Skip to content

Bump the actions group across 1 directory with 5 updates #377

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
dependabot wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Bump the actions group across 1 directory with 5 updates #377

dependabot wants to merge 1 commit into from

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Oct 10, 2025
edited
Loading

Bumps the actions group with 4 updates in the / directory: github.com/go-openapi/runtime, github.com/go-openapi/swag, github.com/sigstore/rekor and github.com/spf13/cobra.

Updates github.com/go-openapi/runtime from 0.28.0 to 0.29.0

Commits
  • 53e5561 chore(deps): updated dependencies & relint
  • 7e6d12c build(deps): bump the go-openapi-dependencies group with 4 updates
  • f39677b chore(deps): deprecated dependency to opentracing
  • 476a4c4 chore: migrated calls to go-openapi/swag to the new API
  • 8de32b0 fixed the nil check
  • c364773 Update context.go
  • 0628cdf chore(go): upgraded to g1.24
  • 6912bd1 build(deps): bump actions/setup-go in the development-dependencies group
  • 341eefa build(deps): bump github.com/stretchr/testify
  • 0e2f309 build(deps): bump github.com/go-openapi/errors
  • Additional commits viewable in compare view

Updates github.com/go-openapi/strfmt from 0.23.0 to 0.24.0

Commits
  • 900913b chore(deps): updated dependencies & relinted
  • e9d6155 build(deps): bump golang.org/x/net in the golang-org-dependencies group
  • 65743c4 build(deps): bump actions/setup-go in the development-dependencies group
  • c21fe94 build(deps): bump github.com/stretchr/testify
  • 2ac5723 fix(duration): accepts fractional values for duration (#170)
  • aae2676 build(deps): bump actions/checkout in the development-dependencies group
  • d24e69d build(deps): bump github.com/go-openapi/errors
  • 1613dfc fix(lint): fixed false positives in tests (testifylint)
  • 25d4e0a chore(lint): update linter config, relinted code
  • 430601d Bump golang.org/x/net in the golang-org-dependencies group
  • Additional commits viewable in compare view

Updates github.com/go-openapi/swag from 0.23.1 to 0.25.1

Commits
  • e8de8a1 prepared release v0.25.1
  • ccad3e7 fix(typo): fixed typo on the benchmark diagram image
  • 4e3f4ae fix(jsonutils): fixed data race with lexer
  • a7a1158 prepared release v0.25.0
  • 2e28a5a perf(jsonutils): fixed Adapter's interface to reduce its overhead
  • 959dfdd Added benchmarks to measure how the new adapters play out
  • c3abe4a chore(deps): removed direct dependencies to gopkg.in/yaml.v3
  • effdcb9 chore: improved mono-repo management
  • f344ab5 Remove dependency to mailru/easyjson by default
  • 6da37dd build(deps): bump the development-dependencies group across 2 directories wit...
  • Additional commits viewable in compare view

Updates github.com/sigstore/rekor from 1.4.0 to 1.4.2

Release notes

Sourced from github.com/sigstore/rekor's releases.

v1.4.2

What's Changed

Full Changelog: sigstore/rekor@v1.4.1...v1.4.2

v1.4.1

Changelog

  • 7c83add6b10b15d4665b1773ccb6144da95394b7 add changelog for v1.4.1 release (#2597)
  • 978d430f0599737a3716712731bc3e3dcf8c4ea6 build(deps): Bump google.golang.org/api from 0.246.0 to 0.248.0 (#2595)
  • 692a2aafc9d09618e5a51feef6f26bf94ce040cb build(deps): Bump github.com/ulikunitz/xz from 0.5.12 to 0.5.14 (#2596)
  • 04cf79c6e5512d51796c4fcfba0af05cea6d2db5 build(deps): Bump the all group with 2 updates (#2593)
  • f6e19d80e2dcfaa4bafe976f759f7b4dc1a3c0d8 build(deps): Bump github.com/stretchr/testify from 1.10.0 to 1.11.0
  • d34ab93bacd15f02d0a76933cbbaab3008136702 build(deps): Bump go.step.sm/crypto from 0.69.0 to 0.70.0
  • ee8f373f27a84ef6df433f8983afb52aad74782f build(deps): Bump google.golang.org/protobuf in the all group
  • 1fcc0a64f121936a0c806db17394e5801e873ed8 build(deps): Bump google.golang.org/grpc from 1.74.2 to 1.75.0
  • 8038b35a398a48a863ca3b4da7816f6fe3cb8bd2 build(deps): Bump google.com/cloudsdktool/google-cloud-cli
  • 7b8da09119cc4345234fabe41e1456e813f508df build(deps): Bump actions/checkout from 4.3.0 to 5.0.0
  • ec92ffe2b94f1c6d63004b0d85e73c40ac0f2b56 build(deps): Bump github.com/redis/go-redis/v9 from 9.11.0 to 9.12.1
  • 96937bf08c14dbf7c0a81bd21cd2741562424528 build(deps): Bump github.com/go-viper/mapstructure/v2
  • 907cc317d596fd74b2a2d5595b7a9af922b91bcb build(deps): Bump github.com/go-viper/mapstructure/v2 in /hack/tools
  • cdd95725eb110514391daf272a976b40a899bf7d use less expensive gRPC call to implement GetLeafAndProofByHash (#2581)
  • 97e852137553b583388af781ad5820a78a47d27c move to per-shard trillian client manager (#2564)
  • 9ea5d3a7fbc8c2b285c3936182b72e70352336d4 use cheaper gRPC endpoint when we already have the inclusion proof (#2580)
  • a7768259127ee26d61e71738c4394cd501f767a0 simplify hash and signature verification in rekord type (#2579)
  • b73bee38e92a18f7f27403f0f78e4aa8c21cd0af build(deps): Bump google.golang.org/api from 0.245.0 to 0.246.0
  • c0e965ab1f74669f20672bd38b4e8f76ac91f0cf build(deps): Bump go.step.sm/crypto from 0.68.0 to 0.69.0 (#2577)
  • f97155a3d47d87687b59a527faa0cba88b7b4052 build(deps): Bump google.com/cloudsdktool/google-cloud-cli (#2572)
  • 9d72099c9081b22b939300163a653898526fbf53 build(deps): Bump golang.org/x/mod from 0.26.0 to 0.27.0 (#2571)
  • ce643733aa0730e330795d756765319a717ba4e8 build(deps): Bump golang from 1.24.5 to 1.24.6 in the all group (#2568)
  • 1defac6e13d9700c914cdb99d76f0266b7f1420a build(deps): Bump the all group with 3 updates (#2567)
  • 3764030d20cf1e4ab9387c1fc190f4efb8a89155 build(deps): Bump the all group with 2 updates (#2565)
  • d2372a3781b58211f7d6b49b877fdc822093cf9e use correct type; just look for len() instead of nil check (#2576)
  • 1720e3eae862b2fa7a292ea0a074e3b143d0cda2 return correct error if GetLeafAndProofByHash fails (#2574)
  • 4b655cc2374e05471afee2a09ef383980615c4cf build(deps): Bump golang.org/x/net from 0.42.0 to 0.43.0
  • 2cbf2d6ed4fa20f69daab630faac9a828486f88a add go mod updates
  • 21758e03780396c68dddd6c9dbd714c3c0bae781 move to v2 api
  • c36cdfdba25b5e35544ab4fa6ad2a4c49d89dca7 build(deps): Bump cloud.google.com/go/pubsub from 1.49.0 to 1.50.0
  • bdb43b805b57fe9449c737578c9aba32952a7f30 build(deps): Bump google.golang.org/api from 0.242.0 to 0.244.0 (#2561)
  • 9cf5f665780c407ba1c4bae0c8d605907cd3bc76 build(deps): Bump google.com/cloudsdktool/google-cloud-cli (#2556)

... (truncated)

Changelog

Sourced from github.com/sigstore/rekor's changelog.

v1.4.2

This release includes some performance optimizations and a bug fix for publishing events to a pub/sub topic.

Fixes

  • use pubsub client to check IAM permissions (#2605)
  • process type contents serially (#2604)
  • move to direct decoding instead of mapstructure (#2598)
  • optimize performance of regex operations (#2603)

Contributors

  • Bob Callaway

v1.4.1

This release includes updated dependencies for known CVEs, as well as some optimizations to minimize gRPC traffic between Rekor and Trillian.

Fixes

  • use less expensive gRPC call to implement GetLeafAndProofByHash (#2581)
  • move to per-shard trillian client manager (#2564)
  • use cheaper gRPC endpoint when we already have the inclusion proof (#2580)
  • simplify hash and signature verification in rekord type (#2579)
  • use correct type; just look for len() instead of nil check (#2576)
  • return correct error if GetLeafAndProofByHash fails (#2574)
  • fix incorrect client lb policy in test config (#2551)
  • numerous upgraded dependencies

Contributors

  • Bob Callaway
  • Carlos Alexandro Becker
Commits
  • 2379785 add changelog for v1.4.2 (#2606)
  • 6f2044d use pubsub client to check IAM permissions (#2605)
  • 81a43c4 process type contents serially (#2604)
  • fe7e8e6 build(deps): Bump golang from 1.24.6 to 1.25.0 in the all group (#2587)
  • ec3e380 build(deps): Bump github.com/go-openapi/swag from 0.23.1 to 0.24.1 (#2600)
  • 58c9f25 move to direct decoding instead of mapstructure (#2598)
  • 5239bdb optimize performance of regex operations (#2603)
  • c992443 build(deps): Bump the all group with 3 updates (#2599)
  • a9fb9d9 build(deps): Bump github/codeql-action in the all group (#2602)
  • df875f1 build(deps): Bump google-github-actions/auth from 2.1.12 to 3.0.0
  • Additional commits viewable in compare view

Updates github.com/spf13/cobra from 1.9.1 to 1.10.1

Release notes

Sourced from github.com/spf13/cobra's releases.

v1.10.1

🐛 Fix

v1.0.9 of pflags brought back ParseErrorsWhitelist and marked it as deprecated

Full Changelog: spf13/cobra@v1.10.0...v1.10.1

v1.10.0

What's Changed

🚨 Attention!

This version of pflag carried a breaking change: it renamed ParseErrorsWhitelist to ParseErrorsAllowlist which can break builds if both pflag and cobra are dependencies in your project.

  • If you use both pflag and cobra, upgrade pflagto 1.0.8 andcobrato1.10.0`
  • or use the newer, fixed version of pflag v1.0.9 which keeps the deprecated ParseErrorsWhitelist

More details can be found here: spf13/cobra#2303

✨ Features

🐛 Fix

🪠 Testing

📝 Docs

New Contributors

... (truncated)

Commits
  • 7da941c chore: Bump pflag to v1.0.9 (#2305)
  • 51d6751 Bump pflag to 1.0.8 (#2303)
  • 3f3b818 Update README.md with new logo
  • dcaf42e Add Periscope to the list of projects using Cobra (#2299)
  • 6dec1ae The default ShellCompDirective can be customized for a command and its subcom...
  • c8289c1 chore(golangci-lint): add some exclusion presets
  • 4af7b64 refactor: apply golangci-lint autofixes, work around false positives
  • 75790e4 chore(golangci-lint): upgrade to v2
  • db3ddb5 Adding sponsorship to README.md
  • 67171d6 putting sponsorship below header
  • Additional commits viewable in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

@dependabot dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Oct 10, 2025
@dependabot dependabot bot force-pushed the dependabot/go_modules/actions-28296ff88c branch from ea33275 to 8b89b35 Compare October 17, 2025 13:03
@dependabot dependabot bot force-pushed the dependabot/go_modules/actions-28296ff88c branch 5 times, most recently from 96e7454 to f3b2e35 Compare November 24, 2025 13:26
@dependabot
Bump the actions group across 1 directory with 5 updates
62f6721 
Bumps the actions group with 4 updates in the / directory: [github.com/go-openapi/runtime](https://github.com/go-openapi/runtime), [github.com/go-openapi/swag](https://github.com/go-openapi/swag), [github.com/sigstore/rekor](https://github.com/sigstore/rekor) and [github.com/spf13/cobra](https://github.com/spf13/cobra).


Updates `github.com/go-openapi/runtime` from 0.28.0 to 0.29.0
- [Release notes](https://github.com/go-openapi/runtime/releases)
- [Commits](go-openapi/runtime@v0.28.0...v0.29.0)

Updates `github.com/go-openapi/strfmt` from 0.23.0 to 0.24.0
- [Commits](go-openapi/strfmt@v0.23.0...v0.24.0)

Updates `github.com/go-openapi/swag` from 0.23.1 to 0.25.1
- [Commits](go-openapi/swag@v0.23.1...v0.25.1)

Updates `github.com/sigstore/rekor` from 1.4.0 to 1.4.2
- [Release notes](https://github.com/sigstore/rekor/releases)
- [Changelog](https://github.com/sigstore/rekor/blob/main/CHANGELOG.md)
- [Commits](sigstore/rekor@v1.4.0...v1.4.2)

Updates `github.com/spf13/cobra` from 1.9.1 to 1.10.1
- [Release notes](https://github.com/spf13/cobra/releases)
- [Commits](spf13/cobra@v1.9.1...v1.10.1)

---
updated-dependencies:
- dependency-name: github.com/go-openapi/runtime
  dependency-version: 0.29.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions
- dependency-name: github.com/go-openapi/strfmt
  dependency-version: 0.24.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions
- dependency-name: github.com/go-openapi/swag
  dependency-version: 0.25.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions
- dependency-name: github.com/sigstore/rekor
  dependency-version: 1.4.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: actions
- dependency-name: github.com/spf13/cobra
  dependency-version: 1.10.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot force-pushed the dependabot/go_modules/actions-28296ff88c branch from f3b2e35 to 62f6721 Compare December 11, 2025 13:03
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file go Pull requests that update Go code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant