Skip to content

chore(deps): bump the all group across 1 directory with 13 updates#1718

Open
dependabot[bot] wants to merge 1 commit into
release-v0.27.xfrom
dependabot/go_modules/release-v0.27.x/all-f92667a824
Open

chore(deps): bump the all group across 1 directory with 13 updates#1718
dependabot[bot] wants to merge 1 commit into
release-v0.27.xfrom
dependabot/go_modules/release-v0.27.x/all-f92667a824

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 23, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Bumps the all group with 11 updates in the / directory:

Package From To
cloud.google.com/go/storage 1.62.1 1.62.3
github.com/google/go-containerregistry 0.21.5 0.21.7
github.com/sigstore/sigstore 1.10.6 1.10.8
github.com/sigstore/sigstore/pkg/signature/kms/aws 1.10.6 1.10.8
github.com/sigstore/sigstore/pkg/signature/kms/azure 1.10.6 1.10.8
github.com/sigstore/sigstore/pkg/signature/kms/gcp 1.10.6 1.10.8
github.com/sigstore/sigstore/pkg/signature/kms/hashivault 1.10.6 1.10.8
github.com/tektoncd/pipeline 1.12.0 1.12.2
k8s.io/api 0.36.1 0.36.2
k8s.io/client-go 0.36.1 0.36.2
k8s.io/code-generator 0.36.1 0.36.2

Updates cloud.google.com/go/storage from 1.62.1 to 1.62.3

Release notes

Sourced from cloud.google.com/go/storage's releases.

storage: v1.62.3

v1.62.3 (2026-06-03)

Bug Fixes

  • fix race condition during retries in gRPC writer (#14649) (04b6c635)

  • add server closed idle connection to retriable errors (#14594) (20b37d65)

storage: v1.62.2

v1.62.2 (2026-05-18)

Features

Bug Fixes

  • restore metadata operations timeout in gRPC (#14575) (275ff562)

  • Set default chunkRetryDeadline to 32s in NewWriterFromAppendableObject (#14458) (ec7c7d66)

  • refactor userProject metadata propagation in ListObjects (#14533) (fbb543e3)

Commits
  • 8afd6a0 chore: librarian release pull request: 20260603T093646Z (#14699)
  • 04b6c63 fix(storage): fix race condition during retries in gRPC writer (#14649)
  • 20b37d6 fix(storage): add server closed idle connection to retriable errors (#14594)
  • 50a5755 chore: librarian release pull request: 20260518T161338Z (#14610)
  • 585840f spanner: skip flaky TestIntegration_DbRemovalRecovery (#14607)
  • f8bf88f test(spanner): retry query after database recreation in integration test (#14...
  • 9168ab8 chore(librariangen): tweak release preview test (#14599)
  • f8b9a93 fix(spanner/spannertest): Support UUID as a base data type (#14117)
  • a42fd83 fix(internal/librariange): release preview support (#14588)
  • d944830 fix(datastore): add retries to emulator (#14591)
  • Additional commits viewable in compare view

Updates github.com/google/go-containerregistry from 0.21.5 to 0.21.7

Release notes

Sourced from github.com/google/go-containerregistry's releases.

v0.21.7

What's Changed

New Contributors

Full Changelog: google/go-containerregistry@v0.21.6...v0.21.7

v0.21.6

What's Changed

... (truncated)

Commits
  • c68d899 Bump go version to 1.26.4 (#2350)
  • da61d86 transport: do not re-attach bearer token after cross-host redirect (#2349)
  • 09fe1e5 fix(tarball): normalize paths when matching files (#2334)
  • 5baa399 build(deps): bump the go-deps group across 3 directories with 4 updates (#2348)
  • 97a8a17 fix(transport): apply refreshed bearer token after cross-host redirect (#2337)
  • e963497 internal/gzip: fix goroutine leak in ReadCloserLevel (#2347)
  • 02649ea fix: prevent SSRF in google.List() pagination (#2332)
  • 7204b40 build(deps): bump the actions group across 1 directory with 2 updates (#2344)
  • 4cfaa93 build(deps): bump the go-deps group across 1 directory with 2 updates (#2343)
  • 6849394 pkg/registry: export RedirectError (#2177)
  • Additional commits viewable in compare view

Updates github.com/sigstore/sigstore from 1.10.6 to 1.10.8

Release notes

Sourced from github.com/sigstore/sigstore's releases.

v1.10.8

What's Changed

Full Changelog: sigstore/sigstore@v1.10.7...v1.10.8

v1.10.7

What's Changed

Full Changelog: sigstore/sigstore@v1.10.6...v1.10.7

Commits
  • c761681 Support standard PKCS#8 encrypted private key decryption (#2333)
  • 005faf9 Extend PEM private key unmarshalling to support legacy format (#2332)
  • e70e4ed add functional options to DSSE to improve memory usage, validation (#2326)
  • 899684d build(deps): Bump github.com/letsencrypt/boulder (#2307)
  • 181dc40 build(deps): Bump golang.org/x/crypto in /pkg/signature/kms/azure (#2308)
  • 2c141a7 build(deps): Bump golangci/golangci-lint-action in the all group (#2328)
  • b6c0214 build(deps): Bump actions/upload-artifact from 6.0.0 to 7.0.1 (#2329)
  • 2ff50c9 build(deps): Bump actions/dependency-review-action from 4.8.3 to 5.0.0 (#2330)
  • d0204c3 build(deps): Bump hashicorp/vault from 1.21.4 to 2.0.1 in /test/e2e (#2331)
  • afdf897 build(deps): Bump google.golang.org/grpc in /pkg/signature/kms/gcp (#2312)
  • Additional commits viewable in compare view

Updates github.com/sigstore/sigstore/pkg/signature/kms/aws from 1.10.6 to 1.10.8

Release notes

Sourced from github.com/sigstore/sigstore/pkg/signature/kms/aws's releases.

v1.10.8

What's Changed

Full Changelog: sigstore/sigstore@v1.10.7...v1.10.8

v1.10.7

What's Changed

Full Changelog: sigstore/sigstore@v1.10.6...v1.10.7

Commits
  • c761681 Support standard PKCS#8 encrypted private key decryption (#2333)
  • 005faf9 Extend PEM private key unmarshalling to support legacy format (#2332)
  • e70e4ed add functional options to DSSE to improve memory usage, validation (#2326)
  • 899684d build(deps): Bump github.com/letsencrypt/boulder (#2307)
  • 181dc40 build(deps): Bump golang.org/x/crypto in /pkg/signature/kms/azure (#2308)
  • 2c141a7 build(deps): Bump golangci/golangci-lint-action in the all group (#2328)
  • b6c0214 build(deps): Bump actions/upload-artifact from 6.0.0 to 7.0.1 (#2329)
  • 2ff50c9 build(deps): Bump actions/dependency-review-action from 4.8.3 to 5.0.0 (#2330)
  • d0204c3 build(deps): Bump hashicorp/vault from 1.21.4 to 2.0.1 in /test/e2e (#2331)
  • afdf897 build(deps): Bump google.golang.org/grpc in /pkg/signature/kms/gcp (#2312)
  • Additional commits viewable in compare view

Updates github.com/sigstore/sigstore/pkg/signature/kms/azure from 1.10.6 to 1.10.8

Release notes

Sourced from github.com/sigstore/sigstore/pkg/signature/kms/azure's releases.

v1.10.8

What's Changed

Full Changelog: sigstore/sigstore@v1.10.7...v1.10.8

v1.10.7

What's Changed

Full Changelog: sigstore/sigstore@v1.10.6...v1.10.7

Commits
  • c761681 Support standard PKCS#8 encrypted private key decryption (#2333)
  • 005faf9 Extend PEM private key unmarshalling to support legacy format (#2332)
  • e70e4ed add functional options to DSSE to improve memory usage, validation (#2326)
  • 899684d build(deps): Bump github.com/letsencrypt/boulder (#2307)
  • 181dc40 build(deps): Bump golang.org/x/crypto in /pkg/signature/kms/azure (#2308)
  • 2c141a7 build(deps): Bump golangci/golangci-lint-action in the all group (#2328)
  • b6c0214 build(deps): Bump actions/upload-artifact from 6.0.0 to 7.0.1 (#2329)
  • 2ff50c9 build(deps): Bump actions/dependency-review-action from 4.8.3 to 5.0.0 (#2330)
  • d0204c3 build(deps): Bump hashicorp/vault from 1.21.4 to 2.0.1 in /test/e2e (#2331)
  • afdf897 build(deps): Bump google.golang.org/grpc in /pkg/signature/kms/gcp (#2312)
  • Additional commits viewable in compare view

Updates github.com/sigstore/sigstore/pkg/signature/kms/gcp from 1.10.6 to 1.10.8

Release notes

Sourced from github.com/sigstore/sigstore/pkg/signature/kms/gcp's releases.

v1.10.8

What's Changed

Full Changelog: sigstore/sigstore@v1.10.7...v1.10.8

v1.10.7

What's Changed

Full Changelog: sigstore/sigstore@v1.10.6...v1.10.7

Commits
  • c761681 Support standard PKCS#8 encrypted private key decryption (#2333)
  • 005faf9 Extend PEM private key unmarshalling to support legacy format (#2332)
  • e70e4ed add functional options to DSSE to improve memory usage, validation (#2326)
  • 899684d build(deps): Bump github.com/letsencrypt/boulder (#2307)
  • 181dc40 build(deps): Bump golang.org/x/crypto in /pkg/signature/kms/azure (#2308)
  • 2c141a7 build(deps): Bump golangci/golangci-lint-action in the all group (#2328)
  • b6c0214 build(deps): Bump actions/upload-artifact from 6.0.0 to 7.0.1 (#2329)
  • 2ff50c9 build(deps): Bump actions/dependency-review-action from 4.8.3 to 5.0.0 (#2330)
  • d0204c3 build(deps): Bump hashicorp/vault from 1.21.4 to 2.0.1 in /test/e2e (#2331)
  • afdf897 build(deps): Bump google.golang.org/grpc in /pkg/signature/kms/gcp (#2312)
  • Additional commits viewable in compare view

Updates github.com/sigstore/sigstore/pkg/signature/kms/hashivault from 1.10.6 to 1.10.8

Release notes

Sourced from github.com/sigstore/sigstore/pkg/signature/kms/hashivault's releases.

v1.10.8

What's Changed

Full Changelog: sigstore/sigstore@v1.10.7...v1.10.8

v1.10.7

What's Changed

Full Changelog: sigstore/sigstore@v1.10.6...v1.10.7

Commits
  • c761681 Support standard PKCS#8 encrypted private key decryption (#2333)
  • 005faf9 Extend PEM private key unmarshalling to support legacy format (#2332)
  • e70e4ed add functional options to DSSE to improve memory usage, validation (#2326)
  • 899684d build(deps): Bump github.com/letsencrypt/boulder (#2307)
  • 181dc40 build(deps): Bump golang.org/x/crypto in /pkg/signature/kms/azure (#2308)
  • 2c141a7 build(deps): Bump golangci/golangci-lint-action in the all group (#2328)
  • b6c0214 build(deps): Bump actions/upload-artifact from 6.0.0 to 7.0.1 (#2329)
  • 2ff50c9 build(deps): Bump actions/dependency-review-action from 4.8.3 to 5.0.0 (#2330)
  • d0204c3 build(deps): Bump hashicorp/vault from 1.21.4 to 2.0.1 in /test/e2e (#2331)
  • afdf897 build(deps): Bump google.golang.org/grpc in /pkg/signature/kms/gcp (#2312)
  • Additional commits viewable in compare view

Updates github.com/tektoncd/pipeline from 1.12.0 to 1.12.2

Release notes

Sourced from github.com/tektoncd/pipeline's releases.

Tekton Pipeline release v1.12.2 "Exotic Shorthair Elektrobots LTS"

-Docs @ v1.12.2 -Examples @ v1.12.2

Installation one-liner

kubectl apply -f https://infra.tekton.dev/tekton-releases/pipeline/previous/v1.12.2/release.yaml

Attestation

The Rekor UUID for this release is cb0a4d44223cf8dd164d8eec84c25d204f7a37a023c2d28f1f8dcde79ca3c187

Obtain the attestation:

REKOR_UUID=cb0a4d44223cf8dd164d8eec84c25d204f7a37a023c2d28f1f8dcde79ca3c187
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://infra.tekton.dev/tekton-releases/pipeline/previous/v1.12.2/release.yaml
REKOR_UUID=cb0a4d44223cf8dd164d8eec84c25d204f7a37a023c2d28f1f8dcde79ca3c187
Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v1.12.2@sha256:" + .digest.sha256')
Download the release file
curl -L "$RELEASE_FILE" > release.yaml
For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

... (truncated)

Commits
  • a1fc405 build(deps): bump k8s.io/client-go from 0.35.5 to 0.35.6
  • f6ecc12 build(deps): bump the all group in /tekton with 4 updates
  • 829429b fix(resolvers): Allow ResolutionRequests to resolve all Tekton kinds
  • 2046a4c build(deps): bump the all group in /tekton with 4 updates
  • b8f43ba build(deps): bump chainguard-dev/actions from 1.6.21 to 1.6.22
  • 64ec216 fix: add automated draft release support to release pipeline
  • aedbed0 build(deps): bump github.com/sigstore/sigstore from 1.10.6 to 1.10.8
  • 13e5821 build(deps): bump chainguard-dev/actions from 1.6.19 to 1.6.21
  • 1e0b0e7 build(deps): bump the all group in /tekton with 4 updates
  • 25e1258 build(deps): bump actions/checkout from 6.0.2 to 6.0.3
  • Additional commits viewable in compare view

Updates golang.org/x/crypto from 0.51.0 to 0.53.0

Commits
  • 45460e0 go.mod: update golang.org/x dependencies
  • d37c95e pkcs12: limit PBKDF iteration count to prevent CPU exhaustion
  • e2ffffe ssh: reject incomplete gssapi-with-mic configurations
  • 60e158a ssh/test: isolate CLI tests from user SSH config and agent
  • 1b77d23 ssh/knownhosts: reject lines with multiple or unknown markers
  • 3872a2b ssh/knownhosts: verify declared key type matches decoded key
  • 9f72ecc ssh/knownhosts: treat only ASCII space and tab as whitespace
  • 8f405a4 ssh: validate ECDSA curve matches expected algorithm
  • bb41b3d ssh: improve DH GEX group selection using PreferredBits
  • e04e721 ssh/agent: validate ed25519 private key length in Add
  • Additional commits viewable in compare view

Updates k8s.io/api from 0.36.1 to 0.36.2

Commits

Updates k8s.io/apimachinery from 0.36.1 to 0.36.2

Commits

Updates k8s.io/client-go from 0.36.1 to 0.36.2

Commits

Updates k8s.io/code-generator from 0.36.1 to 0.36.2

Commits

@dependabot dependabot Bot added dependencies Used by dependabot - identifies all PRs created by dependabot kind/misc Categorizes issue or PR as a miscellaneuous one. ok-to-test Indicates a non-member PR verified by an org member that is safe to test. release-note-none Denotes a PR that doesnt merit a release note. labels Jun 23, 2026
@tekton-robot tekton-robot requested review from jkhelil and lcarva June 23, 2026 07:36
@tekton-robot

tekton-robot commented Jun 23, 2026

Copy link
Copy Markdown

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
To complete the pull request process, please assign ab-ghosh after the PR has been reviewed.
You can assign the PR to them by writing /assign @ab-ghosh in a comment when ready.

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@tekton-robot tekton-robot added the size/L Denotes a PR that changes 100-499 lines, ignoring generated files. label Jun 23, 2026
@dependabot
chore(deps): bump the all group across 1 directory with 13 updates
9621d30 
Bumps the all group with 11 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [cloud.google.com/go/storage](https://github.com/googleapis/google-cloud-go) | `1.62.1` | `1.62.3` |
| [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry) | `0.21.5` | `0.21.7` |
| [github.com/sigstore/sigstore](https://github.com/sigstore/sigstore) | `1.10.6` | `1.10.8` |
| [github.com/sigstore/sigstore/pkg/signature/kms/aws](https://github.com/sigstore/sigstore) | `1.10.6` | `1.10.8` |
| [github.com/sigstore/sigstore/pkg/signature/kms/azure](https://github.com/sigstore/sigstore) | `1.10.6` | `1.10.8` |
| [github.com/sigstore/sigstore/pkg/signature/kms/gcp](https://github.com/sigstore/sigstore) | `1.10.6` | `1.10.8` |
| [github.com/sigstore/sigstore/pkg/signature/kms/hashivault](https://github.com/sigstore/sigstore) | `1.10.6` | `1.10.8` |
| [github.com/tektoncd/pipeline](https://github.com/tektoncd/pipeline) | `1.12.0` | `1.12.2` |
| [k8s.io/api](https://github.com/kubernetes/api) | `0.36.1` | `0.36.2` |
| [k8s.io/client-go](https://github.com/kubernetes/client-go) | `0.36.1` | `0.36.2` |
| [k8s.io/code-generator](https://github.com/kubernetes/code-generator) | `0.36.1` | `0.36.2` |



Updates `cloud.google.com/go/storage` from 1.62.1 to 1.62.3
- [Release notes](https://github.com/googleapis/google-cloud-go/releases)
- [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/CHANGES.md)
- [Commits](googleapis/google-cloud-go@storage/v1.62.1...storage/v1.62.3)

Updates `github.com/google/go-containerregistry` from 0.21.5 to 0.21.7
- [Release notes](https://github.com/google/go-containerregistry/releases)
- [Commits](google/go-containerregistry@v0.21.5...v0.21.7)

Updates `github.com/sigstore/sigstore` from 1.10.6 to 1.10.8
- [Release notes](https://github.com/sigstore/sigstore/releases)
- [Commits](sigstore/sigstore@v1.10.6...v1.10.8)

Updates `github.com/sigstore/sigstore/pkg/signature/kms/aws` from 1.10.6 to 1.10.8
- [Release notes](https://github.com/sigstore/sigstore/releases)
- [Commits](sigstore/sigstore@v1.10.6...v1.10.8)

Updates `github.com/sigstore/sigstore/pkg/signature/kms/azure` from 1.10.6 to 1.10.8
- [Release notes](https://github.com/sigstore/sigstore/releases)
- [Commits](sigstore/sigstore@v1.10.6...v1.10.8)

Updates `github.com/sigstore/sigstore/pkg/signature/kms/gcp` from 1.10.6 to 1.10.8
- [Release notes](https://github.com/sigstore/sigstore/releases)
- [Commits](sigstore/sigstore@v1.10.6...v1.10.8)

Updates `github.com/sigstore/sigstore/pkg/signature/kms/hashivault` from 1.10.6 to 1.10.8
- [Release notes](https://github.com/sigstore/sigstore/releases)
- [Commits](sigstore/sigstore@v1.10.6...v1.10.8)

Updates `github.com/tektoncd/pipeline` from 1.12.0 to 1.12.2
- [Release notes](https://github.com/tektoncd/pipeline/releases)
- [Changelog](https://github.com/tektoncd/pipeline/blob/main/releases.md)
- [Commits](tektoncd/pipeline@v1.12.0...v1.12.2)

Updates `golang.org/x/crypto` from 0.51.0 to 0.53.0
- [Commits](golang/crypto@v0.51.0...v0.53.0)

Updates `k8s.io/api` from 0.36.1 to 0.36.2
- [Commits](kubernetes/api@v0.36.1...v0.36.2)

Updates `k8s.io/apimachinery` from 0.36.1 to 0.36.2
- [Commits](kubernetes/apimachinery@v0.36.1...v0.36.2)

Updates `k8s.io/client-go` from 0.36.1 to 0.36.2
- [Changelog](https://github.com/kubernetes/client-go/blob/master/CHANGELOG.md)
- [Commits](kubernetes/client-go@v0.36.1...v0.36.2)

Updates `k8s.io/code-generator` from 0.36.1 to 0.36.2
- [Commits](kubernetes/code-generator@v0.36.1...v0.36.2)

---
updated-dependencies:
- dependency-name: cloud.google.com/go/storage
  dependency-version: 1.62.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: github.com/google/go-containerregistry
  dependency-version: 0.21.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: github.com/sigstore/sigstore
  dependency-version: 1.10.8
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/aws
  dependency-version: 1.10.8
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/azure
  dependency-version: 1.10.8
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/gcp
  dependency-version: 1.10.8
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/hashivault
  dependency-version: 1.10.8
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: github.com/tektoncd/pipeline
  dependency-version: 1.12.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: golang.org/x/crypto
  dependency-version: 0.53.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: k8s.io/api
  dependency-version: 0.36.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: k8s.io/apimachinery
  dependency-version: 0.36.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: k8s.io/client-go
  dependency-version: 0.36.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: k8s.io/code-generator
  dependency-version: 0.36.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot changed the title chore(deps): bump the all group with 13 updates chore(deps): bump the all group across 1 directory with 13 updates Jun 24, 2026
@dependabot dependabot Bot force-pushed the dependabot/go_modules/release-v0.27.x/all-f92667a824 branch from dfac570 to 9621d30 Compare June 24, 2026 14:18
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jkhelil jkhelil Awaiting requested review from jkhelil
@lcarva lcarva Awaiting requested review from lcarva

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

dependencies Used by dependabot - identifies all PRs created by dependabot kind/misc Categorizes issue or PR as a miscellaneuous one. ok-to-test Indicates a non-member PR verified by an org member that is safe to test. release-note-none Denotes a PR that doesnt merit a release note. size/L Denotes a PR that changes 100-499 lines, ignoring generated files.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@tekton-robot