Skip to content

chore(deps): Bump github.com/sigstore/sigstore-go from 1.1.0 to 1.1.3#11830

Merged
BagToad merged 1 commit intotrunkfrom
dependabot/go_modules/github.com/sigstore/sigstore-go-1.1.3
Oct 17, 2025
Merged

chore(deps): Bump github.com/sigstore/sigstore-go from 1.1.0 to 1.1.3#11830
BagToad merged 1 commit intotrunkfrom
dependabot/go_modules/github.com/sigstore/sigstore-go-1.1.3

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Sep 29, 2025

Bumps github.com/sigstore/sigstore-go from 1.1.0 to 1.1.3.

Release notes

Sourced from github.com/sigstore/sigstore-go's releases.

v1.1.3

What's Changed

Full Changelog: sigstore/sigstore-go@v1.1.2...v1.1.3

v1.1.2

What's Changed

Full Changelog: sigstore/sigstore-go@v1.1.1...v1.1.2

v1.1.1

What's Changed

Full Changelog: sigstore/sigstore-go@v1.1.0...v1.1.1

Commits
  • c79035f Add note regarding API compatibility when using signing config (#528)
  • cbc9bf5 Add support for signing config for conformance test suite (#527)
  • 4cd170a Bump the minor-patch group across 1 directory with 5 updates (#526)
  • 0701306 Set user agent for TUF and Rekor v2 clients (#525)
  • fe24fbf Bump the minor-patch group across 2 directories with 4 updates (#522)
  • b479288 Bump actions/setup-go from 5.5.0 to 6.0.0 (#521)
  • 201a35a Support other key algorithms for Rekor v2 (#520)
  • b9e4783 Bump the minor-patch group across 2 directories with 4 updates (#518)
  • 7bb079e Bump github.com/go-viper/mapstructure/v2 (#515)
  • 32a79bd Bump sigstore/sigstore-conformance from 0.0.18 to 0.0.19 (#513)
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
chore(deps): Bump github.com/sigstore/sigstore-go from 1.1.0 to 1.1.3
0e904d5 
Bumps [github.com/sigstore/sigstore-go](https://github.com/sigstore/sigstore-go) from 1.1.0 to 1.1.3.
- [Release notes](https://github.com/sigstore/sigstore-go/releases)
- [Commits](sigstore/sigstore-go@v1.1.0...v1.1.3)

---
updated-dependencies:
- dependency-name: github.com/sigstore/sigstore-go
  dependency-version: 1.1.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Sep 29, 2025
@dependabot dependabot bot requested a review from a team as a code owner September 29, 2025 18:13
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Sep 29, 2025
@dependabot dependabot bot requested a review from babakks September 29, 2025 18:13
@dependabot dependabot bot added the go Pull requests that update Go code label Sep 29, 2025
@dependabot dependabot bot mentioned this pull request Sep 29, 2025
Closed
@babakks babakks requested a review from bdehamer October 1, 2025 09:30
babakks
babakks approved these changes Oct 1, 2025
View reviewed changes
Copy link
Member

@babakks babakks left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM! Passing to @bdehamer.

@BagToad
Copy link
Member

BagToad commented Oct 17, 2025

Merging because this seems like minor changes in a patch release.

@BagToad BagToad merged commit 52bdb56 into trunk Oct 17, 2025
21 checks passed
@BagToad BagToad deleted the dependabot/go_modules/github.com/sigstore/sigstore-go-1.1.3 branch October 17, 2025 18:01
tmeijn pushed a commit to tmeijn/dotfiles that referenced this pull request Oct 22, 2025
build(deps): update cli/cli to v2.82.1
0ba6e55 
This MR contains the following updates:

| Package | Update | Change |
|---|---|---|
| [cli/cli](https://github.com/cli/cli) | patch | `v2.82.0` -> `v2.82.1` |

MR created with the help of [el-capitano/tools/renovate-bot](https://gitlab.com/el-capitano/tools/renovate-bot).

**Proposed changes to behavior should be submitted there as MRs.**

---

### Release Notes

<details>
<summary>cli/cli (cli/cli)</summary>

### [`v2.82.1`](https://github.com/cli/cli/releases/tag/v2.82.1): GitHub CLI 2.82.1

[Compare Source](cli/cli@v2.82.0...v2.82.1)

#### Fix `gh pr edit` not detecting classic projects feature deprecation

`gh pr edit` was not correctly detecting the classic projects API deprecation. This release fixes that detection and avoids an incorrect fetch to the deprecated APIs.

This only impacted `gh pr edit` commands used to add or remove projects.

#### What's Changed

##### 🐛 Fixes

- fix `gh pr edit`: do not fetch V1 projects on unsupported GitHub hosts by [@&#8203;BagToad](https://github.com/BagToad) in [#&#8203;11987](cli/cli#11987)

##### :dependabot: Dependencies

- chore(deps): bump github/codeql-action from 3 to 4 by [@&#8203;dependabot](https://github.com/dependabot)\[bot] in [#&#8203;11881](cli/cli#11881)
- chore(deps): Bump github.com/sigstore/sigstore-go from 1.1.0 to 1.1.3 by [@&#8203;dependabot](https://github.com/dependabot)\[bot] in [#&#8203;11830](cli/cli#11830)
- chore(deps): bump github.com/gabriel-vasile/mimetype from 1.4.9 to 1.4.10 by [@&#8203;dependabot](https://github.com/dependabot)\[bot] in [#&#8203;11659](cli/cli#11659)
- chore(deps): bump actions/attest-build-provenance from 2.4.0 to 3.0.0 by [@&#8203;dependabot](https://github.com/dependabot)\[bot] in [#&#8203;11612](cli/cli#11612)

**Full Changelog**: <cli/cli@v2.82.0...v2.82.1>

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 **Automerge**: Enabled.

♻ **Rebasing**: Whenever MR is behind base branch, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this MR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this MR, check this box

---

This MR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MS4xNTIuOSIsInVwZGF0ZWRJblZlciI6IjQxLjE1Mi45IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJSZW5vdmF0ZSBCb3QiXX0=-->
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@babakks babakks babakks approved these changes

@bdehamer bdehamer Awaiting requested review from bdehamer

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file go Pull requests that update Go code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@BagToad @babakks