Bump the all group across 1 directory with 4 updates #1754

dependabot · 2024-08-05T02:20:38Z

Bumps the all group with 3 updates in the /hack/tools directory: github.com/googleapis/api-linter, github.com/grpc-ecosystem/grpc-gateway/v2 and google.golang.org/grpc/cmd/protoc-gen-go-grpc.

Updates github.com/googleapis/api-linter from 1.65.0 to 1.67.1

Release notes

Sourced from github.com/googleapis/api-linter's releases.

v1.67.1

1.67.1 (2024-07-31)

Bug Fixes

AIP-123: skip resource-pattern-plural when there is no plural (#1409) (93a601d)

v1.67.0

1.67.0 (2024-07-26)

Features

AIP-123: enforce singular as ID segment (#1403) (088ec19)

AIP-123: resource collection matches plural (#1408) (9025d3d)

AIP-134: update_mask must be OPTIONAL (#1394) (9fc0d05)

AIP-217: add various rules for return_partial_success support (#1406) (cf4ba12)

Bug Fixes

docs typo (#1401) (4acf04c)

v1.66.2

1.66.2 (2024-06-04)

Bug Fixes

aip-130: identify standard and custom methods (#1396) (be41d72)

v1.66.1

1.66.1 (2024-05-23)

Bug Fixes

AIP-136: handle LRO response names (#1391) (ec79f53)

v1.66.0

1.66.0 (2024-05-17)

Features

AIP-136: request message name (#1386) (46a6e43)

aip-136: response message name (#1387) (9e43e3f)

v1.65.2

... (truncated)

Changelog

Sourced from github.com/googleapis/api-linter's changelog.

1.67.1 (2024-07-31)

Bug Fixes

AIP-123: skip resource-pattern-plural when there is no plural (#1409) (93a601d)

1.67.0 (2024-07-26)

Features

AIP-123: enforce singular as ID segment (#1403) (088ec19)

AIP-123: resource collection matches plural (#1408) (9025d3d)

AIP-134: update_mask must be OPTIONAL (#1394) (9fc0d05)

AIP-217: add various rules for return_partial_success support (#1406) (cf4ba12)

Bug Fixes

docs typo (#1401) (4acf04c)

1.66.2 (2024-06-04)

Bug Fixes

aip-130: identify standard and custom methods (#1396) (be41d72)

1.66.1 (2024-05-23)

Bug Fixes

AIP-136: handle LRO response names (#1391) (ec79f53)

1.66.0 (2024-05-17)

Features

AIP-136: request message name (#1386) (46a6e43)

aip-136: response message name (#1387) (9e43e3f)

1.65.2 (2024-04-22)

Bug Fixes

AIP-203: resource etag should not have behavior (#1376) (1c0f838)

... (truncated)

Commits

3085922 chore(main): release 1.67.1 (#1410)
93a601d fix(AIP-123): skip resource-pattern-plural when there is no plural (#1409)
deb3983 chore(main): release 1.67.0 (#1402)
9025d3d feat(AIP-123): resource collection matches plural (#1408)
cf4ba12 feat(AIP-217): add various rules for return_partial_success support (#1406)
088ec19 feat(AIP-123): enforce singular as ID segment (#1403)
026b645 chore(deps): bump google.golang.org/grpc from 1.64.0 to 1.64.1 (#1405)
9fc0d05 feat(AIP-134): update_mask must be OPTIONAL (#1394)
4acf04c fix: docs typo (#1401)
d54434e chore(main): release 1.66.2 (#1397)
Additional commits viewable in compare view

Updates github.com/grpc-ecosystem/grpc-gateway/v2 from 2.19.1 to 2.21.0

Release notes

Sourced from github.com/grpc-ecosystem/grpc-gateway/v2's releases.

v2.21.0

What's Changed

feat: Use version info from runtime/debug:BuildInfo when installed by go build by @MakDon in grpc-ecosystem/grpc-gateway#4359

feat: add mux middlewares and inject http pattern by @nikitaksv in grpc-ecosystem/grpc-gateway#4290

Fixes #3917: Add package openapi naming strategy. by @jgiles in grpc-ecosystem/grpc-gateway#4372

feat: use buildInfo.Main.Version as version when installed by go install by @MakDon in grpc-ecosystem/grpc-gateway#4390

Add support for method's deprecated option by @vajexal in grpc-ecosystem/grpc-gateway#4373

adding gRPC gateway generator script by @akoserwal in grpc-ecosystem/grpc-gateway#4426

fix url gen-grpc-gateway-api by @akoserwal in grpc-ecosystem/grpc-gateway#4434

ci: upgrade to goreleaser v2 by @johanbrandhorst in grpc-ecosystem/grpc-gateway#4437

docs: add grpc-starter transcoding to related projects by @DanielLiu1123 in grpc-ecosystem/grpc-gateway#4456

Fix build on 32bit systems by @gibmat in grpc-ecosystem/grpc-gateway#4557

New Contributors

@nikitaksv made their first contribution in grpc-ecosystem/grpc-gateway#4290

@vajexal made their first contribution in grpc-ecosystem/grpc-gateway#4373

@akoserwal made their first contribution in grpc-ecosystem/grpc-gateway#4426

@DanielLiu1123 made their first contribution in grpc-ecosystem/grpc-gateway#4456

@gibmat made their first contribution in grpc-ecosystem/grpc-gateway#4557

Full Changelog: grpc-ecosystem/grpc-gateway@v2.20.0...v2.21.0

v2.20.0

What's Changed

api_visibility option now transitively hides request/response messages by @Place1 in grpc-ecosystem/grpc-gateway#3966

Marshal non proto fields with indents by @gknw in grpc-ecosystem/grpc-gateway#4027

chore: fix some comments by @avoidalone in grpc-ecosystem/grpc-gateway#4092

chore(examples): add one example to log request body when the status code is non 200 by @richzw in grpc-ecosystem/grpc-gateway#4108

feat(bazel): surface --disable_default_responses in rule def by @rajukrishnamurthy in grpc-ecosystem/grpc-gateway#4126

integration: fix wrapping of response writer causing endless test loop by @johanbrandhorst in grpc-ecosystem/grpc-gateway#4131

Omit enum field when value is empty by @jeromefroe in grpc-ecosystem/grpc-gateway#4180

docs/mapping/examples.md: update CoreOS example GitHub branch to master branch by @mohamedawnallah in grpc-ecosystem/grpc-gateway#4198

chore: remove repetitive word by @mountcount in grpc-ecosystem/grpc-gateway#4183

Fix Typo in examples.md by @umakantv in grpc-ecosystem/grpc-gateway#4212

Write Content-Length header if doForwardTrailers is not set by @joshgarnett in grpc-ecosystem/grpc-gateway#4259

Fixing TestOutgoingTrailerMatcher, which was non-deterministic by @joshgarnett in grpc-ecosystem/grpc-gateway#4265

Update README.md by @MakDon in grpc-ecosystem/grpc-gateway#4322

fix(4245): setting appropriate log level for error logs by @rajeshkarnena in grpc-ecosystem/grpc-gateway#4327

fix: handle X-Forwarded-* headers correctly by @haines in grpc-ecosystem/grpc-gateway#4334

New Contributors

@Place1 made their first contribution in grpc-ecosystem/grpc-gateway#3966

@avoidalone made their first contribution in grpc-ecosystem/grpc-gateway#4092

@richzw made their first contribution in grpc-ecosystem/grpc-gateway#4108

@rajukrishnamurthy made their first contribution in grpc-ecosystem/grpc-gateway#4126

@jeromefroe made their first contribution in grpc-ecosystem/grpc-gateway#4180

@mohamedawnallah made their first contribution in grpc-ecosystem/grpc-gateway#4198

@mountcount made their first contribution in grpc-ecosystem/grpc-gateway#4183

@umakantv made their first contribution in grpc-ecosystem/grpc-gateway#4212

... (truncated)

Commits

f41fd20 Fix build on 32bit systems (#4557)
db9cebd chore(deps): update googleapis digest to 3f4e29a
22c97cd chore(deps): update googleapis digest to 68d8154
39b04b7 chore(deps): update googleapis digest to a91d1a3
0c2a928 chore(deps): update googleapis digest to 6cabb8b
6811367 chore(deps): update googleapis digest to ec69fcc
8508633 fix(deps): update google.golang.org/genproto/googleapis/rpc digest to e6d459c
92fd444 chore(deps): update googleapis digest to 6f08435
6266c42 fix(deps): update google.golang.org/genproto/googleapis/api digest to e6d459c
1507807 chore(deps): update googleapis digest to 51d7fa8
Additional commits viewable in compare view

Updates google.golang.org/grpc/cmd/protoc-gen-go-grpc from 1.3.0 to 1.5.1

Release notes

Sourced from google.golang.org/grpc/cmd/protoc-gen-go-grpc's releases.

protoc-gen-go-grpc v1.5.1

Dependencies

Removed replace directive (needed only for testing), since it is incompatible with go install (#7451).

protoc-gen-go-grpc v1.5.0

Security

The generated function Register<Service>Server now panics if the Unimplemented<Service>Server struct is embedded in a way that would otherwise lead to runtime panics if an unimplemented method was called. Users are advised to ensure they are properly embedding the Unimplemented struct for their service, and to regenerate their proto files to confirm. (#7438)

Note: "Proper embedding" of the Unimplemented struct means either embedding the struct by value (preferred) or ensuring it is always initialized to a valid pointer. E.g.
struct MyServiceImpl {
	pb.UnimplementedMyServiceServer // embedded by value, not pointer
	// .. other struct fields ..
}
New Features

Generated code for services will produce streaming method definitions using one of six different generic types (e.g. BidiStreamingServer or ClientStreamingClient) instead of producing complete interfaces and implementations for the streaming methods. This can be disabled by setting use_generic_streams_experimental=false. Please file a bug if you encounter any issues with this behavior. (#7387)

Bug Fixes

A period (.) is added to the end of the service interface doc comment to comply with Godoc. (#7392)

protoc-gen-go-grpc v1.4.0

New Features

Add an optional implementation of streams using generics (Experimental) (#7057)

The new use_generic_stream_experimental=true option will cause the gRPC codegen to use prebuilt generic types to implement client and server stream objects, rather than generating new types and implementations for every RPC method. We intend to transition this to the default behavior in the next release. Please test it and provide any feedback.

Special Thanks: @aarongable

Copy service comments to interfaces in generated code (#7243)

Special Thanks: @silves-xiang

Generated code includes static method gRPC call options for integration with the upcoming OpenTelemetry metrics support (#6960)

Dependencies

Update google.golang.org/protobuf dependency to v1.34.1 to address CVE-2024-24786 (#7274)

Commits

b8669c3 Change version to 1.5.1
5ad7775 Do not create new addrConn when connection error happens (#1369)
284c78b Change version to 1.5.1-dev
172ccac Change version to 1.5.0
939edc0 Revert "Use bufconn in end2end tests." (#1381)
71260d2 Fix logging method (#1375)
c7e2c00 Use bufconn in end2end tests.
9a71c79 Create bufconn package for a local, buffered net.Conn and dialer/listener
ce03e9c Fix a typo in examples/gotutorial.md (#1374)
d672391 Use log severity and verbosity level (#1340)
Additional commits viewable in compare view

Updates google.golang.org/protobuf from 1.33.0 to 1.34.2

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the all group with 3 updates in the /hack/tools directory: [github.com/googleapis/api-linter](https://github.com/googleapis/api-linter), [github.com/grpc-ecosystem/grpc-gateway/v2](https://github.com/grpc-ecosystem/grpc-gateway) and [google.golang.org/grpc/cmd/protoc-gen-go-grpc](https://github.com/grpc/grpc-go). Updates `github.com/googleapis/api-linter` from 1.65.0 to 1.67.1 - [Release notes](https://github.com/googleapis/api-linter/releases) - [Changelog](https://github.com/googleapis/api-linter/blob/main/CHANGELOG.md) - [Commits](googleapis/api-linter@v1.65.0...v1.67.1) Updates `github.com/grpc-ecosystem/grpc-gateway/v2` from 2.19.1 to 2.21.0 - [Release notes](https://github.com/grpc-ecosystem/grpc-gateway/releases) - [Changelog](https://github.com/grpc-ecosystem/grpc-gateway/blob/main/.goreleaser.yml) - [Commits](grpc-ecosystem/grpc-gateway@v2.19.1...v2.21.0) Updates `google.golang.org/grpc/cmd/protoc-gen-go-grpc` from 1.3.0 to 1.5.1 - [Release notes](https://github.com/grpc/grpc-go/releases) - [Commits](grpc/grpc-go@v1.3.0...v1.5.1) Updates `google.golang.org/protobuf` from 1.33.0 to 1.34.2 --- updated-dependencies: - dependency-name: github.com/googleapis/api-linter dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all - dependency-name: github.com/grpc-ecosystem/grpc-gateway/v2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all - dependency-name: google.golang.org/grpc/cmd/protoc-gen-go-grpc dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all - dependency-name: google.golang.org/protobuf dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all ... Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: Hayden Blauzvern <hblauzvern@google.com>

* Bump the all group across 1 directory with 4 updates Bumps the all group with 3 updates in the /hack/tools directory: [github.com/googleapis/api-linter](https://github.com/googleapis/api-linter), [github.com/grpc-ecosystem/grpc-gateway/v2](https://github.com/grpc-ecosystem/grpc-gateway) and [google.golang.org/grpc/cmd/protoc-gen-go-grpc](https://github.com/grpc/grpc-go). Updates `github.com/googleapis/api-linter` from 1.65.0 to 1.67.1 - [Release notes](https://github.com/googleapis/api-linter/releases) - [Changelog](https://github.com/googleapis/api-linter/blob/main/CHANGELOG.md) - [Commits](googleapis/api-linter@v1.65.0...v1.67.1) Updates `github.com/grpc-ecosystem/grpc-gateway/v2` from 2.19.1 to 2.21.0 - [Release notes](https://github.com/grpc-ecosystem/grpc-gateway/releases) - [Changelog](https://github.com/grpc-ecosystem/grpc-gateway/blob/main/.goreleaser.yml) - [Commits](grpc-ecosystem/grpc-gateway@v2.19.1...v2.21.0) Updates `google.golang.org/grpc/cmd/protoc-gen-go-grpc` from 1.3.0 to 1.5.1 - [Release notes](https://github.com/grpc/grpc-go/releases) - [Commits](grpc/grpc-go@v1.3.0...v1.5.1) Updates `google.golang.org/protobuf` from 1.33.0 to 1.34.2 --- updated-dependencies: - dependency-name: github.com/googleapis/api-linter dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all - dependency-name: github.com/grpc-ecosystem/grpc-gateway/v2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all - dependency-name: google.golang.org/grpc/cmd/protoc-gen-go-grpc dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all - dependency-name: google.golang.org/protobuf dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all ... Signed-off-by: dependabot[bot] <support@github.com> * update gen protos Signed-off-by: Hayden Blauzvern <hblauzvern@google.com> --------- Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Hayden Blauzvern <hblauzvern@google.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Hayden Blauzvern <hblauzvern@google.com>

* Bump github.com/sigstore/sigstore/pkg/signature/kms/gcp Bumps [github.com/sigstore/sigstore/pkg/signature/kms/gcp](https://github.com/sigstore/sigstore) from 1.8.1 to 1.8.2. - [Release notes](https://github.com/sigstore/sigstore/releases) - [Commits](https://github.com/sigstore/sigstore/compare/v1.8.1...v1.8.2) --- updated-dependencies: - dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/gcp dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * Bump google.golang.org/grpc from 1.62.0 to 1.62.1 Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.62.0 to 1.62.1. - [Release notes](https://github.com/grpc/grpc-go/releases) - [Commits](https://github.com/grpc/grpc-go/compare/v1.62.0...v1.62.1) --- updated-dependencies: - dependency-name: google.golang.org/grpc dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * Bump github.com/spiffe/go-spiffe/v2 from 2.1.7 to 2.2.0 Bumps [github.com/spiffe/go-spiffe/v2](https://github.com/spiffe/go-spiffe) from 2.1.7 to 2.2.0. - [Release notes](https://github.com/spiffe/go-spiffe/releases) - [Changelog](https://github.com/spiffe/go-spiffe/blob/main/CHANGELOG.md) - [Commits](https://github.com/spiffe/go-spiffe/compare/v2.1.7...v2.2.0) --- updated-dependencies: - dependency-name: github.com/spiffe/go-spiffe/v2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Bump sigs.k8s.io/release-utils from 0.7.7 to 0.8.1 Bumps [sigs.k8s.io/release-utils](https://github.com/kubernetes-sigs/release-utils) from 0.7.7 to 0.8.1. - [Release notes](https://github.com/kubernetes-sigs/release-utils/releases) - [Commits](https://github.com/kubernetes-sigs/release-utils/compare/v0.7.7...v0.8.1) --- updated-dependencies: - dependency-name: sigs.k8s.io/release-utils dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Bump codecov/codecov-action from 4.1.1 to 4.2.0 Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 4.1.1 to 4.2.0. - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/codecov/codecov-action/compare/c16abc29c95fcf9174b58eb7e1abf4c866893bc8...7afa10ed9b269c561c2336fd862446844e0cbf71) --- updated-dependencies: - dependency-name: codecov/codecov-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Upgrade go to 1.22 (#1625) * upgrade go to 1.22 Signed-off-by: cpanato <ctadeu@gmail.com> * ci housekeeping Signed-off-by: cpanato <ctadeu@gmail.com> * fix lints Signed-off-by: cpanato <ctadeu@gmail.com> * update go.mod to pin on go1.21.9 Signed-off-by: cpanato <ctadeu@gmail.com> --------- Signed-off-by: cpanato <ctadeu@gmail.com> * Bump codecov/codecov-action from 4.2.0 to 4.3.0 in the all group Bumps the all group with 1 update: [codecov/codecov-action](https://github.com/codecov/codecov-action). Updates `codecov/codecov-action` from 4.2.0 to 4.3.0 - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/codecov/codecov-action/compare/7afa10ed9b269c561c2336fd862446844e0cbf71...84508663e988701840491b86de86b666e8a86bed) --- updated-dependencies: - dependency-name: codecov/codecov-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all ... Signed-off-by: dependabot[bot] <support@github.com> * Bump the all group with 4 updates Bumps the all group with 4 updates: [chainguard.dev/go-grpc-kit](https://github.com/chainguard-dev/go-grpc-kit), [github.com/prometheus/client_model](https://github.com/prometheus/client_model), [github.com/sigstore/sigstore/pkg/signature/kms/aws](https://github.com/sigstore/sigstore) and [go.step.sm/crypto](https://github.com/smallstep/crypto). Updates `chainguard.dev/go-grpc-kit` from 0.17.2 to 0.17.3 - [Release notes](https://github.com/chainguard-dev/go-grpc-kit/releases) - [Commits](https://github.com/chainguard-dev/go-grpc-kit/compare/v0.17.2...v0.17.3) Updates `github.com/prometheus/client_model` from 0.6.0 to 0.6.1 - [Release notes](https://github.com/prometheus/client_model/releases) - [Commits](https://github.com/prometheus/client_model/compare/v0.6.0...v0.6.1) Updates `github.com/sigstore/sigstore/pkg/signature/kms/aws` from 1.8.2 to 1.8.3 - [Release notes](https://github.com/sigstore/sigstore/releases) - [Commits](https://github.com/sigstore/sigstore/compare/v1.8.2...v1.8.3) Updates `go.step.sm/crypto` from 0.44.2 to 0.44.3 - [Release notes](https://github.com/smallstep/crypto/releases) - [Commits](https://github.com/smallstep/crypto/compare/v0.44.2...v0.44.3) --- updated-dependencies: - dependency-name: chainguard.dev/go-grpc-kit dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: github.com/prometheus/client_model dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/aws dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: go.step.sm/crypto dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all ... Signed-off-by: dependabot[bot] <support@github.com> * switch to community repo of reusable-release (#1636) Signed-off-by: Bob Callaway <bcallaway@google.com> * Bump github.com/googleapis/api-linter in /hack/tools in the all group Bumps the all group in /hack/tools with 1 update: [github.com/googleapis/api-linter](https://github.com/googleapis/api-linter). Updates `github.com/googleapis/api-linter` from 1.64.0 to 1.65.0 - [Release notes](https://github.com/googleapis/api-linter/releases) - [Changelog](https://github.com/googleapis/api-linter/blob/main/CHANGELOG.md) - [Commits](https://github.com/googleapis/api-linter/compare/v1.64.0...v1.65.0) --- updated-dependencies: - dependency-name: github.com/googleapis/api-linter dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all ... Signed-off-by: dependabot[bot] <support@github.com> * Bump sigstore/cosign-installer from 3.4.0 to 3.5.0 in the all group Bumps the all group with 1 update: [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer). Updates `sigstore/cosign-installer` from 3.4.0 to 3.5.0 - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](https://github.com/sigstore/cosign-installer/compare/e1523de7571e31dbe865fd2e80c5c7c23ae71eb4...59acb6260d9c0ba8f4a2f9d9b48431a222b68e20) --- updated-dependencies: - dependency-name: sigstore/cosign-installer dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all ... Signed-off-by: dependabot[bot] <support@github.com> * Bump the all group with 2 updates Bumps the all group with 2 updates: [actions/checkout](https://github.com/actions/checkout) and [actions/upload-artifact](https://github.com/actions/upload-artifact). Updates `actions/checkout` from 4.1.2 to 4.1.3 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/9bb56186c3b09b4f86b1c65136769dd318469633...1d96c772d19495a3b5c517cd2bc0cb401ea0529f) Updates `actions/upload-artifact` from 4.3.1 to 4.3.2 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/5d5d22a31266ced268874388b861e4b58bb5c2f3...1746f4ab65b179e0ea60a494b83293b640dd5bba) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all ... Signed-off-by: dependabot[bot] <support@github.com> * Bump go.step.sm/crypto from 0.44.3 to 0.44.6 in the all group Bumps the all group with 1 update: [go.step.sm/crypto](https://github.com/smallstep/crypto). Updates `go.step.sm/crypto` from 0.44.3 to 0.44.6 - [Release notes](https://github.com/smallstep/crypto/releases) - [Commits](https://github.com/smallstep/crypto/compare/v0.44.3...v0.44.6) --- updated-dependencies: - dependency-name: go.step.sm/crypto dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all ... Signed-off-by: dependabot[bot] <support@github.com> * Bump the all group with 2 updates Bumps the all group with 2 updates: [actions/checkout](https://github.com/actions/checkout) and [actions/upload-artifact](https://github.com/actions/upload-artifact). Updates `actions/checkout` from 4.1.3 to 4.1.4 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/1d96c772d19495a3b5c517cd2bc0cb401ea0529f...0ad4b8fadaa221de15dcec353f45205ec38ea70b) Updates `actions/upload-artifact` from 4.3.2 to 4.3.3 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/1746f4ab65b179e0ea60a494b83293b640dd5bba...65462800fd760344b1a7b4382951275a0abb4808) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all ... Signed-off-by: dependabot[bot] <support@github.com> * Bump golangci/golangci-lint-action from 4.0.0 to 5.0.0 Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) from 4.0.0 to 5.0.0. - [Release notes](https://github.com/golangci/golangci-lint-action/releases) - [Commits](https://github.com/golangci/golangci-lint-action/compare/3cfe3a4abbb849e10058ce4af15d205b6da42804...82d40c283aeb1f2b6595839195e95c2d6a49081b) --- updated-dependencies: - dependency-name: golangci/golangci-lint-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * Bump the all group with 2 updates Bumps the all group with 2 updates: [go.step.sm/crypto](https://github.com/smallstep/crypto) and [google.golang.org/api](https://github.com/googleapis/google-api-go-client). Updates `go.step.sm/crypto` from 0.44.6 to 0.44.8 - [Release notes](https://github.com/smallstep/crypto/releases) - [Commits](https://github.com/smallstep/crypto/compare/v0.44.6...v0.44.8) Updates `google.golang.org/api` from 0.175.0 to 0.176.0 - [Release notes](https://github.com/googleapis/google-api-go-client/releases) - [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md) - [Commits](https://github.com/googleapis/google-api-go-client/compare/v0.175.0...v0.176.0) --- updated-dependencies: - dependency-name: go.step.sm/crypto dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: google.golang.org/api dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all ... Signed-off-by: dependabot[bot] <support@github.com> * Bump the all group with 3 updates Bumps the all group with 3 updates: [actions/setup-go](https://github.com/actions/setup-go), [codecov/codecov-action](https://github.com/codecov/codecov-action) and [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action). Updates `actions/setup-go` from 5.0.0 to 5.0.1 - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](https://github.com/actions/setup-go/compare/0c52d547c9bc32b1aa3301fd7a9cb496313a4491...cdcb36043654635271a94b9a6d1392de5bb323a7) Updates `codecov/codecov-action` from 4.3.0 to 4.3.1 - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/codecov/codecov-action/compare/84508663e988701840491b86de86b666e8a86bed...5ecb98a3c6b747ed38dc09f787459979aebb39be) Updates `golangci/golangci-lint-action` from 5.0.0 to 5.3.0 - [Release notes](https://github.com/golangci/golangci-lint-action/releases) - [Commits](https://github.com/golangci/golangci-lint-action/compare/82d40c283aeb1f2b6595839195e95c2d6a49081b...38e1018663fa5173f3968ea0777460d3de38f256) --- updated-dependencies: - dependency-name: actions/setup-go dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: codecov/codecov-action dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: golangci/golangci-lint-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all ... Signed-off-by: dependabot[bot] <support@github.com> * Bump golangci/golangci-lint-action from 5.3.0 to 6.0.1 Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) from 5.3.0 to 6.0.1. - [Release notes](https://github.com/golangci/golangci-lint-action/releases) - [Commits](https://github.com/golangci/golangci-lint-action/compare/38e1018663fa5173f3968ea0777460d3de38f256...a4f60bb28d35aeee14e6880718e0c85ff1882e64) --- updated-dependencies: - dependency-name: golangci/golangci-lint-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * Bump the all group with 2 updates Bumps the all group with 2 updates: [actions/checkout](https://github.com/actions/checkout) and [ossf/scorecard-action](https://github.com/ossf/scorecard-action). Updates `actions/checkout` from 4.1.4 to 4.1.5 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/0ad4b8fadaa221de15dcec353f45205ec38ea70b...44c2b7a8a4ea60a981eaca3cf939b5f4305c123b) Updates `ossf/scorecard-action` from 2.3.1 to 2.3.3 - [Release notes](https://github.com/ossf/scorecard-action/releases) - [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md) - [Commits](https://github.com/ossf/scorecard-action/compare/0864cf19026789058feabb7e87baa5f140aac736...dc50aa9510b46c811795eb24b2f1ba02a914e534) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: ossf/scorecard-action dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all ... Signed-off-by: dependabot[bot] <support@github.com> * Bump the all group across 1 directory with 2 updates Bumps the all group with 2 updates in the / directory: [github.com/prometheus/client_golang](https://github.com/prometheus/client_golang) and [sigs.k8s.io/release-utils](https://github.com/kubernetes-sigs/release-utils). Updates `github.com/prometheus/client_golang` from 1.19.0 to 1.19.1 - [Release notes](https://github.com/prometheus/client_golang/releases) - [Changelog](https://github.com/prometheus/client_golang/blob/main/CHANGELOG.md) - [Commits](https://github.com/prometheus/client_golang/compare/v1.19.0...v1.19.1) Updates `sigs.k8s.io/release-utils` from 0.8.1 to 0.8.2 - [Release notes](https://github.com/kubernetes-sigs/release-utils/releases) - [Commits](https://github.com/kubernetes-sigs/release-utils/compare/v0.8.1...v0.8.2) --- updated-dependencies: - dependency-name: github.com/prometheus/client_golang dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: sigs.k8s.io/release-utils dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all ... Signed-off-by: dependabot[bot] <support@github.com> * docs: Fix extensions for digest values requiring a type prefix (#1661) * docs: Fix extensions for digest values requiring a type prefix Signed-off-by: Facundo Tuesca <facundo.tuesca@trailofbits.com> * docs: Reformat table mapping OIDC token claims to Fulcio OIDs Signed-off-by: Facundo Tuesca <facundo.tuesca@trailofbits.com> --------- Signed-off-by: Facundo Tuesca <facundo.tuesca@trailofbits.com> * oid-info: fix table render (#1662) Signed-off-by: William Woodruff <william@trailofbits.com> * update jobs to use go1.22.3 (#1660) Signed-off-by: cpanato <ctadeu@gmail.com> * Bump golang.org/x/net (#1640) Bumps the go_modules group with 1 update in the /hack/tools directory: [golang.org/x/net](https://github.com/golang/net). Updates `golang.org/x/net` from 0.21.0 to 0.23.0 - [Commits](https://github.com/golang/net/compare/v0.21.0...v0.23.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: indirect dependency-group: go_modules ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump the all group with 3 updates Bumps the all group with 3 updates: [actions/checkout](https://github.com/actions/checkout), [google-github-actions/auth](https://github.com/google-github-actions/auth) and [codecov/codecov-action](https://github.com/codecov/codecov-action). Updates `actions/checkout` from 4.1.5 to 4.1.6 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/44c2b7a8a4ea60a981eaca3cf939b5f4305c123b...a5ac7e51b41094c92402da3b24376905380afc29) Updates `google-github-actions/auth` from 2.1.2 to 2.1.3 - [Release notes](https://github.com/google-github-actions/auth/releases) - [Changelog](https://github.com/google-github-actions/auth/blob/main/CHANGELOG.md) - [Commits](https://github.com/google-github-actions/auth/compare/55bd3a7c6e2ae7cf1877fd1ccb9d54c0503c457c...71fee32a0bb7e97b4d33d548e7d957010649d8fa) Updates `codecov/codecov-action` from 4.3.1 to 4.4.0 - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/codecov/codecov-action/compare/5ecb98a3c6b747ed38dc09f787459979aebb39be...6d798873df2b1b8e5846dba6fb86631229fbcb17) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: google-github-actions/auth dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: codecov/codecov-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all ... Signed-off-by: dependabot[bot] <support@github.com> * Bump go.step.sm/crypto from 0.44.8 to 0.45.0 Bumps [go.step.sm/crypto](https://github.com/smallstep/crypto) from 0.44.8 to 0.45.0. - [Release notes](https://github.com/smallstep/crypto/releases) - [Commits](https://github.com/smallstep/crypto/compare/v0.44.8...v0.45.0) --- updated-dependencies: - dependency-name: go.step.sm/crypto dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Bump codecov/codecov-action from 4.4.0 to 4.4.1 in the all group Bumps the all group with 1 update: [codecov/codecov-action](https://github.com/codecov/codecov-action). Updates `codecov/codecov-action` from 4.4.0 to 4.4.1 - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/codecov/codecov-action/compare/6d798873df2b1b8e5846dba6fb86631229fbcb17...125fc84a9a348dbcf27191600683ec096ec9021c) --- updated-dependencies: - dependency-name: codecov/codecov-action dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all ... Signed-off-by: dependabot[bot] <support@github.com> * Bump protocolbuffers/protobuf from 26.1 to 27.0 (#1674) * Bump protocolbuffers/protobuf from 26.1 to 27.0 Bumps [protocolbuffers/protobuf](https://github.com/protocolbuffers/protobuf) from 26.1 to 27.0. - [Release notes](https://github.com/protocolbuffers/protobuf/releases) - [Changelog](https://github.com/protocolbuffers/protobuf/blob/main/protobuf_release.bzl) - [Commits](https://github.com/protocolbuffers/protobuf/compare/v26.1...v27.0) --- updated-dependencies: - dependency-name: protocolbuffers/protobuf dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * Update main.yml Signed-off-by: Carlos Tadeu Panato Junior <ctadeu@gmail.com> --------- Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Carlos Tadeu Panato Junior <ctadeu@gmail.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Carlos Tadeu Panato Junior <ctadeu@gmail.com> * Bump github.com/spf13/viper from 1.18.2 to 1.19.0 Bumps [github.com/spf13/viper](https://github.com/spf13/viper) from 1.18.2 to 1.19.0. - [Release notes](https://github.com/spf13/viper/releases) - [Commits](https://github.com/spf13/viper/compare/v1.18.2...v1.19.0) --- updated-dependencies: - dependency-name: github.com/spf13/viper dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Adding support for configuration from yaml file (#1687) * Create support for configuration from yaml file Signed-off-by: Javan lacerda <javanlacerda@google.com> * conform code to lint Signed-off-by: Javan lacerda <javanlacerda@google.com> --------- Signed-off-by: Javan lacerda <javanlacerda@google.com> * Bump github.com/Azure/azure-sdk-for-go/sdk/azidentity Bumps the go_modules group with 1 update: [github.com/Azure/azure-sdk-for-go/sdk/azidentity](https://github.com/Azure/azure-sdk-for-go). Updates `github.com/Azure/azure-sdk-for-go/sdk/azidentity` from 1.5.2 to 1.6.0 - [Release notes](https://github.com/Azure/azure-sdk-for-go/releases) - [Changelog](https://github.com/Azure/azure-sdk-for-go/blob/main/documentation/release.md) - [Commits](https://github.com/Azure/azure-sdk-for-go/compare/sdk/internal/v1.5.2...sdk/azcore/v1.6.0) --- updated-dependencies: - dependency-name: github.com/Azure/azure-sdk-for-go/sdk/azidentity dependency-type: indirect dependency-group: go_modules ... Signed-off-by: dependabot[bot] <support@github.com> * Bump the all group across 1 directory with 6 updates (#1699) * Bump the all group across 1 directory with 6 updates Bumps the all group with 3 updates in the / directory: [chainguard.dev/go-grpc-kit](https://github.com/chainguard-dev/go-grpc-kit), [github.com/spf13/cobra](https://github.com/spf13/cobra) and google.golang.org/protobuf. Updates `chainguard.dev/go-grpc-kit` from 0.17.3 to 0.17.5 - [Release notes](https://github.com/chainguard-dev/go-grpc-kit/releases) - [Commits](https://github.com/chainguard-dev/go-grpc-kit/compare/v0.17.3...v0.17.5) Updates `github.com/grpc-ecosystem/grpc-gateway/v2` from 2.19.1 to 2.20.0 - [Release notes](https://github.com/grpc-ecosystem/grpc-gateway/releases) - [Changelog](https://github.com/grpc-ecosystem/grpc-gateway/blob/main/.goreleaser.yml) - [Commits](https://github.com/grpc-ecosystem/grpc-gateway/compare/v2.19.1...v2.20.0) Updates `github.com/spf13/cobra` from 1.8.0 to 1.8.1 - [Release notes](https://github.com/spf13/cobra/releases) - [Commits](https://github.com/spf13/cobra/compare/v1.8.0...v1.8.1) Updates `google.golang.org/genproto/googleapis/api` from 0.0.0-20240513163218-0867130af1f8 to 0.0.0-20240520151616-dc85e6b867a5 - [Commits](https://github.com/googleapis/go-genproto/commits) Updates `google.golang.org/grpc` from 1.63.2 to 1.64.0 - [Release notes](https://github.com/grpc/grpc-go/releases) - [Commits](https://github.com/grpc/grpc-go/compare/v1.63.2...v1.64.0) Updates `google.golang.org/protobuf` from 1.34.1 to 1.34.2 --- updated-dependencies: - dependency-name: chainguard.dev/go-grpc-kit dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: github.com/grpc-ecosystem/grpc-gateway/v2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all - dependency-name: github.com/spf13/cobra dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: google.golang.org/genproto/googleapis/api dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: google.golang.org/grpc dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all - dependency-name: google.golang.org/protobuf dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all ... Signed-off-by: dependabot[bot] <support@github.com> * fix deprecation Signed-off-by: cpanato <ctadeu@gmail.com> * update e2e tests Signed-off-by: cpanato <ctadeu@gmail.com> --------- Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: cpanato <ctadeu@gmail.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: cpanato <ctadeu@gmail.com> * Bump go.step.sm/crypto from 0.45.0 to 0.47.1 Bumps [go.step.sm/crypto](https://github.com/smallstep/crypto) from 0.45.0 to 0.47.1. - [Release notes](https://github.com/smallstep/crypto/releases) - [Commits](https://github.com/smallstep/crypto/compare/v0.45.0...v0.47.1) --- updated-dependencies: - dependency-name: go.step.sm/crypto dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * bump to go1.22.4 and update goreleaser and golangci-lint Signed-off-by: cpanato <ctadeu@gmail.com> * update deprecated flags Signed-off-by: cpanato <ctadeu@gmail.com> * Bump google.golang.org/api from 0.183.0 to 0.185.0 Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.183.0 to 0.185.0. - [Release notes](https://github.com/googleapis/google-api-go-client/releases) - [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md) - [Commits](https://github.com/googleapis/google-api-go-client/compare/v0.183.0...v0.185.0) --- updated-dependencies: - dependency-name: google.golang.org/api dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Bump github.com/spiffe/go-spiffe/v2 from 2.2.0 to 2.3.0 Bumps [github.com/spiffe/go-spiffe/v2](https://github.com/spiffe/go-spiffe) from 2.2.0 to 2.3.0. - [Release notes](https://github.com/spiffe/go-spiffe/releases) - [Changelog](https://github.com/spiffe/go-spiffe/blob/main/CHANGELOG.md) - [Commits](https://github.com/spiffe/go-spiffe/compare/v2.2.0...v2.3.0) --- updated-dependencies: - dependency-name: github.com/spiffe/go-spiffe/v2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Bump github.com/google/certificate-transparency-go from 1.1.8 to 1.2.1 Bumps [github.com/google/certificate-transparency-go](https://github.com/google/certificate-transparency-go) from 1.1.8 to 1.2.1. - [Release notes](https://github.com/google/certificate-transparency-go/releases) - [Changelog](https://github.com/google/certificate-transparency-go/blob/master/CHANGELOG.md) - [Commits](https://github.com/google/certificate-transparency-go/compare/v1.1.8...v1.2.1) --- updated-dependencies: - dependency-name: github.com/google/certificate-transparency-go dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Bump the all group across 1 directory with 4 updates Bumps the all group with 4 updates in the / directory: [actions/checkout](https://github.com/actions/checkout), [ko-build/setup-ko](https://github.com/ko-build/setup-ko), [codecov/codecov-action](https://github.com/codecov/codecov-action) and [protocolbuffers/protobuf](https://github.com/protocolbuffers/protobuf). Updates `actions/checkout` from 4.1.6 to 4.1.7 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/a5ac7e51b41094c92402da3b24376905380afc29...692973e3d937129bcbf40652eb9f2f61becf3332) Updates `ko-build/setup-ko` from 0.6 to 0.7 - [Release notes](https://github.com/ko-build/setup-ko/releases) - [Commits](https://github.com/ko-build/setup-ko/compare/ace48d793556083a76f1e3e6068850c1f4a369aa...3aebd0597dc1e9d1a26bcfdb7cbeb19c131d3037) Updates `codecov/codecov-action` from 4.4.1 to 4.5.0 - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/codecov/codecov-action/compare/125fc84a9a348dbcf27191600683ec096ec9021c...e28ff129e5465c2c0dcc6f003fc735cb6ae0c673) Updates `protocolbuffers/protobuf` from 27.0 to 27.1 - [Release notes](https://github.com/protocolbuffers/protobuf/releases) - [Changelog](https://github.com/protocolbuffers/protobuf/blob/main/protobuf_release.bzl) - [Commits](https://github.com/protocolbuffers/protobuf/compare/v27.0...v27.1) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: ko-build/setup-ko dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all - dependency-name: codecov/codecov-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all - dependency-name: protocolbuffers/protobuf dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all ... Signed-off-by: dependabot[bot] <support@github.com> * Update README.md (#1700) Signed-off-by: Carlos Tadeu Panato Junior <ctadeu@gmail.com> * replace gopkg.in/square/go-jose.v2 to github.com/go-jose/go-jose/v4 (#1686) Signed-off-by: cpanato <ctadeu@gmail.com> * Add Chainguard OIDC provider. (#1703) This adds support for Chainguard issued tokens, so that users can sign with their Chainguard-issued identity, and so that we can explore signing our own content with our internal service principal construct (see issue). Related: https://github.com/sigstore/fulcio/issues/1702 Signed-off-by: Matt Moore <mattmoor@chainguard.dev> * Bump github.com/hashicorp/go-retryablehttp in the go_modules group Bumps the go_modules group with 1 update: [github.com/hashicorp/go-retryablehttp](https://github.com/hashicorp/go-retryablehttp). Updates `github.com/hashicorp/go-retryablehttp` from 0.7.6 to 0.7.7 - [Changelog](https://github.com/hashicorp/go-retryablehttp/blob/main/CHANGELOG.md) - [Commits](https://github.com/hashicorp/go-retryablehttp/compare/v0.7.6...v0.7.7) --- updated-dependencies: - dependency-name: github.com/hashicorp/go-retryablehttp dependency-type: indirect dependency-group: go_modules ... Signed-off-by: dependabot[bot] <support@github.com> * Bump github.com/prometheus/common from 0.54.0 to 0.55.0 Bumps [github.com/prometheus/common](https://github.com/prometheus/common) from 0.54.0 to 0.55.0. - [Release notes](https://github.com/prometheus/common/releases) - [Changelog](https://github.com/prometheus/common/blob/main/RELEASE.md) - [Commits](https://github.com/prometheus/common/compare/v0.54.0...v0.55.0) --- updated-dependencies: - dependency-name: github.com/prometheus/common dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Bump protocolbuffers/protobuf from 27.1 to 27.2 in the all group Bumps the all group with 1 update: [protocolbuffers/protobuf](https://github.com/protocolbuffers/protobuf). Updates `protocolbuffers/protobuf` from 27.1 to 27.2 - [Release notes](https://github.com/protocolbuffers/protobuf/releases) - [Changelog](https://github.com/protocolbuffers/protobuf/blob/main/protobuf_release.bzl) - [Commits](https://github.com/protocolbuffers/protobuf/compare/v27.1...v27.2) --- updated-dependencies: - dependency-name: protocolbuffers/protobuf dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all ... Signed-off-by: dependabot[bot] <support@github.com> * Update main.yml Signed-off-by: Carlos Tadeu Panato Junior <ctadeu@gmail.com> * Bump actions/upload-artifact from 4.3.3 to 4.3.4 in the all group Bumps the all group with 1 update: [actions/upload-artifact](https://github.com/actions/upload-artifact). Updates `actions/upload-artifact` from 4.3.3 to 4.3.4 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/65462800fd760344b1a7b4382951275a0abb4808...0b2256b8c012f0828dc542b3febcab082c67f72b) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all ... Signed-off-by: dependabot[bot] <support@github.com> * Add changelog for v1.5.0 (#1723) Signed-off-by: Hayden Blauzvern <hblauzvern@google.com> * CiProvider as a new OIDCIssuer type (#1679) This adds a new generic CI provider so that new CI providers can be added via configuration without any code changes. The existing CI providers will be migrated over. Ref: #1111 Signed-off-by: Javan lacerda <javanlacerda@google.com> * Bump google.golang.org/grpc in the go_modules group (#1724) Bumps the go_modules group with 1 update: [google.golang.org/grpc](https://github.com/grpc/grpc-go). Updates `google.golang.org/grpc` from 1.64.0 to 1.64.1 - [Release notes](https://github.com/grpc/grpc-go/releases) - [Commits](https://github.com/grpc/grpc-go/compare/v1.64.0...v1.64.1) --- updated-dependencies: - dependency-name: google.golang.org/grpc dependency-type: direct:production dependency-group: go_modules ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Surface the right `Name()` from our principal. (#1726) The cosign logic for interacting with Fulcio treats identity tokens as *largely* opaque, and most of the logic for how issuers and subjects and whatnot is handled happens server-side. However, for the "proof of possession" `cosign` has some logic (from `sigstore/sigstore`) that fumbles with `email` and `sub` claims in ways that have (until now) been compatible with Fulcio principals. The Chainguard provider is the first provider that optionally includes an `email` claim, but we always want the subject we use to be our opaque identifier string (from `sub`). This creates a tear in the fulcio/cosign continuum, and so we must surface what `cosign` is signing as `Name()` even though that isn't necessarily what we embed in the certificate. The only correct way to implement `Name()` today is to match what this function does, and current implementations happen to align, but unfortunately because of how this abstraction is formulated it is challenging to actually change how we confirm the proof of possession to use this directly in place of the principal itself. Fixes: https://github.com/sigstore/cosign/issues/3777 Signed-off-by: Matt Moore <mattmoor@chainguard.dev> * Revert "CiProvider as a new OIDCIssuer type (#1679)" (#1727) This reverts commit 66485b693867adc650aea85777f1899286c3c7ce. * Changelog for v1.5.1 (#1728) Signed-off-by: Hayden Blauzvern <hblauzvern@google.com> * CiProvider as a new OIDCIssuer type (#1729) This adds a new generic CI provider so that new CI providers can be added via configuration without any code changes. The existing CI providers will be migrated over. Ref: #1111 Add back #1679 Signed-off-by: Javan lacerda javanlacerda@google.com * Bump the all group across 1 directory with 8 updates (#1719) * Bump the all group across 1 directory with 8 updates Bumps the all group with 6 updates in the / directory: | Package | From | To | | --- | --- | --- | | [cloud.google.com/go/security](https://github.com/googleapis/google-cloud-go) | `1.17.0` | `1.17.2` | | [github.com/sigstore/sigstore](https://github.com/sigstore/sigstore) | `1.8.4` | `1.8.6` | | [github.com/sigstore/sigstore/pkg/signature/kms/aws](https://github.com/sigstore/sigstore) | `1.8.4` | `1.8.6` | | [github.com/sigstore/sigstore/pkg/signature/kms/azure](https://github.com/sigstore/sigstore) | `1.8.4` | `1.8.6` | | [github.com/sigstore/sigstore/pkg/signature/kms/gcp](https://github.com/sigstore/sigstore) | `1.8.4` | `1.8.6` | | [github.com/sigstore/sigstore/pkg/signature/kms/hashivault](https://github.com/sigstore/sigstore) | `1.8.4` | `1.8.6` | Updates `cloud.google.com/go/security` from 1.17.0 to 1.17.2 - [Release notes](https://github.com/googleapis/google-cloud-go/releases) - [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/documentai/CHANGES.md) - [Commits](https://github.com/googleapis/google-cloud-go/compare/kms/v1.17.0...asset/v1.17.2) Updates `github.com/sigstore/sigstore` from 1.8.4 to 1.8.6 - [Release notes](https://github.com/sigstore/sigstore/releases) - [Commits](https://github.com/sigstore/sigstore/compare/v1.8.4...v1.8.6) Updates `github.com/sigstore/sigstore/pkg/signature/kms/aws` from 1.8.4 to 1.8.6 - [Release notes](https://github.com/sigstore/sigstore/releases) - [Commits](https://github.com/sigstore/sigstore/compare/v1.8.4...v1.8.6) Updates `github.com/sigstore/sigstore/pkg/signature/kms/azure` from 1.8.4 to 1.8.6 - [Release notes](https://github.com/sigstore/sigstore/releases) - [Commits](https://github.com/sigstore/sigstore/compare/v1.8.4...v1.8.6) Updates `github.com/sigstore/sigstore/pkg/signature/kms/gcp` from 1.8.4 to 1.8.6 - [Release notes](https://github.com/sigstore/sigstore/releases) - [Commits](https://github.com/sigstore/sigstore/compare/v1.8.4...v1.8.6) Updates `github.com/sigstore/sigstore/pkg/signature/kms/hashivault` from 1.8.4 to 1.8.6 - [Release notes](https://github.com/sigstore/sigstore/releases) - [Commits](https://github.com/sigstore/sigstore/compare/v1.8.4...v1.8.6) Updates `google.golang.org/api` from 0.185.0 to 0.187.0 - [Release notes](https://github.com/googleapis/google-api-go-client/releases) - [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md) - [Commits](https://github.com/googleapis/google-api-go-client/compare/v0.185.0...v0.187.0) Updates `google.golang.org/genproto/googleapis/api` from 0.0.0-20240610135401-a8a62080eff3 to 0.0.0-20240617180043-68d350f18fd4 - [Commits](https://github.com/googleapis/go-genproto/commits) --- updated-dependencies: - dependency-name: cloud.google.com/go/security dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: github.com/sigstore/sigstore dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/aws dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/azure dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/gcp dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/hashivault dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: google.golang.org/api dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all - dependency-name: google.golang.org/genproto/googleapis/api dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all ... Signed-off-by: dependabot[bot] <support@github.com> * update test Signed-off-by: cpanato <ctadeu@gmail.com> --------- Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: cpanato <ctadeu@gmail.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: cpanato <ctadeu@gmail.com> * Bump go.step.sm/crypto from 0.47.1 to 0.50.0 Bumps [go.step.sm/crypto](https://github.com/smallstep/crypto) from 0.47.1 to 0.50.0. - [Release notes](https://github.com/smallstep/crypto/releases) - [Commits](https://github.com/smallstep/crypto/compare/v0.47.1...v0.50.0) --- updated-dependencies: - dependency-name: go.step.sm/crypto dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Bump actions/setup-go from 5.0.1 to 5.0.2 in the all group Bumps the all group with 1 update: [actions/setup-go](https://github.com/actions/setup-go). Updates `actions/setup-go` from 5.0.1 to 5.0.2 - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](https://github.com/actions/setup-go/compare/cdcb36043654635271a94b9a6d1392de5bb323a7...0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32) --- updated-dependencies: - dependency-name: actions/setup-go dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all ... Signed-off-by: dependabot[bot] <support@github.com> * Bump github.com/coreos/go-oidc/v3 from 3.10.0 to 3.11.0 Bumps [github.com/coreos/go-oidc/v3](https://github.com/coreos/go-oidc) from 3.10.0 to 3.11.0. - [Release notes](https://github.com/coreos/go-oidc/releases) - [Commits](https://github.com/coreos/go-oidc/compare/v3.10.0...v3.11.0) --- updated-dependencies: - dependency-name: github.com/coreos/go-oidc/v3 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Move configuration to yaml format (#1720) Migrate the configuration file from json to yaml Also removes the fulcio-config.yaml file that isn't used Concentrate the issuers and meta-issuers in a single file that can be found at config/identity/config.yaml Also removes the https://auth-staging.eclipse.org/realms/sigstore from the list of issuers, as it is unavailable. Removes the federation script as it has not been used, and switches over to a test that's run to check validity of the configuration. Ref #1111 Signed-off-by: Javan lacerda <javanlacerda@google.com> * Removes identity providers federation (#1736) Removes the identity providers federation, and update the documentation for adding new identity providers, including ci-providers. Ref #1111 Signed-off-by: Javan Lacerda <javanlacerda@google.com> * Bump the all group across 1 directory with 11 updates Bumps the all group with 9 updates in the / directory: | Package | From | To | | --- | --- | --- | | [chainguard.dev/sdk](https://github.com/chainguard-dev/sdk) | `0.1.20` | `0.1.21` | | [cloud.google.com/go/security](https://github.com/googleapis/google-cloud-go) | `1.17.2` | `1.17.3` | | [github.com/go-jose/go-jose/v4](https://github.com/go-jose/go-jose) | `4.0.2` | `4.0.3` | | [github.com/sigstore/sigstore](https://github.com/sigstore/sigstore) | `1.8.6` | `1.8.7` | | [github.com/sigstore/sigstore/pkg/signature/kms/aws](https://github.com/sigstore/sigstore) | `1.8.6` | `1.8.7` | | [github.com/sigstore/sigstore/pkg/signature/kms/azure](https://github.com/sigstore/sigstore) | `1.8.6` | `1.8.7` | | [github.com/sigstore/sigstore/pkg/signature/kms/gcp](https://github.com/sigstore/sigstore) | `1.8.6` | `1.8.7` | | [github.com/sigstore/sigstore/pkg/signature/kms/hashivault](https://github.com/sigstore/sigstore) | `1.8.6` | `1.8.7` | | [sigs.k8s.io/release-utils](https://github.com/kubernetes-sigs/release-utils) | `0.8.2` | `0.8.3` | Updates `chainguard.dev/sdk` from 0.1.20 to 0.1.21 - [Release notes](https://github.com/chainguard-dev/sdk/releases) - [Commits](https://github.com/chainguard-dev/sdk/compare/v0.1.20...v0.1.21) Updates `cloud.google.com/go/security` from 1.17.2 to 1.17.3 - [Release notes](https://github.com/googleapis/google-cloud-go/releases) - [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/CHANGES.md) - [Commits](https://github.com/googleapis/google-cloud-go/compare/asset/v1.17.2...retail/v1.17.3) Updates `github.com/go-jose/go-jose/v4` from 4.0.2 to 4.0.3 - [Release notes](https://github.com/go-jose/go-jose/releases) - [Changelog](https://github.com/go-jose/go-jose/blob/main/CHANGELOG.md) - [Commits](https://github.com/go-jose/go-jose/compare/v4.0.2...v4.0.3) Updates `github.com/sigstore/sigstore` from 1.8.6 to 1.8.7 - [Release notes](https://github.com/sigstore/sigstore/releases) - [Commits](https://github.com/sigstore/sigstore/compare/v1.8.6...v1.8.7) Updates `github.com/sigstore/sigstore/pkg/signature/kms/aws` from 1.8.6 to 1.8.7 - [Release notes](https://github.com/sigstore/sigstore/releases) - [Commits](https://github.com/sigstore/sigstore/compare/v1.8.6...v1.8.7) Updates `github.com/sigstore/sigstore/pkg/signature/kms/azure` from 1.8.6 to 1.8.7 - [Release notes](https://github.com/sigstore/sigstore/releases) - [Commits](https://github.com/sigstore/sigstore/compare/v1.8.6...v1.8.7) Updates `github.com/sigstore/sigstore/pkg/signature/kms/gcp` from 1.8.6 to 1.8.7 - [Release notes](https://github.com/sigstore/sigstore/releases) - [Commits](https://github.com/sigstore/sigstore/compare/v1.8.6...v1.8.7) Updates `github.com/sigstore/sigstore/pkg/signature/kms/hashivault` from 1.8.6 to 1.8.7 - [Release notes](https://github.com/sigstore/sigstore/releases) - [Commits](https://github.com/sigstore/sigstore/compare/v1.8.6...v1.8.7) Updates `google.golang.org/api` from 0.187.0 to 0.188.0 - [Release notes](https://github.com/googleapis/google-api-go-client/releases) - [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md) - [Commits](https://github.com/googleapis/google-api-go-client/compare/v0.187.0...v0.188.0) Updates `google.golang.org/genproto/googleapis/api` from 0.0.0-20240617180043-68d350f18fd4 to 0.0.0-20240701130421-f6361c86f094 - [Commits](https://github.com/googleapis/go-genproto/commits) Updates `sigs.k8s.io/release-utils` from 0.8.2 to 0.8.3 - [Release notes](https://github.com/kubernetes-sigs/release-utils/releases) - [Commits](https://github.com/kubernetes-sigs/release-utils/compare/v0.8.2...v0.8.3) --- updated-dependencies: - dependency-name: chainguard.dev/sdk dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: cloud.google.com/go/security dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: github.com/go-jose/go-jose/v4 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: github.com/sigstore/sigstore dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/aws dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/azure dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/gcp dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/hashivault dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: google.golang.org/api dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all - dependency-name: google.golang.org/genproto/googleapis/api dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: sigs.k8s.io/release-utils dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all ... Signed-off-by: dependabot[bot] <support@github.com> * update builder Signed-off-by: cpanato <ctadeu@gmail.com> * sync go mod Signed-off-by: cpanato <ctadeu@gmail.com> * add Hellō provider (#1739) Signed-off-by: dickhardt <dick.hardt@hello.coop> * Migrate github to ci provider flow (#1738) Contribute towards #1111 Moves GitHub configuration to the new ci-provider configuration. No changes to issued certificates. Signed-off-by: Javan Lacerda <javanlacerda@google.com> * Move gitlab to ci-provider (#1740) * move fulcio config from json to yaml Signed-off-by: Javan lacerda <javanlacerda@google.com> * move fulcio-config to a new file Signed-off-by: Javan lacerda <javanlacerda@google.com> * updating test for check-config workflow Signed-off-by: Javan lacerda <javanlacerda@google.com> * set verify k8s workflow for get configg directly Signed-off-by: Javan lacerda <javanlacerda@google.com> * migrate gitlab to ci provider Signed-off-by: Javan lacerda <javanlacerda@google.com> * set gitlab ref for using a conditional template Signed-off-by: Javan lacerda <javanlacerda@google.com> --------- Signed-off-by: Javan lacerda <javanlacerda@google.com> * Update IDP requirements (#1742) This adds policy documentation around requirements for new IDPs. Signed-off-by: Hayden B <hblauzvern@google.com> * Bump github.com/grpc-ecosystem/grpc-gateway/v2 from 2.20.0 to 2.21.0 Bumps [github.com/grpc-ecosystem/grpc-gateway/v2](https://github.com/grpc-ecosystem/grpc-gateway) from 2.20.0 to 2.21.0. - [Release notes](https://github.com/grpc-ecosystem/grpc-gateway/releases) - [Changelog](https://github.com/grpc-ecosystem/grpc-gateway/blob/main/.goreleaser.yml) - [Commits](https://github.com/grpc-ecosystem/grpc-gateway/compare/v2.20.0...v2.21.0) --- updated-dependencies: - dependency-name: github.com/grpc-ecosystem/grpc-gateway/v2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Bump ossf/scorecard-action from 2.3.3 to 2.4.0 in the all group Bumps the all group with 1 update: [ossf/scorecard-action](https://github.com/ossf/scorecard-action). Updates `ossf/scorecard-action` from 2.3.3 to 2.4.0 - [Release notes](https://github.com/ossf/scorecard-action/releases) - [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md) - [Commits](https://github.com/ossf/scorecard-action/compare/dc50aa9510b46c811795eb24b2f1ba02a914e534...62b2cac7ed8198b15735ed49ab1e5cf35480ba46) --- updated-dependencies: - dependency-name: ossf/scorecard-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all ... Signed-off-by: dependabot[bot] <support@github.com> * Bump the all group across 1 directory with 4 updates Bumps the all group with 3 updates in the / directory: [cloud.google.com/go/security](https://github.com/googleapis/google-cloud-go), [github.com/go-jose/go-jose/v4](https://github.com/go-jose/go-jose) and [sigs.k8s.io/release-utils](https://github.com/kubernetes-sigs/release-utils). Updates `cloud.google.com/go/security` from 1.17.3 to 1.17.4 - [Release notes](https://github.com/googleapis/google-cloud-go/releases) - [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/CHANGES.md) - [Commits](https://github.com/googleapis/google-cloud-go/compare/retail/v1.17.3...retail/v1.17.4) Updates `github.com/go-jose/go-jose/v4` from 4.0.3 to 4.0.4 - [Release notes](https://github.com/go-jose/go-jose/releases) - [Changelog](https://github.com/go-jose/go-jose/blob/main/CHANGELOG.md) - [Commits](https://github.com/go-jose/go-jose/compare/v4.0.3...v4.0.4) Updates `google.golang.org/api` from 0.188.0 to 0.189.0 - [Release notes](https://github.com/googleapis/google-api-go-client/releases) - [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md) - [Commits](https://github.com/googleapis/google-api-go-client/compare/v0.188.0...v0.189.0) Updates `sigs.k8s.io/release-utils` from 0.8.3 to 0.8.4 - [Release notes](https://github.com/kubernetes-sigs/release-utils/releases) - [Commits](https://github.com/kubernetes-sigs/release-utils/compare/v0.8.3...v0.8.4) --- updated-dependencies: - dependency-name: cloud.google.com/go/security dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: github.com/go-jose/go-jose/v4 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: google.golang.org/api dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all - dependency-name: sigs.k8s.io/release-utils dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all ... Signed-off-by: dependabot[bot] <support@github.com> * Added support for email_verified being a string or bool (#1744) Signed-off-by: Andrew Block <andy.block@gmail.com> * Bump chainguard.dev/sdk from 0.1.21 to 0.1.22 in the all group Bumps the all group with 1 update: [chainguard.dev/sdk](https://github.com/chainguard-dev/sdk). Updates `chainguard.dev/sdk` from 0.1.21 to 0.1.22 - [Release notes](https://github.com/chainguard-dev/sdk/releases) - [Commits](https://github.com/chainguard-dev/sdk/compare/v0.1.21...0.1.22) --- updated-dependencies: - dependency-name: chainguard.dev/sdk dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all ... Signed-off-by: dependabot[bot] <support@github.com> * Bump the all group with 3 updates Bumps the all group with 3 updates: [protocolbuffers/protobuf](https://github.com/protocolbuffers/protobuf), [actions/upload-artifact](https://github.com/actions/upload-artifact) and [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action). Updates `protocolbuffers/protobuf` from 27.2 to 27.3 - [Release notes](https://github.com/protocolbuffers/protobuf/releases) - [Changelog](https://github.com/protocolbuffers/protobuf/blob/main/protobuf_release.bzl) - [Commits](https://github.com/protocolbuffers/protobuf/compare/v27.2...v27.3) Updates `actions/upload-artifact` from 4.3.4 to 4.3.5 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/0b2256b8c012f0828dc542b3febcab082c67f72b...89ef406dd8d7e03cfd12d9e0a4a378f454709029) Updates `golangci/golangci-lint-action` from 6.0.1 to 6.1.0 - [Release notes](https://github.com/golangci/golangci-lint-action/releases) - [Commits](https://github.com/golangci/golangci-lint-action/compare/a4f60bb28d35aeee14e6880718e0c85ff1882e64...aaa42aa0628b4ae2578232a66b541047968fac86) --- updated-dependencies: - dependency-name: protocolbuffers/protobuf dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: golangci/golangci-lint-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all ... Signed-off-by: dependabot[bot] <support@github.com> * Bump go.step.sm/crypto from 0.50.0 to 0.51.1 Bumps [go.step.sm/crypto](https://github.com/smallstep/crypto) from 0.50.0 to 0.51.1. - [Release notes](https://github.com/smallstep/crypto/releases) - [Commits](https://github.com/smallstep/crypto/compare/v0.50.0...v0.51.1) --- updated-dependencies: - dependency-name: go.step.sm/crypto dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Move codefresh and buildkite to ci-provider identity (#1743) * migrating codefresh and buildkite to ci provider Signed-off-by: Javan lacerda <javanlacerda@google.com> * adding test case for comparing with empty key Signed-off-by: Javan lacerda <javanlacerda@google.com> * add comments for codefresh extensions Signed-off-by: Javan lacerda <javanlacerda@google.com> * set claimed data to have priority over defaults Signed-off-by: Javan lacerda <javanlacerda@google.com> * fix identation Signed-off-by: Javan lacerda <javanlacerda@google.com> * adding comments for github and gitlab in config file Signed-off-by: Javan lacerda <javanlacerda@google.com> * adding tests for check claims priority over defaults Signed-off-by: Javan lacerda <javanlacerda@google.com> --------- Signed-off-by: Javan lacerda <javanlacerda@google.com> * Bump google.golang.org/api from 0.189.0 to 0.190.0 (#1753) Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.189.0 to 0.190.0. - [Release notes](https://github.com/googleapis/google-api-go-client/releases) - [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md) - [Commits](https://github.com/googleapis/google-api-go-client/compare/v0.189.0...v0.190.0) --- updated-dependencies: - dependency-name: google.golang.org/api dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump the all group across 1 directory with 4 updates (#1754) * Bump the all group across 1 directory with 4 updates Bumps the all group with 3 updates in the /hack/tools directory: [github.com/googleapis/api-linter](https://github.com/googleapis/api-linter), [github.com/grpc-ecosystem/grpc-gateway/v2](https://github.com/grpc-ecosystem/grpc-gateway) and [google.golang.org/grpc/cmd/protoc-gen-go-grpc](https://github.com/grpc/grpc-go). Updates `github.com/googleapis/api-linter` from 1.65.0 to 1.67.1 - [Release notes](https://github.com/googleapis/api-linter/releases) - [Changelog](https://github.com/googleapis/api-linter/blob/main/CHANGELOG.md) - [Commits](https://github.com/googleapis/api-linter/compare/v1.65.0...v1.67.1) Updates `github.com/grpc-ecosystem/grpc-gateway/v2` from 2.19.1 to 2.21.0 - [Release notes](https://github.com/grpc-ecosystem/grpc-gateway/releases) - [Changelog](https://github.com/grpc-ecosystem/grpc-gateway/blob/main/.goreleaser.yml) - [Commits](https://github.com/grpc-ecosystem/grpc-gateway/compare/v2.19.1...v2.21.0) Updates `google.golang.org/grpc/cmd/protoc-gen-go-grpc` from 1.3.0 to 1.5.1 - [Release notes](https://github.com/grpc/grpc-go/releases) - [Commits](https://github.com/grpc/grpc-go/compare/v1.3.0...v1.5.1) Updates `google.golang.org/protobuf` from 1.33.0 to 1.34.2 --- updated-dependencies: - dependency-name: github.com/googleapis/api-linter dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all - dependency-name: github.com/grpc-ecosystem/grpc-gateway/v2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all - dependency-name: google.golang.org/grpc/cmd/protoc-gen-go-grpc dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all - dependency-name: google.golang.org/protobuf dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all ... Signed-off-by: dependabot[bot] <support@github.com> * update gen protos Signed-off-by: Hayden Blauzvern <hblauzvern@google.com> --------- Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Hayden Blauzvern <hblauzvern@google.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Hayden Blauzvern <hblauzvern@google.com> * Add changelog for v1.6.0 (#1756) Signed-off-by: Hayden Blauzvern <hblauzvern@google.com> * fixup Signed-off-by: Lance Ball <lball@redhat.com> * chore: remove hermetic builds Signed-off-by: Lance Ball <lball@redhat.com> * chore: downgrade golang dep Signed-off-by: Lance Ball <lball@redhat.com> * konflux: remove unit test pipeline Unit tests do not seem to work with go 1.23. Removing for now. Signed-off-by: Lance Ball <lball@redhat.com> --------- Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: cpanato <ctadeu@gmail.com> Signed-off-by: Bob Callaway <bcallaway@google.com> Signed-off-by: Facundo Tuesca <facundo.tuesca@trailofbits.com> Signed-off-by: William Woodruff <william@trailofbits.com> Signed-off-by: Carlos Tadeu Panato Junior <ctadeu@gmail.com> Signed-off-by: Javan lacerda <javanlacerda@google.com> Signed-off-by: Matt Moore <mattmoor@chainguard.dev> Signed-off-by: Hayden Blauzvern <hblauzvern@google.com> Signed-off-by: Javan lacerda javanlacerda@google.com Signed-off-by: Javan Lacerda <javanlacerda@google.com> Signed-off-by: dickhardt <dick.hardt@hello.coop> Signed-off-by: Hayden B <hblauzvern@google.com> Signed-off-by: Andrew Block <andy.block@gmail.com> Signed-off-by: Lance Ball <lball@redhat.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Carlos Tadeu Panato Junior <ctadeu@gmail.com> Co-authored-by: Bob Callaway <bobcallaway@users.noreply.github.com> Co-authored-by: Facundo Tuesca <facu@tuesca.com> Co-authored-by: William Woodruff <william@trailofbits.com> Co-authored-by: Javan Lacerda <javanlacerda@google.com> Co-authored-by: Matt Moore <mattmoor@chainguard.dev> Co-authored-by: Hayden B <hblauzvern@google.com> Co-authored-by: Dick Hardt <dick.hardt@hello.coop> Co-authored-by: Andrew Block <andy.block@gmail.com>

dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Aug 5, 2024

dependabot bot mentioned this pull request Aug 5, 2024

Bump the all group in /hack/tools with 4 updates #1747

Closed

update gen protos

6642c27

Signed-off-by: Hayden Blauzvern <hblauzvern@google.com>

haydentherapper requested a review from bobcallaway August 6, 2024 18:38

bobcallaway approved these changes Aug 6, 2024

View reviewed changes

haydentherapper merged commit d4dcb4d into main Aug 6, 2024
16 checks passed

haydentherapper deleted the dependabot/go_modules/hack/tools/all-778f580b4e branch August 6, 2024 18:50

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump the all group across 1 directory with 4 updates #1754

Bump the all group across 1 directory with 4 updates #1754

dependabot bot commented on behalf of github Aug 5, 2024

Bump the all group across 1 directory with 4 updates #1754

Bump the all group across 1 directory with 4 updates #1754

Conversation

dependabot bot commented on behalf of github Aug 5, 2024

v1.67.1

1.67.1 (2024-07-31)

Bug Fixes

v1.67.0

1.67.0 (2024-07-26)

Features

Bug Fixes

v1.66.2

1.66.2 (2024-06-04)

Bug Fixes

v1.66.1

1.66.1 (2024-05-23)

Bug Fixes

v1.66.0

1.66.0 (2024-05-17)

Features

v1.65.2

1.67.1 (2024-07-31)

Bug Fixes

1.67.0 (2024-07-26)

Features

Bug Fixes

1.66.2 (2024-06-04)

Bug Fixes

1.66.1 (2024-05-23)

Bug Fixes

1.66.0 (2024-05-17)

Features

1.65.2 (2024-04-22)

Bug Fixes

v2.21.0

What's Changed

New Contributors

v2.20.0

What's Changed

New Contributors

protoc-gen-go-grpc v1.5.1

Dependencies

protoc-gen-go-grpc v1.5.0

Security

New Features

Bug Fixes

protoc-gen-go-grpc v1.4.0

New Features

Dependencies