chore(deps): bump the gomod group with 5 updates by dependabot[bot] · Pull Request #1254 · sigstore/timestamp-authority

dependabot · 2025-12-15T11:05:47Z

Bumps the gomod group with 5 updates:

Package	From	To
github.com/sigstore/sigstore	`1.10.2`	`1.10.3`
github.com/sigstore/sigstore/pkg/signature/kms/aws	`1.10.2`	`1.10.3`
github.com/sigstore/sigstore/pkg/signature/kms/azure	`1.10.2`	`1.10.3`
github.com/sigstore/sigstore/pkg/signature/kms/gcp	`1.10.2`	`1.10.3`
github.com/sigstore/sigstore/pkg/signature/kms/hashivault	`1.10.2`	`1.10.3`

Updates github.com/sigstore/sigstore from 1.10.2 to 1.10.3

Release notes

Sourced from github.com/sigstore/sigstore's releases.

v1.10.3

What's Changed

v1.10.3 adds ValidatePubKey back to the cryptoutils package to avoid a breaking API change.

Add back ValidatePubKey as a deprecated, minimal function in sigstore/sigstore#2235

Full Changelog: sigstore/sigstore@v1.10.2...v1.10.3

Commits

72f0ed7 build(deps): Bump github.com/aws/aws-sdk-go-v2/config (#2230)
b257168 build(deps): Bump github.com/aws/aws-sdk-go-v2 in /pkg/signature/kms/aws (#2226)
84f57b8 build(deps): Bump github.com/sigstore/sigstore (#2221)
bdc1a86 build(deps): Bump actions/checkout from 5.0.1 to 6.0.0 (#2220)
11dfe81 build(deps): Bump golang.org/x/crypto in /pkg/signature/kms/aws (#2236)
0214948 Add back ValidatePubKey as a deprecated, minimal function (#2235)
cc26bb8 build(deps): Bump localstack/localstack in /test/e2e in the all group (#2227)
63ab8d8 build(deps): Bump github.com/aws/aws-sdk-go-v2/service/kms (#2229)
9e629f0 build(deps): Bump the all group with 2 updates (#2219)
234b99d build(deps): Bump github.com/coreos/go-oidc/v3 from 3.16.0 to 3.17.0 (#2223)
Additional commits viewable in compare view

Updates github.com/sigstore/sigstore/pkg/signature/kms/aws from 1.10.2 to 1.10.3

Release notes

Sourced from github.com/sigstore/sigstore/pkg/signature/kms/aws's releases.

v1.10.3

What's Changed

v1.10.3 adds ValidatePubKey back to the cryptoutils package to avoid a breaking API change.

Add back ValidatePubKey as a deprecated, minimal function in sigstore/sigstore#2235

Full Changelog: sigstore/sigstore@v1.10.2...v1.10.3

Commits

72f0ed7 build(deps): Bump github.com/aws/aws-sdk-go-v2/config (#2230)
b257168 build(deps): Bump github.com/aws/aws-sdk-go-v2 in /pkg/signature/kms/aws (#2226)
84f57b8 build(deps): Bump github.com/sigstore/sigstore (#2221)
bdc1a86 build(deps): Bump actions/checkout from 5.0.1 to 6.0.0 (#2220)
11dfe81 build(deps): Bump golang.org/x/crypto in /pkg/signature/kms/aws (#2236)
0214948 Add back ValidatePubKey as a deprecated, minimal function (#2235)
cc26bb8 build(deps): Bump localstack/localstack in /test/e2e in the all group (#2227)
63ab8d8 build(deps): Bump github.com/aws/aws-sdk-go-v2/service/kms (#2229)
9e629f0 build(deps): Bump the all group with 2 updates (#2219)
234b99d build(deps): Bump github.com/coreos/go-oidc/v3 from 3.16.0 to 3.17.0 (#2223)
Additional commits viewable in compare view

Updates github.com/sigstore/sigstore/pkg/signature/kms/azure from 1.10.2 to 1.10.3

Release notes

Sourced from github.com/sigstore/sigstore/pkg/signature/kms/azure's releases.

v1.10.3

What's Changed

v1.10.3 adds ValidatePubKey back to the cryptoutils package to avoid a breaking API change.

Add back ValidatePubKey as a deprecated, minimal function in sigstore/sigstore#2235

Full Changelog: sigstore/sigstore@v1.10.2...v1.10.3

Commits

72f0ed7 build(deps): Bump github.com/aws/aws-sdk-go-v2/config (#2230)
b257168 build(deps): Bump github.com/aws/aws-sdk-go-v2 in /pkg/signature/kms/aws (#2226)
84f57b8 build(deps): Bump github.com/sigstore/sigstore (#2221)
bdc1a86 build(deps): Bump actions/checkout from 5.0.1 to 6.0.0 (#2220)
11dfe81 build(deps): Bump golang.org/x/crypto in /pkg/signature/kms/aws (#2236)
0214948 Add back ValidatePubKey as a deprecated, minimal function (#2235)
cc26bb8 build(deps): Bump localstack/localstack in /test/e2e in the all group (#2227)
63ab8d8 build(deps): Bump github.com/aws/aws-sdk-go-v2/service/kms (#2229)
9e629f0 build(deps): Bump the all group with 2 updates (#2219)
234b99d build(deps): Bump github.com/coreos/go-oidc/v3 from 3.16.0 to 3.17.0 (#2223)
Additional commits viewable in compare view

Updates github.com/sigstore/sigstore/pkg/signature/kms/gcp from 1.10.2 to 1.10.3

Release notes

Sourced from github.com/sigstore/sigstore/pkg/signature/kms/gcp's releases.

v1.10.3

What's Changed

v1.10.3 adds ValidatePubKey back to the cryptoutils package to avoid a breaking API change.

Add back ValidatePubKey as a deprecated, minimal function in sigstore/sigstore#2235

Full Changelog: sigstore/sigstore@v1.10.2...v1.10.3

Commits

72f0ed7 build(deps): Bump github.com/aws/aws-sdk-go-v2/config (#2230)
b257168 build(deps): Bump github.com/aws/aws-sdk-go-v2 in /pkg/signature/kms/aws (#2226)
84f57b8 build(deps): Bump github.com/sigstore/sigstore (#2221)
bdc1a86 build(deps): Bump actions/checkout from 5.0.1 to 6.0.0 (#2220)
11dfe81 build(deps): Bump golang.org/x/crypto in /pkg/signature/kms/aws (#2236)
0214948 Add back ValidatePubKey as a deprecated, minimal function (#2235)
cc26bb8 build(deps): Bump localstack/localstack in /test/e2e in the all group (#2227)
63ab8d8 build(deps): Bump github.com/aws/aws-sdk-go-v2/service/kms (#2229)
9e629f0 build(deps): Bump the all group with 2 updates (#2219)
234b99d build(deps): Bump github.com/coreos/go-oidc/v3 from 3.16.0 to 3.17.0 (#2223)
Additional commits viewable in compare view

Updates github.com/sigstore/sigstore/pkg/signature/kms/hashivault from 1.10.2 to 1.10.3

Release notes

Sourced from github.com/sigstore/sigstore/pkg/signature/kms/hashivault's releases.

v1.10.3

What's Changed

v1.10.3 adds ValidatePubKey back to the cryptoutils package to avoid a breaking API change.

Add back ValidatePubKey as a deprecated, minimal function in sigstore/sigstore#2235

Full Changelog: sigstore/sigstore@v1.10.2...v1.10.3

Commits

72f0ed7 build(deps): Bump github.com/aws/aws-sdk-go-v2/config (#2230)
b257168 build(deps): Bump github.com/aws/aws-sdk-go-v2 in /pkg/signature/kms/aws (#2226)
84f57b8 build(deps): Bump github.com/sigstore/sigstore (#2221)
bdc1a86 build(deps): Bump actions/checkout from 5.0.1 to 6.0.0 (#2220)
11dfe81 build(deps): Bump golang.org/x/crypto in /pkg/signature/kms/aws (#2236)
0214948 Add back ValidatePubKey as a deprecated, minimal function (#2235)
cc26bb8 build(deps): Bump localstack/localstack in /test/e2e in the all group (#2227)
63ab8d8 build(deps): Bump github.com/aws/aws-sdk-go-v2/service/kms (#2229)
9e629f0 build(deps): Bump the all group with 2 updates (#2219)
234b99d build(deps): Bump github.com/coreos/go-oidc/v3 from 3.16.0 to 3.17.0 (#2223)
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the gomod group with 5 updates: | Package | From | To | | --- | --- | --- | | [github.com/sigstore/sigstore](https://github.com/sigstore/sigstore) | `1.10.2` | `1.10.3` | | [github.com/sigstore/sigstore/pkg/signature/kms/aws](https://github.com/sigstore/sigstore) | `1.10.2` | `1.10.3` | | [github.com/sigstore/sigstore/pkg/signature/kms/azure](https://github.com/sigstore/sigstore) | `1.10.2` | `1.10.3` | | [github.com/sigstore/sigstore/pkg/signature/kms/gcp](https://github.com/sigstore/sigstore) | `1.10.2` | `1.10.3` | | [github.com/sigstore/sigstore/pkg/signature/kms/hashivault](https://github.com/sigstore/sigstore) | `1.10.2` | `1.10.3` | Updates `github.com/sigstore/sigstore` from 1.10.2 to 1.10.3 - [Release notes](https://github.com/sigstore/sigstore/releases) - [Commits](sigstore/sigstore@v1.10.2...v1.10.3) Updates `github.com/sigstore/sigstore/pkg/signature/kms/aws` from 1.10.2 to 1.10.3 - [Release notes](https://github.com/sigstore/sigstore/releases) - [Commits](sigstore/sigstore@v1.10.2...v1.10.3) Updates `github.com/sigstore/sigstore/pkg/signature/kms/azure` from 1.10.2 to 1.10.3 - [Release notes](https://github.com/sigstore/sigstore/releases) - [Commits](sigstore/sigstore@v1.10.2...v1.10.3) Updates `github.com/sigstore/sigstore/pkg/signature/kms/gcp` from 1.10.2 to 1.10.3 - [Release notes](https://github.com/sigstore/sigstore/releases) - [Commits](sigstore/sigstore@v1.10.2...v1.10.3) Updates `github.com/sigstore/sigstore/pkg/signature/kms/hashivault` from 1.10.2 to 1.10.3 - [Release notes](https://github.com/sigstore/sigstore/releases) - [Commits](sigstore/sigstore@v1.10.2...v1.10.3) --- updated-dependencies: - dependency-name: github.com/sigstore/sigstore dependency-version: 1.10.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gomod - dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/aws dependency-version: 1.10.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gomod - dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/azure dependency-version: 1.10.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gomod - dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/gcp dependency-version: 1.10.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gomod - dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/hashivault dependency-version: 1.10.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gomod ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Dec 15, 2025

dependabot Bot requested a review from a team as a code owner December 15, 2025 11:05

dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Dec 15, 2025

bobcallaway approved these changes Dec 15, 2025

View reviewed changes

bobcallaway merged commit 76013d6 into main Dec 15, 2025
9 checks passed

bobcallaway deleted the dependabot/go_modules/gomod-4ab9468825 branch December 15, 2025 12:17

bobcallaway mentioned this pull request Dec 15, 2025

v2.0.3 incompatible with sigstore v1.10.0+ due to removed cryptoutils/goodkey package #1252

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): bump the gomod group with 5 updates#1254

chore(deps): bump the gomod group with 5 updates#1254
bobcallaway merged 1 commit into
mainfrom
dependabot/go_modules/gomod-4ab9468825

dependabot Bot commented on behalf of github Dec 15, 2025

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Conversation

dependabot Bot commented on behalf of github Dec 15, 2025

v1.10.3

What's Changed

v1.10.3

What's Changed

v1.10.3

What's Changed

v1.10.3

What's Changed

v1.10.3

What's Changed

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant