Skip to content

chore(deps): update module github.com/sigstore/cosign/v2 to v2.5.2 #183

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Jun 18, 2025

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Jun 16, 2025

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
github.com/sigstore/cosign/v2 v2.5.0 -> v2.5.2 age adoption passing confidence

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.


Release Notes

sigstore/cosign (github.com/sigstore/cosign/v2)

v2.5.2

Compare Source

Bug Fixes

  • Do not load trusted root when CT env key is set

Documentation

  • docs: improve doc for --no-upload option (#​4206)

v2.5.1

Compare Source

Features

  • Add Rekor v2 support for trusted-root create (#​4242)
  • Add baseUrl and Uri to trusted-root create command
  • Upgrade to TUF v2 client with trusted root
  • Don't verify SCT for a private PKI cert (#​4225)
  • Bump TSA library to relax EKU chain validation rules (#​4219)

Bug Fixes

  • Bump sigstore-go to pick up log index=0 fix (#​4162)
  • remove unused recursive flag on attest command (#​4187)

Docs

  • Fix indentation in verify-blob cmd examples (#​4160)

Releases

  • ensure we copy the latest tags on each release (#​4157)

Contributors

  • arthurus-rex
  • Babak K. Shandiz
  • Bob Callaway
  • Carlos Tadeu Panato Junior
  • Colleen Murphy
  • Dmitry Savintsev
  • Emmanuel Ferdman
  • Hayden B
  • Ville Skyttä

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

Copy link
Contributor Author

renovate bot commented Jun 16, 2025

ℹ Artifact update notice

File name: go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

  • 45 additional dependencies were updated

Details:

Package Change
cel.dev/expr v0.23.0 -> v0.23.1
cloud.google.com/go v0.120.0 -> v0.121.1
cloud.google.com/go/auth v0.16.1 -> v0.16.2
cloud.google.com/go/compute/metadata v0.6.0 -> v0.7.0
cloud.google.com/go/iam v1.4.2 -> v1.5.2
cloud.google.com/go/kms v1.21.1 -> v1.22.0
cloud.google.com/go/longrunning v0.6.6 -> v0.6.7
cloud.google.com/go/monitoring v1.24.1 -> v1.24.2
cloud.google.com/go/storage v1.51.0 -> v1.55.0
github.com/Azure/azure-sdk-for-go/sdk/azcore v1.17.1 -> v1.18.0
github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.8.2 -> v1.10.1
github.com/Azure/azure-sdk-for-go/sdk/internal v1.10.0 -> v1.11.1
github.com/Azure/azure-sdk-for-go/sdk/storage/azblob v1.6.0 -> v1.6.1
github.com/aws/aws-sdk-go v1.55.6 -> v1.55.7
github.com/aws/aws-sdk-go-v2/service/kms v1.38.1 -> v1.41.0
github.com/buildkite/agent/v3 v3.95.1 -> v3.98.2
github.com/coreos/go-oidc/v3 v3.13.0 -> v3.14.1
github.com/docker/cli v28.1.1+incompatible -> v28.2.2+incompatible
github.com/docker/docker v28.1.1+incompatible -> v28.2.2+incompatible
github.com/google/certificate-transparency-go v1.3.1 -> v1.3.2
github.com/google/go-containerregistry v0.20.5 -> v0.20.6
github.com/googleapis/gax-go/v2 v2.14.1 -> v2.14.2
github.com/gorilla/websocket v1.5.3 -> v1.5.4-0.20250319132907-e064f32e3674
github.com/hashicorp/go-secure-stdlib/parseutil v0.1.7 -> v0.2.0
github.com/hashicorp/go-sockaddr v1.0.5 -> v1.0.7
github.com/sigstore/fulcio v1.6.6 -> v1.7.1
github.com/sigstore/protobuf-specs v0.4.1 -> v0.4.3
github.com/sigstore/rekor v1.3.9 -> v1.3.10
github.com/sigstore/sigstore v1.9.3 -> v1.9.5
github.com/sigstore/sigstore-go v0.7.1 -> v1.0.0
github.com/sigstore/sigstore/pkg/signature/kms/aws v1.9.1 -> v1.9.5
github.com/sigstore/sigstore/pkg/signature/kms/azure v1.9.1 -> v1.9.5
github.com/sigstore/sigstore/pkg/signature/kms/gcp v1.9.1 -> v1.9.5
github.com/sigstore/sigstore/pkg/signature/kms/hashivault v1.9.1 -> v1.9.5
github.com/sigstore/timestamp-authority v1.2.5 -> v1.2.8
github.com/theupdateframework/go-tuf/v2 v2.0.2 -> v2.1.1
gitlab.com/gitlab-org/api/client-go v0.129.0 -> v0.130.1
go.opentelemetry.io/contrib/detectors/gcp v1.35.0 -> v1.36.0
go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.60.0 -> v0.61.0
golang.org/x/time v0.11.0 -> v0.12.0
google.golang.org/api v0.231.0 -> v0.237.0
google.golang.org/genproto v0.0.0-20250324211829-b45e905df463 -> v0.0.0-20250505200425-f936aa4a68b2
k8s.io/api v0.32.3 -> v0.33.1
k8s.io/apimachinery v0.33.0 -> v0.33.1
k8s.io/client-go v0.32.3 -> v0.33.1

@renovate renovate bot requested a review from a team as a code owner June 16, 2025 18:33
@renovate renovate bot changed the title chore(deps): update module github.com/sigstore/cosign/v2 to v2.5.1 chore(deps): update module github.com/sigstore/cosign/v2 to v2.5.2 Jun 17, 2025
@renovate renovate bot force-pushed the renovate/github.com-sigstore-cosign-v2-2.x branch 2 times, most recently from 54c7d92 to cb68647 Compare June 18, 2025 02:18
@renovate renovate bot force-pushed the renovate/github.com-sigstore-cosign-v2-2.x branch from cb68647 to 472f3da Compare June 18, 2025 02:20
@ryanwohara ryanwohara merged commit 20a7c5b into main Jun 18, 2025
6 checks passed
@ryanwohara ryanwohara deleted the renovate/github.com-sigstore-cosign-v2-2.x branch June 18, 2025 02:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant