubernetes/api@v0.36.1...v0.36.2)

Updates `k8s.io/apimachinery` from 0.36.1 to 0.36.2
- [Commits](kubernetes/apimachinery@v0.36.1...v0.36.2)

Updates `k8s.io/client-go` from 0.36.1 to 0.36.2
- [Changelog](https://github.com/kubernetes/client-go/blob/master/CHANGELOG.md)
- [Commits](kubernetes/client-go@v0.36.1...v0.36.2)

Updates `k8s.io/code-generator` from 0.36.1 to 0.36.2
- [Commits](kubernetes/code-generator@v0.36.1...v0.36.2)

---
updated-dependencies:
- dependency-name: cloud.google.com/go/storage
  dependency-version: 1.62.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: github.com/google/go-containerregistry
  dependency-version: 0.21.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: github.com/sigstore/sigstore
  dependency-version: 1.10.8
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/aws
  dependency-version: 1.10.8
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/azure
  dependency-version: 1.10.8
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/gcp
  dependency-version: 1.10.8
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/hashivault
  dependency-version: 1.10.8
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: github.com/tektoncd/pipeline
  dependency-version: 1.12.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: golang.org/x/crypto
  dependency-version: 0.53.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: k8s.io/api
  dependency-version: 0.36.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: k8s.io/apimachinery
  dependency-version: 0.36.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: k8s.io/client-go
  dependency-version: 0.36.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: k8s.io/code-generator
  dependency-version: 0.36.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot changed the title chore(deps): bump the all group with 13 updates chore(deps): bump the all group across 1 directory with 13 updates Jul 6, 2026
@dependabot dependabot Bot force-pushed the dependabot/go_modules/release-v0.27.x/all-a8e4fe4978 branch from 23f11b8 to ede4eab Compare July 6, 2026 14:18
@dependabot @github

dependabot Bot commented on behalf of github Jul 8, 2026

Copy link
Copy Markdown
Contributor Author

This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests.

To ignore these dependencies, configure ignore rules in dependabot.yml

@dependabot @github

dependabot Bot commented on behalf of github Jul 9, 2026

Copy link
Copy Markdown
Contributor Author

Looks like these dependencies are no longer being updated by Dependabot, so this is no longer needed.

@dependabot dependabot Bot closed this Jul 9, 2026
@dependabot dependabot Bot deleted the dependabot/go_modules/release-v0.27.x/all-a8e4fe4978 branch July 9, 2026 09:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Used by dependabot - identifies all PRs created by dependabot kind/misc Categorizes issue or PR as a miscellaneuous one. ok-to-test Indicates a non-member PR verified by an org member that is safe to test. release-note-none Denotes a PR that doesnt merit a release note. size/L Denotes a PR that changes 100-499 lines, ignoring generated files.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants