Skip to content

Bump github.com/sigstore/sigstore from 1.9.5 to 1.10.4#1184

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/go_modules/github.com/sigstore/sigstore-1.10.4
Closed

Bump github.com/sigstore/sigstore from 1.9.5 to 1.10.4#1184
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/go_modules/github.com/sigstore/sigstore-1.10.4

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jan 22, 2026

Copy link
Copy Markdown
Contributor

Bumps github.com/sigstore/sigstore from 1.9.5 to 1.10.4.

Release notes

Sourced from github.com/sigstore/sigstore's releases.

v1.10.4

What's Changed

Full Changelog: sigstore/sigstore@v1.10.3...v1.10.4

v1.10.3

What's Changed

v1.10.3 adds ValidatePubKey back to the cryptoutils package to avoid a breaking API change.

Full Changelog: sigstore/sigstore@v1.10.2...v1.10.3

v1.10.2

Functionally equivalent to v1.10.0. v1.10.1 has been retracted to remove copied code.

v1.10.0

Breaking change

sigstore/sigstore#2194 moves cryptoutils.ValidatePubKey to goodkey.ValidatePubKey to minimize the dependency tree for clients using the cryptoutils package.

Features

Refactoring

v1.10.0

Breaking change

sigstore/sigstore#2194 moves cryptoutils.ValidatePubKey to goodkey.ValidatePubKey to minimize the dependency tree for clients using the cryptoutils package.

Features

Refactoring

... (truncated)

Commits
  • 8ec410a Escape target name - GHSA-fcv2-xgw5-pqxf (#2265)
  • deef0ee build(deps): Bump golang.org/x/crypto in /test/cliplugin/localkms (#2256)
  • 641406c build(deps): Bump the gomod group across 2 directories with 4 updates (#2255)
  • 1bfd00e build(deps): Bump the tools group across 1 directory with 2 updates (#2254)
  • 714ac99 build(deps): Bump hashicorp/vault in /test/e2e in the all group (#2253)
  • 626b82b build(deps): Bump localstack/localstack in /test/e2e in the all group (#2241)
  • 72f0ed7 build(deps): Bump github.com/aws/aws-sdk-go-v2/config (#2230)
  • b257168 build(deps): Bump github.com/aws/aws-sdk-go-v2 in /pkg/signature/kms/aws (#2226)
  • 84f57b8 build(deps): Bump github.com/sigstore/sigstore (#2221)
  • bdc1a86 build(deps): Bump actions/checkout from 5.0.1 to 6.0.0 (#2220)
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot dependabot Bot added dependencies Used by dependabot - identifies all PRs created by dependabot go Pull requests that update go code labels Jan 22, 2026
@tekton-robot tekton-robot added the do-not-merge/release-note-label-needed Indicates that a PR should not merge because it's missing one of the release note labels. label Jan 22, 2026
@tekton-robot tekton-robot requested review from dibyom and enarha January 22, 2026 20:31
@tekton-robot

Copy link
Copy Markdown

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
To complete the pull request process, please assign xinruzhang after the PR has been reviewed.
You can assign the PR to them by writing /assign @xinruzhang in a comment when ready.

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@tekton-robot tekton-robot added the size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files. label Jan 22, 2026
@khrm

khrm commented Feb 6, 2026

Copy link
Copy Markdown
Contributor

/release-note-none

@tekton-robot tekton-robot added release-note-none Denotes a PR that doesnt merit a release note. and removed do-not-merge/release-note-label-needed Indicates that a PR should not merge because it's missing one of the release note labels. labels Feb 6, 2026
@khrm

khrm commented Feb 6, 2026

Copy link
Copy Markdown
Contributor

@dependabot recreate

@khrm khrm added the ok-to-test Indicates a non-member PR verified by an org member that is safe to test. label Feb 6, 2026
@tekton-robot tekton-robot added needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. labels Feb 6, 2026
@tekton-robot

Copy link
Copy Markdown

@dependabot[bot]: rebase

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

1 similar comment
@tekton-robot

Copy link
Copy Markdown

@dependabot[bot]: rebase

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@dependabot dependabot Bot force-pushed the dependabot/go_modules/github.com/sigstore/sigstore-1.10.4 branch from 382f89d to e5afe55 Compare February 6, 2026 08:24
@tekton-robot tekton-robot removed the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Feb 6, 2026
@khrm

khrm commented Feb 6, 2026

Copy link
Copy Markdown
Contributor

@dependabot recreate

@dependabot dependabot Bot force-pushed the dependabot/go_modules/github.com/sigstore/sigstore-1.10.4 branch from e5afe55 to 775f170 Compare February 6, 2026 08:25
@enarha

enarha commented Feb 6, 2026

Copy link
Copy Markdown
Contributor

@dependabot rebase

@dependabot @github

dependabot Bot commented on behalf of github Feb 6, 2026

Copy link
Copy Markdown
Contributor Author

Looks like this PR is already up-to-date with main! If you'd still like to recreate it from scratch, overwriting any edits, you can request @dependabot recreate.

@enarha

enarha commented Feb 6, 2026

Copy link
Copy Markdown
Contributor

@dependabot recreate

@dependabot dependabot Bot force-pushed the dependabot/go_modules/github.com/sigstore/sigstore-1.10.4 branch from 775f170 to e7e4014 Compare February 6, 2026 21:26
@khrm

khrm commented Feb 9, 2026

Copy link
Copy Markdown
Contributor

@dependabot recreate

@dependabot dependabot Bot force-pushed the dependabot/go_modules/github.com/sigstore/sigstore-1.10.4 branch from e7e4014 to a55216f Compare February 9, 2026 06:46
@tekton-robot tekton-robot added the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Feb 9, 2026
@tekton-robot

Copy link
Copy Markdown

@dependabot[bot]: rebase

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@khrm

khrm commented Feb 9, 2026

Copy link
Copy Markdown
Contributor

@dependabot recreate

Bumps [github.com/sigstore/sigstore](https://github.com/sigstore/sigstore) from 1.9.5 to 1.10.4.
- [Release notes](https://github.com/sigstore/sigstore/releases)
- [Commits](sigstore/sigstore@v1.9.5...v1.10.4)

---
updated-dependencies:
- dependency-name: github.com/sigstore/sigstore
  dependency-version: 1.10.4
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/go_modules/github.com/sigstore/sigstore-1.10.4 branch from a55216f to ac308a9 Compare February 9, 2026 06:47
@tekton-robot tekton-robot removed the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Feb 9, 2026
@enarha

enarha commented Feb 9, 2026

Copy link
Copy Markdown
Contributor

@khrm that change bumps the go version to 1.25.0. golangci-lint is compiled with 1.24.0 and thus it's failing. Any reason for us not switching to 1.25.0? Ideally I would prefer to do it in a separate PR and not as part of dependabot update and bump the golangci-lint version on the way.

@khrm

khrm commented Feb 9, 2026

Copy link
Copy Markdown
Contributor

Yes, I saw that. I created a new PR for that: #1196

@khrm

khrm commented Feb 9, 2026

Copy link
Copy Markdown
Contributor

/close

@dependabot @github

dependabot Bot commented on behalf of github Feb 9, 2026

Copy link
Copy Markdown
Contributor Author

Looks like github.com/sigstore/sigstore is up-to-date now, so this is no longer needed.

@dependabot dependabot Bot closed this Feb 9, 2026
@dependabot dependabot Bot deleted the dependabot/go_modules/github.com/sigstore/sigstore-1.10.4 branch February 9, 2026 07:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Used by dependabot - identifies all PRs created by dependabot go Pull requests that update go code ok-to-test Indicates a non-member PR verified by an org member that is safe to test. release-note-none Denotes a PR that doesnt merit a release note. size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants