Skip to content

Bump sigstore-go to v1.1.4 #12289

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
babakks merged 5 commits into from
Jan 7, 2026
Merged

Bump sigstore-go to v1.1.4 #12289

babakks merged 5 commits into from
Jan 7, 2026

Conversation

@williammartin
Copy link
Member

@williammartin williammartin commented Dec 11, 2025
edited by babakks
Loading

This PR bumps sigstore-go to v1.1.4, and also upgrades the go-licenses tool to v2.

@williammartin williammartin requested a review from a team as a code owner December 11, 2025 15:14
Copilot AI reviewed Dec 11, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR updates sigstore-go dependency from an earlier version to v1.1.4, which involves removing numerous third-party dependency files and license files as part of the dependency update process.

Reviewed changes

Copilot reviewed 158 out of 1101 changed files in this pull request and generated no comments.

File Description
Multiple third-party LICENSE files Removed license files for various dependencies including hashicorp/golang-lru, hashicorp/go-version, in-toto packages, and many others
Multiple third-party test files Removed test files from hashicorp/golang-lru and hashicorp/go-version packages
Multiple third-party source files Removed source code files from hashicorp packages including LRU cache implementations and version handling utilities
Multiple third-party configuration files Removed go.mod files, CI configuration files, and other build/development configuration files

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@williammartin williammartin force-pushed the wm/bump-sigstore-go branch 2 times, most recently from 0eae7ef to 19b1b7b Compare December 11, 2025 15:30
@BagToad BagToad removed their request for review December 11, 2025 16:25
@babakks babakks mentioned this pull request Dec 16, 2025
Closed
@chrisahl
Copy link

chrisahl commented Jan 7, 2026

Will this PR or #12299 be merged soon?

@chrisahl chrisahl mentioned this pull request Jan 7, 2026
Closed
@babakks
Copy link
Member

babakks commented Jan 7, 2026

IIRC we faced an issue with our third-party license management tool when doing this. I can prioritise it, unless @williammartin has something ongoing on it.

babakks added 2 commits January 7, 2026 15:17
@babakks
chore: bump github.com/sigstore/sigstore-go to v1.1.4
ed4d383 
Signed-off-by: Babak K. Shandiz <babakks@github.com>
@babakks
chore: update licenses
7925d73 
Signed-off-by: Babak K. Shandiz <babakks@github.com>
@babakks babakks force-pushed the wm/bump-sigstore-go branch from 03522e9 to 7925d73 Compare January 7, 2026 15:22
williammartin and others added 3 commits January 7, 2026 15:38
@williammartin @babakks
Update go-licenses for 1.25
249de23
@babakks
chore: install go-licenses@v2 in scripts
cd61e6c 
Signed-off-by: Babak K. Shandiz <babakks@github.com>
@babakks
chore: update licenses using go-licenses@v2
119e8c5 
Signed-off-by: Babak K. Shandiz <babakks@github.com>
BagToad
BagToad approved these changes Jan 7, 2026
View reviewed changes
Copy link
Member

@BagToad BagToad left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reviewed with @babakks

@babakks babakks merged commit d817414 into trunk Jan 7, 2026
11 checks passed
@babakks babakks deleted the wm/bump-sigstore-go branch January 7, 2026 17:00
@chrisahl
Copy link

chrisahl commented Jan 7, 2026

Thanks for the fixes. I have not found info yet on how often a new version is released, do you know when a new version will appear or what determines when a new version is created?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@babakks babakks babakks approved these changes

@BagToad BagToad BagToad approved these changes

Assignees

@williammartin williammartin

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@williammartin @chrisahl @babakks @BagToad