chore(deps): bump the all group with 6 updates by dependabot[bot] · Pull Request #207 · gittuf/github-app

dependabot · 2026-05-01T23:14:57Z

Bumps the all group with 6 updates:

Package	From	To
cloud.google.com/go/kms	`1.29.0`	`1.30.0`
cloud.google.com/go/secretmanager	`1.19.0`	`1.20.0`
github.com/aws/aws-sdk-go-v2/service/kms	`1.50.5`	`1.51.1`
github.com/aws/aws-sdk-go-v2/service/secretsmanager	`1.41.6`	`1.41.7`
github.com/gittuf/gittuf	`0.13.2-0.20260421131520-3adce9acb1bb`	`0.14.0`
github.com/octo-sts/app	`0.6.1`	`0.7.0`

Updates cloud.google.com/go/kms from 1.29.0 to 1.30.0

Release notes

Sourced from cloud.google.com/go/kms's releases.

kms: v1.30.0

v1.30.0 (2026-04-30)

retail: v1.30.0

v1.30.0 (2026-04-30)

Changelog

Sourced from cloud.google.com/go/kms's changelog.

1.30.0 (2024-06-05)

Features

documentai: Make Layout Parser generally available in V1 (#10286) (92dc381)

Commits

54d941a chore: librarian release pull request: 20260402T153541Z (#14330)
22d0749 docs(storage): Update EnableParallelUpload documentation (#14328)
751febd feat(spanner): Switch to using builtin open telemetry for EEF (#14193)
a70f04f chore: add a config check (#14327)
9e2b3f5 chore: update sources and regenerate (#14325)
e0760b5 fix(spanner): set gauge metric start time to match end time (#14289)
71df27f docs(pubsub/v2): revamp package docs (#14317)
a6efdbf chore: update librarian version (#14323)
22cda56 chore: update librariangen image SHA (#14315)
1720392 chore(all): update deps (main) (#14231)
Additional commits viewable in compare view

Updates cloud.google.com/go/secretmanager from 1.19.0 to 1.20.0

Release notes

Sourced from cloud.google.com/go/secretmanager's releases.

osconfig: v1.20.0

v1.20.0 (2026-04-30)

run: v1.20.0

v1.20.0 (2026-04-30)

secretmanager: v1.20.0

v1.20.0 (2026-04-30)

texttospeech: v1.20.0

v1.20.0 (2026-04-30)

Changelog

Sourced from cloud.google.com/go/secretmanager's changelog.

1.20.0 (2023-06-20)

Features

documentai: Add StyleInfo to document.proto (b726d41)

documentai: Add StyleInfo to document.proto (b726d41)

Bug Fixes

documentai: REST query UpdateMask bug (df52820)

Commits

47bb902 chore: release main (#10988)
2b8ca4b chore: add Protobuf warning to release notes (#11025)
8bb87d5 chore: update google.golang.org/api to v0.203.0 (#11022)
d40fbff fix(storage): Skip only specific transport tests. (#11016)
ff06fc2 fix: Fix default service account tests on GCE. (#11021)
6071167 feat(alloydb): add new PSC instance configuration setting and output the PSC ...
15eacb9 chore: update SA used for tests (#11018)
e78389d chore: fix doc publish creds (#11019)
1d7ee9f chore(main): release auth 0.9.9 (#11003)
6e69d2e feat(texttospeech): add brand voice lite, which lets you clone a voice with j...
Additional commits viewable in compare view

Updates github.com/aws/aws-sdk-go-v2/service/kms from 1.50.5 to 1.51.1

Commits

7095341 Release 2024-02-23
bcf04e6 Regenerated Clients
ca190b0 Update API model
6397a64 move common middleware stack ops to service client modules (#2516)
e9b00e2 Release 2024-02-22
0cfc53e Regenerated Clients
92d6c19 Update API model
18adb31 add middleware snapshot tests (#2513)
7888f0e Release 2024-02-21
4a9cd1d Regenerated Clients
Additional commits viewable in compare view

Updates github.com/aws/aws-sdk-go-v2/service/secretsmanager from 1.41.6 to 1.41.7

Commits

2223642 Release 2026-04-29
04c7e46 Regenerated Clients
5f56925 Update endpoints model
aac6d2b Update API model
bdaead7 upgrade to smithy-go v1.25.1 (#3399)
008e12c Release 2026-04-27
ef109d9 Regenerated Clients
6411e63 Update API model
e5bf970 Release 2026-04-24
bdbb88c Regenerated Clients
Additional commits viewable in compare view

Updates github.com/gittuf/gittuf from 0.13.2-0.20260421131520-3adce9acb1bb to 0.14.0

Release notes

Sourced from github.com/gittuf/gittuf's releases.

v0.14.0

This release improves our testing coverage, makes various improvements across the codebase, and removes support for the legacy securesystemslib key format. This release also fixes security vulnerabilities, see the advisories on GitHub for more information.

Changelog

Added

Added support for filtering the RSL by target reference of entries

Added testing for gittuf in CI on FreeBSD

Added fixes to prevent policy rollback attacks via RSL

Added missing validation when loading first policy state

Updated

Improved checks for invalid thresholds

Improved reliability of integration with the gittuf GitHub app

Improved CLI documentation

Increased testing coverage significantly across multiple packages

Updated various dependencies and CI workflows

Removed

Removed support for legacy securesystemslib key formats, used in early alpha builds of gittuf

Contributors

This release includes work by @yongjae354, @jkang2003, @mohesham88, @saurabh12nxf, @aryarathoree, @Demiserular, @theycallmeaabie, @ayuxsh009, @kepnok, @pushkarscripts, @IITI-tushar, @dawgdevv, @adityasaky and @patzielinski. Dependency updates brought to you by @dependabot.

Changelog

Sourced from github.com/gittuf/gittuf's changelog.

v0.14.0

This release improves our testing coverage, makes various improvements across the codebase, and removes support for the legacy securesystemslib key format. This release also fixes security vulnerabilities, see the advisories on GitHub for more information.

Added

Added support for filtering the RSL by target reference of entries

Added testing for gittuf in CI on FreeBSD

Added fixes to prevent policy rollback attacks via RSL

Added missing validation when loading first policy state

Updated

Improved checks for invalid thresholds

Improved reliability of integration with the gittuf GitHub app

Improved CLI documentation

Increased testing coverage significantly across multiple packages

Updated various dependencies and CI workflows

Removed

Removed support for legacy securesystemslib key formats, used in early alpha builds of gittuf

v0.13.1

This release is a follow-up to v0.13.0 to fix our releasing pipeline. Starting with this release, gittuf releases now ship with attested SBOMs and build provenance.

Updated

Updated a test for invalid RSL recovery

Updated various dependencies and CI workflows

v0.13.0

Added

Added support for signing gittuf metadata with GPG keys

Added a new read-only mode to the TUI to allow viewing gittuf metadata

Added support for listing propagation directives and a duplicate check

Added documentation on extracting gittuf attestations data from the repository

Updated

Updated Sigstore dependency

... (truncated)

Commits

See full diff in compare view

Updates github.com/octo-sts/app from 0.6.1 to 0.7.0

Release notes

Sourced from github.com/octo-sts/app's releases.

v0.7.0

What's Changed

feat(ghtransport): wrap base transport with httpmetrics by @nskaggs in octo-sts/app#1336

Add smoke tests for Octo STS by @joedborg in octo-sts/app#1338

Fix test data by @joedborg in octo-sts/app#1339

Add alarm for excessive missing STS policy file hits by @joedborg in octo-sts/app#1340

Add logging API to egress by @joedborg in octo-sts/app#1341

Add required labels block by @joedborg in octo-sts/app#1342

chore(deps): bump chainguard-dev/actions from 1.6.15 to 1.6.16 in the all group by @dependabot[bot] in octo-sts/app#1343

chore(deps): bump chainguard.dev/sdk from 0.1.53 to 0.1.54 in the all group across 1 directory by @dependabot[bot] in octo-sts/app#1337

chore(deps): bump github.com/invopop/jsonschema from 0.13.0 to 0.14.0 by @dependabot[bot] in octo-sts/app#1331

GCP API doesn't like period block by @joedborg in octo-sts/app#1344

feat(ghinstall): capacity-aware fairshare routing across installations by @nskaggs in octo-sts/app#1345

Make sure we only read quota from installations by @joedborg in octo-sts/app#1346

chore(deps): bump chainguard-dev/actions from 1.6.16 to 1.6.17 in the all group by @dependabot[bot] in octo-sts/app#1347

Replace multiManager with a persistent cache by @joedborg in octo-sts/app#1348

Add Firestore and Slack to deploy job egress by @joedborg in octo-sts/app#1349

Add smoke tests to test sticky routing by @joedborg in octo-sts/app#1350

Run check lifecycle on smoketest by @joedborg in octo-sts/app#1351

Also use subject for request hashing for better distribution by @joedborg in octo-sts/app#1352

Add Firestore API to prod by @joedborg in octo-sts/app#1353

Add a quota warmup by @joedborg in octo-sts/app#1354

Reduce TTL to 1 hour by @joedborg in octo-sts/app#1355

chore(deps): bump google.golang.org/api from 0.276.0 to 0.277.0 by @dependabot[bot] in octo-sts/app#1356

Lookup policy before returning an installation by @joedborg in octo-sts/app#1357

New Contributors

@nskaggs made their first contribution in octo-sts/app#1336

Full Changelog: octo-sts/app@v0.6.1...v0.7.0

Commits

68cc677 Lookup policy before returning an installation (#1357)
814f350 chore(deps): bump google.golang.org/api from 0.276.0 to 0.277.0 (#1356)
229af42 Reduce TTL to 1 hour (#1355)
9d3e602 Add a quota warmup (#1354)
b02fb1d Add Firestore API to prod (#1353)
fabe152 Also use subject for request hashing for better distribution (#1352)
221808c Run check lifecycle on smoketest (#1351)
70c533c Add smoke tests to test sticky routing (#1350)
1b26139 Add Firestore and Slack to deploy job egress (#1349)
45827ff Replace multiManager with a persistent cache (#1348)
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the all group with 6 updates: | Package | From | To | | --- | --- | --- | | [cloud.google.com/go/kms](https://github.com/googleapis/google-cloud-go) | `1.29.0` | `1.30.0` | | [cloud.google.com/go/secretmanager](https://github.com/googleapis/google-cloud-go) | `1.19.0` | `1.20.0` | | [github.com/aws/aws-sdk-go-v2/service/kms](https://github.com/aws/aws-sdk-go-v2) | `1.50.5` | `1.51.1` | | [github.com/aws/aws-sdk-go-v2/service/secretsmanager](https://github.com/aws/aws-sdk-go-v2) | `1.41.6` | `1.41.7` | | [github.com/gittuf/gittuf](https://github.com/gittuf/gittuf) | `0.13.2-0.20260421131520-3adce9acb1bb` | `0.14.0` | | [github.com/octo-sts/app](https://github.com/octo-sts/app) | `0.6.1` | `0.7.0` | Updates `cloud.google.com/go/kms` from 1.29.0 to 1.30.0 - [Release notes](https://github.com/googleapis/google-cloud-go/releases) - [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/documentai/CHANGES.md) - [Commits](googleapis/google-cloud-go@kms/v1.29.0...dlp/v1.30.0) Updates `cloud.google.com/go/secretmanager` from 1.19.0 to 1.20.0 - [Release notes](https://github.com/googleapis/google-cloud-go/releases) - [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/documentai/CHANGES.md) - [Commits](googleapis/google-cloud-go@dlp/v1.19.0...dlp/v1.20.0) Updates `github.com/aws/aws-sdk-go-v2/service/kms` from 1.50.5 to 1.51.1 - [Release notes](https://github.com/aws/aws-sdk-go-v2/releases) - [Commits](aws/aws-sdk-go-v2@service/ssm/v1.50.5...service/s3/v1.51.1) Updates `github.com/aws/aws-sdk-go-v2/service/secretsmanager` from 1.41.6 to 1.41.7 - [Release notes](https://github.com/aws/aws-sdk-go-v2/releases) - [Commits](aws/aws-sdk-go-v2@v1.41.6...v1.41.7) Updates `github.com/gittuf/gittuf` from 0.13.2-0.20260421131520-3adce9acb1bb to 0.14.0 - [Release notes](https://github.com/gittuf/gittuf/releases) - [Changelog](https://github.com/gittuf/gittuf/blob/main/CHANGELOG.md) - [Commits](https://github.com/gittuf/gittuf/commits/v0.14.0) Updates `github.com/octo-sts/app` from 0.6.1 to 0.7.0 - [Release notes](https://github.com/octo-sts/app/releases) - [Commits](octo-sts/app@v0.6.1...v0.7.0) --- updated-dependencies: - dependency-name: cloud.google.com/go/kms dependency-version: 1.30.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all - dependency-name: cloud.google.com/go/secretmanager dependency-version: 1.20.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all - dependency-name: github.com/aws/aws-sdk-go-v2/service/kms dependency-version: 1.51.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all - dependency-name: github.com/aws/aws-sdk-go-v2/service/secretsmanager dependency-version: 1.41.7 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: github.com/gittuf/gittuf dependency-version: 0.14.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all - dependency-name: github.com/octo-sts/app dependency-version: 0.7.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels May 1, 2026

patzielinski approved these changes May 1, 2026

View reviewed changes

patzielinski merged commit 602d037 into main May 1, 2026
2 checks passed

dependabot Bot deleted the dependabot/go_modules/all-f5a4687755 branch May 1, 2026 23:27

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): bump the all group with 6 updates#207

chore(deps): bump the all group with 6 updates#207
patzielinski merged 1 commit intomainfrom
dependabot/go_modules/all-f5a4687755

dependabot Bot commented on behalf of github May 1, 2026

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Conversation

dependabot Bot commented on behalf of github May 1, 2026

kms: v1.30.0

v1.30.0 (2026-04-30)

retail: v1.30.0

v1.30.0 (2026-04-30)

1.30.0 (2024-06-05)

Features

osconfig: v1.20.0

v1.20.0 (2026-04-30)

run: v1.20.0

v1.20.0 (2026-04-30)

secretmanager: v1.20.0

v1.20.0 (2026-04-30)

texttospeech: v1.20.0

v1.20.0 (2026-04-30)

1.20.0 (2023-06-20)

Features

Bug Fixes

v0.14.0

Changelog

Added

Updated

Removed

Contributors

v0.14.0

Added

Updated

Removed

v0.13.1

Updated

v0.13.0

Added

Updated

v0.7.0

What's Changed

New Contributors

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant