chore(deps): bump github.com/sigstore/sigstore-go from 0.7.2 to 0.7.3#10949
chore(deps): bump github.com/sigstore/sigstore-go from 0.7.2 to 0.7.3#10949dependabot[bot] wants to merge 1 commit intotrunkfrom
Conversation
Bumps [github.com/sigstore/sigstore-go](https://github.com/sigstore/sigstore-go) from 0.7.2 to 0.7.3. - [Release notes](https://github.com/sigstore/sigstore-go/releases) - [Commits](sigstore/sigstore-go@v0.7.2...v0.7.3) --- updated-dependencies: - dependency-name: github.com/sigstore/sigstore-go dependency-version: 0.7.3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>
a4c5aad to
f0c877b
Compare
|
@cli/package-security I reviewed this as best I could, and I think it's okay to merge, but can you check as well please? 🙏 |
|
@BagToad sigstore-go v1 was released two weeks ago so I can open a PR to update to that version and close this one out. I'll link to this pull request. |
|
Superseded by #11028 |
|
Thanks @malancas! I'll close this one. |
|
OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting If you change your mind, just re-open this PR and I'll resolve any conflicts on it. |
Bumps github.com/sigstore/sigstore-go from 0.7.2 to 0.7.3.
Release notes
Sourced from github.com/sigstore/sigstore-go's releases.
Commits
8dff965Disable TUF timestamping when TUF cache disabled (#470)bc5a79fBump golangci/golangci-lint-action from 7.0.0 to 8.0.0 (#469)5567283Bump the minor-patch group across 2 directories with 1 update (#467)ee90efaBump sigstore/sigstore-conformance from 0.0.17 to 0.0.18 (#468)8a51f3bsigning example: Support --signing-config/--trusted-root (#458)7bce004correct error on unsupported TrustedRoot media type (#466)7cdd5e0Fix SigningConfig ValidFor when dates are missing (#465)c830b3eSelect highest API version with multiple SigningConfig services (#459)d2f8dc1Use default Verifier for the public key contained in a certificate (closes #7...3838ecdBump the minor-patch group across 2 directories with 1 update (#463)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)