Conversation
This bumps sigstore/rekor to v1.4.1 to get a vulnerability fix in the downstream go-chi/chi
Contributor
There was a problem hiding this comment.
Pull Request Overview
This PR updates the sigstore/rekor dependency from v1.3.10 to v1.4.1 to address a security vulnerability in the downstream go-chi/chi library. The update also includes several related dependency version bumps that are pulled in transitively.
- Upgrades sigstore/rekor to v1.4.1 for security fix
- Updates go-chi/chi from v4.1.2+incompatible to v5.2.2 (major version upgrade)
- Bumps various other dependencies including Google Cloud libraries, OpenTelemetry packages, and gRPC
Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.
babakks
approved these changes
Sep 3, 2025
tmeijn
pushed a commit
to tmeijn/dotfiles
that referenced
this pull request
Sep 12, 2025
This MR contains the following updates: | Package | Update | Change | |---|---|---| | [cli/cli](https://github.com/cli/cli) | minor | `v2.78.0` -> `v2.79.0` | MR created with the help of [el-capitano/tools/renovate-bot](https://gitlab.com/el-capitano/tools/renovate-bot). **Proposed changes to behavior should be submitted there as MRs.** --- ### Release Notes <details> <summary>cli/cli (cli/cli)</summary> ### [`v2.79.0`](https://github.com/cli/cli/releases/tag/v2.79.0): GitHub CLI 2.79.0 [Compare Source](cli/cli@v2.78.0...v2.79.0) #### Advanced Issue Search Support The GitHub CLI now supports advanced issue search syntax using: - Searching issues: `gh search issues <advanced issue search query>` - Searching pull requests: `gh search prs <advanced issue search query>` - While listing issues: `gh issue list --search <advanced issue search query>` - While listing pull requests: `gh pr list --search <advanced issue search query>` For more information about advanced issue search syntax, see: "[Filtering and Searching Issues and Merge Requests](https://docs.github.com/en/issues/tracking-your-work-with-issues/using-issues/filtering-and-searching-issues-and-pull-requests#building-advanced-filters-for-issues)" #### Copy OAuth Code Automatically The GitHub CLI now supports writing the OAuth one-time pass code to the clipboard automatically during authentication: - While logging in: `gh auth login --clipboard` / `gh auth login -c` - While refreshing the token: `gh auth refresh --clipboard` / `gh auth refresh -c` #### What's Changed ##### ✨ Features - feat: `gh auth` Automatically copy one-time OAuth code to clipboard by [@​ankddev](https://github.com/ankddev) in [#​11518](cli/cli#11518) - feat: add support for `--ref` in `gh cache delete` by [@​luxass](https://github.com/luxass) in [#​11592](cli/cli#11592) - Use advanced issue search by [@​babakks](https://github.com/babakks) in [#​11638](cli/cli#11638) ##### 📚 Docs & Chores - docs(release create): difference `--generate-notes` and `--notes-from-tag` by [@​ankddev](https://github.com/ankddev) in [#​11534](cli/cli#11534) - refactor tests: use `slices.Equal` to simplify code by [@​minxinyi](https://github.com/minxinyi) in [#​11364](cli/cli#11364) - Remove mention of public preview in trustedroot.go by [@​jkylekelly](https://github.com/jkylekelly) in [#​11652](cli/cli#11652) #####Dependencies - Bump sigstore/rekor to v1.4.1 by [@​BagToad](https://github.com/BagToad) in [#​11654](cli/cli#11654) - chore(deps): bump actions/stale from 9 to 10 by [@​dependabot](https://github.com/dependabot)\[bot] in [#​11663](cli/cli#11663) - chore(deps): bump actions/setup-go from 5 to 6 by [@​dependabot](https://github.com/dependabot)\[bot] in [#​11662](cli/cli#11662) #### New Contributors - [@​minxinyi](https://github.com/minxinyi) made their first contribution in [#​11364](cli/cli#11364) - [@​jkylekelly](https://github.com/jkylekelly) made their first contribution in [#​11652](cli/cli#11652) - [@​luxass](https://github.com/luxass) made their first contribution in [#​11592](cli/cli#11592) **Full Changelog**: <cli/cli@v2.78.0...v2.79.0> </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever MR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this MR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this MR, check this box --- This MR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MS45OC4xIiwidXBkYXRlZEluVmVyIjoiNDEuOTguMSIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiUmVub3ZhdGUgQm90Il19-->
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This bumps sigstore/rekor to v1.4.1 to get a vulnerability fix in the downstream go-chi/chi.