build(deps): bump the go-deps group across 1 directory with 10 updates by dependabot[bot] · Pull Request #2017

build(deps): bump the go-deps group across 1 directory with 10 updates by dependabot[bot] · Pull Request #2017 · fluxcd/source-controller

Bumps the go-deps group with 8 updates in the / directory:

Package	From	To
github.com/elazarl/goproxy	`1.8.1`	`1.8.3`
github.com/go-git/go-billy/v5	`5.7.0`	`5.8.0`
github.com/go-git/go-git/v5	`5.16.5`	`5.17.2`
github.com/minio/minio-go/v7	`7.0.98`	`7.0.99`
github.com/sigstore/cosign/v3	`3.0.4`	`3.0.5`
github.com/sigstore/sigstore	`1.10.4`	`1.10.5`
golang.org/x/crypto	`0.48.0`	`0.49.0`
golang.org/x/oauth2	`0.35.0`	`0.36.0`

Updates github.com/elazarl/goproxy from 1.8.1 to 1.8.3

Release notes

Sourced from github.com/elazarl/goproxy's releases.

v1.8.3

What's Changed

Fix MITM responses leaking upstream HTTP/2 protocol version by @robmry in elazarl/goproxy#755

Fix linting issues by @ErikPelli in elazarl/goproxy#760

New Contributors

@robmry made their first contribution in elazarl/goproxy#755

Full Changelog: elazarl/goproxy@v1.8.2...v1.8.3

v1.8.2

What's Changed

Fix NewResponse writing HTTP/0.0 status lines in MITM mode by @JamieMagee in elazarl/goproxy#749

New Contributors

@JamieMagee made their first contribution in elazarl/goproxy#749

Full Changelog: elazarl/goproxy@v1.8.1...v1.8.2

Commits

eeb2adb Fix linting issues (#760)
c46b83b Fix MITM responses leaking upstream HTTP/2 protocol version (#755)
ffdf0b2 Fix NewResponse writing HTTP/0.0 status lines in MITM mode (#749)
See full diff in compare view

Updates github.com/go-git/go-billy/v5 from 5.7.0 to 5.8.0

Release notes

Sourced from github.com/go-git/go-billy/v5's releases.

v5.8.0

What's Changed

build: Update module golang.org/x/net to v0.45.0 [SECURITY] (releases/v5.x) by @go-git-renovate[bot] in go-git/go-billy#183

v5: Ensure Chmod behaviour across BoundOS and ChrootOS by @pjbgf in go-git/go-billy#187

Full Changelog: go-git/go-billy@v5.7.0...v5.8.0

Commits

8662784 Merge pull request #187 from pjbgf/windows-rename
f387d62 build: Update test workflow to rely on oldstable/stable
915dae9 polyfill: Add support for Chmod
f3d5600 osfs: Create dir for BoundOS Tempfiles
247a741 Merge pull request #183 from go-git/renovate/releases/v5.x-go-golang.org-x-ne...
1c0c9d5 build: Update module golang.org/x/net to v0.45.0 [SECURITY]
See full diff in compare view

Updates github.com/go-git/go-git/v5 from 5.16.5 to 5.17.2

Release notes

Sourced from github.com/go-git/go-git/v5's releases.

v5.17.2

What's Changed

build: Update module github.com/go-git/go-git/v5 to v5.17.1 [SECURITY] (releases/v5.x) by @go-git-renovate[bot] in go-git/go-git#1941

dotgit: skip writing pack files that already exist on disk by @pjbgf in go-git/go-git#1944

⚠️ This release fixes a bug (go-git/go-git#1942) that blocked some users from upgrading to v5.17.1. Thanks @pskrbasu for reporting it. 🙇

Full Changelog: go-git/go-git@v5.17.1...v5.17.2

v5.17.1

What's Changed

build: Update module github.com/cloudflare/circl to v1.6.3 [SECURITY] (releases/v5.x) by @go-git-renovate[bot] in go-git/go-git#1930

[v5] plumbing: format/index, Improve v4 entry name validation by @pjbgf in go-git/go-git#1935

[v5] plumbing: format/idxfile, Fix version and fanout checks by @pjbgf in go-git/go-git#1937

Full Changelog: go-git/go-git@v5.17.0...v5.17.1

v5.17.0

What's Changed

build: Update module github.com/go-git/go-git/v5 to v5.16.5 [SECURITY] (releases/v5.x) by @go-git-renovate[bot] in go-git/go-git#1839

git: worktree, optimize infiles function for very large repos by @k-anshul in go-git/go-git#1853

git: Add strict checks for supported extensions by @pjbgf in go-git/go-git#1861

backport, git: Improve Status() speed with new index.ModTime check by @cedric-appdirect in go-git/go-git#1862

storage: filesystem, Avoid overwriting loose obj files by @pjbgf in go-git/go-git#1864

Full Changelog: go-git/go-git@v5.16.5...v5.17.0

Commits

45ae193 Merge pull request #1944 from go-git/fix-perms
fda4f74 storage: filesystem/dotgit, Skip writing pack files that already exist on disk
2212dc7 Merge pull request #1941 from go-git/renovate/releases/v5.x-go-github.com-go-...
ebb2d7d build: Update module github.com/go-git/go-git/v5 to v5.17.1 [SECURITY]
5e23dfd Merge pull request #1937 from pjbgf/idx-v5
6b38a32 Merge pull request #1935 from pjbgf/index-v5
cd757fc plumbing: format/idxfile, Fix version and fanout checks
3ec0d70 plumbing: format/index, Fix tree extension invalidated entry parsing
dbe10b6 plumbing: format/index, Align V2/V3 long name and V4 prefix encoding with Git
e9b65df plumbing: format/index, Improve v4 entry name validation
Additional commits viewable in compare view

Updates github.com/minio/minio-go/v7 from 7.0.98 to 7.0.99

Commits

c44cb2a Fix PutObject and ConcurrentStreamParts error handling for empty stream (#2207)
1451162 Fix object ReadAt performs seek (#2197)
ffb7ec0 Implement support for new UpdateObjectEncryption API & bump Go to 1.25 (#2204)
See full diff in compare view

Updates github.com/sigstore/cosign/v3 from 3.0.4 to 3.0.5

Release notes

Sourced from github.com/sigstore/cosign/v3's releases.

v3.0.5

v3.0.5 resolves a low-severity advisory for private PKIs.

Deprecations

Deprecate rekor-entry-type flag (#4691)

Deprecate cosign triangulate (#4676)

Deprecate cosign copy (#4681)

Features

Automatically require signed timestamp with Rekor v2 entries (#4666)

Allow --local-image with --new-bundle-format for v2 and v3 signatures (#4626)

Add mTLS support for TSA client connections when signing with a signing config (#4620)

Enforce TSA requirement for Rekor v2, Fuclio signing (#4683)

Bug Fixes

Add empty predicate to cosign sign when payload type is application/vnd.in-toto+json (#4635)

fix: avoid panic on malformed attestation payload (#4651)

fix: avoid panic on malformed tlog entries (#4649)

fix: avoid panic on malformed replace payload (#4653)

Gracefully fail if bundle payload body is not a string (#4648)

Verify validity of chain rather than just certificate (#4663)

fix: avoid panic on malformed tlog entry body (#4652)

Documentation

docs(cosign): clarify RFC3161 revocation semantics (#4642)

Fix typo in CLI help (#4701)

Full Changelog: sigstore/cosign@v3.0.4...v3.0.5

New Contributors

@dortam888 made their first contribution in sigstore/cosign#4635

@1seal made their first contribution in sigstore/cosign#4642

@tuminoid made their first contribution in sigstore/cosign#4626

@Silvanoc made their first contribution in sigstore/cosign#4701

Changelog

Sourced from github.com/sigstore/cosign/v3's changelog.

v3.0.5

Deprecations

Deprecate rekor-entry-type flag (#4691)

Deprecate cosign triangulate (#4676)

Deprecate cosign copy (#4681)

Features

Automatically require signed timestamp with Rekor v2 entries (#4666)

Allow --local-image with --new-bundle-format for v2 and v3 signatures (#4626)

Add mTLS support for TSA client connections when signing with a signing config (#4620)

Enforce TSA requirement for Rekor v2, Fuclio signing (#4683)

Bug Fixes

Add empty predicate to cosign sign when payload type is application/vnd.in-toto+json (#4635)

fix: avoid panic on malformed attestation payload (#4651)

fix: avoid panic on malformed tlog entries (#4649)

fix: avoid panic on malformed replace payload (#4653)

Gracefully fail if bundle payload body is not a string (#4648)

Verify validity of chain rather than just certificate (#4663)

fix: avoid panic on malformed tlog entry body (#4652)

Documentation

docs(cosign): clarify RFC3161 revocation semantics (#4642)

Fix typo in CLI help (#4701)

Commits

479147a chore(deps): bump google.golang.org/api from 0.260.0 to 0.264.0 (#4679)
e0ba0c9 chore(deps): bump github.com/sigstore/rekor-tiles/v2 from 2.0.1 to 2.1.0 (#4670)
db5ab21 chore(deps): bump filippo.io/edwards25519 from 1.1.0 to 1.1.1 (#4712)
6634258 chore(deps): bump gitlab.com/gitlab-org/api/client-go (#4680)
02edc59 chore(deps): bump the gomod group across 1 directory with 4 updates (#4702)
3dd16b8 chore(deps): bump the actions group with 3 updates (#4703)
b7fd27d update golang builder to use go1.25.7 (#4687)
8f1cd80 update golangci-lint to v2.8.x (#4688)
e949e21 Fix typo in CLI help (#4701)
39f05cd Support DSSE signing conformance test (#4685)
Additional commits viewable in compare view

Updates github.com/sigstore/sigstore from 1.10.4 to 1.10.5

Release notes

Sourced from github.com/sigstore/sigstore's releases.

v1.10.5

What's Changed

(kms/hashivault): add openbao support in sigstore/sigstore#2303

Fix typo in RSA PSS 4096 signature identifier in sigstore/sigstore#2270

fix: eliminate usage of text/template in sigstore/sigstore#2288

chore: mention openbao being supported as well (#2303) in sigstore/sigstore#2313

Full Changelog: sigstore/sigstore@v1.10.4...v1.10.5

Commits

c90de3e chore: mention openbao being supported as well (#2313) (#2313)
b377f8f chore: Project-wide linting (#2310)
295d656 build(deps): Bump the all group across 1 directory with 3 updates (#2296)
c731032 (kms/hashivault): add openbao support (#2303)
b56c866 fix: eliminate usage of text/template (#2288)
1d8faff build(deps): Bump github.com/aws/aws-sdk-go-v2/config (#2286)
4ac5776 build(deps): Bump github.com/letsencrypt/boulder (#2282)
36276e8 build(deps): Bump golang.org/x/crypto from 0.44.0 to 0.47.0 (#2258)
59887c9 build(deps): Bump the all group across 1 directory with 2 updates (#2278)
1e85403 build(deps): Bump dexidp/dex in /test/e2e in the all group (#2279)
Additional commits viewable in compare view

Updates golang.org/x/crypto from 0.48.0 to 0.49.0

Commits

982eaa6 go.mod: update golang.org/x dependencies
159944f ssh,acme: clean up tautological/impossible nil conditions
a408498 acme: only require prompt if server has terms of service
cab0f71 all: upgrade go directive to at least 1.25.0 [generated]
2f26647 x509roots/fallback: update bundle
See full diff in compare view

Updates golang.org/x/oauth2 from 0.35.0 to 0.36.0

Commits

4d954e6 all: upgrade go directive to at least 1.25.0 [generated]
See full diff in compare view

Updates golang.org/x/sync from 0.19.0 to 0.20.0

Commits

ec11c4a errgroup: fix a typo in the documentation
1a58307 all: modernize interface{} -> any
3172ca5 all: upgrade go directive to at least 1.25.0 [generated]
See full diff in compare view

Updates google.golang.org/api from 0.265.0 to 0.267.0

Release notes

Sourced from google.golang.org/api's releases.

v0.267.0

0.267.0 (2026-02-17)

Features

all: Auto-regenerate discovery clients (#3492) (62e5a8e)

all: Auto-regenerate discovery clients (#3494) (832516f)

all: Auto-regenerate discovery clients (#3495) (1415f4c)

all: Auto-regenerate discovery clients (#3496) (633a3a2)

all: Auto-regenerate discovery clients (#3497) (6463f72)

all: Auto-regenerate discovery clients (#3499) (ab20d56)

all: Auto-regenerate discovery clients (#3500) (8a6df06)

v0.266.0

0.266.0 (2026-02-10)

Features

all: Auto-regenerate discovery clients (#3483) (a3a61ce)

all: Auto-regenerate discovery clients (#3485) (200d140)

all: Auto-regenerate discovery clients (#3486) (870909e)

all: Auto-regenerate discovery clients (#3487) (6018e80)

all: Auto-regenerate discovery clients (#3489) (402353b)

all: Auto-regenerate discovery clients (#3490) (49c652f)

Changelog

Sourced from google.golang.org/api's changelog.

0.267.0 (2026-02-17)

Features

all: Auto-regenerate discovery clients (#3492) (62e5a8e)

all: Auto-regenerate discovery clients (#3494) (832516f)

all: Auto-regenerate discovery clients (#3495) (1415f4c)

all: Auto-regenerate discovery clients (#3496) (633a3a2)

all: Auto-regenerate discovery clients (#3497) (6463f72)

all: Auto-regenerate discovery clients (#3499) (ab20d56)

all: Auto-regenerate discovery clients (#3500) (8a6df06)

0.266.0 (2026-02-10)

Features

all: Auto-regenerate discovery clients (#3483) (a3a61ce)

all: Auto-regenerate discovery clients (#3485) (200d140)

all: Auto-regenerate discovery clients (#3486) (870909e)

all: Auto-regenerate discovery clients (#3487) (6018e80)

all: Auto-regenerate discovery clients (#3489) (402353b)

all: Auto-regenerate discovery clients (#3490) (49c652f)

Commits

41fd847 chore(main): release 0.267.0 (#3493)
8a6df06 feat(all): auto-regenerate discovery clients (#3500)
ab20d56 feat(all): auto-regenerate discovery clients (#3499)
6463f72 feat(all): auto-regenerate discovery clients (#3497)
633a3a2 feat(all): auto-regenerate discovery clients (#3496)
1415f4c feat(all): auto-regenerate discovery clients (#3495)
832516f feat(all): auto-regenerate discovery clients (#3494)
62e5a8e feat(all): auto-regenerate discovery clients (#3492)
26a317d chore(main): release 0.266.0 (#3484)
49c652f feat(all): auto-regenerate discovery clients (#3490)
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions