fix(deps): update module github.com/sigstore/sigstore to v1.8.6

renovate[bot] commented 4 days ago

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
github.com/sigstore/sigstore	`v1.8.4` -> `v1.8.6`

Release Notes

sigstore/sigstore (github.com/sigstore/sigstore)

### [`v1.8.6`](https://togithub.com/sigstore/sigstore/releases/tag/v1.8.6) [Compare Source](https://togithub.com/sigstore/sigstore/compare/v1.8.5...v1.8.6) #### What's Changed - Bump goodkey, fix breakage by [@jonjohnsonjr](https://togithub.com/jonjohnsonjr) in [https://github.com/sigstore/sigstore/pull/1761](https://togithub.com/sigstore/sigstore/pull/1761) #### New Contributors - [@jonjohnsonjr](https://togithub.com/jonjohnsonjr) made their first contribution in [https://github.com/sigstore/sigstore/pull/1761](https://togithub.com/sigstore/sigstore/pull/1761) **Full Changelog**: https://github.com/sigstore/sigstore/compare/v1.8.5...v1.8.6 ### [`v1.8.5`](https://togithub.com/sigstore/sigstore/releases/tag/v1.8.5) [Compare Source](https://togithub.com/sigstore/sigstore/compare/v1.8.4...v1.8.5) Major are dependencies updates #### What's Changed - build(deps): Bump google.golang.org/api from 0.181.0 to 0.182.0 in /pkg/signature/kms/gcp in the all group by [@dependabot](https://togithub.com/dependabot) in [https://github.com/sigstore/sigstore/pull/1741](https://togithub.com/sigstore/sigstore/pull/1741) - build(deps): Bump github.com/sigstore/sigstore from 1.8.3 to 1.8.4 in /test/fuzz in the all group by [@dependabot](https://togithub.com/dependabot) in [https://github.com/sigstore/sigstore/pull/1743](https://togithub.com/sigstore/sigstore/pull/1743) - build(deps): Bump hashicorp/vault from 1.16.2 to 1.16.3 in /test/e2e in the all group by [@dependabot](https://togithub.com/dependabot) in [https://github.com/sigstore/sigstore/pull/1742](https://togithub.com/sigstore/sigstore/pull/1742) - build(deps): Bump github.com/aws/aws-sdk-go from 1.53.10 to 1.53.14 in /pkg/signature/kms/aws in the all group by [@dependabot](https://togithub.com/dependabot) in [https://github.com/sigstore/sigstore/pull/1740](https://togithub.com/sigstore/sigstore/pull/1740) - build(deps): Bump actions/dependency-review-action from 4.3.2 to 4.3.3 in the all group by [@dependabot](https://togithub.com/dependabot) in [https://github.com/sigstore/sigstore/pull/1746](https://togithub.com/sigstore/sigstore/pull/1746) - build(deps): Bump the all group in /pkg/signature/kms/azure with 2 updates by [@dependabot](https://togithub.com/dependabot) in [https://github.com/sigstore/sigstore/pull/1744](https://togithub.com/sigstore/sigstore/pull/1744) - build(deps): Bump the all group in /pkg/signature/kms/aws with 4 updates by [@dependabot](https://togithub.com/dependabot) in [https://github.com/sigstore/sigstore/pull/1745](https://togithub.com/sigstore/sigstore/pull/1745) - build(deps): Bump dexidp/dex from v2.39.1 to v2.40.0 in /test/e2e in the all group by [@dependabot](https://togithub.com/dependabot) in [https://github.com/sigstore/sigstore/pull/1748](https://togithub.com/sigstore/sigstore/pull/1748) - build(deps): Bump the all group in /pkg/signature/kms/gcp with 2 updates by [@dependabot](https://togithub.com/dependabot) in [https://github.com/sigstore/sigstore/pull/1749](https://togithub.com/sigstore/sigstore/pull/1749) - Update to latest letsencrypt/boulder. by [@kommendorkapten](https://togithub.com/kommendorkapten) in [https://github.com/sigstore/sigstore/pull/1753](https://togithub.com/sigstore/sigstore/pull/1753) - build(deps): Bump actions/checkout from 4.1.6 to 4.1.7 in the all group by [@dependabot](https://togithub.com/dependabot) in [https://github.com/sigstore/sigstore/pull/1760](https://togithub.com/sigstore/sigstore/pull/1760) - build(deps): Bump the all group in /pkg/signature/kms/aws with 2 updates by [@dependabot](https://togithub.com/dependabot) in [https://github.com/sigstore/sigstore/pull/1759](https://togithub.com/sigstore/sigstore/pull/1759) - build(deps): Bump the all group in /test/e2e with 2 updates by [@dependabot](https://togithub.com/dependabot) in [https://github.com/sigstore/sigstore/pull/1758](https://togithub.com/sigstore/sigstore/pull/1758) - build(deps): Bump the all group in /pkg/signature/kms/gcp with 2 updates by [@dependabot](https://togithub.com/dependabot) in [https://github.com/sigstore/sigstore/pull/1756](https://togithub.com/sigstore/sigstore/pull/1756) - build(deps): Bump github.com/Azure/azure-sdk-for-go/sdk/azidentity from 1.5.2 to 1.6.0 in /pkg/signature/kms/azure in the all group by [@dependabot](https://togithub.com/dependabot) in [https://github.com/sigstore/sigstore/pull/1755](https://togithub.com/sigstore/sigstore/pull/1755) - build(deps): Bump github.com/hashicorp/go-retryablehttp from 0.7.6 to 0.7.7 in /pkg/signature/kms/hashivault by [@dependabot](https://togithub.com/dependabot) in [https://github.com/sigstore/sigstore/pull/1766](https://togithub.com/sigstore/sigstore/pull/1766) - build(deps): Bump the all group in /pkg/signature/kms/aws with 4 updates by [@dependabot](https://togithub.com/dependabot) in [https://github.com/sigstore/sigstore/pull/1765](https://togithub.com/sigstore/sigstore/pull/1765) - build(deps): Bump the all group in /pkg/signature/kms/gcp with 2 updates by [@dependabot](https://togithub.com/dependabot) in [https://github.com/sigstore/sigstore/pull/1764](https://togithub.com/sigstore/sigstore/pull/1764) - build(deps): Bump github.com/Azure/azure-sdk-for-go/sdk/azidentity from 1.6.0 to 1.7.0 in /pkg/signature/kms/azure in the all group by [@dependabot](https://togithub.com/dependabot) in [https://github.com/sigstore/sigstore/pull/1762](https://togithub.com/sigstore/sigstore/pull/1762) - build(deps): Bump the all group across 1 directory with 6 updates by [@dependabot](https://togithub.com/dependabot) in [https://github.com/sigstore/sigstore/pull/1763](https://togithub.com/sigstore/sigstore/pull/1763) **Full Changelog**: https://github.com/sigstore/sigstore/compare/v1.8.4...v1.8.5

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

[ ] If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

renovate[bot] commented 4 days ago

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

any of the package files in this branch needs updating, or
the branch becomes conflicted, or
you click the rebase/retry checkbox if found above, or
you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: go.sum

Command failed: go get -d -t ./...
go: module github.com/sigstore/sigstore@v1.8.6 requires go >= 1.22.0; switching to go1.22.4
go: downloading go1.22.4 (linux/amd64)
go: download go1.22.4: golang.org/toolchain@v0.0.1-go1.22.4.linux-amd64: verifying module: checksum database disabled by GOSUMDB=off

mtrmac commented 3 days ago

We don’t want to update to Go 1.22 yet
This only changes github.com/sigstore/sigstore/pkg/cryptoutils.ValidatePubKey, which is never called in Skopeo.

Compare #2458 for an earlier update.

renovate[bot] commented 3 days ago

Renovate Ignore Notification

Because you closed this PR without merging, Renovate will ignore this update (v1.8.6). You will get a PR once a newer version is released. To ignore this dependency forever, add it to the ignoreDeps array of your Renovate config.

If you accidentally closed this PR, or if you changed your mind: rename this PR to get a fresh replacement PR.

containers / image