Skip to content

chore(deps): bump github.com/sigstore/rekor from 1.3.10 to 1.4.0 #42

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

chore(deps): bump github.com/sigstore/rekor from 1.3.10 to 1.4.0 #42

wants to merge 1 commit into from

Conversation

@dependabot
Copy link

@dependabot dependabot bot commented on behalf of github Aug 3, 2025

Bumps github.com/sigstore/rekor from 1.3.10 to 1.4.0.

Release notes

Sourced from github.com/sigstore/rekor's releases.

v1.4.0

Changelog

  • d7d31f0250d4b98ce0be3837fef9510b59e57cb7 changelog for v1.4.0 release (#2550)
  • 455d37ba5e51e18dda1ce9a2a87192af64a4663d enable retries and timeouts on GCP KMS calls (#2548)
  • bfc05e00d6bf22e8feea027d924fc69ff5164820 allow configuring gRPC default service config for trillian client load balancing & timeouts (#2549)
  • 6b4e26047637f8f1c4a35d9b4555d800ca486742 remove stable checkpoint feature (#2537)
  • 5d5f29982b41b094b05f125c4febe87a7de1b94c build(deps): Bump sigs.k8s.io/release-utils from 0.11.1 to 0.12.0
  • 9a34ce9a8514a326e52c0f5bc13826bd698215a3 build(deps): Bump golang.org/x/net from 0.41.0 to 0.42.0 (#2544)
  • 7d62779748126b6539a3d5bf7c8a695109070287 build(deps): Bump the all group with 3 updates (#2545)
  • e2f2f076074164852f4dc09e6ec6320176a0da62 fix lints
  • 82d72158ca3d72556d03eb1e27a8df4fa450cb50 bump golangci-lint to v2.2.x
  • 47a75e6134470b1657c84f722efc7514acf27526 use go1.24.5 to build rekor
  • 7fec2dbcf68b95dcf1590065b7fb5ca119883853 build(deps): Bump google.golang.org/api from 0.238.0 to 0.242.0 (#2543)
  • d5c8e57db2150aa645b463149ac9a96a04b41866 build(deps): Bump golang.org/x/sync from 0.15.0 to 0.16.0 (#2541)
  • a7a03565421b532e19dcb635e6203313a34c5ab6 build(deps): Bump github.com/spf13/pflag in the all group (#2542)
  • 802db4d87b871fd2163ed92d3e4ce9c7fc08a065 build(deps): Bump github.com/sigstore/protobuf-specs from 0.4.3 to 0.5.0
  • d920fad17c98aff21d98036db6a4820542f7d18d move context handling in trillian RPC calls to be request based and idiomatic (#2536)
  • 4b09ef5b15074a73ce4fad7efd2f74a3463bfb9f build(deps): Bump github.com/go-viper/mapstructure/v2 (#2522)
  • 959ea43513a968c20964c79071e8c11a37f87b8b build(deps): Bump golang from 1.24.4 to 1.24.5 in the all group (#2534)
  • 8931ff31a78fcd419fe5b2666058f18f3558989e build(deps): Bump the all group with 2 updates (#2518)
  • df0a4ce2c81484ae32b1cd90a2d48f7160a94e88 build(deps): Bump the all group with 2 updates (#2524)
  • 2fab95aeb7c731531bcf6d59435d2e7246e2a086 build(deps): Bump sigstore/scaffolding/trillian_log_server (#2527)
  • 4221cb87b2ddb28c7ccb0607956d763c4154dd63 build(deps): Bump sigstore/scaffolding/trillian_log_signer (#2526)
  • 6c27e6870e162e3cd1446950662e349ddf556421 build(deps): Bump github.com/go-viper/mapstructure/v2 in /hack/tools (#2523)
  • 3f8d1e636fbf7fe636a6532715f07319bcf94d90 backoff pubsub emulator to last-known good (#2535)
  • 422e8ec73cfdfee1bdbce2798413470876a2eae8 build(deps): Bump golang from db5d0af to 10c1318
  • c0f3b8c639cb52bb2fa760465ad7d49e2ff19570 build(deps): Bump sigstore/cosign-installer in the all group
  • 795d4c7c118398ac40e717e4c7d22b750e780f02 build(deps): Bump google.com/cloudsdktool/google-cloud-cli
  • 3ef026fdf72370a3941680009d0c23d1033cc222 build(deps): Bump google.golang.org/api from 0.237.0 to 0.238.0
  • 18a6ae453af5a7baef13672ef81f003774bcbe7b build(deps): Bump go.step.sm/crypto from 0.66.0 to 0.67.0
  • 1ef8b666115e6f93f80c74ce2b4cae67a529d1fc build(deps): Bump github/codeql-action in the all group
  • 2e5d89fff33cfb9788ca15d33c35b5c6d05858de build(deps): Bump google.golang.org/api from 0.236.0 to 0.237.0
  • fa8712143722430cac8df0a7a8213d410b5e314a build(deps): Bump the all group with 7 updates
  • 20979b6ecf086f693de2739cc4a3e3b99c8644f3 Update GoReleaser configurations (#2511)
  • 8d71b4957b9fce2341a1bbd00fe5bfd47d7e5b2e update builder to use go1.24.4
  • 03a287435c7a540a1058f7cb24f1492619448723 build(deps): Bump google.golang.org/grpc from 1.72.2 to 1.73.0
  • b0db66ffe217499a56ecc9d9ee0d08d0d469517a build(deps): Bump golang.org/x/net from 0.40.0 to 0.41.0
  • 7dcea62add3d73a9b889e1f3e01d8f715dae9b0e build(deps): Bump github.com/redis/go-redis/v9 from 9.9.0 to 9.10.0
  • ea15859fb04fea5b6cff5e35dccf91d42b634fe4 build(deps): Bump google.golang.org/api from 0.235.0 to 0.236.0
  • 47939200c1d10f0f2ad2d98fdca929d9e78c0281 build(deps): Bump golang from 1.24.3 to 1.24.4 in the all group
  • 0613f7fa4371512abc12a80fe13c5341b0c3f8ac build(deps): Bump github.com/go-swagger/go-swagger
  • bce34fc5e7e464ce484d29dc71e97aa299f77ae8 build(deps): Bump github/codeql-action in the all group
  • 946bdf5f3cd6c54801eb50fc7a42383d9f7be8f4 build(deps): Bump google.com/cloudsdktool/google-cloud-cli
  • 5c131cf1b8ce1b7fec8241e83c66d2403833446c build(deps): Bump github.com/google/rpmpack from 0.6.0 to 0.7.0
  • 4f4dbc7bf7a87278541286606693ca7acc48e5c2 build(deps): Bump github.com/redis/go-redis/v9 from 9.8.0 to 9.9.0
  • 4a3e683abfa64f5ddb5023894aaa4d3a8fe15337 build(deps): Bump google.com/cloudsdktool/google-cloud-cli
  • 6a0305e857d7954fa697de86b01c48b41e78c785 build(deps): Bump go.step.sm/crypto from 0.64.0 to 0.66.0
  • cad3eb60ec25977e407d2b39cdd98e6234c53995 build(deps): Bump google.golang.org/api from 0.234.0 to 0.235.0
  • 5097431e7b2c27acc0b686939d065c85acd23414 build(deps): Bump golang from 4c0a181 to 81bf592
  • 1a4c8e53fc6739286421d33a0c8e72dcc17c86ea build(deps): Bump google.golang.org/api from 0.233.0 to 0.234.0

... (truncated)

Changelog

Sourced from github.com/sigstore/rekor's changelog.

v1.4.0

This is a minor version release given the removal of the stable checkpoint feature. To our knowledge, this was not used effectively anywhere and therefore was removed from Rekor v1. Witnessing will be added as part of the upcoming Rekor v2 release.

Features

  • enable retries and timeouts on GCP KMS calls (#2548)
  • allow configuring gRPC default service config for trillian client load balancing & timeouts (#2549)
  • move context handling in trillian RPC calls to be request based and idiomatic (#2536)

Fixes

  • Fix docker compose up --wait failing when Trillian server isn't healthy (#2473)
  • better mysql healthcheck (#2459)
  • numerous upgraded dependencies, including moving to go 1.24

Removed

  • remove stable checkpoint feature (#2537)
  • Don't initialize index storage with stable checkpoint publishing (#2486)

Contributors

  • Bob Callaway
  • Carlos Tadeu Panato Junior
  • Emmanuel Ferdman
  • Hayden B
  • Ramon Petgrave
Commits
  • d7d31f0 changelog for v1.4.0 release (#2550)
  • 455d37b enable retries and timeouts on GCP KMS calls (#2548)
  • bfc05e0 allow configuring gRPC default service config for trillian client load balanc...
  • 6b4e260 remove stable checkpoint feature (#2537)
  • 5d5f299 build(deps): Bump sigs.k8s.io/release-utils from 0.11.1 to 0.12.0
  • 9a34ce9 build(deps): Bump golang.org/x/net from 0.41.0 to 0.42.0 (#2544)
  • 7d62779 build(deps): Bump the all group with 3 updates (#2545)
  • e2f2f07 fix lints
  • 82d7215 bump golangci-lint to v2.2.x
  • 47a75e6 use go1.24.5 to build rekor
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
chore(deps): bump github.com/sigstore/rekor from 1.3.10 to 1.4.0
e857c6c 
Bumps [github.com/sigstore/rekor](https://github.com/sigstore/rekor) from 1.3.10 to 1.4.0.
- [Release notes](https://github.com/sigstore/rekor/releases)
- [Changelog](https://github.com/sigstore/rekor/blob/main/CHANGELOG.md)
- [Commits](sigstore/rekor@v1.3.10...v1.4.0)

---
updated-dependencies:
- dependency-name: github.com/sigstore/rekor
  dependency-version: 1.4.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update go code labels Aug 3, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file go Pull requests that update go code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant