Skip to content

update: bump the gomod-packages group across 1 directory with 15 updates#2123

Open
dependabot[bot] wants to merge 1 commit into
developfrom
dependabot/go_modules/develop/gomod-packages-e2841e65d5
Open

update: bump the gomod-packages group across 1 directory with 15 updates#2123
dependabot[bot] wants to merge 1 commit into
developfrom
dependabot/go_modules/develop/gomod-packages-e2841e65d5

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 9, 2026

Copy link
Copy Markdown
Contributor

Bumps the gomod-packages group with 9 updates in the / directory:

Package From To
github.com/alicebob/miniredis/v2 2.37.0 2.38.0
github.com/docker/cli 29.4.3+incompatible 29.5.3+incompatible
github.com/go-playground/validator/v10 10.30.2 10.30.3
github.com/google/go-containerregistry 0.21.5 0.21.6
github.com/redis/go-redis/v9 9.19.0 9.20.0
github.com/sigstore/rekor 1.5.1 1.5.2
k8s.io/api 0.36.0 0.36.1
k8s.io/client-go 0.36.0 0.36.1
oras.land/oras-go/v2 2.6.0 2.6.1

Updates github.com/alicebob/miniredis/v2 from 2.37.0 to 2.38.0

Release notes

Sourced from github.com/alicebob/miniredis/v2's releases.

DELEX and fixes

Changelog

Sourced from github.com/alicebob/miniredis/v2's changelog.

v2.38.0

Commits
  • d67bfae update changelog for v2.38.0
  • 2b1abd8 DELEX (partly) (#442)
  • 452dd37 Merge pull request #440 from infastin/server-alias
  • b5b8ec2 feat: add 'server' alias to 'redis' in lua scripts
  • ecc4af1 Merge pull request #439 from TomBailey167/xinfo-stream-last-generated-id
  • 4a2a33e Merge pull request #435 from evan-choi/fix/xadd-equals-trim-modifier
  • d6261ef feat: add last-generated-id to XINFO STREAM response
  • f4d8aa3 fix: accept = trim modifier in xadd
  • See full diff in compare view

Updates github.com/docker/cli from 29.4.3+incompatible to 29.5.3+incompatible

Commits
  • d1c06ef Merge pull request #7022 from mickael-docker/docs-request-field
  • 7dd053b Merge pull request #7003 from thaJeztah/logs_links
  • 37c3d31 Merge pull request #7024 from thaJeztah/add_zizmor
  • 45f10f2 Merge pull request #7025 from vvoland/update-go
  • b458dc9 update to go1.26.4
  • 1953194 gha: apply zizmor fixes
  • ac0419e gha: add zizmor workflow
  • 1aa0416 docs: recommend default deny and clarify requesturi field
  • 3a85952 Merge pull request #7020 from thaJeztah/full_semver
  • 8d3fbdf Merge pull request #7019 from thaJeztah/dependabot_labels
  • Additional commits viewable in compare view

Updates github.com/go-playground/validator/v10 from 10.30.2 to 10.30.3

Release notes

Sourced from github.com/go-playground/validator/v10's releases.

v10.30.3

What's Changed

New Contributors

Full Changelog: go-playground/validator@v10.30.2...v10.30.3

Commits
  • ac4c1ba fix(docs): correct ripemd160 tag name in README validation table (#1582)
  • feacb34 feat: omit blank tag names from namespace (#1567)
  • 5ed0a7e chore(deps): bump golang.org/x/crypto from 0.51.0 to 0.52.0 (#1580)
  • 0364541 fix(cron): anchor regex and accept full cron syntax (#1577)
  • 8eb2659 chore(deps): bump golang.org/x/crypto from 0.50.0 to 0.51.0 (#1571)
  • f7e1721 chore(deps): bump golang.org/x/text from 0.36.0 to 0.37.0 (#1572)
  • cf37fce fix(lint): correctly disable govet inline analyzer & deprecated gomodguard (#...
  • 7c334e5 fix: reject hostnames with trailing hyphen in RFC 952 validator (#1569)
  • 6bcb7bc feat: add origin validator for web origin URLs (#1565)
  • 6fd2fa8 docs: fix typos (#1568)
  • Additional commits viewable in compare view

Updates github.com/google/go-containerregistry from 0.21.5 to 0.21.6

Release notes

Sourced from github.com/google/go-containerregistry's releases.

v0.21.6

What's Changed

New Contributors

Full Changelog: google/go-containerregistry@v0.21.5...v0.21.6

Commits
  • 53f7e39 Update go version to 1.26.3 (#2300)
  • bf87c3b transport: allow bearer realm at same host:port as registry (#2302)
  • c55facd transport: retry HTTP 429 (Too Many Requests) (#2301)
  • 68a569e fix: preserve per-occurrence layer identity in Layers() (#2299)
  • 35b354b fix(mutate): preserve config blob and layers for non-Docker OCI artifacts (#2...
  • e5983f2 remote: block SSRF via private-IP Location headers in blob uploads (#2295)
  • 6dad820 remote: validate foreign layer URLs to prevent SSRF (fixes #2259) (#2293)
  • 78bdf1b validate: skip non-layer layers (#2298)
  • c29d91c pkg/v1/mutate: preserve relative symlinks that stay within rootfs in Extract ...
  • a70d75a transport: block redirects from token server to private/link-local addresses ...
  • Additional commits viewable in compare view

Updates github.com/redis/go-redis/v9 from 9.19.0 to 9.20.0

Release notes

Sourced from github.com/redis/go-redis/v9's releases.

9.20.0

🚀 Highlights

Redis 8.8 Support

This release adds support for Redis 8.8. The README's supported-versions list now includes Redis 8.8 alongside 8.0/8.2/8.4, and CI exercises the 8.8 client-libs-test image across the full suite (Makefile, build workflow, doctests, run-tests action, and docker-compose).

Coverage for the new commands that ship in the 8.x line, rounded out in this release:

  • AR* array data type (#3813) — new array data structure, exposed via the ArrayCmdable interface (see the experimental-features highlight below).
  • INCREX (#3816) — atomic increment with expiration in a single round-trip.
  • XNACK (#3790) — explicit negative-acknowledge of pending stream entries.
  • XAUTOCLAIM PEL deletes (#3798) — XAUTOCLAIM/XAUTOCLAIMJUSTID now return the list of deleted message IDs from the pending entries list.
  • TS.RANGE multiple aggregators (#3791) — TS.RANGE/TS.REVRANGE/TS.MRANGE/TS.MREVRANGE accept multiple aggregators in a single call.
  • Z(UNION|INTER|DIFF) COUNT aggregator (#3802) — COUNT reducer for sorted-set set operations.
  • JSON.SET FPHA (#3797) — new FPHA argument that specifies the floating-point type for homogeneous FP arrays.

CI image bump (#3814) by @​ofekshenawa. Command coverage contributions by @​cxljs, @​elena-kolevska, @​Khukharr, @​ndyakov, and @​ofekshenawa.

Stable RESP3 for RediSearch (UnstableResp3 deprecated)

FT.SEARCH, FT.AGGREGATE, FT.INFO, FT.SPELLCHECK, and FT.SYNDUMP now parse RESP3 (map) responses into the same typed result objects as RESP2 — Val() and Result() work uniformly on both protocols, no flag required. Previously, RESP3 search responses required UnstableResp3: true and were returned as opaque maps accessible only via RawResult() / RawVal().

As a result, the UnstableResp3 option is now a no-op across every options struct (Options, ClusterOptions, UniversalOptions, FailoverOptions, RingOptions) and has been marked // Deprecated:. The field is retained for backwards compatibility — existing code that sets UnstableResp3: true will continue to compile and behave identically — but it will be removed in a future release and new code should not set it. RawResult() / RawVal() continue to work for callers that prefer the raw RESP payload.

(#3741) by @​ndyakov

Experimental Array Data Structure Commands

Adds an experimental ArrayCmdable interface with the AR* command family (ARSet, ARGet, ARGetRange, ARMSet, ARMGet, ARDel, ARDelRange, ARScan, ARSeek, ARNext, ARLastItems, ARGrep, ARGrepWithValues, ARInfo/ARInfoFull, and typed reducers AROpSum/AROpMin/AROpMax/AROpAnd/AROpOr/AROpXor/AROpMatch/AROpUsed) for working with Redis 8.8's new array data type. API is experimental and may change in a future release.

(#3813) by @​cxljs

✨ New Features

  • RESP3 search parser: First-class RESP3 parsing for FT.SEARCH/FT.AGGREGATE/FT.INFO/FT.SPELLCHECK/FT.SYNDUMP responses with backwards compatibility for RESP2 (#3741) by @​ndyakov
  • INCREX: New INCREX command support — atomic increment with expiration (#3816) by @​ndyakov
  • XNACK: Client support for the XNACK stream command for explicitly negative-acknowledging pending entries (#3790) by @​elena-kolevska
  • TS range multiple aggregators: TS.RANGE/TS.REVRANGE/TS.MRANGE/TS.MREVRANGE now accept multiple aggregators in a single call (#3791) by @​elena-kolevska
  • XAutoClaim deleted IDs: XAUTOCLAIM/XAUTOCLAIMJUSTID now return the list of deleted message IDs from the PEL (#3798) by @​Khukharr
  • JSON.SET FPHA: JSON.SET accepts a new FPHA argument that specifies the floating-point type for homogeneous floating-point arrays (#3797) by @​ndyakov
  • Sorted-set union/intersection COUNT: ZUNION/ZINTER/ZDIFF aggregator now supports COUNT (#3802) by @​ofekshenawa
  • FT.HYBRID vector validation: Validates hybrid-search vector input types and adds proper typed vector parameters (#3756) by @​DengY11
  • Cluster pool wait stats: ClusterClient.PoolStats() now accumulates WaitCount and WaitDurationNs across all node pools (previously always zero) (#3809) by @​LINKIWI

🐛 Bug Fixes

  • TLS-only Cluster PubSub: CLUSTER SLOTS port-0 entries now fall back to the origin endpoint's port, fixing dial tcp <ip>:0: connection refused on TLS-only clusters started with --port 0 --tls-port <port> (fixes #3726) (#3828) by @​ndyakov
  • Sharded PubSub reconnect routing: PubSub.conn() now passes both regular (c.channels) and sharded (c.schannels) channels into the per-PubSub newConn closure. Previously, ClusterClient.SSubscribe-only PubSubs reconnected to a random node (because the routing closure saw an empty channel list), the SSUBSCRIBE was sent to the wrong shard, and the resulting MOVED reply was silently dropped (#3829) by @​ndyakov
  • ClusterClient Watch retry: User errors returned from a Watch callback are no longer subjected to cluster-retry classification; transient cluster errors still retry, but a callback returning e.g. net.ErrClosed short-circuits immediately (#3821) by @​obiyang

... (truncated)

Changelog

Sourced from github.com/redis/go-redis/v9's changelog.

9.20.0 (2026-05-28)

🚀 Highlights

Redis 8.8 Support

This release adds support for Redis 8.8. The README's supported-versions list now includes Redis 8.8 alongside 8.0/8.2/8.4, and CI exercises the 8.8-rc1 client-libs-test image across the full suite (Makefile, build workflow, doctests, run-tests action, and docker-compose).

Coverage for the new commands that ship in the 8.x line, rounded out in this release:

  • AR* array data type (#3813) — new array data structure, exposed via the ArrayCmdable interface (see the experimental-features highlight below).
  • INCREX (#3816) — atomic increment with expiration in a single round-trip.
  • XNACK (#3790) — explicit negative-acknowledge of pending stream entries.
  • XAUTOCLAIM PEL deletes (#3798) — XAUTOCLAIM/XAUTOCLAIMJUSTID now return the list of deleted message IDs from the pending entries list.
  • TS.RANGE multiple aggregators (#3791) — TS.RANGE/TS.REVRANGE/TS.MRANGE/TS.MREVRANGE accept multiple aggregators in a single call.
  • Z(UNION|INTER|DIFF) COUNT aggregator (#3802) — COUNT reducer for sorted-set set operations.
  • JSON.SET FPHA (#3797) — new FPHA argument that specifies the floating-point type for homogeneous FP arrays.

CI image bump (#3814) by @​ofekshenawa. Command coverage contributions by @​cxljs, @​elena-kolevska, @​Khukharr, @​ndyakov, and @​ofekshenawa.

Stable RESP3 for RediSearch (UnstableResp3 deprecated)

FT.SEARCH, FT.AGGREGATE, FT.INFO, FT.SPELLCHECK, and FT.SYNDUMP now parse RESP3 (map) responses into the same typed result objects as RESP2 — Val() and Result() work uniformly on both protocols, no flag required. Previously, RESP3 search responses required UnstableResp3: true and were returned as opaque maps accessible only via RawResult() / RawVal().

As a result, the UnstableResp3 option is now a no-op across every options struct (Options, ClusterOptions, UniversalOptions, FailoverOptions, RingOptions) and has been marked // Deprecated:. The field is retained for backwards compatibility — existing code that sets UnstableResp3: true will continue to compile and behave identically — but it will be removed in a future release and new code should not set it. RawResult() / RawVal() continue to work for callers that prefer the raw RESP payload.

(#3741) by @​ndyakov

Experimental Array Data Structure Commands

Adds an experimental ArrayCmdable interface with the AR* command family (ARSet, ARGet, ARGetRange, ARMSet, ARMGet, ARDel, ARDelRange, ARScan, ARSeek, ARNext, ARLastItems, ARGrep, ARGrepWithValues, ARInfo/ARInfoFull, and typed reducers AROpSum/AROpMin/AROpMax/AROpAnd/AROpOr/AROpXor/AROpMatch/AROpUsed) for working with Redis 8.8's new array data type. API is experimental and may change in a future release.

(#3813) by @​cxljs

✨ New Features

  • RESP3 search parser: First-class RESP3 parsing for FT.SEARCH/FT.AGGREGATE/FT.INFO/FT.SPELLCHECK/FT.SYNDUMP responses with backwards compatibility for RESP2 (#3741) by @​ndyakov
  • INCREX: New INCREX command support — atomic increment with expiration (#3816) by @​ndyakov
  • XNACK: Client support for the XNACK stream command for explicitly negative-acknowledging pending entries (#3790) by @​elena-kolevska
  • TS range multiple aggregators: TS.RANGE/TS.REVRANGE/TS.MRANGE/TS.MREVRANGE now accept multiple aggregators in a single call (#3791) by @​elena-kolevska
  • XAutoClaim deleted IDs: XAUTOCLAIM/XAUTOCLAIMJUSTID now return the list of deleted message IDs from the PEL (#3798) by @​Khukharr
  • JSON.SET FPHA: JSON.SET accepts a new FPHA argument that specifies the floating-point type for homogeneous floating-point arrays (#3797) by @​ndyakov
  • Sorted-set union/intersection COUNT: ZUNION/ZINTER/ZDIFF aggregator now supports COUNT (#3802) by @​ofekshenawa
  • FT.HYBRID vector validation: Validates hybrid-search vector input types and adds proper typed vector parameters (#3756) by @​DengY11
  • Cluster pool wait stats: ClusterClient.PoolStats() now accumulates WaitCount and WaitDurationNs across all node pools (previously always zero) (#3809) by @​LINKIWI

🐛 Bug Fixes

  • TLS-only Cluster PubSub: CLUSTER SLOTS port-0 entries now fall back to the origin endpoint's port, fixing dial tcp <ip>:0: connection refused on TLS-only clusters started with --port 0 --tls-port <port> (fixes #3726) (#3828) by @​ndyakov
  • Sharded PubSub reconnect routing: PubSub.conn() now passes both regular (c.channels) and sharded (c.schannels) channels into the per-PubSub newConn closure. Previously, ClusterClient.SSubscribe-only PubSubs reconnected to a random node (because the routing closure saw an empty channel list), the SSUBSCRIBE was sent to the wrong shard, and the resulting MOVED reply was silently dropped (#3829) by @​ndyakov

... (truncated)

Commits
  • 7d05dd3 chore(release): v9.20.0 (#3832)
  • 9756882 fix(test): make waitForSentinelClusterStable robust to disconnected r… (#3830)
  • 875ce21 fix(sentinel): do not close sentinel when replica list is empty (#3795)
  • 8a027f2 chore(ci): add govulncheck workflow (#3779)
  • d8407df fix(pubsub): include shard channels in newConn routing list (#3829)
  • 6af9bdc fix(cluster): fall back to origin port when CLUSTER SLOTS reports port 0 (#3828)
  • fa5aa8c chore(doc): Update README and CI image. (#3822)
  • fdcc6f9 refactor(keyPos): Enhance key position retrieval with CommandInfo caching (#3...
  • 68a8bc1 fix(sentinel): close non-winning sentinel clients in MasterAddr concurrent pr...
  • 00bf6d3 fix: avoid retrying ClusterClient Watch callback errors (#3821)
  • Additional commits viewable in compare view

Updates github.com/sigstore/rekor from 1.5.1 to 1.5.2

Release notes

Sourced from github.com/sigstore/rekor's releases.

v1.5.2

Changelog

  • 759b98e2a7c39ea9779b6a51299c5f0f987f8802 alpine: Enforce max size limit on decompression (#2831)
  • c7e77ee26edd8631dd417166907093a9f13b85e5 Support restricting kinds on insertion (#2814)
  • a10818a8778dcb58eb582d00ffda4b2c86bf190b fix(trillianclient): strip dns:/// scheme from TLS ServerName in gRPC dial (#2812)
  • 8a2f3a2dd023b81ad8b63e2f365676ec438dc9fa add checks to ensure returned entries match client inputs to rekor-cli (#2799)
  • 0e88bac01d1173b8b2cbc8ed790106441573bbdb add nil pointer check to resolve fuzzing crash (#2807)
  • 93da954478a2ffb1821d4904a80d9a5cbe268324 client: surface last-response details after retries are exhausted (#2796)
  • 4d67ecd8ec810bc6af9761ad10ebd2ac899cfdbd Fix internal error detail leakage in 500 responses (#2801)
  • b34ca94fc01405cb50acb956cc181d57382a6b2d add defensive check to ensure tid is in config ahead of getting client (#2795)
  • 656c832ab90feef91f5dcc751ae1cb851c73f4bd restapi: include inactiveShards in the homepage total count (#2797)

Thanks for all contributors!

Commits
  • 3b75cd9 build(deps): Bump the all group across 1 directory with 7 updates (#2829)
  • 759b98e alpine: Enforce max size limit on decompression (#2831)
  • c7e77ee Support restricting kinds on insertion (#2814)
  • a10818a fix(trillianclient): strip dns:/// scheme from TLS ServerName in gRPC dial (#...
  • c31f3fc build(deps): Bump cloud.google.com/go/profiler from 0.4.3 to 0.6.0
  • f2a9fb0 build(deps): Bump go.uber.org/zap from 1.27.1 to 1.28.0
  • e3ba248 build(deps): Bump golang in the all group across 1 directory
  • 62e5ddd build(deps): Bump github.com/go-openapi/swag from 0.25.5 to 0.26.0
  • f4f91d5 build(deps): Bump github.com/tink-crypto/tink-go-awskms/v2 to v3 (#2827)
  • 9bc540f build(deps): Bump google.com/cloudsdktool/google-cloud-cli (#2820)
  • Additional commits viewable in compare view

Updates github.com/sigstore/sigstore from 1.10.5 to 1.10.6

Release notes

Sourced from github.com/sigstore/sigstore's releases.

v1.10.6

What's Changed

Full Changelog: sigstore/sigstore@v1.10.5...v1.10.6

Commits

Updates github.com/sigstore/sigstore/pkg/signature/kms/aws from 1.10.5 to 1.10.6

Release notes

Sourced from github.com/sigstore/sigstore/pkg/signature/kms/aws's releases.

v1.10.6

What's Changed

Full Changelog: sigstore/sigstore@v1.10.5...v1.10.6

Commits

Updates github.com/sigstore/sigstore/pkg/signature/kms/azure from 1.10.5 to 1.10.6

Release notes

Sourced from github.com/sigstore/sigstore/pkg/signature/kms/azure's releases.

v1.10.6

What's Changed

Full Changelog: sigstore/sigstore@v1.10.5...v1.10.6

Commits

Updates github.com/sigstore/sigstore/pkg/signature/kms/gcp from 1.10.5 to 1.10.6

Release notes

Sourced from github.com/sigstore/sigstore/pkg/signature/kms/gcp's releases.

v1.10.6

What's Changed

Full Changelog: sigstore/sigstore@v1.10.5...v1.10.6

Commits

Updates github.com/sigstore/sigstore/pkg/signature/kms/hashivault from 1.10.5 to 1.10.6

Release notes

Sourced from github.com/sigstore/sigstore/pkg/signature/kms/hashivault's releases.

v1.10.6

What's Changed

Full Changelog: sigstore/sigstore@v1.10.5...v1.10.6

Commits

Updates k8s.io/api from 0.36.0 to 0.36.1

Commits

Updates k8s.io/apimachinery from 0.36.0 to 0.36.1

Commits

Updates k8s.io/client-go from 0.36.0 to 0.36.1

Commits

Updates oras.land/oras-go/v2 from 2.6.0 to 2.6.1

Release notes

Sourced from oras.land/oras-go/v2's releases.

v2.6.1

This is a security patch release addressing five advisories in the authentication, remote, and content layers, plus accumulated bug fixes and maintenance since v2.6.0.

Security Fixes

  • Drop the Authorization header on cross-origin redirects to prevent origin credentials leaking to a redirect target on a different scheme/port of the same host (GHSA-vh4v-2xq2-g5cg)
  • Validate the bearer realm host before sending credentials to prevent credential exfiltration to an attacker-controlled token service, including TLS downgrades and IP-literal metadata endpoints; adds TrustedRealmHosts (GHSA-28r5-37g7-p6mp, GHSA-xf85-363p-868w)
  • Validate the Location host before blob upload to prevent credentials being forwarded to a cross-host upload endpoint (SSR...

    Description has been truncated

@dependabot
update: bump the gomod-packages group across 1 directory with 15 updates
10b31d6 
Bumps the gomod-packages group with 9 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [github.com/alicebob/miniredis/v2](https://github.com/alicebob/miniredis) | `2.37.0` | `2.38.0` |
| [github.com/docker/cli](https://github.com/docker/cli) | `29.4.3+incompatible` | `29.5.3+incompatible` |
| [github.com/go-playground/validator/v10](https://github.com/go-playground/validator) | `10.30.2` | `10.30.3` |
| [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry) | `0.21.5` | `0.21.6` |
| [github.com/redis/go-redis/v9](https://github.com/redis/go-redis) | `9.19.0` | `9.20.0` |
| [github.com/sigstore/rekor](https://github.com/sigstore/rekor) | `1.5.1` | `1.5.2` |
| [k8s.io/api](https://github.com/kubernetes/api) | `0.36.0` | `0.36.1` |
| [k8s.io/client-go](https://github.com/kubernetes/client-go) | `0.36.0` | `0.36.1` |
| [oras.land/oras-go/v2](https://github.com/oras-project/oras-go) | `2.6.0` | `2.6.1` |



Updates `github.com/alicebob/miniredis/v2` from 2.37.0 to 2.38.0
- [Release notes](https://github.com/alicebob/miniredis/releases)
- [Changelog](https://github.com/alicebob/miniredis/blob/master/CHANGELOG.md)
- [Commits](alicebob/miniredis@v2.37.0...v2.38.0)

Updates `github.com/docker/cli` from 29.4.3+incompatible to 29.5.3+incompatible
- [Commits](docker/cli@v29.4.3...v29.5.3)

Updates `github.com/go-playground/validator/v10` from 10.30.2 to 10.30.3
- [Release notes](https://github.com/go-playground/validator/releases)
- [Commits](go-playground/validator@v10.30.2...v10.30.3)

Updates `github.com/google/go-containerregistry` from 0.21.5 to 0.21.6
- [Release notes](https://github.com/google/go-containerregistry/releases)
- [Commits](google/go-containerregistry@v0.21.5...v0.21.6)

Updates `github.com/redis/go-redis/v9` from 9.19.0 to 9.20.0
- [Release notes](https://github.com/redis/go-redis/releases)
- [Changelog](https://github.com/redis/go-redis/blob/master/RELEASE-NOTES.md)
- [Commits](redis/go-redis@v9.19.0...v9.20.0)

Updates `github.com/sigstore/rekor` from 1.5.1 to 1.5.2
- [Release notes](https://github.com/sigstore/rekor/releases)
- [Changelog](https://github.com/sigstore/rekor/blob/main/CHANGELOG.md)
- [Commits](sigstore/rekor@v1.5.1...v1.5.2)

Updates `github.com/sigstore/sigstore` from 1.10.5 to 1.10.6
- [Release notes](https://github.com/sigstore/sigstore/releases)
- [Commits](sigstore/sigstore@v1.10.5...v1.10.6)

Updates `github.com/sigstore/sigstore/pkg/signature/kms/aws` from 1.10.5 to 1.10.6
- [Release notes](https://github.com/sigstore/sigstore/releases)
- [Commits](sigstore/sigstore@v1.10.5...v1.10.6)

Updates `github.com/sigstore/sigstore/pkg/signature/kms/azure` from 1.10.5 to 1.10.6
- [Release notes](https://github.com/sigstore/sigstore/releases)
- [Commits](sigstore/sigstore@v1.10.5...v1.10.6)

Updates `github.com/sigstore/sigstore/pkg/signature/kms/gcp` from 1.10.5 to 1.10.6
- [Release notes](https://github.com/sigstore/sigstore/releases)
- [Commits](sigstore/sigstore@v1.10.5...v1.10.6)

Updates `github.com/sigstore/sigstore/pkg/signature/kms/hashivault` from 1.10.5 to 1.10.6
- [Release notes](https://github.com/sigstore/sigstore/releases)
- [Commits](sigstore/sigstore@v1.10.5...v1.10.6)

Updates `k8s.io/api` from 0.36.0 to 0.36.1
- [Commits](kubernetes/api@v0.36.0...v0.36.1)

Updates `k8s.io/apimachinery` from 0.36.0 to 0.36.1
- [Commits](kubernetes/apimachinery@v0.36.0...v0.36.1)

Updates `k8s.io/client-go` from 0.36.0 to 0.36.1
- [Changelog](https://github.com/kubernetes/client-go/blob/master/CHANGELOG.md)
- [Commits](kubernetes/client-go@v0.36.0...v0.36.1)

Updates `oras.land/oras-go/v2` from 2.6.0 to 2.6.1
- [Release notes](https://github.com/oras-project/oras-go/releases)
- [Commits](oras-project/oras-go@v2.6.0...v2.6.1)

---
updated-dependencies:
- dependency-name: github.com/alicebob/miniredis/v2
  dependency-version: 2.38.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gomod-packages
- dependency-name: github.com/docker/cli
  dependency-version: 29.5.3+incompatible
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gomod-packages
- dependency-name: github.com/go-playground/validator/v10
  dependency-version: 10.30.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: gomod-packages
- dependency-name: github.com/google/go-containerregistry
  dependency-version: 0.21.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: gomod-packages
- dependency-name: github.com/redis/go-redis/v9
  dependency-version: 9.20.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gomod-packages
- dependency-name: github.com/sigstore/rekor
  dependency-version: 1.5.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: gomod-packages
- dependency-name: github.com/sigstore/sigstore
  dependency-version: 1.10.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: gomod-packages
- dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/aws
  dependency-version: 1.10.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: gomod-packages
- dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/azure
  dependency-version: 1.10.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: gomod-packages
- dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/gcp
  dependency-version: 1.10.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: gomod-packages
- dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/hashivault
  dependency-version: 1.10.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: gomod-packages
- dependency-name: k8s.io/api
  dependency-version: 0.36.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: gomod-packages
- dependency-name: k8s.io/apimachinery
  dependency-version: 0.36.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: gomod-packages
- dependency-name: k8s.io/client-go
  dependency-version: 0.36.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: gomod-packages
- dependency-name: oras.land/oras-go/v2
  dependency-version: 2.6.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: gomod-packages
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Jun 9, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file go Pull requests that update Go code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants