tektoncd
Bump github.com/sigstore/sigstore from 1.9.6-0.20250729224751-181c5d3339b3 to 1.10.3
Bumps github.com/sigstore/sigstore from 1.9.6-0.20250729224751-181c5d3339b3 to 1.10.3.
Release notes
Sourced from github.com/sigstore/sigstore's releases.
v1.10.3
What's Changed
v1.10.3 adds
ValidatePubKeyback to thecryptoutilspackage to avoid a breaking API change.
- Add back ValidatePubKey as a deprecated, minimal function in sigstore/sigstore#2235
Full Changelog: https://github.com/sigstore/sigstore/compare/v1.10.2...v1.10.3
v1.10.2
Functionally equivalent to v1.10.0. v1.10.1 has been retracted to remove copied code.
v1.10.0
Breaking change
sigstore/sigstore#2194 moves
cryptoutils.ValidatePubKeytogoodkey.ValidatePubKeyto minimize the dependency tree for clients using the cryptoutils package.Features
- feat(hashivault): token helper in sigstore/sigstore#2174
- set GoogleAPIClientOption on GCP KMS provider in sigstore/sigstore#2128
Refactoring
- cryptoutils: move goodkey validation to separate package in sigstore/sigstore#2194
- Stop depending on golang.org/x/crypto for sha3 in sigstore/sigstore#2209
- remove duplicative dependency for portable browser opener in sigstore/sigstore#2178
- consolidate deep Equal usage to one library in sigstore/sigstore#2177
- Drop redundant aws-sdk-go dependency in the e2e kms tests in sigstore/sigstore#2172
v1.10.0
Breaking change
sigstore/sigstore#2194 moves
cryptoutils.ValidatePubKeytogoodkey.ValidatePubKeyto minimize the dependency tree for clients using thecryptoutilspackage.Features
- feat(hashivault): token helper in sigstore/sigstore#2174
- set GoogleAPIClientOption on GCP KMS provider in sigstore/sigstore#2128
Refactoring
- cryptoutils: move goodkey validation to separate package in sigstore/sigstore#2194
- Stop depending on golang.org/x/crypto for sha3 in sigstore/sigstore#2209
- remove duplicative dependency for portable browser opener in sigstore/sigstore#2178
- consolidate deep Equal usage to one library in sigstore/sigstore#2177
- Drop redundant aws-sdk-go dependency in the e2e kms tests in sigstore/sigstore#2172
... (truncated)
Commits
- See full diff in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "Published by a pub.dev verified publisher"){kind=small}
[APPROVALNOTIFIER] This PR is APPROVED
This pull-request has been approved by: vdemeester
The full list of commands accepted by this bot can be found here.
The pull request process is described here
- ~~OWNERS~~ [vdemeester]
Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment
