Skip to content

chore(deps): bump the all group across 1 directory with 21 updates#1768

Merged
tekton-robot merged 2 commits into
mainfrom
dependabot/go_modules/all-1e7495cff5
Jul 8, 2026
Merged

chore(deps): bump the all group across 1 directory with 21 updates#1768
tekton-robot merged 2 commits into
mainfrom
dependabot/go_modules/all-1e7495cff5

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 7, 2026

Copy link
Copy Markdown
Contributor

Bumps the all group with 13 updates in the / directory:

Package From To
cloud.google.com/go/storage 1.62.1 1.63.0
github.com/google/go-containerregistry 0.21.5 0.21.7
github.com/in-toto/go-witness 0.10.0 0.11.0
github.com/sigstore/sigstore/pkg/signature/kms/aws 1.10.6 1.10.8
github.com/sigstore/sigstore/pkg/signature/kms/azure 1.10.6 1.10.8
github.com/sigstore/sigstore/pkg/signature/kms/gcp 1.10.6 1.10.8
github.com/sigstore/sigstore/pkg/signature/kms/hashivault 1.10.6 1.10.8
github.com/spiffe/go-spiffe/v2 2.6.0 2.8.1
github.com/tektoncd/pipeline 1.12.0 1.14.0
google.golang.org/grpc 1.81.1 1.82.0
k8s.io/api 0.36.1 0.36.2
k8s.io/client-go 0.36.1 0.36.2
k8s.io/code-generator 0.36.1 0.36.2

Updates cloud.google.com/go/storage from 1.62.1 to 1.63.0

Release notes

Sourced from cloud.google.com/go/storage's releases.

compute: v1.63.0

v1.63.0 (2026-05-14)

Features

storage: v1.63.0

1.63.0 (2026-06-25)

Features

  • go: Add full object checksum for negative offsets > size (#20026) (a04d980)
  • storage: Add client feature tracking in HTTP client (#14691) (319cc4c)
  • storage: App Centric Observability (#14685) (c3273bb)
  • storage: Read checksums in gRPC partial reads (#14586) (d29f68a)
  • storage: Support deleteSourceObjects option in object compose (#14704) (0d2d680)
  • Update API sources and regenerate (#14701) (a9b7921)

Bug Fixes

  • storage: Add server closed idle connection to retriable errors (#14594) (a6bd392)
  • storage: Fix race condition during retries in gRPC writer (#14649) (c781a75)

storage: v1.62.3

v1.62.3 (2026-06-03)

Bug Fixes

  • fix race condition during retries in gRPC writer (#14649) (04b6c635)

  • add server closed idle connection to retriable errors (#14594) (20b37d65)

storage: v1.62.2

v1.62.2 (2026-05-18)

Features

Bug Fixes

  • restore metadata operations timeout in gRPC (#14575) (275ff562)

  • Set default chunkRetryDeadline to 32s in NewWriterFromAppendableObject (#14458) (ec7c7d66)

  • refactor userProject metadata propagation in ListObjects (#14533) (fbb543e3)

Commits
  • 033f4fe chore: librarian release pull request: 20260514T191310Z (#14589)
  • bf1c57a chore(agentplatform): Organize the replay tests.
  • d600fbb chore(agentplatform): Mock backend for unit testing
  • ec55a12 test(spanner): retry query after database recreation in integration test (#14...
  • 66574db fix(agentplatform): Set the agentplatform's dedicated user-agent in header.
  • 9072072 fix(pubsub/v2/pstest): make ackIDs unique per delivery (#14554)
  • 9873268 refactor(pubsub/v2): flatten implementation control logic for Ack and ModAck ...
  • b1db39e chore(storage): Fix corner cases in MRD (#14522)
  • df96b2e feat: update API sources and regenerate (#14581)
  • 658faa8 fix(bigquery): handle reset case for table clustering (#14579)
  • Additional commits viewable in compare view

Updates github.com/google/go-containerregistry from 0.21.5 to 0.21.7

Release notes

Sourced from github.com/google/go-containerregistry's releases.

v0.21.7

What's Changed

New Contributors

Full Changelog: google/go-containerregistry@v0.21.6...v0.21.7

v0.21.6

What's Changed

... (truncated)

Commits
  • c68d899 Bump go version to 1.26.4 (#2350)
  • da61d86 transport: do not re-attach bearer token after cross-host redirect (#2349)
  • 09fe1e5 fix(tarball): normalize paths when matching files (#2334)
  • 5baa399 build(deps): bump the go-deps group across 3 directories with 4 updates (#2348)
  • 97a8a17 fix(transport): apply refreshed bearer token after cross-host redirect (#2337)
  • e963497 internal/gzip: fix goroutine leak in ReadCloserLevel (#2347)
  • 02649ea fix: prevent SSRF in google.List() pagination (#2332)
  • 7204b40 build(deps): bump the actions group across 1 directory with 2 updates (#2344)
  • 4cfaa93 build(deps): bump the go-deps group across 1 directory with 2 updates (#2343)
  • 6849394 pkg/registry: export RedirectError (#2177)
  • Additional commits viewable in compare view

Updates github.com/in-toto/go-witness from 0.10.0 to 0.11.0

Commits
  • 8d09cb4 fix(ci): add write permissions to release workflow to allow attestation creat...
  • 711119b fix(ci): save attestations and upload to workflow run instead of sending to a...
  • 93a9da1 chore: bump github.com/aws/aws-sdk-go-v2/config from 1.32.22 to 1.32.25 (#751)
  • d0c1e71 chore: bump github/codeql-action from 4.36.1 to 4.36.2 (#749)
  • 46ce9c9 chore: bump go.step.sm/crypto from 0.81.0 to 0.81.1 (#752)
  • e34241b chore: bump github.com/aws/aws-sdk-go-v2/feature/ec2/imds from 1.18.27 to 1.1...
  • 5183a28 chore: bump github.com/sigstore/sigstore from 1.10.6 to 1.10.8 (#754)
  • ff4d56c Add networktrace attestor with support for invisible TCP proxy (#629)
  • a7a9708 chore: bump github.com/aws/aws-sdk-go-v2/service/codebuild from 1.68.14 to 1....
  • 35150c3 chore: bump github/codeql-action from 4.36.0 to 4.36.1 (#744)
  • Additional commits viewable in compare view

Updates github.com/sigstore/sigstore from 1.10.6 to 1.10.8

Release notes

Sourced from github.com/sigstore/sigstore's releases.

v1.10.8

What's Changed

Full Changelog: sigstore/sigstore@v1.10.7...v1.10.8

v1.10.7

What's Changed

Full Changelog: sigstore/sigstore@v1.10.6...v1.10.7

Commits
  • c761681 Support standard PKCS#8 encrypted private key decryption (#2333)
  • 005faf9 Extend PEM private key unmarshalling to support legacy format (#2332)
  • e70e4ed add functional options to DSSE to improve memory usage, validation (#2326)
  • 899684d build(deps): Bump github.com/letsencrypt/boulder (#2307)
  • 181dc40 build(deps): Bump golang.org/x/crypto in /pkg/signature/kms/azure (#2308)
  • 2c141a7 build(deps): Bump golangci/golangci-lint-action in the all group (#2328)
  • b6c0214 build(deps): Bump actions/upload-artifact from 6.0.0 to 7.0.1 (#2329)
  • 2ff50c9 build(deps): Bump actions/dependency-review-action from 4.8.3 to 5.0.0 (#2330)
  • d0204c3 build(deps): Bump hashicorp/vault from 1.21.4 to 2.0.1 in /test/e2e (#2331)
  • afdf897 build(deps): Bump google.golang.org/grpc in /pkg/signature/kms/gcp (#2312)
  • Additional commits viewable in compare view

Updates github.com/sigstore/sigstore/pkg/signature/kms/aws from 1.10.6 to 1.10.8

Release notes

Sourced from github.com/sigstore/sigstore/pkg/signature/kms/aws's releases.

v1.10.8

What's Changed

Full Changelog: sigstore/sigstore@v1.10.7...v1.10.8

v1.10.7

What's Changed

Full Changelog: sigstore/sigstore@v1.10.6...v1.10.7

Commits
  • c761681 Support standard PKCS#8 encrypted private key decryption (#2333)
  • 005faf9 Extend PEM private key unmarshalling to support legacy format (#2332)
  • e70e4ed add functional options to DSSE to improve memory usage, validation (#2326)
  • 899684d build(deps): Bump github.com/letsencrypt/boulder (#2307)
  • 181dc40 build(deps): Bump golang.org/x/crypto in /pkg/signature/kms/azure (#2308)
  • 2c141a7 build(deps): Bump golangci/golangci-lint-action in the all group (#2328)
  • b6c0214 build(deps): Bump actions/upload-artifact from 6.0.0 to 7.0.1 (#2329)
  • 2ff50c9 build(deps): Bump actions/dependency-review-action from 4.8.3 to 5.0.0 (#2330)
  • d0204c3 build(deps): Bump hashicorp/vault from 1.21.4 to 2.0.1 in /test/e2e (#2331)
  • afdf897 build(deps): Bump google.golang.org/grpc in /pkg/signature/kms/gcp (#2312)
  • Additional commits viewable in compare view

Updates github.com/sigstore/sigstore/pkg/signature/kms/azure from 1.10.6 to 1.10.8

Release notes

Sourced from github.com/sigstore/sigstore/pkg/signature/kms/azure's releases.

v1.10.8

What's Changed

Full Changelog: sigstore/sigstore@v1.10.7...v1.10.8

v1.10.7

What's Changed

Full Changelog: sigstore/sigstore@v1.10.6...v1.10.7

Commits
  • c761681 Support standard PKCS#8 encrypted private key decryption (#2333)
  • 005faf9 Extend PEM private key unmarshalling to support legacy format (#2332)
  • e70e4ed add functional options to DSSE to improve memory usage, validation (#2326)
  • 899684d build(deps): Bump github.com/letsencrypt/boulder (#2307)
  • 181dc40 build(deps): Bump golang.org/x/crypto in /pkg/signature/kms/azure (#2308)
  • 2c141a7 build(deps): Bump golangci/golangci-lint-action in the all group (#2328)
  • b6c0214 build(deps): Bump actions/upload-artifact from 6.0.0 to 7.0.1 (#2329)
  • 2ff50c9 build(deps): Bump actions/dependency-review-action from 4.8.3 to 5.0.0 (#2330)
  • d0204c3 build(deps): Bump hashicorp/vault from 1.21.4 to 2.0.1 in /test/e2e (#2331)
  • afdf897 build(deps): Bump google.golang.org/grpc in /pkg/signature/kms/gcp (#2312)
  • Additional commits viewable in compare view

Updates github.com/sigstore/sigstore/pkg/signature/kms/gcp from 1.10.6 to 1.10.8

Release notes

Sourced from github.com/sigstore/sigstore/pkg/signature/kms/gcp's releases.

v1.10.8

What's Changed

Full Changelog: sigstore/sigstore@v1.10.7...v1.10.8

v1.10.7

What's Changed

Full Changelog: sigstore/sigstore@v1.10.6...v1.10.7

Commits
  • c761681 Support standard PKCS#8 encrypted private key decryption (#2333)
  • 005faf9 Extend PEM private key unmarshalling to support legacy format (#2332)
  • e70e4ed add functional options to DSSE to improve memory usage, validation (#2326)
  • 899684d build(deps): Bump github.com/letsencrypt/boulder (#2307)
  • 181dc40 build(deps): Bump golang.org/x/crypto in /pkg/signature/kms/azure (#2308)
  • 2c141a7 build(deps): Bump golangci/golangci-lint-action in the all group (#2328)
  • b6c0214 build(deps): Bump actions/upload-artifact from 6.0.0 to 7.0.1 (#2329)
  • 2ff50c9 build(deps): Bump actions/dependency-review-action from 4.8.3 to 5.0.0 (#2330)
  • d0204c3 build(deps): Bump hashicorp/vault from 1.21.4 to 2.0.1 in /test/e2e (#2331)
  • afdf897 build(deps): Bump google.golang.org/grpc in /pkg/signature/kms/gcp (#2312)
  • Additional commits viewable in compare view

Updates github.com/sigstore/sigstore/pkg/signature/kms/hashivault from 1.10.6 to 1.10.8

Release notes

Sourced from github.com/sigstore/sigstore/pkg/signature/kms/hashivault's releases.

v1.10.8

What's Changed

Full Changelog: sigstore/sigstore@v1.10.7...v1.10.8

v1.10.7

What's Changed

Full Changelog: sigstore/sigstore@v1.10.6...v1.10.7

Commits
  • c761681 Support standard PKCS#8 encrypted private key decryption (#2333)
  • 005faf9 Extend PEM private key unmarshalling to support legacy format (#2332)
  • e70e4ed add functional options to DSSE to improve memory usage, validation (#2326)
  • 899684d build(deps): Bump github.com/letsencrypt/boulder (#2307)
  • 181dc40 build(deps): Bump golang.org/x/crypto in /pkg/signature/kms/azure (#2308)
  • 2c141a7 build(deps): Bump golangci/golangci-lint-action in the all group (#2328)
  • b6c0214 build(deps): Bump actions/upload-artifact from 6.0.0 to 7.0.1 (#2329)
  • 2ff50c9 build(deps): Bump actions/dependency-review-action from 4.8.3 to 5.0.0 (#2330)
  • d0204c3 build(deps): Bump hashicorp/vault from 1.21.4 to 2.0.1 in /test/e2e (#2331)
  • afdf897 build(deps): Bump google.golang.org/grpc in /pkg/signature/kms/gcp (#2312)
  • Additional commits viewable in compare view

Updates github.com/spiffe/go-spiffe/v2 from 2.6.0 to 2.8.1

Release notes

Sourced from github.com/spiffe/go-spiffe/v2's releases.

v2.8.1

Changed

  • WIT bundle JWKS entries now include "use": "wit-svid" as required by the SPIFFE WIT spec (#395)

v2.8.0

Added

  • Experimental SPIFFE Broker API protobuf definitions in the new exp/proto/spiffe/broker package (#388)

v2.7.0

Added

  • Experimental support for WIT-SVIDs, including the new exp/svid/witsvid and exp/bundle/witbundle packages and Workload API client support for fetching and watching WIT-SVIDs and WIT bundles (#385, #391)

Changed

  • X509-SVID verification now rejects leaf certificates with a SPIFFE ID that has a root path (#375)
  • Other dependency updates.
Changelog

Sourced from github.com/spiffe/go-spiffe/v2's changelog.

[2.8.1] - 2026-06-19

Changed

  • WIT bundle JWKS entries now include "use": "wit-svid" as required by the SPIFFE WIT spec (#395)

[2.8.0] - 2026-06-16

Added

  • Experimental SPIFFE Broker API protobuf definitions in the new exp/proto/spiffe/broker package (#388)

[2.7.0] - 2026-06-03

Added

  • Experimental support for WIT-SVIDs, including the new exp/svid/witsvid and exp/bundle/witbundle packages and Workload API client support for fetching and watching WIT-SVIDs and WIT bundles (#385, #391)

Changed

  • X509-SVID verification now rejects leaf certificates with a SPIFFE ID that has a root path (#375)
  • Other dependency updates.
Commits

Updates github.com/tektoncd/pipeline from 1.12.0 to 1.14.0

Release notes

Sourced from github.com/tektoncd/pipeline's releases.

Tekton Pipeline release v1.14.0 "Chartreux Cait Sith"

🎉 🐱 Pipelines in Pipelines by ref, leaner controllers & sturdier reconcilers 🤖 🎉

Installation one-liner

kubectl apply -f https://infra.tekton.dev/tekton-releases/pipeline/previous/v1.14.0/release.yaml

Attestation

The Rekor UUID for this release is 108e9186e8c5677aa9d0ba4d268af76a6ffef1ad43d8ad6966ceef7663859284b3163eddafaa94ab

Obtain the attestation:

REKOR_UUID=108e9186e8c5677aa9d0ba4d268af76a6ffef1ad43d8ad6966ceef7663859284b3163eddafaa94ab
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://infra.tekton.dev/tekton-releases/pipeline/previous/v1.14.0/release.yaml
REKOR_UUID=108e9186e8c5677aa9d0ba4d268af76a6ffef1ad43d8ad6966ceef7663859284b3163eddafaa94ab
Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v1.14.0@sha256:" + .digest.sha256')
Download the release file
curl -L "$RELEASE_FILE" > release.yaml
For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

  • ✨ feat(tracing): record errors on TaskRun createPod and update spans (#10273)

Errors creating a Pod or updating a TaskRun are now recorded on the TaskRun reconciler trace spans, so failures are visible in distributed traces.

... (truncated)

Changelog

Sourced from github.com/tektoncd/pipeline's changelog.

Tekton Pipeline Releases

Release Frequency

Tekton Pipelines follows the Tekton community [release policy][release-policy] as follows:

  • Versions are numbered according to semantic versioning: vX.Y.Z
  • A new release is produced on a monthly basis
  • Four releases a year are chosen for long term support (LTS). All remaining releases are supported for approximately 1 month (until the next release is produced)
    • LTS releases take place in January, April, July and October every year
    • The first Tekton Pipelines LTS release will be v0.41.0 in October 2022
    • Releases happen towards the middle of the month, between the 13th and the 20th, depending on week-ends and readiness

Tekton Pipelines produces nightly builds, publicly available on gcr.io/tekton-nightly.

Transition Process

Before release v0.41 Tekton Pipelines has worked on the basis of an undocumented support period of four months, which will be maintained for the releases between v0.37 and v0.40.

Release Process

Tekton Pipeline releases are made of YAML manifests and container images. Manifests are published to cloud object-storage as well as [GitHub][tekton-pipeline-releases]. Container images are signed by [Sigstore][sigstore] via [Tekton Chains][tekton-chains]; signatures can be verified through the [public key][chains-public-key] hosted by the Tekton Chains project.

Further documentation available:

  • The Tekton Pipeline [release process][tekton-releases-docs]
  • [Installing Tekton][tekton-installation]
  • Standard for [release notes][release-notes-standards]

Release

v1.14

  • Latest Release: [v1.14.0][v1.14-0] (2026-06-30) ([docs][v1.14-0-docs], [examples][v1.14-0-examples])
  • Initial Release: [v1.14.0][v1.14-0] (2026-06-30)
  • End of Life: 2026-07-30
  • Patch Releases: [v1.14.0][v1.14-0]

v1.12 (LTS)

... (truncated)

Commits
  • 8afd0f7 Fix race condition in TestStepTimeout
  • 29270cd build(deps): bump github.com/spiffe/go-spiffe/v2 from 2.7.0 to 2.8.1
  • 4bd5a94 feat(tracing): record errors on TaskRun createPod and update spans
  • 8462269 Add namespace attribute to cancel/timeout child spans
  • 88f102f feat(tracing): add spans to PipelineRun cancel and timeout paths
  • 4a8636c fix(taskrun): prevent concurrent map writes when resolving StepAction refs
  • fcd1e0c ci: pin ko to v0.18.1 to avoid v0.19.0 regressions
  • a538445 fix: replace kodata LICENSE symlinks with actual files
  • 9f71682 chore(docs): fix "pipeline" typo in examples
  • e8f857c build(deps): bump chainguard-dev/actions/setup-kind
  • Additional commits viewable in compare view

Updates go.opentelemetry.io/otel from 1.43.0 to 1.44.0

Changelog

Sourced from go.opentelemetry.io/otel's changelog.

[1.44.0/0.66.0/0.20.0/0.0.17] 2026-05-27

Added

  • Add ByteSlice and ByteSliceValue functions for new BYTESLICE attribute type in go.opentelemetry.io/otel/attribute. (#7948)
  • Apply attribute value limit to the KindBytes attribute type in go.opentelemetry.io/otel/sdk/log. (#7990)
  • Apply attribute value limit to the BYTESLICE attribute type in go.opentelemetry.io/otel/sdk/trace. (#7990)
  • Support BYTESLICE attributes in go.opentelemetry.io/otel/trace. (#8153)
  • Support BYTESLICE attributes in go.opentelemetry.io/otel/exporters/otlp/otlptrace. (#8153)
  • Support BYTESLICE attributes in go.opentelemetry.io/otel/exporters/otlp/otlplog. (#8153)
  • Support BYTESLICE attributes in go.opentelemetry.io/otel/exporters/otlp/otlpmetric. (#8153)
  • Support BYTESLICE attributes in go.opentelemetry.io/otel/exporters/zipkin. (#8153)
  • Add String method for Value type in go.opentelemetry.io/otel/attribute. (#8142)
  • Add Slice and SliceValue functions for new SLICE attribute type in go.opentelemetry.io/otel/attribute. (#8166)
  • Support SLICE attributes in go.opentelemetry.io/otel/exporters/otlp/otlptrace. (#8216)
  • Support SLICE attributes in go.opentelemetry.io/otel/exporters/otlp/otlplog. (#8216)
  • Support SLICE attributes in go.opentelemetry.io/otel/exporters/otlp/otlpmetric. (#8216)
  • Support SLICE attributes in go.opentelemetry.io/otel/exporters/zipkin. (#8216)
  • Apply AttributeValueLengthLimit to attribute.SLICE type attribute values in go.opentelemetry.io/otel/sdk/trace, recursively truncating contained string values. (#8217)
  • Add Error field on Record type in go.opentelemetry.io/otel/log/logtest. (#8148)
  • Add WithMaxRequestSize option in go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc. (#8157)
  • Add WithMaxRequestSize option in go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp. (#8157)
  • Add WithMaxRequestSize option in go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc. (#8157)
  • Add WithMaxRequestSize option in go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp. (#8157)
  • Add WithMaxRequestSize option in go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc. (#8157)
  • Add WithMaxRequestSize option in go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp. (#8157)
  • Add Settable to go.opentelemetry.io/otel/metric/x to allow reusing attribute options. (#8178)
  • Add experimental support for splitting metric data across multiple batches in go.opentelemetry.io/otel/sdk/metric. Set OTEL_GO_X_METRIC_EXPORT_BATCH_SIZE=<max_size> to enable for all periodic readers. See go.opentelemetry.io/otel/sdk/metric/internal/x for feature documentation. (#8071)
  • Add experimental self-observability metrics in go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc. Enable with OTEL_GO_X_SELF_OBSERVABILITY=true environment variable. See go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc/int...

    Description has been truncated

Bumps the all group with 13 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [cloud.google.com/go/storage](https://github.com/googleapis/google-cloud-go) | `1.62.1` | `1.63.0` |
| [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry) | `0.21.5` | `0.21.7` |
| [github.com/in-toto/go-witness](https://github.com/in-toto/go-witness) | `0.10.0` | `0.11.0` |
| [github.com/sigstore/sigstore/pkg/signature/kms/aws](https://github.com/sigstore/sigstore) | `1.10.6` | `1.10.8` |
| [github.com/sigstore/sigstore/pkg/signature/kms/azure](https://github.com/sigstore/sigstore) | `1.10.6` | `1.10.8` |
| [github.com/sigstore/sigstore/pkg/signature/kms/gcp](https://github.com/sigstore/sigstore) | `1.10.6` | `1.10.8` |
| [github.com/sigstore/sigstore/pkg/signature/kms/hashivault](https://github.com/sigstore/sigstore) | `1.10.6` | `1.10.8` |
| [github.com/spiffe/go-spiffe/v2](https://github.com/spiffe/go-spiffe) | `2.6.0` | `2.8.1` |
| [github.com/tektoncd/pipeline](https://github.com/tektoncd/pipeline) | `1.12.0` | `1.14.0` |
| [google.golang.org/grpc](https://github.com/grpc/grpc-go) | `1.81.1` | `1.82.0` |
| [k8s.io/api](https://github.com/kubernetes/api) | `0.36.1` | `0.36.2` |
| [k8s.io/client-go](https://github.com/kubernetes/client-go) | `0.36.1` | `0.36.2` |
| [k8s.io/code-generator](https://github.com/kubernetes/code-generator) | `0.36.1` | `0.36.2` |



Updates `cloud.google.com/go/storage` from 1.62.1 to 1.63.0
- [Release notes](https://github.com/googleapis/google-cloud-go/releases)
- [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/CHANGES.md)
- [Commits](googleapis/google-cloud-go@storage/v1.62.1...compute/v1.63.0)

Updates `github.com/google/go-containerregistry` from 0.21.5 to 0.21.7
- [Release notes](https://github.com/google/go-containerregistry/releases)
- [Commits](google/go-containerregistry@v0.21.5...v0.21.7)

Updates `github.com/in-toto/go-witness` from 0.10.0 to 0.11.0
- [Release notes](https://github.com/in-toto/go-witness/releases)
- [Commits](in-toto/go-witness@v0.10.0...v0.11.0)

Updates `github.com/sigstore/sigstore` from 1.10.6 to 1.10.8
- [Release notes](https://github.com/sigstore/sigstore/releases)
- [Commits](sigstore/sigstore@v1.10.6...v1.10.8)

Updates `github.com/sigstore/sigstore/pkg/signature/kms/aws` from 1.10.6 to 1.10.8
- [Release notes](https://github.com/sigstore/sigstore/releases)
- [Commits](sigstore/sigstore@v1.10.6...v1.10.8)

Updates `github.com/sigstore/sigstore/pkg/signature/kms/azure` from 1.10.6 to 1.10.8
- [Release notes](https://github.com/sigstore/sigstore/releases)
- [Commits](sigstore/sigstore@v1.10.6...v1.10.8)

Updates `github.com/sigstore/sigstore/pkg/signature/kms/gcp` from 1.10.6 to 1.10.8
- [Release notes](https://github.com/sigstore/sigstore/releases)
- [Commits](sigstore/sigstore@v1.10.6...v1.10.8)

Updates `github.com/sigstore/sigstore/pkg/signature/kms/hashivault` from 1.10.6 to 1.10.8
- [Release notes](https://github.com/sigstore/sigstore/releases)
- [Commits](sigstore/sigstore@v1.10.6...v1.10.8)

Updates `github.com/spiffe/go-spiffe/v2` from 2.6.0 to 2.8.1
- [Release notes](https://github.com/spiffe/go-spiffe/releases)
- [Changelog](https://github.com/spiffe/go-spiffe/blob/main/CHANGELOG.md)
- [Commits](spiffe/go-spiffe@v2.6.0...v2.8.1)

Updates `github.com/tektoncd/pipeline` from 1.12.0 to 1.14.0
- [Release notes](https://github.com/tektoncd/pipeline/releases)
- [Changelog](https://github.com/tektoncd/pipeline/blob/main/releases.md)
- [Commits](tektoncd/pipeline@v1.12.0...v1.14.0)

Updates `go.opentelemetry.io/otel` from 1.43.0 to 1.44.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](open-telemetry/opentelemetry-go@v1.43.0...v1.44.0)

Updates `go.opentelemetry.io/otel/metric` from 1.43.0 to 1.44.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](open-telemetry/opentelemetry-go@v1.43.0...v1.44.0)

Updates `go.opentelemetry.io/otel/sdk/metric` from 1.43.0 to 1.44.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](open-telemetry/opentelemetry-go@v1.43.0...v1.44.0)

Updates `golang.org/x/crypto` from 0.51.0 to 0.53.0
- [Commits](golang/crypto@v0.51.0...v0.53.0)

Updates `golang.org/x/exp` from 0.0.0-20260312153236-7ab1446f8b90 to 0.0.0-20260410095643-746e56fc9e2f
- [Commits](https://github.com/golang/exp/commits)

Updates `google.golang.org/grpc` from 1.81.1 to 1.82.0
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](grpc/grpc-go@v1.81.1...v1.82.0)

Updates `k8s.io/api` from 0.36.1 to 0.36.2
- [Commits](kubernetes/api@v0.36.1...v0.36.2)

Updates `k8s.io/apimachinery` from 0.36.1 to 0.36.2
- [Commits](kubernetes/apimachinery@v0.36.1...v0.36.2)

Updates `k8s.io/client-go` from 0.36.1 to 0.36.2
- [Changelog](https://github.com/kubernetes/client-go/blob/master/CHANGELOG.md)
- [Commits](kubernetes/client-go@v0.36.1...v0.36.2)

Updates `k8s.io/code-generator` from 0.36.1 to 0.36.2
- [Commits](kubernetes/code-generator@v0.36.1...v0.36.2)

Updates `knative.dev/pkg` from 0.0.0-20260318013857-98d5a706d4fd to 0.0.0-20260531000007-52dbd5ece63f
- [Commits](https://github.com/knative/pkg/commits)

---
updated-dependencies:
- dependency-name: cloud.google.com/go/storage
  dependency-version: 1.63.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: github.com/google/go-containerregistry
  dependency-version: 0.21.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: github.com/in-toto/go-witness
  dependency-version: 0.11.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: github.com/sigstore/sigstore
  dependency-version: 1.10.8
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/aws
  dependency-version: 1.10.8
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/azure
  dependency-version: 1.10.8
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/gcp
  dependency-version: 1.10.8
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/hashivault
  dependency-version: 1.10.8
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: github.com/spiffe/go-spiffe/v2
  dependency-version: 2.8.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: github.com/tektoncd/pipeline
  dependency-version: 1.14.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: go.opentelemetry.io/otel
  dependency-version: 1.44.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: go.opentelemetry.io/otel/metric
  dependency-version: 1.44.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: go.opentelemetry.io/otel/sdk/metric
  dependency-version: 1.44.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: golang.org/x/crypto
  dependency-version: 0.53.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: golang.org/x/exp
  dependency-version: 0.0.0-20260410095643-746e56fc9e2f
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: google.golang.org/grpc
  dependency-version: 1.82.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: k8s.io/api
  dependency-version: 0.36.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: k8s.io/apimachinery
  dependency-version: 0.36.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: k8s.io/client-go
  dependency-version: 0.36.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: k8s.io/code-generator
  dependency-version: 0.36.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: knative.dev/pkg
  dependency-version: 0.0.0-20260531000007-52dbd5ece63f
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Used by dependabot - identifies all PRs created by dependabot kind/misc Categorizes issue or PR as a miscellaneuous one. ok-to-test Indicates a non-member PR verified by an org member that is safe to test. release-note-none Denotes a PR that doesnt merit a release note. labels Jul 7, 2026
@tekton-robot tekton-robot requested review from jkhelil and wlynch July 7, 2026 14:16
@tekton-robot tekton-robot added the size/L Denotes a PR that changes 100-499 lines, ignoring generated files. label Jul 7, 2026
@jkhelil

jkhelil commented Jul 8, 2026

Copy link
Copy Markdown
Member

/retest

…1772)

Signed-off-by: Shubham Bhardwaj <shubbhar@redhat.com>

@infernus01 infernus01 left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

@tekton-robot tekton-robot added the lgtm Indicates that a PR is ready to be merged. label Jul 8, 2026
@jkhelil

jkhelil commented Jul 8, 2026

Copy link
Copy Markdown
Member

/hold

@tekton-robot tekton-robot added the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Jul 8, 2026
@jkhelil

jkhelil commented Jul 8, 2026

Copy link
Copy Markdown
Member

/unhold

@tekton-robot tekton-robot removed the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Jul 8, 2026
@jkhelil

jkhelil commented Jul 8, 2026

Copy link
Copy Markdown
Member

/approve

@tekton-robot

Copy link
Copy Markdown

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: jkhelil

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@tekton-robot tekton-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Jul 8, 2026
@tekton-robot tekton-robot merged commit 15d64f4 into main Jul 8, 2026
19 checks passed
@dependabot dependabot Bot deleted the dependabot/go_modules/all-1e7495cff5 branch July 8, 2026 13:18
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

approved Indicates a PR has been approved by an approver from all required OWNERS files. dependencies Used by dependabot - identifies all PRs created by dependabot kind/misc Categorizes issue or PR as a miscellaneuous one. lgtm Indicates that a PR is ready to be merged. ok-to-test Indicates a non-member PR verified by an org member that is safe to test. release-note-none Denotes a PR that doesnt merit a release note. size/L Denotes a PR that changes 100-499 lines, ignoring generated files.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants