Skip to content

chore(deps): bump github.com/sigstore/sigstore from 1.10.4 to 1.10.5#727

Merged
rdimitrov merged 2 commits into
masterfrom
dependabot/go_modules/github.com/sigstore/sigstore-1.10.5
Apr 7, 2026
Merged

chore(deps): bump github.com/sigstore/sigstore from 1.10.4 to 1.10.5#727
rdimitrov merged 2 commits into
masterfrom
dependabot/go_modules/github.com/sigstore/sigstore-1.10.5

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Mar 30, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Bumps github.com/sigstore/sigstore from 1.10.4 to 1.10.5.

Release notes

Sourced from github.com/sigstore/sigstore's releases.

v1.10.5

What's Changed

Full Changelog: sigstore/sigstore@v1.10.4...v1.10.5

Commits
  • c90de3e chore: mention openbao being supported as well (#2313) (#2313)
  • b377f8f chore: Project-wide linting (#2310)
  • 295d656 build(deps): Bump the all group across 1 directory with 3 updates (#2296)
  • c731032 (kms/hashivault): add openbao support (#2303)
  • b56c866 fix: eliminate usage of text/template (#2288)
  • 1d8faff build(deps): Bump github.com/aws/aws-sdk-go-v2/config (#2286)
  • 4ac5776 build(deps): Bump github.com/letsencrypt/boulder (#2282)
  • 36276e8 build(deps): Bump golang.org/x/crypto from 0.44.0 to 0.47.0 (#2258)
  • 59887c9 build(deps): Bump the all group across 1 directory with 2 updates (#2278)
  • 1e85403 build(deps): Bump dexidp/dex in /test/e2e in the all group (#2279)
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
chore(deps): bump github.com/sigstore/sigstore from 1.10.4 to 1.10.5
dc5bc6c 
Bumps [github.com/sigstore/sigstore](https://github.com/sigstore/sigstore) from 1.10.4 to 1.10.5.
- [Release notes](https://github.com/sigstore/sigstore/releases)
- [Commits](sigstore/sigstore@v1.10.4...v1.10.5)

---
updated-dependencies:
- dependency-name: github.com/sigstore/sigstore
  dependency-version: 1.10.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Mar 30, 2026
@dependabot dependabot Bot requested a review from a team as a code owner March 30, 2026 10:40
@dependabot dependabot Bot added the dependencies Pull requests that update a dependency file label Mar 30, 2026
Copilot AI review requested due to automatic review settings March 30, 2026 10:40
@dependabot dependabot Bot added the go Pull requests that update Go code label Mar 30, 2026
@dependabot dependabot Bot review requested due to automatic review settings March 30, 2026 10:40
Copilot AI review requested due to automatic review settings April 6, 2026 12:37
Copilot AI reviewed Apr 6, 2026
View reviewed changes

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Updates the project’s Go module dependencies to pull in the latest patch release of github.com/sigstore/sigstore, along with updated transitive golang.org/x/* modules reflected by go mod tidy.

Changes:

  • Bump github.com/sigstore/sigstore from v1.10.4 to v1.10.5.
  • Update indirect golang.org/x/crypto, golang.org/x/sys, and golang.org/x/term versions.
  • Refresh go.sum checksums to match the updated module graph.

Reviewed changes

Copilot reviewed 1 out of 2 changed files in this pull request and generated no comments.

File Description
go.mod Updates required module versions (sigstore + indirect golang.org/x/*).
go.sum Updates checksums for the new module versions.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@rdimitrov rdimitrov merged commit 7e8f69f into master Apr 7, 2026
30 checks passed
@rdimitrov rdimitrov deleted the dependabot/go_modules/github.com/sigstore/sigstore-1.10.5 branch April 7, 2026 07:45
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@rdimitrov rdimitrov rdimitrov approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file go Pull requests that update Go code

Projects

go-tuf/v2 project planning
Status: Done

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@rdimitrov