chore(deps): Bump the minor-patch group across 1 directory with 34 updates #1914

dependabot · 2025-12-10T13:46:52Z

Bumps the minor-patch group with 11 updates in the / directory:

Package	From	To
github.com/aws/aws-sdk-go	`1.55.6`	`1.55.8`
github.com/google/go-containerregistry	`0.20.3`	`0.20.7`
github.com/hashicorp/go-retryablehttp	`0.7.7`	`0.7.8`
github.com/letsencrypt/boulder	`0.0.0-20240620165639-de9c06129bec`	`0.20251208.0`
github.com/sigstore/cosign/v2	`2.5.0`	`2.6.1`
go.uber.org/zap	`1.27.0`	`1.27.1`
golang.org/x/crypto	`0.45.0`	`0.46.0`
golang.org/x/net	`0.47.0`	`0.48.0`
github.com/docker/docker-credential-helpers	`0.9.3`	`0.9.4`
github.com/docker/go-connections	`0.5.0`	`0.6.0`
github.com/sigstore/scaffolding	`0.7.22`	`0.7.31`

Updates github.com/aws/aws-sdk-go from 1.55.6 to 1.55.8

Release notes

Sourced from github.com/aws/aws-sdk-go's releases.

Release v1.55.8 (2025-07-31)

SDK Features

Mark the module and all packages as deprecated.

This SDK has entered end-of-support.

Release v1.55.7 (2025-04-22)

SDK Bugs

service/s3/s3manager: Abort multipart download if object is modified during download

Fixes 4986

Commits

070853e release v1.55.8 (2025-07-31)
bb0168e Add deprecation warnings everywhere and remove some README content
7ce44f3 aws
6d9a26d remove doc issue tmpl
239002f deprecate service packages and HLLs
70c4177 deprecate main runtime packages
bbdd4e9 deprecate
163aada release v1.55.7 (2025-04-22) (#5346)
9eb2bfd Abort multi part download if the object is modified during download
8d203cc Update bug-report.yml
See full diff in compare view

Updates github.com/google/go-containerregistry from 0.20.3 to 0.20.7

Release notes

Sourced from github.com/google/go-containerregistry's releases.

v0.20.7

What's Changed

Fix ArgsEscaped lint directive by @Subserial in google/go-containerregistry#2137

transport: Fix broken links to distribution docs by @guzalv in google/go-containerregistry#2136

fix(remote): using customized retry predicate func if provided by @derekhjray in google/go-containerregistry#2135

Adding docker file by @HassanJasim in google/go-containerregistry#2138

crane: Add timestamp to flatten layer by @Stephanie0829 in google/go-containerregistry#2117

feat(remote): pass retryBackoff option to transport by @aslafy-z in google/go-containerregistry#1628

Expose clobber refusal error by @pjbgf in google/go-containerregistry#2146

Build artifacts for riscv64 by @ffgan in google/go-containerregistry#2159

Update dependencies and deprecate DockerVersion field by @Subserial in google/go-containerregistry#2164

New Contributors

@guzalv made their first contribution in google/go-containerregistry#2136

@derekhjray made their first contribution in google/go-containerregistry#2135

@HassanJasim made their first contribution in google/go-containerregistry#2138

@Stephanie0829 made their first contribution in google/go-containerregistry#2117

@pjbgf made their first contribution in google/go-containerregistry#2146

@ffgan made their first contribution in google/go-containerregistry#2159

Full Changelog: google/go-containerregistry@v0.20.6...v0.20.7

v0.20.6

What's Changed

Ensure that tag name is not empty if name contains colon by @SaschaSchwarze0 in google/go-containerregistry#2094

Bump some deps by @jonjohnsonjr in google/go-containerregistry#2110

New Contributors

@SaschaSchwarze0 made their first contribution in google/go-containerregistry#2094

Full Changelog: google/go-containerregistry@v0.20.4...v0.20.6

v0.20.5

What's Changed

build(deps): bump docker/docker to v28.0.0+incompatible by @luhring in google/go-containerregistry#2071

Migrate linter to v2 by @Subserial in google/go-containerregistry#2096

bump go version + bump deps by @Subserial in google/go-containerregistry#2093

implement TextMarshaler/JSONMarshaler more consistently by @imjasonh in google/go-containerregistry#2097

Update CodeQL permissions by @Subserial in google/go-containerregistry#2103

Update goreleaser permissions by @Subserial in google/go-containerregistry#2104

Update provenance action in release by @Subserial in google/go-containerregistry#2105

Update validator action by @Subserial in google/go-containerregistry#2106

New Contributors

@luhring made their first contribution in google/go-containerregistry#2071

@Subserial made their first contribution in google/go-containerregistry#2096

Full Changelog: google/go-containerregistry@v0.20.3...v0.20.5

v0.20.4 - Not usable as a go module

... (truncated)

Commits

e075f20 go mod tidy on dependabot update (#2171)
45aacf4 Bump the actions group across 1 directory with 3 updates (#2170)
073b936 Update dependencies and deprecate DockerVersion field (#2164)
390dacd Bump golang.org/x/crypto from 0.38.0 to 0.45.0 in /cmd/krane (#2163)
ca44d47 Bump golang.org/x/crypto from 0.38.0 to 0.45.0 in /pkg/authn/k8schain (#2162)
999cc1f Bump github.com/docker/docker (#2161)
d1809c8 Build artifacts for riscv64 (#2159)
7471efd Bump the auxiliary-deps group across 3 directories with 4 updates (#2156)
2bb5bb0 Bump the actions group with 5 updates (#2155)
16371c1 Remove manual vendor setting for dependabot (#2151)
Additional commits viewable in compare view

Updates github.com/hashicorp/go-retryablehttp from 0.7.7 to 0.7.8

Commits

e1f5485 Add a new RateLimitLinearJitterBackoff policy
b0cac1e Merge pull request #262 from hashicorp/dependabot-intge
66c110b few new parameters added to dependabot.yml
25b39e6 IND-3836 additions of new parameters to dependabot.yml
eeac125 add comment for bodyType param in client.Post
390c1d8 Merge pull request #254 from hashicorp/compliance/add-headers
f4d7325 [COMPLIANCE] Add Copyright and License Headers
a881d6c Merge pull request #251 from hashicorp/build-test
9c1b40b go-version matrix updated
e3867e3 resolved comments
Additional commits viewable in compare view

Updates github.com/letsencrypt/boulder from 0.0.0-20240620165639-de9c06129bec to 0.20251208.0

Release notes

Sourced from github.com/letsencrypt/boulder's releases.

v0.20251208.0

What's Changed

ratelimits: Refactor Reset() to accept a batch of Transactions by @beautifulentropy in letsencrypt/boulder#8503

Update CI to go1.25.5 by @aarongable in letsencrypt/boulder#8511

Store authzIDs directly in order table by @jsha in letsencrypt/boulder#8460

Add current datetime column to orderFqdnSets and authz2 tables by @aarongable in letsencrypt/boulder#8512

sa: Fix modelToOrder to populate V2Authorizations from Authzs column by @aaomidi in letsencrypt/boulder#8514

Remove ECDSA P-224 curve support from the ceremony tool by @pgporada in letsencrypt/boulder#8515

Allow monitoring_only logs as well as test logs for submitToTestLogs by @mcpherrinm in letsencrypt/boulder#8510

database: Add vitess + mysql 8.4 to our development environment by @beautifulentropy in letsencrypt/boulder#8468

Full Changelog: letsencrypt/boulder@v0.20251202.0...v0.20251208.0

v0.20251202.0

What's Changed

sa: use dummy date instead of zero date by @jsha in letsencrypt/boulder#8481

borp/sa: Update borp to pass Transaction args through BoulderTypeConverter by @beautifulentropy in letsencrypt/boulder#8494

sfe: Keep loading intervals in sync with promise, fix wording by @beautifulentropy in letsencrypt/boulder#8500

sfe/redis: Add limiter config to SFE and cleanup creds by @beautifulentropy in letsencrypt/boulder#8501

Make CAA checking more like DCV checking by @aarongable in letsencrypt/boulder#8491

Update Public Suffix List to v0.50.1 by @aarongable in letsencrypt/boulder#8495

sa: Stop injecting max_statement_time and long_query_time into DSNs by @beautifulentropy in letsencrypt/boulder#8490

Remove dead code by @mcpherrinm in letsencrypt/boulder#8506

build(deps): bump github/codeql-action from 3 to 4 by @dependabot[bot] in letsencrypt/boulder#8507

Full Changelog: letsencrypt/boulder@v0.20251118.0...v0.20251202.0

v0.20251118.0

What's Changed

build(deps): bump actions/github-script from 7 to 8 by @dependabot[bot] in letsencrypt/boulder#8472

wfe: Add healthz endpoint by @jprenken in letsencrypt/boulder#8484

Use promauto.With(stats) instead of stats.MustRegister() by @aarongable in letsencrypt/boulder#8483

database: Remove Partitions from our tables by @beautifulentropy in letsencrypt/boulder#8489

sfe/overrides: Update agreements with revised wording from legal by @beautifulentropy in letsencrypt/boulder#8488

Full Changelog: letsencrypt/boulder@v0.20251110.0...v0.20251118.0

v0.20251110.0

What's Changed

Remove 10-second timeout from RA's override loading code by @jprenken in letsencrypt/boulder#8477

test: Remove queries containing DDL from unit tests by @beautifulentropy in letsencrypt/boulder#8479

Refactor GetSCTs to use a single loop with a ticker by @mcpherrinm in letsencrypt/boulder#8470

Use promauto to register stats in bdns by @mcpherrinm in letsencrypt/boulder#8480

Export prometheus client_golang's Go build_info metric by @mcpherrinm in letsencrypt/boulder#8482

Full Changelog: letsencrypt/boulder@v0.20251103.0...v0.20251110.0

... (truncated)

Commits

See full diff in compare view

Updates github.com/sigstore/cosign/v2 from 2.5.0 to 2.6.1

Release notes

Sourced from github.com/sigstore/cosign/v2's releases.

v2.6.1

Changelog

634fabe54f9fbbab55d821a83ba93b2d25bdba5f Bump sigstore-go, move conformance back to tagged release

c5545eda23d770180880c245bf0d8f78c354ecc4 Partially populate the output of cosign verify when working with new bundles (#4416)

e191024a636883b4e6b7de8db2f5cfb85a1fcd0c bump go builder to use 1.25.1 and cosign (#4417)

Thanks to all contributors!

v2.6.0 introduces a number of new features, including:

Signing an in-toto statement rather than Cosign constructing one from a predicate, along with verifying a statement's subject using a digest and digest algorithm rather than providing a file reference (#4306)

Uploading a signature and its verification material (a "bundle") as an OCI Image 1.1 referring artifact, completing #3927 (#4316)

Providing service URLs for signing and attesting using a SigningConfig. Note that this is required when using a Rekor v2 instance (#4319)

Example generation and verification of a signed in-toto statement:
cosign attest-blob --new-bundle-format=true --bundle="digest-key-test.sigstore.json" --key="cosign.key" --statement="../sigstore-go/examples/sigstore-go-signing/intoto.txt"
cosign verify-blob-attestation --bundle="digest-key-test.sigstore.json" --key=cosign.pub --type=unused --digest="b94d27b9934d3e08a52e52d7da7dabfac484efe37a5380ee9088f7ace2efcde9" --digestAlg="sha256"
Example container signing and verification using the new bundle format and referring artifacts:
cosign sign --new-bundle-format=true ghcr.io/user/alpine@sha256:a19367999603840546b8612572e338ec076c6d1f2fec61760a9e11410f546733
cosign verify --new-bundle-format=true ghcr.io/user/alpine@sha256:a19367999603840546b8612572e338ec076c6d1f2fec61760a9e11410f546733
Example usage of a signing config provided by the public good instance's TUF repository:
cosign sign-blob --use-signing-config --bundle sigstore.json README.md
cosign verify-blob --new-bundle-format --bundle sigstore.json --certificate-identity $EMAIL --certificate-oidc-issuer $ISSUER --use-signed-timestamps README.md
v2.6.0 leverages sigstore-go's signing and verification APIs gated behind these new flags. In an upcoming major release, we will be updating Cosign to default to producing and consuming bundles to align with all other Sigstore SDKs.

Features

Add to attest-blob the ability to supply a complete in-toto statement, and add to verify-blob-attestation the ability to verify with just a digest (#4306)

Have cosign sign support bundle format (#4316)

Add support for SigningConfig for sign-blob/attest-blob, support Rekor v2 (#4319)

Add support for SigningConfig in sign/attest (#4371)

Support self-managed keys when signing with sigstore-go (#4368)

Don't require timestamps when verifying with a key (#4337)

Don't load content from TUF if trusted root path is specified (#4347)

Add a terminal spinner while signing with sigstore-go (#4402)

... (truncated)

Changelog

Sourced from github.com/sigstore/cosign/v2's changelog.

v2.6.1

Bug Fixes

Partially populate the output of cosign verify when working with new bundles (#4416)

Bump sigstore-go, move conformance back to tagged release (#4426)

v2.6.0

v2.6.0 introduces a number of new features, including:

Signing an in-toto statement rather than Cosign constructing one from a predicate, along with verifying a statement's subject using a digest and digest algorithm rather than providing a file reference (#4306)

Uploading a signature and its verification material (a "bundle") as an OCI Image 1.1 referring artifact, completing #3927 (#4316)

Providing service URLs for signing and attesting using a SigningConfig. Note that this is required when using a Rekor v2 instance (#4319)

Example generation and verification of a signed in-toto statement:
cosign attest-blob --new-bundle-format=true --bundle="digest-key-test.sigstore.json" --key="cosign.key" --statement="../sigstore-go/examples/sigstore-go-signing/intoto.txt"
cosign verify-blob-attestation --bundle="digest-key-test.sigstore.json" --key=cosign.pub --type=unused --digest="b94d27b9934d3e08a52e52d7da7dabfac484efe37a5380ee9088f7ace2efcde9" --digestAlg="sha256"
Example container signing and verification using the new bundle format and referring artifacts:
cosign sign --new-bundle-format=true ghcr.io/user/alpine@sha256:a19367999603840546b8612572e338ec076c6d1f2fec61760a9e11410f546733
cosign verify --new-bundle-format=true ghcr.io/user/alpine@sha256:a19367999603840546b8612572e338ec076c6d1f2fec61760a9e11410f546733
Example usage of a signing config provided by the public good instance's TUF repository:
cosign sign-blob --use-signing-config --bundle sigstore.json README.md
cosign verify-blob --new-bundle-format --bundle sigstore.json --certificate-identity $EMAIL --certificate-oidc-issuer $ISSUER --use-signed-timestamps README.md
v2.6.0 leverages sigstore-go's signing and verification APIs gated behind these new flags. In an upcoming major release, we will be updating Cosign to default to producing and consuming bundles to align with all other Sigstore SDKs.

Features

Add to attest-blob the ability to supply a complete in-toto statement, and add to verify-blob-attestation the ability to verify with just a digest (#4306)

Have cosign sign support bundle format (#4316)

Add support for SigningConfig for sign-blob/attest-blob, support Rekor v2 (#4319)

Add support for SigningConfig in sign/attest (#4371)

Support self-managed keys when signing with sigstore-go (#4368)

Don't require timestamps when verifying with a key (#4337)

Don't load content from TUF if trusted root path is specified (#4347)

Add a terminal spinner while signing with sigstore-go (#4402)

Require exclusively a SigningConfig or service URLs when signing (#4403)

... (truncated)

Commits

634fabe Bump sigstore-go, move conformance back to tagged release
c5545ed Partially populate the output of cosign verify when working with new bundles ...
e191024 bump go builder to use 1.25.1 and cosign (#4417)
37fbfc7 Require exclusively a SigningConfig or service URLs when signing (#4403)
b1acaeb Add a terminal spinner while signing with sigstore-go (#4402)
2581dfd chore(deps): bump the gomod group across 1 directory with 8 updates (#4401)
11163ae Bump sigstore-go, support alternative hash algorithms with keys (#4386)
153df46 chore(deps): bump golang.org/x/crypto from 0.41.0 to 0.42.0 (#4391)
1a1ee13 chore(deps): bump golang.org/x/oauth2 from 0.30.0 to 0.31.0 (#4393)
8c7c09d chore(deps): bump gitlab.com/gitlab-org/api/client-go (#4394)
Additional commits viewable in compare view

Updates github.com/sigstore/rekor from 1.3.10 to 1.4.2

Release notes

Sourced from github.com/sigstore/rekor's releases.

v1.4.2

What's Changed

build(deps): Bump google-github-actions/auth from 2.1.12 to 3.0.0 by @dependabot[bot] in sigstore/rekor#2601

build(deps): Bump github/codeql-action from 3.29.11 to 3.30.0 in the all group by @dependabot[bot] in sigstore/rekor#2602

build(deps): Bump the all group with 3 updates by @dependabot[bot] in sigstore/rekor#2599

optimize performance of regex operations by @bobcallaway in sigstore/rekor#2603

move to direct decoding instead of mapstructure by @bobcallaway in sigstore/rekor#2598

build(deps): Bump github.com/go-openapi/swag from 0.23.1 to 0.24.1 by @dependabot[bot] in sigstore/rekor#2600

build(deps): Bump golang from 1.24.6 to 1.25.0 in the all group by @dependabot[bot] in sigstore/rekor#2587

process type contents serially by @bobcallaway in sigstore/rekor#2604

use pubsub client to check IAM permissions by @bobcallaway in sigstore/rekor#2605

add changelog for v1.4.2 by @bobcallaway in sigstore/rekor#2606

Full Changelog: sigstore/rekor@v1.4.1...v1.4.2

v1.4.1

Changelog

7c83add6b10b15d4665b1773ccb6144da95394b7 add changelog for v1.4.1 release (#2597)

978d430f0599737a3716712731bc3e3dcf8c4ea6 build(deps): Bump google.golang.org/api from 0.246.0 to 0.248.0 (#2595)

692a2aafc9d09618e5a51feef6f26bf94ce040cb build(deps): Bump github.com/ulikunitz/xz from 0.5.12 to 0.5.14 (#2596)

04cf79c6e5512d51796c4fcfba0af05cea6d2db5 build(deps): Bump the all group with 2 updates (#2593)

f6e19d80e2dcfaa4bafe976f759f7b4dc1a3c0d8 build(deps): Bump github.com/stretchr/testify from 1.10.0 to 1.11.0

d34ab93bacd15f02d0a76933cbbaab3008136702 build(deps): Bump go.step.sm/crypto from 0.69.0 to 0.70.0

ee8f373f27a84ef6df433f8983afb52aad74782f build(deps): Bump google.golang.org/protobuf in the all group

1fcc0a64f121936a0c806db17394e5801e873ed8 build(deps): Bump google.golang.org/grpc from 1.74.2 to 1.75.0

8038b35a398a48a863ca3b4da7816f6fe3cb8bd2 build(deps): Bump google.com/cloudsdktool/google-cloud-cli

7b8da09119cc4345234fabe41e1456e813f508df build(deps): Bump actions/checkout from 4.3.0 to 5.0.0

ec92ffe2b94f1c6d63004b0d85e73c40ac0f2b56 build(deps): Bump github.com/redis/go-redis/v9 from 9.11.0 to 9.12.1

96937bf08c14dbf7c0a81bd21cd2741562424528 build(deps): Bump github.com/go-viper/mapstructure/v2

907cc317d596fd74b2a2d5595b7a9af922b91bcb build(deps): Bump github.com/go-viper/mapstructure/v2 in /hack/tools

cdd95725eb110514391daf272a976b40a899bf7d use less expensive gRPC call to implement GetLeafAndProofByHash (#2581)

97e852137553b583388af781ad5820a78a47d27c move to per-shard trillian client manager (#2564)

9ea5d3a7fbc8c2b285c3936182b72e70352336d4 use cheaper gRPC endpoint when we already have the inclusion proof (#2580)

a7768259127ee26d61e71738c4394cd501f767a0 simplify hash and signature verification in rekord type (#2579)

b73bee38e92a18f7f27403f0f78e4aa8c21cd0af build(deps): Bump google.golang.org/api from 0.245.0 to 0.246.0

c0e965ab1f74669f20672bd38b4e8f76ac91f0cf build(deps): Bump go.step.sm/crypto from 0.68.0 to 0.69.0 (#2577)

f97155a3d47d87687b59a527faa0cba88b7b4052 build(deps): Bump google.com/cloudsdktool/google-cloud-cli (#2572)

9d72099c9081b22b939300163a653898526fbf53 build(deps): Bump golang.org/x/mod from 0.26.0 to 0.27.0 (#2571)

ce643733aa0730e330795d756765319a717ba4e8 build(deps): Bump golang from 1.24.5 to 1.24.6 in the all group (#2568)

1defac6e13d9700c914cdb99d76f0266b7f1420a build(deps): Bump the all group with 3 updates (#2567)

3764030d20cf1e4ab9387c1fc190f4efb8a89155 build(deps): Bump the all group with 2 updates (#2565)

d2372a3781b58211f7d6b49b877fdc822093cf9e use correct type; just look for len() instead of nil check (#2576)

1720e3eae862b2fa7a292ea0a074e3b143d0cda2 return correct error if GetLeafAndProofByHash fails (#2574)

4b655cc2374e05471afee2a09ef383980615c4cf build(deps): Bump golang.org/x/net from 0.42.0 to 0.43.0

2cbf2d6ed4fa20f69daab630faac9a828486f88a add go mod updates

21758e03780396c68dddd6c9dbd714c3c0bae781 move to v2 api

c36cdfdba25b5e35544ab4fa6ad2a4c49d89dca7 build(deps): Bump cloud.google.com/go/pubsub from 1.49.0 to 1.50.0

bdb43b805b57fe9449c737578c9aba32952a7f30 build(deps): Bump google.golang.org/api from 0.242.0 to 0.244.0 (#2561)

9cf5f665780c407ba1c4bae0c8d605907cd3bc76 build(deps): Bump google.com/cloudsdktool/google-cloud-cli (#2556)

... (truncated)

Changelog

Sourced from github.com/sigstore/rekor's changelog.

v1.4.2

This release includes some performance optimizations and a bug fix for publishing events to a pub/sub topic.

Fixes

use pubsub client to check IAM permissions (#2605)

process type contents serially (#2604)

move to direct decoding instead of mapstructure (#2598)

optimize performance of regex operations (#2603)

Contributors

Bob Callaway

v1.4.1

This release includes updated dependencies for known CVEs, as well as some optimizations to minimize gRPC traffic between Rekor and Trillian.

Fixes

use less expensive gRPC call to implement GetLeafAndProofByHash (#2581)

move to per-shard trillian client manager (#2564)

use cheaper gRPC endpoint when we already have the inclusion proof (#2580)

simplify hash and signature verification in rekord type (#2579)

use correct type; just look for len() instead of nil check (#2576)

return correct error if GetLeafAndProofByHash fails (#2574)

fix incorrect client lb policy in test config (#2551)

numerous upgraded dependencies

Contributors

Bob Callaway

Carlos Alexandro Becker

v1.4.0

This is a minor version release given the removal of the stable checkpoint feature. To our knowledge, this was not used effectively anywhere and therefore was removed from Rekor v1. Witnessing will be added as part of the upcoming Rekor v2 release.

Features

enable retries and timeouts on GCP KMS calls (#2548)

allow configuring gRPC default service config for trillian client load balancing & timeouts (#2549)

move context handling in trillian RPC calls to be request based and idiomatic (#2536)

Fixes

Fix docker compose up --wait failing when Trillian server isn't healthy (#2473)

better mysql healthcheck (#2459)

... (truncated)

Commits

2379785 add changelog for v1.4.2 (#2606)
6f2044d use pubsub client to check IAM permissions (#2605)
81a43c4 process type contents serially (#2604)
fe7e8e6 build(deps): Bump golang from 1.24.6 to 1.25.0 in the all group (#2587)
ec3e380 build(deps): Bump github.com/go-openapi/swag from 0.23.1 to 0.24.1 (#2600)
58c9f25 move to direct decoding instead of mapstructure (#2598)
5239bdb optimize performance of regex operations (#2603)
c992443 build(deps): Bump the all group with 3 updates (#2599)
a9fb9d9 build(deps): Bump github/codeql-action in the all group (#2602)
df875f1 build(deps): Bump google-github-actions/auth from 2.1.12 to 3.0.0
Additional commits viewable in compare view

Updates github.com/sigstore/sigstore from 1.9.4 to 1.9.6-0.20250729224751-181c5d3339b3

Release notes

Sourced from github.com/sigstore/sigstore's releases.

v1.9.5

What's Changed

Add context from opts to Azure signer in sigstore/sigstore#2070

add RWMutex around providerMap to protect concurrent ops in sigstore/sigstore#2077

Full Changelog: sigstore/sigstore@v1.9.4...v1.9.5

Commits

See full diff in compare view

Updates github.com/stretchr/testify from 1.10.0 to 1.11.1

Release notes

Sourced from github.com/stretchr/testify's releases.

v1.11.1

This release fixes #1785 introduced in v1.11.0 where expected argument values implementing the stringer interface (String() string) with a method which mutates their value, when passed to mock.Mock.On (m.On("Method", <expected>).Return()) or actual argument values passed to mock.Mock.Called may no longer match one another where they previously did match. The behaviour prior to v1.11.0 where the stringer is always called is restored. Future testify releases may not call the stringer method at all in this case.

What's Changed

Backport #1786 to release/1.11: mock: revert to pre-v1.11.0 argument matching behavior for mutating stringers by @brackendawson in stretchr/testify#1788

Full Changelog: stretchr/testify@v1.11.0...v1.11.1

v1.11.0

What's Changed

Functional Changes

v1.11.0 Includes a number of performance improvements.

Call stack perf change for CallerInfo by @mikeauclair in stretchr/testify#1614

Lazily render mock diff output on successful match by @mikeauclair in stretchr/testify#1615

assert: check early in Eventually, EventuallyWithT, and Never by @cszczepaniak in stretchr/testify#1427

assert: add IsNotType by @bartventer in stretchr/testify#1730

assert.JSONEq: shortcut if same strings by @dolmen in stretchr/testify#1754

assert.YAMLEq: shortcut if same strings by @dolmen in stretchr/testify#1755

assert: faster and simpler isEmpty using reflect.Value.IsZero by @dolmen in stretchr/testify#1761

suite: faster methods filtering (internal refactor) by @dolmen in stretchr/testify#1758

Fixes

assert.ErrorAs: log target type by @craig65535 in stretchr/testify#1345

Fix failure message formatting for Positive and Negative asserts in stretchr/testify#1062

Improve ErrorIs message when error is nil but an error was expected by @tsioftas in stretchr/testify#1681

fix Subset/NotSubset when calling with mixed input types by @siliconbrain in stretchr/testify#1729

Improve ErrorAs failure message when error is nil by @ccoVeille in stretchr/testify#1734

mock.AssertNumberOfCalls: improve error msg by @3scalation in stretchr/testify#1743

Documentation, Build & CI

docs: Fix typo in README by @alexandear in stretchr/testify#1688

Replace deprecated io/ioutil with io and os by @alexandear in stretchr/testify#1684

Document consequences of calling t.FailNow() by @greg0ire in stretchr/testify#1710

chore: update docs for Unset #1621 by @techfg in stretchr/testify#1709

README: apply gofmt to examples by @alexandear in stretchr/testify#1687

refactor: use %q and %T to simplify fmt.Sprintf by @alexandear in stretchr/testify#1674

Propose Christophe Colombier (ccoVeille) as approver by @brackendawson in stretchr/testify#1716

Update documentation for the Error function in assert or require package by @architagr in stretchr/testify#1675

assert: remove deprecated build constraints by @alexandear in stretchr/testify#1671

assert: apply gofumpt to internal test suite by @ccoVeille in stretchr/testify#1739

CI: fix shebang in .ci.*.sh scripts by @dolmen in stretchr/testify#1746

assert,require: enable parallel testing on (almost) all top tests by @dolmen in stretchr/testify#1747

suite.Passed: add one more status test report by @Ararsa-Derese in stretchr/testify#1706

Add Helper() method in internal mocks and assert.CollectT by @dolmen in stretchr/testify#1423

assert.Same/NotSame: improve usage of Sprintf by @ccoVeille in stretchr/testify#1742

mock: enable parallel testing on internal testsuite by @dolmen in stretchr/testify#1756

suite: cleanup use of 'testing' internals at runtime by @dolmen in stretchr/testify#1751

assert: check test failure message for Empty and NotEmpty by @ccoVeille in stretchr/testify#1745

... (truncated)

Commits

2a57335 Merge pull request #1788 from brackendawson/1785-backport-1.11
af8c912 Backport #1786 to release/1.11
b7801fb Merge pull request #1778 from stretchr/dependabot/github_actions/actions/chec...
69831f3 build(deps): bump actions/checkout from 4 to 5
a53be35 Improve captureTestingT helper
aafb604 mock: improve formatting of error message
7218e03 improve error msg
929a212 Merge pull request #1758 from stretchr/dolmen/suite-faster-method-filtering
bc7459e suite: faster filtering of methods (-testify.m)
7d37b5c suite: refactor methodFilter
Additional commits viewable in compare view

Updates go.uber.org/zap from 1.27.0 to 1.27.1

Release notes

Sourced from go.uber.org/zap's releases.

v1.27.1

Enhancements:

#1501[]: prevent Object from panicking on nils

#1511[]: Fix a race condition in WithLazy.

Thanks to @rabbbit, @alshopov, @jquirke, @arukiidou for their contributions to this release.

#1501: uber-go/zap#1501 #1511: uber-go/zap#1511

Changelog

Sourced from go.uber.org/zap's changelog.

1.27.1 (19 Nov 2025)

Enhancements:

#1501[]: prevent Object from panicking on nils

#1511[]: Fix a race condition in WithLazy.

Thanks to @rabbbit, @alshopov, @jquirke, @arukiidou for their contributions to this release.

#1501: uber-go/zap#1501 #1511: uber-go/zap#1511

Commits

7b755a3 release 1.27.1 (#1521)
d6b395b Update...
Description has been truncated

…dates Bumps the minor-patch group with 11 updates in the / directory: | Package | From | To | | --- | --- | --- | | [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) | `1.55.6` | `1.55.8` | | [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry) | `0.20.3` | `0.20.7` | | [github.com/hashicorp/go-retryablehttp](https://github.com/hashicorp/go-retryablehttp) | `0.7.7` | `0.7.8` | | [github.com/letsencrypt/boulder](https://github.com/letsencrypt/boulder) | `0.0.0-20240620165639-de9c06129bec` | `0.20251208.0` | | [github.com/sigstore/cosign/v2](https://github.com/sigstore/cosign) | `2.5.0` | `2.6.1` | | [go.uber.org/zap](https://github.com/uber-go/zap) | `1.27.0` | `1.27.1` | | [golang.org/x/crypto](https://github.com/golang/crypto) | `0.45.0` | `0.46.0` | | [golang.org/x/net](https://github.com/golang/net) | `0.47.0` | `0.48.0` | | [github.com/docker/docker-credential-helpers](https://github.com/docker/docker-credential-helpers) | `0.9.3` | `0.9.4` | | [github.com/docker/go-connections](https://github.com/docker/go-connections) | `0.5.0` | `0.6.0` | | [github.com/sigstore/scaffolding](https://github.com/sigstore/scaffolding) | `0.7.22` | `0.7.31` | Updates `github.com/aws/aws-sdk-go` from 1.55.6 to 1.55.8 - [Release notes](https://github.com/aws/aws-sdk-go/releases) - [Changelog](https://github.com/aws/aws-sdk-go/blob/main/CHANGELOG_PENDING.md) - [Commits](aws/aws-sdk-go@v1.55.6...v1.55.8) Updates `github.com/google/go-containerregistry` from 0.20.3 to 0.20.7 - [Release notes](https://github.com/google/go-containerregistry/releases) - [Commits](google/go-containerregistry@v0.20.3...v0.20.7) Updates `github.com/hashicorp/go-retryablehttp` from 0.7.7 to 0.7.8 - [Changelog](https://github.com/hashicorp/go-retryablehttp/blob/main/CHANGELOG.md) - [Commits](hashicorp/go-retryablehttp@v0.7.7...v0.7.8) Updates `github.com/letsencrypt/boulder` from 0.0.0-20240620165639-de9c06129bec to 0.20251208.0 - [Release notes](https://github.com/letsencrypt/boulder/releases) - [Changelog](https://github.com/letsencrypt/boulder/blob/main/docs/release.md) - [Commits](https://github.com/letsencrypt/boulder/commits/v0.20251208.0) Updates `github.com/sigstore/cosign/v2` from 2.5.0 to 2.6.1 - [Release notes](https://github.com/sigstore/cosign/releases) - [Changelog](https://github.com/sigstore/cosign/blob/main/CHANGELOG.md) - [Commits](sigstore/cosign@v2.5.0...v2.6.1) Updates `github.com/sigstore/rekor` from 1.3.10 to 1.4.2 - [Release notes](https://github.com/sigstore/rekor/releases) - [Changelog](https://github.com/sigstore/rekor/blob/main/CHANGELOG.md) - [Commits](sigstore/rekor@v1.3.10...v1.4.2) Updates `github.com/sigstore/sigstore` from 1.9.4 to 1.9.6-0.20250729224751-181c5d3339b3 - [Release notes](https://github.com/sigstore/sigstore/releases) - [Commits](https://github.com/sigstore/sigstore/commits) Updates `github.com/stretchr/testify` from 1.10.0 to 1.11.1 - [Release notes](https://github.com/stretchr/testify/releases) - [Commits](stretchr/testify@v1.10.0...v1.11.1) Updates `go.uber.org/zap` from 1.27.0 to 1.27.1 - [Release notes](https://github.com/uber-go/zap/releases) - [Changelog](https://github.com/uber-go/zap/blob/master/CHANGELOG.md) - [Commits](uber-go/zap@v1.27.0...v1.27.1) Updates `golang.org/x/crypto` from 0.45.0 to 0.46.0 - [Commits](golang/crypto@v0.45.0...v0.46.0) Updates `golang.org/x/net` from 0.47.0 to 0.48.0 - [Commits](golang/net@v0.47.0...v0.48.0) Updates `golang.org/x/time` from 0.11.0 to 0.12.0 - [Commits](golang/time@v0.11.0...v0.12.0) Updates `google.golang.org/protobuf` from 1.36.6 to 1.36.9 Updates `k8s.io/api` from 0.32.3 to 0.34.1 - [Commits](kubernetes/api@v0.32.3...v0.34.1) Updates `k8s.io/apimachinery` from 0.32.3 to 0.34.1 - [Commits](kubernetes/apimachinery@v0.32.3...v0.34.1) Updates `k8s.io/client-go` from 0.32.3 to 0.34.1 - [Changelog](https://github.com/kubernetes/client-go/blob/master/CHANGELOG.md) - [Commits](kubernetes/client-go@v0.32.3...v0.34.1) Updates `sigs.k8s.io/release-utils` from 0.11.1 to 0.12.1 - [Release notes](https://github.com/kubernetes-sigs/release-utils/releases) - [Commits](kubernetes-sigs/release-utils@v0.11.1...v0.12.1) Updates `sigs.k8s.io/yaml` from 1.4.0 to 1.6.0 - [Release notes](https://github.com/kubernetes-sigs/yaml/releases) - [Changelog](https://github.com/kubernetes-sigs/yaml/blob/master/RELEASE.md) - [Commits](kubernetes-sigs/yaml@v1.4.0...v1.6.0) Updates `github.com/spf13/cobra` from 1.9.1 to 1.10.1 - [Release notes](https://github.com/spf13/cobra/releases) - [Commits](spf13/cobra@v1.9.1...v1.10.1) Updates `github.com/Azure/azure-sdk-for-go/sdk/azcore` from 1.18.0 to 1.18.2 - [Release notes](https://github.com/Azure/azure-sdk-for-go/releases) - [Commits](Azure/azure-sdk-for-go@sdk/azcore/v1.18.0...sdk/azcore/v1.18.2) Updates `github.com/Azure/azure-sdk-for-go/sdk/azidentity` from 1.9.0 to 1.11.0 - [Release notes](https://github.com/Azure/azure-sdk-for-go/releases) - [Commits](Azure/azure-sdk-for-go@sdk/azcore/v1.9.0...sdk/azcore/v1.11.0) Updates `github.com/awslabs/amazon-ecr-credential-helper/ecr-login` from 0.9.1 to 0.10.1 - [Release notes](https://github.com/awslabs/amazon-ecr-credential-helper/releases) - [Changelog](https://github.com/awslabs/amazon-ecr-credential-helper/blob/main/CHANGELOG.md) - [Commits](awslabs/amazon-ecr-credential-helper@v0.9.1...v0.10.1) Updates `github.com/docker/docker` from 28.1.1+incompatible to 28.5.2+incompatible - [Release notes](https://github.com/docker/docker/releases) - [Commits](moby/moby@v28.1.1...v28.5.2) Updates `github.com/docker/docker-credential-helpers` from 0.9.3 to 0.9.4 - [Release notes](https://github.com/docker/docker-credential-helpers/releases) - [Commits](docker/docker-credential-helpers@v0.9.3...v0.9.4) Updates `github.com/docker/go-connections` from 0.5.0 to 0.6.0 - [Commits](docker/go-connections@v0.5.0...v0.6.0) Updates `github.com/go-jose/go-jose/v4` from 4.1.0 to 4.1.2 - [Release notes](https://github.com/go-jose/go-jose/releases) - [Commits](go-jose/go-jose@v4.1.0...v4.1.2) Updates `github.com/sigstore/protobuf-specs` from 0.4.1 to 0.5.0 - [Release notes](https://github.com/sigstore/protobuf-specs/releases) - [Changelog](https://github.com/sigstore/protobuf-specs/blob/main/CHANGELOG.md) - [Commits](sigstore/protobuf-specs@v0.4.1...v0.5.0) Updates `github.com/sigstore/scaffolding` from 0.7.22 to 0.7.31 - [Release notes](https://github.com/sigstore/scaffolding/releases) - [Changelog](https://github.com/sigstore/scaffolding/blob/main/release.md) - [Commits](sigstore/scaffolding@v0.7.22...v0.7.31) Updates `github.com/sigstore/sigstore-go` from 0.7.2 to 1.1.3 - [Release notes](https://github.com/sigstore/sigstore-go/releases) - [Commits](sigstore/sigstore-go@v0.7.2...v1.1.3) Updates `github.com/sigstore/sigstore/pkg/signature/kms/aws` from 1.9.4 to 1.9.5 - [Release notes](https://github.com/sigstore/sigstore/releases) - [Commits](sigstore/sigstore@v1.9.4...v1.9.5) Updates `github.com/sigstore/sigstore/pkg/signature/kms/azure` from 1.9.4 to 1.9.5 - [Release notes](https://github.com/sigstore/sigstore/releases) - [Commits](sigstore/sigstore@v1.9.4...v1.9.5) Updates `github.com/sigstore/sigstore/pkg/signature/kms/gcp` from 1.9.4 to 1.9.6-0.20250729224751-181c5d3339b3 - [Release notes](https://github.com/sigstore/sigstore/releases) - [Commits](https://github.com/sigstore/sigstore/commits) Updates `github.com/sigstore/sigstore/pkg/signature/kms/hashivault` from 1.9.4 to 1.9.5 - [Release notes](https://github.com/sigstore/sigstore/releases) - [Commits](sigstore/sigstore@v1.9.4...v1.9.5) Updates `github.com/spf13/viper` from 1.20.1 to 1.21.0 - [Release notes](https://github.com/spf13/viper/releases) - [Commits](spf13/viper@v1.20.1...v1.21.0) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go dependency-version: 1.55.8 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: minor-patch - dependency-name: github.com/google/go-containerregistry dependency-version: 0.20.7 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: minor-patch - dependency-name: github.com/hashicorp/go-retryablehttp dependency-version: 0.7.8 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: minor-patch - dependency-name: github.com/letsencrypt/boulder dependency-version: 0.20251208.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor-patch - dependency-name: github.com/sigstore/cosign/v2 dependency-version: 2.6.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor-patch - dependency-name: github.com/sigstore/rekor dependency-version: 1.4.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor-patch - dependency-name: github.com/sigstore/sigstore dependency-version: 1.9.6-0.20250729224751-181c5d3339b3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: minor-patch - dependency-name: github.com/stretchr/testify dependency-version: 1.11.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor-patch - dependency-name: go.uber.org/zap dependency-version: 1.27.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: minor-patch - dependency-name: golang.org/x/crypto dependency-version: 0.46.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor-patch - dependency-name: golang.org/x/net dependency-version: 0.48.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor-patch - dependency-name: golang.org/x/time dependency-version: 0.12.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor-patch - dependency-name: google.golang.org/protobuf dependency-version: 1.36.9 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: minor-patch - dependency-name: k8s.io/api dependency-version: 0.34.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor-patch - dependency-name: k8s.io/apimachinery dependency-version: 0.34.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor-patch - dependency-name: k8s.io/client-go dependency-version: 0.34.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor-patch - dependency-name: sigs.k8s.io/release-utils dependency-version: 0.12.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor-patch - dependency-name: sigs.k8s.io/yaml dependency-version: 1.6.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor-patch - dependency-name: github.com/spf13/cobra dependency-version: 1.10.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor-patch - dependency-name: github.com/Azure/azure-sdk-for-go/sdk/azcore dependency-version: 1.18.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: minor-patch - dependency-name: github.com/Azure/azure-sdk-for-go/sdk/azidentity dependency-version: 1.11.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor-patch - dependency-name: github.com/awslabs/amazon-ecr-credential-helper/ecr-login dependency-version: 0.10.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor-patch - dependency-name: github.com/docker/docker dependency-version: 28.5.2+incompatible dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor-patch - dependency-name: github.com/docker/docker-credential-helpers dependency-version: 0.9.4 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: minor-patch - dependency-name: github.com/docker/go-connections dependency-version: 0.6.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor-patch - dependency-name: github.com/go-jose/go-jose/v4 dependency-version: 4.1.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: minor-patch - dependency-name: github.com/sigstore/protobuf-specs dependency-version: 0.5.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor-patch - dependency-name: github.com/sigstore/scaffolding dependency-version: 0.7.31 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: minor-patch - dependency-name: github.com/sigstore/sigstore-go dependency-version: 1.1.3 dependency-type: direct:production update-type: version-update:semver-major dependency-group: minor-patch - dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/aws dependency-version: 1.9.5 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: minor-patch - dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/azure dependency-version: 1.9.5 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: minor-patch - dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/gcp dependency-version: 1.9.6-0.20250729224751-181c5d3339b3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: minor-patch - dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/hashivault dependency-version: 1.9.5 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: minor-patch - dependency-name: github.com/spf13/viper dependency-version: 1.21.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor-patch ... Signed-off-by: dependabot[bot] <[email protected]>

dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Dec 10, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

chore(deps): Bump the minor-patch group across 1 directory with 34 updates #1914

chore(deps): Bump the minor-patch group across 1 directory with 34 updates #1914

Uh oh!

dependabot bot commented on behalf of github Dec 10, 2025

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

chore(deps): Bump the minor-patch group across 1 directory with 34 updates #1914

Are you sure you want to change the base?

chore(deps): Bump the minor-patch group across 1 directory with 34 updates #1914

Uh oh!

Conversation

dependabot bot commented on behalf of github Dec 10, 2025

Release v1.55.8 (2025-07-31)

SDK Features

Release v1.55.7 (2025-04-22)

SDK Bugs

v0.20.7

What's Changed

New Contributors

v0.20.6

What's Changed

New Contributors

v0.20.5

What's Changed

New Contributors

v0.20.4 - Not usable as a go module

v0.20251208.0

What's Changed

v0.20251202.0

What's Changed

v0.20251118.0

What's Changed

v0.20251110.0

What's Changed

v2.6.1

Changelog

Thanks to all contributors!

Features

v2.6.1

Bug Fixes

v2.6.0

Features

v1.4.2

What's Changed

v1.4.1

Changelog

v1.4.2

Fixes

Contributors

v1.4.1

Fixes

Contributors

v1.4.0

Features

Fixes

v1.9.5

What's Changed

v1.11.1

What's Changed

v1.11.0

What's Changed

Functional Changes

Fixes

Documentation, Build & CI

v1.27.1

1.27.1 (19 Nov 2025)

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant